diff -crN phpbb2014/admin/admin_board.php phpbb2023/admin/admin_board.php *** phpbb2014/admin/admin_board.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_board.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.9 2004/11/18 17:49:33 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php 6772 2006-12-16 13:11:28Z acydburn $ * * ***************************************************************************/ *************** *** 16,22 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } --- 16,22 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = $file; return; } *************** *** 49,55 **** if ($config_name == 'cookie_name') { ! $cookie_name = str_replace('.', '_', $new['cookie_name']); } if( isset($HTTP_POST_VARS['submit']) ) --- 49,72 ---- if ($config_name == 'cookie_name') { ! $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']); ! } ! ! // Attempt to prevent a common mistake with this value, ! // http:// is the protocol and not part of the server name ! if ($config_name == 'server_name') ! { ! $new['server_name'] = str_replace('http://', '', $new['server_name']); ! } ! ! // Attempt to prevent a mistake with this value. ! if ($config_name == 'avatar_path') ! { ! $new['avatar_path'] = trim($new['avatar_path']); ! if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path'])) ! { ! $new['avatar_path'] = $default_config['avatar_path']; ! } } if( isset($HTTP_POST_VARS['submit']) ) *************** *** 100,105 **** --- 117,125 ---- $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + $allow_autologin_yes = ($new['allow_autologin']) ? 'checked="checked"' : ''; + $allow_autologin_no = (!$new['allow_autologin']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 165,170 **** --- 185,194 ---- "L_ADMIN" => $lang['Acc_Admin'], "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], + "L_ALLOW_AUTOLOGIN" => $lang['Allow_autologin'], + "L_ALLOW_AUTOLOGIN_EXPLAIN" => $lang['Allow_autologin_explain'], + "L_AUTOLOGIN_TIME" => $lang['Autologin_time'], + "L_AUTOLOGIN_TIME_EXPLAIN" => $lang['Autologin_time_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 184,189 **** --- 208,223 ---- "L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'], "L_FLOOD_INTERVAL" => $lang['Flood_Interval'], "L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], + "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'], + "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], + + 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'], + 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'], + 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'], + 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'], + 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'], + 'LOGIN_RESET_TIME' => $new['login_reset_time'], + "L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], "L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'], "L_TOPICS_PER_PAGE" => $lang['Topics_per_page'], *************** *** 254,264 **** "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], --- 288,301 ---- "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! 'ALLOW_AUTOLOGIN_YES' => $allow_autologin_yes, ! 'ALLOW_AUTOLOGIN_NO' => $allow_autologin_no, ! 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'], "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], + "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], diff -crN phpbb2014/admin/admin_db_utilities.php phpbb2023/admin/admin_db_utilities.php *** phpbb2014/admin/admin_db_utilities.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_db_utilities.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.11 2005/02/21 18:36:49 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php 5539 2006-02-10 20:35:40Z grahamje $ * ****************************************************************************/ *************** *** 499,507 **** while($row = $db->sql_fetchrow($result)) { ! unset($schema_vals); ! unset($schema_fields); ! unset($schema_insert); // // Build the SQL statement to recreate the data. // --- 499,507 ---- while($row = $db->sql_fetchrow($result)) { ! $schema_vals = ''; ! $schema_fields = ''; ! $schema_insert = ''; // // Build the SQL statement to recreate the data. // *************** *** 516,522 **** } elseif (eregi("date|timestamp", $aryType[$i])) { ! if ($empty($strVal)) { $strQuote = ""; } --- 516,522 ---- } elseif (eregi("date|timestamp", $aryType[$i])) { ! if (empty($strVal)) { $strQuote = ""; } *************** *** 693,699 **** include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 693,699 ---- include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); diff -crN phpbb2014/admin/admin_disallow.php phpbb2023/admin/admin_disallow.php *** phpbb2014/admin/admin_disallow.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_disallow.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php 5352 2005-12-18 13:57:51Z grahamje $ * * ***************************************************************************/ *************** *** 25,31 **** if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = append_sid($filename); return; } --- 25,31 ---- if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = $filename; return; } *************** *** 45,51 **** if ($disallowed_user == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { --- 45,51 ---- if ($disallowed_user == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { diff -crN phpbb2014/admin/admin_forum_prune.php phpbb2023/admin/admin_forum_prune.php *** phpbb2014/admin/admin_forum_prune.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_forum_prune.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.3 2002/12/18 14:14:07 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php 3207 2002-12-18 14:14:11Z psotfx $ * ****************************************************************************/ diff -crN phpbb2014/admin/admin_forumauth.php phpbb2023/admin/admin_forumauth.php *** phpbb2014/admin/admin_forumauth.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_forumauth.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.5 2004/03/25 15:57:19 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php 4876 2004-03-25 15:57:20Z acydburn $ * * ***************************************************************************/ diff -crN phpbb2014/admin/admin_forums.php phpbb2023/admin/admin_forums.php *** phpbb2014/admin/admin_forums.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_forums.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.11 2004/03/25 15:57:19 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php 6981 2007-02-10 12:14:24Z acydburn $ * ***************************************************************************/ *************** *** 39,46 **** $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_ALL, ! "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, --- 39,46 ---- $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_REG, ! "auth_reply" => AUTH_REG, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, *************** *** 233,238 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 625,631 **** $vote_ids = ''; do { ! $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id']; } while ($row = $db->sql_fetchrow($result)); --- 626,632 ---- $vote_ids = ''; do { ! $vote_ids .