phpBB 2.0.10 to phpBB 2.0.11 Code Changes
These are the code changes introduced between phpBB 2.0.10 and phpBB 2.0.11. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.
These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_2011.php file that comes in any phpBB 2.0.11 download to the install/ directory. Run update_to_2011.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.
Now, onward to the file changes!
includes/usercp_confirm.php
phpBB 2.0.11 adds a visual confirmation system to registration as a default feature of phpBB. In doing so, a new file was added to phpBB. This file is includes/usercp_confirm.php. Be sure to download the full version of 2.0.11 or the Changed Files version of 2.0.11 to get this file and add it to your forum! If you do not do this, people will not be able to register.
phpBB 2.0.11 adds a visual confirmation system to registration as a default feature of phpBB. In doing so, a new file was added to phpBB. This file is includes/usercp_confirm.php. Be sure to download the full version of 2.0.11 or the Changed Files version of 2.0.11 to get this file and add it to your forum! If you do not do this, people will not be able to register.
admin/admin_board.php
FIND
FIND
Code:
AFTER, ADD$activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
Code:
FIND$confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
$confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
$confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
Code:
AFTER, ADD "L_ADMIN" => $lang['Acc_Admin'],
Code:
"L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
"L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],
"L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],
common.php
FIND
FIND
Code:
REPLACE WITHfunction unset_vars(&$var)
{
while (list($var_name, $null) = @each($var))
{
unset($GLOBALS[$var_name]);
}
return;
}
//
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}
{
while (list($var_name, $null) = @each($var))
{
unset($GLOBALS[$var_name]);
}
return;
}
//
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}
Code:
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
// The following code (unsetting globals) was contributed by Matt Kavanagh
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
// _SESSION is the only superglobal which is conditionally set
if (isset($_SESSION))
{
$HTTP_SESSION_VARS = $_SESSION;
}
}
if (@phpversion() < '4.0.0')
{
// PHP3 path; in PHP3, globals are _always_ registered
// We 'flip' the array of variables to test like this so that
// we can validate later with isset($test[$var]) (no in_array())
$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);
// Loop through each input array
@reset($test);
while (list($input,) = @each($test))
{
while (list($var,) = @each($$input))
{
// Validate the variable to be unset
if (!isset($test[$var]) && $var != 'test' && $var != 'input')
{
unset($$var);
}
}
}
}
else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
while (list($var,) = @each($input))
{
unset($$var);
}
unset($input);
}
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
// The following code (unsetting globals) was contributed by Matt Kavanagh
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
// _SESSION is the only superglobal which is conditionally set
if (isset($_SESSION))
{
$HTTP_SESSION_VARS = $_SESSION;
}
}
if (@phpversion() < '4.0.0')
{
// PHP3 path; in PHP3, globals are _always_ registered
// We 'flip' the array of variables to test like this so that
// we can validate later with isset($test[$var]) (no in_array())
$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);
// Loop through each input array
@reset($test);
while (list($input,) = @each($test))
{
while (list($var,) = @each($$input))
{
// Validate the variable to be unset
if (!isset($test[$var]) && $var != 'test' && $var != 'input')
{
unset($$var);
}
}
}
}
else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
while (list($var,) = @each($input))
{
unset($$var);
}
unset($input);
}
groupcp.php
FIND
FIND
Code:
