phpbb-php5mod-cvs-checkins Mailing List for phpBB-php5 MOD
Brought to you by:
jelly_doughnut
Menu
▾
▴
phpbb-php5mod-cvs-checkins — Notification of cvs checkins
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(15) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(10) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
(15) |
Mar
|
Apr
(7) |
May
(11) |
Jun
(5) |
Jul
(6) |
Aug
|
Sep
|
Oct
(12) |
Nov
|
Dec
(7) |
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(10) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(7) |
| 2007 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Josh <jel...@us...> - 2007-02-24 20:15:00
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13329/install_/schemas Modified Files: mysql_schema.sql Log Message: - Fixing a bug reported on the forums by UCFirefly Index: mysql_schema.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mysql_schema.sql,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** mysql_schema.sql 31 Dec 2005 02:10:06 -0000 1.4 --- mysql_schema.sql 24 Feb 2007 20:14:57 -0000 1.5 *************** *** 522,526 **** user_newpasswd varchar(32), user_last_login_try int(11) NOT NULL DEFAULT '0', ! user_login_tries smallint(5) UNSIGNED NOT NULL DEFAULT '0' PRIMARY KEY (user_id), KEY user_session_time (user_session_time) --- 522,526 ---- user_newpasswd varchar(32), user_last_login_try int(11) NOT NULL DEFAULT '0', ! user_login_tries smallint(5) UNSIGNED NOT NULL DEFAULT '0', PRIMARY KEY (user_id), KEY user_session_time (user_session_time) |
|
From: Josh <jel...@us...> - 2006-12-23 23:26:53
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24137/install_ Added Files: update_to_20225.php Log Message: 2.0.22.5 --- NEW FILE: update_to_20225.php --- <?php /*************************************************************************** * update_to_20xy.php * ------------------- * begin : Friday, Nov. * copyright : (C) 2005 phpBB-php5 * email : n/a * * $Id: update_to_20225.php,v 1.1 2006/12/23 23:26:52 jelly_doughnut Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // This script is basically phpBB's update_to_20x.php // Except it doesn't have information to upgrade from ancient versions. function _sql($sql, &$errored, &$error_ary, $echo_dot = true) { global $db; if (is_array($sql) && sizeof($sql)) { foreach ($sql as $query) { if (!($result = $db->sql_query($query))) { $errored = true; $error_ary['sql'][] = (is_array($query)) ? $query[$i] : $query; $error_ary['error_code'][] = $db->sql_error(); } } } else { if (!($result = $db->sql_query($sql))) { $errored = true; $error_ary['sql'][] = (is_array($sql)) ? $sql[$i] : $sql; $error_ary['error_code'][] = $db->sql_error(); } } if ($echo_dot) { echo ". \n"; flush(); } return $result; } @set_time_limit(120); define('IN_PHPBB', 1); $phpbb_root_path = './../'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'config.'.$phpEx); if(!isset($dbms)) { die("Please read: <a href='../docs/INSTALL.html'>INSTALL.html</a> before attempting to update."); } include($phpbb_root_path . 'includes/constants.'.$phpEx); include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/functions_admin.'.$phpEx); include($phpbb_root_path . 'includes/functions_search.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); // // // $updates_to_version = ".0.22"; $update_php5mod_version = ".0.22.5"; // // // ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;"> <meta http-equiv="Content-Style-Type" content="text/css"> <style type="text/css"> <!-- font,th,td,p,body { font-family: "Courier New", courier; font-size: 11pt } a:link,a:active,a:visited { color : #006699; } a:hover { text-decoration: underline; color : #DD6900;} hr { height: 0px; border: solid #D1D7DC 0px; border-top-width: 1px;} .maintitle,h1,h2 {font-weight: bold; font-size: 22px; font-family: "Trebuchet MS",Verdana, Arial, Helvetica, sans-serif; text-decoration: none; line-height : 120%; color : #000000;} .ok {color:green} /* Import the fancy styles for IE only (NS4.x doesn't use the @import function) */ @import url("../templates/subSilver/formIE.css"); --> </style> </head> <body bgcolor="#FFFFFF" text="#000000" link="#006699" vlink="#5584AA"> <table width="100%" border="0" cellspacing="0" cellpadding="10" align="center"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="Forum Home" vspace="1" /></td> <td align="center" width="100%" valign="middle"><span class="maintitle">Updating to latest stable release</span></td> </tr> </table></td> </tr> </table> <br clear="all" /> <h2>Information</h2> <?php echo '<p>Database type :: <b>' . SQL_LAYER . '</b><br />'; $sql = "SELECT config_value FROM " . CONFIG_TABLE . " WHERE config_name = 'version'"; if (!($result = $db->sql_query($sql))) { die("Couldn't obtain version info"); } $row = $db->sql_fetchrow($result); $sql = array(); echo 'Previous version :: <b>2' . $row['config_value'] . '</b><br />'; echo 'Updated version :: <b>2' . $updates_to_version . '</b></p>' ."\n"; echo "<h2>Updating database schema</h2>\n"; echo "<p>Progress :: <b>"; flush(); // // Data updates // unset($sql); $error_ary = array(); $errored = false; echo "<h2>Updating data</h2>\n"; echo "<p>Progress :: <b>"; flush(); if ($row['config_value'] < '.0.14'); { $sql[] = 'ALTER TABLE ' . SESSIONS_TABLE . ' ADD session_admin int(1)'; switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql = array(); $sql[] = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['config_value'] < '.0.17') { switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql[] = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); } if ($row['version'] < '.0.19') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_login_attempts', '5')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('login_reset_time', '30')"; // Add login columns to user table switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int(11) DEFAULT '0' NOT NULL"; break; case 'postgresql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries int2"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_login_tries SET DEFAULT '0'"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int4"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_last_login_try SET DEFAULT '0'"; break; case 'mssql-odbc': case 'mssql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_login_tries] DEFAULT (0) FOR [user_login_tries]"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try]"; break; case 'msaccess': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL"; break; } _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['version'] < '.0.20') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('search_flood_interval', '15')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('rand_seed', '0')"; _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['version'] < '.0.21') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('search_min_chars', '3')"; // We reset those having autologin enabled and forcing the re-assignment of a session id // since there have been changes to the way these are handled from previous versions $sql[] = 'DELETE FROM ' . SESSIONS_TABLE; $sql[] = 'DELETE FROM ' . SESSIONS_KEYS_TABLE; _sql($sql, $errored, $error_ary); $sql = array(); } else { echo " No updates were required</b></p>\n"; } echo "<h2>Updating version and optimizing tables</h2>\n"; echo "<p>Progress :: <b>"; flush(); // update the version $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$updates_to_version' WHERE config_name = 'version'"; _sql($sql, $errored, $error_ary); $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$update_php5mod_version' WHERE config_name = 'version5'"; _sql($sql, $errored, $error_ary); // Optimize/vacuum analyze the tables where appropriate // this should be done for each version in future along with // the version number update switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql = 'OPTIMIZE TABLE ' . $table_prefix . 'auth_access, ' . $table_prefix . 'banlist, ' . $table_prefix . 'categories, ' . $table_prefix . 'config, ' . $table_prefix . 'disallow, ' . $table_prefix . 'forum_prune, ' . $table_prefix . 'forums, ' . $table_prefix . 'groups, ' . $table_prefix . 'posts, ' . $table_prefix . 'posts_text, ' . $table_prefix . 'privmsgs, ' . $table_prefix . 'privmsgs_text, ' . $table_prefix . 'ranks, ' . $table_prefix . 'search_results, ' . $table_prefix . 'search_wordlist, ' . $table_prefix . 'search_wordmatch, ' . $table_prefix . 'smilies, ' . $table_prefix . 'themes, ' . $table_prefix . 'themes_name, ' . $table_prefix . 'topics, ' . $table_prefix . 'topics_watch, ' . $table_prefix . 'user_group, ' . $table_prefix . 'users, ' . $table_prefix . 'vote_desc, ' . $table_prefix . 'vote_results, ' . $table_prefix . 'vote_voters, ' . $table_prefix . 'words'; _sql($sql, $errored, $error_ary); break; case 'postgresql': $sql = 'VACCUUM ANALYZE'; _sql($sql, $errored, $error_ary); break; } echo "</b> <b class=\"ok\">Done</b><br />Result :: \n"; if ($errored) { echo " <b>Some queries failed, the statements and errors are listing below</b>\n<ul>"; for ($i = 0; $i < count($error_ary['sql']); $i++) { echo "<li>Error :: <b>" . $error_ary['error_code'][$i]['message'] . "</b><br />"; echo "SQL :: <b>" . $error_ary['sql'][$i] . "</b><br /><br /></li>"; } echo "</ul>\n<p>This is probably nothing to worry about, update will continue. Should this fail to complete you may need to seek help at our development board. See <a href=\"docs\README.html\">README</a> for details on how to obtain advice.</p>\n"; } else { echo "<b>No errors</b>\n"; } echo "<h2>Update completed</h2>\n"; echo "\n<p>You should now visit the General Configuration settings page in the <a href=\"../admin/\">Administration Panel</a> and check the General Configuration of the board. If you updated from versions prior to RC-3 you <b>must</b> update some entries. If you do not do this emails sent from the board will contain incorrect information. Don't forget to delete this file!</p>\n"; ?> <br clear="all" /> </body> </html> |
|
From: Josh <jel...@us...> - 2006-12-23 23:26:53
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24137/install_/schemas Modified Files: mssql_basic.sql mysql_basic.sql postgres_basic.sql Log Message: 2.0.22.5 Index: mysql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mysql_basic.sql,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** mysql_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 --- mysql_basic.sql 23 Dec 2006 23:26:51 -0000 1.12 *************** *** 65,70 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); --- 65,70 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.22'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.22.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); Index: mssql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mssql_basic.sql,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** mssql_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 --- mssql_basic.sql 23 Dec 2006 23:26:51 -0000 1.12 *************** *** 72,77 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); --- 72,77 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.22'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.22.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); Index: postgres_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/postgres_basic.sql,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** postgres_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 --- postgres_basic.sql 23 Dec 2006 23:26:51 -0000 1.12 *************** *** 66,71 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); --- 66,71 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.22'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.22.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); |
Update of /cvsroot/phpbb-php5mod/phpbb-php5 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123 Modified Files: groupcp.php login.php memberlist.php modcp.php posting.php privmsg.php search.php viewforum.php viewtopic.php Log Message: 2.0.22.5 Index: login.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/login.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** login.php 8 Jun 2006 19:24:56 -0000 1.7 --- login.php 23 Dec 2006 23:21:49 -0000 1.8 *************** *** 124,128 **** $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); --- 124,128 ---- $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); *************** *** 143,147 **** $redirect = str_replace("?", "&", $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); --- 143,147 ---- $redirect = str_replace("?", "&", $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); Index: search.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/search.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** search.php 8 Jun 2006 19:24:56 -0000 1.6 --- search.php 23 Dec 2006 23:21:49 -0000 1.7 *************** *** 119,122 **** --- 119,123 ---- $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; $sort_by_types = array($lang['Sort_Time'], $lang['Sort_Post_Subject'], $lang['Sort_Topic_Title'], $lang['Sort_Author'], $lang['Sort_Forum']); Index: viewtopic.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/viewtopic.php,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** viewtopic.php 8 Jun 2006 19:24:56 -0000 1.13 --- viewtopic.php 23 Dec 2006 23:21:49 -0000 1.14 *************** *** 47,50 **** --- 47,51 ---- $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; if (!$topic_id && !$post_id) Index: posting.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/posting.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** posting.php 8 Jun 2006 19:24:56 -0000 1.4 --- posting.php 23 Dec 2006 23:21:49 -0000 1.5 *************** *** 45,48 **** --- 45,49 ---- $confirm = isset($_POST['confirm']) ? true : false; + $sid = (isset($_POST['sid'])) ? $_POST['sid'] : 0; $params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL); *************** *** 223,227 **** } ! if ( $result = $db->sql_query($sql) ) { $post_info = $db->sql_fetchrow($result); --- 224,228 ---- } ! if ( ($result = $db->sql_query($sql)) && ($post_info = $db->sql_fetchrow($result)) ) { $post_info = $db->sql_fetchrow($result); *************** *** 434,437 **** --- 435,439 ---- $s_hidden_fields = '<input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />'; $s_hidden_fields .= ( $delete || $mode == "delete" ) ? '<input type="hidden" name="mode" value="delete" />' : '<input type="hidden" name="mode" value="poll_delete" />'; + $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; $l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll']; *************** *** 545,548 **** --- 547,556 ---- $return_meta = ''; + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Session_invalid'] : $lang['Session_invalid']; + } + switch ( $mode ) { *************** *** 570,573 **** --- 578,586 ---- case 'delete': case 'poll_delete': + if ($error_msg != '') + { + message_die(GENERAL_MESSAGE, $error_msg); + } + delete_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id); break; *************** *** 932,935 **** --- 945,949 ---- $hidden_form_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; + $hidden_form_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; switch( $mode ) Index: memberlist.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/memberlist.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** memberlist.php 8 Jun 2006 19:24:56 -0000 1.4 --- memberlist.php 23 Dec 2006 23:21:49 -0000 1.5 *************** *** 35,38 **** --- 35,39 ---- $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($_GET['mode']) || isset($_POST['mode']) ) Index: groupcp.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/groupcp.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** groupcp.php 31 Oct 2005 03:18:41 -0000 1.5 --- groupcp.php 23 Dec 2006 23:21:49 -0000 1.6 *************** *** 149,152 **** --- 149,153 ---- $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; // *************** *** 419,423 **** WHERE aa.group_id = g.group_id ) ! )"; break; --- 420,425 ---- WHERE aa.group_id = g.group_id ) ! ) ! ORDER BY aa.auth_mod DESC"; break; *************** *** 426,430 **** FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; --- 428,433 ---- FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id ! ORDER BY aa.auth_mod DESC"; break; *************** *** 433,437 **** FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id"; break; } --- 436,441 ---- FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id ! ORDER BY aa.auth_mod DESC"; break; } Index: viewforum.