*****admin/admin_board.php FIND - Line 50 $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; AFTER, ADD if ($config_name == 'cookie_name') { $cookie_name = str_replace('.', '_', $new['cookie_name']); } FIND - Line 76 $lang_select = language_select($new['default_lang'], 'default_lang', "../language"); REPLACE WITH $lang_select = language_select($new['default_lang'], 'default_lang', "language"); *****admin/admin_db_utilities.php FIND - Line 37 if(@phpversion() >= '4.0.0') { $file_uploads = @ini_get('file_uploads'); } else { $file_uploads = @get_cfg_var('file_uploads'); } if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) REPLACE WITH $file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads'); if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) FIND - Line 569 // // Grab the data from the table. // $result = $db->sql_query("SELECT * FROM $table"); if (!$result) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } if($db->sql_numrows($result) > 0) { $schema_insert = "\n#\n# Table Data for $table\n#\n"; } else { $schema_insert = ""; } $handler($schema_insert); // // Loop through the resulting rows and build the sql statement. // while ($row = $db->sql_fetchrow($result)) { $table_list = '('; $num_fields = $db->sql_numfields($result); // // Grab the list of field names. // for ($j = 0; $j < $num_fields; $j++) { $table_list .= $db->sql_fieldname($j, $result) . ', '; } // // Get rid of the last comma // $table_list = ereg_replace(', $', '', $table_list); $table_list .= ')'; // // Start building the SQL statement. // $schema_insert = "INSERT INTO $table $table_list VALUES("; // // Loop through the rows and fill in data for each column // for ($j = 0; $j < $num_fields; $j++) { if(!isset($row[$j])) REPLACE WITH // Grab the data from the table. if (!($result = $db->sql_query("SELECT * FROM $table"))) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } // Loop through the resulting rows and build the sql statement. if ($row = $db->sql_fetchrow($result)) { $handler("\n#\n# Table Data for $table\n#\n"); $field_names = array(); // Grab the list of field names. $num_fields = $db->sql_numfields($result); $table_list = '('; for ($j = 0; $j < $num_fields; $j++) { $field_names[$j] = $db->sql_fieldname($j, $result); $table_list .= (($j > 0) ? ', ' : '') . $field_names[$j]; } $table_list .= ')'; do { // Start building the SQL statement. $schema_insert = "INSERT INTO $table $table_list VALUES("; // Loop through the rows and fill in data for each column for ($j = 0; $j < $num_fields; $j++) { $schema_insert .= ($j > 0) ? ', ' : ''; if(!isset($row[$field_names[$j]])) FIND - Line 611 $schema_insert .= ' NULL,'; } elseif ($row[$j] != '') { $schema_insert .= ' \'' . addslashes($row[$j]) . '\','; } else { $schema_insert .= '\'\','; } } // // Get rid of the the last comma. // $schema_insert = ereg_replace(',$', '', $schema_insert); $schema_insert .= ');'; // // Go ahead and send the insert statement to the handler function. // $handler(trim($schema_insert)); } REPLACE WITH $schema_insert .= 'NULL'; } elseif ($row[$field_names[$j]] != '') { $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\''; } else { $schema_insert .= '\'\''; } } $schema_insert .= ');'; // Go ahead and send the insert statement to the handler function. $handler(trim($schema_insert)); } while ($row = $db->sql_fetchrow($result)); } FIND - Line 660 if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' ) { switch(SQL_LAYER) { case 'oracle': $db_type = "Oracle"; break; case 'odbc': $db_type = "ODBC"; break; case 'mssql': $db_type = "MSSQL"; break; } REPLACE WITH $error = false; switch(SQL_LAYER) { case 'oracle': $error = true; break; case 'db2': $error = true; break; case 'msaccess': $error = true; break; case 'mssql': case 'mssql-odbc': $error = true; break; } if ($error) { FIND - Line 693 $template->pparse("body"); break; } REPLACE WITH Code: $template->pparse("body"); include('./page_footer_admin.'.$phpEx); } FIND - Line 763 "META" => "", REPLACE WITH "META" => '', FIND - Line 819 if(SQL_LAYER != 'mysql4') { $table_def_function = "get_table_def_" . SQL_LAYER; $table_content_function = "get_table_content_" . SQL_LAYER; } else { $table_def_function = "get_table_def_mysql"; $table_content_function = "get_table_content_mysql"; REPLACE WITH switch (SQL_LAYER) { case 'postgresql': $table_def_function = "get_table_def_postgresql"; $table_content_function = "get_table_content_postgresql"; break; case 'mysql': case 'mysql4': $table_def_function = "get_table_def_mysql"; $table_content_function = "get_table_content_mysql"; break; FIND - Line 906 if( file_exists($backup_file_tmpname) ) REPLACE WITH if( file_exists(phpbb_realpath($backup_file_tmpname)) ) *****admin/admin_disallow.php FIND - Line 44 $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user']; REPLACE WITH $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']); if ($disallowed_user == '') { message_die(MESSAGE, $lang['Fields_empty']); } *****admin/admin_forum_prune.php FIND - Line 171 $prune_data .= ' ' . $lang['Days']; $hidden_input = ''; REPLACE WITH $prune_data .= ' ' . $lang['Days']; $hidden_input = ''; *****admin/admin_forums.php FIND - Line 46 "auth_sticky" => AUTH_REG, REPLACE WITH "auth_sticky" => AUTH_MOD, FIND - Line 304 $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; AFTER, ADD // These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from // the language files. $lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked'; $lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked'; FIND - Line 612 include($phpbb_root_path . "includes/prune.$phpEx"); prune($from_id, 0); // Delete everything from forum REPLACE WITH // Delete polls in this forum $sql = "SELECT v.vote_id FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t WHERE t.forum_id = $from_id AND v.topic_id = t.topic_id"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $vote_ids = ''; do { $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id']; } while ($row = $db->sql_fetchrow($result)); $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE vote_id IN ($vote_ids)"; $db->sql_query($sql); $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id IN ($vote_ids)"; $db->sql_query($sql); $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id IN ($vote_ids)"; $db->sql_query($sql); } $db->sql_freeresult($result); include($phpbb_root_path . "includes/prune.$phpEx"); prune($from_id, 0, true); // Delete everything from forum FIND - Line 679 sync('forum', $to_id); } AFTER, ADD // Alter Mod level if appropriate - 2.0.4 $sql = "SELECT ug.user_id FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug WHERE a.forum_id <> $from_id AND a.auth_mod = 1 AND ug.group_id = a.group_id"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $user_ids = ''; do { $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; } while ($row = $db->sql_fetchrow($result)); $sql = "SELECT ug.user_id FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug WHERE a.forum_id = $from_id AND a.auth_mod = 1 AND ug.group_id = a.group_id AND ug.user_id NOT IN ($user_ids)"; if( !