diff options
Diffstat (limited to 'phpBB/includes')
26 files changed, 699 insertions, 479 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index fa83da20b1..e2d8770066 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -266,7 +266,7 @@ class acp_attachments } $db->sql_freeresult($result); - // Delete Extension ? + // Delete Extension? $extension_id_list = (isset($_POST['extension_id_list'])) ? array_map('intval', $_POST['extension_id_list']) : array(); if (sizeof($extension_id_list)) @@ -292,7 +292,7 @@ class acp_attachments } } - // Add Extension ? + // Add Extension? $add_extension = strtolower(request_var('add_extension', '')); $add_extension_group = request_var('add_group_select', 0); $add = (isset($_POST['add_extension_check'])) ? true : false; @@ -1120,10 +1120,10 @@ class acp_attachments $exe = ((defined('PHP_OS')) && (preg_match('#win#i', PHP_OS))) ? '.exe' : ''; - if (empty($_ENV['MAGICK_HOME'])) + if (empty(getenv('MAGICK_HOME'))) { $locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/'); - $path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', $_ENV['PATH']))); + $path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH')))); $locations = array_merge($path_locations, $locations); @@ -1144,7 +1144,7 @@ class acp_attachments } else { - $imagick = str_replace('\\', '/', $_ENV['MAGICK_HOME']); + $imagick = str_replace('\\', '/', getenv('MAGICK_HOME')); } return $imagick; diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 55e4ceb9e8..b990f59ee9 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -258,7 +258,6 @@ class acp_board 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false), 'auth_download_pm' => array('lang' => 'ALLOW_DOWNLOAD_PM', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig_pm' => array('lang' => 'ALLOW_SIG_PM', 'type' => 'radio:yes_no', 'explain' => false), - 'auth_report_pm' => array('lang' => 'ALLOW_REPORT_PM', 'type' => 'radio:yes_no', 'explain' => false), 'auth_quote_pm' => array('lang' => 'ALLOW_QUOTE_PM', 'type' => 'radio:yes_no', 'explain' => false), 'print_pm' => array('lang' => 'ALLOW_PRINT_PM', 'type' => 'radio:yes_no', 'explain' => false), 'email_pm' => array('lang' => 'ALLOW_EMAIL_PM', 'type' => 'radio:yes_no', 'explain' => false), diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index 250b4db3bf..a43f87891b 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -559,9 +559,10 @@ class acp_permission_roles { $template->assign_block_vars('auth', array( 'CAT_NAME' => $user->lang['permission_cat'][$cat], - 'S_YES' => $cat_array['S_YES'], - 'S_NO' => $cat_array['S_NO'], - 'S_UNSET' => $cat_array['S_UNSET']) + + 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false, + 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false, + 'S_UNSET' => ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false) ); foreach ($cat_array['permissions'] as $permission => $allowed) diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php new file mode 100644 index 0000000000..8866a762e6 --- /dev/null +++ b/phpBB/includes/acp/acp_reasons.php @@ -0,0 +1,340 @@ +<?php +/** +* +* @package acp +* @version $Id$ +* @copyright (c) 2005 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* @package acp +*/ +class acp_reasons +{ + var $u_action; + + function main($id, $mode) + { + global $db, $user, $auth, $template, $cache; + global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + + $user->add_lang(array('mcp', 'acp/posting')); + + // Set up general vars + $action = request_var('action', ''); + $submit = (isset($_POST['submit'])) ? true : false; + $reason_id = request_var('id', 0); + + $this->tpl_name = 'acp_reasons'; + $this->page_title = 'ACP_REASONS'; + + // dumdidum... do i really need to do something mom? + $error = array(); + + switch ($action) + { + case 'add': + case 'edit': + + $reason_row = array( + 'reason_title' => request_var('reason_title', ''), + 'reason_description' => request_var('reason_description', '') + ); + + if ($submit) + { + // Reason specified? + if (!$reason_row['reason_title'] || !$reason_row['reason_description']) + { + $error[] = $user->lang['NO_REASON_INFO']; + } + + $check_double = ($action == 'add') ? true : false; + + if ($action == 'edit') + { + $sql = 'SELECT reason_title + FROM ' . REASONS_TABLE . " + WHERE reason_id = $reason_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row['reason_title'] == 'other') + { + $reason_row['reason_title'] = 'other'; + } + else if (strtolower($row['reason_title']) != strtolower($reason_row['reason_title'])) + { + $check_double = true; + } + } + + // Check for same reason if adding it... + if ($check_double) + { + $sql = 'SELECT reason_id + FROM ' . REASONS_TABLE . " + WHERE LOWER(reason_title) = '" . strtolower($reason_row['reason_title']) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + $error[] = $user->lang['REASON_ALREADY_EXIST']; + } + } + + if (!sizeof($error)) + { + // New reason? + if ($action == 'add') + { + // Get new order... + $sql = 'SELECT MAX(reason_order) as max_reason_order + FROM ' . REASONS_TABLE; + $result = $db->sql_query($sql); + $max_order = (int) $db->sql_fetchfield('max_reason_order', 0, $result); + $db->sql_freeresult($result); + + $sql_ary = array( + 'reason_title' => (string) $reason_row['reason_title'], + 'reason_description' => (string) $reason_row['reason_description'], + 'reason_order' => $max_order + 1 + ); + + $db->sql_query('INSERT INTO ' . REASONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); + + $log = 'ADDED'; + } + else if ($reason_id) + { + $sql_ary = array( + 'reason_title' => (string) $reason_row['reason_title'], + 'reason_description' => (string) $reason_row['reason_description'], + ); + + $db->sql_query('UPDATE ' . REASONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE reason_id = ' . $reason_id); + + $log = 'UPDATED'; + } + + add_log('admin', 'LOG_REASON_' . $log, $reason_row['reason_title']); + trigger_error($user->lang['REASON_' . $log] . adm_back_link($this->u_action)); + } + } + else if ($reason_id) + { + $sql = 'SELECT * + FROM ' . REASONS_TABLE . ' + WHERE reason_id = ' . $reason_id; + $result = $db->sql_query($sql); + $reason_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$reason_row) + { + trigger_error($user->lang['NO_REASON'] . adm_back_link($this->u_action)); + } + } + + $l_title = ($action == 'edit') ? 