phpBBHacks.com, the place for phpBB users

Bookmark and Share

phpBB 2.0.3 to 2.0.4 Code Changes

phpBB 2.0.3 to 2.0.4 Code Changes

Postby Acyd Burn » January 26th 2003, 6:11 pm

Text Version.

These are the changes from phpBB 2.0.3 to phpBB 2.0.4. This might be very helpful if you want to update your Board and have installed a bunch of hacks. Then it's normally easier to apply the code changes than to install all hacks again.

This tutorial is big, really big. If you can avoid a change and if you are able to replace a file directly, do it. ;)

I have placed every file into one single post.

When you find a 'AFTER, ADD'-Statement, the code has to be added after the last line quoted in the 'FIND'-Statement.

When you find a 'BEFORE, ADD'-Statement, the code has to be added before the first line quoted in the 'FIND'-Statement.

When you find a 'REPLACE WITH'-Statement, the code quoted in the 'FIND'-Statement has to be replaced completely with the quoted code in the 'REPLACE WITH'-Statement.

When you find a 'DELETE'-Statement, the code has to be deleted.

After you have finished this tutorial, you have to upload the update_to_204.php file to the install folder, run it and then delete it from your webspace.

Ok, lets start:
Last edited by Acyd Burn on February 25th 2003, 1:55 pm, edited 1 time in total.
User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

privmsg.php

Postby Acyd Burn » January 26th 2003, 6:14 pm

  • admin/admin_board.php
  1. FIND - Line 50
    Code: Select all
    
    		
    		$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
    
    


    AFTER, ADD
    Code: Select all
    
    		if ($config_name == 'cookie_name')
    		{
    			$cookie_name = str_replace('.', '_', $new['cookie_name']);
    		}
    
    

  2. FIND - Line 76
    Code: Select all
    
    $lang_select = language_select($new['default_lang'], 'default_lang', "../language");
    


    REPLACE WITH
    Code: Select all
    
    $lang_select = language_select($new['default_lang'], 'default_lang', "language");
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:17 pm

  • admin/admin_db_utilities.php
  1. FIND - Line 37
    Code: Select all
    
    	if(@phpversion() >= '4.0.0')
    	{	
    		$file_uploads = @ini_get('file_uploads');
    	}
    	else
    	{
    		$file_uploads = @get_cfg_var('file_uploads');
    	}
    
    	if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
    


    REPLACE WITH
    Code: Select all
    
    
    	$file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads');
    
    	if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
    

  2. FIND - Line 569
    Code: Select all
    
    	//
    	// Grab the data from the table.
    	//
    	$result = $db->sql_query("SELECT * FROM $table");
    
    	if (!$result)
    	{
    		message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
    	}
    
    	if($db->sql_numrows($result) > 0)
    	{
    		$schema_insert = "\n#\n# Table Data for $table\n#\n";
    	}
    	else
    	{
    		$schema_insert = "";
    	}
    
    	$handler($schema_insert);
    
    	//
    	// Loop through the resulting rows and build the sql statement.
    	//
    
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$table_list = '(';
    		$num_fields = $db->sql_numfields($result);
    		//
    		// Grab the list of field names.
    		//
    		for ($j = 0; $j < $num_fields; $j++)
    		{
    			$table_list .= $db->sql_fieldname($j, $result) . ', ';
    		}
    		//
    		// Get rid of the last comma
    		//
    		$table_list = ereg_replace(', $', '', $table_list);
    		$table_list .= ')';
    		//
    		// Start building the SQL statement.
    		//
    		$schema_insert = "INSERT INTO $table $table_list VALUES(";
    		//
    		// Loop through the rows and fill in data for each column
    		//
    		for ($j = 0; $j < $num_fields; $j++)
    		{
    			if(!isset($row[$j]))
    


    REPLACE WITH
    Code: Select all
    
    
    	// Grab the data from the table.
    	if (!($result = $db->sql_query("SELECT * FROM $table")))
    	{
    		message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
    	}
    