$result2 = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result2)) { $user_ids = ''; do { $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; } while ($row = $db->sql_fetchrow($result2)); $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " WHERE user_id IN ($user_ids) AND user_level <> " . ADMIN; $db->sql_query($sql); } $db->sql_freeresult($result); } $db->sql_freeresult($result2); *****admin/admin_ranks.php FIND - Line 164 } } if( $rank_id ) { REPLACE WITH } } if( $rank_id ) { if (!$special_rank) { $sql = "UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = $rank_id"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql); } } *****admin/admin_smilies.php FIND - Line 75 if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) ) REPLACE WITH if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) ) FIND - Line 242 message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); REPLACE WITH message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql); FIND - Line 402 $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); REPLACE WITH $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { message_die(MESSAGE, $lang['Fields_empty']); } FIND - Line 425 $result = $db->sql_query($sql); if( !$result ) REPLACE WITH if( !($result = $db->sql_query($sql)) ) FIND - Line 448 $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; AFTER, ADD // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { message_die(MESSAGE, $lang['Fields_empty']); } *****admin/admin_styles.php FIND - Line 46 } if( $cancel ) { $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; header($header_location . append_sid("admin_styles.$phpEx")); exit; REPLACE WITH } if ($cancel) { redirect('admin/' . append_sid("admin_styles.$phpEx", true)); FIND - Line 135 if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") ) REPLACE WITH if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) ) FIND - Line 552 if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' . $file) && $file != "." && $file != ".." && $file != "CVS" ) REPLACE WITH if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" ) FIND - Line 751 $download_form = '
' . $s_hidden_fields; REPLACE WITH $download_form = '' . $s_hidden_fields; FIND - Line 793 if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' .$file) && $file != "." && $file != ".." && $file != "CVS" ) REPLACE WITH if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" ) FIND - Line 933 if( !$HTTP_POST_VARS['send_file'] ) REPLACE WITH if (empty($HTTP_POST_VARS['send_file'])) *****admin/admin_users.php FIND - Line 41 require($phpbb_root_path . 'includes/functions_selects.'.$phpEx); require($phpbb_root_path . 'includes/functions_validate.'.$phpEx); AFTER, ADD $html_entities_match = array('#<#', '#>#'); $html_entities_replace = array('<', '>'); FIND - Line 68 $this_userdata = get_userdata($user_id); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } REPLACE WITH if (!($this_userdata = get_userdata($user_id))) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND g.group_single_user = 1"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_poster = " . DELETED . " WHERE topic_poster = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . VOTE_USERS_TABLE . " SET vote_user_id = " . DELETED . " WHERE vote_user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); } $sql = "SELECT group_id FROM " . GROUPS_TABLE . " WHERE group_moderator = $user_id"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); } while ( $row_group = $db->sql_fetchrow($result) ) { $group_moderator[] = $row_group['group_id']; } if ( count($group_moderator) ) { $update_moderator_id = implode(', ', $group_moderator); $sql = "UPDATE " . GROUPS_TABLE . " SET group_moderator = " . $userdata['user_id'] . " WHERE group_moderator IN ($update_moderator_id)"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); } } $sql = "DELETE FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $row['group_id']; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = " . $row['group_id']; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE user_id = $user_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . BANLIST_TABLE . " WHERE ban_userid = $user_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); } $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_from_userid = $user_id OR privmsgs_to_userid = $user_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql); } // This little bit of code directly from the private messaging section. while ( $row_privmsgs = $db->sql_fetchrow($result) ) { $mark_list[] = $row_privmsgs['privmsgs_id']; } if ( count($mark_list) ) { $delete_sql_id = implode(', ', $mark_list); $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " WHERE privmsgs_text_id IN ($delete_sql_id)"; $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_id IN ($delete_sql_id)"; if ( !$db->sql_query($delete_sql) ) { message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); } if ( !$db->sql_query($delete_text_sql) ) { message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } $message = $lang['User_deleted'] . '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } FIND - Line 280 $aim = stripslashes($aim); $msn = stripslashes($msn); $yim = stripslashes($yim); $website = stripslashes($website); $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); REPLACE WITH $aim = htmlspecialchars(stripslashes($aim)); $msn = htmlspecialchars(stripslashes($msn)); $yim = htmlspecialchars(stripslashes($yim)); $website = htmlspecialchars(stripslashes($website)); $location = htmlspecialchars(stripslashes($location)); $occupation = htmlspecialchars(stripslashes($occupation)); $interests = htmlspecialchars(stripslashes($interests)); $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); FIND - Line 382 if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) REPLACE WITH if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) FIND - Line 407 if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0) REPLACE WITH if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0) FIND - Line 450 if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) REPLACE WITH if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) FIND - Line 559 if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) REPLACE WITH if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) FIND AND REMOVE - Line 646 if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND g.group_single_user = 1"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_poster = " . DELETED . " WHERE topic_poster = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . VOTE_USERS_TABLE . " SET vote_user_id = " . DELETED . " WHERE vote_user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); } $sql = "SELECT group_id FROM " . GROUPS_TABLE . " WHERE group_moderator = $user_id"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); } while ( $row_group = $db->sql_fetchrow($result) ) { $group_moderator[] = $row_group['group_id']; } if ( count($group_moderator) ) { $update_moderator_id = implode(', ', $group_moderator); $sql = "UPDATE " . GROUPS_TABLE . " SET group_moderator = " . $userdata['user_id'] . " WHERE group_moderator IN ($update_moderator_id)"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); } } $sql = "DELETE FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $row['group_id']; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = " . $row['group_id']; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE user_id = $user_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); } $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( ( privmsgs_from_userid = $user_id AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ) OR ( privmsgs_from_userid = $user_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " ) OR ( privmsgs_to_userid = $user_id AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " ) OR ( privmsgs_to_userid = $user_id AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) OR ( privmsgs_from_userid = $user_id AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql); } // // This little bit of code directly from the private messaging section. // Thanks Paul! // while ( $row_privmsgs = $db->sql_fetchrow($result) ) { $mark_list[] = $row_privmsgs['privmsgs_id']; } if ( count($mark_list) ) { $delete_sql_id = implode(', ', $mark_list); // // We shouldn't need to worry about updating conters here... // They are already gone! // $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " WHERE privmsgs_text_id IN ($delete_sql_id)"; $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_id IN ($delete_sql_id)"; // // Shouldn't need the switch statement here, either, as we just want // to take out all of the private messages. This will not affect // the other messages we want to keep; the ids are unique. // if ( !$db->sql_query($delete_sql) ) { message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); } if ( !$db->sql_query($delete_text_sql) ) { message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } $sql = "UPDATE " . PRIVMSGS_TABLE . " SET privmsgs_to_userid = " . DELETED . " WHERE privmsgs_to_userid = $user_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql); } $sql = "UPDATE " . PRIVMSGS_TABLE . " SET privmsgs_from_userid = " . DELETED . " WHERE privmsgs_from_userid = $user_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql); } $message = $lang['User_deleted']; } else { FIND - Line 669 $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); REPLACE WITH $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); FIND - Line 686 $username = stripslashes($username); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); $aim = str_replace('+', ' ', stripslashes($aim)); $msn = stripslashes($msn); $yim = stripslashes($yim); $website = stripslashes($website); $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); REPLACE WITH $username = htmlspecialchars(stripslashes($username)); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); $msn = htmlspecialchars(stripslashes($msn)); $yim = htmlspecialchars(stripslashes($yim)); $website = htmlspecialchars(stripslashes($website)); $location = htmlspecialchars(stripslashes($location)); $occupation = htmlspecialchars(stripslashes($occupation)); $interests = htmlspecialchars(stripslashes($interests)); $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); FIND - Line 719 $this_userdata = get_userdata( $HTTP_POST_VARS['username'] ); REPLACE WITH $this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username'])); FIND - Line 730 $username = $this_userdata['username']; $email = $this_userdata['user_email']; $password = ''; $password_confirm = ''; $icq = $this_userdata['user_icq']; $aim = str_replace('+', ' ', $this_userdata['user_aim'] ); $msn = $this_userdata['user_msnm']; $yim = $this_userdata['user_yim']; $website = $this_userdata['user_website']; $location = $this_userdata['user_from']; $occupation = $this_userdata['user_occ']; $interests = $this_userdata['user_interests']; $signature = $this_userdata['user_sig']; REPLACE WITH $username = htmlspecialchars($this_userdata['username']); $email = $this_userdata['user_email']; $password = ''; $password_confirm = ''; $icq = $this_userdata['user_icq']; $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] )); $msn = htmlspecialchars($this_userdata['user_msnm']); $yim = htmlspecialchars($this_userdata['user_yim']); $website = htmlspecialchars($this_userdata['user_website']); $location = htmlspecialchars($this_userdata['user_from']); $occupation = htmlspecialchars($this_userdata['user_occ']); $interests = htmlspecialchars($this_userdata['user_interests']); $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig']; $signature = preg_replace($html_entities_match, $html_entities_replace, $signature); FIND - Line 763 $user_dateformat = $this_userdata['user_dateformat']; REPLACE WITH $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']); FIND - Line 791 if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) ) REPLACE WITH if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) ) FIND AND REMOVE- Line 955 $signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature); FIND - Line 997 'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'), REPLACE WITH Code: 'LANGUAGE_SELECT' => language_select($user_lang), FIND - Line 1081 if( file_exists('./../' . $board_config['avatar_path'] ) && ($board_config['allow_avatar_upload'] == TRUE) ) REPLACE WITH if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) ) FIND - Line 1090 if( file_exists('./../' . $board_config['avatar_gallery_path'] ) && ($board_config['allow_avatar_local'] == TRUE) ) REPLACE WITH if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) ) *****admin/index.php FIND - Line 457 "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$reg_ip", REPLACE WITH "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$reg_ip&targetnic=auto", FIND - Line 549 "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$guest_ip", REPLACE WITH "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$guest_ip&targetnic=auto", *****admin/page_header_admin.php FIND - Line 38 if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) REPLACE WITH $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) *****admin/pagestart.php FIND - Line 40 if( !$userdata['session_logged_in'] ) { $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/")); exit; } else if( $userdata['user_level'] != ADMIN ) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } if ( empty($no_page_header) ) REPLACE WITH if (!$userdata['session_logged_in']) { redirect(append_sid("login.$phpEx?redirect=admin/", true)); } else if ($userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { $url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']); $url = preg_replace('/\?$/', '', $url); $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; redirect($url); } if (empty($no_page_header)) *****common.php FIND - Line 115 header("Location: install.$phpEx"); REPLACE WITH header("Location: install/install.$phpEx"); FIND - Line 157 $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); REPLACE WITH $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/'); FIND - Line 184 $board_config[$row['config_name']] = $row['config_value']; } AFTER, ADD if (file_exists('install') || file_exists('contrib')) { message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } *****db/mssql.php FIND - Line 54 $this->db_connect_id = ( $this->persistency ) ? mssql_pconnect($this->server, $this->user, $this->password) : mssql_connect($this->server, $this->user, $this->password); REPLACE WITH $this->db_connect_id = ( $this->persistency ) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password); FIND - Line 95 function sql_query($query = "", $transaction = FALSE) REPLACE WITH function sql_query($query = '', $transaction = FALSE) FIND - Line 103 if ( $query != "" ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { if ( !mssql_query("BEGIN TRANSACTION", $this->db_connect_id) ) REPLACE WITH if ( $query != '' ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { if ( !