'EDIT' : 'ADD'; + + $translated = false; + + // If the reason is defined within the language file, we will use the localized version, else just use the database entry... + if (isset($user->lang['report_reasons']['TITLE'][strtoupper($reason_row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($reason_row['reason_title'])])) + { + $translated = true; + } + + $template->assign_vars(array( + 'L_TITLE' => $user->lang['REASON_' . $l_title], + 'U_ACTION' => $this->u_action . "&id=$reason_id&action=$action", + 'U_BACK' => $this->u_action, + 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '', + + 'REASON_TITLE' => $reason_row['reason_title'], + 'REASON_DESCRIPTION' => $reason_row['reason_description'], + + 'S_EDIT_REASON' => true, + 'S_TRANSLATED' => $translated, + 'S_ERROR' => (sizeof($error)) ? true : false, + ) + ); + + return; + break; + + case 'delete': + + $sql = 'SELECT * + FROM ' . REASONS_TABLE . ' + WHERE reason_id = ' . $reason_id; + $result = $db->sql_query($sql); + $reason_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$reason_row) + { + trigger_error($user->lang['NO_REASON'] . adm_back_link($this->u_action)); + } + + // Let the deletion be confirmed... + if (confirm_box(true)) + { + $sql = 'SELECT reason_id + FROM ' . REASONS_TABLE . " + WHERE reason_title = 'other'"; + $result = $db->sql_query($sql); + $other_reason_id = (int) $db->sql_fetchfield('reason_id', 0, $result); + $db->sql_freeresult($result); + + // Change the reports using this reason to 'other' + $sql = 'UPDATE ' . REPORTS_TABLE . ' + SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text) + WHERE reason_id = $reason_id"; + $db->sql_query($sql); + + $db->sql_query('DELETE FROM ' . REASONS_TABLE . ' WHERE reason_id = ' . $reason_id); + + add_log('admin', 'LOG_REASON_REMOVED', $reason_row['reason_title']); + trigger_error($user->lang['REASON_REMOVED'] . adm_back_link($this->u_action)); + } + else + { + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + 'i' => $id, + 'mode' => $mode, + 'action' => $action, + 'id' => $reason_id)) + ); + } + + break; + + case 'move_up': + case 'move_down': + + $order = request_var('order', 0); + $order_total = $order * 2 + (($action == 'move_up') ? -1 : 1); + + $sql = 'UPDATE ' . REASONS_TABLE . ' + SET reason_order = ' . $order_total . ' - reason_order + WHERE reason_order IN (' . $order . ', ' . (($action == 'move_up') ? $order - 1 : $order + 1) . ')'; + $db->sql_query($sql); + + break; + } + + // By default, check that order is valid and fix it if necessary + $sql = 'SELECT reason_id, reason_order + FROM ' . REASONS_TABLE . ' + ORDER BY reason_order'; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + $order = 0; + do + { + ++$order; + + if ($row['reason_order'] != $order) + { + $sql = 'UPDATE ' . REASONS_TABLE . " + SET reason_order = $order + WHERE reason_id = {$row['reason_id']}"; + $db->sql_query($sql); + } + } + while ($row = $db->sql_fetchrow($result)); + } + $db->sql_freeresult($result); + + $template->assign_vars(array( + 'U_ACTION' => $this->u_action, + ) + ); + + // Reason count + $sql = 'SELECT reason_id, COUNT(reason_id) AS reason_count + FROM ' . REPORTS_TABLE . ' + GROUP BY reason_id'; + $result = $db->sql_query($sql); + + $reason_count = array(); + while ($row = $db->sql_fetchrow($result)) + { + $reason_count[$row['reason_id']] = $row['reason_count']; + } + $db->sql_freeresult($result); + + $sql = 'SELECT * + FROM ' . REASONS_TABLE . ' + ORDER BY reason_order ASC'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $translated = false; + $other_reason = ($row['reason_title'] == 'other') ? true : false; + + // If the reason is defined within the language file, we will use the localized version, else just use the database entry... + if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) + { + $row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]; + $row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]; + + $translated = true; + } + + $template->assign_block_vars('reasons', array( + 'REASON_TITLE' => $row['reason_title'], + 'REASON_DESCRIPTION' => $row['reason_description'], + 'REASON_COUNT' => (isset($reason_count[$row['reason_id']])) ? $reason_count[$row['reason_id']] : 0, + + 'S_TRANSLATED' => $translated, + 'S_OTHER_REASON' => $other_reason, + + 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['reason_id'], + 'U_DELETE' => (!$other_reason) ? $this->u_action . '&action=delete&id=' . $row['reason_id'] : '', + 'U_MOVE_UP' => $this->u_action . '&action=move_up&order=' . $row['reason_order'], + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&order=' . $row['reason_order']) + ); + } + $db->sql_freeresult($result); + } +} + +/** +* @package module_install +*/ +class acp_reasons_info +{ + function module() + { + return array( + 'filename' => 'acp_reasons', + 'title' => 'ACP_REASONS', + 'version' => '1.0.0', + 'modes' => array( + 'main' => array('title' => 'ACP_MANAGE_REASONS', 'auth' => 'acl_a_reasons'), + ), + ); + } + + function install() + { + } + + function uninstall() + { + } +} + +?>
\ No newline at end of file diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 999336ceb9..299faba5be 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -997,7 +997,6 @@ class acp_users 'notifypm' => true, 'popuppm' => false, 'allowpm' => true, - 'report_pm_notify' => false, 'topic_sk' => (string) 't', 'topic_sd' => (string) 'd', @@ -1041,7 +1040,6 @@ class acp_users if (!sizeof($error)) { $this->optionset($user_row, 'popuppm', $data['popuppm']); - $this->optionset($user_row, 'report_pm_notify', $data['report_pm_notify']); $this->optionset($user_row, 'viewimg', $data['view_images']); $this->optionset($user_row, 'viewflash', $data['view_flash']); $this->optionset($user_row, 'viewsmilies', $data['view_smilies']); @@ -1176,7 +1174,6 @@ class acp_users 'NOTIFY_BOTH' => ($notify_method == NOTIFY_BOTH) ? true : false, 'NOTIFY_PM' => (isset($data['notifypm'])) ? $data['notifypm'] : $user_row['user_notify_pm'], 'POPUP_PM' => (isset($data['popuppm'])) ? $data['popuppm'] : $this->optionget($user_row, 'popuppm'), - 'REPORT_PM_NOTIFY' => (isset($data['report_pm_notify'])) ? $data['report_pm_notify'] : $this->optionget($user_row, 'report_pm_notify'), 'DST' => (isset($data['dst'])) ? $data['dst'] : $user_row['user_dst'], 'BBCODE' => (isset($data['bbcode'])) ? $data['bbcode'] : $this->optionget($user_row, 'bbcode'), 'SMILIES' => (isset($data['smilies'])) ? $data['smilies'] : $this->optionget($user_row, 'smilies'), diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 8f47a6dc71..73427a92f4 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -305,6 +305,12 @@ class auth_admin extends auth $s_role_js_array = array(); while ($row = $db->sql_fetchrow($result)) { + $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); + if ($flag == $row['auth_option']) + { + continue; + } + if (!isset($s_role_js_array[$row['role_id']])) { $s_role_js_array[$row['role_id']] = "\n" . 