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/viewforum.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** viewforum.php 30 Jul 2004 02:12:38 -0000 1.2 --- viewforum.php 23 Dec 2006 23:21:49 -0000 1.3 *************** *** 43,46 **** --- 43,47 ---- $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($_GET['mark']) || isset($_POST['mark']) ) Index: modcp.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/modcp.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** modcp.php 8 Jun 2006 19:24:56 -0000 1.6 --- modcp.php 23 Dec 2006 23:21:49 -0000 1.7 *************** *** 72,75 **** --- 72,76 ---- // $start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; $delete = ( isset($_POST['delete']) ) ? TRUE : FALSE; Index: privmsg.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/privmsg.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** privmsg.php 8 Jun 2006 19:24:56 -0000 1.9 --- privmsg.php 23 Dec 2006 23:21:49 -0000 1.10 *************** *** 51,54 **** --- 51,55 ---- $delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0; $save = ( isset($_POST['save']) ) ? TRUE : 0; + $sid = (isset($_POST['sid'])) ? $_POST['sid'] : 0; $refresh = $preview || $submit_search; *************** *** 102,105 **** --- 103,107 ---- $start = ( !empty($_GET['start']) ) ? intval($_GET['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($_POST[POST_POST_URL]) || isset($_GET[POST_POST_URL]) ) *************** *** 1162,1165 **** --- 1164,1174 ---- if ( $submit ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error = true; + $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Session_invalid']; + } + if ( !empty($_POST['username']) ) { *************** *** 1376,1380 **** $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : ''; ! $privmsg_message = preg_replace('#<textarea>#si', '<textarea>', $privmsg_message); if ( !$preview ) { --- 1385,1389 ---- $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : ''; ! //$privmsg_message = preg_replace('#<textarea>#si', '<textarea>', $privmsg_message); if ( !$preview ) { *************** *** 1480,1484 **** $privmsg_message = str_replace('<br />', "\n", $privmsg_message); ! $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); $user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : ''; --- 1489,1493 ---- $privmsg_message = str_replace('<br />', "\n", $privmsg_message); ! // $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); $user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : ''; *************** *** 1522,1526 **** $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message); $privmsg_message = str_replace('<br />', "\n", $privmsg_message); ! $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); --- 1531,1535 ---- $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message); $privmsg_message = str_replace('<br />', "\n", $privmsg_message); ! // $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); *************** *** 1735,1738 **** --- 1744,1748 ---- $s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />'; $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />'; + $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; if ( $mode == 'edit' ) { |
|
From: Josh <jel...@us...> - 2006-12-23 23:21:51
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123/includes Modified Files: bbcode.php functions.php usercp_email.php usercp_register.php Log Message: 2.0.22.5 Index: functions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** functions.php 8 Jun 2006 19:24:57 -0000 1.7 --- functions.php 23 Dec 2006 23:21:49 -0000 1.8 *************** *** 866,870 **** } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); --- 866,870 ---- } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); Index: usercp_register.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_register.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** usercp_register.php 8 Jun 2006 19:24:57 -0000 1.10 --- usercp_register.php 23 Dec 2006 23:21:49 -0000 1.11 *************** *** 143,146 **** --- 143,147 ---- $notifypm = ( isset($_POST['notifypm']) ) ? ( ($_POST['notifypm']) ? TRUE : 0 ) : TRUE; $popup_pm = ( isset($_POST['popup_pm']) ) ? ( ($_POST['popup_pm']) ? TRUE : 0 ) : TRUE; + $sid = (isset($_POST['sid'])) ? $_POST['sid'] : 0; if ( $mode == 'register' ) *************** *** 250,253 **** --- 251,261 ---- if ( isset($_POST['submit']) ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error = true; + $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Session_invalid']; + } + include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); *************** *** 290,294 **** if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); } --- 298,302 ---- if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql); } *************** *** 307,311 **** if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); } } --- 315,319 ---- if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql); } } *************** *** 889,892 **** --- 897,901 ---- $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />'; + $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; if( $mode == 'editprofile' ) { Index: usercp_email.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_email.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** usercp_email.php 30 Jul 2004 02:12:38 -0000 1.2 --- usercp_email.php 23 Dec 2006 23:21:49 -0000 1.3 *************** *** 53,133 **** if ( $result = $db->sql_query($sql) ) { ! $row = $db->sql_fetchrow($result); ! ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { ! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) ! { ! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); ! } ! if ( isset($_POST['submit']) ) { ! $error = FALSE; ! ! if ( !empty($_POST['subject']) ) ! { ! $subject = trim(stripslashes($_POST['subject'])); ! } ! else { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; } ! if ( !empty($_POST['message']) ) ! { ! $message = trim(stripslashes($_POST['message'])); ! } ! else { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! if ( !$error ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); ! $emailer->set_subject($subject); ! $emailer->extra_headers($email_headers); ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'FROM_USERNAME' => $userdata['username'], ! 'TO_USERNAME' => $username, ! 'MESSAGE' => $message) ! ); ! $emailer->send(); ! $emailer->reset(); ! if ( !empty($_POST['cc_email']) ) { $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! $emailer->use_template('profile_send_email'); ! $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); $emailer->assign_vars(array( --- 53,115 ---- if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { ! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) { ! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); } ! if ( isset($_POST['submit']) ) { ! $error = FALSE; ! if ( !empty($_POST['subject']) ) { ! $subject = trim(stripslashes($_POST['subject'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; ! } ! if ( !empty($_POST['message']) ) ! { ! $message = trim(stripslashes($_POST['message'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! if ( !$error ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); $emailer->set_subject($subject); + $emailer->extra_headers($email_headers); $emailer->assign_vars(array( *************** *** 140,209 **** $emailer->send(); $emailer->reset(); - } ! $template->assign_vars(array( ! 'META' => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">') ! ); ! $message = $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); ! } ! else ! { ! message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); } } - } - - include($phpbb_root_path . 'includes/page_header.'.$phpEx); ! $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ! ); ! make_jumpbox('viewforum.'.$phpEx); - if ( $error ) - { $template->set_filenames(array( ! 'reg_header' => 'error_body.tpl') ! ); ! $template->assign_vars(array( ! 'ERROR_MESSAGE' => $error_msg) ); ! $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! } ! $template->assign_vars(array( ! 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), ! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], ! 'L_RECIPIENT' => $lang['Recipient'], ! 'L_SUBJECT' => $lang['Subject'], ! 'L_MESSAGE_BODY' => $lang['Message_body'], ! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], ! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], ! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], ! 'L_OPTIONS' => $lang['Options'], ! 'L_CC_EMAIL' => $lang['CC_email'], ! 'L_SPELLCHECK' => $lang['Spellcheck'], ! 'L_SEND_EMAIL' => $lang['Send_email']) ! ); ! $template->pparse('body'); ! include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } --- 122,214 ---- $emailer->send(); $emailer->reset(); ! if ( !empty($_POST['cc_email']) ) ! { ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! $emailer->use_template('profile_send_email'); ! $emailer->email_address($userdata['user_email']); ! $emailer->set_subject($subject); ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'FROM_USERNAME' => $userdata['username'], ! 'TO_USERNAME' => $username, ! 'MESSAGE' => $message) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $template->assign_vars(array( ! 'META' => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">') ! ); ! ! $message = $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! ! message_die(GENERAL_MESSAGE, $message); ! } ! else ! { ! message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); ! } } } ! include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); ! if ( $error ) ! { ! $template->set_filenames(array( ! 'reg_header' => 'error_body.tpl') ! ); ! $template->assign_vars(array( ! 'ERROR_MESSAGE' => $error_msg) ! ); ! $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! } ! $template->assign_vars(array( ! 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), ! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], ! 'L_RECIPIENT' => $lang['Recipient'], ! 'L_SUBJECT' => $lang['Subject'], ! 'L_MESSAGE_BODY' => $lang['Message_body'], ! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], ! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], ! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], ! 'L_OPTIONS' => $lang['Options'], ! 'L_CC_EMAIL' => $lang['CC_email'], ! 'L_SPELLCHECK' => $lang['Spellcheck'], ! 'L_SEND_EMAIL' => $lang['Send_email']) ! ); ! $template->pparse('body'); ! ! include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); ! } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } } else { ! message_die(GENERAL_ERROR, 'Could not select user data', '', __LINE__, __FILE__, $sql); } Index: bbcode.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/bbcode.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** bbcode.php 8 Jun 2006 19:24:57 -0000 1.7 --- bbcode.php 23 Dec 2006 23:21:49 -0000 1.8 *************** *** 206,209 **** --- 206,210 ---- // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; + $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. |
|
From: Josh <jel...@us...> - 2006-12-23 23:21:51
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123/templates/subSilver Modified Files: posting_body.tpl Log Message: 2.0.22.5 Index: posting_body.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/posting_body.tpl,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** posting_body.tpl 29 Jul 2004 22:36:22 -0000 1.1 --- posting_body.tpl 23 Dec 2006 23:21:49 -0000 1.2 *************** *** 373,377 **** <option style="color:white; background-color: {T_TD_COLOR1}" value="white" class="genmed">{L_COLOR_WHITE}</option> <option style="color:black; background-color: {T_TD_COLOR1}" value="black" class="genmed">{L_COLOR_BLACK}</option> ! </select> {L_FONT_SIZE}:<select name="addbbcode20" onChange="bbfontstyle('[size=' + this.form.addbbcode20.options[this.form.addbbcode20.selectedIndex].value + ']', '[/size]')" onMouseOver="helpline('f')"> <option value="7" class="genmed">{L_FONT_TINY}</option> <option value="9" class="genmed">{L_FONT_SMALL}</option> --- 373,378 ---- <option style="color:white; background-color: {T_TD_COLOR1}" value="white" class="genmed">{L_COLOR_WHITE}</option> <option style="color:black; background-color: {T_TD_COLOR1}" value="black" class="genmed">{L_COLOR_BLACK}</option> ! </select> {L_FONT_SIZE}:<select name="addbbcode20" onChange="bbfontstyle('[size=' + this.form.addbbcode20.options[this.form.addbbcode20.selectedIndex].value + ']', '[/size]');this.selectedIndex=0;" onMouseOver="helpline('f')"> ! <option value="0" class="genmed">{L_FONT_SIZE}</option> <option value="7" class="genmed">{L_FONT_TINY}</option> <option value="9" class="genmed">{L_FONT_SMALL}</option> |
|
From: Josh <jel...@us...> - 2006-12-23 23:21:50
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123/language/lang_english Modified Files: lang_main.php Log Message: 2.0.22.5 Index: lang_main.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/lang_main.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** lang_main.php 8 Jun 2006 19:24:57 -0000 1.5 --- lang_main.php 23 Dec 2006 23:21:49 -0000 1.6 *************** *** 1020,1023 **** --- 1020,1024 ---- $lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.'; $lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted'; + $lang['Session_invalid'] = 'Invalid Session. Please resubmit the form.'; // |
|
From: Josh <jel...@us...> - 2006-12-23 23:21:50
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123/admin Modified Files: admin_board.php Log Message: 2.0.22.5 Index: admin_board.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_board.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** admin_board.php 8 Jun 2006 19:24:56 -0000 1.6 --- admin_board.php 23 Dec 2006 23:21:49 -0000 1.7 *************** *** 60,63 **** --- 60,73 ---- } + // Attempt to prevent a mistake with this value. + if ($config_name == 'avatar_path') + { + $new['avatar_path'] = trim($new['avatar_path']); + if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path'])) + { + $new['avatar_path'] = $default_config['avatar_path']; + } + } + if( isset($_POST['submit']) ) { |
|
From: Josh <jel...@us...> - 2006-06-08 19:41:02
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23209/install_/schemas Modified Files: mssql_basic.sql mysql_basic.sql postgres_basic.sql Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: mysql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mysql_basic.sql,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** mysql_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 --- mysql_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 *************** *** 65,72 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); --- 65,75 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval', '15'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_min_chars', '3'); Index: mssql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mssql_basic.sql,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** mssql_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 --- mssql_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 *************** *** 72,79 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); /* --- 72,82 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval', '15'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_min_chars', '3'); /* Index: postgres_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/postgres_basic.sql,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** postgres_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 --- postgres_basic.sql 8 Jun 2006 19:40:54 -0000 1.11 *************** *** 66,73 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); -- Categories --- 66,76 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.21.5'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval', '15'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0'); + INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_min_chars', '3'); -- Categories |
|
From: Josh <jel...@us...> - 2006-06-08 19:40:58