@mssql_query('BEGIN TRANSACTION', $this->db_connect_id) ) FIND - Line 128 if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) ) REPLACE WITH if( preg_match('#^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$#s', $query, $limits) ) FIND - Line 137 $query = "TOP " . ( $row_offset + $num_rows ) . $query; } $this->result = mssql_query("SELECT $query", $this->db_connect_id); REPLACE WITH $query = 'TOP ' . ( $row_offset + $num_rows ) . $query; } $this->result = @mssql_query("SELECT $query", $this->db_connect_id); FIND - Line 148 mssql_data_seek($this->result, $row_offset); } } } else if( eregi("^INSERT ", $query) ) { if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); $result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { if( $row = mssql_fetch_array($result_id) ) REPLACE WITH @mssql_data_seek($this->result, $row_offset); } } } else if( preg_match('#^INSERT #i', $query) ) { if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); $result_id = @mssql_query('SELECT @@IDENTITY AS id, @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { if( $row = @mssql_fetch_array($result_id) ) FIND - Line 171 if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); $result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { if( $row = mssql_fetch_array($result_id) ) REPLACE WITH if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); $result_id = @mssql_query('SELECT @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { if( $row = @mssql_fetch_array($result_id) ) FIND - Line 190 mssql_query("ROLLBACK", $this->db_connect_id); REPLACE WITH @mssql_query('ROLLBACK', $this->db_connect_id); FIND - Line 201 if( !@mssql_query("COMMIT", $this->db_connect_id) ) REPLACE WITH if( !@mssql_query('COMMIT', $this->db_connect_id) ) FIND - Line 216 if( !@mssql_query("COMMIT", $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); REPLACE WITH if( !@mssql_query('COMMIT', $this->db_connect_id) ) { @mssql_query('ROLLBACK', $this->db_connect_id); FIND - Line 239 return ( !empty($this->limit_offset[$query_id]) ) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); REPLACE WITH return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); FIND - Line 254 return ( $query_id ) ? mssql_num_fields($query_id) : false; REPLACE WITH return ( $query_id ) ? @mssql_num_fields($query_id) : false; FIND - Line 264 return ( $query_id ) ? mssql_field_name($query_id, $offset) : false; REPLACE WITH return ( $query_id ) ? @mssql_field_name($query_id, $offset) : false; FIND - Line 274 return ( $query_id ) ? mssql_field_type($query_id, $offset) : false; REPLACE WITH return ( $query_id ) ? @mssql_field_type($query_id, $offset) : false; FIND - Line 288 $row = mssql_fetch_array($query_id); REPLACE WITH $row = @mssql_fetch_array($query_id); FIND - Line 316 while( $row = mssql_fetch_array($query_id)) REPLACE WITH while( $row = @mssql_fetch_array($query_id)) FIND - Line 347 $result = ( !empty($this->limit_offset[$query_id]) ) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { $result = mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { $this->row[$query_id] = mssql_fetch_array($query_id); REPLACE WITH $result = ( !empty($this->limit_offset[$query_id]) ) ? @mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { $result = @mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); FIND - Line 380 return ( !empty($this->limit_offset[$query_id]) ) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum); REPLACE WITH return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum); FIND - Line 405 return ( $query_id ) ? mssql_free_result($query_id) : false; REPLACE WITH return ( $query_id ) ? @mssql_free_result($query_id) : false; *****db/oracle.php FIND - Line 299 for($i = 0; $i <= $rows; $i++) REPLACE WITH for($i = 0; $i < $rows; $i++) *****groupcp.php FIND - Line 130 $group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]); REPLACE WITH $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); FIND - Line 154 $header_location = ( @preg_match('/Microsoft|WebSTAR/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); exit; REPLACE WITH $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); FIND - Line 214 header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); exit; REPLACE WITH redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); FIND - Line 291 $emailer->set_subject();//$lang['Group_request'] $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), REPLACE WITH $emailer->set_subject($lang['Group_request']); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', FIND - Line 320 header($header_location . append_sid("groupcp.$phpEx", true)); exit; } elseif ( !$userdata['session_logged_in'] ) { header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); exit; REPLACE WITH redirect(append_sid("groupcp.$phpEx", true)); } elseif ( !$userdata['session_logged_in'] ) { redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); FIND - Line 378 $s_hidden_fields = ''; REPLACE WITH $s_hidden_fields = ''; FIND - Line 412 header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); exit; REPLACE WITH redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); FIND - Line 473 header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); exit; REPLACE WITH redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); FIND - Line 579 $emailer->set_subject();//$lang['Group_added'] $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), REPLACE WITH $emailer->set_subject($lang['Group_added']); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', FIND - Line 733 $emailer->email_address($userdata['user_email']); $emailer->set_subject();//$lang['Group_approved'] $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), REPLACE WITH $emailer->email_address(' ');//$userdata['user_email'] $emailer->set_subject($lang['Group_approved']); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', FIND - Line 915 generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); AFTER, ADD $s_hidden_fields .= ''; *****includes/auth.php FIND - Line 132 message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql); REPLACE WITH $db->sql_freeresult($result); return array(); *****includes/bbcode.php FIND - Line $bbcode_tpl['url1'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1\\2', $bbcode_tpl['url1']); $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); $bbcode_tpl['url3'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url3']); $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url4']); REPLACE WITH $bbcode_tpl['url1'] = str_replace('{URL}', '\1\2', $bbcode_tpl['url']); $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\1\2', $bbcode_tpl['url1']); $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); $bbcode_tpl['url3'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\6', $bbcode_tpl['url3']); $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\5', $bbcode_tpl['url4']); FIND - Line 152 // [code] and [/code] for posting code (HTML, PHP, C etc etc) in your posts. $text = bbencode_second_pass_code($text, $uid, $bbcode_tpl); AFTER, ADD // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); // New one liner to deal with opening quotes with usernames... // replaces the two line version that I had here before.. $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); FIND - Line 176 $text = preg_replace("/\[size=([\-\+]?