+ die('Fatal: ' . $this->cache_dir . ' is NOT writable.');

+ die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);

+<?php

+/**

+*

+* @package acm

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+// Include the abstract base

+if (!class_exists('acm_memory'))

+{

+ require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");

+}

+

+if (!defined('PHPBB_ACM_REDIS_PORT'))

+{

+ define('PHPBB_ACM_REDIS_PORT', 6379);

+}

+

+if (!defined('PHPBB_ACM_REDIS_HOST'))

+{

+ define('PHPBB_ACM_REDIS_HOST', 'localhost');

+}

+

+/**

+* ACM for Redis

+*

+* Compatible with the php extension phpredis available

+* at https://github.com/nicolasff/phpredis

+*

+* @package acm

+*/

+class acm extends acm_memory

+{

+ var $extension = 'redis';

+

+ var $redis;

+

+ function acm()

+ {

+ // Call the parent constructor

+ parent::acm_memory();

+

+ $this->redis = new Redis();

+ $this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT);

+

+ if (defined('PHPBB_ACM_REDIS_PASSWORD'))

+ {

+ if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD))

+ {

+ global $acm_type;

+

+ trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR);

+ }

+ }

+

+ $this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP);

+ $this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix);

+

+ if (defined('PHPBB_ACM_REDIS_DB'))

+ {

+ if (!$this->redis->select(PHPBB_ACM_REDIS_DB))

+ {

+ global $acm_type;

+

+ trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR);

+ }

+ }

+ }

+

+ /**

+ * Unload the cache resources

+ *

+ * @return void

+ */

+ function unload()

+ {

+ parent::unload();

+

+ $this->redis->close();

+ }

+

+ /**

+ * Purge cache data

+ *

+ * @return void

+ */

+ function purge()

+ {

+ $this->redis->flushDB();

+

+ parent::purge();

+ }

+

+ /**

+ * Fetch an item from the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @return mixed Cached data

+ */

+ function _read($var)

+ {

+ return $this->redis->get($var);

+ }

+

+ /**

+ * Store data in the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @param mixed $data Data to store

+ * @param int $ttl Time-to-live of cached data

+ * @return bool True if the operation succeeded

+ */

+ function _write($var, $data, $ttl = 2592000)

+ {

+ return $this->redis->setex($var, $ttl, $data);

+ }

+

+ /**

+ * Remove an item from the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @return bool True if the operation succeeded

+ */

+ function _delete($var)

+ {

+ if ($this->redis->delete($var) > 0)

+ {

+ return true;

+ }

+ return false;

+ }

+}

+<?php

+/**

+*

+* @package acm

+* @copyright (c) 2010 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+// Include the abstract base

+if (!class_exists('acm_memory'))

+{

+ require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");

+}

+

+/**

+* ACM for WinCache

+* @package acm

+*/

+class acm extends acm_memory

+{

+ var $extension = 'wincache';

+

+ /**

+ * Purge cache data

+ *

+ * @return void

+ */

+ function purge()

+ {

+ wincache_ucache_clear();

+

+ parent::purge();

+ }

+

+ /**

+ * Fetch an item from the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @return mixed Cached data

+ */

+ function _read($var)

+ {

+ $success = false;

+ $result = wincache_ucache_get($this->key_prefix . $var, $success);

+

+ return ($success) ? $result : false;

+ }

+

+ /**

+ * Store data in the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @param mixed $data Data to store

+ * @param int $ttl Time-to-live of cached data

+ * @return bool True if the operation succeeded

+ */

+ function _write($var, $data, $ttl = 2592000)

+ {

+ return wincache_ucache_set($this->key_prefix . $var, $data, $ttl);

+ }

+

+ /**

+ * Remove an item from the cache

+ *

+ * @access protected

+ * @param string $var Cache key

+ * @return bool True if the operation succeeded

+ */

+ function _delete($var)

+ {

+ return wincache_ucache_delete($this->key_prefix . $var);

+ }

+}

+ if ($bbcode_id > BBCODE_LIMIT)

+ 'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),

+ 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),

+ 'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),

+ $radio_ary = array(

+ USER_ACTIVATION_DISABLE => 'ACC_DISABLE',

+ USER_ACTIVATION_NONE => 'ACC_NONE',

+ );

+

+ $radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER';

+ $radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN';

+ $radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '<br />');

+

+ return $radio_text;

+ $sql = 'SELECT disallow_id

+ FROM ' . DISALLOW_TABLE . "

+ WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'";

+ $result = $db->sql_query($sql);

+ $row = $db->sql_fetchrow($result);

+ $db->sql_freeresult($result);

+

+ if ($row)

+ {

+ trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING);

+ }

+

+ $sql_ary = array(

+ 'SELECT' => 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type',

+ 'FROM' => array(

+ USERS_TABLE => 'u',

+ USER_GROUP_TABLE => 'ug',

+ ),

+ 'WHERE' => 'ug.group_id = ' . $group_id . '

+ AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',

+ 'ORDER_BY' => 'u.user_lang, u.user_notify_type',

+ );

+ $sql_ary = array(

+ 'SELECT' => 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type',

+ 'FROM' => array(

+ USERS_TABLE => 'u',

+ ),

+ 'WHERE' => 'u.user_allow_massemail = 1

+ AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',

+ 'ORDER_BY' => 'u.user_lang, u.user_notify_type',

+ );

+

+ // Mail banned or not

+ if (!isset($_REQUEST['mail_banned_flag']))

+ {

+ $sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL

+ OR b.ban_exclude = 1)';

+ $sql_ary['LEFT_JOIN'] = array(

+ array(

+ 'FROM' => array(

+ BANLIST_TABLE => 'b',

+ ),

+ 'ON' => 'u.user_id = b.ban_userid',

+ ),

+ );