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23209/install_ Added Files: update_to_20215.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) --- NEW FILE: update_to_20215.php --- <?php /*************************************************************************** * update_to_20xy.php * ------------------- * begin : Friday, Nov. * copyright : (C) 2005 phpBB-php5 * email : n/a * * $Id: update_to_20215.php,v 1.1 2006/06/08 19:40:54 jelly_doughnut Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // This script is basically phpBB's update_to_20x.php // Except it doesn't have information to upgrade from ancient versions. function _sql($sql, &$errored, &$error_ary, $echo_dot = true) { global $db; if (is_array($sql) && sizeof($sql)) { foreach ($sql as $query) { if (!($result = $db->sql_query($query))) { $errored = true; $error_ary['sql'][] = (is_array($query)) ? $query[$i] : $query; $error_ary['error_code'][] = $db->sql_error(); } } } else { if (!($result = $db->sql_query($sql))) { $errored = true; $error_ary['sql'][] = (is_array($sql)) ? $sql[$i] : $sql; $error_ary['error_code'][] = $db->sql_error(); } } if ($echo_dot) { echo ". \n"; flush(); } return $result; } @set_time_limit(120); define('IN_PHPBB', 1); $phpbb_root_path = './../'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'config.'.$phpEx); if(!isset($dbms)) { die("Please read: <a href='../docs/INSTALL.html'>INSTALL.html</a> before attempting to update."); } include($phpbb_root_path . 'includes/constants.'.$phpEx); include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/functions_admin.'.$phpEx); include($phpbb_root_path . 'includes/functions_search.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); // // // $updates_to_version = ".0.21"; $update_php5mod_version = ".0.21.5"; // // // ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;"> <meta http-equiv="Content-Style-Type" content="text/css"> <style type="text/css"> <!-- font,th,td,p,body { font-family: "Courier New", courier; font-size: 11pt } a:link,a:active,a:visited { color : #006699; } a:hover { text-decoration: underline; color : #DD6900;} hr { height: 0px; border: solid #D1D7DC 0px; border-top-width: 1px;} .maintitle,h1,h2 {font-weight: bold; font-size: 22px; font-family: "Trebuchet MS",Verdana, Arial, Helvetica, sans-serif; text-decoration: none; line-height : 120%; color : #000000;} .ok {color:green} /* Import the fancy styles for IE only (NS4.x doesn't use the @import function) */ @import url("../templates/subSilver/formIE.css"); --> </style> </head> <body bgcolor="#FFFFFF" text="#000000" link="#006699" vlink="#5584AA"> <table width="100%" border="0" cellspacing="0" cellpadding="10" align="center"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="Forum Home" vspace="1" /></td> <td align="center" width="100%" valign="middle"><span class="maintitle">Updating to latest stable release</span></td> </tr> </table></td> </tr> </table> <br clear="all" /> <h2>Information</h2> <?php echo '<p>Database type :: <b>' . SQL_LAYER . '</b><br />'; $sql = "SELECT config_value FROM " . CONFIG_TABLE . " WHERE config_name = 'version'"; if (!($result = $db->sql_query($sql))) { die("Couldn't obtain version info"); } $row = $db->sql_fetchrow($result); $sql = array(); echo 'Previous version :: <b>2' . $row['config_value'] . '</b><br />'; echo 'Updated version :: <b>2' . $updates_to_version . '</b></p>' ."\n"; echo "<h2>Updating database schema</h2>\n"; echo "<p>Progress :: <b>"; flush(); // // Data updates // unset($sql); $error_ary = array(); $errored = false; echo "<h2>Updating data</h2>\n"; echo "<p>Progress :: <b>"; flush(); if ($row['config_value'] < '.0.14'); { $sql[] = 'ALTER TABLE ' . SESSIONS_TABLE . ' ADD session_admin int(1)'; switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql = array(); $sql[] = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['config_value'] < '.0.17') { switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql[] = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); } if ($row['version'] < '.0.19') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_login_attempts', '5')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('login_reset_time', '30')"; // Add login columns to user table switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int(11) DEFAULT '0' NOT NULL"; break; case 'postgresql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries int2"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_login_tries SET DEFAULT '0'"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int4"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_last_login_try SET DEFAULT '0'"; break; case 'mssql-odbc': case 'mssql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_login_tries] DEFAULT (0) FOR [user_login_tries]"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try]"; break; case 'msaccess': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL"; break; } _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['version'] < '.0.20') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('search_flood_interval', '15')"; $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('rand_seed', '0')"; _sql($sql, $errored, $error_ary); $sql = array(); } if ($row['version'] < '.0.21') { $sql[] = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('search_min_chars', '3')"; // We reset those having autologin enabled and forcing the re-assignment of a session id // since there have been changes to the way these are handled from previous versions $sql[] = 'DELETE FROM ' . SESSIONS_TABLE; $sql[] = 'DELETE FROM ' . SESSIONS_KEYS_TABLE; _sql($sql, $errored, $error_ary); $sql = array(); } else { echo " No updates were required</b></p>\n"; } echo "<h2>Updating version and optimizing tables</h2>\n"; echo "<p>Progress :: <b>"; flush(); // update the version $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$updates_to_version' WHERE config_name = 'version'"; _sql($sql, $errored, $error_ary); $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$update_php5mod_version' WHERE config_name = 'version5'"; _sql($sql, $errored, $error_ary); // Optimize/vacuum analyze the tables where appropriate // this should be done for each version in future along with // the version number update switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql = 'OPTIMIZE TABLE ' . $table_prefix . 'auth_access, ' . $table_prefix . 'banlist, ' . $table_prefix . 'categories, ' . $table_prefix . 'config, ' . $table_prefix . 'disallow, ' . $table_prefix . 'forum_prune, ' . $table_prefix . 'forums, ' . $table_prefix . 'groups, ' . $table_prefix . 'posts, ' . $table_prefix . 'posts_text, ' . $table_prefix . 'privmsgs, ' . $table_prefix . 'privmsgs_text, ' . $table_prefix . 'ranks, ' . $table_prefix . 'search_results, ' . $table_prefix . 'search_wordlist, ' . $table_prefix . 'search_wordmatch, ' . $table_prefix . 'smilies, ' . $table_prefix . 'themes, ' . $table_prefix . 'themes_name, ' . $table_prefix . 'topics, ' . $table_prefix . 'topics_watch, ' . $table_prefix . 'user_group, ' . $table_prefix . 'users, ' . $table_prefix . 'vote_desc, ' . $table_prefix . 'vote_results, ' . $table_prefix . 'vote_voters, ' . $table_prefix . 'words'; _sql($sql, $errored, $error_ary); break; case 'postgresql': $sql = 'VACCUUM ANALYZE'; _sql($sql, $errored, $error_ary); break; } echo "</b> <b class=\"ok\">Done</b><br />Result :: \n"; if ($errored) { echo " <b>Some queries failed, the statements and errors are listing below</b>\n<ul>"; for ($i = 0; $i < count($error_ary['sql']); $i++) { echo "<li>Error :: <b>" . $error_ary['error_code'][$i]['message'] . "</b><br />"; echo "SQL :: <b>" . $error_ary['sql'][$i] . "</b><br /><br /></li>"; } echo "</ul>\n<p>This is probably nothing to worry about, update will continue. Should this fail to complete you may need to seek help at our development board. See <a href=\"docs\README.html\">README</a> for details on how to obtain advice.</p>\n"; } else { echo "<b>No errors</b>\n"; } echo "<h2>Update completed</h2>\n"; echo "\n<p>You should now visit the General Configuration settings page in the <a href=\"../admin/\">Administration Panel</a> and check the General Configuration of the board. If you updated from versions prior to RC-3 you <b>must</b> update some entries. If you do not do this emails sent from the board will contain incorrect information. Don't forget to delete this file!</p>\n"; ?> <br clear="all" /> </body> </html> |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:08
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144 Modified Files: common.php config.php index.php login.php memberlist.php modcp.php posting.php privmsg.php profile.php search.php viewtopic.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: login.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/login.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** login.php 31 Dec 2005 01:35:25 -0000 1.6 --- login.php 8 Jun 2006 19:24:56 -0000 1.7 *************** *** 83,87 **** // Check to see if user is allowed to login again... if his tries are exceeded if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && ! $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts']) { message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); --- 83,87 ---- // Check to see if user is allowed to login again... if his tries are exceeded if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && ! $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); *************** *** 108,112 **** } } ! else { // Save login tries and last login --- 108,113 ---- } } ! // Only store a failed login attempt for an active user - inactive users can't login even with a correct password ! elseif( $row['user_active'] ) { // Save login tries and last login *************** *** 118,138 **** $db->sql_query($sql); } ! $redirect = ( !empty($_POST['redirect']) ) ? str_replace('&', '&', htmlspecialchars($_POST['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) ! { ! message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); ! } ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); ! } } } --- 119,139 ---- $db->sql_query($sql); } + } ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) ! { ! message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); ! } ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); } } Index: search.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/search.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** search.php 31 Oct 2005 03:18:41 -0000 1.5 --- search.php 8 Jun 2006 19:24:56 -0000 1.6 *************** *** 154,157 **** --- 154,158 ---- // Search ID Limiter, decrease this value if you experience further timeout problems with searching forums $limiter = 5000; + $current_time = time(); // *************** *** 160,163 **** --- 161,184 ---- if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' ) { + // + // Flood control + // + $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id']; + + $sql = 'SELECT MAX(sr.search_time) AS last_search_time + FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se + WHERE sr.session_id = se.session_id + AND $where_sql"; + if ($result = $db->sql_query($sql)) + { + if ($row = $db->sql_fetchrow($result)) + { + if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval'])) + { + message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']); + } + } + } + if ( $search_id == 'newposts' || $search_id == 'egosearch' || ( $search_author != '' && $search_keywords == '' ) ) { *************** *** 198,207 **** else { ! if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } - - $search_author = str_replace('*', '%', trim($search_author)); $sql = "SELECT user_id --- 219,228 ---- else { ! $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) ) { $search_author = ''; } $sql = "SELECT user_id *************** *** 271,275 **** for($i = 0; $i < count($split_search); $i++) { ! if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i])))) { $split_search[$i] = ''; --- 292,296 ---- for($i = 0; $i < count($split_search); $i++) { ! if ( strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $board_config['search_min_chars'] ) { $split_search[$i] = ''; *************** *** 420,429 **** if ( $search_author != '' ) { ! if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } - - $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author))); } --- 441,450 ---- if ( $search_author != '' ) { ! $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) ) { $search_author = ''; } } *************** *** 628,654 **** } // ! // Finish building query (for all combinations) ! // and run it ... ! // ! $sql = "SELECT session_id ! FROM " . SESSIONS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! $delete_search_ids = array(); ! while( $row = $db->sql_fetchrow($result) ) ! { ! $delete_search_ids[] = "'" . $row['session_id'] . "'"; ! } ! ! if ( count($delete_search_ids) ) ! { ! $sql = "DELETE FROM " . SEARCH_TABLE . " ! WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")"; ! if ( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); ! } ! } } --- 649,659 ---- } + // Delete old data from the search result table // ! $sql = 'DELETE FROM ' . SEARCH_TABLE . ' ! WHERE search_time < ' . ($current_time - (int) $board_config['session_length']); ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); } *************** *** 691,704 **** $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql); ! } } } --- 696,705 ---- $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')"; } } Index: index.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/index.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** index.php 31 Oct 2005 03:18:41 -0000 1.3 --- index.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 120,124 **** $category_rows = array(); ! while( $category_rows[] = $db->sql_fetchrow($result) ); $db->sql_freeresult($result); --- 120,127 ---- $category_rows = array(); ! while ($row = $db->sql_fetchrow($result)) ! { ! $category_rows[] = $row; ! } $db->sql_freeresult($result); *************** *** 299,302 **** --- 302,317 ---- ); + // Let's decide which categories we should display + // + $display_categories = array(); + + for ($i = 0; $i < $total_forums; $i++ ) + { + if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view']) + { + $display_categories[$forum_data[$i]['cat_id']] = true; + } + } + // // Okay, let's build the index *************** *** 307,326 **** // - // Should we display this category/forum set? - // - $display_forums = false; - for($j = 0; $j < $total_forums; $j++) - { - if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id ) - { - $display_forums = true; - } - } - - // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if ( $display_forums ) { $template->assign_block_vars('catrow', array( --- 322,329 ---- // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if (isset($display_categories[$cat_id]) && $display_categories[$cat_id]) { $template->assign_block_vars('catrow', array( Index: viewtopic.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/viewtopic.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** viewtopic.php 31 Oct 2005 03:18:41 -0000 1.12 --- viewtopic.php 8 Jun 2006 19:24:56 -0000 1.13 *************** *** 1104,1110 **** if ($highlight_match) { ! // This was shamelessly 'borrowed' from volker at multiartstudio dot de ! // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1)); } --- 1104,1109 ---- if ($highlight_match) { ! // This has been back-ported from 3.0 CVS ! $message = preg_replace('#(?!<.*)(?<!\w)(' . $highlight_match . ')(?!\w|[^<>]*>)#i', '<b style="color:#' . $theme['fontcolor3'] . '">\1</b>', $message); } Index: posting.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/posting.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** posting.php 31 Oct 2005 03:18:41 -0000 1.3 --- posting.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 630,634 **** else if ( !empty($option_text) ) { ! $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text))); } } --- 630,634 ---- else if ( !empty($option_text) ) { ! $poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text))); } } Index: config.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/config.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** config.php 20 Nov 2004 01:55:27 -0000 1.3 --- config.