[1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); // New one liner to deal with opening quotes with usernames... // replaces the two line version that I had here before.. $text = preg_replace("/\[quote:$uid=(?:\"?([^\"]*)\"?)\]/si", $bbcode_tpl['quote_username_open'], $text); REPLACE WITH $text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); FIND - Line 197 $patterns[0] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; $replacements[0] = $bbcode_tpl['img']; // [url]xxxx://www.phpbb.com[/url] code.. $patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si"; $replacements[1] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si"; $replacements[2] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. $patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si"; $replacements[3] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si"; $replacements[4] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. $patterns[5] = "#\[email\]([a-z0-9\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; $replacements[5] = $bbcode_tpl['email']; REPLACE WITH $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; $replacements[] = $bbcode_tpl['img']; // [url]xxxx://www.phpbb.com[/url] code.. $patterns[] = "#\[url\]([a-z0-9]+?://){1}([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*?)?)\[/url\]#si"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. $patterns[] = "#\[url=([a-z0-9]+://)([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*?)?)\](.*?)\[/url\]#si"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url=(([\w\-]+\.)*?[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)\](.*?)\[/url\]#si"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. $patterns[] = "#\[email\]([a-z0-9\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; $replacements[] = $bbcode_tpl['email']; FIND - Line 253 $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\"[^"]*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); REPLACE WITH $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); FIND - Line 272 $text = preg_replace("#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); REPLACE WITH $text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); FIND - Line 284 $text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text); // Remove our padding from the string.. $text = substr($text, 1); return $text; REPLACE WITH $text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. return substr($text, 1);; FIND - Line 385 $possible_start = substr($text, $curr_pos, strpos($text, "]", $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // if( preg_match('/\[quote\=\\\\"/si', $possible_start) && !preg_match('/\[quote=\\\\"[^"]*\\\\"\]/si', $possible_start) ) { // // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. // $possible_start = substr($text, $curr_pos, strpos($text, "\"]", $curr_pos + 1) - $curr_pos + 2); } // // Now compare, either using regexp or not. if ($open_is_regexp) { $match_result = array(); // PREG regexp comparison. REPLACE WITH $possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. if ($close_pos = strpos($text, '"]', $curr_pos + 9)) { $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); } } // Now compare, either using regexp or not. if ($open_is_regexp) { $match_result = array(); FIND - Line 437 $curr_pos = $curr_pos + strlen($possible_start); REPLACE WITH $curr_pos += strlen($possible_start); FIND - Line 520 bbcode_array_push($stack, $match); ++$curr_pos; REPLACE WITH // bbcode_array_push($stack, $match); // ++$curr_pos; FIND - Line 613 $ret = " " . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, or comma. $ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1\\2://\\3", $ret); // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // yyyy contains either alphanum, "-", or "." // zzzz is optional.. will contain everything up to the first space, newline, or comma. // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" // This is to keep it from getting annoying and matching stuff that's not meant to be a link. $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1www.\\2.\\3\\4", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1\\2@\\3", $ret); REPLACE WITH $ret = ' ' . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < $ret = preg_replace("#([\t\r\n ])([a-z0-9]+?){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1\2://\3', $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. $ret = preg_replace("#([\t\r\n ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1\2.\3', $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1\\2@\\3", $ret); *****includes/emailer.php FIND - Line 71 $this->subject = $subject; REPLACE WITH $this->subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); FIND - Line 91 $this->tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; if ( !file_exists($this->tpl_file) ) { message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__); } REPLACE WITH $this->tpl_file = @phpbb_realpath($phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'); if ( !file_exists(phpbb_realpath($this->tpl_file)) ) { $this->tpl_file = @phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/email/' . $template_file . '.tpl'); if ( !file_exists(phpbb_realpath($this->tpl_file)) ) { message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__); } } FIND - Line 156 $match = array(); preg_match("/^(Subject:(.*?)[\r\n]+?)?(Charset:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match); $this->msg = ( isset($match[5]) ) ? trim($match[5]) : ''; $this->subject = ( $this->subject != '' ) ? $this->subject : trim($match[2]); $this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : $lang['ENCODING']; REPLACE WITH $drop_header = ""; $match = array(); if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { $this->subject = (($this->subject != '') ? $this->subject : 'No Subject'); } if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { $this->encoding = trim($lang['ENCODING']); } if ($drop_header != '') { $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); } FIND - Line 206 $universal_extra = "MIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . gmdate('D, d M Y H:i:s', time()) . " UT\n"; $this->extra_headers = $universal_extra . $this->extra_headers; REPLACE WITH $universal_extra = "MIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . gmdate('D, d M Y H:i:s', time()) . " UT\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\n"; $this->extra_headers = $universal_extra . trim($this->extra_headers); FIND - Line 225 message_die(GENERAL_ERROR, 'Failed sending email', '', __LINE__, __FILE__); REPLACE WITH message_die(GENERAL_ERROR, 'Failed sending email :: ' . $result, '', __LINE__, __FILE__); FIND - Line 323 if (is_readable($sourcefile)) REPLACE WITH if (is_readable(phpbb_realpath($sourcefile))) *****includes/functions.php FIND - Line 95 global $template, $lang, $db, $SID, $nav_links, $phpEx; REPLACE WITH global $template, $userdata, $lang, $db, $nav_links, $phpEx; FIND - Line 125 $boxstring = ''; FIND - Line 174 $boxstring .