+ }

+ $sql = $db->sql_build_query('SELECT', $sql_ary);

+ else if (!file_exists($phpbb_root_path . $img_path . '/' . $image))

+ {

+ $errors[$image] = 'SMILIE_NO_FILE';

+ }

+ // index.htm files

+ $compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm');

+ $compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm');

+ $compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm');

+ $compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm');

+ $this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");

+ $log_count = false;

+ if ($action == 'create' && request_var('field_default_value', '') === '')

+ $buffer = $db->sql_buffer_nested_transactions();

+

+ if ($buffer)

+ {

+ $rows = $db->sql_fetchrowset($result);

+ $rows[] = false; // indicate end of array for while loop below

+

+ $db->sql_freeresult($result);

+ }

+

+ $i = 0;

+ while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result)))

+ if (!$buffer)

+ {

+ $db->sql_freeresult($result);

+ }

+ $cache->destroy('imageset_site_logo_md5');

+ $template_file = preg_replace('#\.{2,}#', '.', $template_file);

+ $sql_select = 'style_id, style_name, template_id, theme_id, imageset_id';

+ $sql_select = 'template_id, template_name, template_path, template_storedb';

+ $sql_select = 'theme_id, theme_name, theme_path, theme_storedb';

+ $sql_select = 'imageset_id, imageset_name, imageset_path';

+ $sql = "DELETE FROM $sql_from

+ WHERE {$mode}_id = $style_id";

+ $db->sql_query($sql);

+

+

+ // Remove the components

+ $components = array('template', 'theme', 'imageset');

+ foreach ($components as $component)

+ {

+ $new_id = request_var('new_' . $component . '_id', 0);

+ $component_id = $style_row[$component . '_id'];

+ $this->remove_component($component, $component_id, $new_id, $style_id);

+ }

+ $this->remove_component($mode, $style_id, $new_id);

+ $this->display_component_options($mode, $style_row[$mode . '_id'], $style_row);

+

+

+ if ($mode == 'style')

+ {

+ $template->assign_vars(array(

+ 'S_DELETE_STYLE' => true,

+ ));

+ }

+ }

+

+ /**

+ * Remove template/theme/imageset entry from the database

+ */

+ function remove_component($component, $component_id, $new_id, $style_id = false)

+ {

+ global $db;

+

+ if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))))

+ {

+ // We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one.

+ return;

+ }

+

+ $component_in_use = array();

+ if ($component != 'style')

+ {

+ $component_in_use = $this->component_in_use($component, $component_id, $style_id);

+ }

+

+ if (($new_id == -1) && !empty($component_in_use))

+ {

+ // We can not delete the component, as it is still in use

+ return;

+ }

+

+ if ($component == 'imageset')

+ {

+ $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "

+ WHERE imageset_id = $component_id";

+ $db->sql_query($sql);

+ }

+

+ switch ($component)

+ {

+ case 'template':

+ $sql_from = STYLES_TEMPLATE_TABLE;

+ break;

+

+ case 'theme':

+ $sql_from = STYLES_THEME_TABLE;

+ break;

+

+ case 'imageset':

+ $sql_from = STYLES_IMAGESET_TABLE;;

+ break;

+ }

+

+ $sql = "DELETE FROM $sql_from

+ WHERE {$component}_id = $component_id";

+ $db->sql_query($sql);

+

+ $sql = 'UPDATE ' . STYLES_TABLE . "

+ SET {$component}_id = $new_id

+ WHERE {$component}_id = $component_id";

+ $db->sql_query($sql);

+ }

+

+ /**

+ * Display the options which can be used to replace a style/template/theme/imageset

+ */

+ function display_component_options($component, $component_id, $style_row = false, $style_id = false)

+ {

+ global $db, $template, $user;

+

+ $component_in_use = array();

+ if ($component != 'style')

+ {

+ $component_in_use = $this->component_in_use($component, $component_id, $style_id);

+ }

+

+ $sql_where = '';

+ switch ($component)

+ {

+ case 'style':

+ $sql_from = STYLES_TABLE;

+ $sql_where = 'WHERE style_active = 1';

+ break;

+

+ case 'template':

+ $sql_from = STYLES_TEMPLATE_TABLE;

+ $sql_where = 'WHERE template_inherits_id <> ' . $component_id;

+ break;

+

+ case 'theme':

+ $sql_from = STYLES_THEME_TABLE;

+ break;

+

+ case 'imageset':

+ $sql_from = STYLES_IMAGESET_TABLE;

+ break;

+ }

+

+ $s_options = '';

+ if (($component != 'style') && empty($component_in_use))

+ {

+ $sql = "SELECT {$component}_id, {$component}_name

+ FROM $sql_from

+ WHERE {$component}_id = {$component_id}";

+ $result = $db->sql_query($sql);

+ $row = $db->sql_fetchrow($result);

+ $db->sql_freeresult($result);

+

+ $s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>';

+ $s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';

+ }

+ else

+ {

+ $sql = "SELECT {$component}_id, {$component}_name

+ FROM $sql_from

+ $sql_where

+ ORDER BY {$component}_name ASC";

+ $result = $db->sql_query($sql);

+

+ $s_keep_option = $s_options = '';

+ while ($row = $db->sql_fetchrow($result))

+ {

+ if ($row[$component . '_id'] != $component_id)

+ {

+ $s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>';

+ }

+ else if ($component != 'style')

+ {

+ $s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';

+ }

+ }

+ $db->sql_freeresult($result);

+ $s_options = $s_keep_option . $s_options;

+ }

+

+ if (!$style_row)

+ {

+ $template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options);

+ }

+ else

+ {

+ $template->assign_var('S_REPLACE_OPTIONS', $s_options);

+ if ($component == 'style')

+ {

+ $components = array('template', 'theme', 'imageset');

