diff -crN phpbb204/admin/admin_board.php phpbb2023/admin/admin_board.php
*** phpbb204/admin/admin_board.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_board.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php,v 1.51.2.3 2002/12/19 17:17:39 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php 6772 2006-12-16 13:11:28Z acydburn $
*
*
***************************************************************************/
***************
*** 16,22 ****
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Configuration'] = "$file?mode=config";
return;
}
--- 16,22 ----
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Configuration'] = $file;
return;
}
***************
*** 43,55 ****
{
$config_name = $row['config_name'];
$config_value = $row['config_value'];
! $default_config[$config_name] = $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
if ($config_name == 'cookie_name')
{
! $cookie_name = str_replace('.', '_', $new['cookie_name']);
}
if( isset($HTTP_POST_VARS['submit']) )
--- 43,72 ----
{
$config_name = $row['config_name'];
$config_value = $row['config_value'];
! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
if ($config_name == 'cookie_name')
{
! $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
! }
!
! // Attempt to prevent a common mistake with this value,
! // http:// is the protocol and not part of the server name
! if ($config_name == 'server_name')
! {
! $new['server_name'] = str_replace('http://', '', $new['server_name']);
! }
!
! // Attempt to prevent a mistake with this value.
! if ($config_name == 'avatar_path')
! {
! $new['avatar_path'] = trim($new['avatar_path']);
! if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path']))
! {
! $new['avatar_path'] = $default_config['avatar_path'];
! }
}
if( isset($HTTP_POST_VARS['submit']) )
***************
*** 97,102 ****
--- 114,125 ----
$activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
$activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
+ $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
+ $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
+
+ $allow_autologin_yes = ($new['allow_autologin']) ? 'checked="checked"' : '';
+ $allow_autologin_no = (!$new['allow_autologin']) ? 'checked="checked"' : '';
+
$board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : "";
$board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : "";
***************
*** 160,165 ****
--- 183,194 ----
"L_NONE" => $lang['Acc_None'],
"L_USER" => $lang['Acc_User'],
"L_ADMIN" => $lang['Acc_Admin'],
+ "L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
+ "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],
+ "L_ALLOW_AUTOLOGIN" => $lang['Allow_autologin'],
+ "L_ALLOW_AUTOLOGIN_EXPLAIN" => $lang['Allow_autologin_explain'],
+ "L_AUTOLOGIN_TIME" => $lang['Autologin_time'],
+ "L_AUTOLOGIN_TIME_EXPLAIN" => $lang['Autologin_time_explain'],
"L_COOKIE_SETTINGS" => $lang['Cookie_settings'],
"L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'],
"L_COOKIE_DOMAIN" => $lang['Cookie_domain'],
***************
*** 179,184 ****
--- 208,223 ----
"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
+ "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
+ "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
+
+ 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'],
+ 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'],
+ 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'],
+ 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'],
+ 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'],
+ 'LOGIN_RESET_TIME' => $new['login_reset_time'],
+
"L_BOARD_EMAIL_FORM" => $lang['Board_email_form'],
"L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'],
"L_TOPICS_PER_PAGE" => $lang['Topics_per_page'],
***************
*** 247,256 ****
--- 286,301 ----
"ACTIVATION_USER_CHECKED" => $activation_user,
"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN,
"ACTIVATION_ADMIN_CHECKED" => $activation_admin,
+ "CONFIRM_ENABLE" => $confirm_yes,
+ "CONFIRM_DISABLE" => $confirm_no,
+ 'ALLOW_AUTOLOGIN_YES' => $allow_autologin_yes,
+ 'ALLOW_AUTOLOGIN_NO' => $allow_autologin_no,
+ 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'],
"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes,
"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no,
"MAX_POLL_OPTIONS" => $new['max_poll_options'],
"FLOOD_INTERVAL" => $new['flood_interval'],
+ "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
"TOPICS_PER_PAGE" => $new['topics_per_page'],
"POSTS_PER_PAGE" => $new['posts_per_page'],
"HOT_TOPIC" => $new['hot_threshold'],
diff -crN phpbb204/admin/admin_db_utilities.php phpbb2023/admin/admin_db_utilities.php
*** phpbb204/admin/admin_db_utilities.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_db_utilities.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_db_utilities.php,v 1.42.2.9 2002/12/21 19:09:56 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_db_utilities.php 5539 2006-02-10 20:35:40Z grahamje $
*
****************************************************************************/
***************
*** 499,507 ****
while($row = $db->sql_fetchrow($result))
{
! unset($schema_vals);
! unset($schema_fields);
! unset($schema_insert);
//
// Build the SQL statement to recreate the data.
//
--- 499,507 ----
while($row = $db->sql_fetchrow($result))
{
! $schema_vals = '';
! $schema_fields = '';
! $schema_insert = '';
//
// Build the SQL statement to recreate the data.
//
***************
*** 516,522 ****
}
elseif (eregi("date|timestamp", $aryType[$i]))
{
! if ($empty($strVal))
{
$strQuote = "";
}
--- 516,522 ----
}
elseif (eregi("date|timestamp", $aryType[$i]))
{
! if (empty($strVal))
{
$strQuote = "";
}
***************
*** 693,699 ****
include('./page_footer_admin.'.$phpEx);
}
! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
--- 693,699 ----
include('./page_footer_admin.'.$phpEx);
}
! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
***************
*** 701,706 ****
--- 701,708 ----
$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
+ $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
+
if(!empty($additional_tables))
{
if(ereg(",", $additional_tables))
***************
*** 856,862 ****
break;
case 'restore':
! if(!isset($restore_start))
{
//
// Define Template files...
--- 858,864 ----
break;
case 'restore':
! if(!isset($HTTP_POST_VARS['restore_start']))
{
//
// Define Template files...
diff -crN phpbb204/admin/admin_disallow.php phpbb2023/admin/admin_disallow.php
*** phpbb204/admin/admin_disallow.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_disallow.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_disallow.php 5352 2005-12-18 13:57:51Z grahamje $
*
*
***************************************************************************/
***************
*** 25,31 ****
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
! $module['Users']['Disallow'] = append_sid($filename);
return;
}
--- 25,31 ----
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
! $module['Users']['Disallow'] = $filename;
return;
}
***************
*** 45,51 ****
if ($disallowed_user == '')
{
! message_die(MESSAGE, $lang['Fields_empty']);
}
if( !validate_username($disallowed_user) )
{
--- 45,51 ----
if ($disallowed_user == '')
{
! message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
}
if( !validate_username($disallowed_user) )
{
diff -crN phpbb204/admin/admin_forum_prune.php phpbb2023/admin/admin_forum_prune.php
*** phpbb204/admin/admin_forum_prune.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_forum_prune.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forum_prune.php,v 1.22.2.3 2002/12/18 14:14:07 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forum_prune.php 3207 2002-12-18 14:14:11Z psotfx $
*
****************************************************************************/
diff -crN phpbb204/admin/admin_forumauth.php phpbb2023/admin/admin_forumauth.php
*** phpbb204/admin/admin_forumauth.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_forumauth.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forumauth.php,v 1.23.2.4 2002/05/21 16:52:08 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forumauth.php 4876 2004-03-25 15:57:20Z acydburn $
*
*
***************************************************************************/
***************
*** 102,121 ****
{
if(isset($HTTP_POST_VARS['simpleauth']))
{
! $simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
! $value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
if ( $forum_auth_fields[$i] == 'auth_vote' )
{
--- 102,124 ----
{
if(isset($HTTP_POST_VARS['simpleauth']))
{
! $simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
! if (is_array($simple_ary))
! {
! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
! }
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
! $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
if ( $forum_auth_fields[$i] == 'auth_vote' )
{
diff -crN phpbb204/admin/admin_forums.php phpbb2023/admin/admin_forums.php
*** phpbb204/admin/admin_forums.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_forums.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forums.php,v 1.40.2.10 2003/01/05 02:36:00 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forums.php 6981 2007-02-10 12:14:24Z acydburn $
*
***************************************************************************/
***************
*** 39,46 ****
$forum_auth_ary = array(
"auth_view" => AUTH_ALL,
"auth_read" => AUTH_ALL,
! "auth_post" => AUTH_ALL,
! "auth_reply" => AUTH_ALL,
"auth_edit" => AUTH_REG,
"auth_delete" => AUTH_REG,
"auth_sticky" => AUTH_MOD,
--- 39,46 ----
$forum_auth_ary = array(
"auth_view" => AUTH_ALL,
"auth_read" => AUTH_ALL,
! "auth_post" => AUTH_REG,
! "auth_reply" => AUTH_REG,
"auth_edit" => AUTH_REG,
"auth_delete" => AUTH_REG,
"auth_sticky" => AUTH_MOD,
***************
*** 55,60 ****
--- 55,61 ----
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 232,237 ****
--- 233,239 ----
if( $mode == "addforum" )
{
list($cat_id) = each($HTTP_POST_VARS['addforum']);
+ $cat_id = intval($cat_id);
//
// stripslashes needs to be run on this because slashes are added when the forum name is posted
//
***************
*** 624,630 ****
$vote_ids = '';
do
{
! $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
}
while ($row = $db->sql_fetchrow($result));
--- 626,632 ----
$vote_ids = '';
do
{
! $vote_ids .= (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
}
while ($row = $db->sql_fetchrow($result));
***************
*** 1023,1026 ****
include('./page_footer_admin.'.$phpEx);
! ?>
--- 1025,1028 ----
include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb204/admin/admin_groups.php phpbb2023/admin/admin_groups.php
*** phpbb204/admin/admin_groups.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_groups.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_groups.php,v 1.25.2.5 2002/07/31 19:14:46 dougk_ff7 Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_groups.php 5614 2006-03-09 19:42:41Z grahamje $
*
*
***************************************************************************/
***************
*** 43,54 ****
}
else
{
! $group_id = '';
}
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
--- 43,55 ----
}
else
{
! $group_id = 0;
}
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 103,123 ****
//
// Ok, now we know everything about them, let's show the page.
