################################################################################
##
##   Hack Title:		phpBB 2.0.14 - 2.0.15 Code Changes
##   Hack Version:		1.1.0
##   Hack Author:		Complied by Thoul, code by phpBB Group
##   Hack Description:	All changes in phpBB made between 2.0.14 and 2.0.15.
##
##   Compatibility:		2.0.14
##   Installation Level:	Moderate
##   Installation Time:	30 minutes
##
##   Files To Edit:		20
##						admin/admin_forums.php
##						admin/admin_smilies.php
##						admin/admin_ug_auth.php
##						admin/pagestart.php
##						db/postgres7.php
##						groupcp.php
##						login.php
##						posting.php
##						privmsg.php
##						viewonline.php
##						viewtopic.php
##						includes/bbcode.php
##						includes/functions_selects.php
##						includes/sessions.php
##						includes/smtp.php
##						includes/template.php
##						includes/topic_review.php
##						includes/usercp_register.php
##						includes/usercp_viewprofile.php
##						language/lang_english/lang_main.php
##
##   Support:				http://www.phpbbhacks.com/forums 
##
################################################################################
##
##  You downloaded this hack from phpBBHacks.com,
##  the #1 source for phpBB related downloads.
##
##  Please visit http://www.phpbbhacks.com/forums for support.
##
################################################################################
##
##  This hack is released under the GPL License. 
##
################################################################################
##
##  BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL
##  affected files.
##
################################################################################
##
##----------[ PLEASE NOTE ]------------------------------
##
## Once you have completed the code changes, create an install/ directory in
## your forum's root directory, and upload the update_to_latest.php file that
## comes in any phpBB 2.0.15 download to the install/ directory.  Run
## update_to_latest.php by opening it via your web browser, just as you would a
## normal forum page.  Afterward, delete the file and the install/ directory so
## that your forum is accessible again.

##
##----------[ PLEASE NOTE ]------------------------------
##
## In addition to the changes described here, extra spaces following the ?>
## line were removed from the end of these files:
## admin/admin_forums.php
## admin/admin_smilies.php
## includes/functions_selects.php (This is the only change for this file.)
## includes/template.php (This is the only change for this file.)
## includes/topic_review.php (This is the only change for this file.)
## posting.php (This is the only change for this file.)
## privmsg.php (This is the only change for this file.)
## viewonline.php (This is the only change for this file.)
## viewtopic.php

##
##----------[ OPEN ]-------------------------------------
##

admin/admin_forums.php

##
##----------[ FIND ]-------------------------------------
##

	if( $mode == "addforum" )
	{
		list($cat_id) = each($HTTP_POST_VARS['addforum']);

##
##----------[ AFTER, ADD ]-------------------------------
##

		$cat_id = intval($cat_id);

##
##----------[ OPEN ]-------------------------------------
##

admin/admin_smilies.php

##
##----------[ FIND ]-------------------------------------
##

			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];

##
##----------[ AFTER, ADD ]-------------------------------
##

			$smile_code = trim($smile_code);
			$smile_url = trim($smile_url);
			$smile_emotion = trim($smile_emotion);

##
##----------[ OPEN ]-------------------------------------
##

admin/admin_ug_auth.php

##
##----------[ FIND ]-------------------------------------
##

			if( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);

##
##----------[ AFTER, ADD ]-------------------------------
##

			}
		}

		$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
			WHERE group_id = $group_id";
		$result = $db->sql_query($sql);

		$group_user = array();
		while ($row = $db->sql_fetchrow($result))
		{
			$group_user[$row['user_id']] = $row['user_id'];
		}
		$db->sql_freeresult($result);

		$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 
			FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 
			WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 
				AND aa.group_id = ug.group_id 
				AND aa.auth_mod = 1
			GROUP BY ug.user_id";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
		}

		while ($row = $db->sql_fetchrow($result))
		{
			if ($row['is_auth_mod'])
			{
				unset($group_user[$row['user_id']]);
			}
		}
		$db->sql_freeresult($result);

		if (sizeof($group_user))
		{
			$sql = "UPDATE " . USERS_TABLE . " 
				SET user_level = " . USER . " 
				WHERE user_id IN (" . implode(', ', $group_user) . ")";
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);

