aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/ucp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/ucp')
-rw-r--r--phpBB/includes/ucp/ucp_activate.php13
-rw-r--r--phpBB/includes/ucp/ucp_attachments.php2
-rw-r--r--phpBB/includes/ucp/ucp_groups.php2
-rw-r--r--phpBB/includes/ucp/ucp_main.php13
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php7
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewfolder.php7
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewmessage.php2
-rw-r--r--phpBB/includes/ucp/ucp_profile.php5
-rw-r--r--phpBB/includes/ucp/ucp_register.php40
-rw-r--r--phpBB/includes/ucp/ucp_resend.php7
10 files changed, 73 insertions, 25 deletions
diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php
index ad9dcc3659..36ab8a0e9b 100644
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@@ -56,6 +56,17 @@ class ucp_activate
trigger_error('WRONG_ACTIVATION');
}
+ // Do not allow activating by non administrators when admin activation is on
+ // Only activation type the user should be able to do is INACTIVE_REMIND
+ if ($user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user'))
+ {
+ if (!$user->data['is_registered'])
+ {
+ login_box('', $user->lang['NO_AUTH_OPERATION']);
+ }
+ trigger_error('NO_AUTH_OPERATION');
+ }
+
$update_password = ($user_row['user_newpasswd']) ? true : false;
if ($update_password)
@@ -72,6 +83,8 @@ class ucp_activate
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user_row['user_id'];
$db->sql_query($sql);
+
+ add_log('user', $user_row['user_id'], 'LOG_USER_NEW_PASSWORD', $user_row['username']);
}
if (!$update_password)
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index 5685702de2..b011b4f75d 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -184,7 +184,7 @@ class ucp_attachments
'U_SORT_FILESIZE' => $this->u_action . "&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'),
'U_SORT_DOWNLOADS' => $this->u_action . "&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'),
'U_SORT_POST_TIME' => $this->u_action . "&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'),
- 'U_SORT_TOPIC_TITLE' => $this->u_action . "&sk=g&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'),
+ 'U_SORT_TOPIC_TITLE' => $this->u_action . "&sk=g&sd=" . (($sort_key == 'g' && $sort_dir == 'a') ? 'd' : 'a'),
'S_DISPLAY_MARK_ALL' => ($num_attachments) ? true : false,
'S_DISPLAY_PAGINATION' => ($num_attachments) ? true : false,
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index db3dbc5cac..4e40f0a2a3 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -340,7 +340,7 @@ class ucp_groups
'S_ROW_COUNT' => ${$block . '_count'}++)
);
- $group_id_ary[] = $row['group_id'];
+ $group_id_ary[] = (int) $row['group_id'];
}
$db->sql_freeresult($result);
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index 6f4e525b2f..6ac2412ef0 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -633,11 +633,14 @@ class ucp_main
*/
function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array())
{
- global $user, $db, $template, $config, $auth, $phpbb_root_path, $phpEx;
+ global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx;
$table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE;
$start = request_var('start', 0);
+ // Grab icons
+ $icons = $cache->obtain_icons();
+
$sql_array = array(
'SELECT' => 'COUNT(t.topic_id) as topics_count',
@@ -776,7 +779,8 @@ class ucp_main
$folder_img = $folder_alt = $topic_type = '';
topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type);
- $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id");
+ $view_topic_url_params = "f=$forum_id&t=$topic_id";
+ $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params);
// Send vars to template
$template->assign_block_vars('topicrow', array(
@@ -809,6 +813,7 @@ class ucp_main
'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt),
'TOPIC_FOLDER_IMG_SRC' => $user->img($folder_img, $folder_alt, false, '', 'src'),
+ 'TOPIC_FOLDER_IMG_ALT' => $user->lang[$folder_alt],
'TOPIC_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '',
'TOPIC_ICON_IMG_WIDTH' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
@@ -818,8 +823,8 @@ class ucp_main
'S_USER_POSTED' => (!empty($row['topic_posted'])) ? true : false,
'S_UNREAD_TOPIC' => $unread_topic,
- 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread',
- 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'],
+ 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread',