REPLACE WITH $username = ( isset($HTTP_POST_VARS['username']) ) ? htmlspecialchars($HTTP_POST_VARS['username']) : '';
Code:
$username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
login.php
FIND
FIND
Code:
REPLACE WITH $username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
Code:
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
privmsg.php
FIND
FIND
Code:
REPLACE WITH $to_username = $HTTP_POST_VARS['username'];
Code:
FIND $to_username = phpbb_clean_username($HTTP_POST_VARS['username']);
Code:
REPLACE WITH $to_username = ( isset($HTTP_POST_VARS['username']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['username']))) : '';
Code:
FIND $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';
Code:
REPLACE WITH 'USERNAME' => preg_replace($html_entities_match, $html_entities_replace, $to_username),
Code:
'USERNAME' => $to_username,
profile.php
FIND
FIND
Code:
AFTER, ADD include($phpbb_root_path . 'includes/usercp_register.'.$phpEx);
exit;
}
exit;
}
Code:
else if ( $mode == 'confirm' )
{
// Visual Confirmation
if ( $userdata['session_logged_in'] )
{
exit;
}
include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx);
exit;
}
{
// Visual Confirmation
if ( $userdata['session_logged_in'] )
{
exit;
}
include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx);
exit;
}
search.php
FIND
FIND
Code:
REPLACE WITH $search_author = htmlspecialchars($search_author);
Code:
$search_author = phpbb_clean_username($search_author);
viewtopic.php
FIND
FIND
Code:
REPLACE WITH $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
Code:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
includes/constants.php
FIND
FIND
Code:
AFTER, ADD// Table names
Code:
define('CONFIRM_TABLE', $table_prefix.'confirm');
includes/functions.php
FIND
FIND
Code:
BEFORE, ADD//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
Code:
FIND// added at phpBB 2.0.11 to properly format the username
function phpbb_clean_username($username)
{
$username = htmlspecialchars(rtrim(trim($username), "\\"));
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
return $username;
}
function phpbb_clean_username($username)
{
$username = htmlspecialchars(rtrim(trim($username), "\\"));
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
return $username;
}
Code:
REPLACE WITH $user = trim(htmlspecialchars($user));
$user = substr(str_replace("\\'", "'", $user), 0, 25);
$user = str_replace("'", "\\'", $user);
$user = substr(str_replace("\\'", "'", $user), 0, 25);
$user = str_replace("'", "\\'", $user);
Code:
$user = phpbb_clean_username($user);
includes/functions_post.php
FIND
FIND
Code:
REPLACE WITH $username = trim(strip_tags($username));
Code:
$username = phpbb_clean_username($username);
includes/functions_search.php
FIND
FIND
Code:
REPLACE WITH $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match)));
Code:
FIND $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match));
Code:
REPLACE WITH 'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '',
Code:
'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '',
includes/topic_review.php
FIND
FIND
Code:
REPLACE WITH if ( !isset($topic_id) )
{
message_die(GENERAL_MESSAGE, 'Topic_not_exist');
}
{
message_die(GENERAL_MESSAGE, 'Topic_not_exist');
}
Code:
if ( !isset($topic_id) || !$topic_id)
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}
includes/usercp_register.php
FIND
FIND
Code:
BEFORE, ADDif ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
{
die("Hacking attempt");
Code:
FIND/*
This code has been modified from its original form by psoTFX @ phpbb.com
Changes introduce the back-ported phpBB 2.2 visual confirmation code.
NOTE: Anyone using the modified code contained within this script MUST include
a relevant message such as this in usercp_register.php ... failure to do so
will affect a breach of Section 2a of the GPL and our copyright
png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved
*/
This code has been modified from its original form by psoTFX @ phpbb.com
Changes introduce the back-ported phpBB 2.2 visual confirmation code.