##
##----------[ OPEN ]-------------------------------------
##

admin/pagestart.php

##
##----------[ FIND ]-------------------------------------
##

	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];

	redirect("index.$phpEx?sid=" . $userdata['session_id']);

##
##----------[ AFTER, ADD ]-------------------------------
##

}

if (!$userdata['session_admin'])
{
	redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));

##
##----------[ OPEN ]-------------------------------------
##

db/postgres7.php

##
##----------[ FIND AND DELETE ]-------------------------------------
##

			$query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);

##
##----------[ OPEN ]-------------------------------------
##

groupcp.php

##
##----------[ FIND ]-------------------------------------
##

			if ( !($row = $db->sql_fetchrow($result)) )

##
##----------[ REPLACE WITH ]-----------------------------
##

			if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 )

##
##----------[ OPEN ]-------------------------------------
##

login.php

##
##----------[ FIND ]-------------------------------------
##

	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )

##
##----------[ REPLACE WITH ]-----------------------------
##

	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )

##
##----------[ FIND ]-------------------------------------
##

					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

##
##----------[ REPLACE WITH ]-----------------------------
##

					$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

##
##----------[ FIND ]-------------------------------------
##

	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata['session_logged_in'] )

##
##----------[ REPLACE WITH ]-----------------------------
##

	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))

##
##----------[ FIND ]-------------------------------------
##

		$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';

##
##----------[ AFTER, ADD ]-------------------------------
##

		$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

##
##----------[ FIND ]-------------------------------------
##

			'L_ENTER_PASSWORD' => $lang['Enter_password'],

##
##----------[ REPLACE WITH ]-----------------------------
##

			'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],

##
##----------[ OPEN ]-------------------------------------
##

viewtopic.php

##
##----------[ FIND ]-------------------------------------
##

		$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

##
##----------[ REPLACE WITH ]-----------------------------
##

		$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

##
##----------[ OPEN ]-------------------------------------
##

includes/bbcode.php

##
##----------[ FIND ]-------------------------------------
##

	// pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0).
	// This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it.

##
##----------[ BEFORE, ADD ]------------------------------
##

	$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);


##
##----------[ FIND ]-------------------------------------
##

	$patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";

##
##----------[ REPLACE WITH ]-----------------------------
##

	$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";

##
##----------[ FIND ]-------------------------------------
##

	// [url=xxxx://www.phpbb.com]phpBB[/url] code..
	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
	$replacements[] = $bbcode_tpl['url3'];

	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
	$replacements[] = $bbcode_tpl['url4'];

##
##----------[ REPLACE WITH ]-----------------------------
##

	// [url=xxxx://www.phpbb.com]phpBB[/url] code..
	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
	$replacements[] = $bbcode_tpl['url3'];

	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
	$replacements[] = $bbcode_tpl['url4'];

##
##----------[ FIND ]-------------------------------------
##

function make_clickable($text)
{

##
##----------[ AFTER, ADD ]-------------------------------
##

	$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);

##
##----------[ OPEN ]-------------------------------------
##

includes/sessions.php

##
##----------[ FIND ]-------------------------------------
##

function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)

##
##----------[ REPLACE WITH ]-----------------------------
##

function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)

##
##----------[ FIND ]-------------------------------------
##

		SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login

##
##----------[ REPLACE WITH ]-----------------------------
##

		SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin

##
##----------[ FIND ]-------------------------------------
##

		$session_id = md5(uniqid($user_ip));

##
##----------[ REPLACE WITH ]-----------------------------
##

		list($sec, $usec) = explode(' ', microtime());
		mt_srand((float) $sec + ((float) $usec * 100000));
		$session_id = md5(uniqid(mt_rand(), true));

##
##----------[ FIND ]-------------------------------------
##

		$sql = "INSERT INTO " . SESSIONS_TABLE . "
			(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
			VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";

