################################################################################ ## ## Hack Title: phpBB 2.0.19 - 2.0.20 Code Changes ## Hack Version: 1.0.0 ## Hack Author: Complied by Thoul, code by phpBB Group ## Hack Description: All changes in phpBB made between 2.0.19 and 2.0.20. ## ## Compatibility: 2.0.19 ## Installation Level: Moderate ## Installation Time: 60 minutes ## ## Files To Edit: 35 ## admin/admin_board.php ## admin/admin_db_utilities.php ## admin/admin_forums.php ## admin/admin_groups.php ## admin/admin_ranks.php ## admin/admin_smilies.php ## admin/admin_users.php ## admin/admin_words.php ## admin/page_header_admin.php ## admin/pagestart.php ## common.php ## db/mssql.php ## includes/auth.php ## includes/bbcode.php ## includes/functions.php ## includes/functions_post.php ## includes/prune.php ## includes/sessions.php ## includes/usercp_avatar.php ## includes/usercp_confirm.php ## includes/usercp_register.php ## index.php ## language/lang_english/email/group_request.tpl ## language/lang_english/email/user_activate_passwd.tpl ## language/lang_english/lang_admin.php ## language/lang_english/lang_main.php ## login.php ## memberlist.php ## modcp.php ## posting.php ## privmsg.php ## profile.php ## search.php ## templates/subSilver/admin/board_config_body.tpl ## templates/subSilver/confirm_body.tpl ## templates/subSilver/admin/confirm_body.tpl ## ## Support: http://www.phpbbhacks.com/forums ## ################################################################################ ## ## You downloaded this hack from phpBBHacks.com, ## the #1 source for phpBB related downloads. ## ## Please visit http://www.phpbbhacks.com/forums for support. ## ################################################################################ ## ## This hack is released under the GPL License. ## ################################################################################ ## ## BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL ## affected files. ## ################################################################################ ## ##----------[ PLEASE NOTE ]------------------------------ ## ## Once you have completed the code changes, create an install/ directory in ## your forum's root directory, and upload the update_to_latest.php file that ## comes in any phpBB 2.0.20 download to the install/ directory. Run ## update_to_latest.php by opening it via your web browser, just as you would a ## normal forum page. Afterward, delete the file and the install/ directory so ## that your forum is accessible again. ## You can find a download of phpBB 2.0.20 that includes update_to_latest.php ## at http://www.phpbbhacks.com/phpbbinfo.php ## ## ##----------[ OPEN ]------------------------------------- ## admin/admin_board.php ## ##----------[ FIND ]------------------------------------- ## $cookie_name = str_replace('.', '_', $new['cookie_name']); ## ##----------[ REPLACE WITH ]----------------------------- ## $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']); } // Attempt to prevent a common mistake with this value, // http:// is the protocol and not part of the server name if ($config_name == 'server_name') { $new['server_name'] = str_replace('http://', '', $new['server_name']); ## ##----------[ FIND ]------------------------------------- ## "L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], ## ##----------[ AFTER, ADD ]------------------------------- ## "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'], "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], ## ##----------[ FIND ]------------------------------------- ## "FLOOD_INTERVAL" => $new['flood_interval'], ## ##----------[ AFTER, ADD ]------------------------------- ## "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'], ## ##----------[ OPEN ]------------------------------------- ## admin/admin_db_utilities.php ## ##----------[ FIND ]------------------------------------- ## unset($schema_vals); unset($schema_fields); unset($schema_insert); ## ##----------[ REPLACE WITH ]----------------------------- ## $schema_vals = ''; $schema_fields = ''; $schema_insert = ''; ## ##----------[ FIND ]------------------------------------- ## if ($empty($strVal)) ## ##----------[ REPLACE WITH ]----------------------------- ## if (empty($strVal)) ## ##----------[ OPEN ]------------------------------------- ## admin/admin_forums.php ## ##----------[ FIND ]------------------------------------- ## "auth_post" => AUTH_ALL, "auth_reply" => AUTH_ALL, ## ##----------[ REPLACE WITH ]----------------------------- ## "auth_post" => AUTH_REG, "auth_reply" => AUTH_REG, ## ##----------[ OPEN ]------------------------------------- ## admin/admin_groups.php ## ##----------[ FIND ]------------------------------------- ## $sql = "SELECT user_id, username FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS . " ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } while ( $row = $db->sql_fetchrow($result) ) { if ( $row['user_id'] == $group_info['group_moderator'] ) { $group_moderator = $row['username']; } } ## ##----------[ REPLACE WITH ]----------------------------- ## if ($group_info['group_moderator'] != '') { $sql = "SELECT user_id, username FROM " . USERS_TABLE . " WHERE user_id = " . $group_info['group_moderator']; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } if ( !