diff options
Diffstat (limited to 'phpBB')
30 files changed, 223 insertions, 53 deletions
diff --git a/phpBB/adm/style/admin.css b/phpBB/adm/style/admin.css index 2daa161395..ee0977e51b 100644 --- a/phpBB/adm/style/admin.css +++ b/phpBB/adm/style/admin.css @@ -321,6 +321,7 @@ th { color: #FFA34F; font-weight: bold; background: #006699 url("../images/cellpic3.gif") 0 0 repeat-x; + white-space: nowrap; } td { diff --git a/phpBB/adm/style/overall_header.html b/phpBB/adm/style/overall_header.html index d5b3ff5f7e..fa05f19725 100644 --- a/phpBB/adm/style/overall_header.html +++ b/phpBB/adm/style/overall_header.html @@ -93,7 +93,7 @@ function trace(link) function find_username() { <!-- IF UA_FIND_USERNAME --> - window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); + window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760'); <!-- ENDIF --> return false; } diff --git a/phpBB/adm/style/simple_header.html b/phpBB/adm/style/simple_header.html index d555bc1443..c0db2c0cc6 100644 --- a/phpBB/adm/style/simple_header.html +++ b/phpBB/adm/style/simple_header.html @@ -79,7 +79,7 @@ function marklist(id, name, state) function find_username() { <!-- IF UA_FIND_USERNAME --> - window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); + window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760'); <!-- ENDIF --> return false; } diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index cc657f7829..3b51a15bd4 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -1488,6 +1488,7 @@ function get_schema_struct() 'session_time' => array('TIMESTAMP', 0), 'session_ip' => array('VCHAR:40', ''), 'session_browser' => array('VCHAR:150', ''), + 'session_forwarded_for' => array('VCHAR:255', ''), 'session_page' => array('VCHAR_UNI', ''), 'session_viewonline' => array('BOOL', 1), 'session_autologin' => array('BOOL', 0), diff --git a/phpBB/develop/ip_regex.php b/phpBB/develop/ip_regex.php new file mode 100644 index 0000000000..4e7aaf0156 --- /dev/null +++ b/phpBB/develop/ip_regex.php @@ -0,0 +1,37 @@ +<?php +$dec_octet = '(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])'; +$h16 = '[\dA-F]{1,4}'; +$ipv4 = "(?:$dec_octet\.){3}$dec_octet"; +$ls32 = "(?:$h16:$h16|$ipv4)"; + +$ipv6_construct = array( + array(false, '', '{6}', $ls32), + array(false, '::', '{5}', $ls32), + array('', ':', '{4}', $ls32), + array('{1,2}', ':', '{3}', $ls32), + array('{1,3}', ':', '{2}', $ls32), + array('{1,4}', ':', '', $ls32), + array('{1,5}', ':', false, $ls32), + array('{1,6}', ':', false, $h16), + array('{1,7}', ':', false, '') +); + +$ipv6 = '(?:'; +foreach ($ipv6_construct as $ip_type) +{ + $ipv6 .= '(?:'; + if ($ip_type[0] !== false) + { + $ipv6 .= "(?:$h16:)" . $ip_type[0]; + } + $ipv6 .= $ip_type[1]; + if ($ip_type[2] !== false) + { + $ipv6 .= "(?:$h16:)" . $ip_type[2]; + } + $ipv6 .= $ip_type[3] . ')|'; +} +$ipv6 = substr($ipv6, 0, -1) . ')'; + +echo 'IPv4: ' . $ipv4 . "<br />\nIPv6: " . $ipv6; +?>
\ No newline at end of file diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index f858da6a16..342ec34e29 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -17,7 +17,7 @@ class acp_search var $state; var $search; var $max_post_id; - var $batch_size = 4000; + var $batch_size = 5000; function main($id, $mode) { @@ -320,6 +320,16 @@ class acp_search } else { + $sql = 'SELECT forum_id, enable_indexing + FROM ' . FORUMS_TABLE; + $result = $db->sql_query($sql, 3600); + + while ($row = $db->sql_fetchrow($result)) + { + $forums[$row['forum_id']] = (bool) $row['enable_indexing']; + } + $db->sql_freeresult($result); + $sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id FROM ' . POSTS_TABLE . ' WHERE post_id >= ' . (int) ($post_counter + 1) . ' @@ -328,7 +338,10 @@ class acp_search while ($row = $db->sql_fetchrow($result)) { - $this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']); + if ($forums[$row['forum_id']]) + { + $this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']); + } } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index a1937b592f..34dbd4c7ff 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1121,7 +1121,7 @@ pagination_sep = \'{PAGINATION_SEP}\' $s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units; $template->assign_vars(array( - strtoupper($var) => $value, + strtoupper($var) => htmlspecialchars($value), 'S_' . strtoupper($var) . '_UNITS' => $s_units) ); break; @@ -1162,7 +1162,7 @@ pagination_sep = \'{PAGINATION_SEP}\' default: $template->assign_vars(array( - strtoupper($var) => $value) + strtoupper($var) => htmlspecialchars($value)) ); } } @@ -1226,7 +1226,7 @@ pagination_sep = \'{PAGINATION_SEP}\' break; default: - $value = request_var($var, ''); + $value = htmlspecialchars_decode(request_var($var, '')); } // use the element mapping to create raw css code diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 8241db1c4f..365361a364 