= ''; } if ( isset($SID) ) { $boxstring .= ''; REPLACE WITH $boxstring .= ''; } if ( !empty($SID) ) { $boxstring .= ''; FIND - Line 223 if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) ) REPLACE WITH if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) FIND - Line 232 if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) REPLACE WITH if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) ) FIND - Line 291 $img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english'; REPLACE WITH $img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english'; FIND - Line 499 global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header; global $userdata, $user_ip, $session_length; global $starttime; REPLACE WITH global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images; global $userdata, $user_ip, $session_length; global $starttime; if(defined('HAS_DIED')) { die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } define(HAS_DIED, 1); FIND - Line 686 exit; } AFTER, ADD // // This function is for compatibility with PHP 4.x's realpath() // function. In later versions of PHP, it needs to be called // to do checks with some functions. Older versions of PHP don't // seem to need this, so we'll just return the original value. // dougk_ff7 function phpbb_realpath($path) { return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path); } function redirect($url) { global $db, $board_config; if (!empty($db)) { $db->sql_close(); } $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])); $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])); $script_name = ($script_name == '') ? $script_name : '/' . $script_name; $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); // Redirect via an HTML form for PITA webservers if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) { header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); echo 'Redirect
If your browser does not support meta redirection please click HERE to be redirected
'; exit; } // Behave as per HTTP/1.1 spec for others header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url); exit; } *****includes/functions_post.php FIND - Line 23 if ( !defined('IN_PHPBB') ) { die('Hacking attempt'); } $html_entities_match = array('#&#', '#<#', '#>#'); REPLACE WITH if (!defined('IN_PHPBB')) { die('Hacking attempt'); } $html_entities_match = array('#&[a-z]+?;#', '#<#', '#>#'); FIND - Line 40 global $board_config; global $html_entities_match, $html_entities_replace; global $code_entities_match, $code_entities_replace; // // Clean up the message REPLACE WITH global $board_config, $html_entities_match, $html_entities_replace; // // Clean up the message FIND - Line 56 while ( $start_html = strpos($message, '<', $start_html) ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); if ( $end_html = strpos($message, '>', $start_html) ) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; for($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) ) { $tagallowed = true; } } $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; REPLACE WITH while ($start_html = strpos($message, '<', $start_html)) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); if (preg_match('#^<\/?' . $match_tag . '(?!(.*?)((style)|( on[\w]+?[\s]?=))[\s]*?)#i', $hold_string)) { $tagallowed = true; } } $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; FIND - Line 94 if ( $end_html != strlen($message) && $tmp_message != '' ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } if( $bbcode_on && $bbcode_uid != '' ) REPLACE WITH if ($end_html != strlen($message) && $tmp_message != '') { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } if($bbcode_on && $bbcode_uid != '') FIND - Line 129 if ( !empty($username) ) { $username = htmlspecialchars(trim(strip_tags($username))); if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); if ( $result['error'] ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $result['error_msg'] : $result['error_msg']; } } } // Check subject if ( !empty($subject) ) { $subject = htmlspecialchars(trim($subject)); } else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message if ( !empty($message) ) { $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } else if ( $mode != 'delete' && $mode != 'polldelete' ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0; if ( !empty($poll_title) ) { $poll_title = htmlspecialchars(trim($poll_title)); } if( !empty($poll_options) ) { $temp_option_text = array(); while( list($option_id, $option_text) = @each($poll_options) ) { $option_text = trim($option_text); if ( !empty($option_text) ) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; if ( count($poll_options) < 2 ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } else if ( count($poll_options) > $board_config['max_poll_options'] ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } else if ( $poll_title == '' ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; REPLACE WITH if (!empty($username)) { $username = trim(strip_tags($username)); if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); if ($result['error']) { $error_msg .= (!empty($error_msg)) ? '
' . $result['error_msg'] : $result['error_msg']; } } else { $username = ''; } } // Check subject if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message if (!empty($message)) { $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } else if ($mode != 'delete' && $mode != 'poll_delete') { $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } if(!empty($poll_options)) { $temp_option_text = array(); while(list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); if (!empty($option_text)) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; if (count($poll_options) < 2) { $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } else if (count($poll_options) > $board_config['max_poll_options']) { $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } else if ($poll_title == '') { $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; FIND - Line 225 if ( $mode == 'newtopic' || $mode == 'reply' ) { // // Flood control // $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; if ( $result = $db->sql_query($sql) ) { if ( $row = $db->sql_fetchrow($result) ) { if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } else if ( $mode == 'editpost' ) { remove_search_post($post_id); } if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0; $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ( $mode == 'newtopic' ) { $topic_id = $db->sql_nextid(); } } $edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; $sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ( $mode != 'editpost' ) { $post_id = $db->sql_nextid(); } $sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 ) { $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); if ( $mode == 'editpost' && $post_data['has_poll'] ) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } while ( $row = $db->sql_fetchrow($result) ) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; if ( !isset($poll_options[$row['vote_option_id']]) ) { $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; REPLACE WITH if ($mode == 'newtopic' || $mode == 'reply') { // // Flood control // $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } else if ($mode == 'editpost') { remove_search_post($post_id); } if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ($mode == 'newtopic') { $topic_id = $db->sql_nextid(); } } $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; if (!