    	// Loop through the resulting rows and build the sql statement.
    	if ($row = $db->sql_fetchrow($result))
    	{
    		$handler("\n#\n# Table Data for $table\n#\n");
    		$field_names = array();
    
    		// Grab the list of field names.
    		$num_fields = $db->sql_numfields($result);
    		$table_list = '(';
    		for ($j = 0; $j < $num_fields; $j++)
    		{
    			$field_names[$j] = $db->sql_fieldname($j, $result);
    			$table_list .= (($j > 0) ? ', ' : '') . $field_names[$j];
    			
    		}
    		$table_list .= ')';
    
    		do
    		{
    			// Start building the SQL statement.
    			$schema_insert = "INSERT INTO $table $table_list VALUES(";
    
    			// Loop through the rows and fill in data for each column
    			for ($j = 0; $j < $num_fields; $j++)
    			{
    				$schema_insert .= ($j > 0) ? ', ' : '';
    
    				if(!isset($row[$field_names[$j]]))
    

  3. FIND - Line 611
    Code: Select all
    
    				$schema_insert .= ' NULL,';
    			}
    			elseif ($row[$j] != '')
    			{
    				$schema_insert .= ' \'' . addslashes($row[$j]) . '\',';
    			}
    			else
    			{
    				$schema_insert .= '\'\',';
    			}
    		}
    		//
    		// Get rid of the the last comma.
    		//
    		$schema_insert = ereg_replace(',$', '', $schema_insert);
    		$schema_insert .= ');';
    		//
    		// Go ahead and send the insert statement to the handler function.
    		//
    		$handler(trim($schema_insert));
    
    	}
    


    REPLACE WITH
    Code: Select all
    
    					$schema_insert .= 'NULL';
    				}
    				elseif ($row[$field_names[$j]] != '')
    				{
    					$schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\'';
    				}
    				else
    				{
    					$schema_insert .= '\'\'';
    				}
    			}
    
    			$schema_insert .= ');';
    
    			// Go ahead and send the insert statement to the handler function.
    			$handler(trim($schema_insert));
    
    		}
    		while ($row = $db->sql_fetchrow($result));
    	}
    
    

  4. FIND - Line 660
    Code: Select all
    
    			if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' )
    			{
    				switch(SQL_LAYER)
    				{
    					case 'oracle':
    						$db_type = "Oracle";
    						break;
    					case 'odbc':
    						$db_type = "ODBC";
    						break;
    					case 'mssql':
    						$db_type = "MSSQL";
    						break;
    				}
    
    


    REPLACE WITH
    Code: Select all
    
    			$error = false;
    			switch(SQL_LAYER)
    			{
    				case 'oracle':
    					$error = true;
    					break;
    				case 'db2':
    					$error = true;
    					break;
    				case 'msaccess':
    					$error = true;
    					break;
    				case 'mssql':
    				case 'mssql-odbc':
    					$error = true;
    					break;
    			}
    
    			if ($error)
    			{
    

  5. FIND - Line 693
    Code: Select all
    
    				$template->pparse("body");
    
    				break;
    			}
    


    REPLACE WITH
    Code: Select all
    
    				$template->pparse("body");
    
    				include('./page_footer_admin.'.$phpEx);
    			}
    

  6. FIND - Line 763
    Code: Select all
    
    					"META" => "<meta http-equiv=\"refresh\" content=\"2;url=admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1\">",
    


    REPLACE WITH
    Code: Select all
    
    					"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1") . '">',
    

  7. FIND - Line 819
    Code: Select all
    
    				if(SQL_LAYER != 'mysql4')
    				{
    					$table_def_function = "get_table_def_" . SQL_LAYER;
    					$table_content_function = "get_table_content_" . SQL_LAYER;
    				}
    				else
    				{
    					$table_def_function = "get_table_def_mysql";
    					$table_content_function = "get_table_content_mysql";
    