= (($vote_ids != '') ? ', ' : '') . $row['vote_id']; } while ($row = $db->sql_fetchrow($result)); *************** *** 1024,1027 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1025,1028 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2014/admin/admin_groups.php phpbb2023/admin/admin_groups.php *** phpbb2014/admin/admin_groups.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_groups.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php 5614 2006-03-09 19:42:41Z grahamje $ * * ***************************************************************************/ *************** *** 104,124 **** // // Ok, now we know everything about them, let's show the page. // ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id <> " . ANONYMOUS . " ! ORDER BY username"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! if ( $row['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $row['username']; } } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; --- 104,129 ---- // // Ok, now we know everything about them, let's show the page. // ! if ($group_info['group_moderator'] != '') { ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id = " . $group_info['group_moderator']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } + + $group_moderator = $row['username']; + } + else + { + $group_moderator = ''; } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; *************** *** 250,256 **** else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; --- 255,261 ---- else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; diff -crN phpbb2014/admin/admin_mass_email.php phpbb2023/admin/admin_mass_email.php *** phpbb2014/admin/admin_mass_email.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_mass_email.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.7 2003/05/03 23:24:01 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php 3966 2003-05-03 23:24:04Z acydburn $ * ****************************************************************************/ diff -crN phpbb2014/admin/admin_ranks.php phpbb2023/admin/admin_ranks.php *** phpbb2014/admin/admin_ranks.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_ranks.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php 8377 2008-02-10 12:52:05Z acydburn $ * ***************************************************************************/ *************** *** 19,43 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = "$file"; return; } // // Let's set the root dir for phpBB // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 19,52 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = $file; return; } + define('IN_PHPBB', 1); + // // Let's set the root dir for phpBB // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_ranks.$phpEx", true)); + } + if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 59,64 **** --- 68,75 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; if( $mode != "" ) { *************** *** 213,220 **** { $rank_id = 0; } ! if( $rank_id ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; --- 224,233 ---- { $rank_id = 0; } + + $confirm = isset($HTTP_POST_VARS['confirm']); ! if( $rank_id && $confirm ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; *************** *** 238,372 **** message_die(GENERAL_MESSAGE, $message); } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); ! } ! } ! else ! { ! // ! // They didn't feel like giving us any information. Oh, too bad, we'll just display the ! // list then... ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min, rank_title"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! ! $rank_rows = $db->sql_fetchrowset($result); ! $rank_count = count($rank_rows); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Special_rank'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for( $i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if($special_rank) ! { ! $rank_min = $rank_max = "-"; ! } ! ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "RANK_MIN" => $rank_min, ! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'], ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } } } ! else { ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! for($i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! ! if( $special_rank == 1 ) ! { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); ! } } $template->pparse("body"); --- 251,345 ---- message_die(GENERAL_MESSAGE, $message); } ! elseif( $rank_id && !$confirm) { ! // Present the confirmation screen to the user ! $template->set_filenames(array( ! 'body' => 'admin/confirm_body.tpl') ! ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'], ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ); } + else + { + message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); + } } + + $template->pparse("body"); + + include('./page_footer_admin.'.$phpEx); } ! ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for($i = 0; $i < $rank_count; $i++) ! { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if( $special_rank == 1 ) { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); } $template->pparse("body"); diff -crN phpbb2014/admin/admin_smilies.php phpbb2023/admin/admin_smilies.php *** phpbb2014/admin/admin_smilies.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_smilies.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.13 2004/03/25 15:57:20 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php 8377 2008-02-10 12:52:05Z acydburn $ * ****************************************************************************/ *************** *** 36,56 **** return; } // // Load default header // ! if( isset($HTTP_GET_VARS['export_pack']) ) { ! if ( $HTTP_GET_VARS['export_pack'] == "send" ) ! { ! $no_page_header = true; ! } } - $phpbb_root_path = "./../"; - require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); // // Check to see what mode we should operate in. // --- 36,62 ---- return; } + $phpbb_root_path = "./../"; + require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false; + $no_page_header = $cancel; + // // Load default header // ! if ((!empty($HTTP_GET_VARS['export_pack']) && $HTTP_GET_VARS['export_pack'] == 'send') || (!empty($_GET['export_pack']) && $_GET['export_pack'] == 'send')) { ! $no_page_header = true; } require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_smilies.$phpEx", true)); + } + // // Check to see what mode we should operate in. // *************** *** 316,332 **** $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! message_die(GENERAL_MESSAGE, $message); break; case 'edit': --- 322,364 ---- $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $confirm ) { ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) ! { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); ! } ! ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! ! message_die(GENERAL_MESSAGE, $message); } + else + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'], ! ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ! ); ! $template->pparse('body'); ! } break; case 'edit': *************** *** 402,416 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 434,451 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // *************** *** 444,457 **** // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 479,495 ---- // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // *************** *** 553,556 **** // include('./page_footer_admin.'.$phpEx); ! ?