'role_options[' . $row['role_id'] . '] = new Array();' . "\n"; @@ -687,7 +693,7 @@ class auth_admin extends auth list(, $flag) = each(array_keys($auth)); $flag = substr($flag, 0, strpos($flag, '_') + 1); - // This ID (the any-flag) is only set if roles are assigned - this makes it very easy to determine the correct roles + // This ID (the any-flag) is set if one or more permissions are true... $any_option_id = (int) $this->option_ids[$flag]; // Remove any-flag from auth ary @@ -709,6 +715,38 @@ class auth_admin extends auth AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')'; $db->sql_query($sql); + // Remove those having a role assigned... the correct type of course... + $sql = 'SELECT role_id + FROM ' . ACL_ROLES_TABLE . " + WHERE role_type = '" . $db->sql_escape($flag) . "'"; + $result = $db->sql_query($sql); + + $role_ids = array(); + while ($row = $db->sql_fetchrow($result)) + { + $role_ids[] = $row['role_id']; + } + $db->sql_freeresult($result); + + if (sizeof($role_ids)) + { + $sql = "DELETE FROM $table + WHERE forum_id $forum_sql + AND $id_field $ug_id_sql + AND auth_option_id = 0 + AND auth_role_id IN (" . implode(', ', $role_ids) . ')'; + $db->sql_query($sql); + } + + // Ok, include the any-flag if one or more auth options are set to yes... + foreach ($auth as $auth_option => $setting) + { + if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO)) + { + $auth[$flag] = ACL_YES; + } + } + $sql_ary = array(); foreach ($forum_id as $forum) { @@ -721,7 +759,7 @@ class auth_admin extends auth $sql_ary[] = array( $id_field => (int) $id, 'forum_id' => (int) $forum, - 'auth_option_id' => $any_option_id, + 'auth_option_id' => 0, 'auth_setting' => 0, 'auth_role_id' => $role_id ); @@ -781,6 +819,25 @@ class auth_admin extends auth { global $db; + // Get any-flag as required + list(, $flag) = each(array_keys($auth)); + $flag = substr($flag, 0, strpos($flag, '_') + 1); + + // Remove any-flag from auth ary + if (isset($auth[$flag])) + { + unset($auth[$flag]); + } + + // Re-set any flag... + foreach ($auth as $auth_option => $setting) + { + if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO)) + { + $auth[$flag] = ACL_YES; + } + } + // Remove current auth options... $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' WHERE role_id = ' . $role_id; @@ -867,9 +924,10 @@ class auth_admin extends auth // First of all, lets grab the items having roles with the specified auth options assigned $sql = "SELECT auth_role_id, $id_field, forum_id - FROM $table + FROM $table, " . ACL_ROLES_TABLE . " r WHERE auth_role_id <> 0 - AND auth_option_id = {$auth_id_ary[$permission_type]} + AND auth_role_id = r.role_id + AND r.role_type = '{$permission_type}' AND " . implode(' AND ', $where_sql) . ' ORDER BY auth_role_id'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 80e57f1254..fa2cc160b0 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -371,9 +371,9 @@ class auth // If one option is allowed, the global permission for this option has to be allowed too // example: if the user has the a_ permission this means he has one or more a_* permissions - if ($auth_ary[$opt] == ACL_YES && !isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || !$bitstring[$this->acl_options[$ary_key][$option_key]]) + if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NO)) { - $bitstring[$this->acl_options[$ary_key][$option_key]] = 1; + $bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES; } } else @@ -523,6 +523,22 @@ class auth { $setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting']; $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting; + + // Check for existence of ACL_YES if an option got set to NO + if ($setting == ACL_NO) + { + $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); + + if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES) + { + unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]); + + if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']])) + { + $hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES; + } + } + } } } $db->sql_freeresult($result); @@ -641,16 +657,29 @@ class auth { $login = $method($username, $password); - // If login returned anything other than an array there was an error - if (!is_array($login)) + // If login succeeded, we will log the user in... else we pass the login array through... + if ($login['status'] == LOGIN_SUCCESS) { - /** - * @todo Login Attempt++ - */ - return $login; + $result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline); + + // Successful session creation + if ($result === true) + { + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $login['user_row'], + ); + } + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $result, + 'user_row' => $login['user_row'], + ); } - - return $user->session_create($login['user_id'], $admin, $autologin, $viewonline); + + return $login; } } diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 42e1ac7c1f..a53ae0e819 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -24,22 +24,114 @@ function login_db(&$username, &$password) { global $db, $config; - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($username) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($row) + if (!$row) { - if (md5($password) == $row['user_password']) + return array( + 'status' => LOGIN_ERROR_USERNAME, + 'error_msg' => 'LOGIN_ERROR_USERNAME', + 'user_row' => array('user_id' => ANONYMOUS), + ); + } + + // If there are too much login attempts, we need to check for an confirm image + // Every auth module is able to define what to do by itself... + if ($config['max_login_attempts'] && $row['user_login_attempts'] > $config['max_login_attempts']) + { + $confirm_id = request_var('confirm_id', ''); + $confirm_code = request_var('confirm_code', ''); + + // Visual Confirmation handling + if (!$confirm_id) { - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row; + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => $row, + ); + } + else + { + global $user; + + $sql = 'SELECT code + FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_LOGIN; + $result = $db->sql_query($sql); + $confirm_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($confirm_row) + { + if ($confirm_row['code'] != $confirm_code) + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'CONFIRM_CODE_WRONG', + 'user_row' => $row, + ); + } + else + { + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_LOGIN; + $db->sql_query($sql); + } + } + else + { + return array( + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'CONFIRM_CODE_WRONG', + 'user_row' => $row, + ); + } } } - return false; + // Password correct... + if (md5($password) == $row['user_password']) + { + // Successful, reset login attempts (the user passed all stages) + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); + + // User inactive... + if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + { + return array( + 'status' => LOGIN_ERROR_ACTIVE, + 'error_msg' => 'ACTIVE_ERROR', + 'user_row' => $row, + ); + } + + // Successful login... set user_login_attempts to zero... + return array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => $row, + ); + } + + // Password incorrect - increase login attempts + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']); + + // Give status about wrong password... + return array( + 'status' => LOGIN_ERROR_PASSWORD, + 'error_msg' => 'LOGIN_ERROR_PASSWORD', + 'user_row' => $row, + ); } ?>