    REPLACE WITH
    Code: Select all
    
    
    				switch (SQL_LAYER)
    				{
    					case 'postgresql':
    						$table_def_function = "get_table_def_postgresql";
    						$table_content_function = "get_table_content_postgresql";
    						break;
    
    					case 'mysql':
    					case 'mysql4':
    						$table_def_function = "get_table_def_mysql";
    						$table_content_function = "get_table_content_mysql";
    						break;
    

  8. FIND - Line 906
    Code: Select all
    
    				if( file_exists($backup_file_tmpname) )
    


    REPLACE WITH
    Code: Select all
    
    				if( file_exists(phpbb_realpath($backup_file_tmpname)) )
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:18 pm

  • admin/admin_disallow.php
  1. FIND - Line 44
    Code: Select all
    
    	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
    
    


    REPLACE WITH
    Code: Select all
    
    	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
    
    	if ($disallowed_user == '')
    	{
    		message_die(MESSAGE, $lang['Fields_empty']);
    	}
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:19 pm

  • admin/admin_forum_prune.php
  1. FIND - Line 171
    Code: Select all
    
    		$prune_data .= '<input type="text" name="prunedays" size="4"> ' . $lang['Days'];
    
    		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';
    


    REPLACE WITH
    Code: Select all
    
    		$prune_data .= '<input class="post" type="text" name="prunedays" size="4"> ' . $lang['Days'];
    
    		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:19 pm

  • admin/admin_forums.php
  1. FIND - Line 46
    Code: Select all
    
    	"auth_sticky" => AUTH_REG, 
    


    REPLACE WITH
    Code: Select all
    
    	"auth_sticky" => AUTH_MOD, 
    

  2. FIND - Line 304
    Code: Select all
    
    			$catlist = get_list('category', $cat_id, TRUE);
    
    			$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";
    


    AFTER, ADD
    Code: Select all
    
    			
    			// These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from
    			// the language files.
    			$lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked';
    			$lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked';
    			
    

  3. FIND - Line 612
    Code: Select all
    
    				include($phpbb_root_path . "includes/prune.$phpEx");
    				prune($from_id, 0); // Delete everything from forum
    


    REPLACE WITH
    Code: Select all
    
    				// Delete polls in this forum
    				$sql = "SELECT v.vote_id 
    					FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t 
    					WHERE t.forum_id = $from_id 
    						AND v.topic_id = t.topic_id";
    				if (!($result = $db->sql_query($sql)))
    				{
    					message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql);
    				}
    
    				if ($row = $db->sql_fetchrow($result))
    				{
    					$vote_ids = '';
    					do
    					{
    						$vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
    					}
    					while ($row = $db->sql_fetchrow($result));
    
    					$sql = "DELETE FROM " . VOTE_DESC_TABLE . " 
    						WHERE vote_id IN ($vote_ids)";
    					$db->sql_query($sql);
    
    					$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 
    						WHERE vote_id IN ($vote_ids)";
    					$db->sql_query($sql);
    
    					$sql = "DELETE FROM " . VOTE_USERS_TABLE . " 
    						WHERE vote_id IN ($vote_ids)";
    					$db->sql_query($sql);
    				}
    				$db->sql_freeresult($result);
    				
    				include($phpbb_root_path . "includes/prune.$phpEx");
    				prune($from_id, 0, true); // Delete everything from forum
    

  4. FIND - Line 679
    Code: Select all
    
    				sync('forum', $to_id);
    			}
    
    


    AFTER, ADD
    Code: Select all
    
    			// Alter Mod level if appropriate - 2.0.4
    			$sql = "SELECT ug.user_id 
    				FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 
    				WHERE a.forum_id <> $from_id 
    					AND a.auth_mod = 1
    					AND ug.group_id = a.group_id";
    			if( !$result = $db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
    			}
    
    			if ($row = $db->sql_fetchrow($result))
    			{
    				$user_ids = '';
    				do
    				{
    					$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
    				}
    				while ($row = $db->sql_fetchrow($result));
    