> --- 591,594 ---- // include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2014/admin/admin_styles.php phpbb2023/admin/admin_styles.php *** phpbb2014/admin/admin_styles.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_styles.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php 8377 2008-02-10 12:52:05Z acydburn $ * * ***************************************************************************/ *************** *** 27,33 **** $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = "$file"; $module['Styles']['Export'] = "$file?mode=export"; return; } --- 27,33 ---- $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = $file; $module['Styles']['Export'] = "$file?mode=export"; return; } *************** *** 41,50 **** $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; ! $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE; require('./pagestart.' . $phpEx); --- 41,50 ---- $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! $confirm = (isset($HTTP_POST_VARS['confirm']) || isset($_POST['confirm'])) ? TRUE : FALSE; ! $cancel = (isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel'])) ? TRUE : FALSE; ! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || !empty($_POST['send_file']) || $cancel) ? TRUE : FALSE; require('./pagestart.' . $phpEx); *************** *** 582,587 **** --- 582,588 ---- "L_SIMPLE_NAME" => $lang['Simple_name'], "L_VALUE" => $lang['Value'], "L_STYLESHEET" => $lang['Stylesheet'], + "L_STYLESHEET_EXPLAIN" => $lang['Stylesheet_explain'], "L_BACKGROUND_IMAGE" => $lang['Background_image'], "L_BACKGROUND_COLOR" => $lang['Background_color'], "L_BODY_TEXT_COLOR" => $lang['Text_color'], *************** *** 835,841 **** // Set template files // $template->set_filenames(array( ! "confirm" => "confirm_body.tpl") ); $template->assign_vars(array( --- 836,842 ---- // Set template files // $template->set_filenames(array( ! "confirm" => "admin/confirm_body.tpl") ); $template->assign_vars(array( diff -crN phpbb2014/admin/admin_ug_auth.php phpbb2023/admin/admin_ug_auth.php *** phpbb2014/admin/admin_ug_auth.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_ug_auth.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php 8378 2008-02-10 17:18:29Z acydburn $ * * ***************************************************************************/ *************** *** 231,241 **** else { ! $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false; if ( empty($adv) ) { ! $change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false; } else { --- 231,276 ---- else { ! $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : array(); if ( empty($adv) ) { ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); ! } ! ! $forum_access = $forum_auth_level_fields = array(); ! while( $row = $db->sql_fetchrow($result) ) ! { ! $forum_access[] = $row; ! } ! $db->sql_freeresult($result); ! ! for($i = 0; $i < count($forum_access); $i++) ! { ! $forum_id = $forum_access[$i]['forum_id']; ! ! for($j = 0; $j < count($forum_auth_fields); $j++) ! { ! $forum_auth_level_fields[$forum_id][$forum_auth_fields[$j]] = $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL; ! } ! } ! ! while( list($forum_id, $value) = @each($HTTP_POST_VARS['private']) ) ! { ! while( list($auth_field, $exists) = @each($forum_auth_level_fields[$forum_id]) ) ! { ! if ($exists) ! { ! $change_acl_list[$forum_id][$auth_field] = $value; ! } ! } ! } } else { *************** *** 251,259 **** } } ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 286,295 ---- } } ! $sql = 'SELECT f.* ! FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 288,298 **** $forum_id = $forum_access[$i]['forum_id']; if ( ! ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) || ! ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) ) ) { ! $update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod']; if ( !$update_mod_status[$forum_id] ) { --- 324,334 ---- $forum_id = $forum_access[$i]['forum_id']; if ( ! ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id] != $auth_access[$forum_id]['auth_mod'] ) || ! ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]) ) ) { ! $update_mod_status[$forum_id] = $change_mod_list[$forum_id]; if ( !$update_mod_status[$forum_id] ) { *************** *** 414,419 **** --- 450,456 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 508,513 **** --- 545,592 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 526,534 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 605,614 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 561,567 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 641,647 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 764,770 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 844,850 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 787,806 **** } } if( count($name) ) { - $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } ! else ! { ! $t_usergroup_list = $lang['None']; ! } $s_column_span = 2; // Two columns always present if( !$adv ) --- 867,892 ---- } } + $t_usergroup_list = $t_pending_list = ''; if( count($name) ) { for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } ! ! $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list; ! $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list; $s_column_span = 2; // Two columns always present if( !$adv ) *************** *** 857,863 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } --- 943,949 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } diff -crN phpbb2014/admin/admin_user_ban.php phpbb2023/admin/admin_user_ban.php *** phpbb2014/admin/admin_user_ban.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_user_ban.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php 5283 2005-10-30 15:17:14Z acydburn $ * * ***************************************************************************/ *************** *** 155,161 **** // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } diff -crN phpbb2014/admin/admin_users.php phpbb2023/admin/admin_users.php *** phpbb2014/admin/admin_users.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_users.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.26 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php 6981 2007-02-10 12:14:24Z acydburn $ * * ***************************************************************************/ *************** *** 71,77 **** message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g --- 71,77 ---- message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g *************** *** 86,92 **** $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { --- 86,92 ---- $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { *************** *** 109,138 **** message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); } ! $sql = "SELECT group_id ! FROM " . GROUPS_TABLE . " WHERE group_moderator = $user_id"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); ! } ! ! while ( $row_group = $db->sql_fetchrow($result) ) ! { ! $group_moderator[] = $row_group['group_id']; ! } ! ! if ( count($group_moderator) ) { ! $update_moderator_id = implode(', ', $group_moderator); ! ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " ! WHERE group_moderator IN ($update_moderator_id)"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); ! } } $sql = "DELETE FROM " . USERS_TABLE . " --- 109,120 ---- message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); } ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " WHERE group_moderator = $user_id"; ! if( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . USERS_TABLE . " *************** *** 177,182 **** --- 159,178 ---- message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); } + $sql = "DELETE FROM " . SESSIONS_TABLE . " + WHERE session_user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . " + WHERE user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql); + } + $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_from_userid = $user_id *************** *** 217,223 **** message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 213,219 ---- message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 247,259 **** $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; - $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; --- 243,255 ---- $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); + $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; *************** *** 293,299 **** if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } --- 289,295 ---- if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_category . '/' . $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } *************** *** 389,397 **** { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; --- 385,393 ---- { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; *************** *** 645,651 **** } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_local) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // --- 641,647 ---- } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // *************** *** 681,693 **** message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 677,695 ---- message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } + + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } $message .= $lang['Admin_user_updated']; } else { ! message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql); } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 822,828 **** { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . "/" . $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) --- 824,830 ---- { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) *************** *** 867,873 **** for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . "/" . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( --- 869,875 ---- for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( *************** *** 878,884 **** $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; --- 880,886 ---- $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; *************** *** 934,940 **** if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) --- 936,942 ---- if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) diff -crN phpbb2014/admin/admin_words.php phpbb2023/admin/admin_words.php *** phpbb2014/admin/admin_words.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/admin_words.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php 8377 2008-02-10 12:52:05Z acydburn $ * * ***************************************************************************/ *************** *** 20,44 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = "$file"; return; } // // Load default header // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 20,53 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = $file; return; } + define('IN_PHPBB', 1); + // // Load default header // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = (isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel'])) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_words.$phpEx", true)); + } + if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 60,65 **** --- 69,77 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; + if( $mode != "" ) { if( $mode == "edit" || $mode == "add" ) *************** *** 70,75 **** --- 82,88 ---- "body" => "admin/words_edit_body.tpl") ); + $word_info = array('word' => '', 'replacement' => ''); $s_hidden_fields = ''; if( $mode == "edit" ) *************** *** 94,101 **** } $template->assign_vars(array( ! "WORD" => $word_info['word'], ! "REPLACEMENT" => $word_info['replacement'], "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], --- 107,114 ---- } $template->assign_vars(array( ! "WORD" => htmlspecialchars($word_info['word']), ! "REPLACEMENT" => htmlspecialchars($word_info['replacement']), "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], *************** *** 158,164 **** $word_id = 0; } ! if( $word_id ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; --- 171,179 ---- $word_id = 0; } ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $word_id && $confirm ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; *************** *** 172,177 **** --- 187,212 ---- message_die(GENERAL_MESSAGE, $message); } + elseif( $word_id && !$confirm) + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); + + $hidden_fields = ''; + + $template->assign_vars(array( + 'MESSAGE_TITLE' => $lang['Confirm'], + 'MESSAGE_TEXT' => $lang['Confirm_delete_word'], + + 'L_YES' => $lang['Yes'], + 'L_NO' => $lang['No'], + + 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"), + 'S_HIDDEN_FIELDS' => $hidden_fields) + ); + } else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); *************** *** 193,198 **** --- 228,234 ---- } $word_rows = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); $word_count = count($word_rows); $template->assign_vars(array( *************** *** 221,228 **** $template->assign_block_vars("words", array( "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, ! "WORD" => $word, ! "REPLACEMENT" => $replacement, "U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&id=$word_id"), "U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&id=$word_id")) --- 257,264 ---- $template->assign_block_vars("words", array( "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, ! "WORD" => htmlspecialchars($word), ! "REPLACEMENT" => htmlspecialchars($replacement), "U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&id=$word_id"), "U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&id=$word_id")) diff -crN phpbb2014/admin/index.php phpbb2023/admin/index.php *** phpbb2014/admin/index.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/index.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.7 2005/02/21 18:37:02 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php 5318 2005-12-04 12:55:28Z grahamje $ * * ***************************************************************************/ *************** *** 60,66 **** { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include($file); } } --- 60,66 ---- { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include('./' . $file); } } *************** *** 234,242 **** $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; --- 234,242 ---- $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.|5\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; *************** *** 567,573 **** $errno = 0; $errstr = $version_info = ''; ! if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr)) { @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); @fputs($fsock, "HOST: www.phpbb.com\r\n"); --- 567,573 ---- $errno = 0; $errstr = $version_info = ''; ! if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr, 10)) { @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); @fputs($fsock, "HOST: www.phpbb.com\r\n"); *************** *** 602,608 **** else { $version_info = '