//
! $sql = "SELECT user_id, username
! FROM " . USERS_TABLE . "
! WHERE user_id <> " . ANONYMOUS . "
! ORDER BY username";
! if ( !($result = $db->sql_query($sql)) )
{
! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
! }
! while ( $row = $db->sql_fetchrow($result) )
! {
! if ( $row['user_id'] == $group_info['group_moderator'] )
{
! $group_moderator = $row['username'];
}
}
$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
--- 104,129 ----
//
// Ok, now we know everything about them, let's show the page.
//
! if ($group_info['group_moderator'] != '')
{
! $sql = "SELECT user_id, username
! FROM " . USERS_TABLE . "
! WHERE user_id = " . $group_info['group_moderator'];
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
! }
! if ( !($row = $db->sql_fetchrow($result)) )
{
! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
+
+ $group_moderator = $row['username'];
+ }
+ else
+ {
+ $group_moderator = '';
}
$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
***************
*** 171,176 ****
--- 177,232 ----
//
if ( isset($HTTP_POST_VARS['group_delete']) )
{
+ //
+ // Reset User Moderator Level
+ //
+
+ // Is Group moderating a forum ?
+ $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
+ }
+
+ $row = $db->sql_fetchrow($result);
+ if (intval($row['auth_mod']) == 1)
+ {
+ // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
+ $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
+ }
+
+ $rows = $db->sql_fetchrowset($result);
+ for ($i = 0; $i < count($rows); $i++)
+ {
+ $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+ WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id)
+ AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+
+ if ($db->sql_numrows($result) == 0)
+ {
+ $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . "
+ WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
+
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+ }
+ }
+ }
+
+ //
+ // Delete Group
+ //
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
if ( !$db->sql_query($sql) )
***************
*** 199,205 ****
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
--- 255,261 ----
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
***************
*** 213,219 ****
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
! $this_userdata = get_userdata($group_moderator);
$group_moderator = $this_userdata['user_id'];
if ( !$group_moderator )
--- 269,275 ----
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
! $this_userdata = get_userdata($group_moderator, true);
$group_moderator = $this_userdata['user_id'];
if ( !$group_moderator )
diff -crN phpbb204/admin/admin_mass_email.php phpbb2023/admin/admin_mass_email.php
*** phpbb204/admin/admin_mass_email.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_mass_email.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_mass_email.php,v 1.15.2.5 2002/05/20 00:52:18 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_mass_email.php 3966 2003-05-03 23:24:04Z acydburn $
*
****************************************************************************/
***************
*** 79,88 ****
if ( $row = $db->sql_fetchrow($result) )
{
! $bcc_list = '';
do
{
! $bcc_list .= ( ( $bcc_list != '' ) ? ', ' : '' ) . $row['user_email'];
}
while ( $row = $db->sql_fetchrow($result) );
--- 79,88 ----
if ( $row = $db->sql_fetchrow($result) )
{
! $bcc_list = array();
do
{
! $bcc_list[] = $row['user_email'];
}
while ( $row = $db->sql_fetchrow($result) );
***************
*** 116,127 ****
$emailer = new emailer($board_config['smtp_delivery']);
! $email_headers = 'Return-Path: ' . $userdata['board_email'] . "\nFrom: " . $board_config['board_email'] . "\n";
! $email_headers .= 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
- $email_headers .= "Bcc: $bcc_list\n";
$emailer->use_template('admin_send_email');
$emailer->email_address($board_config['board_email']);
--- 116,133 ----
$emailer = new emailer($board_config['smtp_delivery']);
! $emailer->from($board_config['board_email']);
! $emailer->replyto($board_config['board_email']);
!
! for ($i = 0; $i < count($bcc_list); $i++)
! {
! $emailer->bcc($bcc_list[$i]);
! }
!
! $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
$emailer->use_template('admin_send_email');
$emailer->email_address($board_config['board_email']);
diff -crN phpbb204/admin/admin_ranks.php phpbb2023/admin/admin_ranks.php
*** phpbb204/admin/admin_ranks.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_ranks.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ranks.php,v 1.13.2.3 2002/11/28 00:11:39 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ranks.php 8377 2008-02-10 12:52:05Z acydburn $
*
***************************************************************************/
***************
*** 19,43 ****
*
***************************************************************************/
- define('IN_PHPBB', 1);
-
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['Users']['Ranks'] = "$file";
return;
}
//
// Let's set the root dir for phpBB
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
}
else
{
--- 19,53 ----
*
***************************************************************************/
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['Users']['Ranks'] = $file;
return;
}
+ define('IN_PHPBB', 1);
+
//
// Let's set the root dir for phpBB
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
+
+ $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false;
+ $no_page_header = $cancel;
+
require('./pagestart.' . $phpEx);
+ if ($cancel)
+ {
+ redirect('admin/' . append_sid("admin_ranks.$phpEx", true));
+ }
+
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
! $mode = htmlspecialchars($mode);
}
else
{
***************
*** 58,63 ****
--- 68,75 ----
}
}
+ // Restrict mode input to valid options
+ $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
if( $mode != "" )
{
***************
*** 212,219 ****
{
$rank_id = 0;
}
! if( $rank_id )
{
$sql = "DELETE FROM " . RANKS_TABLE . "
WHERE rank_id = $rank_id";
--- 224,233 ----
{
$rank_id = 0;
}
+
+ $confirm = isset($HTTP_POST_VARS['confirm']);
! if( $rank_id && $confirm )
{
$sql = "DELETE FROM " . RANKS_TABLE . "
WHERE rank_id = $rank_id";
***************
*** 237,371 ****
message_die(GENERAL_MESSAGE, $message);
}
! else
! {
! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
! }
! }
! else
! {
! //
! // They didn't feel like giving us any information. Oh, too bad, we'll just display the
! // list then...
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min, rank_title";
! if( !$result = $db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
!
! $rank_rows = $db->sql_fetchrowset($result);
! $rank_count = count($rank_rows);
!
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank_title'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Special_rank'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
!
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
!
! for( $i = 0; $i < $rank_count; $i++)
{
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
! if($special_rank)
! {
! $rank_min = $rank_max = "-";
! }
!
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "RANK_MIN" => $rank_min,
! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
}
}
! else
{
! //
! // Show the default page
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min ASC, rank_special ASC";
! if( !$result = $db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
! $rank_count = $db->sql_numrows($result);
! $rank_rows = $db->sql_fetchrowset($result);
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank_title'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Rank_special'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
!
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
! for($i = 0; $i < $rank_count; $i++)
{
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
!
! if( $special_rank == 1 )
! {
! $rank_min = $rank_max = "-";
! }
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "SPECIAL_RANK" => $rank_is_special,
! "RANK_MIN" => $rank_min,
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
! );
! }
}
$template->pparse("body");
--- 251,345 ----
message_die(GENERAL_MESSAGE, $message);
}
! elseif( $rank_id && !$confirm)
{
! // Present the confirmation screen to the user
! $template->set_filenames(array(
! 'body' => 'admin/confirm_body.tpl')
! );
! $hidden_fields = '';
! $template->assign_vars(array(
! 'MESSAGE_TITLE' => $lang['Confirm'],
! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
! 'L_YES' => $lang['Yes'],
! 'L_NO' => $lang['No'],
!
! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
! 'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
+ else
+ {
+ message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
+ }
}
+
+ $template->pparse("body");
+
+ include('./page_footer_admin.'.$phpEx);
}
!