    				$sql = "SELECT ug.user_id 
    					FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 
    					WHERE a.forum_id = $from_id 
    						AND a.auth_mod = 1 
    						AND ug.group_id = a.group_id
    						AND ug.user_id NOT IN ($user_ids)";
    				if( !$result2 = $db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
    				}
    					
    				if ($row = $db->sql_fetchrow($result2))
    				{
    					$user_ids = '';
    					do
    					{
    						$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
    					}
    					while ($row = $db->sql_fetchrow($result2));
    
    					$sql = "UPDATE " . USERS_TABLE . " 
    						SET user_level = " . USER . " 
    						WHERE user_id IN ($user_ids) 
    							AND user_level <> " . ADMIN;
    					$db->sql_query($sql);
    				}
    				$db->sql_freeresult($result);
    
    			}
    			$db->sql_freeresult($result2);
    
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:20 pm

  • admin/admin_ranks.php
  1. FIND - Line 164
    Code: Select all
    
    			}
    		}
    
    		if( $rank_id )
    		{
    


    REPLACE WITH
    Code: Select all
    
    			}
    		}
    
    		if( $rank_id )
    		{
    			if (!$special_rank)
    			{
    				$sql = "UPDATE " . USERS_TABLE . " 
    					SET user_rank = 0 
    					WHERE user_rank = $rank_id";
    
    				if( !$result = $db->sql_query($sql) ) 
    				{
    					message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
    				}
    			}
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:21 pm

  • admin/admin_smilies.php
  1. FIND - Line 75
    Code: Select all
    
    	if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) )
    


    REPLACE WITH
    Code: Select all
    
    	if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) )
    

  2. FIND - Line 242
    Code: Select all
    
    			message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
    


    REPLACE WITH
    Code: Select all
    
    			message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql);
    

  3. FIND - Line 402
    Code: Select all
    
    			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
    			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
    			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
    			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
    


    REPLACE WITH
    Code: Select all
    
    			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
    			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
    			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
    			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
    
    			// If no code was entered complain ...
    			if ($smile_code == '' || $smile_url == '')
    			{
    				message_die(MESSAGE, $lang['Fields_empty']);
    			}
    
    

  4. FIND - Line 425
    Code: Select all
    
    			$result = $db->sql_query($sql);
    			if( !$result )
    


    REPLACE WITH
    Code: Select all
    
    			if( !($result = $db->sql_query($sql)) )
    

  5. FIND - Line 448
    Code: Select all
    
    			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
    			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
    
    


    AFTER, ADD
    Code: Select all
    
    			// If no code was entered complain ...
    			if ($smile_code == '' || $smile_url == '')
    			{
    				message_die(MESSAGE, $lang['Fields_empty']);
    			}
    
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:22 pm

  • admin/admin_styles.php
  1. FIND - Line 46
    Code: Select all
    
    }
    
    if( $cancel )
    {
    	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
    	header($header_location  . append_sid("admin_styles.$phpEx"));
    	exit;
    


    REPLACE WITH
    Code: Select all
    
    }
    
    if ($cancel)
    {
    	redirect('admin/' . append_sid("admin_styles.$phpEx", true));
    

  2. FIND - Line 135
    Code: Select all
    
    					if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
    					{
    						if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") )
    


    REPLACE WITH
    Code: Select all
    
    					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
    					{
    						if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) )
    

  3. FIND - Line 552
    Code: Select all
    
    					if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' . $file) && $file != "." && $file != ".." && $file != "CVS" )
    


    REPLACE WITH
    Code: Select all
    
    					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" )
    

  4. FIND - Line 751
    Code: Select all
    
    				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
    


    REPLACE WITH
    Code: Select all
    
    				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input class="mainoption" type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
    

