diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/auth.php | 87 | ||||
| -rw-r--r-- | phpBB/includes/bbcode.php | 508 | ||||
| -rw-r--r-- | phpBB/includes/error.php | 96 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 418 | ||||
| -rw-r--r-- | phpBB/includes/post.php | 26 | ||||
| -rw-r--r-- | phpBB/includes/sessions.php | 357 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 2 |
7 files changed, 1493 insertions, 1 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php new file mode 100644 index 0000000000..3730cd5872 --- /dev/null +++ b/phpBB/includes/auth.php @@ -0,0 +1,87 @@ +<?php +/*************************************************************************** + * auth.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + +/* Notes: + * auth() is going to become a very complex function and can take in a LARGE number of arguments. + * The currently included argements should be enough to handle any situation, however, if you need access to another + * the best option would be to create a global variable and access it that way if you can. + * + * auth() returns: + * TRUE if the user authorized + * FALSE if the user is not + */ +function auth($type, $db, $id = "", $user_ip = "") +{ + global $userdata; + switch($type) + { + // Empty for the moment. + } +} + + +/* + * The following functions are used for getting user information. They are not related directly to auth() + */ + +function get_userdata_from_id($userid, $db) +{ + $sql = "SELECT * FROM ".USERS_TABLE." WHERE user_id = $userid"; + if(!$result = $db->sql_query($sql)) + { + $userdata = array("error" => "1"); + return ($userdata); + } + if($db->sql_numrows($result)) + { + $myrow = $db->sql_fetchrowset($result); + return($myrow[0]); + } + else + { + $userdata = array("error" => "1"); + return ($userdata); + } +} + +function get_userdata($username, $db) { + $sql = "SELECT * FROM ".USERS_TABLE." WHERE username = '$username' AND user_level != ".DELETED; + if(!$result = $db->sql_query($sql)) + { + $userdata = array("error" => "1"); + } + + if($db->sql_numrows($result)) + { + $myrow = $db->sql_fetchrowset($result); + return($myrow[0]); + } + else + { + $userdata = array("error" => "1"); + return ($userdata); + } +} + +?> diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php new file mode 100644 index 0000000000..b1a6a794cc --- /dev/null +++ b/phpBB/includes/bbcode.php @@ -0,0 +1,508 @@ +<?php +/*************************************************************************** + * bbcode.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + ***************************************************************************/ + + /*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + * + ***************************************************************************/ + + +define("BBCODE_UID_LEN", 10); + + +/** + * Does second-pass bbencoding. This should be used before displaying the message in + * a thread. Assumes the message is already first-pass encoded, and has the required + * "[uid:...]" tag as the very first thing in the text. + */ +function bbencode_second_pass($text, $uid) +{ + + //$uid_tag_length = strpos($text, ']') + 1; + //$uid = substr($text, 5, BBCODE_UID_LEN); + //$text = substr($text, $uid_tag_length); + + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). + // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. + $text = " " . $text; + + // First: If there isn't a "[" and a "]" in the message, don't bother. + if (! (strpos($text, "[") && strpos($text, "]")) ) + { + // Remove padding, return. + $text = substr($text, 1); + return $text; + } + + // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. + $text = bbencode_second_pass_code($text, $uid); + + // [list] and [list=x] for (un)ordered lists. + // unordered lists + $text = str_replace("[list:$uid]", '<UL>', $text); + // li tags + $text = str_replace("[*:$uid]", '<LI>', $text); + // ending tags + $text = str_replace("[/list:u:$uid]", '</UL>', $text); + $text = str_replace("[/list:o:$uid]", '</OL>', $text); + // Ordered lists + $text = preg_replace("/\[list=([a1]):$uid\]/si", '<OL TYPE="\1">', $text); + + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = str_replace("[quote:$uid]", '<TABLE BORDER="0" ALIGN="CENTER" WIDTH="85%"><TR><TD><font size="-1">Quote:</font><HR></TD></TR><TR><TD><FONT SIZE="-1"><BLOCKQUOTE>', $text); + $text = str_replace("[/quote:$uid]", '</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE>', $text); + + // [b] and [/b] for bolding text. + $text = str_replace("[b:$uid]", '<B>', $text); + $text = str_replace("[/b:$uid]", '</B>', $text); + + // [i] and [/i] for italicizing text. + $text = str_replace("[i:$uid]", '<I>', $text); + $text = str_replace("[/i:$uid]", '</I>', $text); + + // [img]image_url_here[/img] code.. + $text = str_replace("[img:$uid]", '<IMG SRC="', $text); + $text = str_replace("[/img:$uid]", '" BORDER="0"></IMG>', $text); + + // Patterns and replacements for URL and email tags.. + $patterns = array(); + $replacements = array(); + + // [url]xxxx://www.phpbb.com[/url] code.. + $patterns[0] = "#\[url\]([a-z]+?://){1}(.