function validate_username($username) { global $db, $lang, $userdata; // Remove doubled up spaces $username = preg_replace('#\\s+#', ' ', trim($username)); $username = phpbb_clean_username($username); $sql = "SELECT username \r\n\t\tFROM " . USERS_TABLE . "\r\n\t\tWHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { while ($row = $db->sql_fetchrow($result)) { if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $db->sql_freeresult($result); $sql = "SELECT group_name\r\n\t\tFROM " . GROUPS_TABLE . " \r\n\t\tWHERE LOWER(group_name) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $db->sql_freeresult($result); $sql = "SELECT disallow_username\r\n\t\tFROM " . DISALLOW_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); $sql = "SELECT word \r\n\t\tFROM " . WORDS_TABLE; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); // Don't allow " and ALT-255 in username. if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } return array('error' => false, 'error_msg' => ''); }
function get_userdata($user, $force_str = false) { global $db; if (intval($user) == 0 || $force_str) { $user = phpbb_clean_username($user); } else { $user = intval($user); } $sql = "SELECT *\n\t\tFROM " . USERS_TABLE . " \n\t\tWHERE "; $sql .= (is_integer($user) ? "user_id = {$user}" : "username = '******'") . " AND user_id <> " . ANONYMOUS; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); } return ($row = $db->sql_fetchrow($result)) ? $row : false; }
function get_userdata_notifications($target_user, $force_str = false) { global $db; $target_user = !is_numeric($target_user) || $force_str ? phpbb_clean_username($target_user) : intval($target_user); $sql = "SELECT *\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE "; $sql .= (is_integer($target_user) ? "user_id = " . $target_user : "******" . $db->sql_escape($target_user) . "'") . " AND user_id <> " . ANONYMOUS; $result = $db->sql_query($sql); $return_value = ($row = $db->sql_fetchrow($result)) ? $row : false; $db->sql_freeresult($result); return $return_value; }
message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql); } if (!($row = $db->sql_fetchrow($result))) { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } $db->sql_freeresult($result); unset($row); } if ($submit) { // session id check if ($sid == '' || $sid != $userdata['session_id']) { $error = true; $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['Session_invalid']; } if (!empty($HTTP_POST_VARS['username'])) { $to_username = phpbb_clean_username($HTTP_POST_VARS['username']); $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active \r\n\t\t\t\tFROM " . USERS_TABLE . "\r\n\t\t\t\tWHERE username = '******'", "''", $to_username) . "'\r\n\t\t\t\t\tAND user_id <> " . ANONYMOUS; if (!($result = $db->sql_query($sql))) { $error = TRUE; $error_msg = $lang['No_such_user']; } if (!($to_userdata = $db->sql_fetchrow($result))) { $error = TRUE; $error_msg = $lang['No_such_user']; } } else { $error = TRUE; $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['No_to_user']; } $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); if (empty($privmsg_subject)) {
} if (count($mark_list)) { $delete_sql_id = implode(', ', $mark_list); $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "\n\t\t\t\t\tWHERE privmsgs_text_id IN ({$delete_sql_id})"; $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "\n\t\t\t\t\tWHERE privmsgs_id IN ({$delete_sql_id})"; if (!$db->sql_query($delete_sql)) { message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); } if (!$db->sql_query($delete_text_sql)) { message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } $message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.{$phpEx}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.{$phpEx}?pane=right") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $username = !empty($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $password = !empty($HTTP_POST_VARS['password']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password']))) : ''; $password_confirm = !empty($HTTP_POST_VARS['password_confirm']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : ''; $icq = !empty($HTTP_POST_VARS['icq']) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : ''; $aim = !empty($HTTP_POST_VARS['aim']) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : ''; $msn = !empty($HTTP_POST_VARS['msn']) ? trim(strip_tags($HTTP_POST_VARS['msn'])) : ''; $yim = !empty($HTTP_POST_VARS['yim']) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : ''; $website = !empty($HTTP_POST_VARS['website']) ? trim(strip_tags($HTTP_POST_VARS['website'])) : ''; $location = !empty($HTTP_POST_VARS['location']) ? trim(strip_tags($HTTP_POST_VARS['location'])) : ''; $occupation = !empty($HTTP_POST_VARS['occupation']) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : ''; $interests = !empty($HTTP_POST_VARS['interests']) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : ''; $signature = !empty($HTTP_POST_VARS['signature']) ? trim(str_replace('<br />', "\n", $HTTP_POST_VARS['signature'])) : ''; validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); $viewemail = isset($HTTP_POST_VARS['viewemail']) ? $HTTP_POST_VARS['viewemail'] ? TRUE : 0 : 0; $allowviewonline = isset($HTTP_POST_VARS['hideonline']) ? $HTTP_POST_VARS['hideonline'] ? 0 : TRUE : TRUE;
