aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php12
-rw-r--r--phpBB/includes/acp/acp_main.php2
-rw-r--r--phpBB/includes/acp/acp_styles.php6
-rw-r--r--phpBB/includes/acp/acp_users.php8
-rw-r--r--phpBB/includes/auth/auth_ldap.php6
-rw-r--r--phpBB/includes/constants.php2
-rw-r--r--phpBB/includes/db/dbal.php55
-rw-r--r--phpBB/includes/db/firebird.php43
-rw-r--r--phpBB/includes/db/mssql.php8
-rw-r--r--phpBB/includes/db/mssql_odbc.php51
-rw-r--r--phpBB/includes/db/mssqlnative.php26
-rw-r--r--phpBB/includes/functions.php13
-rw-r--r--phpBB/includes/functions_admin.php3
-rw-r--r--phpBB/includes/functions_install.php50
-rw-r--r--phpBB/includes/functions_privmsgs.php166
-rw-r--r--phpBB/includes/functions_upload.php33
-rw-r--r--phpBB/includes/functions_user.php58
-rw-r--r--phpBB/includes/mcp/mcp_warn.php4
-rw-r--r--phpBB/includes/session.php11
19 files changed, 372 insertions, 185 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 62bcd43a47..758cd10434 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -21,6 +21,7 @@ if (!defined('IN_PHPBB'))
*/
class acp_database
{
+ var $db_tools;
var $u_action;
function main($id, $mode)
@@ -28,6 +29,12 @@ class acp_database
global $cache, $db, $user, $auth, $template, $table_prefix;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ if (!class_exists('phpbb_db_tools'))
+ {
+ require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
+ }
+ $this->db_tools = new phpbb_db_tools($db);
+
$user->add_lang('acp/database');
$this->tpl_name = 'acp_database';
@@ -50,7 +57,7 @@ class acp_database
{
case 'download':
$type = request_var('type', '');
- $table = request_var('table', array(''));
+ $table = array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));
$format = request_var('method', '');
$where = request_var('where', '');
@@ -173,8 +180,7 @@ class acp_database
break;
default:
- include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
- $tables = get_tables($db);
+ $tables = $this->db_tools->sql_list_tables();
asort($tables);
foreach ($tables as $table_name)
{
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index e529ae0e5a..cffe296651 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -201,7 +201,7 @@ class acp_main
// No maximum post id? :o
if (!$max_post_id)
{
- $sql = 'SELECT MAX(post_id)
+ $sql = 'SELECT MAX(post_id) as max_post_id
FROM ' . POSTS_TABLE;
$result = $db->sql_query($sql);
$max_post_id = (int) $db->sql_fetchfield('max_post_id');
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index d7b0484af8..47cd02bca7 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -667,7 +667,9 @@ inherit_from = {INHERIT_FROM}
if ($name && !in_array($name, $installed))
{
- $new_ary[] = array(
+ // The array key is used for sorting later on.
+ // $file is appended because $name doesn't have to be unique.
