phpBBHacks.com • phpBB 2.0.3 to 2.0.4 Code Changes : phpBB 2: Fixes and Code Changes

Get Photoshop help and share your work at PhotoshopForums.com

Skip to content

phpBB 2.0.3 to 2.0.4 Code Changes

71 posts • Page 1 of 8 • 1, 2, 3, 4, 5 ... 8

phpBB 2.0.3 to 2.0.4 Code Changes

by Acyd Burn » January 26th 2003, 6:11 pm

Text Version.

These are the changes from phpBB 2.0.3 to phpBB 2.0.4. This might be very helpful if you want to update your Board and have installed a bunch of hacks. Then it's normally easier to apply the code changes than to install all hacks again.

This tutorial is big, really big. If you can avoid a change and if you are able to replace a file directly, do it.

I have placed every file into one single post.

When you find a 'AFTER, ADD'-Statement, the code has to be added after the last line quoted in the 'FIND'-Statement.

When you find a 'BEFORE, ADD'-Statement, the code has to be added before the first line quoted in the 'FIND'-Statement.

When you find a 'REPLACE WITH'-Statement, the code quoted in the 'FIND'-Statement has to be replaced completely with the quoted code in the 'REPLACE WITH'-Statement.

When you find a 'DELETE'-Statement, the code has to be deleted.

After you have finished this tutorial, you have to upload the update_to_204.php file to the install folder, run it and then delete it from your webspace.

Ok, lets start:

Last edited by Acyd Burn on February 25th 2003, 1:55 pm, edited 1 time in total.

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

privmsg.php

by Acyd Burn » January 26th 2003, 6:14 pm

admin/admin_board.php

FIND - Line 50

Code: Select all


		
		$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];

AFTER, ADD

Code: Select all


		if ($config_name == 'cookie_name')
		{
			$cookie_name = str_replace('.', '_', $new['cookie_name']);
		}

FIND - Line 76

Code: Select all


$lang_select = language_select($new['default_lang'], 'default_lang', "../language");

REPLACE WITH

Code: Select all


$lang_select = language_select($new['default_lang'], 'default_lang', "language");

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:17 pm

admin/admin_db_utilities.php

FIND - Line 37

Code: Select all


	if(@phpversion() >= '4.0.0')
	{	
		$file_uploads = @ini_get('file_uploads');
	}
	else
	{
		$file_uploads = @get_cfg_var('file_uploads');
	}

	if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )

REPLACE WITH

Code: Select all



	$file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads');

	if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )

FIND - Line 569

Code: Select all


	//
	// Grab the data from the table.
	//
	$result = $db->sql_query("SELECT * FROM $table");

	if (!$result)
	{
		message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
	}

	if($db->sql_numrows($result) > 0)
	{
		$schema_insert = "\n#\n# Table Data for $table\n#\n";
	}
	else
	{
		$schema_insert = "";
	}

	$handler($schema_insert);

	//
	// Loop through the resulting rows and build the sql statement.
	//

	while ($row = $db->sql_fetchrow($result))
	{
		$table_list = '(';
		$num_fields = $db->sql_numfields($result);
		//
		// Grab the list of field names.
		//
		for ($j = 0; $j < $num_fields; $j++)
		{
			$table_list .= $db->sql_fieldname($j, $result) . ', ';
		}
		//
		// Get rid of the last comma
		//
		$table_list = ereg_replace(', $', '', $table_list);
		$table_list .= ')';
		//
		// Start building the SQL statement.
		//
		$schema_insert = "INSERT INTO $table $table_list VALUES(";
		//
		// Loop through the rows and fill in data for each column
		//
		for ($j = 0; $j < $num_fields; $j++)
		{
			if(!isset($row[$j]))

REPLACE WITH

Code: Select all



	// Grab the data from the table.
	if (!($result = $db->sql_query("SELECT * FROM $table")))
	{
		message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
	}