// if (!empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['remove']) || isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny'])) { if (!$userdata['session_logged_in']) { redirect(append_sid("login.{$phpEx}?redirect=groupcp.{$phpEx}&" . POST_GROUPS_URL . "={$group_id}", true)); } else { if ($sid !== $userdata['session_id']) { message_die(GENERAL_ERROR, $lang['Session_invalid']); } } if (!$is_moderator) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("index.{$phpEx}") . '">')); $message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.{$phpEx}") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } if (isset($HTTP_POST_VARS['add'])) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level \n\t\t\t\t\tFROM " . USERS_TABLE . " \n\t\t\t\t\tWHERE username = '******'", "''", $username) . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql); } if (!($row = $db->sql_fetchrow($result))) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">')); $message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . append_sid("index.{$phpEx}") . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } if ($row['user_id'] == ANONYMOUS) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">')); $message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid("groupcp.{$phpEx}?" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.{$phpEx}") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $sql = "SELECT ug.user_id, u.user_level \n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u \n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . " \n\t\t\t\t\t\tAND ug.user_id = u.user_id \n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
// // Define initial vars // if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode'])) { $mode = isset($HTTP_POST_VARS['mode']) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { $mode = ''; } if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) { $search_keywords = isset($HTTP_POST_VARS['search_keywords']) ? $HTTP_POST_VARS['search_keywords'] : $HTTP_GET_VARS['search_keywords']; } else { $search_keywords = ''; } if (isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author'])) { $search_author = isset($HTTP_POST_VARS['search_author']) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author']; $search_author = phpbb_clean_username($search_author); } else { $search_author = ''; } $search_id = isset($HTTP_GET_VARS['search_id']) ? $HTTP_GET_VARS['search_id'] : ''; $show_results = isset($HTTP_POST_VARS['show_results']) ? $HTTP_POST_VARS['show_results'] : 'posts'; $show_results = $show_results == 'topics' ? 'topics' : 'posts'; if (isset($HTTP_POST_VARS['search_terms'])) { $search_terms = $HTTP_POST_VARS['search_terms'] == 'all' ? 1 : 0; } else { $search_terms = 0; } if (isset($HTTP_POST_VARS['search_fields'])) { $search_fields = $HTTP_POST_VARS['search_fields'] == 'all' ? 1 : 0; } else { $search_fields = 0;
***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * ***************************************************************************/ if (!defined('IN_PHPBB')) { die('Hacking attempt'); exit; } if (isset($_POST['submit'])) { $username = !empty($_POST['username']) ? phpbb_clean_username($_POST['username']) : ''; $email = !empty($_POST['email']) ? trim(strip_tags(htmlspecialchars($_POST['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang \n\t\tFROM " . USERS_TABLE . " \n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "' \n\t\t\tAND username = '******'", "''", $username) . "'"; if ($result = $db->sql_query($sql)) { if ($row = $db->sql_fetchrow($result)) { if (!$row['user_active']) { message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']); } $username = $row['username']; $user_id = $row['user_id']; $user_actkey = gen_rand_string(true); $key_len = 54 - strlen($server_url); $key_len = $key_len > 6 ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = gen_rand_string(false); $sql = "UPDATE " . USERS_TABLE . " \n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}' \n\t\t\t\tWHERE user_id = " . $row['user_id'];
} else { $_varary = $_POST['pending_members']; } $_data = ''; for ($i = 0; $i < sizeof($_varary); $i++) { $_data .= ($_data != '' ? ', ' : '') . intval($_varary[$i]); } $content .= '[Group Edit: ' . $_tmp1 . ' ==> ' . $_data . ']'; if ($db_log_actions == true) { $db_log = array('action' => 'GROUP_EDIT', 'desc' => $_tmp1, 'target' => $_data); } $update_log = true; } elseif (isset($_POST['add']) && isset($_POST['username'])) { $content .= '[Group Add: ' . $_tmp1 . ' ==> ' . $_POST['username'] . ']'; if ($db_log_actions == true) { $sql = get_users_sql(phpbb_clean_username($_POST['username']), false, false, true, true); $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $db_log = array('action' => 'GROUP_ADD', 'desc' => $_tmp1, 'target' => $user_row['user_id']); } $update_log = true; } elseif (isset($_POST['groupstatus']) && isset($_POST['group_type'])) { $content .= '[Group Type: ' . $_tmp1 . ' ==> ' . intval($_POST['group_type']) . ']'; if ($db_log_actions == true) { $db_log = array('action' => 'GROUP_TYPE', 'desc' => $_tmp1 . ';' . intval($_POST['group_type']), 'target' => ''); } $update_log = true; } } break;