+ $new_ary[$name . $file] = array(
'path' => $file,
'name' => $name,
'copyright' => $items['copyright'],
@@ -683,6 +685,8 @@ inherit_from = {INHERIT_FROM}
if (sizeof($new_ary))
{
+ ksort($new_ary);
+
foreach ($new_ary as $cfg)
{
$template->assign_block_vars('uninstalled', array(
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 363c900edc..70e08f79f2 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1009,6 +1009,13 @@ class acp_users
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
$db->sql_freeresult($result);
+ $sql = 'SELECT post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE poster_id = '. $user_id;
+ $result = $db->sql_query_limit($sql, 1);
+ $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
+ $db->sql_freeresult($result);
+
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
@@ -1036,6 +1043,7 @@ class acp_users
'USER_EMAIL' => $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],
+ 'USER_HAS_POSTS' => $user_row['user_has_posts'],
'USER_INACTIVE_REASON' => $inactive_reason,
));
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 5dfa74ddab..eebf147d48 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -156,7 +156,11 @@ function login_ldap(&$username, &$password)
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
{
- return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
}
}
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index a0444ea594..5b72d89795 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
*/
// phpBB Version
-define('PHPBB_VERSION', '3.0.11-dev');
+define('PHPBB_VERSION', '3.0.11-RC1');
// QA-related
// define('PHPBB_QA', 1);
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index 5d456c2ff0..9cc337955b 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -195,6 +195,49 @@ class dbal
}
/**
+ * Seek to given row number
+ * rownum is zero-based
+ */
+ function sql_rowseek($rownum, &$query_id)
+ {
+ global $cache;
+
+ if ($query_id === false)
+ {
+ $query_id = $this->query_result;
+ }
+
+ if (isset($cache->sql_rowset[$query_id]))
+ {
+ return $cache->sql_rowseek($rownum, $query_id);
+ }
+
+ if ($query_id === false)
+ {
+ return false;
+ }
+
+ $this->sql_freeresult($query_id);
+ $query_id = $this->sql_query($this->last_query_text);
+
+ if ($query_id === false)
+ {
+ return false;
+ }
+
+ // We do not fetch the row for rownum == 0 because then the next resultset would be the second row
+ for ($i = 0; $i < $rownum; $i++)
+ {
+ if (!$this->sql_fetchrow($query_id))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
* Fetch field
* if rownum is false, the current row is used, else it is pointing to the row (zero-based)
*/
@@ -458,6 +501,18 @@ class dbal
}
/**
+ * Run LOWER() on DB column of type text (i.e. neither varchar nor char).
+ *
+ * @param string $column_name The column name to use
+ *
+ * @return string A SQL statement like "LOWER($column_name)"
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER($column_name)";
+ }
+
+ /**
* Run more than one insert statement.
*
* @param string $table table name to run the statements on
diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php
index 7e3f15ed1d..7072c58ac0 100644
--- a/phpBB/includes/db/firebird.php
+++ b/phpBB/includes/db/firebird.php
@@ -360,49 +360,6 @@ class dbal_firebird extends dbal
}
/**
- * Seek to given row number
- * rownum is zero-based
- */
- function sql_rowseek($rownum, &$query_id)
- {
- global $cache;
-
- if ($query_id === false)
- {
- $query_id = $this->query_result;
- }
-
- if (isset($cache->sql_rowset[$query_id]))
- {
- return $cache->sql_rowseek($rownum, $query_id);
- }
-
- if ($query_id === false)
- {
- return;
- }
-
- $this->sql_freeresult($query_id);
- $query_id = $this->sql_query($this->last_query_text);
-
- if ($query_id === false)
- {
- return false;
- }
-
- // We do not fetch the row for rownum == 0 because then the next resultset would be the second row
- for ($i = 0; $i < $rownum; $i++)
- {
- if (!$this->sql_fetchrow($query_id))
- {
- return false;
- }
- }
-
- return true;
- }
-
- /**
* Get last inserted id after insert statement
*/
function sql_nextid()
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index 6899a73902..b7178593dc 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -333,6 +333,14 @@ class dbal_mssql extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index 75a080b1b7..2ecc42cadf 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -256,49 +256,6 @@ class dbal_mssql_odbc extends dbal
}
/**
- * Seek to given row number
- * rownum is zero-based
- */
- function sql_rowseek($rownum, &$query_id)
- {
- global $cache;
-
- if ($query_id === false)
- {
- $query_id = $this->query_result;
- }
-
- if (isset($cache->sql_rowset[$query_id]))
- {
- return $cache->sql_rowseek($rownum, $query_id);
- }
-
- if ($query_id === false)
- {
- return false;
- }
-
- $this->sql_freeresult($query_id);
- $query_id = $this->sql_query($this->last_query_text);
-
- if ($query_id === false)