	// Loop through the resulting rows and build the sql statement.
	if ($row = $db->sql_fetchrow($result))
	{
		$handler("\n#\n# Table Data for $table\n#\n");
		$field_names = array();

		// Grab the list of field names.
		$num_fields = $db->sql_numfields($result);
		$table_list = '(';
		for ($j = 0; $j < $num_fields; $j++)
		{
			$field_names[$j] = $db->sql_fieldname($j, $result);
			$table_list .= (($j > 0) ? ', ' : '') . $field_names[$j];
			
		}
		$table_list .= ')';

		do
		{
			// Start building the SQL statement.
			$schema_insert = "INSERT INTO $table $table_list VALUES(";

			// Loop through the rows and fill in data for each column
			for ($j = 0; $j < $num_fields; $j++)
			{
				$schema_insert .= ($j > 0) ? ', ' : '';

				if(!isset($row[$field_names[$j]]))

FIND - Line 611

Code: Select all


				$schema_insert .= ' NULL,';
			}
			elseif ($row[$j] != '')
			{
				$schema_insert .= ' \'' . addslashes($row[$j]) . '\',';
			}
			else
			{
				$schema_insert .= '\'\',';
			}
		}
		//
		// Get rid of the the last comma.
		//
		$schema_insert = ereg_replace(',$', '', $schema_insert);
		$schema_insert .= ');';
		//
		// Go ahead and send the insert statement to the handler function.
		//
		$handler(trim($schema_insert));

	}

REPLACE WITH

Code: Select all


					$schema_insert .= 'NULL';
				}
				elseif ($row[$field_names[$j]] != '')
				{
					$schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\'';
				}
				else
				{
					$schema_insert .= '\'\'';
				}
			}

			$schema_insert .= ');';

			// Go ahead and send the insert statement to the handler function.
			$handler(trim($schema_insert));

		}
		while ($row = $db->sql_fetchrow($result));
	}

FIND - Line 660

Code: Select all


			if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' )
			{
				switch(SQL_LAYER)
				{
					case 'oracle':
						$db_type = "Oracle";
						break;
					case 'odbc':
						$db_type = "ODBC";
						break;
					case 'mssql':
						$db_type = "MSSQL";
						break;
				}

REPLACE WITH

Code: Select all


			$error = false;
			switch(SQL_LAYER)
			{
				case 'oracle':
					$error = true;
					break;
				case 'db2':
					$error = true;
					break;
				case 'msaccess':
					$error = true;
					break;
				case 'mssql':
				case 'mssql-odbc':
					$error = true;
					break;
			}

			if ($error)
			{

FIND - Line 693

Code: Select all


				$template->pparse("body");

				break;
			}

REPLACE WITH

Code: Select all


				$template->pparse("body");

				include('./page_footer_admin.'.$phpEx);
			}

FIND - Line 763

Code: Select all


					"META" => "<meta http-equiv=\"refresh\" content=\"2;url=admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1\">",

REPLACE WITH

Code: Select all


					"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1") . '">',

FIND - Line 819

Code: Select all


				if(SQL_LAYER != 'mysql4')
				{
					$table_def_function = "get_table_def_" . SQL_LAYER;
					$table_content_function = "get_table_content_" . SQL_LAYER;
				}
				else
				{
					$table_def_function = "get_table_def_mysql";
					$table_content_function = "get_table_content_mysql";

REPLACE WITH

Code: Select all



				switch (SQL_LAYER)
				{
					case 'postgresql':
						$table_def_function = "get_table_def_postgresql";
						$table_content_function = "get_table_content_postgresql";
						break;

					case 'mysql':
					case 'mysql4':
						$table_def_function = "get_table_def_mysql";
						$table_content_function = "get_table_content_mysql";
						break;

FIND - Line 906

Code: Select all


				if( file_exists($backup_file_tmpname) )

REPLACE WITH

Code: Select all


				if( file_exists(phpbb_realpath($backup_file_tmpname)) )

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:18 pm

admin/admin_disallow.php

FIND - Line 44

Code: Select all


	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];

