################################################################################
##
## Hack Title: phpBB 2.0.18 - 2.0.19 Code Changes
## Hack Version: 1.0.0
## Hack Author: Complied by Thoul, code by phpBB Group
## Hack Description: All changes in phpBB made between 2.0.18 and 2.0.19.
##
## Compatibility: 2.0.18
## Installation Level: Moderate
## Installation Time: 30 minutes
##
## Files To Edit: 20
## admin/admin_board.php
## admin/admin_db_utilities.php
## admin/admin_disallow.php
## admin/admin_ranks.php
## admin/admin_styles.php
## admin/admin_users.php
## admin/admin_words.php
## admin/index.php
## includes/bbcode.php
## includes/functions.php
## includes/functions_post.php
## includes/usercp_confirm.php
## includes/usercp_register.php
## language/lang_english/lang_admin.php
## language/lang_english/lang_main.php
## common.php
## login.php
## privmsg.php
## templates/subSilver/admin/board_config_body.tpl
## templates/subSilver/admin/index_body.tpl
##
## Support: http://www.phpbbhacks.com/forums
##
################################################################################
##
## You downloaded this hack from phpBBHacks.com,
## the #1 source for phpBB related downloads.
##
## Please visit http://www.phpbbhacks.com/forums for support.
##
################################################################################
##
## This hack is released under the GPL License.
##
################################################################################
##
## BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL
## affected files.
##
################################################################################
##
##----------[ PLEASE NOTE ]------------------------------
##
## Once you have completed the code changes, create an install/ directory in
## your forum's root directory, and upload the update_to_latest.php file that
## comes in any phpBB 2.0.19 download to the install/ directory. Run
## update_to_latest.php by opening it via your web browser, just as you would a
## normal forum page. Afterward, delete the file and the install/ directory so
## that your forum is accessible again.
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_board.php
##
##----------[ FIND ]-------------------------------------
##
$module['General']['Configuration'] = "$file";
##
##----------[ REPLACE WITH ]-----------------------------
##
$module['General']['Configuration'] = $file;
##
##----------[ FIND ]-------------------------------------
##
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
##
##----------[ AFTER, ADD ]-------------------------------
##
'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'],
'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'],
'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'],
'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'],
'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'],
'LOGIN_RESET_TIME' => $new['login_reset_time'],
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_db_utilities.php
##
##----------[ PLEASE NOTE ]------------------------------
##
## The line to be changed here is also altered by many hacks. The code shown
## below may not be an exact match for the code that is in your file.
##
##----------[ FIND ]-------------------------------------
##
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm');
##
##----------[ REPLACE WITH ]-----------------------------
##
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys');
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_disallow.php
##
##----------[ FIND ]-------------------------------------
##
$module['Users']['Disallow'] = append_sid($filename);
##
##----------[ REPLACE WITH ]-----------------------------
##
$module['Users']['Disallow'] = $filename;
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_ranks.php
##
##----------[ FIND ]-------------------------------------
##
$module['Users']['Ranks'] = "$file";
##
##----------[ REPLACE WITH ]-----------------------------
##
$module['Users']['Ranks'] = $file;
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_styles.php
##
##----------[ FIND ]-------------------------------------
##
$module['Styles']['Manage'] = "$file";
##
##----------[ REPLACE WITH ]-----------------------------
##
$module['Styles']['Manage'] = $file;
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_users.php
##
##----------[ FIND ]-------------------------------------
##
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_from_userid = $user_id
##
##----------[ BEFORE, ADD ]------------------------------
##
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql);
}
##
##----------[ FIND ]-------------------------------------
##
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
##
##----------[ REPLACE WITH ]-----------------------------
##
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
##
##----------[ FIND ]-------------------------------------
##
if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
##
##----------[ REPLACE WITH ]-----------------------------
##
if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_words.php
##
##----------[ FIND ]-------------------------------------
##
$module['General']['Word_Censor'] = "$file";
##
##----------[ REPLACE WITH ]-----------------------------
##
$module['General']['Word_Censor'] = $file;
##
##----------[ OPEN ]-------------------------------------
##
admin/index.php
##
##----------[ FIND ]-------------------------------------
##
include($file);
##
##----------[ REPLACE WITH ]-----------------------------
##
include('./' . $file);
##
##----------[ FIND ]-------------------------------------
##
if( preg_match("/^(3\.23|4\.)/", $version) )
{
$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname;
##
##----------[ REPLACE WITH ]-----------------------------
##
if( preg_match("/^(3\.23|4\.|5\.)/", $version) )
{
$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname;
##
##----------[ OPEN ]-------------------------------------
##
includes/bbcode.php
##
##----------[ FIND ]-------------------------------------
##
$patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
##
##----------[ REPLACE WITH ]-----------------------------
##
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
##
##----------[ FIND ]-------------------------------------
##
$patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
##
##----------[ REPLACE WITH ]-----------------------------
##
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
##
##----------[ FIND ]-------------------------------------
##
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
##
##----------[ REPLACE WITH ]-----------------------------