($row = $db->sql_fetchrow($result)) ) { message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } $group_moderator = $row['username']; } else { $group_moderator = ''; } ## ##----------[ FIND ]------------------------------------- ## $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; ## ##----------[ REPLACE WITH ]----------------------------- ## $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; ## ##----------[ OPEN ]------------------------------------- ## admin/admin_ranks.php ## ##----------[ FIND AND DELETE ]------------------------------------- ## define('IN_PHPBB', 1); ## ##----------[ FIND ]------------------------------------- ## // // Let's set the root dir for phpBB // ## ##----------[ BEFORE, ADD ]------------------------------ ## define('IN_PHPBB', 1); ## ##----------[ FIND ]------------------------------------- ## $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; ## ##----------[ REPLACE WITH ]----------------------------- ## $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; ## ##----------[ FIND ]------------------------------------- ## if( $mode != "" ) ## ##----------[ BEFORE, ADD ]------------------------------ ## // Restrict mode input to valid options $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; ## ##----------[ FIND ]------------------------------------- ## if( $rank_id ) ## ##----------[ REPLACE WITH ]----------------------------- ## $confirm = isset($HTTP_POST_VARS['confirm']); if( $rank_id && $confirm ) ## ##----------[ FIND ]------------------------------------- ## else { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } } else { // // They didn't feel like giving us any information. Oh, too bad, we'll just display the // list then... // $template->set_filenames(array( "body" => "admin/ranks_list_body.tpl") ); $sql = "SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_min, rank_title"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); } $rank_rows = $db->sql_fetchrowset($result); $rank_count = count($rank_rows); $template->assign_vars(array( "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ); for( $i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if($special_rank) { $rank_min = $rank_max = "-"; } $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars("ranks", array( "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "RANK_MIN" => $rank_min, "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'], "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } } } else { // // Show the default page // $template->set_filenames(array( "body" => "admin/ranks_list_body.tpl") ); $sql = "SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_min ASC, rank_special ASC"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); } $rank_count = $db->sql_numrows($result); $rank_rows = $db->sql_fetchrowset($result); $template->assign_vars(array( "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ); for($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if( $special_rank == 1 ) { $rank_min = $rank_max = "-"; } $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; $template->assign_block_vars("ranks", array( "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } ## ##----------[ REPLACE WITH ]----------------------------- ## elseif( $rank_id && !$confirm) { // Present the confirmation screen to the user $template->set_filenames(array( 'body' => 'admin/confirm_body.tpl') ); $hidden_fields = ''; $template->assign_vars(array( 'MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields) ); } else { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } } $template->pparse("body"); include('./page_footer_admin.'.$phpEx); } // // Show the default page // $template->set_filenames(array( "body" => "admin/ranks_list_body.tpl") ); $sql = "SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_min ASC, rank_special ASC"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); } $rank_count = $db->sql_numrows($result); $rank_rows = $db->sql_fetchrowset($result); $template->assign_vars(array( "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ); for($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if( $special_rank == 1 ) { $rank_min = $rank_max = "-"; } $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; $template->assign_block_vars("ranks", array( "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); ## ##----------[ OPEN ]------------------------------------- ## admin/admin_smilies.php ## ##----------[ FIND ]------------------------------------- ## $sql = "DELETE FROM " . SMILIES_TABLE . " WHERE smilies_id = " . $smiley_id; $result = $db->sql_query($sql); if( !$result ) { message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); message_die(GENERAL_MESSAGE, $message); ## ##----------[ REPLACE WITH ]----------------------------- ## $confirm = isset($HTTP_POST_VARS['confirm']); if( $confirm ) { $sql = "DELETE FROM " . SMILIES_TABLE . " WHERE smilies_id = " . $smiley_id; $result = $db->sql_query($sql); if( !