! //
! // Show the default page
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min ASC, rank_special ASC";
! if( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
! $rank_count = $db->sql_numrows($result);
!
! $rank_rows = $db->sql_fetchrowset($result);
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank_title'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Rank_special'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
!
! for($i = 0; $i < $rank_count; $i++)
! {
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
! if( $special_rank == 1 )
{
! $rank_min = $rank_max = "-";
! }
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "SPECIAL_RANK" => $rank_is_special,
! "RANK_MIN" => $rank_min,
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
! );
}
$template->pparse("body");
diff -crN phpbb204/admin/admin_smilies.php phpbb2023/admin/admin_smilies.php
*** phpbb204/admin/admin_smilies.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_smilies.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php,v 1.22.2.12 2002/12/22 15:34:01 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php 8377 2008-02-10 12:52:05Z acydburn $
*
****************************************************************************/
***************
*** 36,62 ****
return;
}
//
// Load default header
//
! if( isset($HTTP_GET_VARS['export_pack']) )
{
! if ( $HTTP_GET_VARS['export_pack'] == "send" )
! {
! $no_page_header = true;
! }
}
- $phpbb_root_path = "./../";
- require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
//
// Check to see what mode we should operate in.
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
--- 36,69 ----
return;
}
+ $phpbb_root_path = "./../";
+ require($phpbb_root_path . 'extension.inc');
+
+ $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false;
+ $no_page_header = $cancel;
+
//
// Load default header
//
! if ((!empty($HTTP_GET_VARS['export_pack']) && $HTTP_GET_VARS['export_pack'] == 'send') || (!empty($_GET['export_pack']) && $_GET['export_pack'] == 'send'))
{
! $no_page_header = true;
}
require('./pagestart.' . $phpEx);
+ if ($cancel)
+ {
+ redirect('admin/' . append_sid("admin_smilies.$phpEx", true));
+ }
+
//
// Check to see what mode we should operate in.
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 313,330 ****
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
! $sql = "DELETE FROM " . SMILIES_TABLE . "
! WHERE smilies_id = " . $smiley_id;
! $result = $db->sql_query($sql);
! if( !$result )
{
! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
! $message = $lang['smiley_del_success'] . "
" . sprintf($lang['Click_return_smileadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");
! message_die(GENERAL_MESSAGE, $message);
break;
case 'edit':
--- 320,364 ----
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+ $smiley_id = intval($smiley_id);
! $confirm = isset($HTTP_POST_VARS['confirm']);
!
! if( $confirm )
{
! $sql = "DELETE FROM " . SMILIES_TABLE . "
! WHERE smilies_id = " . $smiley_id;
! $result = $db->sql_query($sql);
! if( !$result )
! {
! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
! }
!
! $message = $lang['smiley_del_success'] . "
" . sprintf($lang['Click_return_smileadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");
!
! message_die(GENERAL_MESSAGE, $message);
}
+ else
+ {
+ // Present the confirmation screen to the user
+ $template->set_filenames(array(
+ 'body' => 'admin/confirm_body.tpl')
+ );
! $hidden_fields = '';
! $template->assign_vars(array(
! 'MESSAGE_TITLE' => $lang['Confirm'],
! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
!
! 'L_YES' => $lang['Yes'],
! 'L_NO' => $lang['No'],
!
! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
! 'S_HIDDEN_FIELDS' => $hidden_fields)
! );
! $template->pparse('body');
! }
break;
case 'edit':
***************
*** 333,338 ****
--- 367,373 ----
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+ $smiley_id = intval($smiley_id);
$sql = "SELECT *
FROM " . SMILIES_TABLE . "
***************
*** 399,413 ****
// Get the submitted data, being careful to ensure that we only
// accept the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
! message_die(MESSAGE, $lang['Fields_empty']);
}
//
--- 434,451 ----
// Get the submitted data, being careful to ensure that we only
// accept the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
! $smile_url = phpbb_ltrim(basename($smile_url), "'");
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
! $smile_code = trim($smile_code);
! $smile_url = trim($smile_url);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
! message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
}
//
***************
*** 441,454 ****
// Get the submitted data being careful to ensure the the data
// we recieve and process is only the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
! message_die(MESSAGE, $lang['Fields_empty']);
}
//
--- 479,495 ----
// Get the submitted data being careful to ensure the the data
// we recieve and process is only the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
! $smile_url = phpbb_ltrim(basename($smile_url), "'");
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
! $smile_code = trim($smile_code);
! $smile_url = trim($smile_url);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
! message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
}
//
***************
*** 550,553 ****
//
include('./page_footer_admin.'.$phpEx);
! ?>
--- 591,594 ----
//
include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb204/admin/admin_styles.php phpbb2023/admin/admin_styles.php
*** phpbb204/admin/admin_styles.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_styles.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_styles.php,v 1.27.2.9 2002/12/21 19:09:57 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_styles.php 8377 2008-02-10 12:52:05Z acydburn $
*
*
***************************************************************************/
***************
*** 27,33 ****
$file = basename(__FILE__);
$module['Styles']['Add_new'] = "$file?mode=addnew";
$module['Styles']['Create_new'] = "$file?mode=create";
! $module['Styles']['Manage'] = "$file";
$module['Styles']['Export'] = "$file?mode=export";
return;
}
--- 27,33 ----
$file = basename(__FILE__);
$module['Styles']['Add_new'] = "$file?mode=addnew";
$module['Styles']['Create_new'] = "$file?mode=create";
! $module['Styles']['Manage'] = $file;
$module['Styles']['Export'] = "$file?mode=export";
return;
}
***************
*** 39,55 ****
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "./../";
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
- if (empty($HTTP_POST_VARS['send_file']))
- {
- $no_page_header = ( $cancel ) ? TRUE : FALSE;
- require($phpbb_root_path . 'extension.inc');
- require('./pagestart.' . $phpEx);
- }
-
if ($cancel)
{
redirect('admin/' . append_sid("admin_styles.$phpEx", true));
--- 39,56 ----
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "./../";
+ require($phpbb_root_path . 'extension.inc');
+
+ $confirm = (isset($HTTP_POST_VARS['confirm']) || isset($_POST['confirm'])) ? TRUE : FALSE;
+ $cancel = (isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel'])) ? TRUE : FALSE;
+
+ $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || !empty($_POST['send_file']) || $cancel) ? TRUE : FALSE;
+
+ require('./pagestart.' . $phpEx);
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
if ($cancel)
{
redirect('admin/' . append_sid("admin_styles.$phpEx", true));
***************
*** 58,63 ****
--- 59,65 ----
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 73,79 ****
if( isset($install_to) )
{
! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg");
$template_name = $$install_to;
$found = FALSE;
--- 75,81 ----
if( isset($install_to) )
{
! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg");
$template_name = $$install_to;
$found = FALSE;
***************
*** 490,496 ****
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
! $style_id = $HTTP_GET_VARS['style_id'];
$selected_names = array();
$selected_values = array();
--- 492,498 ----
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
! $style_id = intval($HTTP_GET_VARS['style_id']);
$selected_names = array();
$selected_values = array();
***************
*** 580,585 ****
--- 582,588 ----
"L_SIMPLE_NAME" => $lang['Simple_name'],
"L_VALUE" => $lang['Value'],
"L_STYLESHEET" => $lang['Stylesheet'],
+ "L_STYLESHEET_EXPLAIN" => $lang['Stylesheet_explain'],
"L_BACKGROUND_IMAGE" => $lang['Background_image'],
"L_BACKGROUND_COLOR" => $lang['Background_color'],
"L_BODY_TEXT_COLOR" => $lang['Text_color'],
***************
*** 705,711 ****
$sql = "SELECT *
FROM " . THEMES_TABLE . "
! WHERE template_name = '$template_name'";
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);
--- 708,714 ----
$sql = "SELECT *
FROM " . THEMES_TABLE . "
! WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);
***************
*** 737,743 ****
@umask(0111);
! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w');
if( !$fp )
{
--- 740,746 ----
@umask(0111);
! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w');
if( !$fp )
{
***************
*** 833,839 ****
// Set template files
//
$template->set_filenames(array(
! "confirm" => "confirm_body.tpl")
);
$template->assign_vars(array(
--- 836,842 ----
// Set template files
//
$template->set_filenames(array(
! "confirm" => "admin/confirm_body.tpl")
);
$template->assign_vars(array(
diff -crN phpbb204/admin/admin_ug_auth.php phpbb2023/admin/admin_ug_auth.php
*** phpbb204/admin/admin_ug_auth.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_ug_auth.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ug_auth.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ug_auth.php 8378 2008-02-10 17:18:29Z acydburn $
*
*
***************************************************************************/
***************
*** 54,59 ****
--- 54,64 ----
}
}
+ $user_id = intval($user_id);
+ $group_id = intval($group_id);
+ $adv = intval($adv);
+ $mode = htmlspecialchars($mode);
+
//
// Start program - define vars
//
***************
*** 226,236 ****
else
{
! $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false;
if ( empty($adv) )
{
! $change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false;
}
else
{
--- 231,276 ----
else
{
! $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : array();
if ( empty($adv) )
{
! $sql = "SELECT f.*
! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
! WHERE f.cat_id = c.cat_id
! ORDER BY c.cat_order, f.forum_order ASC";
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
! }
!