+ foreach ($components as $component)

+ {

+ $this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true);

+ }

+ }

+ }

+ }

+

+ /**

+ * Check whether the component is still used by another style or component

+ */

+ function component_in_use($component, $component_id, $style_id = false)

+ {

+ global $db;

+

+ $component_in_use = array();

+

+ if ($style_id)

+ {

+ $sql = 'SELECT style_id, style_name

+ FROM ' . STYLES_TABLE . "

+ WHERE {$component}_id = {$component_id}

+ AND style_id <> {$style_id}

+ ORDER BY style_name ASC";

+ }

+ else

+ {

+ $sql = 'SELECT style_id, style_name

+ FROM ' . STYLES_TABLE . "

+ WHERE {$component}_id = {$component_id}

+ ORDER BY style_name ASC";

+ }

+ $result = $db->sql_query($sql);

+ while ($row = $db->sql_fetchrow($result))

+ {

+ $component_in_use[] = $row['style_name'];

+ }

+ $db->sql_freeresult($result);

+

+ if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))

+ {

+ foreach ($conflicts as $temp_id => $conflict_data)

+ {

+ $component_in_use[] = $conflict_data['template_name'];

+ }

+ }

+

+ return $component_in_use;

+ // Replace multiple consecutive asterisks with single one as those are not needed

+ $word = preg_replace('#\*{2,}#', '*', $word);

+

+ $seq_cache = array();

+ if (isset($seq_cache[$subseq]))

+ {

+ $converted = $seq_cache[$subseq];

+ }

+ else

+ {

+ $converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);

+ }

+

+ $this->acl[$f] .= $converted;

+ $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);

+*

+* @param string $username

+* @param string $password

+* @param string $ip IP address the login is taking place from. Used to

+* limit the number of login attempts per IP address.

+* @param string $browser The user agent used to login

+* @param string $forwarded_for X_FORWARDED_FOR header sent with login request

+* @return array A associative array of the format

+* array(

+* 'status' => status constant

+* 'error_msg' => string

+* 'user_row' => array

+* )

+function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')

+ $username_clean = utf8_clean_string($username);

+

+ WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";

+ if (($ip && !$config['ip_login_limit_use_forwarded']) ||

+ ($forwarded_for && $config['ip_login_limit_use_forwarded']))

+ {

+ $sql = 'SELECT COUNT(*) AS attempts

+ FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);

+ if ($config['ip_login_limit_use_forwarded'])

+ {

+ $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";

+ }

+ else

+ {

+ $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";

+ }

+

+ $result = $db->sql_query($sql);

+ $attempts = (int) $db->sql_fetchfield('attempts');

+ $db->sql_freeresult($result);

+

+ $attempt_data = array(

+ 'attempt_ip' => $ip,

+ 'attempt_browser' => trim(substr($browser, 0, 149)),

+ 'attempt_forwarded_for' => $forwarded_for,

+ 'attempt_time' => time(),

+ 'user_id' => ($row) ? (int) $row['user_id'] : 0,

+ 'username' => $username,

+ 'username_clean' => $username_clean,

+ );

+ $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);

+ $result = $db->sql_query($sql);

+ }

+ else

+ {

+ $attempts = 0;

+ }

+

+

+ $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||

+ ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);

+

+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE user_id = ' . $row['user_id'];

+ $db->sql_query($sql);

+

+ <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>

+ $censors['match'][] = get_censor_preg_expression($row['word']);

+ $offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));

+ $noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data'])));

+ 'A' => $chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)],

+ 'B' => $chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)],

+ 'C' => $chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)],

+ 'D' => $chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)],

+ 'E' => $chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)],

+ 'F' => $chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)],

+ 'G' => $chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)],

+ 'H' => $chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)],

+ 'I' => $chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)],

+ 'J' => $chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)],

+ 'K' => $chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)],

+ 'L' => $chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)],

+ 'M' => $chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)],

+ 'N' => $chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)],

+ 'O' => $chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)],

+ 'P' => $chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)],

+ 'Q' => $chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)],

+ 'R' => $chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)],

+ 'S' => $chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)],

+ 'T' => $chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)],

+ 'U' => $chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)],

+ 'V' => $chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)],

+ 'W' => $chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)],

+ 'X' => $chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)],

+ 'Y' => $chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)],

+ 'Z' => $chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)],

+ 'x' => mt_rand($img_x - 45, $img_x - 5),

+ 'y' => mt_rand($img_y - 15, $img_y - 0),

+ 'lang' => array('INDEX', 'lang_iso'),

+ 'qid' => array('INDEX', 'question_id'),

+ var $recaptcha_server = 'http://www.google.com/recaptcha/api';

+ var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(

+

+ // We are opening a socket to port 80 of this host and send

+ // the POST request asking for verification to the path specified here.

+ var $recaptcha_verify_server = 'www.google.com';

+ var $recaptcha_verify_path = '/recaptcha/api/verify';

+

+ $response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,

+define('PHPBB_VERSION', '3.0.9');

+// BBCode hard limit

+define('BBCODE_LIMIT', 1511);

+

+define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');

+?>

+ if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"

+ {

+ trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);

+ }

+

+ $table_sql .= "\n)";

+ $trigger .= "\tFROM dual;\n";

+ $statements[] = "CREATE GENERATOR {$table_name}_gen;";

+ $statements[] = "SET GENERATOR {$table_name}_gen TO 0;";

+

+ $trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";

+ $trigger .= "BEFORE INSERT\nAS\nBEGIN\n";

+ $trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";

+ $statements[] = $trigger;

+ // Add tables?