*?)\[/url\]#si"; + $replacements[0] = '<A HREF="\1\2" TARGET="_blank">\1\2</A>'; + + // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). + $patterns[1] = "#\[url\](.*?)\[/url\]#si"; + $replacements[1] = '<A HREF="http://\1" TARGET="_blank">\1</A>'; + + // [url=xxxx://www.phpbb.com]phpBB[/url] code.. + $patterns[2] = "#\[url=([a-z]+?://){1}(.*?)\](.*?)\[/url\]#si"; + $replacements[2] = '<A HREF="\1\2" TARGET="_blank">\3</A>'; + + // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). + $patterns[3] = "#\[url=(.*?)\](.*?)\[/url\]#si"; + $replacements[3] = '<A HREF="http://\1" TARGET="_blank">\2</A>'; + + // [email]user@domain.tld[/email] code.. + $patterns[4] = "#\[email\](.*?)\[/email\]#si"; + $replacements[4] = '<A HREF="mailto:\1">\1</A>'; + + $text = preg_replace($patterns, $replacements, $text); + + // Remove our padding from the string.. + $text = substr($text, 1); + + return $text; + +} // bbencode_second_pass() + + + +function make_bbcode_uid() +{ + // Unique ID for this message.. + $uid = md5(uniqid(rand())); + $uid = substr($uid, 0, BBCODE_UID_LEN); + + return $uid; +} + + + +function bbencode_first_pass($text, $uid) +{ + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). + // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. + $text = " " . $text; + + // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. + $text = bbencode_first_pass_pda($text, $uid, '[code]', '[/code]', '', true, ''); + + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); + + // [list] and [list=x] for (un)ordered lists. + $open_tag = array(); + $open_tag[0] = "[list]"; + + // unordered.. + $text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:u]", false, 'replace_listitems'); + + $open_tag[0] = "[list=1]"; + $open_tag[1] = "[list=a]"; + + // ordered. + $text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:o]", false, 'replace_listitems'); + + // [b] and [/b] for bolding text. + $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); + + // [i] and [/i] for italicizing text. + $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); + + // [img]image_url_here[/img] code.. + $text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); + + // Remove our padding from the string.. + $text = substr($text, 1); + + // Add the uid tag to the start of the string.. + //$text = '[uid=' . $uid . ']' . $text; + + return $text; + +} // bbencode_first_pass() + + +/** + * $text - The text to operate on. + * $uid - The UID to add to matching tags. + * $open_tag - The opening tag to match. Can be an array of opening tags. + * $close_tag - The closing tag to match. + * $close_tag_new - The closing tag to replace with. + * $mark_lowest_level - boolean - should we specially mark the tags that occur + * at the lowest level of nesting? (useful for [code], because + * we need to match these tags first and transform HTML tags + * in their contents.. + * $func - This variable should contain a string that is the name of a function. + * That function will be called when a match is found, and passed 2 + * parameters: ($text, $uid). The function should return a string. + * This is used when some transformation needs to be applied to the + * text INSIDE a pair of matching tags. If this variable is FALSE or the + * empty string, it will not be executed. + * If open_tag is an array, then the pda will try to match pairs consisting of + * any element of open_tag followed by close_tag. This allows us to match things + * like [list=A]...[/list] and [list=1]...[/list] in one pass of the PDA. + * + * NOTES: - this function assumes the first character of $text is a space. + * - every opening tag and closing tag must be of the [...] format. + */ +function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_new, $mark_lowest_level, $func) +{ + $open_tag_count = 0; + $open_tag_length = array(); + + if (!