} $db->sql_freeresult($result); // remove friends from the username array $n = sizeof($data['add']); $data['add'] = array_diff($data['add'], $friends); // remove foes from the username array $n = sizeof($data['add']); $data['add'] = array_diff($data['add'], $foes); // remove the user himself from the username array $n = sizeof($data['add']); $data['add'] = array_diff($data['add'], array($user->data['username'])); unset($friends, $foes, $n); if (sizeof($data['add'])) { $users_to_add = ''; foreach ($data['add'] as $user_tmp) { $username_tmp = phpbb_clean_username($user_tmp); //$users_to_add .= (($users_to_add == '') ? '' : ', ') . "'" . $db->sql_escape($username_tmp) . "'"; $users_to_add .= ($users_to_add == '' ? '' : ', ') . "'" . $db->sql_escape(utf8_clean_string($username_tmp)) . "'"; } //$users_to_add = implode('\',\'', $data['add']); $sql = "SELECT user_id, user_level\n\t\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username_clean IN (" . $users_to_add . ")\n\t\t\t\t\t\tAND user_active = 1"; //die($sql); $result = $db->sql_query($sql); $user_id_ary = array(); $user_id_level = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['user_id'] != ANONYMOUS) { $user_id_ary[$row['user_id']] = $row['user_id']; $user_id_level[$row['user_id']] = $row['user_level']; } }
} $params[] = 'users_per_page=' . $users_per_page; $sort_params[] = 'users_per_page=' . $users_per_page; $params[] = 'mode=' . $mode; $sort_params[] = 'mode=' . $mode; } $pagination_url = append_sid(CMS_PAGE_MEMBERLIST, false, false, implode('&', $params)); $sort_url = append_sid(CMS_PAGE_MEMBERLIST, false, false, implode('&', $sort_params)); unset($search_params, $sort_params); if (!empty($alphanum)) { $alphanum = ($alphanum == '#') ? '#' : (phpbb_clean_username(ip_clean_username(strtolower(urldecode($alphanum))))); $sql_where = ($alphanum == '#') ? "AND LOWER(username) NOT RLIKE '^[a-z]'" : "AND LOWER(username) LIKE '" . $db->sql_escape($alphanum) . "%'"; } if (($action == 'searchuser') && ($user->data['user_level'] == ADMIN)) { $template->assign_vars(array( 'USERNAME' => $username, 'EMAIL' => $email, 'AIM' => $aim, 'ICQ' => $icq, 'JABBER' => $jabber, 'MSNM' => $msn, 'SKYPE' => $skype, 'YAHOO' => $yahoo, 'JOINED' => implode('-', $joined),
function rss_get_user() { global $db, $HTTP_SERVER_VARS, $HTTP_GET_VARS; if ((!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || !isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) && isset($HTTP_SERVER_VARS['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $HTTP_SERVER_VARS['REMOTE_USER'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $HTTP_SERVER_VARS['PHP_AUTH_USER'] = strip_tags($name); $HTTP_SERVER_VARS['PHP_AUTH_PW'] = strip_tags($password); } if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW'])) { $username = phpbb_clean_username($HTTP_SERVER_VARS['PHP_AUTH_USER']); $password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']); if (isset($HTTP_GET_VARS['uid'])) { $uid = intval($HTTP_GET_VARS['uid']); $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = {$uid}"; } else { $sql = "SELECT user_id, username, user_password, user_active, user_level\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username = '******'", "''", $username) . "'"; } if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { if ($password == $row['user_password'] && $row['user_active']) { // Yes!!! It's good user return $row['user_id']; } else { GetHTTPPasswd(); } } } else { GetHTTPPasswd(); } return ANONYMOUS; }
function get_users_sql($username, $sql_like = false, $all_data = false, $data_escape = true, $clean_username = false) { global $config, $cache, $db; $username = !empty($clean_username) ? phpbb_clean_username($username) : $username; $sql = "SELECT " . (!empty($all_data) ? "*" : "user_id, username, username_clean, user_active, user_color, user_level") . " FROM " . USERS_TABLE . "\n\t\tWHERE username_clean " . (!empty($sql_like) ? " LIKE " : " = ") . "'" . (!empty($data_escape) ? $db->sql_escape(utf8_clean_string($username)) : $username) . "'" . (!empty($sql_like) ? "" : " LIMIT 1"); return $sql; }