' . $lang['Version_not_up_to_date']; ! $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; } } else --- 602,608 ---- else { $version_info = '

' . $lang['Version_not_up_to_date']; ! $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . ' ' . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; } } else diff -crN phpbb2014/admin/page_footer_admin.php phpbb2023/admin/page_footer_admin.php *** phpbb2014/admin/page_footer_admin.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/page_footer_admin.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php 5214 2005-09-19 20:49:06Z grahamje $ * * ***************************************************************************/ *************** *** 25,30 **** --- 25,32 ---- die("Hacking attempt"); } + global $do_gzip_compress; + // // Show the overall footer. // *************** *** 34,40 **** $template->assign_vars(array( 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', ! 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); $template->pparse('page_footer'); --- 36,42 ---- $template->assign_vars(array( 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', ! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : '')) ); $template->pparse('page_footer'); diff -crN phpbb2014/admin/page_header_admin.php phpbb2023/admin/page_header_admin.php *** phpbb2014/admin/page_header_admin.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/page_header_admin.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php 5509 2006-01-29 21:19:02Z grahamje $ * * ***************************************************************************/ *************** *** 132,137 **** --- 132,149 ---- 'T_SPAN_CLASS3' => $theme['span_class3']) ); + // Work around for "current" Apache 2 + PHP module which seems to not + // cope with private cache control setting + if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) + { + header ('Cache-Control: no-cache, pre-check=0, post-check=0'); + } + else + { + header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); + } + header ('Expires: 0'); + header ('Pragma: no-cache'); $template->pparse('header'); diff -crN phpbb2014/admin/pagestart.php phpbb2023/admin/pagestart.php *** phpbb2014/admin/pagestart.php Mon Apr 18 21:43:30 2005 --- phpbb2023/admin/pagestart.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.7 2004/03/24 14:43:31 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php 5487 2006-01-22 17:11:09Z grahamje $ * * ***************************************************************************/ *************** *** 40,46 **** if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/", true)); } else if ($userdata['user_level'] != ADMIN) { --- 40,46 ---- if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } else if ($userdata['user_level'] != ADMIN) { *************** *** 49,64 **** if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); - $url = str_replace('//', '/', $url); - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; - redirect("index.$phpEx?sid=" . $userdata['session_id']); } if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are --- 49,62 ---- if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { redirect("index.$phpEx?sid=" . $userdata['session_id']); } + if (!$userdata['session_admin']) + { + redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); + } + if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are diff -crN phpbb2014/common.php phpbb2023/common.php *** phpbb2014/common.php Mon Apr 18 21:43:32 2005 --- phpbb2023/common.php Sun Feb 10 18:19:56 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php 5970 2006-05-26 17:46:59Z grahamje $ * ***************************************************************************/ *************** *** 28,37 **** error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) was contributed by Matt Kavanagh // PHP5 with register_long_arrays off? ! if (!isset($HTTP_POST_VARS) && isset($_POST)) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; --- 28,38 ---- error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) ! // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files // PHP5 with register_long_arrays off? ! if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; *************** *** 47,75 **** } } ! if (@phpversion() < '4.0.0') { ! // PHP3 path; in PHP3, globals are _always_ registered ! ! // We 'flip' the array of variables to test like this so that ! // we can validate later with isset($test[$var]) (no in_array()) ! $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); ! ! // Loop through each input array ! @reset($test); ! while (list($input,) = @each($test)) ! { ! while (list($var,) = @each($$input)) ! { ! // Validate the variable to be unset ! if (!isset($test[$var]) && $var != 'test' && $var != 'input') ! { ! unset($$var); ! } ! } ! } } ! else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); --- 48,66 ---- } } ! // Protect against GLOBALS tricks ! if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) { ! die("Hacking attempt"); } ! ! // Protect against HTTP_SESSION_VARS tricks ! if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) ! { ! die("Hacking attempt"); ! } ! ! if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); *************** *** 77,83 **** // Not only will array_merge give a warning if a parameter // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); } --- 68,74 ---- // Not only will array_merge give a warning if a parameter // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); } *************** *** 91,102 **** while (list($var,) = @each($input)) { ! if (!in_array($var, $not_unset)) { ! unset($$var); } } ! unset($input); } --- 82,94 ---- while (list($var,) = @each($input)) { ! if (in_array($var, $not_unset)) { ! die('Hacking attempt!'); } + unset($$var); } ! unset($input); } *************** *** 179,191 **** $images = array(); $lang = array(); $nav_links = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); exit; } --- 171,184 ---- $images = array(); $lang = array(); $nav_links = array(); + $dss_seeded = false; $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); exit; } *************** *** 196,201 **** --- 189,197 ---- include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); + // We do not need this any longer, unset for safety purposes + unset($dbpasswd); + // // Obtain and encode users IP // *************** *** 226,232 **** if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // --- 222,228 ---- if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); } // diff -crN phpbb2014/db/db2.php phpbb2023/db/db2.php *** phpbb2014/db/db2.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/db2.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db2.php,v 1.2 2002/01/28 17:24:45 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db2.php 1997 2002-01-28 17:25:58Z psotfx $ * ***************************************************************************/ diff -crN phpbb2014/db/msaccess.php phpbb2023/db/msaccess.php *** phpbb2014/db/msaccess.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/msaccess.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php,v 1.8.2.2 2002/09/28 12:50:59 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php 2906 2002-09-28 12:50:59Z psotfx $ * ***************************************************************************/ diff -crN phpbb2014/db/mssql-odbc.php phpbb2023/db/mssql-odbc.php *** phpbb2014/db/mssql-odbc.