$close_tag_new || ($close_tag_new == '')) + { + $close_tag_new = $close_tag; + } + + $close_tag_length = strlen($close_tag); + $close_tag_new_length = strlen($close_tag_new); + $uid_length = strlen($uid); + + $use_function_pointer = ($func && ($func != '')); + + $stack = array(); + + if (is_array($open_tag)) + { + if (0 == count($open_tag)) + { + // No opening tags to match, so return. + return $text; + } + + for ($i = 0; $i < count($open_tag); $i++) + { + ++$open_tag_count; + $open_tag_length[$i] = strlen($open_tag[$i]); + } + } + else + { + // only one opening tag. make it into a 1-element array. + $open_tag_temp = $open_tag; + $open_tag = array(); + $open_tag[0] = $open_tag_temp; + $open_tag_length[0] = strlen($open_tag[0]); + $open_tag_count = 1; + } + + + // Start at the 2nd char of the string, looking for opening tags. + $curr_pos = 1; + while ($curr_pos && ($curr_pos < strlen($text))) + { + $curr_pos = strpos($text, "[", $curr_pos); + + // If not found, $curr_pos will be 0, and the loop will end. + if ($curr_pos) + { + // We found a [. It starts at $curr_pos. + // check if it's a starting or ending tag. + $found_start = false; + $which_start_tag = -1; + for ($i = 0; $i < $open_tag_count; $i++) + { + $possible_start = substr($text, $curr_pos, $open_tag_length[$i]); + if (0 == strcasecmp($open_tag[$i], $possible_start)) + { + $found_start = true; + $which_start_tag = $i; + break; + } + } + + if ($found_start) + { + // We have an opening tag. + // Push its position and length on to the stack, and then keep going to the right. + $match = array("pos" => $curr_pos, "tag" => $which_start_tag); + bbcode_array_push($stack, $match); + ++$curr_pos; + } + else + { + // check for a closing tag.. + $possible_end = substr($text, $curr_pos, $close_tag_length); + if (0 == strcasecmp($close_tag, $possible_end)) + { + // We have an ending tag. + // Check if we've already found a matching starting tag. + if (sizeof($stack) > 0) + { + // There exists a starting tag. + $curr_nesting_depth = sizeof($stack); + // We need to do 2 replacements now. + $match = bbcode_array_pop($stack); + $start_index = $match['pos']; + $which_start_tag = $match['tag']; + $start_length = $open_tag_length[$which_start_tag]; + $start_tag = $open_tag[$which_start_tag]; + + // everything before the opening tag. + $before_start_tag = substr($text, 0, $start_index); + + // everything after the opening tag, but before the closing tag. + $between_tags = substr($text, $start_index + $start_length, $curr_pos - $start_index - $start_length); + + // Run the given function on the text between the tags.. + if ($use_function_pointer) + { + $between_tags = $func($between_tags, $uid); + } + + // everything after the closing tag. + $after_end_tag = substr($text, $curr_pos + $close_tag_length); + + // Mark the lowest nesting level if needed. + if ($mark_lowest_level && ($curr_nesting_depth == 1)) + { + $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]"; + $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]"; + } + else + { + $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]"; + $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]"; + } + + $text .= $after_end_tag; + + // Now.. we've screwed up the indices by changing the length of the string. + // So, if there's anything in the stack, we want to resume searching just after it. + // otherwise, we go back to the start. + if (sizeof($stack) > 0) + { + $match = bbcode_array_pop($stack); + $curr_pos = $match['pos']; + bbcode_array_push($stack, $match); + ++$curr_pos; + } + else + { + $curr_pos = 1; + } + } + else + { + // No matching start tag found. Increment pos, keep going. + ++$curr_pos; + } + } + else + { + // No starting tag or ending tag.. Increment pos, keep looping., + ++$curr_pos; + } + } + } + } // while + + return $text; + +} // bbencode_first_pass_pda() + + + + +/** + * Does second-pass bbencoding of the [code] tags. This includes + * running htmlspecialchars() over the text contained between + * any pair of [code] tags that are at the first level of + * nesting. Tags at the first level of nesting are indicated + * by this format: [code:1:$uid] ... [/code:1:$uid] + * Other tags are in this format: [code:$uid] ... [/code:$uid] + */ +function bbencode_second_pass_code($text, $uid) +{ + + $code_start_html = '<TABLE BORDER="0" ALIGN="CENTER" WIDTH="85%"><TR><TD><font size="-1">Code:</font><HR></TD></TR><TR><TD><FONT SIZE="-1"><PRE>'; + $code_end_html = '</PRE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE>'; + + // First, do all the 1st-level matches. These need an htmlspecialchars() run, + // so they have to be handled differently. + $match_count = preg_match_all("#\[code:1:$uid\](.*?)\[/code:1:$uid\]#si", $text, $matches); + + for ($i = 0; $i < $match_count; $i++) + { + $before_replace = $matches[1][$i]; + $after_replace = $matches[1][$i]; + + $after_replace = htmlspecialchars($after_replace); + + $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; + + $replacement = $code_start_html; + $replacement .= $after_replace; + $replacement .