$result ) { message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); message_die(GENERAL_MESSAGE, $message); } else { // Present the confirmation screen to the user $template->set_filenames(array( 'body' => 'admin/confirm_body.tpl') ); $hidden_fields = ''; $template->assign_vars(array( 'MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields) ); $template->pparse('body'); } ## ##----------[ FIND ]------------------------------------- ## $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); $smile_url = phpbb_ltrim(basename($smile_url), "'"); $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); ## ##----------[ REPLACE WITH ]----------------------------- ## $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : ''; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : ''; $smile_url = phpbb_ltrim(basename($smile_url), "'"); $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0; $smile_code = trim($smile_code); $smile_url = trim($smile_url); ## ##----------[ FIND ]------------------------------------- ## $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_url = phpbb_ltrim(basename($smile_url), "'"); $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_code = trim($smile_code); $smile_url = trim($smile_url); $smile_emotion = trim($smile_emotion); ## ##----------[ REPLACE WITH ]----------------------------- ## $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : ''; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : ''; $smile_url = phpbb_ltrim(basename($smile_url), "'"); $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; $smile_code = trim($smile_code); $smile_url = trim($smile_url); ## ##----------[ OPEN ]------------------------------------- ## admin/admin_users.php ## ##----------[ FIND ]------------------------------------- ## $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; ## ##----------[ REPLACE WITH ]----------------------------- ## $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; ## ##----------[ FIND AND DELETE ]------------------------------------- ## $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template']; ## ##----------[ FIND ]------------------------------------- ## $message .= $lang['Admin_user_updated']; ## ##----------[ BEFORE, ADD ]------------------------------ ## // We remove all stored login keys since the password has been updated // and change the current one (if applicable) if ( !empty($passwd_sql) ) { session_reset_keys($user_id, $user_ip); } ## ##----------[ FIND ]------------------------------------- ## $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; ## ##----------[ REPLACE WITH ]----------------------------- ## message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql); ## ##----------[ OPEN ]------------------------------------- ## admin/admin_words.php ## ##----------[ FIND AND DELETE ]------------------------------------- ## define('IN_PHPBB', 1); ## ##----------[ FIND ]------------------------------------- ## // // Load default header // ## ##----------[ BEFORE, ADD ]------------------------------ ## define('IN_PHPBB', 1); ## ##----------[ FIND ]------------------------------------- ## $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; ## ##----------[ REPLACE WITH ]----------------------------- ## $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; ## ##----------[ FIND ]------------------------------------- ## if( $mode != "" ) { if( $mode == "edit" || $mode == "add" ) ## ##----------[ BEFORE, ADD ]------------------------------ ## // Restrict mode input to valid options $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; ## ##----------[ FIND ]------------------------------------- ## $s_hidden_fields = ''; ## ##----------[ BEFORE, ADD ]------------------------------- ## $word_info = array('word' => '', 'replacement' => ''); ## ##----------[ FIND ]------------------------------------- ## if( $word_id ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; ## ##----------[ REPLACE WITH ]----------------------------- ## $confirm = isset($HTTP_POST_VARS['confirm']); if( $word_id && $confirm ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; ## ##----------[ FIND ]------------------------------------- ## else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); ## ##----------[ BEFORE, ADD ]------------------------------ ## elseif( $word_id && !$confirm) { // Present the confirmation screen to the user $template->set_filenames(array( 'body' => 'admin/confirm_body.tpl') ); $hidden_fields = ''; $template->assign_vars(array( 'MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_delete_word'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields) ); } ## ##----------[ FIND ]------------------------------------- ## $word_rows = $db->sql_fetchrowset($result); ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## admin/page_header_admin.php ## ##----------[ FIND ]------------------------------------- ## $template->pparse('header'); ## ##----------[ BEFORE, ADD ]------------------------------ ## // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) { header ('Cache-Control: no-cache, pre-check=0, post-check=0'); } else { header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); } header ('Expires: 0'); header ('Pragma: no-cache'); ## ##----------[ OPEN ]------------------------------------- ## admin/pagestart.php ## ##----------[ FIND AND DELETE ]------------------------------------- ## $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); $url = str_replace('//', '/', $url); $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); $url = preg_replace('/\?