diff options
-rw-r--r-- | phpBB/includes/functions.php | 101 | ||||
-rw-r--r-- | phpBB/includes/functions_admin.php | 27 | ||||
-rw-r--r-- | phpBB/includes/functions_display.php | 1 | ||||
-rw-r--r-- | phpBB/includes/functions_posting.php | 2 | ||||
-rw-r--r-- | phpBB/includes/functions_profile_fields.php | 45 | ||||
-rw-r--r-- | phpBB/includes/functions_upload.php | 18 | ||||
-rw-r--r-- | phpBB/includes/functions_user.php | 2 | ||||
-rw-r--r-- | phpBB/includes/message_parser.php | 7 | ||||
-rw-r--r-- | phpBB/includes/session.php | 35 |
9 files changed, 187 insertions, 51 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2c77d15aa9..267f9929fd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -107,8 +107,8 @@ function gen_rand_string($num_chars) { $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); + list($sec, $usec) = explode(' ', microtime()); + mt_srand((float) $sec + ((float) $usec * 100000)); $max_chars = sizeof($chars) - 1; $rand_str = ''; @@ -121,6 +121,16 @@ function gen_rand_string($num_chars) } /** +* Return unique id +*/ +function unique_id() +{ + list($sec, $usec) = explode(' ', microtime()); + mt_srand((float) $sec + ((float) $usec * 100000)); + return uniqid(mt_rand(), true); +} + +/** * Get userdata * @param mixed $user user id or username */ @@ -671,6 +681,12 @@ function markread($mode, $forum_id = 0, $topic_id = 0, $marktime = false) WHERE user_id = " . $user->data['user_id'] . ' AND forum_id IN (' . implode(', ', $sql_update) . ')'; $db->sql_query($sql); + + $sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . ' + WHERE user_id = ' . $user->data['user_id'] . ' + AND forum_id IN (' . implode(', ', $sql_update) . ') + AND mark_type = ' . TRACK_NORMAL; + $db->sql_query($sql); } if ($sql_insert = array_diff($forum_id, $sql_update)) @@ -686,6 +702,7 @@ function markread($mode, $forum_id = 0, $topic_id = 0, $marktime = false) break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql .= (($sql != '') ? ' UNION ALL ' : '') . ' SELECT ' . $user->data['user_id'] . ", $forum_id, $current_time"; @@ -703,6 +720,12 @@ function markread($mode, $forum_id = 0, $topic_id = 0, $marktime = false) $sql = 'INSERT INTO ' . FORUMS_TRACK_TABLE . " (user_id, forum_id, mark_time) $sql"; $db->sql_query($sql); } + + $sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . ' + WHERE user_id = ' . $user->data['user_id'] . ' + AND forum_id = ' . $forum_id . ' + AND mark_type = ' . TRACK_NORMAL; + $db->sql_query($sql); } } unset($sql_update); @@ -735,29 +758,33 @@ function markread($mode, $forum_id = 0, $topic_id = 0, $marktime = false) $forum_id = (int) $forum_id[0]; - // Mark a topic as read + /// Mark a topic as read if ($config['load_db_lastread'] || ($config['load_db_track'] && $type == TRACK_POSTED)) { - $track_type = ($type == TRACK_POSTED ? ', mark_type = ' . $type : ''); + $track_type = ($type == TRACK_POSTED) ? ', mark_type = ' . $type : ''; $sql = 'UPDATE ' . TOPICS_TRACK_TABLE . " - SET mark_time = $current_time $track_type + SET forum_id = $forum_id, mark_time = $current_time $track_type WHERE topic_id = $topic_id - AND user_id = " . $user->data['user_id'] . " + AND user_id = {$user->data['user_id']} AND mark_time < $current_time"; if (!$db->sql_query($sql) || !$db->sql_affectedrows()) { - $type = (!isset($type)) ? TRACK_NORMAL : $type; - $db->sql_return_on_error(true); - $sql = 'INSERT INTO ' . TOPICS_TRACK_TABLE . ' (user_id, topic_id, mark_type, mark_time) - VALUES (' . $user->data['user_id'] . ", $topic_id, $type, $current_time)"; - $db->sql_query($sql); + $sql_ary = array( + 'user_id' => $user->data['user_id'], + 'topic_id' => $topic_id, + 'forum_id' => $forum_id, + 'mark_type' => $type, + 'mark_time' => $current_time + ); + + $db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $db->sql_return_on_error(false); } } - + if (!