- {
- return false;
- }
-
- // We do not fetch the row for rownum == 0 because then the next resultset would be the second row
- for ($i = 0; $i < $rownum; $i++)
- {
- if (!$this->sql_fetchrow($query_id))
- {
- return false;
- }
- }
-
- return true;
- }
-
- /**
* Get last inserted id after insert statement
*/
function sql_nextid()
@@ -354,6 +311,14 @@ class dbal_mssql_odbc extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php
index 7fbc374e77..c91cc188b0 100644
--- a/phpBB/includes/db/mssqlnative.php
+++ b/phpBB/includes/db/mssqlnative.php
@@ -440,24 +440,6 @@ class dbal_mssqlnative extends dbal
}
/**
- * Seek to given row number
- * rownum is zero-based
- */
- function sql_rowseek($rownum, &$query_id)
- {
- global $cache;
-
- if (isset($cache->sql_rowset[$query_id]))
- {
- return $cache->sql_rowseek($rownum, $query_id);
- }
-
- $seek = new result_mssqlnative($query_id);
- $row = $seek->seek($rownum);
- return ($row = $seek->fetch()) ? $row : false;
- }
-
- /**
* Get last inserted id after insert statement
*/
function sql_nextid()
@@ -511,6 +493,14 @@ class dbal_mssqlnative extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ce80dc4a66..5914831539 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1918,14 +1918,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
}
else
{
- $sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
- LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
+ $sql = 'SELECT t.forum_id
+ FROM ' . TOPICS_TABLE . ' t
+ LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt
+ ON (tt.topic_id = t.topic_id
+ AND tt.user_id = ' . $user->data['user_id'] . ')
WHERE t.forum_id = ' . $forum_id . '
AND t.topic_last_post_time > ' . $mark_time_forum . '
AND t.topic_moved_id = 0 ' .
$sql_update_unapproved . '
- AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
- GROUP BY t.forum_id';
+ AND (tt.topic_id IS NULL
+ OR tt.mark_time < t.topic_last_post_time)';
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -3453,7 +3456,7 @@ function get_preg_expression($mode)
case 'email':
// Regex written by James Watts and Francisco Jose Martin Moreno
// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
- return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
+ return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
break;
case 'bbcode_htm':
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 0e1a11b4aa..204fa9a43d 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2557,7 +2557,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
{
$sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR ';
}
- $sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')';
+ $sql_lower = $db->sql_lower_text('l.log_data');
+ $sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')';
}
if ($log_count !== false)
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index 6caa5c943f..9e9c48ff58 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -512,4 +512,54 @@ function adjust_language_keys_callback($matches)
}
}
+/**
+* Creates the output to be stored in a phpBB config.php file
+*
+* @param array $data Array containing the database connection information
+* @param string $dbms The name of the DBAL class to use
+* @param array $load_extensions Array of additional extensions that should be loaded
+* @param bool $debug If the debug constants should be enabled by default or not
+*
+* @return string The output to write to the file
+*/
+function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug = false)
+{
+ $load_extensions = implode(',', $load_extensions);
+
+ $config_data = "<?php\n";
+ $config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n";
+
+ $config_data_array = array(
+ 'dbms' => $dbms,
+ 'dbhost' => $data['dbhost'],
+ 'dbport' => $data['dbport'],
+ 'dbname' => $data['dbname'],
+ 'dbuser' => $data['dbuser'],
+ 'dbpasswd' => htmlspecialchars_decode($data['dbpasswd']),
+ 'table_prefix' => $data['table_prefix'],
+ 'acm_type' => 'file',
+ 'load_extensions' => $load_extensions,
+ );
+
+ foreach ($config_data_array as $key => $value)
+ {
+ $config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n";
+ }
+
+ $config_data .= "\n@define('PHPBB_INSTALLED', true);\n";
+
+ if ($debug)
+ {
+ $config_data .= "@define('DEBUG', true);\n";
+ $config_data .= "@define('DEBUG_EXTRA', true);\n";
+ }
+ else
+ {
+ $config_data .= "// @define('DEBUG', true);\n";
+ $config_data .= "// @define('DEBUG_EXTRA', true);\n";
+ }
+
+ return $config_data;
+}
+
?> \ No newline at end of file
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 447920cfd5..261ed45727 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1084,6 +1084,166 @@ function delete_pm($user_id, $msg_ids, $folder_id)
}
/**
+* Delete all PM(s) for a given user and delete the ones without references
+*
+* @param int $user_id ID of the user whose private messages we want to delete
+*
+* @return boolean False if there were no pms found, true otherwise.