! $forum_access = $forum_auth_level_fields = array();
! while( $row = $db->sql_fetchrow($result) )
! {
! $forum_access[] = $row;
! }
! $db->sql_freeresult($result);
!
! for($i = 0; $i < count($forum_access); $i++)
! {
! $forum_id = $forum_access[$i]['forum_id'];
!
! for($j = 0; $j < count($forum_auth_fields); $j++)
! {
! $forum_auth_level_fields[$forum_id][$forum_auth_fields[$j]] = $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL;
! }
! }
!
! while( list($forum_id, $value) = @each($HTTP_POST_VARS['private']) )
! {
! while( list($auth_field, $exists) = @each($forum_auth_level_fields[$forum_id]) )
! {
! if ($exists)
! {
! $change_acl_list[$forum_id][$auth_field] = $value;
! }
! }
! }
}
else
{
***************
*** 246,254 ****
}
}
! $sql = "SELECT *
! FROM " . FORUMS_TABLE . " f
! ORDER BY forum_order";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
--- 286,295 ----
}
}
! $sql = 'SELECT f.*
! FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c
! WHERE f.cat_id = c.cat_id
! ORDER BY c.cat_order, f.forum_order';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
***************
*** 283,293 ****
$forum_id = $forum_access[$i]['forum_id'];
if (
! ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) ||
! ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) )
)
{
! $update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod'];
if ( !$update_mod_status[$forum_id] )
{
--- 324,334 ----
$forum_id = $forum_access[$i]['forum_id'];
if (
! ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id] != $auth_access[$forum_id]['auth_mod'] ) ||
! ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]) )
)
{
! $update_mod_status[$forum_id] = $change_mod_list[$forum_id];
if ( !$update_mod_status[$forum_id] )
{
***************
*** 409,414 ****
--- 450,456 ----
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
WHERE ug.group_id = aa.group_id
AND u.user_id = ug.user_id
+ AND ug.user_pending = 0
AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
GROUP BY u.user_id
HAVING SUM(aa.auth_mod) > 0";
***************
*** 503,508 ****
--- 545,592 ----
}
}
+ $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+ WHERE group_id = $group_id";
+ $result = $db->sql_query($sql);
+
+ $group_user = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $group_user[$row['user_id']] = $row['user_id'];
+ }
+ $db->sql_freeresult($result);
+
+ $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
+ FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
+ WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
+ AND aa.group_id = ug.group_id
+ AND aa.auth_mod = 1
+ GROUP BY ug.user_id";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
+ }
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ if ($row['is_auth_mod'])
+ {
+ unset($group_user[$row['user_id']]);
+ }
+ }
+ $db->sql_freeresult($result);
+
+ if (sizeof($group_user))
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_level = " . USER . "
+ WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
message_die(GENERAL_MESSAGE, $message);
}
}
***************
*** 510,516 ****
{
if ( isset($HTTP_POST_VARS['username']) )
{
! $this_userdata = get_userdata($HTTP_POST_VARS['username']);
if ( !is_array($this_userdata) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
--- 594,600 ----
{
if ( isset($HTTP_POST_VARS['username']) )
{
! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if ( !is_array($this_userdata) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
***************
*** 521,529 ****
//
// Front end
//
! $sql = "SELECT *
! FROM " . FORUMS_TABLE . " f
! ORDER BY forum_order";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
--- 605,614 ----
//
// Front end
//
! $sql = "SELECT f.*
! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
! WHERE f.cat_id = c.cat_id
! ORDER BY c.cat_order, f.forum_order ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
***************
*** 556,562 ****
}
}
! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
if ( !($result = $db->sql_query($sql)) )
{
--- 641,647 ----
}
}
! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
if ( !($result = $db->sql_query($sql)) )
{
***************
*** 759,765 ****
$i++;
}
! @reset($auth_user);
if ( $mode == 'user' )
{
--- 844,850 ----
$i++;
}
! // @reset($auth_user);
if ( $mode == 'user' )
{
***************
*** 782,801 ****
}
}
if( count($name) )
{
- $t_usergroup_list = '';
for($i = 0; $i < count($ug_info); $i++)
{
$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
}
}
! else
! {
! $t_usergroup_list = $lang['None'];
! }
$s_column_span = 2; // Two columns always present
if( !$adv )
--- 867,892 ----
}
}
+ $t_usergroup_list = $t_pending_list = '';
if( count($name) )
{
for($i = 0; $i < count($ug_info); $i++)
{
$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
! if (!$ug_info[$i]['user_pending'])
! {
! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
! }
! else
! {
! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
! }
}
}
!
! $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list;
! $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list;
$s_column_span = 2; // Two columns always present
if( !$adv )
***************
*** 852,858 ****
$template->assign_vars(array(
'USERNAME' => $t_groupname,
! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list)
);
}
--- 943,949 ----
$template->assign_vars(array(
'USERNAME' => $t_groupname,
! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list)
);
}
diff -crN phpbb204/admin/admin_user_ban.php phpbb2023/admin/admin_user_ban.php
*** phpbb204/admin/admin_user_ban.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_user_ban.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_user_ban.php 5283 2005-10-30 15:17:14Z acydburn $
*
*
***************************************************************************/
***************
*** 49,55 ****
$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
! $this_userdata = get_userdata($HTTP_POST_VARS['username']);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
--- 49,55 ----
$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
***************
*** 155,161 ****
// contained in the annotated php manual at php.com (ereg
// section)
//
! if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
--- 155,161 ----
// contained in the annotated php manual at php.com (ereg
// section)
//
! if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i])))
{
$email_list[] = trim($email_list_temp[$i]);
}
***************
*** 277,283 ****
{
if ( $user_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
}
}
}
--- 277,283 ----
{
if ( $user_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
}
}
}
***************
*** 290,296 ****
{
if ( $ip_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
}
}
}
--- 290,296 ----
{
if ( $ip_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
}
}
}
***************
*** 303,309 ****
{
if ( $email_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
}
}
}
--- 303,309 ----
{
if ( $email_list[$i] != -1 )
{
! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
}
}
}
diff -crN phpbb204/admin/admin_users.php phpbb2023/admin/admin_users.php
*** phpbb204/admin/admin_users.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_users.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_users.php,v 1.57.2.17 2002/12/21 19:09:57 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_users.php 6981 2007-02-10 12:14:24Z acydburn $
*
*
***************************************************************************/
***************
*** 30,36 ****
return;
}
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
--- 30,36 ----
return;
}
! $phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
***************
*** 47,52 ****
--- 47,53 ----
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 56,76 ****
//
// Begin program
//
! if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
! if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
{
! $user_id = intval( $HTTP_POST_VARS['id'] );
if (!($this_userdata = get_userdata($user_id)))
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
! if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
--- 57,77 ----
//
// Begin program
//
! if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
! if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
{
! $user_id = intval($HTTP_POST_VARS['id']);
if (!($this_userdata = get_userdata($user_id)))
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
! if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
***************
*** 85,91 ****
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
! SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
--- 86,92 ----
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
***************
*** 108,137 ****
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
! $sql = "SELECT group_id
! FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
! if( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
! }
!
! while ( $row_group = $db->sql_fetchrow($result) )
{
! $group_moderator[] = $row_group['group_id'];
! }
!
! if ( count($group_moderator) )
! {
! $update_moderator_id = implode(', ', $group_moderator);
!