  5. FIND - Line 793
    Code: Select all
    
    					if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' .$file) && $file != "." && $file != ".." && $file != "CVS" )
    


    REPLACE WITH
    Code: Select all
    
    					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" )
    

  6. FIND - Line 933
    Code: Select all
    
    if( !$HTTP_POST_VARS['send_file'] )
    


    REPLACE WITH
    Code: Select all
    
    if (empty($HTTP_POST_VARS['send_file']))
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » January 26th 2003, 6:22 pm

  • admin/admin_users.php
  1. FIND - Line 41
    Code: Select all
    
    require($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
    require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
    
    


    AFTER, ADD
    Code: Select all
    
    $html_entities_match = array('#<#', '#>#');
    $html_entities_replace = array('<', '>');
    
    

  2. FIND - Line 68
    Code: Select all
    
    		$this_userdata = get_userdata($user_id);
    		if( !$this_userdata )
    		{
    			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
    		}
    
    


    REPLACE WITH
    Code: Select all
    
    		if (!($this_userdata = get_userdata($user_id)))
    		{
    			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
    		}
    
    		if( $HTTP_POST_VARS['deleteuser'] )
    		{
    			$sql = "SELECT g.group_id 
    				FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g  
    				WHERE ug.user_id = $user_id 
    					AND g.group_id = ug.group_id 
    					AND g.group_single_user = 1";
    			if( !($result = $db->sql_query($sql)) )
    			{
    				message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
    			}
    
    			$row = $db->sql_fetchrow($result);
    			
    			$sql = "UPDATE " . POSTS_TABLE . "
    				SET poster_id = " . DELETED . ", post_username = '$username' 
    				WHERE poster_id = $user_id";
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "UPDATE " . TOPICS_TABLE . "
    				SET topic_poster = " . DELETED . " 
    				WHERE topic_poster = $user_id";
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
    			}
    			
    			$sql = "UPDATE " . VOTE_USERS_TABLE . "
    				SET vote_user_id = " . DELETED . "
    				WHERE vote_user_id = $user_id";
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
    			}
    			
    			$sql = "SELECT group_id
    				FROM " . GROUPS_TABLE . "
    				WHERE group_moderator = $user_id";
    			if( !($result = $db->sql_query($sql)) )
    			{
    				message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
    			}
    			
    			while ( $row_group = $db->sql_fetchrow($result) )
    			{
    				$group_moderator[] = $row_group['group_id'];
    			}
    			
    			if ( count($group_moderator) )
    			{
    				$update_moderator_id = implode(', ', $group_moderator);
    				
    				$sql = "UPDATE " . GROUPS_TABLE . "
    					SET group_moderator = " . $userdata['user_id'] . "
    					WHERE group_moderator IN ($update_moderator_id)";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
    				}
    			}
    
    			$sql = "DELETE FROM " . USERS_TABLE . "
    				WHERE user_id = $user_id";
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "DELETE FROM " . USER_GROUP_TABLE . "
    				WHERE user_id = $user_id";
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "DELETE FROM " . GROUPS_TABLE . "
    				WHERE group_id = " . $row['group_id'];
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
    				WHERE group_id = " . $row['group_id'];
    			if( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
    				WHERE user_id = $user_id";
    			if ( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
    			}
    			
    			$sql = "DELETE FROM " . BANLIST_TABLE . "
    				WHERE ban_userid = $user_id";
    			if ( !$db->sql_query($sql) )
    			{
    				message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
    			}
    
    			$sql = "SELECT privmsgs_id
    				FROM " . PRIVMSGS_TABLE . "
    				WHERE privmsgs_from_userid = $user_id 
    					OR privmsgs_to_userid = $user_id";
    			if ( !($result = $db->sql_query($sql)) )
    			{
    				message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
    			}
    