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/mssql-odbc.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mssql-odbc.php,v 1.7 2002/03/20 17:48:30 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mssql-odbc.php 2380 2002-03-20 17:48:30Z psotfx $ * ***************************************************************************/ diff -crN phpbb2014/db/mssql.php phpbb2023/db/mssql.php *** phpbb2014/db/mssql.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/mssql.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php 5615 2006-03-09 19:57:47Z grahamje $ * ***************************************************************************/ *************** *** 289,295 **** while( list($key, $value) = @each($row) ) { ! $row[$key] = stripslashes($value); } @reset($row); --- 289,295 ---- while( list($key, $value) = @each($row) ) { ! $row[$key] = ($value === ' ') ? '' : stripslashes($value); } @reset($row); *************** *** 317,323 **** { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = stripslashes($value); } $i++; } --- 317,323 ---- { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value); } $i++; } *************** *** 356,362 **** if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = stripslashes($this->row[$query_id][$field]); } } --- 356,362 ---- if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]); } } diff -crN phpbb2014/db/mysql.php phpbb2023/db/mysql.php *** phpbb2014/db/mysql.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/mysql.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php,v 1.16 2002/03/19 01:07:36 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php 5211 2005-09-18 16:17:21Z acydburn $ * ***************************************************************************/ *************** *** 259,265 **** { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][$field]; } else if($this->row[$query_id]) { --- 259,265 ---- { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][0][$field]; } else if($this->row[$query_id]) { diff -crN phpbb2014/db/mysql4.php phpbb2023/db/mysql4.php *** phpbb2014/db/mysql4.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/mysql4.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php,v 1.5 2002/04/02 21:13:47 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php 5211 2005-09-18 16:17:21Z acydburn $ * ***************************************************************************/ *************** *** 271,277 **** { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][$field]; } else if( $this->row[$query_id] ) { --- 271,277 ---- { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][0][$field]; } else if( $this->row[$query_id] ) { diff -crN phpbb2014/db/postgres7.php phpbb2023/db/postgres7.php *** phpbb2014/db/postgres7.php Mon Apr 18 21:43:30 2005 --- phpbb2023/db/postgres7.php Sun Feb 10 18:19:53 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.2 2005/04/15 20:53:10 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php 5142 2005-05-06 20:50:13Z acydburn $ * ***************************************************************************/ *************** *** 123,129 **** $this->num_queries++; $query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query); - $query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query); if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { --- 123,128 ---- diff -crN phpbb2014/extension.inc phpbb2023/extension.inc *** phpbb2014/extension.inc Mon Apr 18 21:43:32 2005 --- phpbb2023/extension.inc Sun Feb 10 18:19:56 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: extension.inc,v 1.5 2002/04/04 11:52:50 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: extension.inc 2480 2002-04-04 11:52:50Z psotfx $ * * ***************************************************************************/ diff -crN phpbb2014/faq.php phpbb2023/faq.php *** phpbb2014/faq.php Mon Apr 18 21:43:32 2005 --- phpbb2023/faq.php Sun Feb 10 18:19:56 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14.2.2 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php 4926 2004-07-11 16:46:20Z acydburn $ * * ***************************************************************************/ diff -crN phpbb2014/groupcp.php phpbb2023/groupcp.php *** phpbb2014/groupcp.php Mon Apr 18 21:43:32 2005 --- phpbb2023/groupcp.php Sun Feb 10 18:19:56 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.22 2004/11/18 17:49:34 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php 8357 2008-02-01 11:59:05Z Kellanved $ * * ***************************************************************************/ *************** *** 99,107 **** $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; return; } --- 99,107 ---- $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($row['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; return; } *************** *** 146,153 **** $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0; ! $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; // // Default var values --- 146,154 ---- $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0; ! $sid = ( isset($HTTP_POST_VARS['sid']) ) ? $HTTP_POST_VARS['sid'] : ''; $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; // // Default var values *************** *** 209,214 **** --- 210,219 ---- { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } + else if ( $sid !== $userdata['session_id'] ) + { + message_die(GENERAL_ERROR, $lang['Session_invalid']); + } $sql = "SELECT ug.user_id, g.group_type FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g *************** *** 220,226 **** message_die(GENERAL_ERROR, 'Could not obtain user and group information', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { if ( $row['group_type'] == GROUP_OPEN ) { --- 225,231 ---- message_die(GENERAL_ERROR, 'Could not obtain user and group information', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result)) { if ( $row['group_type'] == GROUP_OPEN ) { *************** *** 310,319 **** { redirect(append_sid("groupcp.$phpEx", true)); } ! elseif ( !$userdata['session_logged_in'] ) { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( $confirm ) { --- 315,329 ---- { redirect(append_sid("groupcp.$phpEx", true)); } ! else if ( !$userdata['session_logged_in'] ) { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } + else if ( $sid !== $userdata['session_id'] ) + { + message_die(GENERAL_ERROR, $lang['Session_invalid']); + } + if ( $confirm ) { *************** *** 337,343 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 347,353 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " *************** *** 362,367 **** --- 372,378 ---- $unsub_msg = ( isset($HTTP_POST_VARS['unsub']) ) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending']; $s_hidden_fields = ''; + $s_hidden_fields .= ''; $page_title = $lang['Group_Control_Panel']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); *************** *** 418,438 **** FROM " . AUTH_ACCESS_TABLE . " aa WHERE aa.group_id = g.group_id ) ! )"; break; case 'oracle': $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id"; break; } if ( !