$config['load_db_lastread']) { $tracking = array(); @@ -1182,11 +1209,16 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo $session_id = request_var('sess', ''); $confirm_key = request_var('confirm_key', ''); - if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || $confirm_key != $user->data['user_last_confirm_key']) + if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key']) { return false; } + // Reset user_last_confirm_key + $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '' + WHERE user_id = " . $user->data['user_id']; + $db->sql_query($sql); + return true; } else if ($check) @@ -1531,7 +1563,7 @@ function extension_allowed($forum_id, $extension, &$extensions) function msg_handler($errno, $msg_text, $errfile, $errline) { global $cache, $db, $auth, $template, $config, $user; - global $phpEx, $phpbb_root_path, $starttime, $display_header, $show_prev_info; + global $phpEx, $phpbb_root_path, $starttime, $display_header, $msg_title; switch ($errno) { @@ -1539,7 +1571,6 @@ function msg_handler($errno, $msg_text, $errfile, $errline) case E_WARNING: if (defined('DEBUG_EXTRA')) { - // Remove me if (!strstr($errfile, 'cache') && !strstr($errfile, 'template.php')) { echo "<b>PHP Notice</b>: in file <b>$errfile</b> on line <b>$errline</b>: <b>$msg_text</b><br>"; @@ -1609,10 +1640,12 @@ function msg_handler($errno, $msg_text, $errfile, $errline) ); $template->assign_vars(array( - 'MESSAGE_TITLE' => (isset($msg_title)) ? $msg_title : $user->lang['INFORMATION'], + 'MESSAGE_TITLE' => $msg_title, 'MESSAGE_TEXT' => $msg_text) ); + // We do not want the cron script to be called on error messages + define('IN_CRON', true); page_footer(); } exit; @@ -1863,9 +1896,10 @@ function page_header($page_title = '') 'L_INDEX' => $user->lang['FORUM_INDEX'], 'L_ONLINE_EXPLAIN' => $l_online_time, - 'U_PRIVATEMSGS' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=" . (($user->data['user_new_privmsg'] || $l_privmsgs_text_unread) ? 'unread' : 'view_messages'), - 'U_RETURN_INBOX' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox", - 'U_POPUP_PM' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup", + 'U_PRIVATEMSGS' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=" . (($user->data['user_new_privmsg'] || $l_privmsgs_text_unread) ? 'unread' : 'view_messages'), + 'U_RETURN_INBOX' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox", + 'U_POPUP_PM' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup", + 'U_JS_POPUP_PM' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup", 'U_MEMBERLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID", 'U_VIEWONLINE' => "{$phpbb_root_path}viewonline.$phpEx$SID", 'U_MEMBERSLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID", @@ -1963,9 +1997,36 @@ function page_footer() $template->assign_vars(array( 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', - 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? "adm/index.$phpEx?sid=" . $user->data['session_id'] : '') + 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? "{$phpbb_root_path}adm/index.$phpEx?sid=" . $user->data['session_id'] : '') ); + // Call cron-type script + if (!defined('IN_CRON')) + { + $cron_type = ''; + + if (time() - $config['queue_interval'] > $config['last_queue_run'] && !defined('IN_ADMIN') && file_exists($phpbb_root_path . 'cache/queue.' . $phpEx)) + { + // Process email queue + $cron_type = 'queue'; + } + else if (method_exists($cache, 'tidy') && time() - $config['cache_gc'] > $config['cache_last_gc']) + { + // Tidy the cache + $cron_type = 'tidy_cache'; + } + else if (time() - (7 * 24 * 3600) > $config['database_last_gc']) + { + // Tidy some table rows every week + $cron_type = 'tidy_database'; + } + + if ($cron_type) + { + $template->assign_var('RUN_CRON_TASK', '<img src="' . $phpbb_root_path . 'cron.' . $phpEx . '?cron_type=' . $cron_type . '" width="1" height="1" />'); + } + } + $template->display('body'); // Unload cache, must be done before the DB connection if closed diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 48ada3b9fc..ee97ffdc76 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -667,6 +667,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = TRUE) switch (SQL_LAYER) { case 'mysql4': + case 'mysqli': $sql = 'DELETE t.* FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2 WHERE t.topic_moved_id = t2.topic_id @@ -789,6 +790,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = FALSE, switch (SQL_LAYER) { case 'mysql4': + case 'mysqli': $sql = 'DELETE FROM ' . TOPICS_TABLE . ' USING ' . TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2 WHERE t1.topic_moved_id = t2.topic_id @@ -825,6 +827,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = FALSE, switch (SQL_LAYER) { case 'mysql4': + case 'mysqli': $sql = 'UPDATE ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . " p SET t.topic_approved = p.post_approved $where_sql_and t.topic_first_post_id = p.post_id"; @@ -1686,6 +1689,7 @@ function cache_moderators() break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql = 'INSERT INTO ' . MODERATOR_TABLE . ' (forum_id, user_id, username, group_id, groupname) @@ -2002,6 +2006,7 @@ if (class_exists('auth')) break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary)); @@ -2144,6 +2149,7 @@ if (class_exists('auth')) break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT '$option', " . $type_sql[$type]; @@ -2252,4 +2258,25 @@ function update_post_information($type, $ids) } } +/** +* Tidy topic tracking tables +* Removes all tracking rows older than 6 months, including mark_posted informations +*/ +function tidy_database() +{ + global $db; + + $remove_date = time() - (3 * 62 * 24 * 3600); + + $sql = 'DELETE FROM ' . FORUMS_TRACK_TABLE . ' + WHERE mark_time < ' . $remove_date; + $db->sql_query($sql); + + $sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . ' + WHERE mark_time < ' . $remove_date; + $db->sql_query($sql); + + set_config('database_last_gc', time(), true); +} + ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 1454391e9c..156a47f7d9 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -305,6 +305,7 @@ function display_forums($root_data = '', $display_moderators = TRUE) 'FORUM_ID' => $row['forum_id'], 'FORUM_FOLDER_IMG' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $folder_alt . '" />' : $user->img($folder_image, $folder_alt), + 'FORUM_FOLDER_IMG_SRC' => ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : $user->img($folder_image, $folder_alt, false, '', 'src'), 'FORUM_NAME' => $row['forum_name'], 'FORUM_DESC' => $row['forum_desc'], $l_post_click_count => $post_click_count, diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c43c809562..b53492a5a7 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -70,7 +70,7 @@ function generate_smilies($mode, $forum_id) 'SMILEY_IMG' => $phpbb_root_path . $config['smilies_path'] . '/' . $row['smiley_url'], 'SMILEY_WIDTH' => $row['smiley_width'], 'SMILEY_HEIGHT' => $row['smiley_height'], - 'SMILEY_DESC' => $row['smiley']) + 'SMILEY_DESC' => $row['emotion']) ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index f0d44dd1c1..12a4acd530 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -18,18 +18,21 @@ class custom_profile var $profile_cache = array(); var $options_lang = array(); - // Build language options cache, useful for viewtopic display + /** + * Build profile cache, used for display + */ function build_cache() { - global $db, $user; + global $db, $user, $auth; $this->profile_cache = array(); + // Display hidden/no_view fields for admin/moderator $sql = 'SELECT l.*, f.* FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f WHERE l.lang_id = ' . $user->get_iso_lang_id() . ' - AND f.field_active = 1 - AND f.field_hide = 0 + AND f.field_active = 1 ' . + ((!