REPLACE WITH

Code: Select all


	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);

	if ($disallowed_user == '')
	{
		message_die(MESSAGE, $lang['Fields_empty']);
	}

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:19 pm

admin/admin_forum_prune.php

FIND - Line 171

Code: Select all


		$prune_data .= '<input type="text" name="prunedays" size="4"> ' . $lang['Days'];

		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';

REPLACE WITH

Code: Select all


		$prune_data .= '<input class="post" type="text" name="prunedays" size="4"> ' . $lang['Days'];

		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:19 pm

admin/admin_forums.php

FIND - Line 46

Code: Select all


	"auth_sticky" => AUTH_REG,

REPLACE WITH

Code: Select all


	"auth_sticky" => AUTH_MOD,

FIND - Line 304

Code: Select all


			$catlist = get_list('category', $cat_id, TRUE);

			$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";

AFTER, ADD

Code: Select all


			
			// These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from
			// the language files.
			$lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked';
			$lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked';

FIND - Line 612

Code: Select all


				include($phpbb_root_path . "includes/prune.$phpEx");
				prune($from_id, 0); // Delete everything from forum

REPLACE WITH

Code: Select all


				// Delete polls in this forum
				$sql = "SELECT v.vote_id 
					FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t 
					WHERE t.forum_id = $from_id 
						AND v.topic_id = t.topic_id";
				if (!($result = $db->sql_query($sql)))
				{
					message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql);
				}

				if ($row = $db->sql_fetchrow($result))
				{
					$vote_ids = '';
					do
					{
						$vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
					}
					while ($row = $db->sql_fetchrow($result));

					$sql = "DELETE FROM " . VOTE_DESC_TABLE . " 
						WHERE vote_id IN ($vote_ids)";
					$db->sql_query($sql);

					$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 
						WHERE vote_id IN ($vote_ids)";
					$db->sql_query($sql);

					$sql = "DELETE FROM " . VOTE_USERS_TABLE . " 
						WHERE vote_id IN ($vote_ids)";
					$db->sql_query($sql);
				}
				$db->sql_freeresult($result);
				
				include($phpbb_root_path . "includes/prune.$phpEx");
				prune($from_id, 0, true); // Delete everything from forum

FIND - Line 679

Code: Select all


				sync('forum', $to_id);
			}

AFTER, ADD

Code: Select all


			// Alter Mod level if appropriate - 2.0.4
			$sql = "SELECT ug.user_id 
				FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 
				WHERE a.forum_id <> $from_id 
					AND a.auth_mod = 1
					AND ug.group_id = a.group_id";
			if( !$result = $db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
			}

			if ($row = $db->sql_fetchrow($result))
			{
				$user_ids = '';
				do
				{
					$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
				}
				while ($row = $db->sql_fetchrow($result));

				$sql = "SELECT ug.user_id 
					FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 
					WHERE a.forum_id = $from_id 
						AND a.auth_mod = 1 
						AND ug.group_id = a.group_id
						AND ug.user_id NOT IN ($user_ids)";
				if( !$result2 = $db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
				}
					
				if ($row = $db->sql_fetchrow($result2))
				{
					$user_ids = '';
					do
					{
						$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
					}
					while ($row = $db->sql_fetchrow($result2));

					$sql = "UPDATE " . USERS_TABLE . " 
						SET user_level = " . USER . " 
						WHERE user_id IN ($user_ids) 
							AND user_level <> " . ADMIN;
					$db->sql_query($sql);
				}
				$db->sql_freeresult($result);

			}
			$db->sql_freeresult($result2);

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:20 pm

admin/admin_ranks.php

FIND - Line 164

Code: Select all


			}
		}

		if( $rank_id )
		{

REPLACE WITH

Code: Select all


			}
		}

		if( $rank_id )
		{
			if (!$special_rank)
			{
				$sql = "UPDATE " . USERS_TABLE . " 
					SET user_rank = 0 
					WHERE user_rank = $rank_id";

				if( !$result = $db->sql_query($sql) ) 
				{
					message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
				}
			}