= $code_end_html; + + $text = str_replace($str_to_match, $replacement, $text); + } + + // Now, do all the non-first-level matches. These are simple. + $text = str_replace("[code:$uid]", $code_start_html, $text); + $text = str_replace("[/code:$uid]", $code_end_html, $text); + + return $text; + +} // bbencode_second_pass_code() + + +/** + * Rewritten by Nathan Codding - Feb 6, 2001. + * - Goes through the given string, and replaces xxxx://yyyy with an HTML <a> tag linking + * to that URL + * - Goes through the given string, and replaces www.xxxx.yyyy[zzzz] with an HTML <a> tag linking + * to http://www.xxxx.yyyy[/zzzz] + * - Goes through the given string, and replaces xxxx@yyyy with an HTML mailto: tag linking + * to that email address + * - Only matches these 2 patterns either after a space, or at the beginning of a line + * + * Notes: the email one might get annoying - it's easy to make it more restrictive, though.. maybe + * have it require something like xxxx@yyyy.zzzz or such. We'll see. + */ + +function make_clickable($text) +{ + + // pad it with a space so we can match things at the start of the 1st line. + $ret = " " . $text; + + // matches an "xxxx://yyyy" URL at the start of a line, or after a space. + // xxxx can only be alpha characters. + // yyyy is anything up to the first space, newline, or comma. + $ret = preg_replace("#([\n ])([a-z]+?)://([^, \n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret); + + // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing + // Must contain at least 2 dots. xxxx contains either alphanum, or "-" + // yyyy contains either alphanum, "-", or "." + // zzzz is optional.. will contain everything up to the first space, newline, or comma. + // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" + // This is to keep it from getting annoying and matching stuff that's not meant to be a link. + $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret); + + // matches an email@domain type address at the start of a line, or after a space. + // Note: before the @ sign, the only valid characters are the alphanums and "-", "_", or ".". + // After the @ sign, we accept anything up to the first space, linebreak, or comma. + $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([^, \n\r]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret); + + // Remove our padding.. + $ret = substr($ret, 1); + + return($ret); +} + + + +/** + * This is used to change a [*] tag into a [*:$uid] tag as part + * of the first-pass bbencoding of [list] tags. It fits the + * standard required in order to be passed as a variable + * function into bbencode_first_pass_pda(). + */ +function replace_listitems($text, $uid) +{ + $text = str_replace("[*]", "[*:$uid]", $text); + + return $text; +} + + +/** + * Escapes the "/" character with "\/". This is useful when you need + * to stick a runtime string into a PREG regexp that is being delimited + * with slashes. + */ +function escape_slashes($input) +{ + $output = str_replace('/', '\/', $input); + return $output; +} + + +/** + * This function does exactly what the PHP4 function array_push() does + * however, to keep phpBB compatable with PHP 3 we had to come up with our own + * method of doing it. + */ +function bbcode_array_push(&$stack, $value) { + $stack[] = $value; + return(sizeof($stack)); +} + +/** + * This function does exactly what the PHP4 function array_pop() does + * however, to keep phpBB compatable with PHP 3 we had to come up with our own + * method of doing it. + */ +function bbcode_array_pop(&$stack) { + $arrSize = count($stack); + $x = 1; + while(list($key, $val) = each($stack)) + { + if($x < count($stack)) + { + $tmpArr[] = $val; + } + else + { + $return_val = $val; + } + $x++; + } + $stack = $tmpArr; + + return($return_val); +} + + + +?> diff --git a/phpBB/includes/error.php b/phpBB/includes/error.php new file mode 100644 index 0000000000..76acc188e5 --- /dev/null +++ b/phpBB/includes/error.php @@ -0,0 +1,96 @@ +<?php +/*************************************************************************** + * error.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + +function error_die($error_code, $error_msg = "", $line = "", $file = "") +{ + global $db, $template, $phpEx, $default_lang; + global $table_bgcolor, $color1; + global $starttime, $phpbbversion; + + if(!defined("HEADER_INC")) + { + if(!empty($default_lang)) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + else + { + include('language/lang_english.'.$phpEx); + } + include('includes/page_header.'.$phpEx); + } + if(!$error_msg) + { + switch($error_code) + { + case GENERAL_ERROR: + if(!$error_msg) + { + $error_msg = "An Error Occured"; + } + break; + + case SQL_CONNECT: + $db_error = $db->sql_error(); + $error_msg .= "<br />SQL connect error - " . $db_error["message"]; + break; + + case BANNED: + $error_msg = "You have been banned from this forum."; + break; + + case SQL_QUERY: + $db_error = $db->sql_error(); + $error_msg .= "<br />SQL query error - ".