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 0 **** --- 1,18 ---- + <?php + + + // phpBB 2.x auto-generated config file + // Do not change anything in this file! + + $dbms = 'mysqli'; + + $dbhost = 'localhost'; + $dbname = 'php5mod'; + $dbuser = 'root'; + $dbpasswd = ''; + + $table_prefix = 'phpbb_'; + + define('PHPBB_INSTALLED', true); + + ?> \ No newline at end of file Index: memberlist.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/memberlist.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** memberlist.php 31 Oct 2005 03:18:41 -0000 1.3 --- memberlist.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 229,234 **** $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>'; ! $search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>'; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; --- 229,234 ---- $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>'; ! $search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>'; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; Index: profile.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/profile.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** profile.php 20 Nov 2004 01:01:10 -0000 1.3 --- profile.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 61,76 **** function gen_rand_string($hash) { ! $chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); ! ! $max_chars = count($chars) - 1; ! srand( (double) microtime()*1000000); ! ! $rand_str = ''; ! for($i = 0; $i < 8; $i++) ! { ! $rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)]; ! } ! return ( $hash ) ? md5($rand_str) : $rand_str; } // --- 61,67 ---- function gen_rand_string($hash) { ! $rand_str = dss_rand(); ! return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8); } // Index: privmsg.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/privmsg.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** privmsg.php 31 Dec 2005 01:35:25 -0000 1.8 --- privmsg.php 8 Jun 2006 19:24:56 -0000 1.9 *************** *** 1188,1192 **** } ! $privmsg_subject = trim(strip_tags($_POST['subject'])); if ( empty($privmsg_subject) ) { --- 1188,1192 ---- } ! $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); if ( empty($privmsg_subject) ) { *************** *** 1291,1295 **** if ( !($result = $db->sql_query($sql_info, BEGIN_TRANSACTION)) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info); } --- 1291,1295 ---- if ( !($result = $db->sql_query($sql_info, BEGIN_TRANSACTION)) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql); } *************** *** 1374,1378 **** // $to_username = ( isset($_POST['username']) ) ? phpbb_clean_username($_POST['username']) : ''; ! $privmsg_subject = ( isset($_POST['subject']) ) ? trim(strip_tags(stripslashes($_POST['subject']))) : ''; $privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : ''; $privmsg_message = preg_replace('#<textarea>#si', '<textarea>', $privmsg_message); --- 1374,1378 ---- // $to_username = ( isset($_POST['username']) ) ? phpbb_clean_username($_POST['username']) : ''; ! $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : ''; $privmsg_message = preg_replace('#<textarea>#si', '<textarea>', $privmsg_message); *************** *** 1507,1512 **** } ! $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject']; $to_username = $privmsg['username']; $to_userid = $privmsg['user_id']; --- 1507,1515 ---- } ! $orig_word = $replacement_word = array(); ! obtain_word_list($orig_word, $replacement_word); + $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject']; + $privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject); $to_username = $privmsg['username']; $to_userid = $privmsg['user_id']; *************** *** 1520,1523 **** --- 1523,1527 ---- $privmsg_message = str_replace('<br />', "\n", $privmsg_message); $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); + $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); $msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); *************** *** 1741,1747 **** generate_smilies('inline', PAGE_PRIVMSGS); - $privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject); - $privmsg_subject = str_replace('"', '"', $privmsg_subject); - $template->assign_vars(array( 'SUBJECT' => $privmsg_subject, --- 1745,1748 ---- Index: modcp.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/modcp.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** modcp.php 31 Oct 2005 03:18:41 -0000 1.5 --- modcp.php 8 Jun 2006 19:24:56 -0000 1.6 *************** *** 232,235 **** --- 232,239 ---- if ( $confirm ) { + if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } include($phpbb_root_path . 'includes/functions_search.'.$phpEx); *************** *** 258,261 **** --- 262,270 ---- $db->sql_freeresult($result); + if ( $topic_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT poster_id, COUNT(post_id) AS posts FROM " . POSTS_TABLE . " *************** *** 738,741 **** --- 747,755 ---- $db->sql_freeresult($result); + if ($post_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . " *************** *** 987,991 **** $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post; $poster_id = $post_row['poster_id']; --- 1001,1005 ---- $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post; $poster_id = $post_row['poster_id']; *************** *** 1033,1037 **** $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; --- 1047,1051 ---- $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; Index: common.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/common.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** common.php 31 Dec 2005 01:35:25 -0000 1.8 --- common.php 8 Jun 2006 19:24:56 -0000 1.9 *************** *** 86,94 **** while (list($var,) = @each($input)) { ! if (!in_array($var, $not_unset)) ! { ! unset($$var); ! } ! } unset($input); --- 86,95 ---- while (list($var,) = @each($input)) { ! if (in_array($var, $not_unset)) ! { ! die('Hacking attempt!'); ! } ! unset($$var); ! } unset($input); *************** *** 175,178 **** --- 176,180 ---- $nav_links = array(); $gen_simple_header = FALSE; + $dss_seeded = false; include($phpbb_root_path . 'config.'.$phpEx); |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:04
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/admin Modified Files: admin_board.php admin_db_utilities.php admin_forums.php admin_groups.php admin_ranks.php admin_smilies.php admin_styles.php admin_users.php admin_words.php page_header_admin.php pagestart.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: admin_forums.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_forums.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_forums.php 8 May 2005 02:12:43 -0000 1.3 --- admin_forums.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 40,45 **** "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_ALL, ! "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, --- 40,45 ---- "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_REG, ! "auth_reply" => AUTH_REG, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, Index: admin_words.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_words.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_words.php 31 Dec 2005 01:35:25 -0000 1.3 --- admin_words.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 21,26 **** ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { --- 21,24 ---- *************** *** 30,33 **** --- 28,33 ---- } + define('IN_PHPBB', 1); + // // Load default header *************** *** 35,43 **** $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($_GET['mode']) || isset($_POST['mode']) ) { ! $mode = ($_GET['mode']) ? $_GET['mode'] : $_POST['mode']; $mode = htmlspecialchars($mode); } --- 35,52 ---- $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_words.$phpEx", true)); + } + if( isset($_GET['mode']) || isset($_POST['mode']) ) { ! $mode = (isset($_GET['mode'])) ? $_GET['mode'] : $_POST['mode']; $mode = htmlspecialchars($mode); } *************** *** 61,64 **** --- 70,76 ---- } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; + if( $mode != "" ) { *************** *** 67,70 **** --- 79,84 ---- $word_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0; + $word_info = array('word' => '', 'replacement' => ''); + $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") *************** *** 124,128 **** } ! if( $word_id ) { $sql = "UPDATE " . WORDS_TABLE . " --- 138,144 ---- } ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $word_id && $confirm ) { $sql = "UPDATE " . WORDS_TABLE . " *************** *** 147,150 **** --- 163,186 ---- message_die(GENERAL_MESSAGE, $message); } + elseif( $word_id && !$confirm) + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); + + $hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />'; + + $template->assign_vars(array( + 'MESSAGE_TITLE' => $lang['Confirm'], + 'MESSAGE_TEXT' => $lang['Confirm_delete_word'], + + 'L_YES' => $lang['Yes'], + 'L_NO' => $lang['No'], + + 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"), + 'S_HIDDEN_FIELDS' => $hidden_fields) + ); + } else if( $mode == "delete" ) { *************** *** 194,197 **** --- 230,234 ---- $word_rows = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); $word_count = count($word_rows); Index: admin_db_utilities.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_db_utilities.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** admin_db_utilities.php 31 Dec 2005 01:35:25 -0000 1.4 --- admin_db_utilities.php 8 Jun 2006 19:24:56 -0000 1.5 *************** *** 500,506 **** while($row = $db->sql_fetchrow($result)) { ! unset($schema_vals); ! unset($schema_fields); ! unset($schema_insert); // // Build the SQL statement to recreate the data. --- 500,506 ---- while($row = $db->sql_fetchrow($result)) { ! $schema_vals = ''; ! $schema_fields = ''; ! $schema_insert = ''; // // Build the SQL statement to recreate the data. *************** *** 517,521 **** elseif (eregi("date|timestamp", $aryType[$i])) { ! if ($empty($strVal)) { $strQuote = ""; --- 517,521 ---- elseif (eregi("date|timestamp", $aryType[$i])) { ! if (empty($strVal)) { $strQuote = ""; Index: admin_styles.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_styles.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** admin_styles.php 31 Dec 2005 01:35:25 -0000 1.5 --- admin_styles.php 8 Jun 2006 19:24:56 -0000 1.6 *************** *** 837,841 **** // $template->set_filenames(array( ! "confirm" => "confirm_body.tpl") ); --- 837,841 ---- // $template->set_filenames(array( ! "confirm" => "admin/confirm_body.tpl") ); Index: admin_users.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_users.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** admin_users.php 31 Dec 2005 01:35:25 -0000 1.5 --- admin_users.php 8 Jun 2006 19:24:56 -0000 1.6 *************** *** 262,269 **** $allowsmilies = ( isset( $_POST['allowsmilies']) ) ? intval( $_POST['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( $_POST['style'] ) ? intval( $_POST['style'] ) : $board_config['default_style']; ! $user_lang = ( $_POST['language'] ) ? $_POST['language'] : $board_config['default_lang']; ! $user_timezone = ( isset( $_POST['timezone']) ) ? doubleval( $_POST['timezone'] ) : $board_config['board_timezone']; ! $user_template = ( $_POST['template'] ) ? $_POST['template'] : $board_config['board_template']; $user_dateformat = ( $_POST['dateformat'] ) ? trim( $_POST['dateformat'] ) : $board_config['default_dateformat']; --- 262,268 ---- $allowsmilies = ( isset( $_POST['allowsmilies']) ) ? intval( $_POST['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; ! $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; ! $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; $user_dateformat = ( $_POST['dateformat'] ) ? trim( $_POST['dateformat'] ) : $board_config['default_dateformat']; *************** *** 698,712 **** } $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail']; ! } ! $message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); } else --- 697,717 ---- } + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } + $message .= $lang['Admin_user_updated']; } else { ! message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql); ! $message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); ! } } else Index: page_header_admin.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/page_header_admin.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** page_header_admin.php 8 May 2005 02:12:43 -0000 1.4 --- page_header_admin.php 8 Jun 2006 19:24:56 -0000 1.5 *************** *** 133,138 **** ); $template->pparse('header'); ! ?> --- 133,151 ---- ); + // Work around for "current" Apache 2 + PHP module which seems to not + // cope with private cache control setting + if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) + { + header ('Cache-Control: no-cache, pre-check=0, post-check=0'); + } + else + { + header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); + } + header ('Expires: 0'); + header ('Pragma: no-cache'); + $template->pparse('header'); ! ?> \ No newline at end of file Index: admin_groups.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_groups.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** admin_groups.php 30 Jul 2004 02:12:37 -0000 1.2 --- admin_groups.php 8 Jun 2006 19:24:56 -0000 1.3 *************** *** 105,123 **** // Ok, now we know everything about them, let's show the page. // ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id <> " . ANONYMOUS . " ! ORDER BY username"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! if ( $row['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $row['username']; } } --- 105,128 ---- // Ok, now we know everything about them, let's show the page. // ! if ($group_info['group_moderator'] != '') { ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id = " . $group_info['group_moderator']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } + + $group_moderator = $row['username']; + } + else + { + $group_moderator = ''; } *************** *** 251,255 **** { $group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN; ! $group_name = isset($_POST['group_name']) ? trim($_POST['group_name']) : ''; $group_description = isset($_POST['group_description']) ? trim($_POST['group_description']) : ''; $group_moderator = isset($_POST['username']) ? $_POST['username'] : ''; --- 256,260 ---- { $group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN; ! $group_name = isset($_POST['group_name']) ? htmlspecialchars(trim($_POST['group_name'])) : ''; $group_description = isset($_POST['group_description']) ? trim($_POST['group_description']) : ''; $group_moderator = isset($_POST['username']) ? $_POST['username'] : ''; Index: admin_smilies.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_smilies.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** admin_smilies.php 31 Oct 2005 03:18:40 -0000 1.4 --- admin_smilies.php 8 Jun 2006 19:24:56 -0000 1.5 *************** *** 24,29 **** **************************************************************************/ - define('IN_PHPBB', 1); - // // First we do the setmodules stuff for the admin cp. --- 24,27 ---- *************** *** 37,40 **** --- 35,40 ---- } + define('IN_PHPBB', 1); + // // Load default header *************** *** 50,55 **** --- 50,64 ---- $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_smilies.$phpEx", true)); + } + // // Check to see what mode we should operate in. *************** *** 317,331 **** $smiley_id = intval($smiley_id); ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } ! $message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>"); ! message_die(GENERAL_MESSAGE, $message); break; --- 326,366 ---- $smiley_id = intval($smiley_id); ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $confirm ) { ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) ! { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); ! } ! ! $message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>"); ! ! message_die(GENERAL_MESSAGE, $message); } + else + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); ! $hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />'; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'], ! ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ! ); ! $template->pparse('body'); ! } break; *************** *** 403,411 **** // accept the data we are looking for. // ! $smile_code = ( isset($_POST['smile_code']) ) ? trim($_POST['smile_code']) : trim($_GET['smile_code']); ! $smile_url = ( isset($_POST['smile_url']) ) ? trim($_POST['smile_url']) : trim($_GET['smile_url']); ! $smile_url = ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($_POST['smile_emotion']) ) ? trim($_POST['smile_emotion']) : trim($_GET['smile_emotion']); ! $smile_id = ( isset($_POST['smile_id']) ) ? intval($_POST['smile_id']) : intval($_GET['smile_id']); // If no code was entered complain ... --- 438,448 ---- // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... *************** *** 446,456 **** // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($_POST['smile_code']) ) ? $_POST['smile_code'] : $_GET['smile_code']; ! $smile_url = ( isset($_POST['smile_url']) ) ? $_POST['smile_url'] : $_GET['smile_url']; ! $smile_url = ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($_POST['smile_emotion']) ) ? $_POST['smile_emotion'] : $_GET['smile_emotion']; $smile_code = trim($smile_code); $smile_url = trim($smile_url); - $smile_emotion = trim($smile_emotion); // If no code was entered complain ... --- 483,492 ---- // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; $smile_code = trim($smile_code); $smile_url = trim($smile_url); // If no code was entered complain ... Index: pagestart.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/pagestart.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** pagestart.php 27 Jun 2005 20:16:37 -0000 1.4 --- pagestart.php 8 Jun 2006 19:24:56 -0000 1.5 *************** *** 50,60 **** if ($_GET['sid'] != $userdata['session_id']) { - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $_SERVER['REQUEST_URI']); - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); - $url = str_replace('//', '/', $url); - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; - redirect("index.$phpEx?sid=" . $userdata['session_id']); } --- 50,53 ---- Index: admin_ranks.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_ranks.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_ranks.php 31 Dec 2005 01:35:25 -0000 1.3 --- admin_ranks.php 8 Jun 2006 19:24:56 -0000 1.4 *************** *** 20,25 **** ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { --- 20,23 ---- *************** *** 29,32 **** --- 27,32 ---- } + define('IN_PHPBB', 1); + // // Let's set the root dir for phpBB *************** *** 34,42 **** $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($_GET['mode']) || isset($_POST['mode']) ) { ! $mode = ($_GET['mode']) ? $_GET['mode'] : $_POST['mode']; $mode = htmlspecialchars($mode); } --- 34,50 ---- $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_ranks.$phpEx", true)); + } + if( isset($_GET['mode']) || isset($_POST['mode']) ) { ! $mode = (isset($_GET['mode'])) ? $_GET['mode'] : $_POST['mode']; $mode = htmlspecialchars($mode); } *************** *** 60,63 **** --- 68,73 ---- } + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; + if( $mode != "" ) *************** *** 214,219 **** $rank_id = 0; } ! if( $rank_id ) { $sql = "DELETE FROM " . RANKS_TABLE . " --- 224,231 ---- $rank_id = 0; } + + $confirm = isset($HTTP_POST_VARS['confirm']); ! if( $rank_id && $confirm ) { $sql = "DELETE FROM " . RANKS_TABLE . " *************** *** 239,371 **** } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); ! } ! } ! else ! { ! // ! // They didn't feel like giving us any information. Oh, too bad, we'll just display the ! // list then... ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min, rank_title"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! ! $rank_rows = $db->sql_fetchrowset($result); ! $rank_count = count($rank_rows); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Special_rank'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for( $i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if($special_rank) ! { ! $rank_min = $rank_max = "-"; ! } ! ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "RANK_MIN" => $rank_min, ! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'], ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } } } ! else { ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! for($i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! ! if( $special_rank == 1 ) ! { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); ! } } --- 251,343 ---- } ! elseif( $rank_id && !$confirm) { ! // Present the confirmation screen to the user ! $template->set_filenames(array( ! 'body' => 'admin/confirm_body.tpl') ! ); ! $hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />'; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'], ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ); } + else + { + message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); + } } + + $template->pparse("body"); + + include('./page_footer_admin.'.$phpEx); } ! ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for($i = 0; $i < $rank_count; $i++) ! { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if( $special_rank == 1 ) { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); } Index: admin_board.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_board.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** admin_board.php 31 Dec 2005 01:35:25 -0000 1.5 --- admin_board.php 8 Jun 2006 19:24:56 -0000 1.6 *************** *** 50,54 **** if ($config_name == 'cookie_name') { ! $cookie_name = str_replace('.', '_', $new['cookie_name']); } --- 50,61 ---- if ($config_name == 'cookie_name') { ! $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']); ! } ! ! // Attempt to prevent a common mistake with this value, ! // http:// is the protocol and not part of the server name ! if ($config_name == 'server_name') ! { ! $new['server_name'] = str_replace('http://', '', $new['server_name']); } *************** *** 192,195 **** --- 199,204 ---- "L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'], "L_FLOOD_INTERVAL" => $lang['Flood_Interval'], + "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'], + "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'], 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'], *************** *** 276,279 **** --- 285,289 ---- "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], + "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:04
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/templates/subSilver Modified Files: confirm_body.tpl Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: confirm_body.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/confirm_body.tpl,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** confirm_body.tpl 29 Jul 2004 22:36:22 -0000 1.1 --- confirm_body.tpl 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 8,12 **** <table class="forumline" width="100%" cellspacing="1" cellpadding="3" border="0"> <tr> ! <th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th> </tr> <tr> --- 8,12 ---- <table class="forumline" width="100%" cellspacing="1" cellpadding="3" border="0"> <tr> ! <th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th> </tr> <tr> |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:03
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/includes Modified Files: auth.php bbcode.php functions.php functions_post.php prune.php sessions.php usercp_avatar.php usercp_confirm.php usercp_register.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: functions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** functions.php 31 Dec 2005 01:35:25 -0000 1.6 --- functions.php 8 Jun 2006 19:24:57 -0000 1.7 *************** *** 113,116 **** --- 113,148 ---- } + /** + * Our own generator of random values + * This uses a constantly changing value as the base for generating the values + * The board wide setting is updated once per page if this code is called + * With thanks to Anthrax101 for the inspiration on this one + * Added in phpBB 2.0.20 + */ + function dss_rand() + { + global $db, $board_config, $dss_seeded; + + $val = $board_config['rand_seed'] . microtime(); + $val = md5($val); + $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); + + if($dss_seeded !== true) + { + $sql = "UPDATE " . CONFIG_TABLE . " SET + config_value = '" . $board_config['rand_seed'] . "' + WHERE config_name = 'rand_seed'"; + + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); + } + + $dss_seeded = true; + } + + return substr($val, 4, 16); + } + function make_jumpbox($action, $match_forum_id = 0) { *************** *** 224,228 **** { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path; global $nav_links; --- 256,260 ---- { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path, $db; global $nav_links; *************** *** 231,235 **** if ( !empty($userdata['user_lang'])) { ! $board_config['default_lang'] = $userdata['user_lang']; } --- 263,267 ---- if ( !empty($userdata['user_lang'])) { ! $default_lang = ltrim(basename(rtrim($userdata['user_lang'])), "'"); } *************** *** 244,252 **** } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { ! $board_config['default_lang'] = 'english'; } include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); --- 276,335 ---- } } + else + { + $default_lang = ltrim(basename(rtrim($board_config['default_lang'])), "'"); + } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) { ! if ( $userdata['user_id'] != ANONYMOUS ) ! { ! // For logged in users, try the board default language next ! $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); ! } ! else ! { ! // For guests it means the default language is not present, try english ! // This is a long shot since it means serious errors in the setup to reach here, ! // but english is part of a new install so it's worth us trying ! $default_lang = 'english'; ! } ! ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not locate valid language pack'); ! } ! } ! ! // If we've had to change the value in any way then let's write it back to the database ! // before we go any further since it means there is something wrong with it ! if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang ) ! { ! $sql = 'UPDATE ' . USERS_TABLE . " ! SET user_lang = '" . $default_lang . "' ! WHERE user_lang = '" . $userdata['user_lang'] . "'"; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user language info'); ! } ! ! $board_config['default_lang'] = $default_lang; ! $userdata['user_lang'] = $default_lang; } + elseif ( $board_config['default_lang'] !== $default_lang ) + { + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $default_lang . "' + WHERE config_name = 'default_lang'"; + + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Could not update user language info'); + } + + $board_config['default_lang'] = $default_lang; + } + include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); *************** *** 308,314 **** global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = "SELECT * ! FROM " . THEMES_TABLE . " ! WHERE themes_id = $style"; if ( !($result = $db->sql_query($sql)) ) { --- 391,397 ---- global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $style; if ( !($result = $db->sql_query($sql)) ) { *************** *** 318,322 **** if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } --- 401,438 ---- if ( !($row = $db->sql_fetchrow($result)) ) { ! // We are trying to setup a style which does not exist in the database ! // Try to fallback to the board default (if the user had a custom style) ! // and then any users using this style to the default if it succeeds ! if ( $style != $board_config['default_style']) ! { ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $board_config['default_style']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not query database for theme info'); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! $db->sql_freeresult($result); ! ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_style = ' . (int) $board_config['default_style'] . " ! WHERE user_style = $style"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user theme info'); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } } *************** *** 580,584 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file); } } --- 696,700 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file); } } *************** *** 607,615 **** } ! if ( empty($template) ) ! { ! $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); ! } ! if ( empty($theme) ) { $theme = setup_style($board_config['default_style']); --- 723,727 ---- } ! if ( empty($template) || empty($theme) ) { $theme = setup_style($board_config['default_style']); Index: auth.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/auth.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** auth.php 29 Jul 2004 22:36:19 -0000 1.1 --- auth.php 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 236,239 **** --- 236,242 ---- $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); + + switch( $value ) { *************** *** 283,286 **** --- 286,290 ---- { $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; Index: usercp_register.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_register.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** usercp_register.php 31 Dec 2005 01:35:25 -0000 1.9 --- usercp_register.php 8 Jun 2006 19:24:57 -0000 1.10 *************** *** 131,135 **** } ! $signature = str_replace('<br />', "\n", $signature); // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to --- 131,136 ---- } ! $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : ''; ! $signature_bbcode_uid = ''; // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to *************** *** 294,303 **** if ($row = $db->sql_fetchrow($result)) { - // Only compare one char if the zlib-extension is not loaded - if (!@extension_loaded('zlib')) - { - $row['code'] = substr($row['code'], -1); - } - if ($row['code'] != $confirm_code) { --- 295,298 ---- *************** *** 526,529 **** --- 521,531 ---- } + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } + if ( !$user_active ) { *************** *** 767,770 **** --- 769,773 ---- $new_password = ''; $password_confirm = ''; + $cur_password = ''; $icq = stripslashes($icq); *************** *** 791,794 **** --- 794,798 ---- $new_password = ''; $password_confirm = ''; + $cur_password = ''; $icq = $userdata['user_icq']; *************** *** 979,993 **** $db->sql_freeresult($result); ! $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); ! ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! ! $max_chars = count($confirm_chars) - 1; ! $code = ''; ! for ($i = 0; $i < 6; $i++) ! { ! $code .= $confirm_chars[mt_rand(0, $max_chars)]; ! } $confirm_id = md5(uniqid($user_ip)); --- 983,990 ---- $db->sql_freeresult($result); ! // Generate the required confirmation code ! // NB 0 (zero) could get confused with O (the letter) so we make change it ! $code = dss_rand(); ! $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6); $confirm_id = md5(uniqid($user_ip)); *************** *** 1002,1006 **** unset($code); ! $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; --- 999,1003 ---- unset($code); ! $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; *************** *** 1017,1025 **** $template->assign_vars(array( ! 'USERNAME' => $username, ! 'CUR_PASSWORD' => $cur_password, ! 'NEW_PASSWORD' => $new_password, ! 'PASSWORD_CONFIRM' => $password_confirm, ! 'EMAIL' => $email, 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, --- 1014,1022 ---- $template->assign_vars(array( ! 'USERNAME' => isset($username) ? $username : '', ! 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '', ! 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', ! 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', ! 'EMAIL' => isset($email) ? $email : '', 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, Index: prune.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/prune.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** prune.php 29 Jul 2004 22:36:20 -0000 1.1 --- prune.php 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 32,35 **** --- 32,50 ---- global $db, $lang; + // Before pruning, lets try to clean up the invalid topic entries + $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' + WHERE topic_last_post_id = 0'; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql); + } + + while( $row = $db->sql_fetchrow($result) ) + { + sync('topic', $row['topic_id']); + } + + $db->sql_freeresult($result); + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // *************** *** 40,45 **** WHERE t.forum_id = $forum_id $prune_all ! AND ( p.post_id = t.topic_last_post_id ! OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) { --- 55,59 ---- WHERE t.forum_id = $forum_id $prune_all ! AND p.post_id = t.topic_last_post_id"; if ( $prune_date != '' ) { Index: functions_post.