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:21 pm

admin/admin_smilies.php

FIND - Line 75

Code: Select all


	if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) )

REPLACE WITH

Code: Select all


	if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) )

FIND - Line 242

Code: Select all


			message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);

REPLACE WITH

Code: Select all


			message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql);

FIND - Line 402

Code: Select all


			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);

REPLACE WITH

Code: Select all


			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);

			// If no code was entered complain ...
			if ($smile_code == '' || $smile_url == '')
			{
				message_die(MESSAGE, $lang['Fields_empty']);
			}

FIND - Line 425

Code: Select all


			$result = $db->sql_query($sql);
			if( !$result )

REPLACE WITH

Code: Select all


			if( !($result = $db->sql_query($sql)) )

FIND - Line 448

Code: Select all


			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];

AFTER, ADD

Code: Select all


			// If no code was entered complain ...
			if ($smile_code == '' || $smile_url == '')
			{
				message_die(MESSAGE, $lang['Fields_empty']);
			}

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:22 pm

admin/admin_styles.php

FIND - Line 46

Code: Select all


}

if( $cancel )
{
	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
	header($header_location  . append_sid("admin_styles.$phpEx"));
	exit;

REPLACE WITH

Code: Select all


}

if ($cancel)
{
	redirect('admin/' . append_sid("admin_styles.$phpEx", true));

FIND - Line 135

Code: Select all


					if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
					{
						if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") )

REPLACE WITH

Code: Select all


					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
					{
						if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) )

FIND - Line 552

Code: Select all


					if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' . $file) && $file != "." && $file != ".." && $file != "CVS" )

REPLACE WITH

Code: Select all


					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" )

FIND - Line 751

Code: Select all


				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;

REPLACE WITH

Code: Select all


				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input class="mainoption" type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;

FIND - Line 793

Code: Select all


					if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' .$file) && $file != "." && $file != ".." && $file != "CVS" )

REPLACE WITH

Code: Select all


					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" )

FIND - Line 933

Code: Select all


if( !$HTTP_POST_VARS['send_file'] )

REPLACE WITH

Code: Select all


if (empty($HTTP_POST_VARS['send_file']))

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

by Acyd Burn » January 26th 2003, 6:22 pm

admin/admin_users.php

FIND - Line 41

Code: Select all


require($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);

AFTER, ADD

Code: Select all


$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('<', '>');

FIND - Line 68

Code: Select all


		$this_userdata = get_userdata($user_id);
		if( !$this_userdata )
		{
			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
		}

REPLACE WITH

Code: Select all


		if (!($this_userdata = get_userdata($user_id)))
		{
			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
		}

		if( $HTTP_POST_VARS['deleteuser'] )
		{
			$sql = "SELECT g.group_id 
				FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g  
				WHERE ug.user_id = $user_id 
					AND g.group_id = ug.group_id 
					AND g.group_single_user = 1";
			if( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
			}

			$row = $db->sql_fetchrow($result);
			
			$sql = "UPDATE " . POSTS_TABLE . "
				SET poster_id = " . DELETED . ", post_username = '$username' 
				WHERE poster_id = $user_id";
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
			}

			$sql = "UPDATE " . TOPICS_TABLE . "
				SET topic_poster = " . DELETED . " 
				WHERE topic_poster = $user_id";
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
			}
			
			$sql = "UPDATE " . VOTE_USERS_TABLE . "
				SET vote_user_id = " . DELETED . "
				WHERE vote_user_id = $user_id";
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
			}
			
			$sql = "SELECT group_id
				FROM " . GROUPS_TABLE . "
				WHERE group_moderator = $user_id";
			if( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
			}
			
			while ( $row_group = $db->sql_fetchrow($result) )
			{
				$group_moderator[] = $row_group['group_id'];
			}
			
			if ( count($group_moderator) )
			{
				$update_moderator_id = implode(', ', $group_moderator);
				