+ if (!empty($schema_changes['add_tables']))

+ {

+ foreach ($schema_changes['add_tables'] as $table => $table_data)

+ {

+ $result = $this->sql_create_table($table, $table_data);

+ if ($this->return_statements)

+ {

+ $statements = array_merge($statements, $result);

+ }

+ }

+ }

+

+ // Only add the column if it does not exist yet

+ continue;

+ // This is commented out here because it can take tremendous time on updates

+// $result = $this->sql_column_change($table, $column_name, $column_data, true);

+ continue;

+// $sqlite_data[$table]['change_columns'][] = $result;

+ if (!$this->sql_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ if ($this->sql_unique_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ if ($this->sql_index_exists($table, $index_name))

+ {

+ continue;

+ }

+

+ * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.

+ *

+ * @param string $table_name Table to check the index at

+ * @param string $index_name The index name to check

+ *

+ * @return bool True if index exists, else false

+ */

+ function sql_index_exists($table_name, $index_name)

+ {

+ if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')

+ {

+ $sql = "EXEC sp_statistics '$table_name'";

+ $result = $this->db->sql_query($sql);

+

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if ($row['TYPE'] == 3)

+ {

+ if (strtolower($row['INDEX_NAME']) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name

+ FROM RDB\$INDICES

+ WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'

+ AND RDB\$UNIQUE_FLAG IS NULL

+ AND RDB\$FOREIGN_KEY IS NULL";

+ $col = 'index_name';

+ break;

+

+ case 'postgres':

+ $sql = "SELECT ic.relname as index_name

+ FROM pg_class bc, pg_class ic, pg_index i

+ WHERE (bc.oid = i.indrelid)

+ AND (ic.oid = i.indexrelid)

+ AND (bc.relname = '" . $table_name . "')

+ AND (i.indisunique != 't')

+ AND (i.indisprimary != 't')";

+ $col = 'index_name';

+ break;

+

+ case 'mysql_40':

+ case 'mysql_41':

+ $sql = 'SHOW KEYS

+ FROM ' . $table_name;

+ $col = 'Key_name';

+ break;

+

+ case 'oracle':

+ $sql = "SELECT index_name

+ FROM user_indexes

+ WHERE table_name = '" . strtoupper($table_name) . "'

+ AND generated = 'N'

+ AND uniqueness = 'NONUNIQUE'";

+ $col = 'index_name';

+ break;

+

+ case 'sqlite':

+ $sql = "PRAGMA index_list('" . $table_name . "');";

+ $col = 'name';

+ break;

+ }

+

+ $result = $this->db->sql_query($sql);

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique'])

+ {

+ continue;

+ }

+

+ // These DBMS prefix index name with the table name

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ case 'oracle':

+ case 'postgres':

+ case 'sqlite':

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ break;

+ }

+

+ if (strtolower($row[$col]) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ /**

+ * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.

+ *

+ * @param string $table_name Table to check the index at

+ * @param string $index_name The index name to check

+ *

+ * @return bool True if index exists, else false

+ */

+ function sql_unique_index_exists($table_name, $index_name)

+ {

+ if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')

+ {

+ $sql = "EXEC sp_statistics '$table_name'";

+ $result = $this->db->sql_query($sql);

+

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ // Usually NON_UNIQUE is the column we want to check, but we allow for both

+ if ($row['TYPE'] == 3)

+ {

+ if (strtolower($row['INDEX_NAME']) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ }

+ $this->db->sql_freeresult($result);

+ return false;

+ }

+

+ switch ($this->sql_layer)

+ {

+ case 'firebird':

+ $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name

+ FROM RDB\$INDICES

+ WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'

+ AND RDB\$UNIQUE_FLAG IS NOT NULL

+ AND RDB\$FOREIGN_KEY IS NULL";

+ $col = 'index_name';

+ break;

+

+ case 'postgres':

+ $sql = "SELECT ic.relname as index_name, i.indisunique

+ FROM pg_class bc, pg_class ic, pg_index i

+ WHERE (bc.oid = i.indrelid)

+ AND (ic.oid = i.indexrelid)

+ AND (bc.relname = '" . $table_name . "')

+ AND (i.indisprimary != 't')";

+ $col = 'index_name';

+ break;

+

+ case 'mysql_40':

+ case 'mysql_41':

+ $sql = 'SHOW KEYS

+ FROM ' . $table_name;

+ $col = 'Key_name';

+ break;

+

+ case 'oracle':

+ $sql = "SELECT index_name, table_owner

+ FROM user_indexes

+ WHERE table_name = '" . strtoupper($table_name) . "'

+ AND generated = 'N'

+ AND uniqueness = 'UNIQUE'";

+ $col = 'index_name';

+ break;

+

+ case 'sqlite':

+ $sql = "PRAGMA index_list('" . $table_name . "');";

+ $col = 'name';

+ break;

+ }

+

+ $result = $this->db->sql_query($sql);

+ while ($row = $this->db->sql_fetchrow($result))

+ {

+ if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY'))

+ {

+ continue;

+ }

+

+ if ($this->sql_layer == 'sqlite' && !$row['unique'])

+ {

+ continue;

+ }

+

+ if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't')

+ {

+ continue;

+ }

+

+ // These DBMS prefix index name with the table name

+ switch ($this->sql_layer)

+ {

+ case 'oracle':

+ // Two cases here... prefixed with U_[table_owner] and not prefixed with table_name

+ if (strpos($row[$col], 'U_') === 0)

+ {

+ $row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1);

+ }

+ else if (strpos($row[$col], strtoupper($table_name)) === 0)

+ {

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ }

+ break;

+

+ case 'firebird':

+ case 'postgres':

+ case 'sqlite':

+ $row[$col] = substr($row[$col], strlen($table_name) + 1);

+ break;

+ }

+

+ if (strtolower($row[$col]) == strtolower($index_name))

+ {

+ $this->db->sql_freeresult($result);

+ return true;

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ return false;

+ }

+

+ /**

+ if (strlen($column_name) > 30)

+ {

+ trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);

+ }

+

+ // Does not support AFTER statement, only POSITION (and there you need the column position)

+ // Does not support AFTER, only through temporary table

+ $after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : '';

+ $statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;

+ // Does not support AFTER, only through temporary table

+ // Does not support AFTER, only through temporary table

+ $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)

+ if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)

+ {

+ $max_length = $table_prefix + 24;

+ trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);

+ }

+

+ $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)

+ if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)

+ {

+ $max_length = $table_prefix + 24;

+ trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);

+ }

+

+ // TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.