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -34,6 +34,14 @@ function init_ldap() @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, ldap_escape(htmlspecialchars_decode($config['ldap_user'])), htmlspecialchars_decode($config['ldap_password']))) + { + return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; + } + } + // ldap_connect only checks whether the specified server is valid, so the connection might still fail $search = @ldap_search( $ldap, @@ -95,6 +103,14 @@ function login_ldap(&$username, &$password) @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + if ($config['ldap_user'] || $config['ldap_password']) + { + if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password']))) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + } + $search = @ldap_search( $ldap, $config['ldap_base_dn'], @@ -222,6 +238,14 @@ function acp_ldap(&$new) <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> </dl> <dl> + <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> + </dl> + <dl> + <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> + <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd> + </dl> + <dl> <dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> </dl> @@ -238,7 +262,7 @@ function acp_ldap(&$new) // These are fields required in the config table return array( 'tpl' => $tpl, - 'config' => array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email') + 'config' => array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email') ); } diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index d77d2fda60..3411369d79 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -80,7 +80,7 @@ function mcp_front_view($id, $mode, $action) } $template->assign_block_vars('unapproved', array( - 'U_POST_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $row['forum_id'] . '&p=' . $row['post_id']), + 'U_POST_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $row['forum_id'] . '&p=' . $row['post_id']), 'U_MCP_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=forum_view&f=' . $row['forum_id']) : '', 'U_MCP_TOPIC' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&f=' . $row['forum_id'] . '&t=' . $row['topic_id']), 'U_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', @@ -88,6 +88,7 @@ function mcp_front_view($id, $mode, $action) 'U_AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']), 'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'], + 'POST_ID' => $row['post_id'], 'TOPIC_TITLE' => $row['topic_title'], 'AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? (($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']) : $row['username'], 'SUBJECT' => ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'], @@ -97,6 +98,10 @@ function mcp_front_view($id, $mode, $action) $db->sql_freeresult($result); } + $template->assign_vars(array( + 'S_MCP_QUEUE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue"), + )); + if ($total == 0) { $template->assign_vars(array( diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index 8a102a321d..598299e316 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -49,16 +49,7 @@ class fulltext_mysql extends search_backend { global $db, $user; - if (strpos($db->sql_layer, 'mysql') === false) - { - return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION']; - } - - $result = $db->sql_query('SELECT VERSION() AS mysql_version'); - $version = $db->sql_fetchfield('mysql_version'); - $db->sql_freeresult($result); - - if (!preg_match('#^4|5|6#s', $version)) + if ($db->sql_layer != 'mysql4' && $db->sql_layer != 'mysqli') { return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION']; } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 676b2c9518..523e259618 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -18,9 +18,11 @@ class session var $page = array(); var $data = array(); var $browser = ''; + var $forwarded_for = ''; var $host = ''; var $session_id = ''; var $ip = ''; + var $ips = array(); var $load = 0; var $time_now = 0; var $update_session_page = true; @@ -145,9 +147,40 @@ class session $this->cookie_data = array('u' => 0, 'k' => ''); $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? (string) $_SERVER['HTTP_USER_AGENT'] : ''; + $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; $this->page = $this->extract_current_page($phpbb_root_path); + // if the forwarded for header shall be checked we have to validate its contents + if ($config['forwarded_for_check']) + { + $this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for); + + // Whoa these look impressive! + // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses + // can be found in the develop directory + $ipv4 = '#^(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])$#'; + $ipv6 = '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#'; + + // split the list of IPs + $ips = explode(', ', $this->forwarded_for); + foreach ($ips as $ip) + { + // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly + if (!preg_match("#^$ipv4$#", $this->forwarded_for) && !preg_match("#^$ipv6$#", $this->forwarded_for)) + { + if (!defined('DEBUG_EXTRA')) + { + trigger_error('Hacking attempt!'); + } + else + { + trigger_error('Invalid HTTP_X_FORWARDED_FOR header detected: ' . htmlspecialchars($this->forwarded_for)); + } + } + } + } + // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; @@ -216,7 +249,10 @@ class session $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; - if ($u_ip === $s_ip && $s_browser === $u_browser) + $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['forwarded_for'], 0, 254) : ''; + $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) { $session_expired = false; @@ -278,7 +314,7 @@ class session // Added logging temporarly to help debug bugs... if (defined('DEBUG_EXTRA')) { - add_log('critical', 'LOG_IP_BROWSER_CHECK', $u_ip, $s_ip, $u_browser, $s_browser); + add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, $u_forwarded, $s_forwarded); } } } @@ -447,7 +483,16 @@ class session // Is user banned? Are they excluded? Won't return on ban, exists within method if ($this->data['user_type'] != USER_FOUNDER) { - $this->check_ban($this->data['user_id'], $this->ip); + if (!$config['forwarded_for_check']) + { + $this->check_ban($this->data['user_id'], $this->ip); + } + else + { + $ips = explode(', ', $this->forwarded_for); + $ips[] = $this->ip; + $this->check_ban($this->data['user_id'], $ips); + } } $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; @@ -456,14 +501,17 @@ class session // If our friend is a bot, we re-assign a previously assigned session if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id']) { - // Only assign the current session if the ip and browser match... + // Only assign the current session if the ip, browser and forwarded_for match... $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; - if ($u_ip === $s_ip && $s_browser === $u_browser) + $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; + $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) { $this->session_id = $this->data['session_id']; @@ -512,6 +560,7 @@ class session 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, 'session_browser' => (string) $this->browser, + 'session_forwarded_for' => (string) $this->forwarded_for, 'session_ip' => (string) $this->ip, 'session_autologin' => ($session_autologin) ? 1 : 0, 'session_admin' => ($set_admin) ? 1 : 0, @@ -580,6 +629,14 @@ class session } else { + $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; + + // Update the last visit time + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . (int) $this->data['session_time'] . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); + $SID = '?sid='; $_SID = ''; } @@ -757,8 +814,10 @@ class session * are passed to the method pre-existing session data is used. If $return is false * this routine does not return on finding a banned user, it outputs a relevant * message and stops execution. + * + * @param string|array $user_ips Can contain a string with one IP or an array of multiple IPs */ - function check_ban($user_id = false, $user_ip = false, $user_email = false, $return = false) + function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false) { global $config, $db; @@ -774,14 +833,14 @@ class session $sql .= " AND ban_email = ''"; } - if ($user_ip === false) + if ($user_ips === false) { - $sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))"; + $sql .= " AND (ban_ip = '' OR ban_exclude = 1)"; } if ($user_id === false) { - $sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))'; + $sql .= ' AND (ban_userid = 0 OR ban_exclude = 1)'; } else { @@ -792,7 +851,7 @@ class session $sql .= " OR ban_email <> ''"; } - if ($user_ip !== false) + if ($user_ips !== false) { $sql .= " OR ban_ip <> ''"; } @@ -806,7 +865,7 @@ class session while ($row = $db->sql_fetchrow($result)) { if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) || - (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip)) || + (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips)) || (!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $user_email))) { if (!empty($row['ban_exclude'])) @@ -823,7 +882,7 @@ class session { $ban_triggered_by = 'user'; } - else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip)) + else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips)) { $ban_triggered_by = 'ip'; } @@ -1253,7 +1312,7 @@ class user extends session // Is load exceeded? if ($config['limit_load'] && $this->load !