phpBBHacks.com, the place for phpBB users

Bookmark and Share

phpBB 2.0.4 to 2.0.5 Code Changes

phpBB 2.0.4 to 2.0.5 Code Changes

Postby Acyd Burn » June 22nd 2003, 10:29 am

HTML Version.

These are the changes from phpBB 2.0.4 to phpBB 2.0.5 summed up into one document. This might be very helpful if you want to update your forums and you have installed a bunch of hacks. In these cases, it is normally easier to apply the Code Changes than to install all hacks again.

When you find a 'AFTER, ADD'-Statement, the code has to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the code quoted in the 'FIND'-Statement has to be replaced completely with the quoted code in the 'REPLACE WITH'-Statement.
When you find a 'REMOVE'-Statement, the code has to be deleted.

After you have finished this tutorial, you have to upload the update_to_205.php file in the phpBB distribution, execute it and then delete it from your webspace.

These changes include the latest security vulneribility fix and some fixes in current 2.0.x CVS branch tree, too.
User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:30 am

  • admin/admin_board.php
  1. FIND - Line 19
    Code: Select all
    
    	$module['General']['Configuration'] = "$file?mode=config";
    


    REPLACE WITH
    Code: Select all
    
    	$module['General']['Configuration'] = "$file";
    

  2. FIND - Line 250
    Code: Select all
    
      	"ACTIVATION_USER_CHECKED" => $activation_user,
      	"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN, 
      	"ACTIVATION_ADMIN_CHECKED" => $activation_admin, 
    


    AFTER, ADD
    Code: Select all
    
    	"CONFIRM_ENABLE" => $confirm_yes,
    	"CONFIRM_DISABLE" => $confirm_no,
    	"ACTIVATION_NONE_CHECKED" => $activation_none,
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:31 am

  • admin/admin_db_utilities.php
  1. FIND - Line 704
    Code: Select all
    
      
      			$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
    


    AFTER, ADD
    Code: Select all
    
    			$drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
    

  2. FIND - Line 861
    Code: Select all
    
    			if(!isset($restore_start))
    


    REPLACE WITH
    Code: Select all
    
    			if(!isset($HTTP_POST_VARS['restore_start']))
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:32 am

  • admin/admin_groups.php
  1. FIND - Line 46
    Code: Select all
    
    	$group_id = '';
    


    REPLACE WITH
    Code: Select all
    
    	$group_id = 0;
    

  2. FIND - Line 174
    Code: Select all
    
      	//
      	if ( isset($HTTP_POST_VARS['group_delete']) )
      	{
    


    AFTER, ADD
    Code: Select all
    
    		//
    		// Reset User Moderator Level
    		//
    
    		// Is Group moderating a forum ?
    		$sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . " 
    			WHERE group_id = " . $group_id;
    		if ( !($result = $db->sql_query($sql)) )
    		{
    			message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
    		}
    
    		$row = $db->sql_fetchrow($result);
    		if (intval($row['auth_mod']) == 1)
    		{
    			// Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
    			$sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
    				WHERE group_id = " . $group_id;
    			if ( !($result = $db->sql_query($sql)) )
    			{
    				message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
    			}
    
    			$rows = $db->sql_fetchrowset($result);
    			for ($i = 0; $i < count($rows); $i++)
    			{
    				$sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
    				WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id) 
    					AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
    				if ( !($result = $db->sql_query($sql)) )
    				{
    					message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
    				}
    
    				if ($db->sql_numrows($result) == 0)
    				{
    					$sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " 
    					WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
    					
    					if ( !$db->sql_query($sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
    					}
    				}
    			}
    		}
    
    		//
    		// Delete Group
    		//
    

  3. FIND - Line 266
    Code: Select all
    
    		$this_userdata = get_userdata($group_moderator);
    


    REPLACE WITH
    Code: Select all
    
    		$this_userdata = get_userdata($group_moderator, true);
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:33 am

  • admin/admin_mass_email.php
  1. FIND - Line 82
    Code: Select all
    
    		$bcc_list = '';
    		do
    		{
    			$bcc_list .= ( ( $bcc_list != '' ) ? ', ' : '' ) . $row['user_email'];
    


    REPLACE WITH
    Code: Select all
    
    		$bcc_list = array();
    		do
    		{
    			$bcc_list[] = $row['user_email'];
    

  2. FIND - Line 119
    Code: Select all
    
    		$email_headers = 'Return-Path: ' . $userdata['board_email'] . "\nFrom: " . $board_config['board_email'] . "\n";
    		$email_headers .= 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
    		$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
    		$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
    		$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
    		$email_headers .= "Bcc: $bcc_list\n";
    