+ * Returns whether results of a query need to be buffered to run a transaction while iterating over them.

+ *

+ * @return bool Whether buffering is required.

+ */

+ function sql_buffer_nested_transactions()

+ {

+ return false;

+ }

+

+ /**

+ Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group

+ var $connect_error = '';

+ if ($this->persistency)

+ {

+ if (!function_exists('ibase_pconnect'))

+ {

+ $this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?';

+ return $this->sql_error('');

+ }

+ $this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3);

+ }

+ else

+ {

+ if (!function_exists('ibase_connect'))

+ {

+ $this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?';

+ return $this->sql_error('');

+ }

+ $this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);

+ }

+ // Do not call ibase_service_attach if connection failed,

+ // otherwise error message from ibase_(p)connect call will be clobbered.

+ if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server)

+ {

+ $this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword);

+ }

+ else

+ {

+ $this->service_handle = false;

+ }

+ // Need special handling here because ibase_errmsg returns

+ // connection errors, however if the interbase extension

+ // is not installed then ibase_errmsg does not exist and

+ // we cannot call it.

+ if (function_exists('ibase_errmsg'))

+ {

+ $msg = @ibase_errmsg();

+ if (!$msg)

+ {

+ $msg = $this->connect_error;

+ }

+ }

+ else

+ {

+ $msg = $this->connect_error;

+ }

+ 'message' => $msg,

+ $this->m_row_count = sizeof($this->m_rows);

+ * {@inheritDoc}

+ */

+ function sql_buffer_nested_transactions()

+ {

+ return true;

+ }

+

+ /**

+

+ preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);

+

+if (!class_exists('phpbb_error_collector'))

+{

+ include($phpbb_root_path . 'includes/error_collector.' . $phpEx);

+}

+

+ var $connect_error = '';

+ if (!function_exists('pg_pconnect'))

+ {

+ $this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?';

+ return $this->sql_error('');

+ }

+ $collector = new phpbb_error_collector;

+ $collector->install();

+ if (!function_exists('pg_connect'))

+ {

+ $this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?';

+ return $this->sql_error('');

+ }

+ $collector = new phpbb_error_collector;

+ $collector->install();

+ $collector->uninstall();

+

+ $this->connect_error = $collector->format_errors();

+ // pg_last_error only works when there is an established connection.

+ // Connection errors have to be tracked by us manually.

+ if ($this->db_connect_id)

+ {

+ $message = @pg_last_error($this->db_connect_id);

+ }

+ else

+ {

+ $message = $this->connect_error;

+ }

+

+ 'message' => $message,

+<?php

+/**

+*

+* @package phpBB

+* @version $Id$

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+class phpbb_error_collector

+{

+ var $errors;

+

+ function phpbb_error_collector()

+ {

+ $this->errors = array();

+ }

+

+ function install()

+ {

+ set_error_handler(array(&$this, 'error_handler'));

+ }

+

+ function uninstall()

+ {

+ restore_error_handler();

+ }

+

+ function error_handler($errno, $msg_text, $errfile, $errline)

+ {

+ $this->errors[] = array($errno, $msg_text, $errfile, $errline);

+ }

+

+ function format_errors()

+ {

+ $text = '';

+ foreach ($this->errors as $error)

+ {

+ if (!empty($text))

+ {

+ $text .= "<br />\n";

+ }

+ list($errno, $msg_text, $errfile, $errline) = $error;

+ $text .= "Errno $errno: $msg_text";

+ if (defined('DEBUG_EXTRA') || defined('IN_INSTALL'))

+ {

+ $text .= " at $errfile line $errline";

+ }

+ }

+ return $text;

+ }

+}

+ // Precision must be from 1 to 18

+ $sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';

+ break;

+

+ // Need to cast to text first for PostgreSQL 7.x

+ $sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';

+ set_config('rand_seed', $config['rand_seed'], true);

+* Wrapper for mt_rand() which allows swapping $min and $max parameters.

+*

+* PHP does not allow us to swap the order of the arguments for mt_rand() anymore.

+* (since PHP 5.3.4, see http://bugs.php.net/46587)

+*

+* @param int $min Lowest value to be returned

+* @param int $max Highest value to be returned

+*

+* @return int Random integer between $min and $max (or $max and $min)

+*/

+function phpbb_mt_rand($min, $max)

+{

+ return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);

+}

+

+/**

+ if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')

+ $last_mark = (int) $user->data['user_lastmark'];

+ t.topic_last_post_time > $last_mark AND

+ (tt.mark_time IS NULL AND ft.mark_time IS NULL)

+*

+*

+* @return string the generated board url

+ if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))

+ if (!file_exists($pathinfo['dirname'] . '/'))

+ if (!empty($_SERVER['SERVER_PROTOCOL']))

+ {

+ $version = $_SERVER['SERVER_PROTOCOL'];

+ }

+ else if (!empty($_SERVER['HTTP_VERSION']))

+ // I cannot remember where I got this from.

+ // This code path may never be reachable in reality.