== false) { - if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_gets('a_', 'm_')) + if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { trigger_error('BOARD_UNAVAILABLE'); } diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 6764dd9d43..2ddd5766d4 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -468,7 +468,7 @@ function get_user_information($user_id, $user_row) if (!empty($user_row['user_allow_viewemail']) || $auth->acl_get('a_email')) { - $user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&u=$user_id") : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $user_row['user_email']); + $user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&u=$user_id") : ((($config['board_hide_emails'] && !$auth->acl_get('a_email')) || empty($user_row['user_email'])) ? '' : 'mailto:' . $user_row['user_email']); } else { diff --git a/phpBB/index.php b/phpBB/index.php index 59e51bac49..83d8dbdac0 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -61,7 +61,7 @@ $db->sql_freeresult($result); $birthday_list = ''; if ($config['load_birthdays']) { - $now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600); + $now = getdate(time() + $user->timezone + $user->dst - date('Z')); $sql = 'SELECT user_id, username, user_colour, user_birthday FROM ' . USERS_TABLE . " WHERE user_birthday LIKE '" . $db->sql_escape(sprintf('%2d-%2d-', $now['mday'], $now['mon'])) . "%' diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index e9d429f45c..389008f393 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -314,7 +314,10 @@ $database_update_info = array( // Add the following columns 'add_columns' => array( CONFIRM_TABLE => array( - 'seed' => array('UINT:10', 0), + 'seed' => array('UINT:10', 0), + ), + SESSIONS_TABLE => array( + 'session_forwarded_for' => array('VCHAR:255', 0), ), ), ), diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index e983744fb7..0f01640a85 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -961,6 +961,7 @@ CREATE TABLE phpbb_sessions ( session_time INTEGER DEFAULT 0 NOT NULL, session_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL, session_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL, + session_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL, session_page VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, session_viewonline INTEGER DEFAULT 1 NOT NULL, session_autologin INTEGER DEFAULT 0 NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 9e0e90d48c..888f66f472 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1141,6 +1141,7 @@ CREATE TABLE [phpbb_sessions] ( [session_time] [int] DEFAULT (0) NOT NULL , [session_ip] [varchar] (40) DEFAULT ('') NOT NULL , [session_browser] [varchar] (150) DEFAULT ('') NOT NULL , + [session_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL , [session_page] [varchar] (255) DEFAULT ('') NOT NULL , [session_viewonline] [int] DEFAULT (1) NOT NULL , [session_autologin] [int] DEFAULT (0) NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index 635faf81a5..27d36edd12 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions ( session_time int(11) UNSIGNED DEFAULT '0' NOT NULL, session_ip varchar(40) DEFAULT '' NOT NULL, session_browser varchar(150) DEFAULT '' NOT NULL, + session_forwarded_for varchar(255) DEFAULT '' NOT NULL, session_page text NOT NULL, session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index 99e16ac4c8..4b6d4b008b 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions ( session_time int(11) UNSIGNED DEFAULT '0' NOT NULL, session_ip varchar(40) DEFAULT '' NOT NULL, session_browser varchar(150) DEFAULT '' NOT NULL, + session_forwarded_for varchar(255) DEFAULT '' NOT NULL, session_page varchar(255) DEFAULT '' NOT NULL, session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index c267fff059..7a5f05c274 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1280,6 +1280,7 @@ CREATE TABLE phpbb_sessions ( session_time number(11) DEFAULT '0' NOT NULL, session_ip varchar2(40) DEFAULT '' , session_browser varchar2(150) DEFAULT '' , + session_forwarded_for varchar2(255) DEFAULT '' , session_page varchar2(765) DEFAULT '' , session_viewonline number(1) DEFAULT '1' NOT NULL, session_autologin number(1) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 206dff3b2e..5eb8775adf 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -876,6 +876,7 @@ CREATE TABLE phpbb_sessions ( session_time INT4 DEFAULT '0' NOT NULL CHECK (session_time >= 0), session_ip varchar(40) DEFAULT '' NOT NULL, session_browser varchar(150) DEFAULT '' NOT NULL, + session_forwarded_for varchar(255) DEFAULT '' NOT NULL, session_page varchar(255) DEFAULT '' NOT NULL, session_viewonline INT2 DEFAULT '1' NOT NULL CHECK (session_viewonline >= 0), session_autologin INT2 DEFAULT '0' NOT NULL CHECK (session_autologin >= 0), diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index ea85966656..d4c72a2989 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -86,6 +86,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confir INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('forward_pm', '1'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('forwarded_for_check', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('full_folder_action', '2'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_max_word_len', '254'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_min_word_len', '4'); @@ -114,8 +115,10 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_resource', '') INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_username', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_email', ''); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_password', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_server', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', ''); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_user', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_load', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_search_load', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_anon_lastread', '0'); diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index ba86abe6e4..9ddbb6bb8b 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -640,6 +640,7 @@ CREATE TABLE phpbb_sessions ( session_time INTEGER UNSIGNED NOT NULL DEFAULT '0', session_ip varchar(40) NOT NULL DEFAULT '', session_browser varchar(150) NOT NULL DEFAULT '', + session_forwarded_for varchar(255) NOT NULL DEFAULT '', session_page varchar(255) NOT NULL DEFAULT '', session_viewonline INTEGER UNSIGNED NOT NULL DEFAULT '1', session_autologin INTEGER UNSIGNED NOT NULL DEFAULT '0', diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index e34c65bf90..cfce514ebf 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -281,16 +281,21 @@ $lang = array_merge($lang, array( 'APACHE_SETUP_BEFORE_USE' => 'You have to setup apache authentication before you switch phpBB to this authentication method. Keep in mind that the username you use for apache authentication has to be the same as your phpBB username.', - 'LDAP_DN' => 'LDAP base <var>dn</var>', - 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. <samp>o=My Company,c=US</samp>', - 'LDAP_EMAIL' => 'LDAP email attribute', - 'LDAP_EMAIL_EXPLAIN' => 'Set this to the name of your user entry email attribute (if one exists) in order to automatically set the email address for new users. Leaving this empty results in empty email address for users who log in for the first time.', - 'LDAP_NO_EMAIL' => 'The specified email attribute does not exist.', - 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s', - 'LDAP_SERVER' => 'LDAP server name', - 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', - 'LDAP_UID' => 'LDAP <var>uid</var>', - 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.', + 'LDAP_DN' => 'LDAP base <var>dn</var>', + 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. <samp>o=My Company,c=US</samp>', + 'LDAP_EMAIL' => 'LDAP email attribute', + 'LDAP_EMAIL_EXPLAIN' => 'Set this to the name of your user entry email attribute (if one exists) in order to automatically set the email address for new users. Leaving this empty results in empty email address for users who log in for the first time.', + 'LDAP_INCORRECT_USER_PASSWORD' => 'Binding to LDAP server failed with specified user/password.', + 'LDAP_NO_EMAIL' => 'The specified email attribute does not exist.', + 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s', + 'LDAP_PASSWORD' => 'LDAP password', + 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.', + 'LDAP_SERVER' => 'LDAP server name', + 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', + 'LDAP_UID' => 'LDAP <var>uid</var>', + 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.', + 'LDAP_USER' => 'LDAP user', + 'LDAP_USER_EXPLAIN' => 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.', )); // Server Settings diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php index 096efc9c52..7253334bd3 100644 --- a/phpBB/language/en/acp/common.php +++ b/phpBB/language/en/acp/common.php @@ -510,7 +510,7 @@ $lang = array_merge($lang, array( 'LOG_INSTALL_CONVERTED' => '<strong>Converted from %1$s to phpBB %2$s</strong>', 'LOG_INSTALL_INSTALLED' => '<strong>Installed phpBB %s</strong>', - 'LOG_IP_BROWSER_CHECK' => '<strong>Session IP/browser check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>" and user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>".', + 'LOG_IP_BROWSER_FORWARDED_CHECK' => '<strong>Session IP/browser/X_FORWARDED_FOR check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>", user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>" and user X_FORWARDED_FOR string "<em>%5$s</em>" checked against session X_FORWARDED_FOR string "<em>%6$s</em>".', 'LOG_JAB_CHANGED' => '<strong>Jabber account changed</strong>', 'LOG_JAB_PASSCHG' => '<strong>Jabber password changed</strong>', diff --git a/phpBB/language/en/acp/language.php b/phpBB/language/en/acp/language.php index