NOTE: Anyone using the modified code contained within this script MUST include
a relevant message such as this in usercp_register.php ... failure to do so
will affect a breach of Section 2a of the GPL and our copyright
png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved
*/
Code:
AFTER, ADD $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
Code:
FIND $strip_var_list['confirm_code'] = 'confirm_code';
Code:
BEFORE, ADD $passwd_sql = '';
if ( !empty($new_password) && !empty($password_confirm) )
if ( !empty($new_password) && !empty($password_confirm) )
Code:
FIND if ($board_config['enable_confirm'] && $mode == 'register')
{
if (empty($HTTP_POST_VARS['confirm_id']))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
else
{
$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
{
$confirm_id = '';
}
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
if ($row['code'] != $confirm_code)
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
else
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
}
}
}
else
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
$db->sql_freeresult($result);
}
}
{
if (empty($HTTP_POST_VARS['confirm_id']))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
else
{
$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
{
$confirm_id = '';
}
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
if ($row['code'] != $confirm_code)
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
else
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
}
}
}
else
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
}
$db->sql_freeresult($result);
}
}
Code:
AFTER, ADD $template->assign_block_vars('switch_namechange_disallowed', array());
}
}
Code:
FIND // Visual Confirmation
$confirm_image = '';
if (!empty($board_config['enable_confirm']) && $mode == 'register')
{
$sql = 'SELECT session_id
FROM ' . SESSIONS_TABLE;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$confirm_sql = '';
do
{
$confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
}
while ($row = $db->sql_fetchrow($result));
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE session_id NOT IN ($confirm_sql)";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
}
}
$db->sql_freeresult($result);
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
if ($row['attempts'] > 3)
{
message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
}
}
$db->sql_freeresult($result);
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
$confirm_id = md5(uniqid($user_ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
}
unset($code);
$confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
$template->assign_block_vars('switch_confirm', array());
}
$confirm_image = '';
if (!empty($board_config['enable_confirm']) && $mode == 'register')
{
$sql = 'SELECT session_id
FROM ' . SESSIONS_TABLE;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$confirm_sql = '';
do
{
$confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
}
while ($row = $db->sql_fetchrow($result));
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE session_id NOT IN ($confirm_sql)";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
}
}
$db->sql_freeresult($result);
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
if ($row['attempts'] > 3)
{
message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
}
}
$db->sql_freeresult($result);
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
$confirm_id = md5(uniqid($user_ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
}
unset($code);
$confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
$template->assign_block_vars('switch_confirm', array());
}
Code:
AFTER, ADD 'EMAIL' => $email,
Code:
FIND 'CONFIRM_IMG' => $confirm_image,
Code:
AFTER, ADD 'L_EMAIL_ADDRESS' => $lang['Email_address'],
Code:
'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
'L_CONFIRM_CODE' => $lang['Confirm_code'],
'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],
'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
'L_CONFIRM_CODE' => $lang['Confirm_code'],
'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],
includes/usercp_sendpasswd.php
FIND
FIND
Code:
REPLACE WITH $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
Code:
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
includes/usercp_viewprofile.php
FIND
FIND
Code:
AFTER, ADDinclude($phpbb_root_path . 'includes/page_header.'.$phpEx);
Code:
FINDif (function_exists('get_html_translation_table'))
{
$u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES))));
}
else
{
$u_search_author = urlencode(str_replace(array('&', ''', '"', '<', '>'), array('&', "'", '"', '<', '>'), $profiledata['username']));
}
{
$u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES))));
}
else
{
$u_search_author = urlencode(str_replace(array('&', ''', '"', '<', '>'), array('&', "'", '"', '<', '>'), $profiledata['username']));
}
Code:
REPLACE WITH 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username'])),
Code:
'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . $u_search_author),
templates/subSilver/admin/board_config_body.tpl
FIND
FIND
Code:
AFTER, ADD <td class="row2"><input type="radio" name="require_activation" value="{ACTIVATION_NONE}" {ACTIVATION_NONE_CHECKED} />{L_NONE} <input type="radio" name="require_activation" value="{ACTIVATION_USER}" {ACTIVATION_USER_CHECKED} />{L_USER} <input type="radio" name="require_activation" value="{ACTIVATION_ADMIN}" {ACTIVATION_ADMIN_CHECKED} />{L_ADMIN}</td>
</tr>
<tr>
</tr>
<tr>
Code:
<td class="row1">{L_VISUAL_CONFIRM}<br /><span class="gensmall">{L_VISUAL_CONFIRM_EXPLAIN}</span></td>
<td class="row2"><input type="radio" name="enable_confirm" value="1" {CONFIRM_ENABLE} />{L_YES} <input type="radio" name="enable_confirm" value="0" {CONFIRM_DISABLE} />{L_NO}</td>
</tr>
<tr>
<td class="row2"><input type="radio" name="enable_confirm" value="1" {CONFIRM_ENABLE} />{L_YES} <input type="radio" name="enable_confirm" value="0" {CONFIRM_DISABLE} />{L_NO}</td>
</tr>
<tr>
The following changes were introduced in earlier versions of phpBB. In those versions these edits were optional because they were a part of the optional visual confirmation system. Since the visual confirmation has become a default phpBB feature in 2.0.11, these changes are now required. They have been included here for those that may not have installed the changes earlier or have a template or language pack that lacks similar code to support the new visual confirmation system.