+* Generate regexp for naughty words censoring

+* Depends on whether installed PHP version supports unicode properties

+*

+* @param string $word word template to be replaced

+* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode

+*

+* @return string $preg_expr regex to use with word censor

+*/

+function get_censor_preg_expression($word, $use_unicode = true)

+{

+ static $unicode_support = null;

+

+ // Check whether PHP version supports unicode properties

+ if (is_null($unicode_support))

+ {

+ $unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;

+ }

+

+ // Unescape the asterisk to simplify further conversions

+ $word = str_replace('\*', '*', preg_quote($word, '#'));

+

+ if ($use_unicode && $unicode_support)

+ {

+ // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes

+ $word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);

+

+ // Generate the final substitution

+ $preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';

+ }

+ else

+ {

+ // Replace the asterisk inside the pattern, at the start and at the end of it with regexes

+ $word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);

+

+ // Generate the final substitution

+ $preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';

+ }

+

+ return $preg_expr;

+}

+

+/**

+ // Call checkdnsrr() if

+ // Call dns_get_record() if

+ isset($result['host']) && $result['host'] == $host &&

+ $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';

+ echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";

+ echo ' Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';

+ }

+ // to avoid partially compressed output resulting in blank pages in

+ // the browser or error messages, compression is disabled in a few cases:

+ //

+ // 1) if headers have already been sent, this indicates plaintext output

+ // has been started so further content must not be compressed

+ // 2) the length of the current output buffer is non-zero. This means

+ // there is already some uncompressed content in this output buffer

+ // so further output must not be compressed

+ // 3) if more than one level of output buffering is used because we

+ // cannot test all output buffer level content lengths. One level

+ // could be caused by php.ini output_buffering. Anything

+ // beyond that is manual, so the code wrapping phpBB in output buffering

+ // can easily compress the output itself.

+ //

+ if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)

+ $s_search_hidden_fields = array();

+ if ($_SID)

+ {

+ $s_search_hidden_fields['sid'] = $_SID;

+ }

+

+ 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields),

+

+ 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,

+ 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),

+ if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])

+ (ob_get_level() > 0) ? @ob_flush() : @flush();

+* If $log_count is set to false, we will skip counting all entries in the database.

+ if ($log_count !== false)

+ {

+ $sql = 'SELECT COUNT(l.log_id) AS total_entries

+ FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u

+ WHERE l.log_type = $log_type

+ AND l.user_id = u.user_id

+ AND l.log_time >= $limit_days

+ $sql_keywords

+ $sql_forum";

+ $result = $db->sql_query($sql);

+ $log_count = (int) $db->sql_fetchfield('total_entries');

+ $db->sql_freeresult($result);

+ }

+ 'Bing [Bot]' => array('bingbot/', ''),

+ 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,

+ if ($config['check_attachment_content'] && isset($config['mime_triggers']))

+ $sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour

+ $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];

+/**

+* Handle topic bumping

+* @param int $forum_id The ID of the forum the topic is being bumped belongs to

+* @param int $topic_id The ID of the topic is being bumping

+* @param array $post_data Passes some topic parameters:

+* - 'topic_title'

+* - 'topic_last_post_id'

+* - 'topic_last_poster_id'

+* - 'topic_last_post_subject'

+* - 'topic_last_poster_name'

+* - 'topic_last_poster_colour'

+* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().

+* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3

+*/

+function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)

+{

+ global $config, $db, $user, $phpEx, $phpbb_root_path;

+

+ if ($bump_time === false)

+ {

+ $bump_time = time();

+ }

+

+ // Begin bumping

+ $db->sql_transaction('begin');

+

+ // Update the topic's last post post_time

+ $sql = 'UPDATE ' . POSTS_TABLE . "

+ SET post_time = $bump_time

+ WHERE post_id = {$post_data['topic_last_post_id']}

+ AND topic_id = $topic_id";

+ $db->sql_query($sql);

+

+ // Sync the topic's last post time, the rest of the topic's last post data isn't changed

+ $sql = 'UPDATE ' . TOPICS_TABLE . "

+ SET topic_last_post_time = $bump_time,

+ topic_bumped = 1,

+ topic_bumper = " . $user->data['user_id'] . "

+ WHERE topic_id = $topic_id";

+ $db->sql_query($sql);

+

+ // Update the forum's last post info

+ $sql = 'UPDATE ' . FORUMS_TABLE . "

+ SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",

+ forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",

+ forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',

+ forum_last_post_time = $bump_time,

+ forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',

+ forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'

+ WHERE forum_id = $forum_id";

+ $db->sql_query($sql);

+

+ // Update bumper's time of the last posting to prevent flood

+ $sql = 'UPDATE ' . USERS_TABLE . "

+ SET user_lastpost_time = $bump_time

+ WHERE user_id = " . $user->data['user_id'];

+ $db->sql_query($sql);

+

+ $db->sql_transaction('commit');

+

+ // Mark this topic as posted to

+ markread('post', $forum_id, $topic_id, $bump_time);

+

+ // Mark this topic as read

+ markread('topic', $forum_id, $topic_id, $bump_time);

+

+ // Update forum tracking info

+ if ($config['load_db_lastread'] && $user->data['is_registered'])

+ {

+ $sql = 'SELECT mark_time

+ FROM ' . FORUMS_TRACK_TABLE . '

+ WHERE user_id = ' . $user->data['user_id'] . '

+ AND forum_id = ' . $forum_id;

+ $result = $db->sql_query($sql);

+ $f_mark_time = (int) $db->sql_fetchfield('mark_time');

+ $db->sql_freeresult($result);

+ }

+ else if ($config['load_anon_lastread'] || $user->data['is_registered'])

+ {

+ $f_mark_time = false;

+ }

+

+ if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])

+ {

+ // Update forum info

+ $sql = 'SELECT forum_last_post_time

+ FROM ' . FORUMS_TABLE . '

+ WHERE forum_id = ' . $forum_id;

+ $result = $db->sql_query($sql);

+ $forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');