$db->sql_query($sql, BEGIN_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ($mode != 'editpost') { $post_id = $db->sql_nextid(); } $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) { $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); if ($mode == 'editpost' && $post_data['has_poll']) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; if (!isset($poll_options[$row['vote_option_id']])) { $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; FIND - Line 327 while ( list($option_id, $option_text) = each($poll_options) ) { if ( !empty($option_text) ) { $option_text = str_replace("\'", "''", $option_text); $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0; $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; if ( !$db->sql_query($sql) ) REPLACE WITH while (list($option_id, $option_text) = each($poll_options)) { if (!empty($option_text)) { $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; if (!$db->sql_query($sql)) FIND - Line 388 if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } if ( $post_data['last_topic'] ) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { $forum_update_sql .= ( $row['last_post_id'] ) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } else if ( $post_data['first_post'] ) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) REPLACE WITH if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } if ($post_data['last_topic']) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } else if ($post_data['first_post']) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) FIND - Line 435 else if ( $mode != 'poll_delete' ) { $forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" ); $topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" ); REPLACE WITH else if ($mode != 'poll_delete') { $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); FIND - Line 448 if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ( $topic_update_sql != '' ) { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } if ( $mode != 'poll_delete' ) { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; if ( !$db->sql_query($sql, END_TRANSACTION) ) REPLACE WITH if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ($topic_update_sql != '') { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql WHERE topic_id = $topic_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } if ($mode != 'poll_delete') { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; if (!$db->sql_query($sql, END_TRANSACTION)) FIND - Line 486 include($phpbb_root_path . 'includes/functions_search.'.$phpEx); if ( $mode != 'poll_delete' ) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ( $post_data['last_post'] ) { if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) REPLACE WITH if ($mode != 'poll_delete') { include($phpbb_root_path . 'includes/functions_search.'.$phpEx); $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } if ($post_data['last_post']) { if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; if (!$db->sql_query($sql)) FIND - Line 529 if ( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] ) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) REPLACE WITH if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) FIND - Line 561 $message = ( ( $mode == 'poll_delete' ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '

' . sprintf($lang['Click_return_topic'], '', ''); REPLACE WITH $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '

' . sprintf($lang['Click_return_topic'], '', ''); FIND - Line 572 function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); if ( $mode == 'delete' ) { $delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { if ( $mode == 'reply' ) { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; while ( $row = $db->sql_fetchrow($result) ) { if ( isset($row['ban_userid']) ) { $user_id_sql = ', ' . $row['ban_userid']; } } $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND t.topic_id = tw.topic_id AND u.user_id = tw.user_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); $script_name = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; $server_name = trim($board_config['server_name']); $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $update_watched_sql = ''; if ( $row = $db->sql_fetchrow($result) ) { @set_time_limit(120); $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); do { if ( $row['user_email'] != '' ) { $emailer->use_template('topic_notify', $row['user_lang']); $emailer->email_address($row['user_email']); $emailer->set_subject(); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'USERNAME' => $row['username'], REPLACE WITH function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); if ($mode == 'delete') { $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { if ($mode == 'reply') { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; while ($row = $db->sql_fetchrow($result)) { if (isset($row['ban_userid'])) { $user_id_sql = ', ' . $row['ban_userid']; } } $sql = "SELECT u.user_id, u.user_email, u.user_lang FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND u.user_id = tw.user_id"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } $update_watched_sql = ''; $bcc_list_ary = array(); if ($row = $db->sql_fetchrow($result)) { // Sixty second limit @set_time_limit(60); do { if ($row['user_email'] != '') { $bcc_list_ary[$row['user_lang']] .= (($bcc_list_ary[$row['user_lang']] != '') ? ', ' : '') . $row['user_email']; } $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; } while ($row = $db->sql_fetchrow($result)); // // Let's do some checking to make sure that mass mail functions // are working in win32 versions of php. // if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) { $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; // We are running on windows, force delivery to use our smtp functions // since php's are broken by default $board_config['smtp_delivery'] = 1; $board_config['smtp_host'] = @$ini_val('SMTP'); } if (sizeof($bcc_list_ary)) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; $server_name = trim($board_config['server_name']); $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); while (list($user_lang, $bcc_list) = each($bcc_list_ary)) { $emailer->use_template('topic_notify', $user_lang); $emailer->email_address(' '); // The Topic_reply_notification lang string below will be used // if for some reason the mail template subject cannot be read // ... note it will not necessarily be in the posters own language! $emailer->set_subject($lang['Topic_reply_notification']); $emailer->extra_headers($email_headers . "Bcc: $bcc_list\n"); // This is a nasty kludge to remove the username var ... till (if?) // translators update their templates $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); $emailer->assign_vars(array( 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', FIND - Line 695 $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; } } while ( $row = $db->sql_fetchrow($result) ); } if ( $update_watched_sql != '' ) REPLACE WITH } } } $db->sql_freeresult($result); if ($update_watched_sql != '') FIND - Line 714 if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( !