$db_error["message"]; + break; + + case SESSION_CREATE: + $error_msg = "Error creating session. Could not log you in. Please go back and try again."; + break; + + case NO_POSTS: + $error_msg = "There are no posts in this forum. Click on the <b>Post New Topic</b> link on this page to post one."; + break; + + case LOGIN_FAILED: + $error_msg = "Login Failed. You have specified an incorrect/inactive username or invalid password, please go back and try again."; + break; + } + } + if(DEBUG) + { + if($line != "" && $file != "") + $error_msg .= "<br /><br /><u>DEBUG INFO</u></br /><br>Line: ".$line."<br />File: ".$file; + } + + $template->set_filenames(array("error_body" => "error_body.tpl")); + $template->assign_vars(array("ERROR_MESSAGE" => $error_msg)); + $template->pparse("error_body"); + + include('includes/page_tail.'.$phpEx); + + exit(); +} + +?> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php new file mode 100644 index 0000000000..e7b236f207 --- /dev/null +++ b/phpBB/includes/functions.php @@ -0,0 +1,418 @@ +<?php +/*************************************************************************** + * functions.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + +function get_db_stat($db, $mode) +{ + switch($mode){ + case 'postcount': + $sql = 'SELECT count(*) AS total FROM '.POSTS_TABLE; + break; + + case 'usercount': + $sql = 'SELECT count(*) AS total + FROM '. USERS_TABLE .' + WHERE user_id != '.ANONYMOUS.' + AND user_level != '.DELETED; + break; + + case 'newestuser': + $sql = 'SELECT user_id, username + FROM '.USERS_TABLE.' + WHERE user_id != ' . ANONYMOUS. ' + AND user_level != '. DELETED .' + ORDER BY user_id DESC LIMIT 1'; + break; + + case 'usersonline': + $sql = "SELECT COUNT(*) AS online FROM ".SESSIONS_TABLE; + break; + } + + + if(!$result = $db->sql_query($sql)) + { + return 'ERROR'; + } + else + { + $row = $db->sql_fetchrow($result); + if($mode == 'newestuser') + { + return($row); + } + else if($mode == "usersonline") + { + return ($row['online']); + } + else + { + return($row['total']); + } + } +} + + +function make_jumpbox($db) +{ + global $l_jumpto, $l_noforums, $l_nocategories; + + $sql = "SELECT c.* + FROM ".CATEGORIES_TABLE." c, ".FORUMS_TABLE." f + WHERE f.cat_id = c.cat_id + GROUP BY c.cat_id, c.cat_title, c.cat_order + ORDER BY c.cat_order"; + if(!$q_categories = $db->sql_query($sql)) + { + $db_error = $db->sql_error(); + error_die(SQL_QUERY, "Couldn't obtain category list.", __LINE__, __FILE__); + } + + $total_categories = $db->sql_numrows(); + if($total_categories) + { + $category_rows = $db->sql_fetchrowset($q_categories); + + $limit_forums = ""; + + $sql = "SELECT * + FROM ".FORUMS_TABLE." + ORDER BY cat_id, forum_order"; + if(!$q_forums = $db->sql_query($sql)) + { + error_die(SQL_QUERY, "Couldn't obtain forums information.", __LINE__, __FILE__); + } + $total_forums = $db->sql_numrows($q_forums); + $forum_rows = $db->sql_fetchrowset($q_forums); + + $boxstring = ''; + for($i = 0; $i < $total_categories; $i++) + { + $boxstring .= "<option value=\"-1\"> </option>\n"; + $boxstring .= "<option value=\"-1\">".stripslashes($category_rows[$i]["cat_title"])."</OPTION>\n"; + $boxstring .= "<option value=\"-1\">----------------</OPTION>\n"; + + if($total_forums) + { + for($y = 0; $y < $total_forums; $y++) + { + if( $forum_rows[$y]["cat_id"] == $category_rows[$i]["cat_id"] ) + { + $name = stripslashes($forum_rows[$y]["forum_name"]); + $boxstring .= "<option value=\"".$forum_rows[$y]["forum_id"]."\">$name</OPTION>\n"; + } + } + } + else + { + $boxstring .= "<option value=\"-1\">-- ! No Forums ! --</option>\n"; + } + } + } + else + { + $boxstring .= "<option value=\"-1\">-- ! No Categories ! --</option>\n"; + } + + return($boxstring); +} + +function language_select($default, $name="language", $dirname="language/") +{ + global $phpEx; + $dir = opendir($dirname); + $lang_select = "<select name=\"$name\">\n"; + while ($file = readdir($dir)) + { + if (ereg("^lang_", $file)) + { + $file = str_replace("lang_", "", $file); + $file = str_replace(".$phpEx", "", $file); + $file == $default ? $selected = " SELECTED" : $selected = ""; + $lang_select .= " <option$selected>$file\n"; + } + } + $lang_select .= "</select>\n"; + closedir($dir); + return $lang_select; +} + +function theme_select($default, $db) +{ + $sql = "SELECT theme_id, theme_name FROM ".THEMES_TABLE." ORDER BY theme_name"; + if($result = $db->sql_query($sql)) + { + $num = $db->sql_numrows($result); + $rowset = $db->sql_fetchrowset($result); + $theme_select = "<select name=\"theme\">\n"; + for($i = 0; $i < $num; $i++) + { + if((stripslashes($rowset[$i]["theme_name"]) == $default) || ($rowset[$i]["theme_id"] == $default)) + { + $selected = " SELECTED"; + } + else + { + $selected = ""; + } + $theme_select .= "\t<option value=\"".$rowset[$i]["theme_id"]."\"$selected>".stripslashes($rowset[$i]["theme_name"])."</option>\n"; + } + $theme_select .