+ $db->sql_freeresult($result);

+

+ update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);

+ }

+

+ add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);

+

+ $url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";

+

+ return $url;

+}

+

+

+ // retrieve option lang data if necessary

+ if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))

+ {

+ $this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);

+ }

+

+ if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))

+ {

+ return 'FIELD_INVALID_VALUE';

+ }

+

+ case 'FIELD_INVALID_VALUE':

+ // Count the number of ! occurrences (not allowed in vars)

+ var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');

+ $this->disallowed_content = array_diff($disallowed_content, array(''));

+ trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);

+ trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);

+ trigger_error('NO_USERS', E_USER_WARNING);

+ trigger_error('NO_IPS_DEFINED', E_USER_WARNING);

+ trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);

+ trigger_error('NO_MODE', E_USER_WARNING);

+* Validate Language Pack ISO Name

+*

+* Tests whether a language name is valid and installed

+*

+* @param string $lang_iso The language string to test

+*

+* @return bool|string Either false if validation succeeded or

+* a string which will be used as the error message

+* (with the variable name appended)

+*/

+function validate_language_iso_name($lang_iso)

+{

+ global $db;

+

+ $sql = 'SELECT lang_id

+ FROM ' . LANG_TABLE . "

+ WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";

+ $result = $db->sql_query($sql);

+ $lang_id = (int) $db->sql_fetchfield('lang_id');

+ $db->sql_freeresult($result);

+

+ return ($lang_id) ? false : 'WRONG_DATA';

+}

+

+/**

+ if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')

+ // Password empty or no password complexity required.

+ // No break statements below ...

+ // We require strong passwords in case pass_complex is not set or is invalid

+ default:

+

+ // Require mixed case letters, numbers and symbols

+ case 'PASS_TYPE_SYMBOL':

+ $chars[] = $sym;

+ // Require mixed case letters and numbers

+ // Require mixed case letters

+ case 'PASS_TYPE_CASE':

+ $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));

+ $log_count = false;

+ foreach ($topic_data as $topic_id => $topic_row)

+ {

+ if (!isset($search_type) && $topic_row['enable_indexing'])

+ // Select the search method and do some additional checks to ensure it can actually be utilised

+ $search_type = basename($config['search_type']);

+ if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))

+ {

+ trigger_error('NO_SUCH_SEARCH_MODULE');

+ }

+

+ if (!class_exists($search_type))

+ {

+ include("{$phpbb_root_path}includes/search/$search_type.$phpEx");

+ }

+ $error = false;

+ $search = new $search_type($error);

+ $search_mode = 'post';

+ if ($error)

+ {

+ trigger_error($error);

+ }

+ }

+ else if (!isset($search_type) && !$topic_row['enable_indexing'])

+ $search_type = false;

+ if (!empty($search_type))

+ $search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);

+ $log_count = false;

+ if (!empty($log_data))

+ function bbcode_init($allow_custom_bbcode = true)

+ // To parse multiline URL we enable dotall option setting only for URL text

+ // but not for link itself, thus [url][/url] is not affected.

+ 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")),

+ 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:=&quot;(.*?)&quot;)?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")),

+ 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")),

+ 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")),

+ 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")),

+ 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")),

+ 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")),

+ 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")),

+ 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")),

+ 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")),

+ 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")),

+ 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#uise' => "\$this->validate_email('\$1', '\$2')")),

+ 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#uie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))

+ if (!$allow_custom_bbcode)

+ {

+ return;

+ }

+

+ // 'u' modifier has been added to correctly parse smilies within unicode strings

+ // For details: http://tracker.phpbb.com/browse/PHPBB3-10117

+ $num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches);

+ // 'u' modifier has been added to correctly parse smilies within unicode strings

+ // For details: http://tracker.phpbb.com/browse/PHPBB3-10117

+

+ $this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#u'), $replace, $this->message));

+ $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));

+ $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';

+ $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));

+ $ips = explode(' ', trim($this->ip));

+ if (preg_match(get_preg_expression('ipv4'), $ip))

+ $this->ip = $ip;

+ else if (preg_match(get_preg_expression('ipv6'), $ip))

+ // Quick check for IPv4-mapped address in IPv6

+ if (stripos($ip, '::ffff:') === 0)

+ $ipv4 = substr($ip, 7);

+

+ if (preg_match(get_preg_expression('ipv4'), $ipv4))

+ {

+ $ip = $ipv4;

+ }

+ $this->ip = $ip;

+ }

+ else

+ {

+ // We want to use the last valid address in the chain

+ // Leave foreach loop when address is invalid

+ break;

+ }

+ // Bot user, if they have a SID in the Request URI we need to get rid of it

+ // otherwise they'll index this page with the SID, duplicate content oh my!

+ if ($bot && isset($_GET['sid']))

+ {

+ send_status_line(301, 'Moved Permanently');

+ redirect(build_url(array('sid')));

+ }

+

+

+ $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '

+ WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);

+ $db->sql_query($sql);

+ // Neither Spamhaus nor Spamcop supports IPv6 addresses.