! $sql = "UPDATE " . GROUPS_TABLE . "
! SET group_moderator = " . $userdata['user_id'] . "
! WHERE group_moderator IN ($update_moderator_id)";
! if( !$db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
! }
}
$sql = "DELETE FROM " . USERS_TABLE . "
--- 109,120 ----
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
! $sql = "UPDATE " . GROUPS_TABLE . "
! SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator = $user_id";
! if( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USERS_TABLE . "
***************
*** 176,181 ****
--- 159,178 ----
message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
}
+ $sql = "DELETE FROM " . SESSIONS_TABLE . "
+ WHERE session_user_id = $user_id";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . "
+ WHERE user_id = $user_id";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql);
+ }
+
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_from_userid = $user_id
***************
*** 216,222 ****
message_die(GENERAL_MESSAGE, $message);
}
! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
--- 213,219 ----
message_die(GENERAL_MESSAGE, $message);
}
! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
***************
*** 246,258 ****
$allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];
! $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
- $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
$user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];
$user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : '';
--- 243,255 ----
$allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];
! $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
$user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];
$user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
+ $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : '';
***************
*** 292,298 ****
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
! $user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
}
}
--- 289,295 ----
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
! $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
}
}
***************
*** 304,327 ****
$error = FALSE;
! if( stripslashes($username) != $this_userdata['username'] )
{
unset($rename_user);
! $result = validate_username($username);
! if ( $result['error'] )
{
! $error = TRUE;
! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
}
! else
{
! $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
$rename_user = $username; // Used for renaming usergroup
}
}
! $passwd_sql = "";
if( !empty($password) && !empty($password_confirm) )
{
//
--- 301,333 ----
$error = FALSE;
! if (stripslashes($username) != $this_userdata['username'])
{
unset($rename_user);
! if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) )
{
! $result = validate_username($username);
! if ( $result['error'] )
! {
! $error = TRUE;
! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
! }
! else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
! {
! $error = TRUE;
! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken'];
! }
}
!
! if (!$error)
{
! $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
$rename_user = $username; // Used for renaming usergroup
}
}
! $passwd_sql = '';
if( !empty($password) && !empty($password_confirm) )
{
//
***************
*** 349,355 ****
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch'];
}
! if( $signature != "" )
{
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
if ( $allowhtml )
--- 355,361 ----
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch'];
}
! if ($signature != '')
{
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
if ( $allowhtml )
***************
*** 379,387 ****
{
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
! @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
}
}
$avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
--- 385,393 ----
{
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
! if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
! @unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
}
}
$avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
***************
*** 635,641 ****
}
else if( $user_avatar_local != "" && $avatar_sql == "" && !$error )
{
! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_local) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
}
//
--- 641,647 ----
}
else if( $user_avatar_local != "" && $avatar_sql == "" && !$error )
{
! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
}
//
***************
*** 653,670 ****
{
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '".str_replace("\'", "''", $rename_user)."'
! WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
}
}
$message .= $lang['Admin_user_updated'];
}
else
{
! $error = TRUE;
! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail'];
}
$message .= '
' . sprintf($lang['Click_return_useradmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');
--- 659,695 ----
{
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '".str_replace("\'", "''", $rename_user)."'
! WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
}
}
+
+ // Delete user session, to prevent the user navigating the forum (if logged in) when disabled
+ if (!$user_status)
+ {
+ $sql = "DELETE FROM " . SESSIONS_TABLE . "
+ WHERE session_user_id = " . $user_id;
+
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ // We remove all stored login keys since the password has been updated
+ // and change the current one (if applicable)
+ if ( !empty($passwd_sql) )
+ {
+ session_reset_keys($user_id, $user_ip);
+ }
+
$message .= $lang['Admin_user_updated'];
}
else
{
! message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
}
$message .= '
' . sprintf($lang['Click_return_useradmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');
***************
*** 716,722 ****
}
else
{
! $this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
--- 741,747 ----
}
else
{
! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
***************
*** 727,733 ****
// Now parse and display it as a template
//
$user_id = $this_userdata['user_id'];
! $username = htmlspecialchars($this_userdata['username']);
$email = $this_userdata['user_email'];
$password = '';
$password_confirm = '';
--- 752,758 ----
// Now parse and display it as a template
//
$user_id = $this_userdata['user_id'];
! $username = $this_userdata['username'];
$email = $this_userdata['user_email'];
$password = '';
$password_confirm = '';
***************
*** 799,805 ****
{
if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) )
{
! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . "/" . $sub_file;
$avatar_col_count++;
if( $avatar_col_count == 5 )
--- 824,830 ----
{
if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) )
{
! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
$avatar_col_count++;
if( $avatar_col_count == 5 )
***************
*** 816,822 ****
if( isset($HTTP_POST_VARS['avatarcategory']) )
{
! $category = $HTTP_POST_VARS['avatarcategory'];
}
else
{
--- 841,847 ----
if( isset($HTTP_POST_VARS['avatarcategory']) )
{
! $category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
}
else
{
***************
*** 844,850 ****
for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
{
$template->assign_block_vars("avatar_row.avatar_column", array(
! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . "/" . $avatar_images[$category][$i][$j])
);
$template->assign_block_vars("avatar_row.avatar_option_column", array(
--- 869,875 ----
for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
{
$template->assign_block_vars("avatar_row.avatar_column", array(
! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j])
);
$template->assign_block_vars("avatar_row.avatar_option_column", array(
***************
*** 855,861 ****
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;
! $s_hidden_fields = '';
$s_hidden_fields .= '';
$s_hidden_fields .= '';
--- 880,886 ----
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;
! $s_hidden_fields = '';
$s_hidden_fields .= '';
$s_hidden_fields .= '';
***************
*** 911,917 ****
if( !empty($user_avatar_local) )
{
! $s_hidden_fields .= '';
}
if( $user_avatar_type )
--- 936,942 ----
if( !empty($user_avatar_local) )
{
! $s_hidden_fields .= '';
}
if( $user_avatar_type )
***************
*** 1127,1130 ****
include('./page_footer_admin.'.$phpEx);
! ?>
--- 1152,1155 ----
include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb204/admin/admin_words.php phpbb2023/admin/admin_words.php
*** phpbb204/admin/admin_words.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/admin_words.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_words.php,v 1.10.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_words.php 8377 2008-02-10 12:52:05Z acydburn $
*
*
***************************************************************************/
***************
*** 20,44 ****
*
***************************************************************************/
- define('IN_PHPBB', 1);
-
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Word_Censor'] = "$file";
return;
}
//
// Load default header
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
}
else
{
--- 20,54 ----
*
***************************************************************************/
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Word_Censor'] = $file;
return;
}
+ define('IN_PHPBB', 1);
+
//
// Load default header
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
+
+ $cancel = (isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel'])) ? true : false;
+ $no_page_header = $cancel;
+
require('./pagestart.' . $phpEx);
+ if ($cancel)
+ {
+ redirect('admin/' . append_sid("admin_words.$phpEx", true));
+ }
+
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
! $mode = htmlspecialchars($mode);
}
else
{
***************
*** 59,74 ****
}
}
if( $mode != "" )
{
if( $mode == "edit" || $mode == "add" )
{
! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
$template->set_filenames(array(
"body" => "admin/words_edit_body.tpl")
);
$s_hidden_fields = '';
if( $mode == "edit" )
--- 69,88 ----
}
}
+ // Restrict mode input to valid options
+ $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
+
if( $mode != "" )
{
if( $mode == "edit" || $mode == "add" )
{
! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$template->set_filenames(array(
"body" => "admin/words_edit_body.tpl")
);
+ $word_info = array('word' => '', 'replacement' => '');
$s_hidden_fields = '';
if( $mode == "edit" )
***************
*** 93,100 ****
}
$template->assign_vars(array(
! "WORD" => $word_info['word'],
! "REPLACEMENT" => $word_info['replacement'],
"L_WORDS_TITLE" => $lang['Words_title'],
"L_WORDS_TEXT" => $lang['Words_explain'],
--- 107,114 ----
}
$template->assign_vars(array(
! "WORD" => htmlspecialchars($word_info['word']),
! "REPLACEMENT" => htmlspecialchars($word_info['replacement']),
"L_WORDS_TITLE" => $lang['Words_title'],
"L_WORDS_TEXT" => $lang['Words_explain'],
***************
*** 113,119 ****
}
else if( $mode == "save" )
{
! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
--- 127,133 ----
}
else if( $mode == "save" )
{
! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
***************
*** 150,162 ****
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
}
else
{
$word_id = 0;
}
! if( $word_id )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
--- 164,179 ----
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+ $word_id = intval($word_id);
}
else
{
$word_id = 0;
}
! $confirm = isset($HTTP_POST_VARS['confirm']);
!