+ 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'],
'U_VIEW_TOPIC' => $view_topic_url,
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id),
));
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index d451e25be4..008d8d6c88 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -850,7 +850,7 @@ function compose_pm($id, $mode, $action)
$forward_text = array();
$forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE'];
$forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject));
- $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time));
+ $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time, false, true));
$forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text);
$forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to']));
@@ -1039,6 +1039,7 @@ function compose_pm($id, $mode, $action)
'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
+ 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'],
'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']),
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'MAX_RECIPIENTS' => ($config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group'))) ? $max_recipients : 0,
@@ -1124,7 +1125,9 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
$group_list = request_var('group_list', array(0));
// Build usernames to add
- $usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
+ $usernames = request_var('username', '', true);
+ $usernames = (empty($usernames)) ? array() : array($usernames);
+
$username_list = request_var('username_list', '', true);
if ($username_list)
{
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index 360912ae49..cb96b77754 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -328,7 +328,8 @@ function view_folder($id, $mode, $folder_id, $folder)
$data[] = array(
'subject' => censor_text($row['message_subject']),
'sender' => $row['username'],
- 'date' => $user->format_date($row['message_time']),
+ // ISO 8601 date. For PHP4 we are able to hardcode the timezone because $user->format_date() does not set it.
+ 'date' => $user->format_date($row['message_time'], (PHP_VERSION >= 5) ? 'c' : "Y-m-d\TH:i:s+00:00", true),
'to' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? $address[$message_id] : '',
'message' => $message_row['message_text']
);
@@ -502,7 +503,7 @@ function get_pm_from($folder_id, $folder, $user_id)
'PAGE_NUMBER' => on_page($pm_count, $config['topics_per_page'], $start),
'TOTAL_MESSAGES' => (($pm_count == 1) ? $user->lang['VIEW_PM_MESSAGE'] : sprintf($user->lang['VIEW_PM_MESSAGES'], $pm_count)),
- 'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('button_topic_locked', 'PM_LOCKED') : $user->img('button_pm_new', 'POST_PM'),
+ 'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('button_topic_locked', 'POST_PM_LOCKED') : $user->img('button_pm_new', 'POST_NEW_PM'),
'L_NO_MESSAGES' => (!$auth->acl_get('u_sendpm')) ? $user->lang['POST_PM_LOCKED'] : $user->lang['NO_MESSAGES'],
@@ -511,7 +512,7 @@ function get_pm_from($folder_id, $folder, $user_id)
'S_SELECT_SORT_DAYS' => $s_limit_days,
'S_TOPIC_ICONS' => ($config['enable_pm_icons']) ? true : false,
- 'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose') : '',
+ 'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose') : '',
'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=view&amp;action=view_folder&amp;f=$folder_id" . (($start !== 0) ? "&amp;start=$start" : '')),
));
diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php
index bdd0e44ea8..5fef30056f 100644
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -286,7 +286,7 @@ function get_user_information($user_id, $user_row)
$update_time = $config['load_online_time'] * 60;
if ($row)
{
- $user_row['online'] = (time() - $update_time < $row['online_time'] && ($row['viewonline'])) ? true : false;
+ $user_row['online'] = (time() - $update_time < $row['online_time'] && ($row['viewonline'] || $auth->acl_get('u_viewonline'))) ? true : false;
}
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 328d374e9a..30752d8c8a 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -349,11 +349,11 @@ class ucp_profile
{
$data['notify'] = $user->data['user_notify_type'];
- if (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml'))
+ if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml')))
{
// User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
// Disable notify by Jabber now for this user.