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions_post.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** functions_post.php 31 Dec 2005 01:35:25 -0000 1.4 --- functions_post.php 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 47,101 **** if ($html_on) { ! $allowed_html_tags = split(',', $board_config['allow_html_tags']); ! ! $end_html = 0; ! $start_html = 1; ! $tmp_message = ''; ! $message = ' ' . $message . ' '; ! ! while ($start_html = strpos($message, '<', $start_html)) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! ! if ($end_html = strpos($message, '>', $start_html)) ! { ! $length = $end_html - $start_html + 1; ! $hold_string = substr($message, $start_html, $length); ! ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); ! $hold_string = substr($hold_string, $unclosed_open - 1); ! } ! ! $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) ! { ! $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) ! { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; ! } ! } ! ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; ! $start_html += $length; ! } ! else ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); ! $start_html = strlen($message); ! $end_html = $start_html; ! } ! } ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else --- 47,70 ---- if ($html_on) { ! // If HTML is on, we try to make it safe ! // This approach is quite agressive and anything that does not look like a valid tag ! // is going to get converted to HTML entities ! $message = stripslashes($message); ! $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; ! $matches = array(); ! $message_split = preg_split($html_match, $message); ! preg_match_all($html_match, $message, $matches); ! $message = ''; ! foreach ($message_split as $part) { ! $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); ! $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); } ! $message = addslashes($message); ! $message = str_replace('"', '\"', $message); } else *************** *** 188,192 **** if (!empty($option_text)) { ! $temp_option_text[$option_id] = htmlspecialchars($option_text); } } --- 157,161 ---- if (!empty($option_text)) { ! $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } *************** *** 214,218 **** // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, $post_data, &$message, &$meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, $poll_options, $poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; --- 183,187 ---- // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, $post_data, &$message, &$meta, $forum_id, &$topic_id, &$post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, $poll_options, $poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; *************** *** 445,454 **** } ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 414,426 ---- } ! if ($mode != 'poll_delete') { ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); ! } } *************** *** 851,853 **** --- 823,888 ---- } + /** + * Called from within prepare_message to clean included HTML tags if HTML is + * turned on for that post + * @param array $tag Matching text from the message to parse + */ + function clean_html($tag) + { + global $board_config; + + if (empty($tag[0])) + { + return ''; + } + + $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); + $disallowed_attributes = '/^(?:style|on)/i'; + + // Check if this is an end tag + preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); + if (sizeof($matches)) + { + if (in_array(strtolower($matches[1]), $allowed_html_tags)) + { + return '</' . $matches[1] . '>'; + } + else + { + return htmlspecialchars('</' . $matches[1] . '>'); + } + } + + // Check if this is an allowed tag + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + $attributes = ''; + if (!empty($tag[2])) + { + preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); + for ($i = 0; $i < sizeof($test[0]); $i++) + { + if (preg_match($disallowed_attributes, $test[1][$i])) + { + continue; + } + $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; + } + } + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + return '<' . $tag[1] . $attributes . '>'; + } + else + { + return htmlspecialchars('<' . $tag[1] . $attributes . '>'); + } + } + // Finally, this is not an allowed tag so strip all the attibutes and escape it + else + { + return htmlspecialchars('<' . $tag[1] . '>'); + } + } + ?> \ No newline at end of file Index: usercp_avatar.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_avatar.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** usercp_avatar.php 31 Dec 2005 01:35:25 -0000 1.7 --- usercp_avatar.php 8 Jun 2006 19:24:57 -0000 1.8 *************** *** 97,100 **** --- 97,101 ---- global $lang; + if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { *************** *** 102,105 **** --- 103,108 ---- } + $avatar_filename = substr($avatar_filename, 0, 100); + if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { *************** *** 122,126 **** $type = ''; ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) --- 125,129 ---- $type = ''; ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) Index: sessions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/sessions.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** sessions.php 31 Oct 2005 03:18:41 -0000 1.9 --- sessions.php 8 Jun 2006 19:24:57 -0000 1.10 *************** *** 178,184 **** if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " --- 178,182 ---- if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(dss_rand()); $sql = "INSERT INTO " . SESSIONS_TABLE . " *************** *** 212,218 **** if ($enable_autologin) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); ! $auto_login_key = uniqid(mt_rand(), true); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') --- 210,214 ---- if ($enable_autologin) { ! $auto_login_key = dss_rand() . dss_rand(); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') *************** *** 370,373 **** --- 366,375 ---- } + // Add the session_key to the userdata array if it is set + if ( isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '' ) + { + $userdata['session_key'] = $sessiondata['autologinid']; + } + return $userdata; } *************** *** 494,497 **** --- 496,558 ---- } + /** + * Reset all login keys for the specified user + * Called on password changes + */ + function session_reset_keys($user_id, $user_ip) + { + global $db, $userdata, $board_config; + + $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; + + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + $key_sql"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); + } + + $where_sql = 'session_user_id = ' . (int) $user_id; + $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE $where_sql"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); + } + + if ( !empty($key_sql) ) + { + $auto_login_key = dss_rand() . dss_rand(); + + $current_time = time(); + + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " + SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time + WHERE key_id = '" . md5($userdata['session_key']) . "'"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); + } + + // And now rebuild the cookie + $sessiondata['userid'] = $user_id; + $sessiondata['autologinid'] = $auto_login_key; + $cookiename = $board_config['cookie_name']; + $cookiepath = $board_config['cookie_path']; + $cookiedomain = $board_config['cookie_domain']; + $cookiesecure = $board_config['cookie_secure']; + + setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); + + $userdata['session_key'] = $auto_login_key; + unset($sessiondata); + unset($auto_login_key); + } + } + // Index: usercp_confirm.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_confirm.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** usercp_confirm.php 31 Dec 2005 01:35:25 -0000 1.4 --- usercp_confirm.php 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 67,170 **** } ! // If we can we will generate a single filtered png else we will have to simply ! // output six seperate original pngs ... first way is preferable! ! if (@extension_loaded('zlib')) ! { ! $_png = define_filtered_pngs(); ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) { ! $image .= chr(0); ! if ($i > $offset_y && $i < $offset_y + $img_height) { ! $j = 0; ! ! for ($k = 0; $k < $offset_x; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } ! ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) ! { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); ! } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; ! } ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } ! ! $l++; } ! else { ! for ($k = 0; $k < $total_width; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } } } - unset($hold); - - $image = create_png(gzcompress($image), $total_width, $total_height); - - // Output image - header('Content-Type: image/png'); - header('Cache-control: no-cache, no-store'); - echo $image; - - unset($image); - unset($_png); - exit; } ! else ! { ! $_png = define_raw_pngs(); ! $char = substr($code, -1); ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo base64_decode($_png[$char]); ! unset($_png); ! exit; ! } exit; // This is designed to randomise the pixels of the image data within // certain limits so as to keep it readable. It also varies the image --- 67,153 ---- } ! // We can we will generate a single filtered png ! // Thanks to DavidMJ for emulating zlib within the code :) ! $_png = define_filtered_pngs(); ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) ! { ! $image .= chr(0); ! ! if ($i > $offset_y && $i < $offset_y + $img_height) { ! $j = 0; ! for ($k = 0; $k < $offset_x; $k++) { ! $image .= chr(mt_rand(140, 255)); ! } ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; } ! ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } } } ! unset($hold); ! $image = create_png($image, $total_width, $total_height); ! // Output image ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo $image; + unset($image); + unset($_png); exit; + // This is designed to randomise the pixels of the image data within // certain limits so as to keep it readable. It also varies the image *************** *** 213,217 **** // png because it's a fully recognised open standard and supported // by practically all modern browsers and OSs ! function create_png($gzimage, $width, $height) { // SIG --- 196,200 ---- // png because it's a fully recognised open standard and supported // by practically all modern browsers and OSs ! function create_png($raw_image, $width, $height) { // SIG *************** *** 222,227 **** $raw .= pack('C5', 8, 0, 0, 0, 0); $image .= png_chunk(13, 'IHDR', $raw); // IDAT ! $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); // IEND $image .= png_chunk(0, 'IEND', ''); --- 205,255 ---- $raw .= pack('C5', 8, 0, 0, 0, 0); $image .= png_chunk(13, 'IHDR', $raw); + if (@extension_loaded('zlib')) + { + $raw_image = gzcompress($raw_image); + $length = strlen($raw_image); + } + else + { + // The total length of this image, uncompressed, is just a calculation of pixels + $length = ($width + 1) * $height; + + // Adler-32 hash generation + // Optimized Adler-32 loop ported from the GNU Classpath project + $temp_length = $length; + $s1 = 1; + $s2 = $index = 0; + + while ($temp_length > 0) + { + // We can defer the modulo operation: + // s1 maximally grows from 65521 to 65521 + 255 * 3800 + // s2 maximally grows by 3800 * median(s1) = 2090079800 < 2^31 + $substract_value = ($temp_length < 3800) ? $temp_length : 3800; + $temp_length -= $substract_value; + + while (--$substract_value >= 0) + { + $s1 += ord($raw_image[$index]); + $s2 += $s1; + + $index++; + } + + $s1 %= 65521; + $s2 %= 65521; + } + $adler_hash = pack('N', ($s2 << 16) | $s1); + + // This is the same thing as gzcompress($raw_image, 0) but does not need zlib + $raw_image = pack('C3v2', 0x78, 0x01, 0x01, $length, ~$length) . $raw_image . $adler_hash; + + // The Zlib header + Adler hash make us add on 11 + $length += 11; + } + // IDAT ! $image .= png_chunk($length, 'IDAT', $raw_image); ! // IEND $image .= png_chunk(0, 'IEND', ''); Index: bbcode.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/bbcode.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** bbcode.php 31 Dec 2005 01:35:25 -0000 1.6 --- bbcode.php 8 Jun 2006 19:24:57 -0000 1.7 *************** *** 197,210 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. --- 197,209 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. *************** *** 236,240 **** // Unique ID for this message.. ! $uid = md5(mt_rand()); $uid = substr($uid, 0, BBCODE_UID_LEN); --- 235,239 ---- // Unique ID for this message.. ! $uid = dss_rand(); $uid = substr($uid, 0, BBCODE_UID_LEN); |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:02
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/db In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/db Modified Files: mssql.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: mssql.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/db/mssql.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** mssql.php 29 Jul 2004 22:36:00 -0000 1.1 --- mssql.php 8 Jun 2006 19:24:56 -0000 1.2 *************** *** 290,294 **** while( list($key, $value) = @each($row) ) { ! $row[$key] = stripslashes($value); } @reset($row); --- 290,294 ---- while( list($key, $value) = @each($row) ) { ! $row[$key] = ($value === ' ') ? '' : stripslashes($value); } @reset($row); *************** *** 318,322 **** while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = stripslashes($value); } $i++; --- 318,322 ---- while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value); } $i++; *************** *** 357,361 **** { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = stripslashes($this->row[$query_id][$field]); } } --- 357,361 ---- { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]); } } |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:02
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/email In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/language/lang_english/email Modified Files: group_request.tpl user_activate_passwd.tpl Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: group_request.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/email/group_request.tpl,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** group_request.tpl 29 Jul 2004 22:36:21 -0000 1.1 --- group_request.tpl 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 4,8 **** Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderator on {SITENAME}. To approve or deny this request for group membership please visit the following link: --- 4,8 ---- Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderate on {SITENAME}. To approve or deny this request for group membership please visit the following link: Index: user_activate_passwd.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/email/user_activate_passwd.tpl,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** user_activate_passwd.tpl 29 Jul 2004 22:36:21 -0000 1.1 --- user_activate_passwd.tpl 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 10,14 **** {U_ACTIVATE} ! If sucessful you will be able to login using the following password: Password: {PASSWORD} --- 10,14 ---- {U_ACTIVATE} ! If successful you will be able to login using the following password: Password: {PASSWORD} |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:02