} if (count($mark_list)) { $delete_sql_id = implode(', ', $mark_list); $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "\n\t\t\t\t\tWHERE privmsgs_text_id IN ({$delete_sql_id})"; $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "\n\t\t\t\t\tWHERE privmsgs_id IN ({$delete_sql_id})"; if (!$db->sql_query($delete_sql)) { message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); } if (!$db->sql_query($delete_text_sql)) { message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } $message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.{$phpEx}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.{$phpEx}?pane=right") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $username = !empty($HTTP_POST_VARS['username']) ? ereg_replace("&", "&", phpbb_clean_username($HTTP_POST_VARS['username'])) : ''; $email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $password = !empty($HTTP_POST_VARS['password']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password']))) : ''; $password_confirm = !empty($HTTP_POST_VARS['password_confirm']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : ''; $icq = !empty($HTTP_POST_VARS['icq']) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : ''; $aim = !empty($HTTP_POST_VARS['aim']) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : ''; $msn = !empty($HTTP_POST_VARS['msn']) ? trim(strip_tags($HTTP_POST_VARS['msn'])) : ''; $yim = !empty($HTTP_POST_VARS['yim']) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : ''; $skype = !empty($HTTP_POST_VARS['skype']) ? trim(strip_tags($HTTP_POST_VARS['skype'])) : ''; $website = !empty($HTTP_POST_VARS['website']) ? trim(strip_tags($HTTP_POST_VARS['website'])) : ''; $location = !empty($HTTP_POST_VARS['location']) ? trim(strip_tags($HTTP_POST_VARS['location'])) : ''; $occupation = !empty($HTTP_POST_VARS['occupation']) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : ''; $interests = !empty($HTTP_POST_VARS['interests']) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : ''; $gender = isset($HTTP_POST_VARS['gender']) ? intval($HTTP_POST_VARS['gender']) : 0; if (isset($HTTP_POST_VARS['birthday'])) { $birthday = intval($HTTP_POST_VARS['birthday']);
AND privmsgs_from_userid = ' . $userdata['user_id']; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql); } if (!($row = $db->sql_fetchrow($result))) { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } $db->sql_freeresult($result); unset($row); } if ($submit) { if (!empty($HTTP_POST_VARS['username'])) { $to_username_array = explode(";", $HTTP_POST_VARS['username']); usort($to_username_array, create_function('$a,$b', 'return strcasecmp($a,$b);')); foreach ($to_username_array as $name) { $to_usernames .= "'" . phpbb_clean_username($name) . "',"; } $to_usernames[strlen($to_usernames) - 1] = " "; $sql = "SELECT user_id, username, user_notify_pm, user_email, user_lang, user_active \n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username IN (" . str_replace("\\'", "''", $to_usernames) . ")\n\t\t\t\t\tAND user_id <> " . ANONYMOUS . " \n\t\t\t\tORDER BY username ASC"; if (!($result2 = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain users PM information', '', __LINE__, __FILE__, $sql); } if (!($to_users = $db->sql_fetchrowset($result2))) { $error = TRUE; $error_msg = $lang['No_such_user']; } $n = 0; while ($to_username_array[$n] && !$error) { if (strcasecmp($to_users[$n]['username'], str_replace("\\'", "'", $to_username_array[$n]))) { $error = TRUE; $error_msg .= $lang['No_such_user'] . " '" . str_replace("\\'", "'", $to_username_array[$n]);
function search_attachments($order_by, &$total_rows) { global $db, $HTTP_POST_VARS, $HTTP_GET_VARS, $lang; $where_sql = array(); // Get submitted Vars $search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat'); for ($i = 0; $i < sizeof($search_vars); $i++) { ${$search_vars}[$i] = get_var($search_vars[$i], ''); } // Author name search if ($search_author != '') { // Bring in line with 2.0.x expected username $search_author = addslashes(html_entity_decode($search_author)); $search_author = stripslashes(phpbb_clean_username($search_author)); // Prepare for directly going into sql query $search_author = str_replace('*', '%', attach_mod_sql_escape($search_author)); // We need the post_id's, because we want to query the Attachment Table $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\tWHERE username LIKE '{$search_author}'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t obtain list of matching users (searching for: ' . $search_author . ')', '', __LINE__, __FILE__, $sql); } $matching_userids = ''; if ($row = $db->sql_fetchrow($result)) { do { $matching_userids .= ($matching_userids != '' ? ', ' : '') . intval($row['user_id']); } while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); } else { message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']); } $where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) '; } // Search Keyword if ($search_keyword_fname != '') { $match_word = str_replace('*', '%', $search_keyword_fname); $where_sql[] = " (a.real_filename LIKE '" . attach_mod_sql_escape($match_word) . "') "; } if ($search_keyword_comment != '') { $match_word = str_replace('*', '%', $search_keyword_comment); $where_sql[] = " (a.comment LIKE '" . attach_mod_sql_escape($match_word) . "') "; } // Search Download Count if ($search_count_smaller != '' || $search_count_greater != '') { if ($search_count_smaller != '') { $where_sql[] = ' (a.download_count < ' . (int) $search_count_smaller . ') '; } else { if ($search_count_greater != '') { $where_sql[] = ' (a.download_count > ' . (int) $search_count_greater . ') '; } } } // Search Filesize if ($search_size_smaller != '' || $search_size_greater != '') { if ($search_size_smaller != '') { $where_sql[] = ' (a.filesize < ' . (int) $search_size_smaller . ') '; } else { if ($search_size_greater != '') { $where_sql[] = ' (a.filesize > ' . (int) $search_size_greater . ') '; } } } // Search Attachment Time if ($search_days_greater != '') { $where_sql[] = ' (a.filetime < ' . (time() - (int) $search_days_greater * 86400) . ') '; } // Search Forum if ($search_forum) { $where_sql[] = ' (p.forum_id = ' . intval($search_forum) . ') '; } // Search Cat... nope... sorry :( $sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE '; if (sizeof($where_sql) > 0) { $sql .= implode('AND', $where_sql) . ' AND '; } $sql .= 't.post_id = p.post_id AND a.attach_id = t.attach_id '; $total_rows_sql = $sql; $sql .= $order_by; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql); } $attachments = $db->sql_fetchrowset($result); $num_attach = $db->sql_numrows($result); $db->sql_freeresult($result); if ($num_attach == 0) { message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']); } if (!($result = $db->sql_query($total_rows_sql))) { message_die(GENERAL_ERROR, 'Could not query attachments', '', __LINE__, __FILE__, $sql); } $total_rows = $db->sql_numrows($result); $db->sql_freeresult($result); return $attachments; }
message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql); } if (!($row = $db->sql_fetchrow($result))) { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } $db->sql_freeresult($result); unset($row); } if ($submit) { // session id check if ($sid == '' || $sid != $userdata['session_id']) { $error = true; $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['Session_invalid']; } if (!empty($_POST['username'])) { $to_username = phpbb_clean_username($_POST['username']); // Begin PNphpBB2 Module // $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active // FROM " . USERS_TABLE . " // WHERE username = '******'", "''", $to_username) . "' // AND user_id <> " . ANONYMOUS; $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active \n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username = '******'\n\t\t\t\t\tAND user_id <> " . ANONYMOUS; // End PNphpBB2 Module if (!($result = $db->sql_query($sql))) { $error = TRUE; $error_msg = $lang['No_such_user']; } if (!($to_userdata = $db->sql_fetchrow($result))) { $error = TRUE; $error_msg = $lang['No_such_user']; }
include $phpbb_root_path . 'includes/bbcode.' . $phpEx; include $phpbb_root_path . 'includes/functions_post.' . $phpEx; if ($mode == 'editprofile') { $user_id = intval($HTTP_POST_VARS['user_id']); $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'skype' => 'skype', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code'); // Strip all tags from data ... may p**s some people off, bah, strip_tags is // doing the job but can still break HTML output ... have no choice, have // to use htmlspecialchars ... be prepared to be moaned at. while (list($var, $param) = @each($strip_var_list)) { if (!empty($HTTP_POST_VARS[$param])) { ${$var} = str_replace("&", "&", trim(htmlspecialchars($HTTP_POST_VARS[$param]))); } } $username = !empty($HTTP_POST_VARS['username']) ? str_replace('&', '&', phpbb_clean_username($HTTP_POST_VARS['username'])) : ''; $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature'); while (list($var, $param) = @each($trim_var_list)) { if (!empty($HTTP_POST_VARS[$param])) { ${$var} = trim($HTTP_POST_VARS[$param]); } } $signature = isset($signature) ? str_replace('<br />', "\n", $signature) : ''; $signature_bbcode_uid = ''; $allow_mass_pm = isset($HTTP_POST_VARS['allow_mass_pm']) ? intval($HTTP_POST_VARS['allow_mass_pm']) : 2; $gender = isset($HTTP_POST_VARS['gender']) ? intval($HTTP_POST_VARS['gender']) : 0; if (isset($HTTP_POST_VARS['birthday'])) { $birthday = intval($HTTP_POST_VARS['birthday']); if ($birthday != 999999) { $b_day = realdate('j', $birthday); $b_md = realdate('n', $birthday);
function validate_username($username) { global $db, $user, $lang; // Remove doubled up spaces $username = preg_replace('#\\s+#', ' ', trim($username)); $username = phpbb_clean_username($username); $sql = get_users_sql($username, false, false, true, false); $db->sql_return_on_error(true); $result = $db->sql_query($sql); $db->sql_return_on_error(false); if ($result) { while ($row = $db->sql_fetchrow($result)) { if ($user->data['session_logged_in'] && $row['username'] != $user->data['username'] || !