##
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]");
##
##----------[ FIND ]-------------------------------------
##
if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
##
##----------[ REPLACE WITH ]-----------------------------
##
if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
##
##----------[ FIND ]-------------------------------------
##
if ($close_pos = strpos($text, '"]', $curr_pos + 9))
{
if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
{
$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);
##
##----------[ REPLACE WITH ]-----------------------------
##
if ($close_pos = strpos($text, '"]', $curr_pos + 14))
{
if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false)
{
$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7);
##
##----------[ OPEN ]-------------------------------------
##
includes/functions.php
##
##----------[ FIND ]-------------------------------------
##
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS;
##
##----------[ REPLACE WITH ]-----------------------------
##
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
##
##----------[ OPEN ]-------------------------------------
##
includes/functions_post.php
##
##----------[ FIND ]-------------------------------------
##
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');
##
##----------[ REPLACE WITH ]-----------------------------
##
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
##
##----------[ OPEN ]-------------------------------------
##
includes/usercp_confirm.php
##
##----------[ FIND ]-------------------------------------
##
if (!empty($HTTP_GET_VARS['c']))
{
$_png = define_raw_pngs();
$char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1);
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);
unset($_png);
exit;
}
##
##----------[ REPLACE WITH ]-----------------------------
##
$_png = define_raw_pngs();
$char = substr($code, -1);
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);
unset($_png);
exit;
##
##----------[ OPEN ]-------------------------------------
##
includes/usercp_register.php
##
##----------[ PLEASE NOTE ]------------------------------
##
## The line to be changed here is also altered by many hacks. The code shown
## below may not be an exact match for the code that is in your file.
##
##----------[ FIND ]-------------------------------------
##
$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
$strip_var_list['confirm_code'] = 'confirm_code';
##
##----------[ REPLACE WITH ]-----------------------------
##
$strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
##
##----------[ FIND ]-------------------------------------
##
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
##
##----------[ BEFORE, ADD ]------------------------------
##
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
##
##----------[ FIND ]-------------------------------------
##
if ($row['code'] != $confirm_code)
{
$error = TRUE;
##
##----------[ BEFORE, ADD ]------------------------------
##
// Only compare one char if the zlib-extension is not loaded
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}
##
##----------[ OPEN ]-------------------------------------
##
language/lang_english/lang_admin.php
##
##----------[ FIND ]-------------------------------------
##
// That's all Folks!
##
##----------[ BEFORE, ADD ]------------------------------
##
// Login attempts configuration
//
$lang['Max_login_attempts'] = 'Allowed login attempts';
$lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.';
$lang['Login_reset_time'] = 'Login lock time';
$lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.';
//
##
##----------[ OPEN ]-------------------------------------
##
language/lang_english/lang_main.php
##
##----------[ FIND ]-------------------------------------
##
$lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';
##
##----------[ AFTER, ADD ]-------------------------------
##
$lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.';
$lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted';
##
##----------[ OPEN ]-------------------------------------
##
common.php
##
##----------[ FIND ]-------------------------------------
##
message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
##
##----------[ REPLACE WITH ]-----------------------------
##
message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
##
##----------[ OPEN ]-------------------------------------
##
login.php
##
##----------[ FIND ]-------------------------------------
##
$sql = "SELECT user_id, username, user_password, user_active, user_level
##
##----------[ REPLACE WITH ]-----------------------------
##
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
##
##----------[ FIND ]-------------------------------------
##
if( md5($password) == $row['user_password'] && $row['user_active'] )
##
##----------[ BEFORE, ADD ]------------------------------
##
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}
// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}
##
##----------[ FIND ]-------------------------------------
##
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
##
##----------[ AFTER, ADD ]-------------------------------
##
// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
##
##----------[ FIND ]-------------------------------------
##
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
##
##----------[ BEFORE, ADD ]------------------------------
##
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
##
##----------[ OPEN ]-------------------------------------
##
privmsg.php
##
##----------[ FIND ]-------------------------------------
##
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');
##
##----------[ REPLACE WITH ]-----------------------------
##
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
##
##----------[ OPEN ]-------------------------------------
##
templates/subSilver/admin/board_config_body.tpl
##
##----------[ FIND ]-------------------------------------
##
|
##
##----------[ AFTER, ADD ]-------------------------------
##
{L_MAX_LOGIN_ATTEMPTS}
{L_MAX_LOGIN_ATTEMPTS_EXPLAIN} |
|
{L_LOGIN_RESET_TIME}
{L_LOGIN_RESET_TIME_EXPLAIN} |
|
##
##----------[ OPEN ]-------------------------------------
##
templates/subSilver/admin/index_body.tpl
##
##----------[ FIND ]-------------------------------------
##
{L_WHO_IS_ONLINE}
##
##----------[ BEFORE, ADD ]------------------------------
##
{L_VERSION_INFORMATION}
{VERSION_INFO}
##
##----------[ FIND AND DELETE ]-------------------------------------
##
{L_VERSION_INFORMATION}
{VERSION_INFO}
##
##----------[ SAVE AND CLOSE ALL FILES ]-----------------
##
## End
##