= "</select>\n"; + } + else + { + $theme_select = "<select name=\"theme\"><option value=\"-1\">Error in theme_select</option></select>"; + } + return($theme_select); +} + +// +// Initialise user settings on page load +// +function init_userprefs($userdata) +{ + + global $override_user_theme; + global $bgcolor, $table_bgcolor, $textcolor, $category_title, $table_header; + global $color1, $color2, $header_image, $newtopic_image; + global $reply_locked_image, $reply_image, $linkcolor, $vlinkcolor; + global $default_lang, $date_format, $sys_timezone; + + if(!$override_user_theme) + { + if($userdata['user_id'] != ANONYMOUS || $userdata['user_id'] != DELETED) + { + $theme = setuptheme($userdata["user_theme"]); + } + else + { + $theme = setuptheme($default_theme); + } + } + else + { + $theme = setuptheme($override_user_theme); + } + if($theme) + { + $bgcolor = $theme["bgcolor"]; + $table_bgcolor = $theme["table_bgcolor"]; + $textcolor = $theme["textcolor"]; + $category_title = $theme["category_title"]; + $table_header = $theme["table_header"]; + $color1 = $theme["color1"]; + $color2 = $theme["color2"]; + $header_image = $theme["header_image"]; + $newtopic_image = $theme["newtopic_image"]; + $reply_locked_image = $theme["reply_locked_image"]; + $reply_image = $theme["reply_image"]; + $linkcolor = $theme["linkcolor"]; + $vlinkcolor = $theme["vlinkcolor"]; + } + if($userdata["user_lang"] != "") + { + $default_lang = $userdata["user_lang"]; + } + if($userdata["user_dateformat"] != "") + { + $date_format = $userdata["user_dateformat"]; + } + if($userdata["user_timezone"]) + { + $sys_timezone = $userdata["user_timezone"]; + } + + // Include the appropriate language file ... if it exists. + if(!strstr($PHP_SELF, "admin")) + { + if(file_exists('language/lang_'.$default_lang.'.'.$phpEx)) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + } + else + { + if(strstr($PHP_SELF, "topicadmin")) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + else + { + include('../language/lang_'.$default_lang.'.'.$phpEx); + } + } + + return; + +} +function setuptheme($theme) +{ + global $db; + + $sql = "SELECT * + FROM ".THEMES_TABLE." + WHERE theme_id = '$theme'"; + if(!$result = $db->sql_query($sql)) + return(0); + + if(!$myrow = $db->sql_fetchrow($result)) + return(0); + + return($myrow); +} + +function tz_select($default) +{ + global $board_tz; + if(!isset($default)) + { + $default == $board_tz; + } + $tz_select = "<select name=\"timezone\">"; + $tz_array = array( + "-12" => "(GMT -12:00 hours) Eniwetok, Kwajalein", + "-11" => "(GMT -11:00 hours) Midway Island, Samoa", + "-10" => "(GMT -10:00 hours) Hawaii", + "-9" => "(GMT -9:00 hours) Alaska", + "-8" => "(GMT -8:00 hours) Pacific Time (US & Canada)", + "-7" => "(GMT -7:00 hours) Mountain Time (US & Canada)", + "-6" => "(GMT -6:00 hours) Central Time (US & Canada), Mexico City", + "-5" => "(GMT -5:00 hours) Eastern Time (US & Canada), Bogota, Lima, Quito", + "-4" => "(GMT -4:00 hours) Atlantic Time (Canada), Caracas, La Paz", + "-3.5" => "(GMT -3:30 hours) Newfoundland", + "-3" => "(GMT -3:00 hours) Brazil, Buenos Aires, Georgetown", + "-2" => "(GMT -2:00 hours) Mid-Atlantic, Ascension Is., St. Helena, ", + "-1" => "(GMT -1:00 hours) Azores, Cape Verde Islands", + "0" => "(GMT) Casablanca, Dublin, Edinburgh, London, Lisbon, Monrovia", + "+1" => "(GMT +1:00 hours) CET, Berlin, Brussels, Copenhagen, Madrid, Paris, Rome", + "+2" => "(GMT +2:00 hours) EET, Kaliningrad, South Africa, Warsaw", + "+3" => "(GMT +3:00 hours) Baghdad, Kuwait, Riyadh, Moscow, St. Petersburg, Volgograd, Nairobi", + "+3.5" => "(GMT +3:30 hours) Tehran", + "+4" => "(GMT +4:00 hours) Abu Dhabi, Baku, Muscat, Tbilisi", + "+4.5" => "(GMT +4:30 hours) Kabul", + "+5" => "(GMT +5:00 hours) Ekaterinburg, Islamabad, Karachi, Tashkent", + "+5.5" => "(GMT +5:30 hours) Bombay, Calcutta, Madras, New Delhi", + "+6" => "(GMT +6:00 hours) Almaty, Colombo, Dhaka", + "+7" => "(GMT +7:00 hours) Bangkok, Hanoi, Jakarta", + "+8" => "(GMT +8:00 hours) Beijing, Perth, Singapore, Hong Kong, Chongqing, Urumqi, Taipei", + "+9" => "(GMT +9:00 hours) Tokyo, Seoul, Osaka, Sapporo, Yakutsk", + "+9.5" => "(GMT +9:30 hours) Adelaide, Darwin", + "+10" => "(GMT +10:00 hours) EAST (East Australian Standard), Guam, Papua New Guinea, Vladivostok", + "+11" => "(GMT +11:00 hours) Magadan, Solomon Islands, New Caledonia", + "+12" => "(GMT +12:00 hours) Auckland, Wellington, Fiji, Kamchatka, Marshall Island"); + + while(list($offset, $zone) = each($tz_array)) + { + if($offset == $default) + { + $selected = " SELECTED"; + } + else + { + $selected = ""; + } + $tz_select .= "\t<option value=\"$offset\"$selected>$zone</option>\n"; + } + $tz_select .