$user->data['session_logged_in']) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $db->sql_freeresult($result); $sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . $db->sql_escape(strtolower($username)) . "'"; $db->sql_return_on_error(true); $result = $db->sql_query($sql); $db->sql_return_on_error(false); if ($result) { if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $db->sql_freeresult($result); $sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE; $db->sql_return_on_error(true); $result = $db->sql_query($sql); $db->sql_return_on_error(false); if ($result) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); $sql = "SELECT word\n\t\tFROM " . WORDS_TABLE; $db->sql_return_on_error(true); $result = $db->sql_query($sql); $db->sql_return_on_error(false); if ($result) { if ($row = $db->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = $db->sql_fetchrow($result)); } } $db->sql_freeresult($result); if (!preg_match("/^[a-z0-9&\\-_ ]+\$/i", $username)) { return array('error' => true, 'error_msg' => $lang['Forbidden_characters']); } // Disallow " and ALT-255 in username. if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, chr(173))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } return array('error' => false, 'error_msg' => ''); }
} // Handle Additions, removals, approvals and denials if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny']) || isset($_POST['mass_colorize'])) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=groupcp.' . PHP_EXT . '&' . POST_GROUPS_URL . '=' . $group_id, true)); } elseif ($sid !== $user->data['session_id']) { message_die(GENERAL_ERROR, $lang['Session_invalid']); } if (!$is_moderator) { $redirect_url = append_sid(CMS_PAGE_FORUM); meta_refresh(3, $redirect_url); $message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } if (isset($_POST['add'])) { $username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : ''; $sql = get_users_sql($username, false, true, true, false); $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { $redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id); meta_refresh(3, $redirect_url); $message = $lang['Could_not_add_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $row['user_level'] = $row['user_level'] == JUNIOR_ADMIN ? ADMIN : $row['user_level']; if ($row['user_id'] == ANONYMOUS) { $redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id); meta_refresh(3, $redirect_url); $message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); }
*/ /** * * @Extra credits for this file * ycl6 (damian at phpbb dot cc) * */ if (!defined('IN_ICYPHOENIX')) { die('Hacking attempt'); exit; } if (intval($config['require_activation']) == USER_ACTIVATION_ADMIN) { message_die(GENERAL_ERROR, 'Invalid_activation'); } if (isset($_POST['submit'])) { $username = phpbb_clean_username(request_post_var('username', '', true)); $username = htmlspecialchars_decode($username, ENT_COMPAT); $email = request_post_var('email', ''); $sql = "SELECT user_id, user_email, user_active, user_actkey, user_lang, user_last_login_attempt\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { // No such name message_die(GENERAL_ERROR, 'User_not_exist'); } if ($row['user_email'] != $email) { // Wrong Email provided message_die(GENERAL_ERROR, 'No_email_match'); } if (!empty($row['user_active'])) { // Already activated message_die(GENERAL_ERROR, 'Already_activated');
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length) { global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username if (!empty($username)) { $username = phpbb_clean_username($username); if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) { include $phpbb_root_path . 'includes/functions_validate.' . $phpEx; $result = validate_username($username); if ($result['error']) { $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg']; } } else { $username = ''; } } // Check subject if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } else { if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; } } // Check message if (!empty($message)) { $bbcode_uid = $bbcode_on ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } else { if ($mode != 'delete' && $mode != 'poll_delete') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; } } // // Handle poll stuff // if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $poll_length = isset($poll_length) ? max(0, intval($poll_length)) : 0; if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } if (!empty($poll_options)) { $temp_option_text = array(); while (list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); if (!empty($option_text)) { $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; if (count($poll_options) < 2) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } else { if (count($poll_options) > $board_config['max_poll_options']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } else { if ($poll_title == '') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } } } return; }