+ if (strpos($ip, ':') !== false)

+ {

+ return false;

+ }

+

+ break;

+ $path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];

+

+ $img_data['src'] = $root_path . $path;

+

+ // We overwrite the width and height to the phpbb logo's width

+ // and height here if the contents of the site_logo file are

+ // really equal to the phpbb_logo

+ // This allows us to change the dimensions of the phpbb_logo without

+ // modifying the imageset.cfg and causing a conflict for everyone

+ // who modified it for their custom logo on updating

+ if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))

+ {

+ global $cache;

+

+ $img_file_hashes = $cache->get('imageset_site_logo_md5');

+

+ if ($img_file_hashes === false)

+ {

+ $img_file_hashes = array();

+ }

+

+ $key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];

+ if (!isset($img_file_hashes[$key]))

+ {

+ $img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));

+ $cache->put('imageset_site_logo_md5', $img_file_hashes);

+ }

+

+ $phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';

+

+ if ($phpbb_logo_hash == $img_file_hashes[$key])

+ {

+ $img_data['width'] = '149';

+ $img_data['height'] = '52';

+ }

+ }

+<?php

+/**

+*

+* @package phpBB3

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+// Report all errors, except notices and deprecation messages

+if (!defined('E_DEPRECATED'))

+{

+ define('E_DEPRECATED', 8192);

+}

+error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

+

+/*

+* Remove variables created by register_globals from the global scope

+* Thanks to Matt Kavanagh

+*/

+function deregister_globals()

+{

+ $not_unset = array(

+ 'GLOBALS' => true,

+ '_GET' => true,

+ '_POST' => true,

+ '_COOKIE' => true,

+ '_REQUEST' => true,

+ '_SERVER' => true,

+ '_SESSION' => true,

+ '_ENV' => true,

+ '_FILES' => true,

+ 'phpEx' => true,

+ 'phpbb_root_path' => true

+ );

+

+ // Not only will array_merge and array_keys give a warning if

+ // a parameter is not an array, array_merge will actually fail.

+ // So we check if _SESSION has been initialised.

+ if (!isset($_SESSION) || !is_array($_SESSION))

+ {

+ $_SESSION = array();

+ }

+

+ // Merge all into one extremely huge array; unset this later

+ $input = array_merge(

+ array_keys($_GET),

+ array_keys($_POST),

+ array_keys($_COOKIE),

+ array_keys($_SERVER),

+ array_keys($_SESSION),

+ array_keys($_ENV),

+ array_keys($_FILES)

+ );

+

+ foreach ($input as $varname)

+ {

+ if (isset($not_unset[$varname]))

+ {

+ // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)

+ if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))

+ {

+ exit;

+ }

+ else

+ {

+ $cookie = &$_COOKIE;

+ while (isset($cookie['GLOBALS']))

+ {

+ if (!is_array($cookie['GLOBALS']))

+ {

+ break;

+ }

+

+ foreach ($cookie['GLOBALS'] as $registered_var => $value)

+ {

+ if (!isset($not_unset[$registered_var]))

+ {

+ unset($GLOBALS[$registered_var]);

+ }

+ }

+ $cookie = &$cookie['GLOBALS'];

+ }

+ }

+ }

+

+ unset($GLOBALS[$varname]);

+ }

+

+ unset($input);

+}

+

+// If we are on PHP >= 6.0.0 we do not need some code

+if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))

+{

+ /**

+ * @ignore

+ */

+ define('STRIP', false);

+}

+else

+{

+ @set_magic_quotes_runtime(0);

+

+ // Be paranoid with passed vars

+ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))

+ {

+ deregister_globals();

+ }

+

+ define('STRIP', (get_magic_quotes_gpc()) ? true : false);

+}

+

+// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone

+if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))

+{

+ // For PHP 5.1.0 the date/time functions have been rewritten

+ // and setting a timezone is required prior to calling any date/time function.

+

+ // Since PHP 5.2.0 calls to date/time functions without having a timezone set

+ // result in E_STRICT errors being thrown.

+ // Note: We already exclude E_STRICT errors

+ // (to be exact: they are not included in E_ALL in PHP 5.2)

+

+ // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems

+ // because we show E_WARNING errors and do not set a default timezone.

+ // This is because we have our own timezone handling and work in UTC only anyway.

+

+ // So what we basically want to do is set our timezone to UTC,

+ // but we don't know what other scripts (such as bridges) are involved,

+ // so we check whether a timezone is already set by calling date_default_timezone_get().

+

+ // Unfortunately, date_default_timezone_get() itself might throw E_WARNING

+ // if no timezone has been set, so we have to keep it quiet with @.

+

+ // date_default_timezone_get() tries to guess the correct timezone first

+ // and then falls back to UTC when everything fails.

+ // We just set the timezone to whatever date_default_timezone_get() returns.

+ date_default_timezone_set(@date_default_timezone_get());

+}

+

+$starttime = explode(' ', microtime());

+$starttime = $starttime[1] + $starttime[0];

+ if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this))

+ if (!file_exists($filename) || @filesize($filename) === 0 || defined('DEBUG_EXTRA'))

+

+ // Create the correct logs

+ add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER');

+ if ($auth->acl_get('a_user'))

+ {

+ add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']);

+ }

+ $user_folders = get_folder($user->data['user_id']);

+ compose_pm($id, $mode, $action, $user_folders);

+function compose_pm($id, $mode, $action, $user_folders = array())

+ $folder_id = 0;

+ $s_action .= (($folder_id) ? "&amp;f=$folder_id" : '') . (($msg_id) ? "&amp;p=$msg_id" : '');

+ $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox');

+ $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=outbox');

+

+ $folder_url = '';

+ if (($folder_id > 0) && isset($user_folders[$folder_id]))

+ {

+ $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $folder_id);

+ }

+

+ $return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url;

+ $return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX';

+

+ $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');

+

+ $last_click_type = 'CLICK_RETURN_FOLDER';

+ if ($folder_url)

+ {

+ $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);

+ $last_click_type = 'CLICK_GOTO_FOLDER';

+ }

+ $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);

+

+ meta_refresh(3, $return_message_url);

+ 'S_PM_UNREAD' => ($row['pm_unread']) ? true : false,

+ $bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;

+

+ 'U_ICQ' => ($user_info['user_icq']) ? 'http://www.icq.com/people' . urlencode($user_info['user_icq']) . '/' : '',

+ 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0,

+ 'lang' => array('language_iso_name'),

+ if (!validate_language_iso_name($use_lang))

+ 'lang' => array('language_iso_name'),