aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acm/acm_main.php4
-rw-r--r--phpBB/includes/acp/acp_forums.php2
-rw-r--r--phpBB/includes/acp/acp_permissions.php5
-rw-r--r--phpBB/includes/acp/acp_search.php18
-rw-r--r--phpBB/includes/acp/acp_users.php34
-rw-r--r--phpBB/includes/db/firebird.php2
-rw-r--r--phpBB/includes/db/mssql.php2
-rw-r--r--phpBB/includes/db/mssql_odbc.php2
-rw-r--r--phpBB/includes/db/mysql.php2
-rw-r--r--phpBB/includes/db/mysql4.php2
-rw-r--r--phpBB/includes/db/oracle.php2
-rw-r--r--phpBB/includes/db/postgres.php2
-rw-r--r--phpBB/includes/db/sqlite.php2
-rw-r--r--phpBB/includes/functions.php5
-rw-r--r--phpBB/includes/functions_upload.php2
-rw-r--r--phpBB/includes/session.php17
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php41
-rw-r--r--phpBB/includes/ucp/ucp_profile.php20
-rw-r--r--phpBB/includes/ucp/ucp_zebra.php23
19 files changed, 138 insertions, 49 deletions
diff --git a/phpBB/includes/acm/acm_main.php b/phpBB/includes/acm/acm_main.php
index 3f6e413f20..a8630ea43a 100644
--- a/phpBB/includes/acm/acm_main.php
+++ b/phpBB/includes/acm/acm_main.php
@@ -301,7 +301,7 @@ class cache extends acm
foreach ($parsed_items as $key => $parsed_array)
{
- $parsed_array = $this->get('_cfg_' . $key);
+ $parsed_array = $this->get('_cfg_' . $key . '_' . $theme[$key . '_path']);
if (!$parsed_array)
{
@@ -327,7 +327,7 @@ class cache extends acm
$parsed_array = parse_cfg_file($filename);
$parsed_array['filetime'] = @filemtime($filename);
- $this->put('_cfg_' . $key, $parsed_array);
+ $this->put('_cfg_' . $key . '_' . $theme[$key . '_path'], $parsed_array);
}
$parsed_items[$key] = $parsed_array;
}
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index e6630e36d2..478d041873 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -18,7 +18,7 @@ class acp_forums
function main($id, $mode)
{
- global $db, $user, $auth, $template;
+ global $db, $user, $auth, $template, $cache;
global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $SID;
$user->add_lang('acp/forums');
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index c45ed20b33..a3879229f5 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -809,7 +809,7 @@ class acp_permissions
}
/**
- * Update foes
+ * Update foes - remove moderators and administrators from foe lists...
*/
function update_foes()
{
@@ -827,7 +827,8 @@ class acp_permissions
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
- WHERE zebra_id IN (' . implode(', ', $perms) . ')';
+ WHERE zebra_id IN (' . implode(', ', $perms) . ')
+ AND foe = 1';
$db->sql_query($sql);
}
unset($perms);
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index 8e40a5283f..cd7c9a0b3e 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -220,15 +220,15 @@ class acp_search
}
$action = &$this->state[1];
-
+
@set_time_limit(0);
-
+
$this->max_post_id = $this->get_max_post_id();
-
+
$post_counter = (isset($this->state[2])) ? $this->state[2] : 0;
$this->state[2] = &$post_counter;
$this->save_state();
-
+
if ($action == 'delete')
{
if (method_exists($this->search, 'delete_index'))
@@ -251,7 +251,7 @@ class acp_search
$posters[] = $row['poster_id'];
}
$db->sql_freeresult($result);
-
+
if (sizeof($ids))
{
$this->search->index_remove($ids, $posters);
@@ -296,13 +296,13 @@ class acp_search
WHERE post_id >= ' . (int) ($post_counter + 1) . '
AND post_id < ' . (int) ($post_counter + $this->batch_size);
$result = $db->sql_query($sql);
-
+
while (false !== ($row = $db->sql_fetchrow($result)))
{
$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id']);
}
$db->sql_freeresult($result);
-
+
$post_counter += $this->batch_size;
// save the current state
@@ -452,8 +452,10 @@ class acp_search
$sql = 'SELECT MAX(post_id) as max_post_id
FROM '. POSTS_TABLE;
$result = $db->sql_query($sql);
+ $max_post_id = (int) $db->sql_fetchfield('max_post_id', 0, $result);
+ $db->sql_freeresult($result);
- return $db->sql_fetchfield('max_post_id', 0, $result);
+ return $max_post_id;
}
function save_state($state = false)
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 299faba5be..e4a48f2a84 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -616,16 +616,13 @@ class acp_users
// Which updates do we need to do?