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/language/lang_english Modified Files: lang_admin.php lang_main.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: lang_main.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/lang_main.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** lang_main.php 31 Dec 2005 01:35:25 -0000 1.4 --- lang_main.php 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 781,784 **** --- 781,786 ---- $lang['All_available'] = 'All available'; $lang['No_searchable_forums'] = 'You do not have permissions to search any forum on this site.'; + $lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.'; + $lang['No_search_match'] = 'No topics or posts met your search criteria'; Index: lang_admin.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/lang_admin.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** lang_admin.php 31 Dec 2005 01:35:25 -0000 1.5 --- lang_admin.php 8 Jun 2006 19:24:57 -0000 1.6 *************** *** 342,345 **** --- 342,349 ---- $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.'; + // Search Flood Control - added 2.0.20 + $lang['Search_Flood_Interval'] = 'Search Flood Interval'; + $lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; + // *************** *** 426,429 **** --- 430,434 ---- $lang['smiley_del_success'] = 'The Smiley was successfully removed'; $lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration'; + $lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?'; *************** *** 517,520 **** --- 522,526 ---- $lang['Word_added'] = 'The word censor has been successfully added'; $lang['Word_removed'] = 'The selected word censor has been successfully removed'; + $lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?'; $lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration'; *************** *** 558,561 **** --- 564,568 ---- $lang['Click_return_rankadmin'] = 'Click %sHere%s to return to Rank Administration'; + $lang['Confirm_delete_rank'] = 'Are you sure you want to delete this rank?'; |
|
From: Josh <jel...@us...> - 2006-06-08 19:25:01
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/templates/subSilver/admin Modified Files: board_config_body.tpl Added Files: confirm_body.tpl Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) --- NEW FILE: confirm_body.tpl --- <table class="forumline" width="100%" cellspacing="1" cellpadding="4" border="0"> <tr> <th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th> </tr> <tr> <td class="row1" align="center"><form action="{S_CONFIRM_ACTION}" method="post"><span class="gen"><br />{MESSAGE_TEXT}<br /><br />{S_HIDDEN_FIELDS}<input type="submit" name="confirm" value="{L_YES}" class="mainoption" /> <input type="submit" name="cancel" value="{L_NO}" class="liteoption" /></span></form></td> </tr> </table> <br clear="all" /> Index: board_config_body.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/admin/board_config_body.tpl,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** board_config_body.tpl 31 Dec 2005 01:35:25 -0000 1.4 --- board_config_body.tpl 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 57,60 **** --- 57,64 ---- </tr> <tr> + <td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td> + <td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td> + </tr> + <tr> <td class="row1">{L_MAX_LOGIN_ATTEMPTS}<br /><span class="gensmall">{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></td> <td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></td> |
|
From: Josh <jel...@us...> - 2005-12-31 02:17:14
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9363/install_ Added Files: update_to_20195.php Log Message: 2.0.19 --- NEW FILE: update_to_20195.php --- <?php /*************************************************************************** * update_to_20xy.php * ------------------- * begin : Friday, Nov. * copyright : (C) 2005 phpBB-php5 * email : n/a * * $Id: update_to_20195.php,v 1.1 2005/12/31 02:17:06 jelly_doughnut Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // This script is basically phpBB's update_to_20x.php // Except it doesn't have information to upgrade from ancient versions. function _sql($sql, &$errored, &$error_ary, $echo_dot = true) { global $db; if (!($result = $db->sql_query($sql))) { $errored = true; $error_ary['sql'][] = (is_array($sql)) ? $sql[$i] : $sql; $error_ary['error_code'][] = $db->sql_error(); } if ($echo_dot) { echo ". \n"; flush(); } return $result; } @set_time_limit(120); define('IN_PHPBB', 1); $phpbb_root_path = './../'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'config.'.$phpEx); if(!isset($dbms)) { die("Please read: <a href='../docs/INSTALL.html'>INSTALL.html</a> before attempting to update."); } include($phpbb_root_path . 'includes/constants.'.$phpEx); include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/functions_admin.'.$phpEx); include($phpbb_root_path . 'includes/functions_search.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); // // // $updates_to_version = ".0.19"; $update_php5mod_version = ".0.19.5"; // // // ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;"> <meta http-equiv="Content-Style-Type" content="text/css"> <style type="text/css"> <!-- font,th,td,p,body { font-family: "Courier New", courier; font-size: 11pt } a:link,a:active,a:visited { color : #006699; } a:hover { text-decoration: underline; color : #DD6900;} hr { height: 0px; border: solid #D1D7DC 0px; border-top-width: 1px;} .maintitle,h1,h2 {font-weight: bold; font-size: 22px; font-family: "Trebuchet MS",Verdana, Arial, Helvetica, sans-serif; text-decoration: none; line-height : 120%; color : #000000;} .ok {color:green} /* Import the fancy styles for IE only (NS4.x doesn't use the @import function) */ @import url("../templates/subSilver/formIE.css"); --> </style> </head> <body bgcolor="#FFFFFF" text="#000000" link="#006699" vlink="#5584AA"> <table width="100%" border="0" cellspacing="0" cellpadding="10" align="center"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="Forum Home" vspace="1" /></td> <td align="center" width="100%" valign="middle"><span class="maintitle">Updating to latest stable release</span></td> </tr> </table></td> </tr> </table> <br clear="all" /> <h2>Information</h2> <?php echo '<p>Database type :: <b>' . SQL_LAYER . '</b><br />'; $sql = "SELECT config_value FROM " . CONFIG_TABLE . " WHERE config_name = 'version'"; if (!($result = $db->sql_query($sql))) { die("Couldn't obtain version info"); } $row = $db->sql_fetchrow($result); $sql = array(); echo 'Previous version :: <b>2' . $row['config_value'] . '</b><br />'; echo 'Updated version :: <b>2' . $updates_to_version . '</b></p>' ."\n"; echo "<h2>Updating database schema</h2>\n"; echo "<p>Progress :: <b>"; flush(); // // Data updates // unset($sql); $error_ary = array(); $errored = false; echo "<h2>Updating data</h2>\n"; echo "<p>Progress :: <b>"; flush(); if ($row['config_value'] < '.0.14'); { $sql[] = 'ALTER TABLE ' . SESSIONS_TABLE . ' ADD session_admin int(1)'; switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; _sql($sql, $errored, $error_ary); $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; _sql($sql, $errored, $error_ary); $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); } if ($row['config_value'] < '.0.17') { switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id varchar(32) DEFAULT \'0\' NOT NULL, user_id mediumint(8) DEFAULT \'0\' NOT NULL, last_ip varchar(8) DEFAULT \'0\' NOT NULL, last_login int(11) DEFAULT \'0\' NOT NULL, PRIMARY KEY (key_id, user_id), KEY last_login (last_login))'; break; case 'mssql': case 'mssql-odbc': $sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]'; $sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]'; break; case 'msaccess': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) NOT NULL, user_id int NOT NULL, last_ip char(8) NOT NULL, last_login int NOT NULL)'; $sql[] = 'ALTER TABLE ' . $table_prefix . 'sessions_keys ADD PRIMARY KEY (key_id, user_id)'; break; case 'postgresql': $sql[] = 'CREATE TABLE ' . $table_prefix . 'sessions_keys (key_id char(32) DEFAULT \'0\' NOT NULL, user_id int4 DEFAULT \'0\' NOT NULL, last_ip char(8) DEFAULT \'0\' NOT NULL, last_login int4 DEFAULT \'0\' NOT NULL, CONSTRAINT ' . $table_prefix . 'sessions_keys_pkey PRIMARY KEY (key_id, user_id))'; $sql[] = 'CREATE INDEX last_login_' . $table_prefix . 'sessions_keys_index ON ' . $table_prefix . 'sessions_keys (last_login)'; break; } _sql($sql, $errored, $error_ary); $sql = 'UPDATE ' . USERS_TABLE . ' SET user_active = 0 WHERE user_id = ' . ANONYMOUS; _sql($sql, $errored, $error_ary); $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('allow_autologin', '1')"; _sql($sql, $errored, $error_ary); $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_autologin_time', '0')"; _sql($sql, $errored, $error_ary); } if ($row['version'] < '.0.19') { $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('max_login_attempts', '5')"; _sql($sql, $errored, $error_ary); $sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value) VALUES ('login_reset_time', '30')"; _sql($sql, $errored, $error_ary); // Add login columns to user table switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int(11) DEFAULT '0' NOT NULL"; break; case 'postgresql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_login_tries int2"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_login_tries SET DEFAULT '0'"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD COLUMN user_last_login_try int4"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ALTER COLUMN user_last_login_try SET DEFAULT '0'"; break; case 'mssql-odbc': case 'mssql': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_login_tries] DEFAULT (0) FOR [user_login_tries]"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL, CONSTRAINT [DF_" . $table_prefix . "users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try]"; break; case 'msaccess': $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_login_tries smallint NOT NULL"; $sql[] = "ALTER TABLE " . USERS_TABLE . " ADD user_last_login_try int NOT NULL"; break; } } else { echo " No updates were required</b></p>\n"; } echo "<h2>Updating version and optimizing tables</h2>\n"; echo "<p>Progress :: <b>"; flush(); // update the version $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$updates_to_version' WHERE config_name = 'version'"; _sql($sql, $errored, $error_ary); $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$update_php5mod_version' WHERE config_name = 'version5'"; _sql($sql, $errored, $error_ary); // Optimize/vacuum analyze the tables where appropriate // this should be done for each version in future along with // the version number update switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $sql = 'OPTIMIZE TABLE ' . $table_prefix . 'auth_access, ' . $table_prefix . 'banlist, ' . $table_prefix . 'categories, ' . $table_prefix . 'config, ' . $table_prefix . 'disallow, ' . $table_prefix . 'forum_prune, ' . $table_prefix . 'forums, ' . $table_prefix . 'groups, ' . $table_prefix . 'posts, ' . $table_prefix . 'posts_text, ' . $table_prefix . 'privmsgs, ' . $table_prefix . 'privmsgs_text, ' . $table_prefix . 'ranks, ' . $table_prefix . 'search_results, ' . $table_prefix . 'search_wordlist, ' . $table_prefix . 'search_wordmatch, ' . $table_prefix . 'smilies, ' . $table_prefix . 'themes, ' . $table_prefix . 'themes_name, ' . $table_prefix . 'topics, ' . $table_prefix . 'topics_watch, ' . $table_prefix . 'user_group, ' . $table_prefix . 'users, ' . $table_prefix . 'vote_desc, ' . $table_prefix . 'vote_results, ' . $table_prefix . 'vote_voters, ' . $table_prefix . 'words'; _sql($sql, $errored, $error_ary); break; case 'postgresql': _sql("VACUUM ANALYZE", $errored, $error_ary); break; } echo "</b> <b class=\"ok\">Done</b><br />Result :: \n"; if ($errored) { echo " <b>Some queries failed, the statements and errors are listing below</b>\n<ul>"; for ($i = 0; $i < count($error_ary['sql']); $i++) { echo "<li>Error :: <b>" . $error_ary['error_code'][$i]['message'] . "</b><br />"; echo "SQL :: <b>" . $error_ary['sql'][$i] . "</b><br /><br /></li>"; } echo "</ul>\n<p>This is probably nothing to worry about, update will continue. Should this fail to complete you may need to seek help at our development board. See <a href=\"docs\README.html\">README</a> for details on how to obtain advice.</p>\n"; } else { echo "<b>No errors</b>\n"; } echo "<h2>Update completed</h2>\n"; echo "\n<p>You should now visit the General Configuration settings page in the <a href=\"../admin/\">Administration Panel</a> and check the General Configuration of the board. If you updated from versions prior to RC-3 you <b>must</b> update some entries. If you do not do this emails sent from the board will contain incorrect information. Don't forget to delete this file!</p>\n"; ?> <br clear="all" /> </body> </html> |
Update of /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6833/install_/schemas Modified Files: mssql_basic.sql mssql_schema.sql mysql_basic.sql mysql_schema.sql postgres_basic.sql postgres_schema.sql Log Message: 2.0.19 Index: mysql_schema.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mysql_schema.sql,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** mysql_schema.sql 31 Oct 2005 21:35:11 -0000 1.3 --- mysql_schema.sql 31 Dec 2005 02:10:06 -0000 1.4 *************** *** 521,524 **** --- 521,526 ---- user_actkey varchar(32), user_newpasswd varchar(32), + user_last_login_try int(11) NOT NULL DEFAULT '0', + user_login_tries smallint(5) UNSIGNED NOT NULL DEFAULT '0' PRIMARY KEY (user_id), KEY user_session_time (user_session_time) Index: postgres_schema.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/postgres_schema.sql,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** postgres_schema.sql 31 Oct 2005 21:35:11 -0000 1.3 --- postgres_schema.sql 31 Dec 2005 02:10:06 -0000 1.4 *************** *** 511,514 **** --- 511,516 ---- user_actkey varchar(32), user_newpasswd varchar(32), + user_login_tries int2, + user_last_login_try int4 DEFAULT '0', CONSTRAINT phpbb_users_pkey PRIMARY KEY (user_id) ); Index: mssql_schema.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mssql_schema.sql,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** mssql_schema.sql 31 Oct 2005 21:35:11 -0000 1.3 --- mssql_schema.sql 31 Dec 2005 02:10:06 -0000 1.4 *************** *** 370,374 **** [user_actkey] [varchar] (32) NULL , [user_newpasswd] [varchar] (32) NULL , ! [user_notify] [smallint] NOT NULL ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] GO --- 370,376 ---- [user_actkey] [varchar] (32) NULL , [user_newpasswd] [varchar] (32) NULL , ! [user_notify] [smallint] NOT NULL , ! [user_last_login_try] [int] NOT NULL , ! [user_login_tries] [smallint] NOT NULL ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] GO *************** *** 689,693 **** GO ! CREATE INDEX [IX_phpbb_sessions_keys] ON [phpbb_sessions_keys]([last_login]) ON [PRIMARY] GO --- 691,695 ---- GO ! CREATE INDEX [IX_phpbb_sessions_keys_1] ON [phpbb_sessions_keys]([last_login]) ON [PRIMARY] GO Index: postgres_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/postgres_basic.sql,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** postgres_basic.sql 31 Oct 2005 21:35:11 -0000 1.9 --- postgres_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 *************** *** 66,71 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.18.5'); -- Categories --- 66,73 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); -- Categories Index: mysql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mysql_basic.sql,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** mysql_basic.sql 31 Oct 2005 21:35:11 -0000 1.9 --- mysql_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 *************** *** 65,70 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.18.5'); --- 65,72 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); Index: mssql_basic.sql =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/install/schemas/mssql_basic.sql,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** mssql_basic.sql 31 Oct 2005 21:35:11 -0000 1.9 --- mssql_basic.sql 31 Dec 2005 02:10:06 -0000 1.10 *************** *** 72,77 **** INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.18.5'); /* --- 72,79 ---- INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.19'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('version5', '.0.19.5'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30'); ! INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5'); /* |