= "</select>\n"; + return($tz_select); +} + +function validate_username(&$username, $db) +{ + $username = trim($username); + $username = strip_tags($username); + $username = htmlspecialchars($username); + if(empty($username)) + { + return(FALSE); + } + + $valid_name = TRUE; + $sql = "SELECT LOWER(username) FROM ".USERS_TABLE." WHERE username = '$username'"; + if($result = $db->sql_query($sql)) + { + if( ($numrows = $db->sql_numrows($result) ) > 0) + { + $valid_name = FALSE; + } + } + + $sql = "SELECT disallow_username FROM ".DISALLOW_TABLE." WHERE disallow_username = '$username'"; + if($result = $db->sql_query($sql)) + { + if(($numrows = $db->sql_numrows($result)) > 0) + { + $valid_name = FALSE; + } + } + + return($valid_name); +} +function generate_activation_key() +{ + $chars = array( + "a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J", + "k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T", + "u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8", + "9","0" + ); + $max_elements = count($chars) - 1; + srand((double)microtime()*1000000); + $act_key = $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key_md = md5($act_key); + + return($act_key_md); +} + +function encode_ip($dotquad_ip) +{ + $ip_sep = explode(".", $dotquad_ip); + return (sprintf("%02x%02x%02x%02x", $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3])); + + //return (( $ip_sep[0] * 0xFFFFFF + $ip_sep[0] ) + ( $ip_sep[1] * 0xFFFF + $ip_sep[1] ) + ( $ip_sep[2] * 0xFF + $ip_sep[2] ) + ( $ip_sep[3] ) ); +} + +function decode_ip($int_ip) +{ + $hexipbang = explode(".",chunk_split($int_ip, 2, ".")); + return hexdec($hexipbang[0]).".".hexdec($hexipbang[1]).".".hexdec($hexipbang[2]).".".hexdec($hexipbang[3]); + + //return sprintf( "%d.%d.%d.%d", ( ( $int_ip >> 24 ) & 0xFF ), ( ( $int_ip >> 16 ) & 0xFF ), ( ( $int_ip >> 8 ) & 0xFF ), ( ( $int_ip ) & 0xFF ) ); + +} + +// +// Create date/time from format and timezone +// +function create_date($format, $gmepoch, $tz) +{ + return (gmdate($format, $gmepoch + (3600 * $tz))); +} +?>
\ No newline at end of file diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php new file mode 100644 index 0000000000..a6f3cdad39 --- /dev/null +++ b/phpBB/includes/post.php @@ -0,0 +1,26 @@ +'<?php +/*************************************************************************** + * + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + + +?> diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php new file mode 100644 index 0000000000..158e2d5976 --- /dev/null +++ b/phpBB/includes/sessions.php @@ -0,0 +1,357 @@ +<?php +/*************************************************************************** + * sessions.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + +// +// session_begin() +// +// Adds/updates a new session to the database for the given userid. +// Returns the new session ID on success. +// +function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "") +{ + + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + + $current_time = time(); + $expiry_time = $current_time - $session_length; + $int_ip = encode_ip($user_ip); + + // + // Initial ban check against IP and userid + // + $sql = "SELECT ban_ip, ban_userid + FROM ".BANLIST_TABLE." + WHERE (ban_ip = '$int_ip' OR ban_userid = '$user_id') + AND (ban_start < $current_time AND ban_end > $current_time )"; + $result = $db->sql_query($sql); + if (!$result) + { + error_die(SQL_QUERY, "Couldn't obtain ban information.", __LINE__, __FILE__); + } + $ban_info = $db->sql_fetchrow($result); + + // + // Check for user and ip ban ... + // + if($ban_info['ban_ip'] || $ban_info['ban_userid']) + { + error_die(AUTH_BANNED); + } + else + { + if($user_id == ANONYMOUS) + { + $login = 0; + } + + $sql_update = "UPDATE ".SESSIONS_TABLE." + SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login + WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") + AND (session_ip = '$int_ip')"; + + $result = $db->sql_query($sql_update); + + if(!$result || !$db->sql_affectedrows()) + { + mt_srand( (double) microtime() * 1000000); + $session_id = mt_rand(); + + $sql_insert = "INSERT INTO ".SESSIONS_TABLE." + (session_id, session_user_id, session_time, session_ip, session_page, session_logged_in) + VALUES + ($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)"; + $result = $db->sql_query($sql_insert); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating new session : session_begin", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", $session_id, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + } + else + { + $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; + } + + if(!empty($password) && AUTOLOGON) + { + setcookie($cookiename."[useridref]", $password, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + } + setcookie($cookiename."[userid]", $user_id, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessionstart]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + +// echo $sql_update."<BR><BR>".$sql_insert."