    			// This little bit of code directly from the private messaging section.
    			while ( $row_privmsgs = $db->sql_fetchrow($result) )
    			{
    				$mark_list[] = $row_privmsgs['privmsgs_id'];
    			}
    			
    			if ( count($mark_list) )
    			{
    				$delete_sql_id = implode(', ', $mark_list);
    				
    				$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
    					WHERE privmsgs_text_id IN ($delete_sql_id)";
    				$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
    					WHERE privmsgs_id IN ($delete_sql_id)";
    				
    				if ( !$db->sql_query($delete_sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
    				}
    				
    				if ( !$db->sql_query($delete_text_sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
    				}
    			}
    
    			$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
    
    			message_die(GENERAL_MESSAGE, $message);
    		}
    
    

  3. FIND - Line 280
    Code: Select all
    
    			$aim = stripslashes($aim);
    			$msn = stripslashes($msn);
    			$yim = stripslashes($yim);
    
    			$website = stripslashes($website);
    			$location = stripslashes($location);
    			$occupation = stripslashes($occupation);
    			$interests = stripslashes($interests);
    			$signature = stripslashes($signature);
    
    			$user_lang = stripslashes($user_lang);
    			$user_dateformat = stripslashes($user_dateformat);
    


    REPLACE WITH
    Code: Select all
    
    			$aim = htmlspecialchars(stripslashes($aim));
    			$msn = htmlspecialchars(stripslashes($msn));
    			$yim = htmlspecialchars(stripslashes($yim));
    
    			$website = htmlspecialchars(stripslashes($website));
    			$location = htmlspecialchars(stripslashes($location));
    			$occupation = htmlspecialchars(stripslashes($occupation));
    			$interests = htmlspecialchars(stripslashes($interests));
    			$signature = htmlspecialchars(stripslashes($signature));
    
    			$user_lang = stripslashes($user_lang);
    			$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
    

  4. FIND - Line 382
    Code: Select all
    
    				if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
    


    REPLACE WITH
    Code: Select all
    
    				if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
    

  5. FIND - Line 407
    Code: Select all
    
    				if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
    				{
    					if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0)
    


    REPLACE WITH
    Code: Select all
    
    				if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
    				{
    					if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0)
    

  6. FIND - Line 450
    Code: Select all
    
    									if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
    


    REPLACE WITH
    Code: Select all
    
    									if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
    

  7. FIND - Line 559
    Code: Select all
    
    											if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
    


    REPLACE WITH
    Code: Select all
    
    											if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
    

  8. FIND AND REMOVE - Line 646
    Code: Select all
    
    			if( $HTTP_POST_VARS['deleteuser'] )
    			{
    				$sql = "SELECT g.group_id 
    					FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g  
    					WHERE ug.user_id = $user_id 
    						AND g.group_id = ug.group_id 
    						AND g.group_single_user = 1";
    				if( !($result = $db->sql_query($sql)) )
    				{
    					message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$row = $db->sql_fetchrow($result);
    				
    				$sql = "UPDATE " . POSTS_TABLE . "
    					SET poster_id = " . DELETED . ", post_username = '$username' 
    					WHERE poster_id = $user_id";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "UPDATE " . TOPICS_TABLE . "
    					SET topic_poster = " . DELETED . " 
    					WHERE topic_poster = $user_id";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
    				}
    				
    				$sql = "UPDATE " . VOTE_USERS_TABLE . "
    					SET vote_user_id = " . DELETED . "
    					WHERE vote_user_id = $user_id";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
    				}
    				
    				$sql = "SELECT group_id
    					FROM " . GROUPS_TABLE . "
    					WHERE group_moderator = $user_id";
    				if( !($result = $db->sql_query($sql)) )
    				{
    					message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
    				}
    				
    				while ( $row_group = $db->sql_fetchrow($result) )
    				{
    					$group_moderator[] = $row_group['group_id'];
    				}
    				
    				if ( count($group_moderator) )
    				{
    					$update_moderator_id = implode(', ', $group_moderator);
    					