$update_warning = ($user_row['user_warnings'] != $data['warnings']) ? true : false;
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
- $update_password = ($user_row['user_password'] != $data['user_password']) ? true : false;
+ $update_password = ($data['user_password'] && $user_row['user_password'] != md5($data['user_password'])) ? true : false;
+ $update_email = ($data['user_email'] != $user_row['user_email']) ? $data['user_email'] : false;
if (!sizeof($error))
{
- $sql_ary = array(
- 'username' => $data['username'],
- 'user_email' => $data['user_email'],
- 'user_email_hash' => crc32(strtolower($data['user_email'])) . strlen($data['user_email'])
- );
-
+ $sql_ary = array();
+
if ($user_row['user_type'] != USER_FOUNDER || $user->data['user_type'] == USER_FOUNDER)
{
if ($update_warning)
@@ -639,6 +636,25 @@ class acp_users
}
}
+ if ($update_username !== false)
+ {
+ $sql_ary['username'] = $update_username;
+
+ add_log('admin', 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
+ add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
+ }
+
+ if ($update_email !== false)
+ {
+ $sql_ary += array(
+ 'user_email' => $update_email,
+ 'user_email_hash' => crc32(strtolower($update_email)) . strlen($update_email)
+ );
+
+ add_log('admin', 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
+ add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
+ }
+
if ($update_password)
{
$sql_ary += array(
@@ -647,6 +663,7 @@ class acp_users
);
add_log('admin', 'LOG_USER_NEW_PASSWORD', $user_row['username']);
+ add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']);
}
$sql = 'UPDATE ' . USERS_TABLE . '
@@ -664,9 +681,6 @@ class acp_users
if ($update_username)
{
user_update_name($user_row['username'], $update_username);
-
- add_log('admin', 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
- add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
}
add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php
index dda1094498..416321f1bc 100644
--- a/phpBB/includes/db/firebird.php
+++ b/phpBB/includes/db/firebird.php
@@ -106,7 +106,7 @@ class dbal_firebird extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index fee90af896..92e1974f1a 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -118,7 +118,7 @@ class dbal_mssql extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index e9b2a9b03e..55eeddb310 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -116,7 +116,7 @@ class dbal_mssql_odbc extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php
index e3f654fce5..ab02fc7746 100644
--- a/phpBB/includes/db/mysql.php
+++ b/phpBB/includes/db/mysql.php
@@ -118,7 +118,7 @@ class dbal_mysql extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/mysql4.php b/phpBB/includes/db/mysql4.php
index db2356d26d..0a7d15b988 100644
--- a/phpBB/includes/db/mysql4.php
+++ b/phpBB/includes/db/mysql4.php
@@ -120,7 +120,7 @@ class dbal_mysql4 extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php
index d51c928f5e..e7e75b9c7c 100644
--- a/phpBB/includes/db/oracle.php
+++ b/phpBB/includes/db/oracle.php
@@ -132,7 +132,7 @@ class dbal_oracle extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php
index 8e680e9968..d7cfa1ba10 100644
--- a/phpBB/includes/db/postgres.php
+++ b/phpBB/includes/db/postgres.php
@@ -153,7 +153,7 @@ class dbal_postgres extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php
index 17a8adb411..d10fbc486b 100644
--- a/phpBB/includes/db/sqlite.php
+++ b/phpBB/includes/db/sqlite.php
@@ -117,7 +117,7 @@ class dbal_sqlite extends dbal
$this->open_queries[(int) $this->query_result] = $this->query_result;
$cache->sql_save($query, $this->query_result, $cache_ttl);
}
- else if (strpos($query, 'SELECT') !== false && $this->query_result)
+ else if (strpos($query, 'SELECT') === 0 && $this->query_result)
{
$this->open_queries[(int) $this->query_result] = $this->query_result;
}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 57aa3f9593..e0fb5e51f2 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2295,7 +2295,7 @@ function page_footer()
$template->assign_vars(array(
'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '',
- 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? "{$phpbb_root_path}adm/index.$phpEx?sid=" . $user->data['session_id'] : '')
+ 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? "{$phpbb_root_path}adm/index.$phpEx?sid=" . $user->session_id : '')
);
// Call cron-type script
@@ -2419,6 +2419,9 @@ function get_backtrace()
}
}
+ $trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
+ $trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
+
$output .= '<br />';
$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
$output .= '<b>LINE:</b> ' . $trace['line'] . '<br />';
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index f24edb1dea..a53d31e2b4 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -103,7 +103,7 @@ class filespec
$this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
$this->realname = preg_replace("/%(\w{2})/", '_', $this->realname);
- $this->realname = $prefix . $this->realname . '_.' . $this->extension;
+ $this->realname = $prefix . $this->realname . '.' . $this->extension;
break;
case 'unique':
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 4340a77605..c2fd77e7ef 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -321,7 +321,7 @@ class session
/* echo "<br />$sql";
echo "<br />$user_id :: " . sizeof($this->data) . " :: " . (int) is_array($this->data) . " :: " . $db->sql_numrows();
print_r($this->cookie_data);
- print_r($this->data);*/
+ print_r($this->data);
if ($this->data['user_id'] != ANONYMOUS)
{
@@ -345,6 +345,15 @@ class session
{
$this->data['session_last_visit'] = time();
}
+*/
+ if ($this->data['user_id'] != ANONYMOUS)
+ {
+ $this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
+ }
+ else
+ {
+ $this->data['session_last_visit'] = time();
+ }
// At this stage we should have a filled data array, defined cookie u and k data.