+*/
+function phpbb_delete_user_pms($user_id)
+{
+ global $db, $user, $phpbb_root_path, $phpEx;
+
+ $user_id = (int) $user_id;
+
+ if (!$user_id)
+ {
+ return false;
+ }
+
+ // Get PM Information for later deleting
+ // The two queries where split, so we can use our indexes
+ // Part 1: get PMs the user received
+ $sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new
+ FROM ' . PRIVMSGS_TO_TABLE . '
+ WHERE user_id = ' . $user_id;
+ $result = $db->sql_query($sql);
+
+ $undelivered_msg = $undelivered_user = $delete_ids = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX)
+ {
+ // Undelivered messages
+ $undelivered_msg[] = $row['msg_id'];
+
+ if (isset($undelivered_user[$row['user_id']]))
+ {
+ ++$undelivered_user[$row['user_id']];
+ }
+ else
+ {
+ $undelivered_user[$row['user_id']] = 1;
+ }
+ }
+
+ $delete_ids[(int) $row['msg_id']] = (int) $row['msg_id'];
+ }
+ $db->sql_freeresult($result);
+
+ // Part 2: get PMs the user sent
+ $sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new
+ FROM ' . PRIVMSGS_TO_TABLE . '
+ WHERE author_id = ' . $user_id . '
+ AND folder_id = ' . PRIVMSGS_NO_BOX;
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX)
+ {
+ // Undelivered messages
+ $undelivered_msg[] = $row['msg_id'];
+
+ if (isset($undelivered_user[$row['user_id']]))
+ {
+ ++$undelivered_user[$row['user_id']];
+ }
+ else
+ {
+ $undelivered_user[$row['user_id']] = 1;
+ }
+ }
+
+ $delete_ids[(int) $row['msg_id']] = (int) $row['msg_id'];
+ }
+ $db->sql_freeresult($result);
+
+ if (empty($delete_ids))
+ {
+ return false;
+ }
+
+ $db->sql_transaction('begin');
+
+ if (sizeof($undelivered_msg))
+ {
+ $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
+ WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
+ $db->sql_query($sql);
+ }
+
+ // Reset the userīs pm count to 0
+ if (isset($undelivered_user[$user_id]))
+ {
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_new_privmsg = 0,
+ user_unread_privmsg = 0
+ WHERE user_id = ' . $user_id;
+ $db->sql_query($sql);
+ unset($undelivered_user[$user_id]);
+ }
+
+ foreach ($undelivered_user as $_user_id => $count)
+ {
+ $sql = 'UPDATE ' . USERS_TABLE . '
+ SET user_new_privmsg = user_new_privmsg - ' . $count . ',
+ user_unread_privmsg = user_unread_privmsg - ' . $count . '
+ WHERE user_id = ' . $_user_id;
+ $db->sql_query($sql);
+ }
+
+ // Delete private message data
+ $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
+ WHERE user_id = $user_id
+ AND " . $db->sql_in_set('msg_id', $delete_ids);
+ $db->sql_query($sql);
+
+ // Now we have to check which messages we can delete completely
+ $sql = 'SELECT msg_id
+ FROM ' . PRIVMSGS_TO_TABLE . '
+ WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ unset($delete_ids[$row['msg_id']]);
+ }
+ $db->sql_freeresult($result);
+
+ if (!empty($delete_ids))
+ {
+ // Check if there are any attachments we need to remove
+ if (!function_exists('delete_attachments'))
+ {
+ include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+ }
+
+ delete_attachments('message', $delete_ids, false);
+
+ $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
+ WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
+ $db->sql_query($sql);
+ }
+
+ // Set the remaining author id to anonymous
+ // This way users are still able to read messages from users being removed
+ $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
+ SET author_id = ' . ANONYMOUS . '
+ WHERE author_id = ' . $user_id;
+ $db->sql_query($sql);
+
+ $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+ SET author_id = ' . ANONYMOUS . '
+ WHERE author_id = ' . $user_id;
+ $db->sql_query($sql);
+
+ $db->sql_transaction('commit');
+
+ return true;
+}
+
+/**
* Rebuild message header
*/
function rebuild_header($check_ary)
@@ -1362,12 +1522,6 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
while ($row = $db->sql_fetchrow($result))
{
- // Additionally, do not include the sender if he is in the group he wants to send to. ;)
- if ($row['user_id'] === $user->data['user_id'])
- {
- continue;
- }
-
$field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc';
$recipients[$row['user_id']] = $field;
}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index d5bbd80242..73ac1df2d2 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -751,6 +751,31 @@ class fileupload