    					$sql = "UPDATE " . GROUPS_TABLE . "
    						SET group_moderator = " . $userdata['user_id'] . "
    						WHERE group_moderator IN ($update_moderator_id)";
    					if( !$db->sql_query($sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
    					}
    				}
    
    				$sql = "DELETE FROM " . USERS_TABLE . "
    					WHERE user_id = $user_id";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "DELETE FROM " . USER_GROUP_TABLE . "
    					WHERE user_id = $user_id";
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "DELETE FROM " . GROUPS_TABLE . "
    					WHERE group_id = " . $row['group_id'];
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
    					WHERE group_id = " . $row['group_id'];
    				if( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
    					WHERE user_id = $user_id";
    				if ( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
    				}
    
    				$sql = "SELECT privmsgs_id
    					FROM " . PRIVMSGS_TABLE . "
    					WHERE ( ( privmsgs_from_userid = $user_id 
    							AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
    						OR ( privmsgs_from_userid = $user_id
    							AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
    						OR ( privmsgs_to_userid = $user_id
    							AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
    						OR ( privmsgs_to_userid = $user_id
    							AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
    						OR ( privmsgs_from_userid = $user_id
    							AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
    				if ( !($result = $db->sql_query($sql)) )
    				{
    					message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
    				}
    				
    				//
    				// This little bit of code directly from the private messaging section.
    				// Thanks Paul!
    				//
    				
    				while ( $row_privmsgs = $db->sql_fetchrow($result) )
    				{
    					$mark_list[] = $row_privmsgs['privmsgs_id'];
    				}
    				
    				if ( count($mark_list) )
    				{
    					$delete_sql_id = implode(', ', $mark_list);
    					
    					//
    					// We shouldn't need to worry about updating conters here...
    					// They are already gone!
    					//
    					
    					$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
    						WHERE privmsgs_text_id IN ($delete_sql_id)";
    					$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
    						WHERE privmsgs_id IN ($delete_sql_id)";
    					
    					//
    					// Shouldn't need the switch statement here, either, as we just want
    					// to take out all of the private messages.  This will not affect
    					// the other messages we want to keep; the ids are unique.
    					//
    					
    					if ( !$db->sql_query($delete_sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
    					}
    					
    					if ( !$db->sql_query($delete_text_sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
    					}
    				}
    				
    				$sql = "UPDATE " . PRIVMSGS_TABLE . "
    					SET privmsgs_to_userid = " . DELETED . "
    					WHERE privmsgs_to_userid = $user_id";
    				if ( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
    				}
    				
    				$sql = "UPDATE " . PRIVMSGS_TABLE . "
    					SET privmsgs_from_userid = " . DELETED . "
    					WHERE privmsgs_from_userid = $user_id";
    				if ( !$db->sql_query($sql) )
    				{
    					message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
    				}
    
    				$message = $lang['User_deleted'];
    
    			}
    			else
    			{
    

  9. FIND - Line 669
    Code: Select all
    
    					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
    				}
    			}
    
    			$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
    


    REPLACE WITH
    Code: Select all
    
    					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
    				}
    
    			$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
    

  10. FIND - Line 686
    Code: Select all
    
    			$username = stripslashes($username);
    			$email = stripslashes($email);
    			$password = '';
    			$password_confirm = '';
    
    			$icq = stripslashes($icq);
    			$aim = str_replace('+', ' ', stripslashes($aim));
    			$msn = stripslashes($msn);
    			$yim = stripslashes($yim);
    
    			$website = stripslashes($website);
    			$location = stripslashes($location);
    			$occupation = stripslashes($occupation);
    			$interests = stripslashes($interests);
    			$signature = stripslashes($signature);
    
    			$user_lang = stripslashes($user_lang);
    			$user_dateformat = stripslashes($user_dateformat);
    