$/', '', $url); $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; ## ##----------[ OPEN ]------------------------------------- ## common.php ## ##----------[ FIND ]------------------------------------- ## $nav_links = array(); ## ##----------[ AFTER, ADD ]------------------------------- ## $dss_seeded = false; ## ##----------[ OPEN ]------------------------------------- ## ## You can skip the changes for this file if you do not use a Microsoft SQL ## database. ## db/mssql.php ## ##----------[ FIND ]------------------------------------- ## $row[$key] = stripslashes($value); ## ##----------[ REPLACE WITH ]----------------------------- ## $row[$key] = ($value === ' ') ? '' : stripslashes($value); ## ##----------[ FIND ]------------------------------------- ## $rowset[$i][$key] = stripslashes($value); ## ##----------[ REPLACE WITH ]----------------------------- ## $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value); ## ##----------[ FIND ]------------------------------------- ## $result = stripslashes($this->row[$query_id][$field]); ## ##----------[ REPLACE WITH ]----------------------------- ## $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]); ## ##----------[ OPEN ]------------------------------------- ## includes/auth.php ## ##----------[ FIND ]------------------------------------- ## $f_forum_id = $f_access[$k]['forum_id']; ## ##----------[ AFTER, ADD ]------------------------------- ## $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); ## ##----------[ FIND ]------------------------------------- ## $f_forum_id = $f_access[$k]['forum_id']; ## ##----------[ AFTER, ADD ]------------------------------- ## $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); ## ##----------[ OPEN ]------------------------------------- ## includes/bbcode.php ## ##----------[ FIND ]------------------------------------- ## // This one gets first-passed.. $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; ## ##----------[ REPLACE WITH ]----------------------------- ## // This one gets first-passed.. $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; ## ##----------[ FIND ]------------------------------------- ## $uid = md5(mt_rand()); ## ##----------[ REPLACE WITH ]----------------------------- ## $uid = dss_rand(); ## ##----------[ OPEN ]------------------------------------- ## includes/functions.php ## ##----------[ FIND ]------------------------------------- ## // // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. // ## ##----------[ BEFORE, ADD ]------------------------------ ## /** * Our own generator of random values * This uses a constantly changing value as the base for generating the values * The board wide setting is updated once per page if this code is called * With thanks to Anthrax101 for the inspiration on this one * Added in phpBB 2.0.20 */ function dss_rand() { global $db, $board_config, $dss_seeded; $val = $board_config['rand_seed'] . microtime(); $val = md5($val); $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); if($dss_seeded !== true) { $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '" . $board_config['rand_seed'] . "' WHERE config_name = 'rand_seed'"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); } $dss_seeded = true; } return substr($val, 16); } ## ##----------[ FIND ]------------------------------------- ## message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ## ##----------[ REPLACE WITH ]----------------------------- ## // We are trying to setup a style which does not exist in the database // Try to fallback to the board default (if the user had a custom style) // and then any users using this style to the default if it succeeds if ( $style != $board_config['default_style']) { $sql = 'SELECT * FROM ' . THEMES_TABLE . ' WHERE themes_id = ' . $board_config['default_style']; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not query database for theme info'); } if ( $row = $db->sql_fetchrow($result) ) { $db->sql_freeresult($result); $sql = 'UPDATE ' . USERS_TABLE . ' SET user_style = ' . $board_config['default_style'] . " WHERE user_style = $style"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not update user theme info'); } } else { message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } } else { message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } ## ##----------[ FIND ]------------------------------------- ## $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); ## ##----------[ REPLACE WITH ]----------------------------- ## $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); ## ##----------[ FIND ]------------------------------------- ## if ( empty($template) ) { $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); } if ( empty($theme) ) ## ##----------[ REPLACE WITH ]----------------------------- ## if ( empty($template) || empty($theme) ) ## ##----------[ OPEN ]------------------------------------- ## includes/functions_post.php ## ##----------[ FIND ]------------------------------------- ## $allowed_html_tags = split(',', $board_config['allow_html_tags']); $end_html = 0; $start_html = 1; $tmp_message = ''; $message = ' ' . $message . ' '; while ($start_html = strpos($message, '<', $start_html)) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) { $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; } } $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } else { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); $start_html = strlen($message); $end_html = $start_html; } } if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); ## ##----------[ REPLACE WITH ]----------------------------- ## // If HTML is on, we try to make it safe // This approach is quite agressive and anything that does not look like a valid tag // is going to get converted to HTML entities $message = stripslashes($message); $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; $matches = array(); $message_split = preg_split($html_match, $message); preg_match_all($html_match, $message, $matches); $message = ''; foreach ($message_split as $part) { $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); $message .= htmlspecialchars($part) . clean_html($tag); } $message = addslashes($message); ## ##----------[ FIND ]------------------------------------- ## $temp_option_text[$option_id] = htmlspecialchars($option_text); ## ##----------[ REPLACE WITH ]----------------------------- ## $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); ## ##----------[ FIND ]------------------------------------- ## ?> ## ##----------[ BEFORE, ADD ]------------------------------ ## /** * Called from within prepare_message to clean included HTML tags if HTML is * turned on for that post * @param array $tag Matching text from the message to parse */ function clean_html($tag) { global $board_config; if (empty($tag[0])) { return ''; } $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); $disallowed_attributes = '/^(?:style|on)/i'; // Check if this is an end tag preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); if (sizeof($matches)) { if (in_array(strtolower($matches[1]), $allowed_html_tags)) { return ''; } else { return htmlspecialchars(''); } } // Check if this is an allowed tag if (in_array(strtolower($tag[1]), $allowed_html_tags)) { $attributes = ''; if (!empty($tag[2])) { preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); for ($i = 0; $i < sizeof($test[0]); $i++) { if (preg_match($disallowed_attributes, $test[1][$i])) { continue; } $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; } } if (in_array(strtolower($tag[1]), $allowed_html_tags)) { return '<' . $tag[1] . $attributes . '>'; } else { return htmlspecialchars('<' . $tag[1] . $attributes . '>'); } } // Finally, this is not an allowed tag so strip all the attibutes and escape it else { return htmlspecialchars('<' . $tag[1] . '>'); } } ## ##----------[ OPEN ]------------------------------------- ## includes/prune.php ## ##----------[ FIND ]------------------------------------- ## $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; ## ##----------[ BEFORE, ADD ]------------------------------ ## // Before pruning, lets try to clean up the invalid topic entries $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' WHERE topic_last_post_id = 0'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql); } while( $row = $db->sql_fetchrow($result) ) { sync('topic', $row['topic_id']); } $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; ## ##----------[ REPLACE WITH ]----------------------------- ## AND p.post_id = t.topic_last_post_id"; ## ##----------[ OPEN ]------------------------------------- ## includes/sessions.php ## ##----------[ FIND ]------------------------------------- ## list($sec, $usec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $session_id = md5(uniqid(mt_rand(), true)); ## ##----------[ REPLACE WITH ]----------------------------- ## $session_id = md5(dss_rand()); ## ##----------[ FIND ]------------------------------------- ## list($sec, $usec) = explode(' ', microtime()); mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); $auto_login_key = uniqid(mt_rand(), true); ## ##----------[ REPLACE WITH ]----------------------------- ## $auto_login_key = dss_rand() . dss_rand(); ## ##----------[ FIND ]------------------------------------- ## // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper ## ##----------[ BEFORE, ADD ]------------------------------ ## /** * Reset all login keys for the specified user * Called on password changes */ function session_reset_keys($user_id, $user_ip) { global $db, $userdata; $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id . " $key_sql"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); } $where_sql = 'session_user_id = ' . (int) $user_id; $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $where_sql"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); } if ( !empty($key_sql) ) { $auto_login_key = dss_rand() . dss_rand(); $current_time = time(); $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time WHERE key_id = '" . md5($userdata['session_key']) . "'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); } // And now rebuild the cookie $sessiondata['userid'] = $user_id; $sessiondata['autologinid'] = $autologin_id; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); $userdata['session_key'] = $auto_login_key; unset($sessiondata); unset($auto_login_key); } } ## ##----------[ OPEN ]------------------------------------- ## includes/usercp_avatar.php ## ##----------[ FIND ]------------------------------------- ## if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) ## ##----------[ BEFORE, ADD ]------------------------------ ## $avatar_filename = substr($avatar_filename, 0, 100); ## ##----------[ OPEN ]------------------------------------- ## includes/usercp_confirm.php ## ##----------[ FIND ]------------------------------------- ## $char = substr($code, -1); ## ##----------[ REPLACE WITH ]----------------------------- ## $c = intval($HTTP_GET_VARS['c']); $char = substr($code, $c - 1, 1); ## ##----------[ OPEN ]------------------------------------- ## includes/usercp_register.php ## ##----------[ FIND ]------------------------------------- ## $signature = str_replace('
', "\n", $signature); ## ##----------[ REPLACE WITH ]----------------------------- ## $signature = (isset($signature)) ? str_replace('
', "\n", $signature) : ''; $signature_bbcode_uid = ''; ## ##----------[ FIND AND DELETE ]------------------------------------- ## // Only compare one char if the zlib-extension is not loaded if (!@extension_loaded('zlib')) { $row['code'] = substr($row['code'], -1); } ## ##----------[ FIND ]------------------------------------- ## message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql); } ## ##----------[ AFTER, ADD ]------------------------------- ## // We remove all stored login keys since the password has been updated // and change the current one (if applicable) if ( !empty($passwd_sql) ) { session_reset_keys($user_id, $user_ip); } ## ##----------[ FIND ]------------------------------------- ## $email = stripslashes($email); ## ##----------[ AFTER, ADD ]------------------------------- ## $cur_password = ''; ## ##----------[ FIND ]------------------------------------- ## $email = $userdata['user_email']; ## ##----------[ AFTER, ADD ]------------------------------- ## $cur_password = ''; ## ##----------[ FIND ]------------------------------------- ## $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); list($usec, $sec) = explode(' ', microtime()); mt_srand($sec * $usec); $max_chars = count($confirm_chars) - 1; $code = ''; for ($i = 0; $i < 6; $i++) { $code .= $confirm_chars[mt_rand(0, $max_chars)]; } ## ##----------[ REPLACE WITH ]----------------------------- ## // Generate the required confirmation code // NB 0 (zero) could get confused with O (the letter) so we make change it $code = dss_rand(); $code = strtoupper(str_replace('0', 'o', substr($code, 6))); ## ##----------[ FIND ]------------------------------------- ## 'USERNAME' => $username, 'CUR_PASSWORD' => $cur_password, 'NEW_PASSWORD' => $new_password, 'PASSWORD_CONFIRM' => $password_confirm, 'EMAIL' => $email, ## ##----------[ REPLACE WITH ]----------------------------- ## 'USERNAME' => isset($username) ? $username : '', 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '', 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', 'EMAIL' => isset($email) ? $email : '', ## ##----------[ OPEN ]------------------------------------- ## index.php ## ##----------[ FIND ]------------------------------------- ## while( $category_rows[] = $db->sql_fetchrow($result) ); ## ##----------[ REPLACE WITH ]----------------------------- ## while ($row = $db->sql_fetchrow($result)) { $category_rows[] = $row; } ## ##----------[ FIND ]------------------------------------- ## // // Okay, let's build the index // ## ##----------[ BEFORE, ADD ]------------------------------ ## // // Let's decide which categories we should display // $display_categories = array(); for ($i = 0; $i < $total_forums; $i++ ) { if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view']) { $display_categories[$forum_data[$i]['cat_id']] = true; } } ## ##----------[ FIND AND DELETE ]------------------------------------- ## // Should we display this category/forum set? // $display_forums = false; for($j = 0; $j < $total_forums; $j++) { if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id ) { $display_forums = true; } } // ## ##----------[ FIND ]------------------------------------- ## if ( $display_forums ) ## ##----------[ REPLACE WITH ]----------------------------- ## if (isset($display_categories[$cat_id]) && $display_categories[$cat_id]) ## ##----------[ OPEN ]------------------------------------- ## language/lang_english/email/group_request.tpl ## ##----------[ FIND ]------------------------------------- ## A user has requested to join a group you moderator on {SITENAME}. ## ##----------[ REPLACE WITH ]----------------------------- ## A user has requested to join a group you moderate on {SITENAME}. ## ##----------[ OPEN ]------------------------------------- ## language/lang_english/email/user_activate_passwd.tpl ## ##----------[ FIND ]------------------------------------- ## If sucessful you will be able to login using the following password: ## ##----------[ REPLACE WITH ]----------------------------- ## If successful you will be able to login using the following password: ## ##----------[ OPEN ]------------------------------------- ## language/lang_english/lang_admin.php ## ##----------[ FIND ]------------------------------------- ## $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.'; ## ##----------[ AFTER, ADD ]------------------------------- ## // Search Flood Control - added 2.0.20 $lang['Search_Flood_Interval'] = 'Search Flood Interval'; $lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; ## ##----------[ FIND ]------------------------------------- ## $lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration'; ## ##----------[ AFTER, ADD ]------------------------------- ## $lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?'; ## ##----------[ FIND ]------------------------------------- ## $lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration'; ## ##----------[ AFTER, ADD ]------------------------------- ## $lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?'; ## ##----------[ OPEN ]------------------------------------- ## language/lang_english/lang_main.php ## ##----------[ FIND ]------------------------------------- ## $lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches ## ##----------[ AFTER, ADD ]------------------------------- ## $lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.'; ## ##----------[ OPEN ]------------------------------------- ## login.php ## ##----------[ FIND ]------------------------------------- ## if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts']) ## ##----------[ REPLACE WITH ]----------------------------- ## if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) ## ##----------[ FIND ]------------------------------------- ## else { // Save login tries and last login ## ##----------[ REPLACE WITH ]----------------------------- ## // Only store a failed login attempt for an active user - inactive users can't login even with a correct password elseif( $row['user_active'] ) { // Save login tries and last login ## ##----------[ OPEN ]------------------------------------- ## memberlist.php ## ##----------[ FIND ]------------------------------------- ## $search_img = '' . $lang['Search_user_posts'] . ''; $search = '' . $lang['Search_user_posts'] . ''; ## ##----------[ REPLACE WITH ]----------------------------- ## $search_img = '' . sprintf($lang['Search_user_posts'], $username) . ''; $search = '' . sprintf($lang['Search_user_posts'], $username) . ''; ## ##----------[ OPEN ]------------------------------------- ## modcp.php ## ##----------[ FIND ]------------------------------------- ## include($phpbb_root_path . 'includes/functions_search.'.$phpEx); ## ##----------[ BEFORE, ADD ]------------------------------ ## if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) { message_die(GENERAL_MESSAGE, $lang['None_selected']); } ## ##----------[ FIND ]------------------------------------- ## $sql = "SELECT poster_id, COUNT(post_id) AS posts FROM " . POSTS_TABLE . " WHERE topic_id IN ($topic_id_sql) ## ##----------[ BEFORE, ADD ]------------------------------ ## if ( $topic_id_sql == '') { message_die(GENERAL_MESSAGE, $lang['None_selected']); } ## ##----------[ FIND ]------------------------------------- ## $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql) ## ##----------[ BEFORE, ADD ]------------------------------ ## if ($post_id_sql == '') { message_die(GENERAL_MESSAGE, $lang['None_selected']); } ## ##----------[ FIND ]------------------------------------- ## $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post; ## ##----------[ REPLACE WITH ]----------------------------- ## $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post; ## ##----------[ FIND ]------------------------------------- ## $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip; ## ##----------[ REPLACE WITH ]----------------------------- ## $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip; ## ##----------[ OPEN ]------------------------------------- ## posting.php ## ##----------[ FIND ]------------------------------------- ## $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text))); ## ##----------[ REPLACE WITH ]----------------------------- ## $poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text))); ## ##----------[ OPEN ]------------------------------------- ## privmsg.php ## ##----------[ FIND ]------------------------------------- ## $privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject'])); ## ##----------[ REPLACE WITH ]----------------------------- ## $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); ## ##----------[ FIND ]------------------------------------- ## message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info); ## ##----------[ REPLACE WITH ]----------------------------- ## message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql); ## ##----------[ FIND ]------------------------------------- ## $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : ''; ## ##----------[ REPLACE WITH ]----------------------------- ## $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : ''; ## ##----------[ FIND ]------------------------------------- ## $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject']; ## ##----------[ BEFORE, ADD ]------------------------------ ## $orig_word = $replacement_word = array(); obtain_word_list($orig_word, $replace_word); ## ##----------[ FIND ]------------------------------------- ## $to_username = $privmsg['username']; $to_userid = $privmsg['user_id']; ## ##----------[ BEFORE, ADD ]------------------------------ ## $privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject); ## ##----------[ FIND ]------------------------------------- ## $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); ## ##----------[ AFTER, ADD ]------------------------------- ## $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); ## ##----------[ FIND AND DELETE ]------------------------------------- ## $privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject); $privmsg_subject = str_replace('"', '"', $privmsg_subject); ## ##----------[ OPEN ]------------------------------------- ## profile.php ## ##----------[ FIND ]------------------------------------- ## $chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); $max_chars = count($chars) - 1; srand( (double) microtime()*1000000); $rand_str = ''; for($i = 0; $i < 8; $i++) { $rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)]; } return ( $hash ) ? md5($rand_str) : $rand_str; ## ##----------[ REPLACE WITH ]----------------------------- ## $rand_str = dss_rand(); return ( $hash ) ? md5($rand_str) : substr($rand_str, 8); ## ##----------[ OPEN ]------------------------------------- ## search.php ## ##----------[ FIND ]------------------------------------- ## $limiter = 5000; ## ##----------[ AFTER, ADD ]------------------------------- ## $current_time = time(); ## ##----------[ FIND ]------------------------------------- ## if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' ) { ## ##----------[ AFTER, ADD ]------------------------------- ## // // Flood control // $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id']; $sql = 'SELECT MAX(sr.search_time) AS last_search_time FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se WHERE sr.session_id = se.session_id AND $where_sql"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval'])) { message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']); } } } ## ##----------[ FIND ]------------------------------------- ## if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) ## ##----------[ REPLACE WITH ]----------------------------- ## $search_author = str_replace('*', '%', trim($search_author)); if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) ) ## ##----------[ FIND AND DELETE ]------------------------------------- ## $search_author = str_replace('*', '%', trim($search_author)); ## ##----------[ FIND ]------------------------------------- ## if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) ## ##----------[ REPLACE WITH ]----------------------------- ## $search_author = str_replace('*', '%', trim($search_author)); if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) ) ## ##----------[ FIND AND DELETE ]------------------------------------- ## $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author))); ## ##----------[ FIND ]------------------------------------- ## // Finish building query (for all combinations) // and run it ... // $sql = "SELECT session_id FROM " . SESSIONS_TABLE; if ( $result = $db->sql_query($sql) ) { $delete_search_ids = array(); while( $row = $db->sql_fetchrow($result) ) { $delete_search_ids[] = "'" . $row['session_id'] . "'"; } if ( count($delete_search_ids) ) { $sql = "DELETE FROM " . SEARCH_TABLE . " WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")"; if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); } } ## ##----------[ REPLACE WITH ]----------------------------- ## // Delete old data from the search result table // $sql = 'DELETE FROM ' . SEARCH_TABLE . ' WHERE search_time < ' . ($current_time - (int) $board_config['session_length']); if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); ## ##----------[ FIND ]------------------------------------- ## SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')"; ## ##----------[ REPLACE WITH ]----------------------------- ## SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')"; ## ##----------[ OPEN ]------------------------------------- ## templates/subSilver/admin/board_config_body.tpl ## ##----------[ FIND ]------------------------------------- ## ## ##----------[ AFTER, ADD ]------------------------------- ## {L_SEARCH_FLOOD_INTERVAL}
{L_SEARCH_FLOOD_INTERVAL_EXPLAIN} ## ##----------[ OPEN ]------------------------------------- ## templates/subSilver/confirm_body.tpl ## ##----------[ FIND ]------------------------------------- ## {MESSAGE_TITLE} ## ##----------[ REPLACE WITH ]----------------------------- ## {MESSAGE_TITLE} ## ##----------[ COPY FILES ]------------------------------- ## ## phpBB 2.0.20 adds deletion confirmation for smilies, ranks, and word ## censors. As part of this, a new template file is created, and is called ## templates/subSilver/admin/confirm_body.tpl. This file is a duplicate of ## templates/subSilver/confirm_body.tpl. After completing the steps above, ## copy your forum's templates/subSilver/confirm_body.tpl file to ## templates/subSilver/admin/confirm_body.tpl. Take care that you do not ## delete templates/subSilver/confirm_body.tpl, just make a copy of it. ## templates/subSilver/confirm_body.tpl to templates/subSilver/admin/confirm_body.tpl ## ##----------[ SAVE AND CLOSE ALL FILES ]----------------- ## ## End ##