##
##----------[ REPLACE WITH ]-----------------------------
##

		$sql = "INSERT INTO " . SESSIONS_TABLE . "
			(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
			VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";

##
##----------[ FIND ]-------------------------------------
##

		$sql = "UPDATE " . USERS_TABLE . " 
			SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
			WHERE user_id = $user_id";
		if ( !$db->sql_query($sql) )
		{
			message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);

##
##----------[ REPLACE WITH ]-----------------------------
##

		if (!$admin)
		{
			$sql = "UPDATE " . USERS_TABLE . " 
				SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
				WHERE user_id = $user_id";
			if ( !$db->sql_query($sql) )
			{
				message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
			}

##
##----------[ FIND ]-------------------------------------
##

		$sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '';

##
##----------[ REPLACE WITH ]-----------------------------
##

		$sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];

##
##----------[ FIND ]-------------------------------------
##

	$userdata['session_time'] = $current_time;

##
##----------[ AFTER, ADD ]-------------------------------
##

	$userdata['session_admin'] = $admin;

##
##----------[ FIND ]-------------------------------------
##

					$sql = "UPDATE " . SESSIONS_TABLE . " 
						SET session_time = $current_time, session_page = $thispage_id 

##
##----------[ REPLACE WITH ]-----------------------------
##

					// A little trick to reset session_admin on session re-usage
					$update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : '';

					$sql = "UPDATE " . SESSIONS_TABLE . " 
						SET session_time = $current_time, session_page = $thispage_id$update_admin

##
##----------[ FIND ]-------------------------------------
##

						$sql = "UPDATE " . USERS_TABLE . " 
							SET user_session_time = $current_time, user_session_page = $thispage_id 

##
##----------[ REPLACE WITH ]-----------------------------
##

						$sql = "UPDATE " . USERS_TABLE . " 
							SET user_session_time = $current_time, user_session_page = $thispage_id

##
##----------[ FIND ]-------------------------------------
##

					$expiry_time = $current_time - $board_config['session_length'];
					$sql = "DELETE FROM " . SESSIONS_TABLE . " 

##
##----------[ REPLACE WITH ]-----------------------------
##

					$expiry_time = $current_time - $board_config['session_length'];

					$sql = "DELETE FROM " . SESSIONS_TABLE . " 

##
##----------[ OPEN ]-------------------------------------
##

includes/smtp.php

##
##----------[ FIND ]-------------------------------------
##

	if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )

##
##----------[ REPLACE WITH ]-----------------------------
##

	if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )

##
##----------[ OPEN ]-------------------------------------
##

includes/usercp_register.php

##
##----------[ FIND ]-------------------------------------
##

		else if ( $username != $userdata['username'] || $mode == 'register' )
		{
			if (strtolower($username) != strtolower($userdata['username']))

##
##----------[ REPLACE WITH ]-----------------------------
##

		else if ( $username != $userdata['username'] || $mode == 'register')
		{
			if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')

##
##----------[ OPEN ]-------------------------------------
##

includes/usercp_viewprofile.php

##
##----------[ FIND ]-------------------------------------
##

$profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);

##
##----------[ AFTER, ADD ]-------------------------------
##


if (!$profiledata)
{
	message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
}

##
##----------[ OPEN ]-------------------------------------
##

language/lang_english/lang_main.php

##
##----------[ FIND ]-------------------------------------
##

$lang['A_critical_error'] = 'A Critical Error Occurred';

##
##----------[ AFTER, ADD ]-------------------------------
##


$lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';

##
##----------[ PLEASE NOTE ]------------------------------
##
## The following change is a bugfix announced after phpBB 2.0.15's original
## release. Copies of phpBB 2.0.15 downloaded before May 14, 2005 may not
## include this change and should also be updated.

##
##----------[ OPEN ]-------------------------------------
##

admin/admin_ug_auth.php

##
##----------[ FIND ]-------------------------------------
##

				WHERE user_id IN (" . implode(', ', $group_user) . ")";

##
##----------[ REPLACE WITH ]-----------------------------
##

				WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;

##
##----------[ SAVE AND CLOSE ALL FILES ]-----------------
##
##     End
##