Update of /cvsroot/phpbb-php5mod/phpbb-php5/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30842/includes Modified Files: bbcode.php functions.php functions_admin.php functions_post.php usercp_avatar.php usercp_confirm.php usercp_register.php Log Message: - 2.0.19 - Some Donut Holes Index: functions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** functions.php 31 Oct 2005 03:18:41 -0000 1.5 --- functions.php 31 Dec 2005 01:35:25 -0000 1.6 *************** *** 104,108 **** FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { --- 104,108 ---- FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { Index: functions_admin.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions_admin.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** functions_admin.php 31 Oct 2005 21:03:26 -0000 1.3 --- functions_admin.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 140,143 **** --- 140,146 ---- } + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + if ($row['total_posts']) { Index: usercp_register.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_register.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** usercp_register.php 31 Oct 2005 21:03:26 -0000 1.8 --- usercp_register.php 31 Dec 2005 01:35:25 -0000 1.9 *************** *** 106,111 **** } ! $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); ! $strip_var_list['confirm_code'] = 'confirm_code'; // Strip all tags from data ... may p**s some people off, bah, strip_tags is --- 106,112 ---- } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! ! $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code'); // Strip all tags from data ... may p**s some people off, bah, strip_tags is *************** *** 293,296 **** --- 294,303 ---- if ($row = $db->sql_fetchrow($result)) { + // Only compare one char if the zlib-extension is not loaded + if (!@extension_loaded('zlib')) + { + $row['code'] = substr($row['code'], -1); + } + if ($row['code'] != $confirm_code) { Index: functions_post.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions_post.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** functions_post.php 31 Oct 2005 03:18:41 -0000 1.3 --- functions_post.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 26,31 **** } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); --- 26,31 ---- } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); *************** *** 214,218 **** // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; --- 214,218 ---- // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, $post_data, &$message, &$meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, $poll_options, $poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; Index: usercp_avatar.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_avatar.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** usercp_avatar.php 31 Oct 2005 03:18:41 -0000 1.6 --- usercp_avatar.php 31 Dec 2005 01:35:25 -0000 1.7 *************** *** 65,74 **** } ! function user_avatar_galleryfunction user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category) { global $board_config; ! $avatar_filename = phpbb_ltrim(basename($avatar_filename), "'"); ! $avatar_category = phpbb_ltrim(basename($avatar_category), "'"); if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename)) --- 65,74 ---- } ! function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category) { global $board_config; ! $avatar_filename = ltrim(basename($avatar_filename), "'"); ! $avatar_category = ltrim(basename($avatar_category), "'"); if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename)) Index: usercp_confirm.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_confirm.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** usercp_confirm.php 19 Jul 2005 23:31:25 -0000 1.3 --- usercp_confirm.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 154,169 **** else { ! if (!empty($_GET['c'])) ! { ! $_png = define_raw_pngs(); ! $char = substr($code, intval($_GET['c']) - 1, 1); ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo base64_decode($_png[$char]); ! unset($_png); ! exit; ! } } --- 154,166 ---- else { ! $_png = define_raw_pngs(); ! $char = substr($code, -1); ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo base64_decode($_png[$char]); ! unset($_png); ! exit; } Index: bbcode.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/bbcode.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** bbcode.php 31 Oct 2005 03:18:41 -0000 1.5 --- bbcode.php 31 Dec 2005 01:35:25 -0000 1.6 *************** *** 201,209 **** // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; --- 201,209 ---- // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; *************** *** 253,257 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. --- 253,257 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]"); // [list] and [list=x] for (un)ordered lists. *************** *** 390,402 **** // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); } } --- 390,402 ---- // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 14)) { ! if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7); } } |
|
From: Josh <jel...@us...> - 2005-12-31 01:35:34
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30842 Modified Files: common.php login.php privmsg.php Log Message: - 2.0.19 - Some Donut Holes Index: login.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/login.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** login.php 31 Oct 2005 03:18:41 -0000 1.5 --- login.php 31 Dec 2005 01:35:25 -0000 1.6 *************** *** 58,62 **** $password = isset($_POST['password']) ? $_POST['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; --- 58,62 ---- $password = isset($_POST['password']) ? $_POST['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; *************** *** 74,77 **** --- 74,91 ---- else { + // If the last login is more than x minutes ago, then reset the login tries/time + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) + { + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); + $row['user_last_login_try'] = $row['user_login_tries'] = 0; + } + + // Check to see if user is allowed to login again... if his tries are exceeded + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && + $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts']) + { + message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); + } + if( md5($password) == $row['user_password'] && $row['user_active'] ) { *************** *** 81,84 **** --- 95,101 ---- $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); + // Reset login tries + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); + if( $session_id ) { *************** *** 93,96 **** --- 110,122 ---- else { + // Save login tries and last login + if ($row['user_id'] != ANONYMOUS) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + } + $redirect = ( !empty($_POST['redirect']) ) ? str_replace('&', '&', htmlspecialchars($_POST['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); Index: privmsg.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/privmsg.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** privmsg.php 31 Oct 2005 03:18:41 -0000 1.7 --- privmsg.php 31 Dec 2005 01:35:25 -0000 1.8 *************** *** 36,41 **** } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); // --- 36,41 ---- } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); // Index: common.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/common.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** common.php 31 Oct 2005 21:03:26 -0000 1.7 --- common.php 31 Dec 2005 01:35:25 -0000 1.8 *************** *** 225,229 **** if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } --- 225,229 ---- if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); } |
|
From: Josh <jel...@us...> - 2005-12-31 01:35:34
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30842/language/lang_english Modified Files: lang_admin.php lang_main.php Log Message: - 2.0.19 - Some Donut Holes Index: lang_main.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/lang_main.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** lang_main.php 31 Oct 2005 03:18:41 -0000 1.3 --- lang_main.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 1016,1019 **** --- 1016,1022 ---- $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.'; + $lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.'; + $lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted'; + // // That's all, Folks! Index: lang_admin.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/language/lang_english/lang_admin.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** lang_admin.php 31 Oct 2005 03:18:41 -0000 1.4 --- lang_admin.php 31 Dec 2005 01:35:25 -0000 1.5 *************** *** 746,749 **** --- 746,757 ---- // + // Login attempts configuration + // + $lang['Max_login_attempts'] = 'Allowed login attempts'; + $lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.'; + $lang['Login_reset_time'] = 'Login lock time'; + $lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.'; + + // // That's all Folks! // ------------------------------------------------- |
Update of /cvsroot/phpbb-php5mod/phpbb-php5/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30842/admin Modified Files: admin_board.php admin_db_utilities.php admin_disallow.php admin_ranks.php admin_styles.php admin_users.php admin_words.php index.php Log Message: - 2.0.19 - Some Donut Holes Index: admin_words.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_words.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** admin_words.php 30 Jul 2004 02:12:37 -0000 1.2 --- admin_words.php 31 Dec 2005 01:35:25 -0000 1.3 *************** *** 26,30 **** { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = "$file"; return; } --- 26,30 ---- { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = $file; return; } Index: admin_db_utilities.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_db_utilities.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_db_utilities.php 22 Feb 2005 01:21:01 -0000 1.3 --- admin_db_utilities.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 694,698 **** } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : ( (isset($_GET['additional_tables'])) ? $_GET['additional_tables'] : "" ); --- 694,698 ---- } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys'); $additional_tables = (isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : ( (isset($_GET['additional_tables'])) ? $_GET['additional_tables'] : "" ); Index: admin_styles.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_styles.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** admin_styles.php 31 Oct 2005 03:18:40 -0000 1.4 --- admin_styles.php 31 Dec 2005 01:35:25 -0000 1.5 *************** *** 28,32 **** $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = "$file"; $module['Styles']['Export'] = "$file?mode=export"; return; --- 28,32 ---- $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = $file; $module['Styles']['Export'] = "$file?mode=export"; return; Index: admin_users.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_users.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** admin_users.php 31 Oct 2005 03:18:40 -0000 1.4 --- admin_users.php 31 Dec 2005 01:35:25 -0000 1.5 *************** *** 1,1154 **** ! <?php ! /*************************************************************************** ! * admin_users.php ! * ------------------- ! * begin : Saturday, Feb 13, 2001 ! * copyright : (C) 2001 The phpBB Group ! * email : su...@ph... ! * ! * $Id$ ! * [...2293 lines suppressed...] ! ! $template->assign_vars(array( ! 'L_USER_TITLE' => $lang['User_admin'], ! 'L_USER_EXPLAIN' => $lang['User_admin_explain'], ! 'L_USER_SELECT' => $lang['Select_a_User'], ! 'L_LOOK_UP' => $lang['Look_up_user'], ! 'L_FIND_USERNAME' => $lang['Find_username'], ! ! 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), ! ! 'S_USER_ACTION' => append_sid("admin_users.$phpEx"), ! 'S_USER_SELECT' => $select_list) ! ); ! $template->pparse('body'); ! ! } ! ! include('./page_footer_admin.'.$phpEx); ! ! ?> Index: index.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/index.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** index.php 31 Oct 2005 03:18:40 -0000 1.4 --- index.php 31 Dec 2005 01:35:25 -0000 1.5 *************** *** 61,65 **** if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include($file); } } --- 61,65 ---- if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include('./' . $file); } } *************** *** 235,239 **** $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.)/", $version) ) { $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname; --- 235,239 ---- $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.|5\.)/", $version) ) { $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname; Index: admin_disallow.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_disallow.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_disallow.php 31 Oct 2005 03:18:40 -0000 1.3 --- admin_disallow.php 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 26,30 **** { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = append_sid($filename); return; --- 26,30 ---- { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = $filename; return; Index: admin_ranks.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_ranks.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** admin_ranks.php 30 Jul 2004 02:12:37 -0000 1.2 --- admin_ranks.php 31 Dec 2005 01:35:25 -0000 1.3 *************** *** 25,29 **** { $file = basename(__FILE__); ! $module['Users']['Ranks'] = "$file"; return; } --- 25,29 ---- { $file = basename(__FILE__); ! $module['Users']['Ranks'] = $file; return; } Index: admin_board.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/admin/admin_board.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** admin_board.php 31 Oct 2005 03:18:40 -0000 1.4 --- admin_board.php 31 Dec 2005 01:35:25 -0000 1.5 *************** *** 17,21 **** { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } --- 17,21 ---- { $file = basename(__FILE__); ! $module['General']['Configuration'] = $file; return; } *************** *** 192,195 **** --- 192,201 ---- "L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'], "L_FLOOD_INTERVAL" => $lang['Flood_Interval'], + 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'], + 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'], + 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'], + 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'], + 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'], + 'LOGIN_RESET_TIME' => $new['login_reset_time'], "L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], "L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], |
|
From: Josh <jel...@us...> - 2005-12-31 01:35:34
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30842/templates/subSilver/admin Modified Files: board_config_body.tpl index_body.tpl Log Message: - 2.0.19 - Some Donut Holes Index: index_body.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/admin/index_body.tpl,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** index_body.tpl 22 Feb 2005 01:21:02 -0000 1.2 --- index_body.tpl 31 Dec 2005 01:35:25 -0000 1.3 *************** *** 44,47 **** --- 44,54 ---- </tr> </table> + + <h1>{L_VERSION_INFORMATION}</h1> + + {VERSION_INFO} + + <br /> + <h1>{L_WHO_IS_ONLINE}</h1> *************** *** 77,83 **** </table> - <h1>{L_VERSION_INFORMATION}</h1> - - {VERSION_INFO} - - <br /> --- 84,85 ---- Index: board_config_body.tpl =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/templates/subSilver/admin/board_config_body.tpl,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** board_config_body.tpl 31 Oct 2005 03:18:41 -0000 1.3 --- board_config_body.tpl 31 Dec 2005 01:35:25 -0000 1.4 *************** *** 57,60 **** --- 57,68 ---- </tr> <tr> + <td class="row1">{L_MAX_LOGIN_ATTEMPTS}<br /><span class="gensmall">{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></td> + <td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></td> + </tr> + <tr> + <td class="row1">{L_LOGIN_RESET_TIME}<br /><span class="gensmall">{L_LOGIN_RESET_TIME_EXPLAIN}</span></td> + <td class="row2"><input class="post" type="text" size="3" maxlength="4" name="login_reset_time" value="{LOGIN_RESET_TIME}" /></td> + </tr> + <tr> <td class="row1">{L_TOPICS_PER_PAGE}</td> <td class="row2"><input class="post" type="text" name="topics_per_page" size="3" maxlength="4" value="{TOPICS_PER_PAGE}" /></td> |