<BR><BR>"; + + } + + return $session_id; + +} // session_begin + + +// +// Checks for a given user session, tidies session +// table and updates user sessions at each page refresh +// +function session_pagestart($user_ip, $thispage_id, $session_length) +{ + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + + unset($userdata); + $current_time = time(); + $int_ip = encode_ip($user_ip); + + // + // Delete expired sessions + // + $expiry_time = $current_time - $session_length; + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE session_time < $expiry_time"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error clearing sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + if(isset($HTTP_COOKIE_VARS[$cookiename]['userid'])) + { + // + // userid exists so go ahead and grab all + // data in preparation + // + $userid = $HTTP_COOKIE_VARS[$cookiename]['userid']; + $sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid + FROM ".USERS_TABLE." u + LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id) + AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) ) + LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' ) + WHERE u.user_id = $userid"; + $result = $db->sql_query($sql); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error doing DB query userdata row fetch : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata = $db->sql_fetchrow($result); + } + + if($userdata['user_id'] != ''){ // The ID in the cookie was really in the DB. + // + // Check for user and ip ban ... + // + if($userdata['ban_ip'] || $userdata['ban_userid']) + { + error_die(BANNED); + } + + // + // Now, check to see if a session exists. + // If it does then update it, if it doesn't + // then create one. + // + if(isset($HTTP_COOKIE_VARS[$cookiename]['sessionid'])) + { + + // + // Is the id the same as that in the cookie? + // If it is then we see if it needs updating + // + if($HTTP_COOKIE_VARS[$cookiename]['sessionid'] == $userdata['session_id']) + { + + // + // Only update session DB a minute or so after last update + // + if($current_time - $userdata['session_time'] > 60) + { + + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_time = '$current_time', session_page = '$thispage_id' + WHERE (session_id = ".$userdata['session_id'].") + AND (session_ip = '$int_ip') + AND (session_user_id = ".$userdata['user_id'].")"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error updating sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + else + { + // + // Update was success, send current time to cookie + // and return userdata + // + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + + return $userdata; + } // if (affectedrows) + + } // if (current_time) + + // + // We didn't need to update session + // so just return userdata + // + return $userdata; + + } // if (cookie session_id = DB session id) + + } // if session_id cookie set + + // + // If we reach here then we have a valid + // user_id set in the cookie but no + // active session. So, try and create + // new session (uses AUTOLOGON to determine + // if user should be logged back on automatically) + // + if(AUTOLOGON && isset($HTTP_COOKIE_VARS[$cookiename]['useridref'])) + { + if($HTTP_COOKIE_VARS[$cookiename]['useridref'] == $userdata['user_password']) + { + $autologon = 1; + $password = $userdata['user_password']; + $userdata['session_logged_in'] = 1; + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating ".$userdata['user_id']." session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + } + else + { + + // + // No userid cookie exists so we'll + // set up a new anonymous session + // + $result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating anonymous session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata['session_logged_in'] = 0; + } + + return $userdata; + +} // session_check() + +// +// session_end closes out a session +// deleting the corresponding entry +// in the sessions table +// +function session_end($session_id, $user_id) +{ + + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + + $current_time = time(); + + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE (session_user_id = $user_id) + AND (session_id = $session_id)"; + $result = $db->sql_query($sql, $db); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Couldn't delete user session : session_eng()", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", ""); + setcookie($cookiename."[sessionend]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + + return true; + +} // session_end() + +?> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 7b0e90bed6..2f89b1e8d6 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -22,7 +22,7 @@ ***************************************************************************/ include('extension.inc'); include('common.'.$phpEx); -include('functions/bbcode.'.$phpEx); +include('includes/bbcode.'.$phpEx); if(!isset($HTTP_GET_VARS['topic'])) // For backward compatibility { |