function username_search($search_match) { // Begin PNphpBB2 Module // global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; global $db, $board_config, $template, $lang, $images, $phpbb_theme, $phpEx, $phpbb_root_path; // End PNphpBB2 Module global $starttime, $gen_simple_header; $gen_simple_header = TRUE; $username_list = ''; if (!empty($search_match)) { // Begin PNphpBB2 Module // $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); $username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match)); // $sql = "SELECT username // FROM " . USERS_TABLE . " // WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . " // ORDER BY username"; $sql = "SELECT username \n\t\t\tFROM " . USERS_TABLE . " \n\t\t\tWHERE username LIKE '" . DataUtil::formatForStore($username_search) . "' AND user_id <> " . ANONYMOUS . "\n\t\t\tORDER BY username"; // End PNphpBB2 Module if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { do { // Begin PNphpBB2 Module // $username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>'; $username_list .= '<option value="' . $row['username'] . '">' . DataUtil::formatForDisplay($row['username']) . '</option>'; // End PNphpBB2 Module } while ($row = $db->sql_fetchrow($result)); } else { $username_list .= '<option>' . $lang['No_match'] . '</option>'; } $db->sql_freeresult($result); } $page_title = $lang['Search']; include $phpbb_root_path . 'includes/page_header.' . $phpEx; $template->set_filenames(array('search_user_body' => 'search_username.tpl')); $template->assign_vars(array('USERNAME' => !empty($search_match) ? DataUtil::formatForDisplay($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.{$phpEx}?mode=searchuser"))); if ($username_list != '') { $template->assign_block_vars('switch_select_name', array()); } $template->pparse('search_user_body'); include $phpbb_root_path . 'includes/page_tail.' . $phpEx; return; }
function username_search($search_match, $ajax_search = false) { global $db, $config, $template, $images, $theme, $user, $lang; global $starttime, $gen_simple_header; $username_list = ''; if (!empty($search_match)) { $username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE LOWER(username) LIKE '" . $db->sql_escape(strtolower($username_search)) . "' AND user_id <> " . ANONYMOUS . "\n\t\t\tORDER BY username"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $username_list .= '<option value="' . htmlspecialchars($row['username']) . '">' . htmlspecialchars($row['username']) . '</option>'; } while ($row = $db->sql_fetchrow($result)); } else { $username_list .= '<option>' . $lang['No_match'] . '</option>'; } $db->sql_freeresult($result); } $target_form_name = preg_replace('/[^A-Za-z0-9-_]+/', '', request_var('target_form_name', 'post')); $target_element_name = preg_replace('/[^A-Za-z0-9-_]+/', '', request_var('target_element_name', 'username')); $s_hidden_fields = build_hidden_fields(array('target_form_name' => $target_form_name, 'target_element_name' => $target_element_name)); $template->assign_vars(array('USERNAME' => !empty($search_match) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['FIND_USERNAME'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_TARGET_FORM_NAME' => $target_form_name, 'S_TARGET_ELEMENT_NAME' => $target_element_name, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid(CMS_PAGE_SEARCH . '?mode=searchuser'))); if ($ajax_search = true) { if ($username_list == '') { $template->assign_var('USERNAME_LIST_VIS', 'style="display: none;"'); } } else { if ($username_list != '') { $template->assign_block_vars('switch_select_name', array()); } } $gen_simple_header = true; full_page_generation('search_username.tpl', $lang['Search'], '', ''); return; }
while (list($var, $param) = @each($strip_var_list)) { ${$var} = request_post_var($param, '', true); } if ($mode == 'editprofile') { $user_id = request_post_var('user_id', 0); $current_email = request_post_var('current_email', '', true); $email_confirm = $cpl_mode == 'reg_info' ? $email_confirm : $current_email; } $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature', 'selfdes' => 'selfdes', 'username' => 'username'); while (list($var, $param) = @each($trim_var_list)) { ${$var} = request_post_var($param, '', true); ${$var} = htmlspecialchars_decode(${$var}, ENT_COMPAT); } $signature = str_replace('<br />', "\n", $signature); $selfdes = str_replace('<br />', "\n", $selfdes); $username = phpbb_clean_username($username); $gender = request_post_var('gender', 0); // Birthday - BEGIN if (isset($_POST['birthday'])) { $birthday = intval($_POST['birthday']); if ($birthday != 999999) { $birthday_day = realdate('j', $birthday); $birthday_month = realdate('n', $birthday); $birthday_year = realdate('Y', $birthday); } } else { $birthday_day = request_post_var('b_day', 0); $birthday_month = request_post_var('b_md', 0); $birthday_year = request_post_var('b_year', 0); if ($birthday_day && $birthday_month && $birthday_year) { $birthday = mkrealdate($birthday_day, $birthday_month, $birthday_year);