! if( $word_id && $confirm )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
***************
*** 170,175 ****
--- 187,212 ----
message_die(GENERAL_MESSAGE, $message);
}
+ elseif( $word_id && !$confirm)
+ {
+ // Present the confirmation screen to the user
+ $template->set_filenames(array(
+ 'body' => 'admin/confirm_body.tpl')
+ );
+
+ $hidden_fields = '';
+
+ $template->assign_vars(array(
+ 'MESSAGE_TITLE' => $lang['Confirm'],
+ 'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
+
+ 'L_YES' => $lang['Yes'],
+ 'L_NO' => $lang['No'],
+
+ 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
+ 'S_HIDDEN_FIELDS' => $hidden_fields)
+ );
+ }
else
{
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
***************
*** 191,196 ****
--- 228,234 ----
}
$word_rows = $db->sql_fetchrowset($result);
+ $db->sql_freeresult($result);
$word_count = count($word_rows);
$template->assign_vars(array(
***************
*** 219,226 ****
$template->assign_block_vars("words", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
! "WORD" => $word,
! "REPLACEMENT" => $replacement,
"U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&id=$word_id"),
"U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&id=$word_id"))
--- 257,264 ----
$template->assign_block_vars("words", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
! "WORD" => htmlspecialchars($word),
! "REPLACEMENT" => htmlspecialchars($replacement),
"U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&id=$word_id"),
"U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&id=$word_id"))
diff -crN phpbb204/admin/index.php phpbb2023/admin/index.php
*** phpbb204/admin/index.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/index.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: index.php,v 1.40.2.3 2003/01/07 20:51:34 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: index.php 5318 2005-12-04 12:55:28Z grahamje $
*
*
***************************************************************************/
***************
*** 60,66 ****
{
if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) )
{
! include($file);
}
}
--- 60,66 ----
{
if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) )
{
! include('./' . $file);
}
}
***************
*** 132,137 ****
--- 132,138 ----
"L_ADMIN_INTRO" => $lang['Admin_intro'],
"L_FORUM_STATS" => $lang['Forum_stats'],
"L_WHO_IS_ONLINE" => $lang['Who_is_Online'],
+ "L_USERNAME" => $lang['Username'],
"L_LOCATION" => $lang['Location'],
"L_LAST_UPDATE" => $lang['Last_updated'],
"L_IP_ADDRESS" => $lang['IP_Address'],
***************
*** 233,241 ****
$row = $db->sql_fetchrow($result);
$version = $row['mysql_version'];
! if( preg_match("/^(3\.23|4\.)/", $version) )
{
! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname;
$sql = "SHOW TABLE STATUS
FROM " . $db_name;
--- 234,242 ----
$row = $db->sql_fetchrow($result);
$version = $row['mysql_version'];
! if( preg_match("/^(3\.23|4\.|5\.)/", $version) )
{
! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname;
$sql = "SHOW TABLE STATUS
FROM " . $db_name;
***************
*** 331,337 ****
WHERE s.session_logged_in = " . TRUE . "
AND u.user_id = s.session_user_id
AND u.user_id <> " . ANONYMOUS . "
! AND u.user_session_time >= " . ( time() - 300 ) . "
ORDER BY u.user_session_time DESC";
if(!$result = $db->sql_query($sql))
{
--- 332,338 ----
WHERE s.session_logged_in = " . TRUE . "
AND u.user_id = s.session_user_id
AND u.user_id <> " . ANONYMOUS . "
! AND s.session_time >= " . ( time() - 300 ) . "
ORDER BY u.user_session_time DESC";
if(!$result = $db->sql_query($sql))
{
***************
*** 454,460 ****
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $reg_ip,
! "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$reg_ip&targetnic=auto",
"U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']),
"U_FORUM_LOCATION" => append_sid($location_url))
);
--- 455,461 ----
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $reg_ip,
! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip",
"U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']),
"U_FORUM_LOCATION" => append_sid($location_url))
);
***************
*** 546,552 ****
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $guest_ip,
! "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$guest_ip&targetnic=auto",
"U_FORUM_LOCATION" => append_sid($location_url))
);
}
--- 547,553 ----
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $guest_ip,
! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip",
"U_FORUM_LOCATION" => append_sid($location_url))
);
}
***************
*** 559,564 ****
--- 560,630 ----
);
}
+ // Check for new version
+ $current_version = explode('.', '2' . $board_config['version']);
+ $minor_revision = (int) $current_version[2];
+
+ $errno = 0;
+ $errstr = $version_info = '';
+
+ if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr, 10))
+ {
+ @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n");
+ @fputs($fsock, "HOST: www.phpbb.com\r\n");
+ @fputs($fsock, "Connection: close\r\n\r\n");
+
+ $get_info = false;
+ while (!@feof($fsock))
+ {
+ if ($get_info)
+ {
+ $version_info .= @fread($fsock, 1024);
+ }
+ else
+ {
+ if (@fgets($fsock, 1024) == "\r\n")
+ {
+ $get_info = true;
+ }
+ }
+ }
+ @fclose($fsock);
+
+ $version_info = explode("\n", $version_info);
+ $latest_head_revision = (int) $version_info[0];
+ $latest_minor_revision = (int) $version_info[2];
+ $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2];
+
+ if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision)
+ {
+ $version_info = '' . $lang['Version_up_to_date'] . '
';
+ }
+ else
+ {
+ $version_info = '' . $lang['Version_not_up_to_date'];
+ $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . ' ' . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '
';
+ }
+ }
+ else
+ {
+ if ($errstr)
+ {
+ $version_info = '' . sprintf($lang['Connect_socket_error'], $errstr) . '
';
+ }
+ else
+ {
+ $version_info = '' . $lang['Socket_functions_disabled'] . '
';
+ }
+ }
+
+ $version_info .= '' . $lang['Mailing_list_subscribe_reminder'] . '
';
+
+
+ $template->assign_vars(array(
+ 'VERSION_INFO' => $version_info,
+ 'L_VERSION_INFORMATION' => $lang['Version_information'])
+ );
+
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
diff -crN phpbb204/admin/page_footer_admin.php phpbb2023/admin/page_footer_admin.php
*** phpbb204/admin/page_footer_admin.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/page_footer_admin.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: page_footer_admin.php,v 1.9.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: page_footer_admin.php 5214 2005-09-19 20:49:06Z grahamje $
*
*
***************************************************************************/
***************
*** 25,30 ****
--- 25,32 ----
die("Hacking attempt");
}
+ global $do_gzip_compress;
+
//
// Show the overall footer.
//
***************
*** 33,40 ****
);
$template->assign_vars(array(
! 'PHPBB_VERSION' => '2' . $board_config['version'],
! 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO'])
);
$template->pparse('page_footer');
--- 35,42 ----
);
$template->assign_vars(array(
! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '',
! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : ''))
);
$template->pparse('page_footer');
diff -crN phpbb204/admin/page_header_admin.php phpbb2023/admin/page_header_admin.php
*** phpbb204/admin/page_header_admin.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/page_header_admin.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: page_header_admin.php,v 1.12.2.3 2002/12/10 11:13:58 bartvb Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: page_header_admin.php 5509 2006-01-29 21:19:02Z grahamje $
*
*
***************************************************************************/
***************
*** 35,41 ****
{
$phpver = phpversion();
! $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT;
if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) )
{
--- 35,41 ----
{
$phpver = phpversion();
! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT');
if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) )
{
***************
*** 64,69 ****
--- 64,73 ----
'header' => 'admin/page_header.tpl')
);
+ // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility
+ $l_timezone = explode('.', $board_config['board_timezone']);
+ $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])];
+
//
// The following assigns all _common_ variables that may be used at any point
// in a template. Note that all URL's should be wrapped in append_sid, as
***************
*** 79,85 ****
'U_INDEX' => append_sid('../index.'.$phpEx),
! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]),
'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx),
'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx),
'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])),
--- 83,89 ----
'U_INDEX' => append_sid('../index.'.$phpEx),
! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone),
'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx),
'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx),
'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])),
***************
*** 128,133 ****
--- 132,149 ----
'T_SPAN_CLASS3' => $theme['span_class3'])
);
+ // Work around for "current" Apache 2 + PHP module which seems to not
+ // cope with private cache control setting
+ if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
+ {
+ header ('Cache-Control: no-cache, pre-check=0, post-check=0');
+ }
+ else
+ {
+ header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+ }
+ header ('Expires: 0');
+ header ('Pragma: no-cache');
$template->pparse('header');
diff -crN phpbb204/admin/pagestart.php phpbb2023/admin/pagestart.php
*** phpbb204/admin/pagestart.php Sat Jul 10 20:16:21 2004
--- phpbb2023/admin/pagestart.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: pagestart.php,v 1.1.2.4 2002/11/30 21:37:43 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: pagestart.php 5487 2006-01-22 17:11:09Z grahamje $
*
*
***************************************************************************/
***************
*** 40,46 ****
if (!$userdata['session_logged_in'])
{
! redirect(append_sid("login.$phpEx?redirect=admin/", true));
}
else if ($userdata['user_level'] != ADMIN)
{
--- 40,46 ----
if (!$userdata['session_logged_in'])
{
! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true));
}
else if ($userdata['user_level'] != ADMIN)
{
***************
*** 49,59 ****
if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
! $url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
! $url = preg_replace('/\?$/', '', $url);
! $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
! redirect($url);
}
if (empty($no_page_header))
--- 49,60 ----
if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
! redirect("index.$phpEx?sid=" . $userdata['session_id']);
! }
! if (!$userdata['session_admin'])
! {
! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));
}
if (empty($no_page_header))
diff -crN phpbb204/common.php phpbb2023/common.php
*** phpbb204/common.php Sat Jul 10 20:16:22 2004
--- phpbb2023/common.php Sun Feb 10 18:19:56 2008
***************
*** 6,13 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: common.php,v 1.74.2.5 2002/12/17 23:59:37 psotfx Exp $
! *
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: common.php 5970 2006-05-26 17:46:59Z grahamje $
*
***************************************************************************/
***************
*** 25,33 ****
--- 24,97 ----
die("Hacking attempt");
}
+ //
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
+ // The following code (unsetting globals)
+ // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files
+
+ // PHP5 with register_long_arrays off?