    REPLACE WITH
    Code: Select all
    
    		$emailer->from($board_config['board_email']);
    		$emailer->replyto($board_config['board_email']);
    
    		for ($i = 0; $i < count($bcc_list); $i++)
    		{
    			$emailer->bcc($bcc_list[$i]);
    		}
    
    		$email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
    		$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
    		$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
    		$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:33 am

  • admin/admin_ug_auth.php
  1. FIND - Line 57
    Code: Select all
    
      	}
      }
      
    


    AFTER, ADD
    Code: Select all
    
    $user_id = intval($user_id);
    $group_id = intval($group_id);
    
    

  2. FIND - Line 516
    Code: Select all
    
    		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
    


    REPLACE WITH
    Code: Select all
    
    		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:36 am

  • admin/admin_user_ban.php
  1. FIND - Line 52
    Code: Select all
    
    		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
    


    REPLACE WITH
    Code: Select all
    
    		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
    

  2. FIND - Line 158
    Code: Select all
    
    			if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
    


    REPLACE WITH
    Code: Select all
    
    			if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i])))
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:37 am

  • admin/admin_users.php
  1. FIND - Line 219
    Code: Select all
    
    		$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
    


    REPLACE WITH
    Code: Select all
    
    		$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
    

  2. FIND - Line 307
    Code: Select all
    
    		if( stripslashes($username) != $this_userdata['username'] )
    		{
    			unset($rename_user);
    
    			$result = validate_username($username);
    			if ( $result['error'] )
    			{
    				$error = TRUE;
    				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
    			}
    			else
    			{
    				$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
    				$rename_user = $username; // Used for renaming usergroup
    			}
    		}
    
    		$passwd_sql = "";
    


    REPLACE WITH
    Code: Select all
    
    		if (stripslashes($username) != $this_userdata['username'])
    		{
    			unset($rename_user);
    
    			if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) ) 
    			{
    				$result = validate_username($username);
    				if ( $result['error'] )
    				{
    					$error = TRUE;
    					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
    				}
    				else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
    				{
    					$error = TRUE;
    					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_taken'];
    				}
    			}
    
    			if (!$error)
    			{
    				$username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
    				$rename_user = $username; // Used for renaming usergroup
    			}
    		}
    
    		$passwd_sql = '';
    

  3. FIND - Line 665
    Code: Select all
    
    						WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'";
    					if( !$result = $db->sql_query($sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
    					}
    				}
    


    REPLACE WITH
    Code: Select all
    
    						WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'";
    					if( !$result = $db->sql_query($sql) )
    					{
    						message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
    					}
    				}
    				
    				// Delete user session, to prevent the user navigating the forum (if logged in) when disabled
    				if (!$user_status)
    				{
    					$sql = "DELETE FROM " . SESSIONS_TABLE . " 
    						WHERE session_user_id = " . $user_id;
    
    					if ( !$db->sql_query($sql) )
    					{
    						message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
    					}
    				}
    				
    

  4. FIND - Line 741
    Code: Select all
    
    			$this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
    


    REPLACE WITH
    Code: Select all
    
    			$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
    

  5. FIND - Line 752
    Code: Select all
    
    		$username = htmlspecialchars($this_userdata['username']);
    


    REPLACE WITH
    Code: Select all
    
    		$username = $this_userdata['username'];
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:38 am

  • admin/index.php
  1. FIND - Line 135
    Code: Select all
    
    		"L_ADMIN_INTRO" => $lang['Admin_intro'],
    		"L_FORUM_STATS" => $lang['Forum_stats'],
    		"L_WHO_IS_ONLINE" => $lang['Who_is_Online'],
    


    AFTER, ADD
    Code: Select all
    
    		"L_USERNAME" => $lang['Username'],
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Postby Acyd Burn » June 22nd 2003, 10:38 am

  • admin/page_header_admin.php
  1. FIND - Line 67
    Code: Select all
    
    	'header' => 'admin/page_header.tpl')
    );
    
    


    AFTER, ADD
    Code: Select all
    
    // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility
    $l_timezone = explode('.', $board_config['board_timezone']);
    $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])];
    
    

  2. FIND - Line 86
    Code: Select all
    
    	'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]),
    


    REPLACE WITH
    Code: Select all
    
    	'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone),
    

User avatar
Acyd Burn
Consultant
 
Posts: 650
Joined: April 19th 2002, 7:00 pm
Location: Germany (Oldb)

Next

Return to phpBB 2: Fixes and Code Changes

Who is online

Users browsing this forum: No registered users and 0 guests