language/lang_english/lang_main.php
FIND
FIND
Code:
BEFORE, ADD//
// That's all, Folks!
// -------------------------------------------------
// That's all, Folks!
// -------------------------------------------------
Code:
$lang['Confirm_code_wrong'] = 'The confirmation code you entered was incorrect';
$lang['Too_many_registers'] = 'You have exceeded the number of registration attempts for this session. Please try again later.';
$lang['Confirm_code_impaired'] = 'If you are visually impaired or cannot otherwise read this code please contact the %sAdministrator%s for help.';
$lang['Confirm_code'] = 'Confirmation code';
$lang['Confirm_code_explain'] = 'Enter the code exactly as you see it. The code is case sensitive and zero has a diagonal line through it.';
$lang['Too_many_registers'] = 'You have exceeded the number of registration attempts for this session. Please try again later.';
$lang['Confirm_code_impaired'] = 'If you are visually impaired or cannot otherwise read this code please contact the %sAdministrator%s for help.';
$lang['Confirm_code'] = 'Confirmation code';
$lang['Confirm_code_explain'] = 'Enter the code exactly as you see it. The code is case sensitive and zero has a diagonal line through it.';
language/lang_english/lang_admin.php
FIND
FIND
Code:
BEFORE, ADD//
// That's all Folks!
// -------------------------------------------------
// That's all Folks!
// -------------------------------------------------
Code:
$lang['Visual_confirm'] = 'Enable Visual Confirmation';
$lang['Visual_confirm_explain'] = 'Requires users enter a code defined by an image when registering.';
$lang['Visual_confirm_explain'] = 'Requires users enter a code defined by an image when registering.';
templates/subSilver/profile_add_body.tpl
FIND
FIND
Code:
AFTER, ADD <tr>
<td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br />
<span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td>
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="32" value="{PASSWORD_CONFIRM}" />
</td>
</tr>
<td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br />
<span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td>
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="32" value="{PASSWORD_CONFIRM}" />
</td>
</tr>
Code:
<!-- Visual Confirmation -->
<!-- BEGIN switch_confirm -->
<tr>
<td class="row1" colspan="2" align="center"><span class="gensmall">{L_CONFIRM_CODE_IMPAIRED}</span><br /><br />{CONFIRM_IMG}<br /><br /></td>
</tr>
<tr>
<td class="row1"><span class="gen">{L_CONFIRM_CODE}: * </span><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
<td class="row2"><input type="text" class="post" style="width: 200px" name="confirm_code" size="6" maxlength="6" value="" /></td>
</tr>
<!-- END switch_confirm -->
<!-- BEGIN switch_confirm -->
<tr>
<td class="row1" colspan="2" align="center"><span class="gensmall">{L_CONFIRM_CODE_IMPAIRED}</span><br /><br />{CONFIRM_IMG}<br /><br /></td>
</tr>
<tr>
<td class="row1"><span class="gen">{L_CONFIRM_CODE}: * </span><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
<td class="row2"><input type="text" class="post" style="width: 200px" name="confirm_code" size="6" maxlength="6" value="" /></td>
</tr>
<!-- END switch_confirm -->
Code from phpBB 2.0.10 and 2.0.11 is copyright by the phpBB Group. Find these and other code changes at phpBBHacks.com and phpBB Smith.
Compiled by your friendly neighborhood Thoul from the phpBB 2.0.7 - 2.0.11 files.
Compiled by your friendly neighborhood Thoul from the phpBB 2.0.7 - 2.0.11 files.