// data array should contain recent session info if we're a real user and a recent
@@ -867,6 +876,8 @@ class user extends session
// User has wrong style
if (!$this->theme && $style == $this->data['user_style'])
{
+ echo "HERE";
+ exit;
$style = $this->data['user_style'] = $config['default_style'];
$sql = 'UPDATE ' . USERS_TABLE . "
@@ -880,7 +891,7 @@ class user extends session
AND t.template_id = s.template_id
AND c.theme_id = s.theme_id
AND i.imageset_id = s.imageset_id";
- $result = $db->sql_query($sql);
+ $result = $db->sql_query($sql, 3600);
$this->theme = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
@@ -892,7 +903,7 @@ class user extends session
// Now parse the cfg file and cache it
$parsed_items = $cache->obtain_cfg_items($this->theme);
-
+
// We are only interested in the theme configuration for now
$parsed_items = $parsed_items['theme'];
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index e49edc0f7f..851c06c2b6 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -182,7 +182,7 @@ function compose_pm($id, $mode, $action)
$message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0;
$message_text = $post['message_text'];
$message_subject = $post['message_subject'];
- $quote_username = $post['quote_username'];
+ $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : '';
$message_time = $post['message_time'];
$icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0;
@@ -821,7 +821,7 @@ function compose_pm($id, $mode, $action)
*/
function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc)
{
- global $_REQUEST;
+ global $auth;
// Delete User [TO/BCC]
if ($remove_u)
@@ -853,6 +853,9 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
}
}
+ // User ID's to add...
+ $user_id_ary = array();
+
// Build usernames to add
$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '')) : array();
$username_list = request_var('username_list', '');
@@ -866,8 +869,31 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
{
$user_id_ary = array();
user_get_id_name($user_id_ary, $usernames);
+ }
+
+ // Add Friends if specified
+ $friend_list = (is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
+ $user_id_ary = array_merge($user_id_ary, $friend_list);
- if (sizeof($user_id_ary))
+ if (sizeof($user_id_ary))
+ {
+ // We need to check their PM status (do they want to receive PM's?)
+ // Only check if not a moderator or admin, since they are allowed to override this user setting
+ if (!$auth->acl_gets('a_', 'm_'))
+ {
+ $sql = 'SELECT user_id
+ FROM ' . USERS_TABLE . '
+ WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
+ AND user_allow_pm = 1';
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $address_list['u'][$row['user_id']] = $type;
+ }
+ $db->sql_freeresult($result);
+ }
+ else
{
foreach ($user_id_ary as $user_id)
{
@@ -875,16 +901,7 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
}
}
}
-
- // Add Friends if specified
- $friend_list = (is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
-
- foreach ($friend_list as $user_id)
- {
- $address_list['u'][$user_id] = $type;
- }
}
-
}
/**
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 342bdd06cf..55104a55c8 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -86,9 +86,27 @@ class ucp_profile
'user_email' => ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($email)) . strlen($email) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'],
- 'user_passchg' => time(),
+ 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $new_password) ? time() : 0,
);
+ if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $username != $user->data['username'])
+ {
+ add_log('admin', 'LOG_USER_UPDATE_NAME', $user->data['username'], $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $username);
+ }
+
+ if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
+ {
+ add_log('admin', 'LOG_USER_NEW_PASSWORD', $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
+ }
+
+ if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'])
+ {
+ add_log('admin', 'LOG_USER_UPDATE_EMAIL', $username, $user->data['user_email'], $email);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $username, $user->data['user_email'], $email);
+ }
+
if ($config['email_enable'] && $email != $user->data['user_email'] && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
{
include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php
index 76311ea9e6..99abeb7133 100644
--- a/phpBB/includes/ucp/ucp_zebra.php
+++ b/phpBB/includes/ucp/ucp_zebra.php
@@ -108,6 +108,29 @@ class ucp_zebra
unset($perms);
}
+ // Do not let add users to friends if the user is within the foes list of the to-be-added users
+ if ($mode == 'friends' && sizeof($user_id_ary))
+ {
+ $sql = 'SELECT user_id
+ FROM ' . ZEBRA_TABLE . '
+ WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
+ AND zebra_id = ' . $user->data['user_id'] . '
+ AND foe = 1';
+ $result = $db->sql_query($sql);
+
+ $remove_user_ids = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $remove_user_ids[] = $row['user_id'];
+ }
+
+ if (sizeof($remove_user_ids))
+ {
+ $user_id_ary = array_diff($user_id_ary, $remove_user_ids);
+ }
+ unset($remove_user_ids);
+ }
+
if (sizeof($user_id_ary))
{
$sql_mode = ($mode == 'friends') ? 'friend' : 'foe';
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-04 01:37:28 +0000