+ if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
+ {
+ $HTTP_POST_VARS = $_POST;
+ $HTTP_GET_VARS = $_GET;
+ $HTTP_SERVER_VARS = $_SERVER;
+ $HTTP_COOKIE_VARS = $_COOKIE;
+ $HTTP_ENV_VARS = $_ENV;
+ $HTTP_POST_FILES = $_FILES;
+
+ // _SESSION is the only superglobal which is conditionally set
+ if (isset($_SESSION))
+ {
+ $HTTP_SESSION_VARS = $_SESSION;
+ }
+ }
+
+ // Protect against GLOBALS tricks
+ if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
+ {
+ die("Hacking attempt");
+ }
+
+ // Protect against HTTP_SESSION_VARS tricks
+ if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
+ {
+ die("Hacking attempt");
+ }
+
+ if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
+ {
+ // PHP4+ path
+ $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
+
+ // Not only will array_merge give a warning if a parameter
+ // is not an array, it will actually fail. So we check if
+ // HTTP_SESSION_VARS has been initialised.
+ if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
+ {
+ $HTTP_SESSION_VARS = array();
+ }
+
+ // Merge all into one extremely huge array; unset
+ // this later
+ $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
+
+ unset($input['input']);
+ unset($input['not_unset']);
+
+ while (list($var,) = @each($input))
+ {
+ if (in_array($var, $not_unset))
+ {
+ die('Hacking attempt!');
+ }
+ unset($$var);
+ }
+
+ unset($input);
+ }
+
//
// addslashes to vars if magic_quotes_gpc is off
// this is a security precaution to prevent someone
***************
*** 106,118 ****
$theme = array();
$images = array();
$lang = array();
$gen_simple_header = FALSE;
include($phpbb_root_path . 'config.'.$phpEx);
if( !defined("PHPBB_INSTALLED") )
{
! header("Location: install/install.$phpEx");
exit;
}
--- 170,184 ----
$theme = array();
$images = array();
$lang = array();
+ $nav_links = array();
+ $dss_seeded = false;
$gen_simple_header = FALSE;
include($phpbb_root_path . 'config.'.$phpEx);
if( !defined("PHPBB_INSTALLED") )
{
! header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx);
exit;
}
***************
*** 123,167 ****
include($phpbb_root_path . 'includes/functions.'.$phpEx);
include($phpbb_root_path . 'includes/db.'.$phpEx);
! //
! // Mozilla navigation bar
! // Default items that should be valid on all pages.
! // Defined here and not in page_header.php so they can be redefined in the code
! //
! $nav_links['top'] = array (
! 'url' => append_sid($phpbb_root_dir."index.".$phpEx),
! 'title' => sprintf($lang['Forum_Index'], $board_config['sitename'])
! );
! $nav_links['search'] = array (
! 'url' => append_sid($phpbb_root_dir."search.".$phpEx),
! 'title' => $lang['Search']
! );
! $nav_links['help'] = array (
! 'url' => append_sid($phpbb_root_dir."faq.".$phpEx),
! 'title' => $lang['FAQ']
! );
! $nav_links['author'] = array (
! 'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx),
! 'title' => $lang['Memberlist']
! );
//
// Obtain and encode users IP
//
! if( getenv('HTTP_X_FORWARDED_FOR') != '' )
! {
! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
!
! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
! {
! $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
! $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
! }
! }
! else
! {
! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
! }
$user_ip = encode_ip($client_ip);
//
--- 189,206 ----
include($phpbb_root_path . 'includes/functions.'.$phpEx);
include($phpbb_root_path . 'includes/db.'.$phpEx);
! // We do not need this any longer, unset for safety purposes
! unset($dbpasswd);
//
// Obtain and encode users IP
//
! // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
! // private range IP's appearing instead of the guilty routable IP, tough, don't
! // even bother complaining ... go scream and shout at the idiots out there who feel
! // "clever" is doing harm rather than good ... karma is a great thing ... :)
! //
! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
$user_ip = encode_ip($client_ip);
//
***************
*** 183,189 ****
if (file_exists('install') || file_exists('contrib'))
{
! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
}
//
--- 222,228 ----
if (file_exists('install') || file_exists('contrib'))
{
! message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
}
//
diff -crN phpbb204/db/db2.php phpbb2023/db/db2.php
*** phpbb204/db/db2.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/db2.php Sun Feb 10 18:19:54 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: db2.php,v 1.2 2002/01/28 17:24:45 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: db2.php 1997 2002-01-28 17:25:58Z psotfx $
*
***************************************************************************/
diff -crN phpbb204/db/msaccess.php phpbb2023/db/msaccess.php
*** phpbb204/db/msaccess.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/msaccess.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: msaccess.php,v 1.8.2.2 2002/09/28 12:50:59 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: msaccess.php 2906 2002-09-28 12:50:59Z psotfx $
*
***************************************************************************/
diff -crN phpbb204/db/mssql-odbc.php phpbb2023/db/mssql-odbc.php
*** phpbb204/db/mssql-odbc.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/mssql-odbc.php Sun Feb 10 18:19:54 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: mssql-odbc.php,v 1.7 2002/03/20 17:48:30 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: mssql-odbc.php 2380 2002-03-20 17:48:30Z psotfx $
*
***************************************************************************/
diff -crN phpbb204/db/mssql.php phpbb2023/db/mssql.php
*** phpbb204/db/mssql.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/mssql.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: mssql.php 5615 2006-03-09 19:57:47Z grahamje $
*
***************************************************************************/
***************
*** 289,295 ****
while( list($key, $value) = @each($row) )
{
! $row[$key] = stripslashes($value);
}
@reset($row);
--- 289,295 ----
while( list($key, $value) = @each($row) )
{
! $row[$key] = ($value === ' ') ? '' : stripslashes($value);
}
@reset($row);
***************
*** 317,323 ****
{
while( list($key, $value) = @each($row) )
{
! $rowset[$i][$key] = stripslashes($value);
}
$i++;
}
--- 317,323 ----
{
while( list($key, $value) = @each($row) )
{
! $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);
}
$i++;
}
***************
*** 356,362 ****
if( empty($this->row[$query_id]) )
{
$this->row[$query_id] = @mssql_fetch_array($query_id);
! $result = stripslashes($this->row[$query_id][$field]);
}
}
--- 356,362 ----
if( empty($this->row[$query_id]) )
{
$this->row[$query_id] = @mssql_fetch_array($query_id);
! $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);
}
}
diff -crN phpbb204/db/mysql.php phpbb2023/db/mysql.php
*** phpbb204/db/mysql.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/mysql.php Sun Feb 10 18:19:54 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: mysql.php,v 1.16 2002/03/19 01:07:36 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: mysql.php 5211 2005-09-18 16:17:21Z acydburn $
*
***************************************************************************/
***************
*** 259,265 ****
{
if($this->rowset[$query_id])
{
! $result = $this->rowset[$query_id][$field];
}
else if($this->row[$query_id])
{
--- 259,265 ----
{
if($this->rowset[$query_id])
{
! $result = $this->rowset[$query_id][0][$field];
}
else if($this->row[$query_id])
{
diff -crN phpbb204/db/mysql4.php phpbb2023/db/mysql4.php
*** phpbb204/db/mysql4.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/mysql4.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: mysql4.php,v 1.5 2002/04/02 21:13:47 the_systech Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: mysql4.php 5211 2005-09-18 16:17:21Z acydburn $
*
***************************************************************************/
***************
*** 271,277 ****
{
if( $this->rowset[$query_id] )
{
! $result = $this->rowset[$query_id][$field];
}
else if( $this->row[$query_id] )
{
--- 271,277 ----
{
if( $this->rowset[$query_id] )
{
! $result = $this->rowset[$query_id][0][$field];
}
else if( $this->row[$query_id] )
{
diff -crN phpbb204/db/oracle.php phpbb2023/db/oracle.php
*** phpbb204/db/oracle.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/oracle.php Thu Jan 1 01:00:00 1970
***************
*** 1,472 ****
- persistency = $persistency;
- $this->user = $sqluser;
- $this->password = $sqlpassword;
- $this->server = $sqlserver;
- $this->dbname = $database;
-
- if($this->persistency)
- {
- $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server);
- }
- else
- {
- $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server);
- }
- if($this->db_connect_id)
- {
- return $this->db_connect_id;
- }
- else
- {
- return false;
- }
- }
-
- //
- // Other base methods