$notify_user && !empty($row['topic_id']) ) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } else if ( $notify_user && empty($row['topic_id']) ) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; if ( !$db->sql_query($sql) ) REPLACE WITH if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if (!$notify_user && !empty($row['topic_id'])) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } else if ($notify_user && empty($row['topic_id'])) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; if (!$db->sql_query($sql)) FIND - Line 775 if ( $result = $db->sql_query($sql) ) { $num_smilies = 0; $rowset = array(); while ( $row = $db->sql_fetchrow($result) ) { if ( empty($rowset[$row['smile_url']]) ) { $rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } if ( $num_smilies ) { $smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies; $smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; while ( list($smile_url, $data) = @each($rowset) ) { if ( !$col ) REPLACE WITH if ($result = $db->sql_query($sql)) { $num_smilies = 0; $rowset = array(); while ($row = $db->sql_fetchrow($result)) { if (empty($rowset[$row['smile_url']])) { $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } if ($num_smilies) { $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; while (list($smile_url, $data) = @each($rowset)) { if (!$col) *****includes/functions_search.php FIND - Line 94 $rex = ( $mode == 'post' ) ? "/\b(\w[\w']*\w+|\w+?)\b/" : '/(\*?[à-ÿa-z0-9]+\*?)|\b([à-ÿa-z0-9]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; } function add_search_words($post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); REPLACE WITH $rex = ( $mode == 'post' ) ? "/\b([\w±µ-ÿ][\w±µ-ÿ']*[\w±µ-ÿ]+|[\w±µ-ÿ]+?)\b/" : '/(\*?[a-z0-9±µ-ÿ]+\*?)|\b([a-z0-9±µ-ÿ]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; } function add_search_words($mode, $post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; $stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); FIND - Line 262 $sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE; REPLACE WITH $sql = "SELECT COUNT(post_id) AS total_posts FROM " . POSTS_TABLE; FIND - Line 329 return $word_count; REPLACE WITH return; FIND - Line 463 'USERNAME' => ( !empty($search_match) ) ? $search_match : '', REPLACE WITH 'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '', *****includes/functions_selects.php FIND - Line 29 global $phpEx; $dir = opendir($dirname); $lang = array(); while ( $file = readdir($dir) ) { if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) REPLACE WITH global $phpEx, $phpbb_root_path; $dir = opendir($phpbb_root_path . $dirname); $lang = array(); while ( $file = readdir($dir) ) { if (preg_match('#^lang_#i', $file) && !is_file(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)) && !is_link(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file))) *****includes/functions_validate.php FIND - Line 37 if ( $result = $db->sql_query($sql) ) { if ( $row = $db->sql_fetchrow($result) ) { if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; if ( $result = $db->sql_query($sql) ) { if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; if ( $result = $db->sql_query($sql) ) { while( $row = $db->sql_fetchrow($result) ) { if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) ) { return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } $sql = "SELECT word FROM " . WORDS_TABLE; if ( $result = $db->sql_query($sql) ) { while( $row = $db->sql_fetchrow($result) ) { if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) ) { return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } // Don't allow " in username. if ( strstr($username, '"') ) REPLACE WITH if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $db->sql_freeresult($result); $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $db->sql_freeresult($result); $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); $sql = "SELECT word FROM " . WORDS_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); // Don't allow " in username. if (strstr($username, '"')) FIND - Line 118 if ( $email != '' ) { if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; if ( $result = $db->sql_query($sql) ) { while( $row = $db->sql_fetchrow($result) ) { $match_email = str_replace('*', '.*?', $row['ban_email']); if ( preg_match('/^' . $match_email . '$/is', $email) ) { return array('error' => true, 'error_msg' => $lang['Email_banned']); } } } $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } REPLACE WITH if ($email != '') { if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { $match_email = str_replace('*', '.*?', $row['ban_email']); if (preg_match('/^' . $match_email . '$/is', $email)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Email_banned']); } } while($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } $db->sql_freeresult($result); FIND - Line 173 if ( strlen($$check_var_length[$i]) < 2 ) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. if ( !preg_match('/^[0-9]+$/', $icq) ) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. if ( $website != "" ) { if ( !preg_match('#^http:\/\/#i', $website) ) { $website = 'http://' . $website; } if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) REPLACE WITH if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. if ($website != "") { if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) *****includes/page_header.php FIND - Line 38 if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) REPLACE WITH $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) FIND - Line 75 $u_login_logout = 'login.'.$phpEx.'?logout=true'; REPLACE WITH $u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id']; FIND - Line 90 $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s WHERE u.user_id = s.session_user_id AND s.session_time >= ".( time() - 300 ) . " $user_forum_sql ORDER BY u.username ASC, s.session_ip ASC"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); } $userlist_ary = array(); $userlist_visible = array(); $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; $prev_user_id = 0; $prev_user_ip = ''; while( $row = $db->sql_fetchrow($result) ) { REPLACE WITH $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; if (defined('SHOW_ONLINE')) { $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s WHERE u.user_id = s.session_user_id AND s.session_time >= ".( time() - 300 ) . " $user_forum_sql ORDER BY u.username ASC, s.session_ip ASC"; if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); } $userlist_ary = array(); $userlist_visible = array(); $prev_user_id = 0; $prev_user_ip = ''; while( $row = $db->sql_fetchrow($result) ) { FIND - Line 165 } if ( empty($online_userlist) ) { $online_userlist = $lang['None']; } $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; $total_online_users = $logged_visible