    REPLACE WITH
    Code: Select all
    
    			$username = htmlspecialchars(stripslashes($username));
    			$email = stripslashes($email);
    			$password = '';
    			$password_confirm = '';
    
    			$icq = stripslashes($icq);
    			$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
    			$msn = htmlspecialchars(stripslashes($msn));
    			$yim = htmlspecialchars(stripslashes($yim));
    
    			$website = htmlspecialchars(stripslashes($website));
    			$location = htmlspecialchars(stripslashes($location));
    			$occupation = htmlspecialchars(stripslashes($occupation));
    			$interests = htmlspecialchars(stripslashes($interests));
    			$signature = htmlspecialchars(stripslashes($signature));
    
    			$user_lang = stripslashes($user_lang);
    			$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
    

  11. FIND - Line 719
    Code: Select all
    
    			$this_userdata = get_userdata( $HTTP_POST_VARS['username'] );
    


    REPLACE WITH
    Code: Select all
    
    			$this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
    

  12. FIND - Line 730
    Code: Select all
    
    		$username = $this_userdata['username'];
    		$email = $this_userdata['user_email'];
    		$password = '';
    		$password_confirm = '';
    
    		$icq = $this_userdata['user_icq'];
    		$aim = str_replace('+', ' ', $this_userdata['user_aim'] );
    		$msn = $this_userdata['user_msnm'];
    		$yim = $this_userdata['user_yim'];
    
    		$website = $this_userdata['user_website'];
    		$location = $this_userdata['user_from'];
    		$occupation = $this_userdata['user_occ'];
    		$interests = $this_userdata['user_interests'];
    		$signature = $this_userdata['user_sig'];
    


    REPLACE WITH
    Code: Select all
    
    		$username = htmlspecialchars($this_userdata['username']);
    		$email = $this_userdata['user_email'];
    		$password = '';
    		$password_confirm = '';
    
    		$icq = $this_userdata['user_icq'];
    		$aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] ));
    		$msn = htmlspecialchars($this_userdata['user_msnm']);
    		$yim = htmlspecialchars($this_userdata['user_yim']);
    
    		$website = htmlspecialchars($this_userdata['user_website']);
    		$location = htmlspecialchars($this_userdata['user_from']);
    		$occupation = htmlspecialchars($this_userdata['user_occ']);
    		$interests = htmlspecialchars($this_userdata['user_interests']);
    
    		$signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig'];
    		$signature = preg_replace($html_entities_match, $html_entities_replace, $signature);
    

  13. FIND - Line 763
    Code: Select all
    
    		$user_dateformat = $this_userdata['user_dateformat'];
    


    REPLACE WITH
    Code: Select all
    
    		$user_dateformat = htmlspecialchars($this_userdata['user_dateformat']);
    

  14. FIND - Line 791
    Code: Select all
    
    				if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) )
    


    REPLACE WITH
    Code: Select all
    
    				if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) )
    

  15. FIND AND REMOVE- Line 955
    Code: Select all
    
    		$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);
    		
    

  16. FIND - Line 997
    Code: Select all
    
    			'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'),
    


    REPLACE WITH
    Code: Select all
    
    			'LANGUAGE_SELECT' => language_select($user_lang),
    

  17. FIND - Line 1081
    Code: Select all
    
    		if( file_exists('./../' . $board_config['avatar_path'] ) && ($board_config['allow_avatar_upload'] == TRUE) )
    


    REPLACE WITH
    Code: Select all
    
    		if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) )
    

  18. FIND - Line 1090
    Code: Select all
    
    		if( file_exists('./../' . $board_config['avatar_gallery_path'] ) && ($board_config['allow_avatar_local'] == TRUE) )
    


    REPLACE WITH
    Code: Select all
    
    		if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) )
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Next

Return to phpBB 2: Fixes and Code Changes

Who is online

Users browsing this forum: No registered users and 0 guests