- //
- function sql_close()
- {
- if($this->db_connect_id)
- {
- // Commit outstanding transactions
- if($this->in_transaction)
- {
- OCICommit($this->db_connect_id);
- }
-
- if($this->query_result)
- {
- @OCIFreeStatement($this->query_result);
- }
- $result = @OCILogoff($this->db_connect_id);
- return $result;
- }
- else
- {
- return false;
- }
- }
-
- //
- // Base query method
- //
- function sql_query($query = "", $transaction = FALSE)
- {
- // Remove any pre-existing queries
- unset($this->query_result);
-
- // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction
- $this->in_transaction = TRUE;
-
- if($query != "")
- {
- $this->last_query = $query;
- $this->num_queries++;
-
- if(eregi("LIMIT", $query))
- {
- preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits);
-
- $query = $limits[1];
- if($limits[3])
- {
- $row_offset = $limits[2];
- $num_rows = $limits[3];
- }
- else
- {
- $row_offset = 0;
- $num_rows = $limits[2];
- }
- }
-
- if(eregi("^(INSERT|UPDATE) ", $query))
- {
- $query = preg_replace("/\\\'/s", "''", $query);
- }
-
- $this->query_result = @OCIParse($this->db_connect_id, $query);
- $success = @OCIExecute($this->query_result, OCI_DEFAULT);
- }
- if($success)
- {
- if($transaction == END_TRANSACTION)
- {
- OCICommit($this->db_connect_id);
- $this->in_transaction = FALSE;
- }
-
- unset($this->row[$this->query_result]);
- unset($this->rowset[$this->query_result]);
- $this->last_query_text[$this->query_result] = $query;
-
- return $this->query_result;
- }
- else
- {
- if($this->in_transaction)
- {
- OCIRollback($this->db_connect_id);
- }
- return false;
- }
- }
-
- //
- // Other query methods
- //
- function sql_numrows($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = @OCIFetchStatement($query_id, $this->rowset);
- // OCIFetchStatment kills our query result so we have to execute the statment again
- // if we ever want to use the query_id again.
- @OCIExecute($query_id, OCI_DEFAULT);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_affectedrows($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = @OCIRowCount($query_id);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_numfields($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = @OCINumCols($query_id);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_fieldname($offset, $query_id = 0)
- {
- // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain
- // full abstraction compatibitly
- $offset += 1;
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = strtolower(@OCIColumnName($query_id, $offset));
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_fieldtype($offset, $query_id = 0)
- {
- // This situation is the same as fieldname
- $offset += 1;
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = @OCIColumnType($query_id, $offset);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_fetchrow($query_id = 0, $debug = FALSE)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result_row = "";
- $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS);
- if($debug)
- {
- echo "Query was: ".$this->last_query . "
";
- echo "Result: $result
";
- echo "Query ID: $query_id
";
- echo "";
- var_dump($result_row);
- echo "
";
- }
- if($result_row == "")
- {
- return false;
- }
-
- for($i = 0; $i < count($result_row); $i++)
- {
- list($key, $val) = each($result_row);
- $return_arr[strtolower($key)] = $val;
- }
- $this->row[$query_id] = $return_arr;
-
- return $this->row[$query_id];
- }
- else
- {
- return false;
- }
- }
- // This function probably isn't as efficant is it could be but any other way I do it
- // I end up losing 1 row...
- function sql_fetchrowset($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $rows = @OCIFetchStatement($query_id, $results);
- @OCIExecute($query_id, OCI_DEFAULT);
- for($i = 0; $i < $rows; $i++)
- {
- @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS);
-
- for($j = 0; $j < count($tmp_result); $j++)
- {
- list($key, $val) = each($tmp_result);
- $return_arr[strtolower($key)] = $val;
- }
- $result[] = $return_arr;
- }
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_fetchfield($field, $rownum = -1, $query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- if($rownum > -1)
- {
- // Reset the internal rownum pointer.
- @OCIExecute($query_id, OCI_DEFAULT);
- for($i = 0; $i < $rownum; $i++)
- {
- // Move the interal pointer to the row we want
- @OCIFetch($query_id);
- }
- // Get the field data.
- $result = @OCIResult($query_id, strtoupper($field));
- }
- else
- {
- // The internal pointer should be where we want it
- // so we just grab the field out of the current row.
- $result = @OCIResult($query_id, strtoupper($field));
- }
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_rowseek($rownum, $query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- @OCIExecute($query_id, OCI_DEFAULT);
- for($i = 0; $i < $rownum; $i++)
- {
- @OCIFetch($query_id);
- }
- $result = @OCIFetch($query_id);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_nextid($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id && $this->last_query_text[$query_id] != "")
- {
- if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename))
- {
- $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL";
- $stmt = @OCIParse($this->db_connect_id, $query);
- @OCIExecute($stmt,OCI_DEFAULT );
- $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS);
- if($temp_result)
- {
- return $temp_result['CURRVAL'];
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
- }
-
- function sql_nextid($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id && $this->last_query_text[$query_id] != "")
- {
- if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename))
- {
- $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL";
- $temp_q_id = @OCIParse($this->db_connect_id, $query);
- @OCIExecute($temp_q_id, OCI_DEFAULT);
- @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS);
-
- if($temp_result)
- {
- return $temp_result['CURRVAL'];
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
- }
-
-
-
- function sql_freeresult($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- if($query_id)
- {
- $result = @OCIFreeStatement($query_id);
- return $result;
- }
- else
- {
- return false;
- }
- }
- function sql_error($query_id = 0)
- {
- if(!$query_id)
- {
- $query_id = $this->query_result;
- }
- $result = @OCIError($query_id);
- return $result;
- }
-
- } // class sql_db
-
- } // if ... define
-
- ?>
\ No newline at end of file
--- 0 ----
diff -crN phpbb204/db/postgres7.php phpbb2023/db/postgres7.php
*** phpbb204/db/postgres7.php Sat Jul 10 20:16:21 2004
--- phpbb2023/db/postgres7.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: postgres7.php 5142 2005-05-06 20:50:13Z acydburn $
*
***************************************************************************/
diff -crN phpbb204/extension.inc phpbb2023/extension.inc
*** phpbb204/extension.inc Sat Jul 10 20:16:21 2004
--- phpbb2023/extension.inc Sun Feb 10 18:19:56 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: extension.inc,v 1.5 2002/04/04 11:52:50 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: extension.inc 2480 2002-04-04 11:52:50Z psotfx $
*
*
***************************************************************************/
diff -crN phpbb204/faq.php phpbb2023/faq.php
*** phpbb204/faq.php Sat Jul 10 20:16:21 2004
--- phpbb2023/faq.php Sun Feb 10 18:19:56 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: faq.php,v 1.14 2002/03/31 00:06:33 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: faq.php 4926 2004-07-11 16:46:20Z acydburn $
*
*
***************************************************************************/
***************
*** 34,39 ****
--- 34,42 ----
// End session management
//
+ // Set vars to prevent naughtiness
+ $faq = array();
+
//
// Load the appropriate faq file
//
***************
*** 97,103 ****
$template->set_filenames(array(
'body' => 'faq_body.tpl')
);
! make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'L_FAQ_TITLE' => $l_title,
--- 100,106 ----
$template->set_filenames(array(
'body' => 'faq_body.tpl')
);
! make_jumpbox('viewforum.'.$phpEx);
$template->assign_vars(array(
'L_FAQ_TITLE' => $l_title,
diff -crN phpbb204/groupcp.php phpbb2023/groupcp.php
*** phpbb204/groupcp.php Sat Jul 10 20:16:21 2004
--- phpbb2023/groupcp.php Sun Feb 10 18:19:56 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php,v 1.58.2.12 2003/01/09 00:17:23 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php 8357 2008-02-01 11:59:05Z Kellanved $
*
*
***************************************************************************/
***************
*** 99,107 ****
$yim_img = ( $row['user_yim'] ) ? '![' . $lang['YIM'] . '](' . $images['icon_yim'] . ' "' . $lang['YIM'] . '")
' : '';
$yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : '';
! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts");
! $search_img = '