\ No newline at end of file diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 82eb84d9b6..de7deb679b 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -35,6 +35,15 @@ define('ACL_NO', 0); define('ACL_YES', 1); define('ACL_UNSET', -1); +// Login error codes +define('LOGIN_CONTINUE', 1); +define('LOGIN_BREAK', 2); +define('LOGIN_SUCCESS', 3); +define('LOGIN_ERROR_USERNAME', 10); +define('LOGIN_ERROR_PASSWORD', 11); +define('LOGIN_ERROR_ACTIVE', 12); +define('LOGIN_ERROR_ATTEMPTS', 13); + // Group settings define('GROUP_OPEN', 0); define('GROUP_CLOSED', 1); @@ -83,19 +92,23 @@ define('PRIVMSGS_OUTBOX', -2); define('PRIVMSGS_SENTBOX', -1); define('PRIVMSGS_INBOX', 0); -// Report Types -define('REPORT_POST', 1); -define('REPORT_GENERAL', 2); - // Full Folder Actions define('FULL_FOLDER_NONE', -3); define('FULL_FOLDER_DELETE', -2); define('FULL_FOLDER_HOLD', -1); +// Reason types +define('REPORT_REASON_SPECIAL', 1); +define('REPORT_REASON_NORMAL', 2); + // Download Modes - Attachments define('INLINE_LINK', 1); define('PHYSICAL_LINK', 2); +// Confirm types +define('CONFIRM_REG', 1); +define('CONFIRM_LOGIN', 2); + // Categories - Attachments define('ATTACHMENT_CATEGORY_NONE', 0); define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e75ba650f0..569f3d08a9 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -136,11 +136,11 @@ function gen_rand_string($num_chars) * Return unique id * @param $extra additional entropy for call to mt_srand */ -function unique_id($extra = 0) +function unique_id($extra = 0, $prefix = false) { list($usec, $sec) = explode(' ', microtime()); mt_srand((float) $extra + (float) $sec + ((float) $usec * 100000)); - return uniqid(mt_rand(), true); + return uniqid(($prefix === false) ? mt_rand() : $prefix, true); } if (!function_exists('array_combine')) @@ -1318,7 +1318,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $admin = ($admin) ? 1 : 0; // If authentication is successful we redirect user to previous page - if (($result = $auth->login($username, $password, $autologin, $viewonline, $admin)) === true) + $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + + // The result parameter is always an array, holding the relevant informations... + if ($result['status'] == LOGIN_SUCCESS) { // If admin authentication if ($admin) @@ -1329,7 +1332,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } else { + // Authenticated, but not having admin permissions add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); + trigger_error('NO_AUTH_ADMIN'); } } @@ -1340,19 +1345,57 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error($message); } + // The user wanted to re-authenticate, but something failed - log this if ($admin) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } - // If we get a non-numeric (e.g. string) value we output an error - if (is_string($result)) + // Something failed, determine what... + if ($result['status'] == LOGIN_BREAK) { - trigger_error($result, E_USER_ERROR); + trigger_error($result['error_msg'], E_USER_ERROR); } - // If we get an integer zero then we are inactive, else the username/password is wrong - $err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] : $user->lang['LOGIN_ERROR']; + // Special cases... determine + switch ($result['status']) + { + case LOGIN_ERROR_ATTEMPTS: + + // Show confirm image + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_LOGIN; + $db->sql_query($sql); + + // Generate code + $code = gen_rand_string(mt_rand(5, 8)); + $confirm_id = md5(unique_id(0, $user->ip)); + + $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'confirm_id' => (string) $confirm_id, + 'session_id' => (string) $user->session_id, + 'confirm_type' => (int) CONFIRM_LOGIN, + 'code' => (string) $code) + ); + $db->sql_query($sql); + + $template->assign_vars(array( + 'S_CONFIRM_CODE' => true, + 'CONFIRM_ID' => $confirm_id, + 'CONFIRM_IMAGE' => '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN . '" alt="" title="" />', + 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), + )); + + $err = $user->lang[$result['error_msg']]; + + break; + + // Username, password, etc... + default: + $err = $user->lang[$result['error_msg']]; + break; + } } if (!$redirect) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 3812a3719e..8391fcffc4 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -457,7 +457,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) { $forum_ids[] = $row['forum_id']; - sync('reported', 'topic_id', $topic_ids); + sync('topic_reported', 'topic_id', $topic_ids); sync('topic', 'topic_id', $topic_ids, true); sync('forum', 'forum_id', $forum_ids, true); } @@ -609,7 +609,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true) if ($auto_sync) { - sync('reported', 'topic_id', $topic_ids); + sync('topic_reported', 'topic_id', $topic_ids); sync('topic', 'topic_id', $topic_ids, true); sync('forum', 'forum_id', $forum_ids, true); } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 775805f26a..78dba728cf 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -893,4 +893,35 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ // $totaltime = $mtime[0] + $mtime[1] - $starttime; } +/** +* Display reasons +*/ +function display_reasons($reason_id = 0) +{ + global $db, $user, $template; + + $sql = 'SELECT * + FROM ' . REASONS_TABLE . ' + ORDER BY reason_order ASC'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + // If the reason is defined within the language file, we will use the localized version, else just use the database entry... + if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) + { + $row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]; + $row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]; + } + + $template->assign_block_vars('reason', array( + 'ID' => $row['reason_id'], + 'TITLE' => $row['reason_title'], + 'DESCRIPTION' => $row['reason_description'], + 'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false) + ); + } + $db->sql_freeresult($result); +} + ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 21e61cc010..f913343d34 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -299,7 +299,7 @@ class messenger $headers .