acfc45e916..1707fbaa3c 100644 --- a/phpBB/language/en/acp/language.php +++ b/phpBB/language/en/acp/language.php @@ -58,7 +58,7 @@ $lang = array_merge($lang, array( 'LANGUAGE_PACK_LOCALNAME' => 'Local name', 'LANGUAGE_PACK_NAME' => 'Name', 'LANGUAGE_PACK_NOT_EXIST' => 'The selected language pack does not exist.', - 'LANGUAGE_PACK_USED_BY' => 'Used by', + 'LANGUAGE_PACK_USED_BY' => 'Used by (including robots)', 'LANGUAGE_VARIABLE' => 'Language Variable', 'LANG_AUTHOR' => 'Language Pack Author', 'LANG_ENGLISH_NAME' => 'English name', diff --git a/phpBB/language/en/acp/styles.php b/phpBB/language/en/acp/styles.php index 27ecbdb261..4456325bd3 100644 --- a/phpBB/language/en/acp/styles.php +++ b/phpBB/language/en/acp/styles.php @@ -354,7 +354,7 @@ $lang = array_merge($lang, array( 'STYLE_NAME' => 'Style name', 'STYLE_TEMPLATE' => 'Template', 'STYLE_THEME' => 'Theme', - 'STYLE_USED_BY' => 'Used by', + 'STYLE_USED_BY' => 'Used by (including robots)', 'TEMPLATE_ADDED' => 'Template set added and stored on filesystem.', 'TEMPLATE_ADDED_DB' => 'Template set added and stored in database.', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index f7efa43691..b06fbea482 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1425,7 +1425,7 @@ function show_profile($data) if ($bday_year) { - $now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600); + $now = getdate(time() + $user->timezone + $user->dst - date('Z')); $diff = $now['mon'] - $bday_month; if ($diff == 0) diff --git a/phpBB/search.php b/phpBB/search.php index ef3fa572c0..e8898141c0 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -960,6 +960,12 @@ while ($row = $db->sql_fetchrow($result)) $holding = ''; } } + +if ($holding) +{ + $s_forums .= $holding; +} + $db->sql_freeresult($result); unset($pad_store); diff --git a/phpBB/styles/subSilver/template/mcp_front.html b/phpBB/styles/subSilver/template/mcp_front.html index 41fbb19a3a..3404663a1c 100644 --- a/phpBB/styles/subSilver/template/mcp_front.html +++ b/phpBB/styles/subSilver/template/mcp_front.html @@ -1,9 +1,11 @@ <!-- INCLUDE mcp_header.html --> <!-- IF S_SHOW_UNAPPROVED --> + <form name="mcp_queue" method="post" action="{S_MCP_QUEUE_ACTION}"> + <table class="tablebg" width="100%" cellspacing="1"> <tr> - <td class="row3" colspan="5" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td> + <td class="row3" colspan="6" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td> </tr> <tr> <th> {L_FORUM} </th> @@ -11,6 +13,7 @@ <th> {L_SUBJECT} </th> <th> {L_AUTHOR} </th> <th> {L_POST_TIME} </th> + <th width="5%"> {L_SELECT} </th> </tr> <!-- BEGIN unapproved --> <tr> @@ -19,17 +22,29 @@ <td class="row1" valign="top"><span class="gen">{unapproved.SUBJECT}</span><br /><span class="gensmall">[ <a href="{unapproved.U_POST_DETAILS}">{L_VIEW_DETAILS}</a> ]</span></td> <td class="row2" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gen"><!-- IF unapproved.U_AUTHOR --><a href="{unapproved.U_AUTHOR}">{unapproved.AUTHOR}</a><!-- ELSE -->{unapproved.AUTHOR}<!-- ENDIF --></span></td> <td class="row1" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gensmall">{unapproved.POST_TIME}</span></td> + <td class="row2" align="center"><input type="checkbox" class="radio" name="post_id_list[]" value="{unapproved.POST_ID}" /></td> </tr> <!-- BEGINELSE --> <tr> - <td class="row1" colspan="5" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td> + <td class="row1" colspan="6" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td> </tr> <!-- END unapproved --> <!-- IF S_HAS_UNAPPROVED_POSTS --> <tr> - <td class="row3" colspan="5"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td> + <td class="row3" colspan="6"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td> </tr> <!-- ENDIF --> + <tr> + <td class="cat" colspan="6" align="center"><input class="btnmain" type="submit" name="action[approve]" value="{L_APPROVE}" /> <input class="btnlite" type="submit" name="action[disapprove]" value="{L_DISAPPROVE}" /></td> + </tr> + </table> + + </form> + + <table width="100%" cellspacing="2" cellpadding="2" border="0" align="center"> + <tr> + <td align="right" valign="top" nowrap="nowrap"><b class="gensmall"><a href="#" onclick="marklist('mcp_queue', '', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('mcp_queue', '', false); return false;">{L_UNMARK_ALL}</a></b></td> + </tr> </table> <br clear="all" /><br /> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index d7ef0697c1..524fad6909 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -880,7 +880,7 @@ $sql = $db->sql_build_query('SELECT', array( $result = $db->sql_query($sql); -$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600); +$now = getdate(time() + $user->timezone + $user->dst - date('Z')); // Posts are stored in the $rowset array while $attach_list, $user_cache // and the global bbcode_bitfield are built |