$auth->acl_gets('a_', 'm_')) ? ' AND f.field_hide = 0 AND f.field_no_view = 0 ' : '') . ' AND l.field_id = f.field_id GROUP BY f.field_id ORDER BY f.field_order'; @@ -42,7 +45,9 @@ class custom_profile $db->sql_freeresult($result); } - // Get language entries for options and store them here for later use + /** + * Get language entries for options and store them here for later use + */ function get_option_lang($field_id, $lang_id, $field_type, $preview) { global $db; @@ -74,7 +79,9 @@ class custom_profile } } - // Functions performing operations on register/profile/profile admin + /** + * Submit profile field + */ function submit_cp_field($mode, $lang_id, &$cp_data, &$cp_error) { global $auth, $db, $user; @@ -152,8 +159,9 @@ class custom_profile $db->sql_freeresult($result); } - // Assign fields to template, mode can be profile (for profile change) or register (for registration) - // function generate_profile_fields($mode, $lang_id, $cp_error) + /** + * Assign fields to template, mode can be profile (for profile change) or register (for registration) + */ function generate_profile_fields($mode, $lang_id) { global $db, $template, $auth; @@ -181,8 +189,10 @@ class custom_profile $db->sql_freeresult($result); } - // Assign fields to template, used for viewprofile, viewtopic and memberlist (if load setting is enabled) - // This is directly connected to the user -> mode == grab is to grab the user specific fields, mode == show is for assigning the row to the template + /** + * Assign fields to template, used for viewprofile, viewtopic and memberlist (if load setting is enabled) + * This is directly connected to the user -> mode == grab is to grab the user specific fields, mode == show is for assigning the row to the template + */ function generate_profile_fields_template($mode, $user_id = 0, $profile_row = false) { global $db; @@ -243,9 +253,10 @@ class custom_profile { // $profile_row == $user_fields[$row['user_id']]; $tpl_fields = array(); + $tpl_fields['row'] = $tpl_fields['blockrow'] = array(); foreach ($profile_row as $ident => $ident_ary) { - $tpl_fields += array( + $tpl_fields['row'] += array( 'PROFILE_' . strtoupper($ident) . '_VALUE' => $this->get_profile_value($ident_ary), 'PROFILE_' . strtoupper($ident) . '_TYPE' => $ident_ary['data']['field_type'], 'PROFILE_' . strtoupper($ident) . '_NAME' => $ident_ary['data']['lang_name'], @@ -253,13 +264,21 @@ class custom_profile 'S_PROFILE_' . strtoupper($ident) => true ); + + $tpl_fields['blockrow'][] = array( + 'PROFILE_FIELD_VALUE' => $this->get_profile_value($ident_ary), + 'PROFILE_FIELD_TYPE' => $ident_ary['data']['field_type'], + 'PROFILE_FIELD_NAME' => $ident_ary['data']['lang_name'], + 'PROFILE_FIELD_EXPLAIN' => $ident_ary['data']['lang_explain'], + + 'S_PROFILE_' . strtoupper($ident) => true + ); } return $tpl_fields; } } - // VALIDATE Function - validate entered data function validate_profile_field($field_type, &$field_value, $field_data) { @@ -870,4 +889,4 @@ class custom_profile_admin extends custom_profile } } -?> +?>
\ No newline at end of file diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 0fd772377b..250b948c7d 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -51,7 +51,7 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $this->realname = $this->uploadname = trim(basename($upload_ary['name'])); + $this->realname = $this->uploadname = trim(htmlspecialchars(basename($upload_ary['name']))); $this->mimetype = $upload_ary['type']; // Opera adds the name to the mime type @@ -87,12 +87,16 @@ class filespec case 'real': // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); - $this->realname = $prefix . str_replace($bad_chars, '_', strtolower($this->realname)) . '_.' . $this->extension; + + $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname))); + $this->realname = preg_replace("/%(\w{2})/", '_', $this->realname); + + $this->realname = $prefix . $this->realname . '_.' . $this->extension; break; case 'unique': default: - $this->realname = $prefix . uniqid(rand()) . '.' . $this->extension; + $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; } } @@ -557,11 +561,15 @@ class fileupload function valid_dimensions(&$file) { + if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) + { + return true; + } + if (($file->get('width') > $this->max_width && $this->max_width) || ($file->get('height') > $this->max_height && $this->max_height) || ($file->get('width') < $this->min_width && $this->min_width) || - ($file->get('height') < $this->min_height && $this->min_height) || - !$file->get('width') || !