diff -ur phpBB2/admin/admin_board.php phpBB-2.0.6/admin/admin_board.php
--- phpBB2/admin/admin_board.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/admin_board.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_board.php,v 1.51.2.3 2002/12/19 17:17:39 psotfx Exp $
+ * $Id: admin_board.php,v 1.51.2.6 2003/06/10 00:37:12 psotfx Exp $
*
*
***************************************************************************/
@@ -16,7 +16,7 @@
if( !empty($setmodules) )
{
$file = basename(__FILE__);
- $module['General']['Configuration'] = "$file?mode=config";
+ $module['General']['Configuration'] = "$file";
return;
}
@@ -247,6 +247,9 @@
"ACTIVATION_USER_CHECKED" => $activation_user,
"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN,
"ACTIVATION_ADMIN_CHECKED" => $activation_admin,
+ "CONFIRM_ENABLE" => $confirm_yes,
+ "CONFIRM_DISABLE" => $confirm_no,
+ "ACTIVATION_NONE_CHECKED" => $activation_none,
"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes,
"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no,
"MAX_POLL_OPTIONS" => $new['max_poll_options'],
diff -ur phpBB2/admin/admin_db_utilities.php phpBB-2.0.6/admin/admin_db_utilities.php
--- phpBB2/admin/admin_db_utilities.php 2003-01-15 13:34:09.000000000 +0000
+++ phpBB-2.0.6/admin/admin_db_utilities.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
-* $Id: admin_db_utilities.php,v 1.42.2.9 2002/12/21 19:09:56 psotfx Exp $
+* $Id: admin_db_utilities.php,v 1.42.2.10 2003/03/04 21:02:19 acydburn Exp $
*
****************************************************************************/
@@ -701,6 +701,8 @@
$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
+ $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
+
if(!empty($additional_tables))
{
if(ereg(",", $additional_tables))
@@ -856,7 +858,7 @@
break;
case 'restore':
- if(!isset($restore_start))
+ if(!isset($HTTP_POST_VARS['restore_start']))
{
//
// Define Template files...
diff -ur phpBB2/admin/admin_groups.php phpBB-2.0.6/admin/admin_groups.php
--- phpBB2/admin/admin_groups.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/admin_groups.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_groups.php,v 1.25.2.5 2002/07/31 19:14:46 dougk_ff7 Exp $
+ * $Id: admin_groups.php,v 1.25.2.8 2003/05/17 17:32:18 acydburn Exp $
*
*
***************************************************************************/
@@ -43,7 +43,7 @@
}
else
{
- $group_id = '';
+ $group_id = 0;
}
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
@@ -171,6 +171,56 @@
//
if ( isset($HTTP_POST_VARS['group_delete']) )
{
+ //
+ // Reset User Moderator Level
+ //
+
+ // Is Group moderating a forum ?
+ $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
+ }
+
+ $row = $db->sql_fetchrow($result);
+ if (intval($row['auth_mod']) == 1)
+ {
+ // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
+ $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
+ }
+
+ $rows = $db->sql_fetchrowset($result);
+ for ($i = 0; $i < count($rows); $i++)
+ {
+ $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+ WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id)
+ AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+
+ if ($db->sql_numrows($result) == 0)
+ {
+ $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . "
+ WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
+
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+ }
+ }
+ }
+
+ //
+ // Delete Group
+ //
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
if ( !$db->sql_query($sql) )
@@ -213,7 +263,7 @@
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
- $this_userdata = get_userdata($group_moderator);
+ $this_userdata = get_userdata($group_moderator, true);
$group_moderator = $this_userdata['user_id'];
if ( !$group_moderator )
diff -ur phpBB2/admin/admin_mass_email.php phpBB-2.0.6/admin/admin_mass_email.php
--- phpBB2/admin/admin_mass_email.php 2003-01-15 13:34:07.000000000 +0000
+++ phpBB-2.0.6/admin/admin_mass_email.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
-* $Id: admin_mass_email.php,v 1.15.2.5 2002/05/20 00:52:18 psotfx Exp $
+* $Id: admin_mass_email.php,v 1.15.2.7 2003/05/03 23:24:01 acydburn Exp $
*
****************************************************************************/
@@ -79,10 +79,10 @@
if ( $row = $db->sql_fetchrow($result) )
{
- $bcc_list = '';
+ $bcc_list = array();
do
{
- $bcc_list .= ( ( $bcc_list != '' ) ? ', ' : '' ) . $row['user_email'];
+ $bcc_list[] = $row['user_email'];
}
while ( $row = $db->sql_fetchrow($result) );
@@ -116,12 +116,18 @@
$emailer = new emailer($board_config['smtp_delivery']);
- $email_headers = 'Return-Path: ' . $userdata['board_email'] . "\nFrom: " . $board_config['board_email'] . "\n";
- $email_headers .= 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
+ $emailer->from($board_config['board_email']);
+ $emailer->replyto($board_config['board_email']);
+
+ for ($i = 0; $i < count($bcc_list); $i++)
+ {
+ $emailer->bcc($bcc_list[$i]);
+ }
+
+ $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
- $email_headers .= "Bcc: $bcc_list\n";