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length, &$max_vote, &$hide_vote, &$tothide_vote) { global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username if (!empty($username)) { $username = phpbb_clean_username($username); if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) { include $phpbb_root_path . 'includes/functions_validate.' . $phpEx; $result = validate_username($username); if ($result['error']) { $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg']; } } else { $username = ''; } } // Check subject if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } else { if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; } } // Start Smilies Invasion Mod // Check Smiley Count if ($userdata['user_level'] != ADMIN) { // -~= { Start User Configuration } =~- \\ $smilies_limit = 3; // -~= { End User Configuration { =~- \\ $smilies_count = smilies_count($subject); if ($smilies_count > $smilies_limit) { $error_msg .= !empty($error_msg) ? '<br />' . sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit) : sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit); } } // End Smilies Invasion Mod // Check message if (!empty($message)) { $bbcode_uid = $bbcode_on ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } else { if ($mode != 'delete' && $mode != 'poll_delete') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; } } // // Handle poll stuff // if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $poll_length = isset($poll_length) ? max(0, $poll_length + $poll_length_h / 24) : 0; ${$max_vote} = isset($max_vote) ? max(0, intval($max_vote)) : 0; ${$hide_vote} = isset($hide_vote) ? max(0, intval($hide_vote)) : 0; ${$tothide_vote} = isset($tothide_vote) ? max(0, intval($tothide_vote)) : 0; if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } if (!empty($poll_options)) { $temp_option_text = array(); while (list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); if (!empty($option_text)) { $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; if (count($poll_options) < 2) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } else { if (count($poll_options) > $board_config['max_poll_options']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } else { if ($poll_title == '') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } } } return; }
function username_search($search_match) { global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path, $starttime, $gen_simple_header; $gen_simple_header = TRUE; $username_list = ''; if (!empty($search_match)) { $username_search = preg_replace('/\\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username\r\n FROM " . USERS_TABLE . "\r\n WHERE username LIKE '" . str_replace("\\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . "\r\n ORDER BY username"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { do { $username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>'; } while ($row = $db->sql_fetchrow($result)); } else { $username_list .= '<option>' . $lang['No_match'] . '</option>'; } $db->sql_freeresult($result); } $page_title = $lang['Search']; include "modules/Forums/includes/page_header_review.php"; $template->set_filenames(array('search_user_body' => 'search_username.tpl')); $template->assign_vars(array('USERNAME' => !empty($search_match) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.{$phpEx}?mode=searchuser&popup=1"))); if ($username_list != '') { $template->assign_block_vars('switch_select_name', array()); } $template->pparse('search_user_body'); include "modules/Forums/includes/page_tail_review.php"; return; }
function rss_get_user() { global $db; if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $username = phpbb_clean_username($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if (isset($_GET['uid'])) { $uid = intval($_GET['uid']); $uid = (int) $uid; $user_data = get_userdata($uid, false); if (!empty($user_data['username'])) { $username = $user_data['username']; } else { GetHTTPPasswd(); } } if (!function_exists('login_db')) { include IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT; } $login_result = login_db($username, $password, false, true); if ($login_result['status'] === LOGIN_SUCCESS) { return $row['user_id']; } else { GetHTTPPasswd(); } } else { GetHTTPPasswd(); } return ANONYMOUS; }
$s_months = ''; $s_year = ''; $s_hours = ''; $s_minutes = ''; $s_seconds = ''; $topic_post_time = ''; $topic_id = request_var(POST_TOPIC_URL, 0); $topic_id = $topic_id < 0 ? 0 : $topic_id; $post_id = request_var(POST_POST_URL, 0); $post_id = $post_id < 0 ? 0 : $post_id; // Get the submitted values, if a submit was send $submit = !empty($_POST['submit']) ? $_POST['submit'] : $_GET['submit']; // Submit if submit is given if ($submit) { $new_poster = request_var('username', '', true); $new_poster = !empty($new_poster) ? phpbb_clean_username($new_poster) : ''; $topic_post = request_var('topic_post', ''); $twelve_hours = request_var('twelve_hours', ''); $new_day = request_var($topic_post . '_day', 0); $month = request_var($topic_post . '_month', 0); $year = request_var($topic_post . '_year', 0); $hour = request_var($topic_post . '_hour', 0); $minute = request_var($topic_post . '_minute', 0); $second = request_var($topic_post . '_second', 0); $am_pm_s = request_var($topic_post . '_ampm', ''); if ($am_pm_s == 'pm' && !empty($twelve_hours)) { $hour += 12; } $edit_post_time = gmmktime($hour, $minute, $second, $month, $new_day, $year); $dst_sec = get_dst($edit_post_time, $config['board_timezone']); $edit_post_time = $edit_post_time - 3600 * $config['board_timezone'] - $dst_sec;