				$sql = "UPDATE " . GROUPS_TABLE . "
					SET group_moderator = " . $userdata['user_id'] . "
					WHERE group_moderator IN ($update_moderator_id)";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
				}
			}

			$sql = "DELETE FROM " . USERS_TABLE . "
				WHERE user_id = $user_id";
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
			}

			$sql = "DELETE FROM " . USER_GROUP_TABLE . "
				WHERE user_id = $user_id";
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
			}

			$sql = "DELETE FROM " . GROUPS_TABLE . "
				WHERE group_id = " . $row['group_id'];
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
			}

			$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
				WHERE group_id = " . $row['group_id'];
			if( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
			}

			$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
				WHERE user_id = $user_id";
			if ( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
			}
			
			$sql = "DELETE FROM " . BANLIST_TABLE . "
				WHERE ban_userid = $user_id";
			if ( !$db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
			}

			$sql = "SELECT privmsgs_id
				FROM " . PRIVMSGS_TABLE . "
				WHERE privmsgs_from_userid = $user_id 
					OR privmsgs_to_userid = $user_id";
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
			}

			// This little bit of code directly from the private messaging section.
			while ( $row_privmsgs = $db->sql_fetchrow($result) )
			{
				$mark_list[] = $row_privmsgs['privmsgs_id'];
			}
			
			if ( count($mark_list) )
			{
				$delete_sql_id = implode(', ', $mark_list);
				
				$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
					WHERE privmsgs_text_id IN ($delete_sql_id)";
				$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
					WHERE privmsgs_id IN ($delete_sql_id)";
				
				if ( !$db->sql_query($delete_sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
				}
				
				if ( !$db->sql_query($delete_text_sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
				}
			}

			$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

			message_die(GENERAL_MESSAGE, $message);
		}

FIND - Line 280

Code: Select all


			$aim = stripslashes($aim);
			$msn = stripslashes($msn);
			$yim = stripslashes($yim);

			$website = stripslashes($website);
			$location = stripslashes($location);
			$occupation = stripslashes($occupation);
			$interests = stripslashes($interests);
			$signature = stripslashes($signature);

			$user_lang = stripslashes($user_lang);
			$user_dateformat = stripslashes($user_dateformat);

REPLACE WITH

Code: Select all


			$aim = htmlspecialchars(stripslashes($aim));
			$msn = htmlspecialchars(stripslashes($msn));
			$yim = htmlspecialchars(stripslashes($yim));

			$website = htmlspecialchars(stripslashes($website));
			$location = htmlspecialchars(stripslashes($location));
			$occupation = htmlspecialchars(stripslashes($occupation));
			$interests = htmlspecialchars(stripslashes($interests));
			$signature = htmlspecialchars(stripslashes($signature));

			$user_lang = stripslashes($user_lang);
			$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));

FIND - Line 382

Code: Select all


				if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )

REPLACE WITH

Code: Select all


				if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )

FIND - Line 407

Code: Select all


				if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
				{
					if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0)

REPLACE WITH

Code: Select all


				if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
				{
					if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0)

FIND - Line 450

Code: Select all


									if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )

REPLACE WITH

Code: Select all


									if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )

FIND - Line 559

Code: Select all


											if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )

REPLACE WITH

Code: Select all


											if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )

FIND AND REMOVE - Line 646

Code: Select all


			if( $HTTP_POST_VARS['deleteuser'] )
			{
				$sql = "SELECT g.group_id 
					FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g  
					WHERE ug.user_id = $user_id 
						AND g.group_id = ug.group_id 
						AND g.group_single_user = 1";
				if( !($result = $db->sql_query($sql)) )
				{
					message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
				}

				$row = $db->sql_fetchrow($result);
				
				$sql = "UPDATE " . POSTS_TABLE . "
					SET poster_id = " . DELETED . ", post_username = '$username' 
					WHERE poster_id = $user_id";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
				}