$filename = $url['path'];
$filesize = 0;
+ $remote_max_filesize = $this->max_filesize;
+ if (!$remote_max_filesize)
+ {
+ $max_filesize = @ini_get('upload_max_filesize');
+
+ if (!empty($max_filesize))
+ {
+ $unit = strtolower(substr($max_filesize, -1, 1));
+ $remote_max_filesize = (int) $max_filesize;
+
+ switch ($unit)
+ {
+ case 'g':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'm':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'k':
+ $remote_max_filesize *= 1024;
+ // no break
+ }
+ }
+ }
+
$errno = 0;
$errstr = '';
@@ -779,9 +804,9 @@ class fileupload
$block = @fread($fsock, 1024);
$filesize += strlen($block);
- if ($this->max_filesize && $filesize > $this->max_filesize)
+ if ($remote_max_filesize && $filesize > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
@@ -807,9 +832,9 @@ class fileupload
{
$length = (int) str_replace('content-length: ', '', strtolower($line));
- if ($length && $length > $this->max_filesize)
+ if ($remote_max_filesize && $length && $length > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 83316be2a3..5a6a0b4a05 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -528,62 +528,12 @@ function user_delete($mode, $user_id, $post_username = false)
WHERE session_user_id = ' . $user_id;
$db->sql_query($sql);
- // Remove any undelivered mails...
- $sql = 'SELECT msg_id, user_id
- FROM ' . PRIVMSGS_TO_TABLE . '
- WHERE author_id = ' . $user_id . '
- AND folder_id = ' . PRIVMSGS_NO_BOX;
- $result = $db->sql_query($sql);
-
- $undelivered_msg = $undelivered_user = array();
- while ($row = $db->sql_fetchrow($result))
- {
- $undelivered_msg[] = $row['msg_id'];
- $undelivered_user[$row['user_id']][] = true;
- }
- $db->sql_freeresult($result);
-
- if (sizeof($undelivered_msg))
+ // Clean the private messages tables from the user
+ if (!function_exists('phpbb_delete_user_pms'))
{
- $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
- WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
- $db->sql_query($sql);
- }
-
- $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
- WHERE author_id = ' . $user_id . '
- AND folder_id = ' . PRIVMSGS_NO_BOX;
- $db->sql_query($sql);
-
- // Delete all to-information
- $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
- WHERE user_id = ' . $user_id;
- $db->sql_query($sql);
-
- // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
- $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
- SET author_id = ' . ANONYMOUS . '
- WHERE author_id = ' . $user_id;
- $db->sql_query($sql);
-
- $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
- SET author_id = ' . ANONYMOUS . '
- WHERE author_id = ' . $user_id;
- $db->sql_query($sql);
-
- foreach ($undelivered_user as $_user_id => $ary)
- {
- if ($_user_id == $user_id)
- {
- continue;
- }
-
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
- user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
- WHERE user_id = ' . $_user_id;
- $db->sql_query($sql);
+ include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}
+ phpbb_delete_user_pms($user_id);
$db->sql_transaction('commit');
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
index 63e5b19155..1016204ff8 100644
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -308,7 +308,7 @@ class mcp_warn
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
- $rank_title = $rank_img = '';
+ get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src);
$avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']);
$template->assign_vars(array(
@@ -413,7 +413,7 @@ class mcp_warn
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
- $rank_title = $rank_img = '';
+ get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src);
$avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']);
// OK, they didn't submit a warning so lets build the page for them to do so
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index a894242a39..496c12a0d1 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -322,8 +322,15 @@ class session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
+ // if no session id is set, redirect to index.php
+ if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid']))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u