Thoul
VIP
Joined: 30 Jul 2002
Posts: 17676
Location: USA
|
 Posted: December 30th 2005, 1:30 pm Post subject: phpBB 2.0.18 to 2.0.19 Code Changes |
 |
|
Text Version. HTML Version.
These are the code changes introduced between phpBB 2.0.18 and phpBB 2.0.19. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.
These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_latest.php file that comes in any phpBB 2.0.19 download to the install/ directory. Run update_to_latest.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.
Now, onward to the file changes!
admin/admin_board.php
FIND
| Code:
|
|
$module['General']['Configuration'] = "$file";
|
REPLACE WITH
| Code:
|
|
$module['General']['Configuration'] = $file;
|
FIND
| Code:
|
|
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
|
AFTER, ADD
| Code:
|
'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'],
'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'],
'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'],
'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'],
'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'],
'LOGIN_RESET_TIME' => $new['login_reset_time'],
|
admin/admin_db_utilities.php
The line to be changed here is also altered by many hacks. The code shown below may not be an exact match for the code that is in your file.
FIND
| Code:
|
|
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm');
|
REPLACE WITH
| Code:
|
|
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys');
|
admin/admin_disallow.php
FIND
| Code:
|
|
$module['Users']['Disallow'] = append_sid($filename);
|
REPLACE WITH
| Code:
|
|
$module['Users']['Disallow'] = $filename;
|
admin/admin_ranks.php
FIND
| Code:
|
|
$module['Users']['Ranks'] = "$file";
|
REPLACE WITH
| Code:
|
|
$module['Users']['Ranks'] = $file;
|
admin/admin_styles.php
FIND
| Code:
|
|
$module['Styles']['Manage'] = "$file";
|
REPLACE WITH
| Code:
|
|
$module['Styles']['Manage'] = $file;
|
admin/admin_users.php
FIND
| Code:
|
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_from_userid = $user_id
|
BEFORE, ADD
| Code:
|
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql);
}
|
FIND
| Code:
|
|
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
|
REPLACE WITH
| Code:
|
|
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
|
FIND
| Code:
|
if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
|
REPLACE WITH
| Code:
|
if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
|
admin/admin_words.php
FIND
| Code:
|
|
$module['General']['Word_Censor'] = "$file";
|
REPLACE WITH
| Code:
|
|
$module['General']['Word_Censor'] = $file;
|
admin/index.php
FIND
REPLACE WITH
| Code:
|
|
include('./' . $file);
|
FIND
| Code:
|
if( preg_match("/^(3\.23|4\.)/", $version) )
{
$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname;
|
REPLACE WITH
| Code:
|
if( preg_match("/^(3\.23|4\.|5\.)/", $version) )
{
$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname;
|
includes/bbcode.php
FIND
| Code:
|
|
$patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
|
REPLACE WITH
| Code:
|
|
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
|
FIND
| Code:
|
|
$patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
|
REPLACE WITH
| Code:
|
|
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
|
FIND
| Code:
|
|
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
|
REPLACE WITH
| Code:
|
|
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]");
|
FIND
| Code:
|
|
if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
|
REPLACE WITH
| Code:
|
|
if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
|
FIND
| Code:
|
if ($close_pos = strpos($text, '"]', $curr_pos + 9))
{
if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
{
$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);
|
REPLACE WITH
| Code:
|
if ($close_pos = strpos($text, '"]', $curr_pos + 14))
{
if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false)
{
$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7);
|
includes/functions.php
FIND
| Code:
|
|
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS;
|
REPLACE WITH
| Code:
|
|
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
|
includes/functions_post.php
FIND
| Code:
|
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');
|
REPLACE WITH
| Code:
|
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
|
includes/usercp_confirm.php
FIND
| Code:
|
if (!empty($HTTP_GET_VARS['c']))
{
$_png = define_raw_pngs();
$char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1);
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);
unset($_png);
exit;
}
|
REPLACE WITH
| Code:
|
$_png = define_raw_pngs();
$char = substr($code, -1);
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);
unset($_png);
exit;
|
includes/usercp_register.php
The line to be changed here is also altered by many hacks. The code shown below may not be an exact match for the code that is in your file.
FIND
| Code:
|
$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
$strip_var_list['confirm_code'] = 'confirm_code';
|
REPLACE WITH
| Code:
|
|
$strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
|
FIND
| Code:
|
|
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
|
BEFORE, ADD
| Code:
|
|
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
|
FIND
| Code:
|
if ($row['code'] != $confirm_code)
{
$error = TRUE;
|
BEFORE, ADD
| Code:
|
// Only compare one char if the zlib-extension is not loaded
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}
|
language/lang_english/lang_admin.php
FIND
| Code:
|
|
// That's all Folks!
|
BEFORE, ADD
| Code:
|
// Login attempts configuration
//
$lang['Max_login_attempts'] = 'Allowed login attempts';
$lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.';
$lang['Login_reset_time'] = 'Login lock time';
$lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.';
//
|
language/lang_english/lang_main.php
FIND
| Code:
|
|
$lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';
|
AFTER, ADD
| Code:
|
$lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.';
$lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted';
|
common.php
FIND
| Code:
|
|
message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
|
REPLACE WITH
| Code:
|
|
message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
|
login.php
FIND
| Code:
|
|
$sql = "SELECT user_id, username, user_password, user_active, user_level
|
REPLACE WITH
| Code:
|
|
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
|
FIND
| Code:
|
|
if( md5($password) == $row['user_password'] && $row['user_active'] )
|
BEFORE, ADD
| Code:
|
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}
// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}
|
FIND
| Code:
|
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
|
AFTER, ADD
| Code:
|
// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
|
FIND
| Code:
|
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
|
BEFORE, ADD
| Code:
|
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
|
privmsg.php
FIND
| Code:
|
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');
|
REPLACE WITH
| Code:
|
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
|
templates/subSilver/admin/board_config_body.tpl
FIND
| Code:
|
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
</tr>
<tr>
|
AFTER, ADD
| Code:
|
<td class="row1">{L_MAX_LOGIN_ATTEMPTS}<br /><span class="gensmall">{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></td>
</tr>
<tr>
<td class="row1">{L_LOGIN_RESET_TIME}<br /><span class="gensmall">{L_LOGIN_RESET_TIME_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="login_reset_time" value="{LOGIN_RESET_TIME}" /></td>
</tr>
<tr>
|
templates/subSilver/admin/index_body.tpl
FIND
| Code:
|
|
<h1>{L_WHO_IS_ONLINE}</h1>
|
BEFORE, ADD
| Code:
|
<h1>{L_VERSION_INFORMATION}</h1>
{VERSION_INFO}
<br />
|
FIND AND DELETE
| Code:
|
<h1>{L_VERSION_INFORMATION}</h1>
{VERSION_INFO}
<br />
|
|
|
Forums
Home
Register
Profile
Log in to check your private messages
Log in
FAQ
Search
Contact
Us 