				$sql = "UPDATE " . TOPICS_TABLE . "
					SET topic_poster = " . DELETED . " 
					WHERE topic_poster = $user_id";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
				}
				
				$sql = "UPDATE " . VOTE_USERS_TABLE . "
					SET vote_user_id = " . DELETED . "
					WHERE vote_user_id = $user_id";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
				}
				
				$sql = "SELECT group_id
					FROM " . GROUPS_TABLE . "
					WHERE group_moderator = $user_id";
				if( !($result = $db->sql_query($sql)) )
				{
					message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
				}
				
				while ( $row_group = $db->sql_fetchrow($result) )
				{
					$group_moderator[] = $row_group['group_id'];
				}
				
				if ( count($group_moderator) )
				{
					$update_moderator_id = implode(', ', $group_moderator);
					
					$sql = "UPDATE " . GROUPS_TABLE . "
						SET group_moderator = " . $userdata['user_id'] . "
						WHERE group_moderator IN ($update_moderator_id)";
					if( !$db->sql_query($sql) )
					{
						message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
					}
				}

				$sql = "DELETE FROM " . USERS_TABLE . "
					WHERE user_id = $user_id";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
				}

				$sql = "DELETE FROM " . USER_GROUP_TABLE . "
					WHERE user_id = $user_id";
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
				}

				$sql = "DELETE FROM " . GROUPS_TABLE . "
					WHERE group_id = " . $row['group_id'];
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
				}

				$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
					WHERE group_id = " . $row['group_id'];
				if( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
				}

				$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
					WHERE user_id = $user_id";
				if ( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
				}

				$sql = "SELECT privmsgs_id
					FROM " . PRIVMSGS_TABLE . "
					WHERE ( ( privmsgs_from_userid = $user_id 
							AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
						OR ( privmsgs_from_userid = $user_id
							AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
						OR ( privmsgs_to_userid = $user_id
							AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
						OR ( privmsgs_to_userid = $user_id
							AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
						OR ( privmsgs_from_userid = $user_id
							AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
				if ( !($result = $db->sql_query($sql)) )
				{
					message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
				}
				
				//
				// This little bit of code directly from the private messaging section.
				// Thanks Paul!
				//
				
				while ( $row_privmsgs = $db->sql_fetchrow($result) )
				{
					$mark_list[] = $row_privmsgs['privmsgs_id'];
				}
				
				if ( count($mark_list) )
				{
					$delete_sql_id = implode(', ', $mark_list);
					
					//
					// We shouldn't need to worry about updating conters here...
					// They are already gone!
					//
					
					$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
						WHERE privmsgs_text_id IN ($delete_sql_id)";
					$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
						WHERE privmsgs_id IN ($delete_sql_id)";
					
					//
					// Shouldn't need the switch statement here, either, as we just want
					// to take out all of the private messages.  This will not affect
					// the other messages we want to keep; the ids are unique.
					//
					
					if ( !$db->sql_query($delete_sql) )
					{
						message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
					}
					
					if ( !$db->sql_query($delete_text_sql) )
					{
						message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
					}
				}
				
				$sql = "UPDATE " . PRIVMSGS_TABLE . "
					SET privmsgs_to_userid = " . DELETED . "
					WHERE privmsgs_to_userid = $user_id";
				if ( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
				}
				
				$sql = "UPDATE " . PRIVMSGS_TABLE . "
					SET privmsgs_from_userid = " . DELETED . "
					WHERE privmsgs_from_userid = $user_id";
				if ( !$db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
				}

				$message = $lang['User_deleted'];

			}
			else
			{

FIND - Line 669

Code: Select all


					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
				}
			}

			$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

REPLACE WITH

Code: Select all


					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
				}

			$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

FIND - Line 686

Code: Select all


			$username = stripslashes($username);
			$email = stripslashes($email);
			$password = '';
			$password_confirm = '';

			$icq = stripslashes($icq);
			$aim = str_replace('+', ' ', stripslashes($aim));
			$msn = stripslashes($msn);
			$yim = stripslashes($yim);