= 'Return-Path: <' . $config['board_email'] . ">\n"; $headers .= 'Sender: <' . $config['board_email'] . ">\n"; $headers .= "MIME-Version: 1.0\n"; - $headers .= 'Message-ID: <' . md5(uniqid(time())) . "@" . $config['server_name'] . ">\n"; + $headers .= 'Message-ID: <' . md5(uniqe_id(0, time())) . "@" . $config['server_name'] . ">\n"; $headers .= 'Date: ' . gmdate('D, d M Y H:i:s T', time()) . "\n"; $headers .= "Content-type: text/plain; charset={$this->encoding}\n"; $headers .= "Content-transfer-encoding: 8bit\n"; diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index a7e8dcd884..ffe81a58b4 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -33,7 +33,6 @@ define('RULE_IS_USER', 9); // Is User define('RULE_IS_GROUP', 10); // Is In Usergroup define('RULE_ANSWERED', 11); // Answered define('RULE_FORWARDED', 12); // Forwarded -define('RULE_REPORTED', 13); // Reported define('RULE_TO_GROUP', 14); // Usergroup define('RULE_TO_ME', 15); // Me @@ -78,7 +77,6 @@ $global_privmsgs_rules = array( CHECK_STATUS => array( RULE_ANSWERED => array('check0' => 'replied', 'function' => '{CHECK0} == 1'), RULE_FORWARDED => array('check0' => 'forwarded', 'function' => '{CHECK0} == 1'), - RULE_REPORTED => array('check0' => 'message_reported', 'function' => '{CHECK0} == 1')), CHECK_TO => array( RULE_TO_GROUP => array('check0' => 'to', 'check1' => 'bcc', 'check2' => 'user_in_group', 'function' => 'in_array("g_" . {CHECK2}, {CHECK0}) || in_array("g_" . {CHECK2}, {CHECK1})'), diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a3109c0ef4..f24edb1dea 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -91,6 +91,12 @@ class filespec switch ($mode) { case 'real': + // Remove every extension from filename (to not let the mime bug being exposed) + if (strpos($this->realname, '.') !== false) + { + $this->realname = substr($this->realname, 0, strpos($this->realname, '.')); + } + // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); @@ -575,7 +581,7 @@ class fileupload unset($url_ary); $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); + $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 0143957223..a7e71d6e97 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -964,7 +964,7 @@ class mcp_main_info 'version' => '1.0.0', 'modes' => array( 'forum_view' => array('title' => 'MCP_MAIN_FORUM_VIEW', 'auth' => 'acl_m_,$id'), - 'front' => array('title' => 'MCP_MAIN_FRONT', 'auth' => ''), + 'front' => array('title' => 'MCP_MAIN_FRONT', 'auth' => 'acl_m_'), 'post_details' => array('title' => 'MCP_MAIN_POST_DETAILS', 'auth' => 'acl_m_,$id'), 'topic_view' => array('title' => 'MCP_MAIN_TOPIC_VIEW', 'auth' => 'acl_m_,$id'), ), diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 05758b9bf2..5dfb5947f9 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -165,10 +165,17 @@ function mcp_post_details($id, $mode, $action) do { + // If the reason is defined within the language file, we will use the localized version, else just use the database entry... + if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) + { + $row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]; + $row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]; + } + $template->assign_block_vars('reports', array( 'REPORT_ID' => $row['report_id'], - 'REASON_TITLE' => $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_name'])], - 'REASON_DESC' => $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_name'])], + 'REASON_TITLE' => $row['reason_title'], + 'REASON_DESC' => $row['reason_description'], 'REPORTER' => ($row['user_id'] != ANONYMOUS) ? $row['username'] : $user->lang['GUEST'], 'U_REPORTER' => ($row['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['user_id']}" : '', 'USER_NOTIFY' => ($row['user_notify']) ? true : false, diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 7884298380..e447184b55 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -542,23 +542,25 @@ function disapprove_post($post_id_list, $mode) if ($reason_id) { - $sql = 'SELECT reason_name + $sql = 'SELECT reason_title, reason_description FROM ' . REASONS_TABLE . " WHERE reason_id = $reason_id"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result)) || (!$reason && $row['reason_name'] == 'other')) + if (!$row || (!$reason && $row['reason_title'] == 'other')) { $additional_msg = 'Please give an appropiate reason for disapproval'; unset($_POST['confirm']); } else { - $disapprove_reason = ($row['reason_name'] != 'other') ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_name'])] : ''; + // If the reason is defined within the language file, we will use the localized version, else just use the database entry... + $disapprove_reason = ($row['reason_title'] != 'other') ? ((isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description']) : ''; $disapprove_reason .= ($reason) ? "\n\n" . $_REQUEST['reason'] : ''; unset($reason); } - $db->sql_freeresult($result); } if (confirm_box(true)) @@ -683,27 +685,9 @@ function disapprove_post($post_id_list, $mode) } else { - $sql = 'SELECT * - FROM ' . REASONS_TABLE . ' - ORDER BY reason_priority ASC'; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - $row['reason_name'] = strtoupper($row['reason_name']); + include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx); - $reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name'])); - - $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_desc']; - - $template->assign_block_vars('reason', array( - 'ID' => $row['reason_id'], - 'NAME' => htmlspecialchars($reason_title), - 'DESCRIPTION' => htmlspecialchars($reason_desc), - 'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false) - ); - } - $db->sql_freeresult($result); + display_reasons($reason_id); $template->assign_vars(array( 'S_NOTIFY_POSTER' => true, diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 5888d579f1..354a77bcec 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -773,7 +773,7 @@ class user extends session var $img_lang; // Able to add new option (id 7) - var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'report_pm_notify' => 11); + var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10); var $keyvalues = array(); function setup($lang_set = false, $style = false) diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index a67de99e03..b592181a35 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -314,7 +314,7 @@ class template // Now we add the block that we're actually assigning to. // We're adding a new iteration to this block with the given // variable assignments. - $str[$blocks[$blockcount]][] = &$vararray; + $str[$blocks[$blockcount]][] = $vararray; } else { @@ -337,7 +337,7 @@ class template // Add a new iteration to this block with the variable assignments // we were given. - $this->_tpldata[$blockname][] = &$vararray; + $this->_tpldata[$blockname][] = $vararray; } return true; @@ -349,7 +349,7 @@ class template * Some Examples: * <code> * - * alter_block_array('loop', $varrarray); // Insert vararray at the end + * alter_block_array('loop', $vararray); // Insert vararray at the beginning * alter_block_array('loop', $vararray, 2); // Insert vararray at position 2 * alter_block_array('loop', $vararray, array('KEY' => 'value')); // Insert vararray at the position where the key 'KEY' has the value of 'value' * alter_block_array('loop', $vararray, false); // Insert vararray at first position @@ -447,7 +447,7 @@ class template // Insert vararray at given position $vararray['S_ROW_COUNT'] = $key; - $this->_tpldata[$blockname][$key] = &$vararray; + $this->_tpldata[$blockname][$key] = $vararray; return true; } @@ -460,7 +460,7 @@ class template $key--; } - $this->_tpldata[$blockname][$key] = array_merge($this->_tpldata[$blockname][$key], &$vararray); + $this->_tpldata[$blockname][$key] = array_merge($this->_tpldata[$blockname][$key], $vararray); return true; } } diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 831ea92dcc..2edf124b82 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -28,8 +28,9 @@ class ucp_confirm // Do we have an id? No, then just exit $confirm_id = request_var('id', ''); + $type = request_var('type', 0); - if (!$confirm_id) + if (!$confirm_id || !$type) { exit; } @@ -38,7 +39,8 @@ class ucp_confirm $sql = 'SELECT code FROM ' . CONFIRM_TABLE . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_id = '" . $db->sql_escape($confirm_id) . "'"; + AND confirm_id = '" . $db->sql_escape($confirm_id) . "' + AND confirm_type = $type"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index b64adc53b0..3616e06c77 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -29,7 +29,7 @@ function view_folder($id, $mode, $folder_id, $folder, $type) $icons = array(); $cache->obtain_icons($icons); - $color_rows = array('marked', 'replied', 'message_reported', 'friend', 'foe'); + $color_rows = array('marked', 'replied', 'friend', 'foe'); foreach ($color_rows as $var) { @@ -167,14 +167,11 @@ function view_folder($id, $mode, $folder_id, $folder, $type) 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', 'ATTACH_ICON_IMG' => ($auth->acl_get('u_download') && $row['message_attachment'] && $config['allow_pm_attach'] && $config['auth_download_pm']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', - 'S_PM_REPORTED' => (!empty($row['message_reported']) && $auth->acl_get('m_')) ? true : false, 'S_PM_DELETED' => ($row['deleted']) ? true : false, 'U_VIEW_PM' => ($row['deleted']) ? '' : $view_message_url, 'U_REMOVE_PM' => ($row['deleted']) ? $remove_message_url : '', - 'RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode(', ', $address_list[$message_id]) : '', - 'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx?sid={$user->session_id}&i=reports&pm=$message_id") - // 'U_MCP_QUEUE' => "mcp.$phpEx?sid={$user->session_id}&i=mod_queue&t=$topic_id") + 'RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode(', ', $address_list[$message_id]) : '') ); } unset($folder_info['rowset']); @@ -437,8 +434,6 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder') 'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('btn_locked', 'PM_LOCKED') : $user->img('btn_post_pm', 'POST_PM'), - 'REPORTED_IMG' => $user->img('icon_reported', 'MESSAGE_REPORTED'), - 'L_NO_MESSAGES' => (!$auth->acl_get('u_sendpm')) ? $user->lang['POST_PM_LOCKED'] : $user->lang['NO_MESSAGES'], 'S_SELECT_SORT_DIR' => $s_sort_dir, @@ -476,7 +471,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder') $sql_start = $start; } - $sql = 'SELECT t.*, p.author_id, p.root_level, p.message_time, p.message_subject, p.icon_id, p.message_reported, p.to_address, p.message_attachment, p.bcc_address, u.username + $sql = 'SELECT t.*, p.author_id, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u WHERE t.user_id = $user_id AND p.author_id = u.user_id diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index aec007a36b..8b9d4d859d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -164,8 +164,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'S_ONLINE' => (!$config['load_onlinetrack']) ? false : ((isset($user_info['online']) && $user_info['online']) ? true : false), 'DELETE_IMG' => $user->img('btn_delete', $user->lang['DELETE_MESSAGE']), 'INFO_IMG' => $user->img('btn_info', $user->lang['VIEW_PM_INFO']), - 'REPORT_IMG' => $user->img('btn_report', $user->lang['REPORT_PM']), - 'REPORTED_IMG' => $user->img('icon_reported', $user->lang['MESSAGE_REPORTED_MESSAGE']), 'PROFILE_IMG' => $user->img('btn_profile', $user->lang['READ_PROFILE']), 'EMAIL_IMG' => $user->img('btn_email', $user->lang['SEND_EMAIL']), 'QUOTE_IMG' => $user->img('btn_quote', $user->lang['POST_QUOTE_PM']), @@ -179,9 +177,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'SIGNATURE' => ($message_row['enable_sig']) ? $signature : '', 'EDITED_MESSAGE' => $l_edited_by, - 'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx$SID&mode=pm_details&p=" . $message_row['msg_id'], - 'U_REPORT' => ($config['auth_report_pm'] && $auth->acl_get('u_pm_report')) ? "{$phpbb_root_path}report.$phpEx$SID&pm=" . $message_row['msg_id'] : '', - 'U_INFO' => ($auth->acl_get('m_') && ($message_row['message_reported'] || $message_row['forwarded'])) ? "{$phpbb_root_path}mcp.$phpEx$SID&mode=pm_details&p=" . $message_row['msg_id'] : '', + 'U_INFO' => ($auth->acl_get('m_') && $message_row['forwarded']) ? "{$phpbb_root_path}mcp.$phpEx$SID&mode=pm_details&p=" . $message_row['msg_id'] : '', 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_AUTHOR_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $author_id, 'U_EMAIL' => $user_info['email'], @@ -191,7 +187,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_PREVIOUS_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=previous", 'U_NEXT_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=next", - 'S_MESSAGE_REPORTED'=> ($message_row['message_reported'] && $auth->acl_get('m_')) ? true : false, 'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false, 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index c58caa7ef0..fd79225c6d 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -42,7 +42,6 @@ class ucp_prefs 'notifypm' => true, 'popuppm' => false, 'allowpm' => true, - 'report_pm_notify' => false ); foreach ($var_ary as $var => $default) @@ -63,7 +62,6 @@ class ucp_prefs if (!sizeof($error)) { $user->optionset('popuppm', $popuppm); - $user->optionset('report_pm_notify', $report_pm_notify); $sql_ary = array( 'user_allow_pm' => $allowpm, @@ -113,9 +111,6 @@ class ucp_prefs $popuppm = (isset($popuppm)) ? $popuppm : $user->optionget('popuppm'); $popup_pm_yes = ($popuppm) ? ' checked="checked"' : ''; $popup_pm_no = (!