($result = $db->sql_query($sql)) ) --- 429,452 ---- FROM " . AUTH_ACCESS_TABLE . " aa WHERE aa.group_id = g.group_id ) ! ) ! ORDER BY auth_mod DESC"; break; case 'oracle': $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id ! ORDER BY aa.auth_mod DESC"; break; default: $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id ! ORDER BY aa.auth_mod DESC"; break; } if ( !($result = $db->sql_query($sql)) ) *************** *** 457,462 **** --- 471,480 ---- if ( !$userdata['session_logged_in'] ) { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); + } + else if ( $sid !== $userdata['session_id'] ) + { + message_die(GENERAL_ERROR, $lang['Session_invalid']); } if ( !$is_moderator ) *************** *** 897,903 **** generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); ! $s_hidden_fields .= ''; $template->assign_vars(array( 'L_GROUP_INFORMATION' => $lang['Group_Information'], --- 915,921 ---- generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); ! $s_hidden_fields .= ''; $template->assign_vars(array( 'L_GROUP_INFORMATION' => $lang['Group_Information'], *************** *** 1218,1223 **** --- 1236,1242 ---- // // Load and process templates // + $page_title = $lang['Group_Control_Panel']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( diff -crN phpbb2014/includes/auth.php phpbb2023/includes/auth.php *** phpbb2014/includes/auth.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/auth.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php 5604 2006-03-06 17:28:51Z grahamje $ * * ***************************************************************************/ *************** *** 234,239 **** --- 234,240 ---- { $value = $f_access[$k][$key]; $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); switch( $value ) { *************** *** 282,287 **** --- 283,289 ---- for($k = 0; $k < count($f_access); $k++) { $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; } diff -crN phpbb2014/includes/bbcode.php phpbb2023/includes/bbcode.php *** phpbb2014/includes/bbcode.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/bbcode.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.32 2004/07/11 16:46:19 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php 5589 2006-02-26 17:35:17Z grahamje $ * ***************************************************************************/ *************** *** 124,129 **** --- 124,131 ---- { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 194,216 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. --- 196,218 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. *************** *** 233,239 **** { // Unique ID for this message.. ! $uid = md5(mt_rand()); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; --- 235,241 ---- { // Unique ID for this message.. ! $uid = dss_rand(); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; *************** *** 250,256 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 387,401 **** // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); } } } --- 389,403 ---- // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 14)) { ! if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7); } } } *************** *** 430,436 **** // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! bbcode_array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found --- 432,438 ---- // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found *************** *** 452,458 **** // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = bbcode_array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); --- 454,460 ---- // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); *************** *** 518,524 **** // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; --- 520,526 ---- // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; *************** *** 614,619 **** --- 616,622 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. $ret = ' ' . $text; *************** *** 621,633 **** // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". --- 624,636 ---- // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". *************** *** 697,702 **** --- 700,706 ---- * This function does exactly what the PHP4 function array_push() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_push(&$stack, $value) { *************** *** 708,713 **** --- 712,718 ---- * This function does exactly what the PHP4 function array_pop() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_pop(&$stack) { *************** *** 758,764 **** for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } --- 763,769 ---- for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } diff -crN phpbb2014/includes/constants.php phpbb2023/includes/constants.php *** phpbb2014/includes/constants.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/constants.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.5 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php 5283 2005-10-30 15:17:14Z acydburn $ * * ***************************************************************************/ *************** *** 167,172 **** --- 167,173 ---- define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist'); define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch'); define('SESSIONS_TABLE', $table_prefix.'sessions'); + define('SESSIONS_KEYS_TABLE', $table_prefix.'sessions_keys'); define('SMILIES_TABLE', $table_prefix.'smilies'); define('THEMES_TABLE', $table_prefix.'themes'); define('THEMES_NAME_TABLE', $table_prefix.'themes_name'); diff -crN phpbb2014/includes/db.php phpbb2023/includes/db.php *** phpbb2014/includes/db.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/db.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php,v 1.10 2002/03/18 13:35:22 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php 5283 2005-10-30 15:17:14Z acydburn $ * * ***************************************************************************/ *************** *** 60,66 **** $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file --- 60,66 ---- $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file diff -crN phpbb2014/includes/emailer.php phpbb2023/includes/emailer.php *** phpbb2014/includes/emailer.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/emailer.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php 5261 2005-10-05 17:42:04Z grahamje $ ***************************************************************************/ *************** *** 164,170 **** if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 164,170 ---- if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 174,180 **** if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 174,180 ---- if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 261,267 **** $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } --- 261,267 ---- $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } diff -crN phpbb2014/includes/functions.php phpbb2023/includes/functions.php *** phpbb2014/includes/functions.php Mon Apr 18 21:43:30 2005 --- phpbb2023/includes/functions.php Sun Feb 10 18:19:54 2008 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.34 2005/02/21 18:37:33 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php 8377 2008-02-10 12:52:05Z acydburn $ * * ***************************************************************************/ *************** *** 78,89 **** function phpbb_clean_username($username) { $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); $username = str_replace("'", "\'", $username); return $username; } // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) function phpbb_rtrim($str, $charlist = false) { --- 78,118 ---- function phpbb_clean_username($username) { $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); $username = str_replace("'", "\'", $username); return $username; } + /** + * This function is a wrapper for ltrim, as charlist is only supported in php >= 4.1.0 + * Added in phpBB 2.0.18 + */ + function phpbb_ltrim($str, $charlist = false) + { + if ($charlist === false) + { + return ltrim($str); + } + + $php_version = explode('.', PHP_VERSION); + + // php version < 4.1.0 + if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) + { + while ($str{0} == $charlist) + { + $str = substr($str, 1); + } + } + else + { + $str = ltrim($str, $charlist); + } + + return $str; + } + // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) function phpbb_rtrim($str, $charlist = false) { *************** *** 110,115 **** --- 139,175 ---- return $str; } + /** + * Our own generator of random values + * This uses a constantly changing value as the base for generating the values + * The board wide setting is updated once per page if this code is called + * With thanks to Anthrax101 for the inspiration on this one + * Added in phpBB 2.0.20 + */ + function dss_rand() + { + global $db, $board_config, $dss_seeded; + + $val = $board_config['rand_seed'] . microtime(); + $val = md5($val); + $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); + + if($dss_seeded !== true) + { + $sql = "UPDATE " . CONFIG_TABLE . " SET + config_value = '" . $board_config['rand_seed'] . "' + WHERE config_name = 'rand_seed'"; + + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); + } + + $dss_seeded = true; + } + + return substr($val, 4, 16); + } // // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. // *************** *** 117,123 **** { global $db; ! if (intval($user) == 0 || $force_str) { $user = phpbb_clean_username($user); } --- 177,183 ---- { global $db; ! if (!is_numeric($user) || $force_str) { $user = phpbb_clean_username($user); } *************** *** 129,135 **** $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 189,195 ---- $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 249,262 **** function init_userprefs($userdata) { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path; global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { if ( !empty($userdata['user_lang'])) { ! $board_config['default_lang'] = $userdata['user_lang']; } if ( !empty($userdata['user_dateformat']) ) --- 309,322 ---- function init_userprefs($userdata) { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path, $db; global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { if ( !empty($userdata['user_lang'])) { ! $default_lang = phpbb_ltrim(basename(phpbb_rtrim($userdata['user_lang'])), "'"); } if ( !empty($userdata['user_dateformat']) ) *************** *** 269,279 **** $board_config['board_timezone'] = $userdata['user_timezone']; } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { ! $board_config['default_lang'] = 'english'; } include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); --- 329,388 ---- $board_config['board_timezone'] = $userdata['user_timezone']; } } + else + { + $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); + } + + if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) + { + if ( $userdata['user_id'] != ANONYMOUS ) + { + // For logged in users, try the board default language next + $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); + } + else + { + // For guests it means the default language is not present, try english + // This is a long shot since it means serious errors in the setup to reach here, + // but english is part of a new install so it's worth us trying + $default_lang = 'english'; + } + + if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) + { + message_die(CRITICAL_ERROR, 'Could not locate valid language pack'); + } + } ! // If we've had to change the value in any way then let's write it back to the database ! // before we go any further since it means there is something wrong with it ! if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang ) { ! $sql = 'UPDATE ' . USERS_TABLE . " ! SET user_lang = '" . $default_lang . "' ! WHERE user_lang = '" . $userdata['user_lang'] . "'"; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user language info'); ! } ! ! $userdata['user_lang'] = $default_lang; } + elseif ( $userdata['user_id'] == ANONYMOUS && $board_config['default_lang'] !== $default_lang ) + { + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $default_lang . "' + WHERE config_name = 'default_lang'"; + + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Could not update user language info'); + } + } + + $board_config['default_lang'] = $default_lang; include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); *************** *** 333,341 **** { global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = "SELECT * ! FROM " . THEMES_TABLE . " ! WHERE themes_id = $style"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not query database for theme info'); --- 442,450 ---- { global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $style; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not query database for theme info'); *************** *** 343,349 **** if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } $template_path = 'templates/' ; --- 452,491 ---- if ( !($row = $db->sql_fetchrow($result)) ) { ! // We are trying to setup a style which does not exist in the database ! // Try to fallback to the board default (if the user had a custom style) ! // and then any users using this style to the default if it succeeds ! if ( $style != $board_config['default_style']) ! { ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $board_config['default_style']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not query database for theme info'); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! $db->sql_freeresult($result); ! ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_style = ' . (int) $board_config['default_style'] . " ! WHERE user_style = $style"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user theme info'); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } } $template_path = 'templates/' ; *************** *** 539,545 **** { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); --- 681,687 ---- { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); *************** *** 578,584 **** die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define(HAS_DIED, 1); $sql_store = $sql; --- 720,726 ---- die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define('HAS_DIED', 1); $sql_store = $sql; *************** *** 605,611 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } --- 747,753 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 632,642 **** } } ! if ( empty($template) ) ! { ! $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); ! } ! if ( empty($theme) ) { $theme = setup_style($board_config['default_style']); } --- 774,780 ---- } } ! if ( empty($template) || empty($theme) ) { $theme = setup_style($board_config['default_style']); } *************** *** 779,785 **** $db->sql_close(); } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } --- 917,923 ---- $db->sql_close(); } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } diff -crN phpbb2014/includes/functions_admin.php phpbb2023/includes