$file->get('height')) + ($file->get('height') < $this->min_height && $this->min_height)) { return false; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index eba83b4d79..413814f958 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -501,6 +501,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'"; @@ -1249,6 +1250,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql = 'INSERT INTO ' . USER_GROUP_TABLE . " (user_id, group_id, group_leader) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 68e9215316..b257fb15b8 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -183,8 +183,9 @@ class bbcode_firstpass extends bbcode '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '#<!\-\- h \-\-><(.*?)><!\-\- h \-\->#', + '#&\#([0-9]+);#', ); - $htm_replace = array('\1', '\1', '\1', '\1', '\1', '<\1>'); + $htm_replace = array('\1', '\1', '\1', '\1', '\1', '<\1>', '&#\1;'); $out = ''; @@ -385,6 +386,7 @@ class bbcode_firstpass extends bbcode // Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.) $in = preg_replace(array('#\[quote(=?.*?)\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in); + $in = preg_replace(array('#\[quote(=?.*?)\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in); $in = substr(str_replace('\"', '"', $in), 1); $close_tags = $error_ary = array(); @@ -543,7 +545,7 @@ class bbcode_firstpass extends bbcode function validate_url($var1, $var2) { global $config; - + $url = ($var1) ? stripslashes($var1) : stripslashes($var2); $valid = false; @@ -1293,6 +1295,7 @@ class fulltext_search break; case 'mysql4': + case 'mysqli': case 'mssql': case 'sqlite': $sql = 'INSERT INTO ' . SEARCH_WORD_TABLE . ' (word_text) ' . implode(' UNION ALL ', preg_replace('#^(.*)$#', "SELECT '\$1'", $new_words)); diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 0de5cddcb4..768f1dddd1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -302,7 +302,8 @@ class session if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows()) { $db->sql_return_on_error(false); - $this->session_id = md5(uniqid($this->ip)); + + $this->session_id = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; @@ -389,6 +390,7 @@ class session switch (SQL_LAYER) { case 'mysql4': + case 'mysqli': // Firstly, delete guest sessions $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . ANONYMOUS . ' @@ -585,12 +587,27 @@ class user extends session } // TODO: DISTINCT making problems with DBMS not able to distinct TEXT fields - $sql = 'SELECT DISTINCT s.style_id, t.*, c.*, i.* - FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i - WHERE s.style_id IN ($style, " . $config['default_style'] . ') - AND t.template_id = s.template_id - AND c.theme_id = s.theme_id - AND i.imageset_id = s.imageset_id'; + switch (SQL_LAYER) + { + case 'mssql': + case 'mssql-odbc': + $sql = 'SELECT s.style_id, t.*, c.*, i.* + FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i + WHERE s.style_id IN ($style, " . $config['default_style'] . ') + AND t.template_id = s.template_id + AND c.theme_id = s.theme_id + AND i.imageset_id = s.imageset_id'; + break; + + default: + $sql = 'SELECT DISTINCT s.style_id, t.*, c.*, i.* + FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i + WHERE s.style_id IN ($style, " . $config['default_style'] . ') + AND t.template_id = s.template_id + AND c.theme_id = s.theme_id + AND i.imageset_id = s.imageset_id'; + break; + } $result = $db->sql_query($sql, 3600); if (!($row = $db->sql_fetchrow($result))) @@ -794,8 +811,6 @@ class user extends session return; } - // TODO: think about adding this to the session code too? - // Grabbing all user specific options (all without the need of special complicate adding to the sql query) might be useful... $sql = 'SELECT * FROM ' . PROFILE_DATA_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query_limit($sql, 1); @@ -940,7 +955,7 @@ class auth $this->acl_clear_prefetch(); $this->acl_cache($userdata); } - else if (!$userdata['user_permissions']) + else if (!trim($userdata['user_permissions'])) { $this->acl_cache($userdata); } |