$popuppm) ? ' checked="checked"' : ''; - $report_pm_notify = (isset($report_pm_notify)) ? $report_pm_notify : $user->optionget('report_pm_notify'); - $report_pm_notify_yes = ($report_pm_notify) ? ' checked="checked"' : ''; - $report_pm_notify_no = (!$report_pm_notify) ? ' checked="checked"' : ''; $dst = (isset($dst)) ? $dst : $user->data['user_dst']; $dst_yes = ($dst) ? ' checked="checked"' : ''; $dst_no = (!$dst) ? ' checked="checked"' : ''; @@ -160,8 +155,6 @@ class ucp_prefs 'NOTIFY_PM_NO' => $notify_pm_no, 'POPUP_PM_YES' => $popup_pm_yes, 'POPUP_PM_NO' => $popup_pm_no, - 'REPORT_PM_YES' => $report_pm_notify_yes, - 'REPORT_PM_NO' => $report_pm_notify_no, 'DST_YES' => $dst_yes, 'DST_NO' => $dst_no, 'NOTIFY_EMAIL' => ($notifymethod == NOTIFY_EMAIL) ? 'checked="checked"' : '', diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 42a203884f..57f6a32de8 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -150,7 +150,8 @@ class ucp_register $sql = 'SELECT code FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "'"; + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_REG; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -164,7 +165,8 @@ class ucp_register { $sql = 'DELETE FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "'"; + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_REG; $db->sql_query($sql); } } @@ -401,14 +403,16 @@ class ucp_register while ($row = $db->sql_fetchrow($result)); $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' - WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')'; + WHERE session_id NOT IN (' . implode(', ', $sql_in) . ') + AND confirm_type = ' . CONFIRM_REG; $db->sql_query($sql); } $db->sql_freeresult($result); $sql = 'SELECT COUNT(session_id) AS attempts FROM ' . CONFIRM_TABLE . " - WHERE session_id = '" . $db->sql_escape($user->session_id) . "'"; + WHERE session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . CONFIRM_REG; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -421,18 +425,18 @@ class ucp_register $db->sql_freeresult($result); $code = gen_rand_string(mt_rand(5, 8)); - - $confirm_id = md5(uniqid($user->ip)); + $confirm_id = md5(unique_id(0, $user->ip)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, + 'confirm_type' => (int) CONFIRM_REG, 'code' => (string) $code) ); $db->sql_query($sql); } - $confirm_image = "<img src=\"ucp.$phpEx$SID&mode=confirm&id=$confirm_id\" alt=\"\" title=\"\" />"; + $confirm_image = '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; } diff --git a/phpBB/includes/ucp/ucp_reports.php b/phpBB/includes/ucp/ucp_reports.php deleted file mode 100755 index 6fe1b2342a..0000000000 --- a/phpBB/includes/ucp/ucp_reports.php +++ /dev/null @@ -1,367 +0,0 @@ -<?php -/** -* -* @package ucp -* @version $Id$ -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License -* -*/ - -/** -* @package ucp -* ucp_reports -*/ -class ucp_reports -{ - function main($id, $mode) - { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; - - switch ($mode) - { - case 'list': - $this->ucp_reports_list($id, $mode); - break; - case 'report': - $this->ucp_reports_report($id, $mode); - break; - } - } - - function ucp_reports_list($id, $mode) - { - global $db, $user, $config, $template; - - $sql = "SELECT - r.report_id, r.report_time, r.report_status, - p.post_id, p.poster_id, - t.topic_id, t.topic_title, - f.forum_id, f.forum_name, - u.username - FROM " . - REPORTS_TABLE . " r - LEFT JOIN " . POSTS_TABLE . " p USING (post_id) - LEFT JOIN " . TOPICS_TABLE . " t USING (topic_id) - LEFT JOIN " . FORUMS_TABLE . " f USING (forum_id)," . - REASONS_TABLE . " re, " . - USERS_TABLE . " u - WHERE - p.poster_id = u.user_id - && r.reason_id = re.reason_id - && r.user_id = " . $user->data['user_id'] . " - ORDER BY - report_time DESC"; - - $start = request_var('start', 0); - $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); - - while ($row = $db->sql_fetchrow($result)) - { - if ($row['poster_id'] == ANONYMOUS) - { - $poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST']; - } - else - { - $poster = $row['username']; - } - - $template->assign_block_vars('report', array( - 'U_FORUM' => "mcp.$phpEx$SID&i=report&mode=&f={$row['forum_id']}", - // Q: Why accessing the topic by a post_id instead of its topic_id? - // A: To prevent the post from being hidden because of wrong encoding or different charset - 'U_REPORT_TOPIC' => "mcp.$phpEx$SID&i=report&mode=report_view_topic&t={$row['topic_id']}", - 'U_VIEW_DETAILS'=> "mcp.$phpEx$SID&i=queue&start=$start&mode=approve_details&f={$forum_id}&p={$row['post_id']}", - 'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? "memberlist.$phpEx$SID&mode=viewprofile&u={$row['poster_id']}" : '', - - 'REPORT_COUNT' => $row['report_count'], - 'FORUM_NAME' => $row['forum_name'], - 'TOPIC_TITLE' => $row['topic_title'], - 'POSTER' => $poster, - 'REPORT_TIME' => $user->format_date($row['report_time']), - ) - ); - } - $db->sql_freeresult($result); - - - $this->tpl_name = 'ucp_reports_list'; - } - - function ucp_reports_report($id, $mode) - { - global $db, $user, $config, $template, $auth; - - $post_id = request_var('p', 0); - $report_type = ($post_id > 0) ? REPORT_POST : REPORT_GENERAL; - - // Insert or update report in the database if a form has been submitted - if (isset($_POST['submit'])) - { - $report_id = request_var('report_id', 0); - $reason_id = request_var('reason_id', 0); - $user_notify = (!empty($_REQUEST['notify']) && $user->data['is_registered']) ? true : false; - $report_text = request_var('report_text', ''); - - $sql = 'SELECT reason_name - FROM ' . REASONS_TABLE . " - WHERE reason_id = $reason_id"; - $result = $db->sql_query($sql); - - // TODO: 'other' is used as a special value. Make sure that you can't remove this in the admin. - if (!($row = $db->sql_fetchrow($result)) || (!