			$website = stripslashes($website);
			$location = stripslashes($location);
			$occupation = stripslashes($occupation);
			$interests = stripslashes($interests);
			$signature = stripslashes($signature);

			$user_lang = stripslashes($user_lang);
			$user_dateformat = stripslashes($user_dateformat);

REPLACE WITH

Code: Select all


			$username = htmlspecialchars(stripslashes($username));
			$email = stripslashes($email);
			$password = '';
			$password_confirm = '';

			$icq = stripslashes($icq);
			$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
			$msn = htmlspecialchars(stripslashes($msn));
			$yim = htmlspecialchars(stripslashes($yim));

			$website = htmlspecialchars(stripslashes($website));
			$location = htmlspecialchars(stripslashes($location));
			$occupation = htmlspecialchars(stripslashes($occupation));
			$interests = htmlspecialchars(stripslashes($interests));
			$signature = htmlspecialchars(stripslashes($signature));

			$user_lang = stripslashes($user_lang);
			$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));

FIND - Line 719

Code: Select all


			$this_userdata = get_userdata( $HTTP_POST_VARS['username'] );

REPLACE WITH

Code: Select all


			$this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));

FIND - Line 730

Code: Select all


		$username = $this_userdata['username'];
		$email = $this_userdata['user_email'];
		$password = '';
		$password_confirm = '';

		$icq = $this_userdata['user_icq'];
		$aim = str_replace('+', ' ', $this_userdata['user_aim'] );
		$msn = $this_userdata['user_msnm'];
		$yim = $this_userdata['user_yim'];

		$website = $this_userdata['user_website'];
		$location = $this_userdata['user_from'];
		$occupation = $this_userdata['user_occ'];
		$interests = $this_userdata['user_interests'];
		$signature = $this_userdata['user_sig'];

REPLACE WITH

Code: Select all


		$username = htmlspecialchars($this_userdata['username']);
		$email = $this_userdata['user_email'];
		$password = '';
		$password_confirm = '';

		$icq = $this_userdata['user_icq'];
		$aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] ));
		$msn = htmlspecialchars($this_userdata['user_msnm']);
		$yim = htmlspecialchars($this_userdata['user_yim']);

		$website = htmlspecialchars($this_userdata['user_website']);
		$location = htmlspecialchars($this_userdata['user_from']);
		$occupation = htmlspecialchars($this_userdata['user_occ']);
		$interests = htmlspecialchars($this_userdata['user_interests']);

		$signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig'];
		$signature = preg_replace($html_entities_match, $html_entities_replace, $signature);

FIND - Line 763

Code: Select all


		$user_dateformat = $this_userdata['user_dateformat'];

REPLACE WITH

Code: Select all


		$user_dateformat = htmlspecialchars($this_userdata['user_dateformat']);

FIND - Line 791

Code: Select all


				if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) )

REPLACE WITH

Code: Select all


				if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) )

FIND AND REMOVE- Line 955

Code: Select all


		$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);

FIND - Line 997

Code: Select all


			'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'),

REPLACE WITH

Code: Select all


			'LANGUAGE_SELECT' => language_select($user_lang),

FIND - Line 1081

Code: Select all


		if( file_exists('./../' . $board_config['avatar_path'] ) && ($board_config['allow_avatar_upload'] == TRUE) )

REPLACE WITH

Code: Select all


		if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) )

FIND - Line 1090

Code: Select all


		if( file_exists('./../' . $board_config['avatar_gallery_path'] ) && ($board_config['allow_avatar_local'] == TRUE) )

REPLACE WITH

Code: Select all


		if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) )

Acyd Burn: Consultant; Posts: 650; Joined: April 19th 2002, 7:00 pm; Location: Germany (Oldb)

71 posts • Page 1 of 8 • 1, 2, 3, 4, 5 ... 8

Return to phpBB 2: Fixes and Code Changes

Jump to:

Who is online

Users browsing this forum: No registered users and 0 guests