- $data['notify'] = NOTIFY_BOTH;
+ $data['notify'] = NOTIFY_EMAIL;
}
$sql_ary = array(
@@ -549,6 +549,7 @@ class ucp_profile
'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
+ 'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'],
'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 315d24d47f..549f96c42d 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -37,12 +37,13 @@ class ucp_register
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
- $confirm_id = request_var('confirm_id', '');
- $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
- $agreed = (!empty($_POST['agreed'])) ? 1 : 0;
- $submit = (isset($_POST['submit'])) ? true : false;
- $change_lang = request_var('change_lang', '');
- $user_lang = request_var('lang', $user->lang_name);
+ $confirm_id = request_var('confirm_id', '');
+ $confirm_refresh = (isset($_POST['confirm_refresh']) && $config['confirm_refresh']) ? ((!empty($_POST['confirm_refresh'])) ? 1 : 0) : false;
+ $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
+ $agreed = (!empty($_POST['agreed'])) ? 1 : 0;
+ $submit = (isset($_POST['submit'])) ? true : false;
+ $change_lang = request_var('change_lang', '');
+ $user_lang = request_var('lang', $user->lang_name);
if ($agreed)
{
@@ -187,7 +188,7 @@ class ucp_register
array('string', false, 6, 60),
array('email')),
'email_confirm' => array('string', false, 6, 60),
- 'confirm_code' => array('string', !$config['enable_confirm'], 5, 8),
+ 'confirm_code' => array('string', !$config['enable_confirm'], CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS),
'tz' => array('num', false, -14, 14),
'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
));
@@ -448,7 +449,7 @@ class ucp_register
if ($config['enable_confirm'])
{
- if ($change_lang)
+ if ($change_lang || $confirm_refresh)
{
$str = '&amp;change_lang=' . $change_lang;
$sql = 'SELECT code
@@ -467,7 +468,7 @@ class ucp_register
{
$str = '';
}
- if (!$change_lang || !$confirm_id)
+ if (!$change_lang || !$confirm_id || !$confirm_refresh)
{
$user->confirm_gc(CONFIRM_REG);
@@ -484,7 +485,7 @@ class ucp_register
trigger_error('TOO_MANY_REGISTERS');
}
- $code = gen_rand_string(mt_rand(5, 8));
+ $code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
@@ -500,6 +501,24 @@ class ucp_register
);
$db->sql_query($sql);
}
+ else if ($confirm_refresh)
+ {
+ $code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
+ $confirm_id = md5(unique_id($user->ip));
+ $seed = hexdec(substr(unique_id(), 4, 10));
+ // compute $seed % 0x7fffffff
+ $seed -= 0x7fffffff * floor($seed / 0x7fffffff);
+ $sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
+ 'confirm_type' => (int) CONFIRM_REG,
+ 'code' => (string) $code,
+ 'seed' => (int) $seed) . "
+ WHERE
+ confirm_id = '" . $db->sql_escape($confirm_id) . "' AND
+ session_id = '" . $db->sql_escape($session_id) . "' AND
+ confirm_type = " . (int) CONFIRM_REG
+ );
+ $db->sql_query($sql);
+ }
$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
}
@@ -534,6 +553,7 @@ class ucp_register
'S_LANG_OPTIONS' => language_select($data['lang']),
'S_TZ_OPTIONS' => tz_select($data['tz']),
'S_CONFIRM_CODE' => ($config['enable_confirm']) ? true : false,
+ 'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false,
'S_COPPA' => $coppa,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php
index 48176a3989..cad494541b 100644
--- a/phpBB/includes/ucp/ucp_resend.php
+++ b/phpBB/includes/ucp/ucp_resend.php
@@ -133,6 +133,11 @@ class ucp_resend
$messenger->to($row['user_email'], $row['username']);
$messenger->im($row['user_jabber'], $row['username']);
+ $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
+ $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
+ $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
+ $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($user_row['username']),
'U_USER_DETAILS' => generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
@@ -146,7 +151,7 @@ class ucp_resend
meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
- $message = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? $user->lang['ACIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
+ $message = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? $user->lang['ACTIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
$message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
trigger_error($message);
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-10 16:36:02 +0000