$report_text && $row['reason_name'] == 'other')) - { - trigger_error('EMPTY_REPORT'); - } - $db->sql_freeresult($result); - - if (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) - { - $reason_desc = $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']]; - } - else - { - $reason_desc = $row['reason_name']; - } - - $sql_ary = array( - 'reason_id' => (int) $reason_id, - 'reason_type' => (int) $report_type, - 'post_id' => (int) $post_id, - 'user_id' => (int) $user->data['user_id'], - 'user_notify' => (int) $user_notify, - 'report_time' => (int) time(), - 'report_text' => (string) $report_text // TODO: Add some BBcode magic - ); - - if ($report_id) - { - $sql = 'UPDATE ' . REPORTS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE report_id = ' . $report_id . ' user_id = ' . $user->data['user_id']; - $db->sql_query($sql); - if ($db->sql_affectedrows() == 0) - { - // TODO: i18n? - trigger_error("You tried to change a report that isn't yours."); - } - } - else - { - $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . - $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - $report_id = $db->sql_nextid(); - } - - if (!$report_data['post_reported']) - { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_reported = 1 - WHERE post_id = ' . $id; - $db->sql_query($sql); - } - - if (!$report_data['topic_reported']) - { - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_reported = 1 - WHERE topic_id = ' . $report_data['topic_id']; - $db->sql_query($sql); - } - - // Send Notifications - // All persons get notified about a new report, if notified by PM, send out email notifications too - - // Send notifications to moderators - $acl_list = $auth->acl_get_list(false, array('m_', 'a_'), array(0, $report_data['forum_id'])); - $notify_user = $acl_list[$report_data['forum_id']]['m_']; - $notify_user = array_unique(array_merge($notify_user, $acl_list[0]['a_'])); - unset($acl_list); - - // How to notify them? - $sql = 'SELECT user_id, username, user_options, user_lang, user_email, user_notify_type, user_jabber - FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $notify_user) . ')'; - $result = $db->sql_query($sql); - - $notify_user = array(); - while ($row = $db->sql_fetchrow($result)) - { - $notify_user[$row['user_id']] = array( - 'name' => $row['username'], - 'email' => $row['user_email'], - 'jabber'=> $row['user_jabber'], - 'lang' => $row['user_lang'], - 'notify_type' => $row['user_notify_type'], - - 'pm' => $user->optionget('report_pm_notify', $row['user_options']) - ); - } - $db->sql_freeresult($result); - - $report_data = array( - 'id' => $id, - 'report_id' => $report_id, - 'reporter' => $user->data['username'], - 'reason' => $reason_desc, - 'text' => $report_text, - 'subject' => $report_data['post_subject'], - 'view_post' => ($report_type == REPORT_POST) ? "viewtopic.$phpEx?f={$report_data['forum_id']}&t={$report_data['topic_id']}&p=$id&e=$id" : '' - ); - - report_notification($notify_user, $report_type, $report_data); - - meta_refresh(3, $redirect_url); - - $message = $user->lang['POST_REPORTED_SUCCESS'] . '<br /><br />' . sprintf($user->lang[(($report_type == REPORT_POST) ? 'RETURN_TOPIC' : 'RETURN_PREVIOUS')], '<a href="' . $redirect_url . '">', '</a>'); - trigger_error($message); - } - - - // Show the 'create report' form - // Report about a specific post or a general report (i.e. message to the mods)? - $post_id = (request_var('p', 0)) ? true : false; - - if ($report_type == REPORT_POST) - { - $sql = 'SELECT - f.forum_id, - t.topic_id - FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f - WHERE p.post_id = $post_id - AND p.topic_id = t.topic_id - AND p.forum_id = f.forum_id"; - $result = $db->sql_query($sql); - - if (!($report_data = $db->sql_fetchrow($result))) - { - $message = $user->lang['POST_NOT_EXIST']; - trigger_error($message); - } - - $forum_id = $report_data['forum_id']; - $topic_id = $report_data['topic_id']; - - // Check required permissions - $acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT'); - - foreach ($acl_check_ary as $acl => $error) - { - if (!$auth->acl_get($acl, $forum_id)) - { - trigger_error($error); - } - } - unset($acl_check_ary); - - // Check if the post has already been reported by this user - $sql = "SELECT - report_id, reason_id, post_id, user_notify, report_time, report_text, report_status, - bbcode_uid, bbcode_bitfield - FROM " . REPORTS_TABLE . " - WHERE post_id = $post_id - AND user_id = " . $user->data['user_id']; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - if ($user->data['is_registered']) - { - // A report exists, extract $row if we're going to display the form - if ($reason_id) - { - $report_id = (int) $row['report_id']; - } - else - { - // Overwrite set variables - $report_id = $row['report_id']; - $reason_id = $row['reason_id']; - $post_id = $row['post_id']; - $user_notify = $row['user_notify']; - $report_time = $row['report_time']; - $report_text = $row['report_text']; - $report_status = $row['report_status']; - $bbcode_uid = $row['bbcode_uid']; - $bbcode_bitfield= $row['bbcode_bitfield']; - } - } - else - { - // TODO: is this what we want? - trigger_error($user->lang['ALREADY_REPORTED'] . '<br /><br />' . sprintf($user->lang[(($report_type == REPORT_POST) ? 'RETURN_TOPIC' : 'RETURN_PREVIOUS')], '<a href="' . $redirect_url . '">', '</a>')); - } - } - else - { - $report_id = 0; - } - } - - // Show create report form - // Generate the form - $sql = "SELECT * - FROM " . REASONS_TABLE . " - WHERE report_type = $report_type - ORDER BY reason_priority ASC"; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - $row['reason_name'] = strtoupper($row['reason_name']); - - $reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name'])); - - $reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_description']; - - $template->assign_block_vars('reason', array( - 'ID' => $row['reason_id'], - 'NAME' => htmlspecialchars($reason_title), - 'DESCRIPTION' => htmlspecialchars($reason_desc), - 'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false) - ); - } - - $template->assign_vars(array( - 'REPORT_TEXT' => $report_text, - 'S_REPORT_ACTION' => "{$phpbb_root_path}report.$phpEx$SID&p=$id" . (($report_id) ? "&report_id=$report_id" : ''), - - 'S_NOTIFY' => (!empty($user_notify)) ? true : false, - 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false, - 'S_REPORT_POST' => ($report_type == REPORT_POST) ? true : false) - ); - - $this->tpl_name = 'ucp_reports_report'; - } -} - -/** -* @package module_install -*/ -class ucp_reports_info -{ - function module() - { - return array( - 'filename' => 'ucp_reports', - 'title' => 'UCP_REPORTS', - 'version' => '1.0.0', - 'modes' => array( - 'list' => array('title' => 'UCP_REPORTS_LIST', 'auth' => ''), - 'report' => array('title' => 'UCP_REPORTS_REPORT', 'auth' => ''), - ), - ); - } - - function install() - { - } - - function uninstall() - { - } -} - -?>
\ No newline at end of file |