$emailer->use_template('admin_send_email');
$emailer->email_address($board_config['board_email']);
diff -ur phpBB2/admin/admin_styles.php phpBB-2.0.6/admin/admin_styles.php
--- phpBB2/admin/admin_styles.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/admin_styles.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_styles.php,v 1.27.2.9 2002/12/21 19:09:57 psotfx Exp $
+ * $Id: admin_styles.php,v 1.27.2.11 2003/06/26 00:08:17 psotfx Exp $
*
*
***************************************************************************/
@@ -39,16 +39,14 @@
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
-if (empty($HTTP_POST_VARS['send_file']))
-{
- $no_page_header = ( $cancel ) ? TRUE : FALSE;
- require($phpbb_root_path . 'extension.inc');
- require('./pagestart.' . $phpEx);
-}
+$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;
+
+require('./pagestart.' . $phpEx);
if ($cancel)
{
diff -ur phpBB2/admin/admin_ug_auth.php phpBB-2.0.6/admin/admin_ug_auth.php
--- phpBB2/admin/admin_ug_auth.php 2003-01-15 13:34:09.000000000 +0000
+++ phpBB-2.0.6/admin/admin_ug_auth.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_ug_auth.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $
+ * $Id: admin_ug_auth.php,v 1.13.2.4 2003/05/17 17:32:19 acydburn Exp $
*
*
***************************************************************************/
@@ -54,6 +54,9 @@
}
}
+$user_id = intval($user_id);
+$group_id = intval($group_id);
+
//
// Start program - define vars
//
@@ -510,7 +513,7 @@
{
if ( isset($HTTP_POST_VARS['username']) )
{
- $this_userdata = get_userdata($HTTP_POST_VARS['username']);
+ $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if ( !is_array($this_userdata) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
diff -ur phpBB2/admin/admin_user_ban.php phpBB-2.0.6/admin/admin_user_ban.php
--- phpBB2/admin/admin_user_ban.php 2003-01-15 13:34:09.000000000 +0000
+++ phpBB-2.0.6/admin/admin_user_ban.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
+ * $Id: admin_user_ban.php,v 1.21.2.4 2003/03/31 06:56:30 acydburn Exp $
*
*
***************************************************************************/
@@ -49,7 +49,7 @@
$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
- $this_userdata = get_userdata($HTTP_POST_VARS['username']);
+ $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
@@ -155,7 +155,7 @@
// contained in the annotated php manual at php.com (ereg
// section)
//
- if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
+ if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i])))
{
$email_list[] = trim($email_list_temp[$i]);
}
diff -ur phpBB2/admin/admin_users.php phpBB-2.0.6/admin/admin_users.php
--- phpBB2/admin/admin_users.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/admin_users.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: admin_users.php,v 1.57.2.17 2002/12/21 19:09:57 psotfx Exp $
+ * $Id: admin_users.php,v 1.57.2.25 2003/06/20 07:40:27 acydburn Exp $
*
*
***************************************************************************/
@@ -30,7 +30,7 @@
return;
}
-$phpbb_root_path = "./../";
+$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
@@ -56,14 +56,14 @@
//
// Begin program
//
-if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
+if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
- if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
+ if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
{
- $user_id = intval( $HTTP_POST_VARS['id'] );
+ $user_id = intval($HTTP_POST_VARS['id']);
if (!($this_userdata = get_userdata($user_id)))
{
@@ -216,7 +216,7 @@
message_die(GENERAL_MESSAGE, $message);
}
- $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
+ $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
@@ -304,24 +304,33 @@
$error = FALSE;
- if( stripslashes($username) != $this_userdata['username'] )
+ if (stripslashes($username) != $this_userdata['username'])
{
unset($rename_user);
- $result = validate_username($username);
- if ( $result['error'] )
+ if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) )
{
- $error = TRUE;
- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
+ $result = validate_username($username);
+ if ( $result['error'] )
+ {
+ $error = TRUE;
+ $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
+ }
+ else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
+ {
+ $error = TRUE;
+ $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken'];
+ }
}
- else
+
+ if (!$error)
{
- $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
+ $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
$rename_user = $username; // Used for renaming usergroup
}
}
- $passwd_sql = "";
+ $passwd_sql = '';
if( !empty($password) && !empty($password_confirm) )
{
//
@@ -349,7 +358,7 @@
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch'];
}
- if( $signature != "" )
+ if ($signature != '')
{
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
if ( $allowhtml )
@@ -653,12 +662,25 @@
{
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '".str_replace("\'", "''", $rename_user)."'
- WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'";
+ WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
}
}
+
+ // Delete user session, to prevent the user navigating the forum (if logged in) when disabled
+ if (!$user_status)
+ {
+ $sql = "DELETE FROM " . SESSIONS_TABLE . "
+ WHERE session_user_id = " . $user_id;
+
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
$message .= $lang['Admin_user_updated'];
}
else
@@ -716,7 +738,7 @@
}
else
{
- $this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
+ $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
@@ -727,7 +749,7 @@
// Now parse and display it as a template
//
$user_id = $this_userdata['user_id'];
- $username = htmlspecialchars($this_userdata['username']);
+ $username = $this_userdata['username'];
$email = $this_userdata['user_email'];
$password = '';
$password_confirm = '';
@@ -1127,4 +1149,4 @@
include('./page_footer_admin.'.$phpEx);
-?>
+?>
\ No newline at end of file
diff -ur phpBB2/admin/index.php phpBB-2.0.6/admin/index.php
--- phpBB2/admin/index.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/index.php 2003-08-03 11:59:56.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: index.php,v 1.40.2.3 2003/01/07 20:51:34 psotfx Exp $
+ * $Id: index.php,v 1.40.2.5 2003/08/03 11:50:51 acydburn Exp $
*
*
***************************************************************************/
@@ -132,6 +132,7 @@
"L_ADMIN_INTRO" => $lang['Admin_intro'],
"L_FORUM_STATS" => $lang['Forum_stats'],
"L_WHO_IS_ONLINE" => $lang['Who_is_Online'],
+ "L_USERNAME" => $lang['Username'],
"L_LOCATION" => $lang['Location'],
"L_LAST_UPDATE" => $lang['Last_updated'],
"L_IP_ADDRESS" => $lang['IP_Address'],
@@ -454,7 +455,7 @@
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $reg_ip,
- "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$reg_ip&targetnic=auto",
+ "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip",
"U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']),
"U_FORUM_LOCATION" => append_sid($location_url))
);
@@ -546,7 +547,7 @@
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $guest_ip,
- "U_WHOIS_IP" => "http://www.geektools.com/cgi-bin/proxy.cgi?query=$guest_ip&targetnic=auto",
+ "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip",
"U_FORUM_LOCATION" => append_sid($location_url))
);
}
diff -ur phpBB2/admin/page_header_admin.php phpBB-2.0.6/admin/page_header_admin.php
--- phpBB2/admin/page_header_admin.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/page_header_admin.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: page_header_admin.php,v 1.12.2.3 2002/12/10 11:13:58 bartvb Exp $
+ * $Id: page_header_admin.php,v 1.12.2.5 2003/06/10 20:48:18 acydburn Exp $
*
*
***************************************************************************/
@@ -64,6 +64,10 @@
'header' => 'admin/page_header.tpl')
);
+// Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility
+$l_timezone = explode('.', $board_config['board_timezone']);
+$l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])];
+
//
// The following assigns all _common_ variables that may be used at any point
// in a template. Note that all URL's should be wrapped in append_sid, as
@@ -79,7 +83,7 @@
'U_INDEX' => append_sid('../index.'.$phpEx),
- 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]),
+ 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone),
'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx),
'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx),
'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])),
diff -ur phpBB2/admin/pagestart.php phpBB-2.0.6/admin/pagestart.php
--- phpBB2/admin/pagestart.php 2003-01-15 13:34:08.000000000 +0000
+++ phpBB-2.0.6/admin/pagestart.php 2003-07-20 15:42:23.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: pagestart.php,v 1.1.2.4 2002/11/30 21:37:43 psotfx Exp $
+ * $Id: pagestart.php,v 1.1.2.6 2003/05/06 20:18:42 acydburn Exp $
*
*
***************************************************************************/
@@ -49,7 +49,10 @@
if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
- $url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
+ $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
+ $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
+ $url = str_replace('//', '/', $url);
+ $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
Only in phpBB-2.0.6: cache
diff -ur phpBB2/common.php phpBB-2.0.6/common.php
--- phpBB2/common.php 2003-01-15 13:34:16.000000000 +0000
+++ phpBB-2.0.6/common.php 2003-07-20 15:42:24.000000000 +0000
@@ -6,7 +6,7 @@
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
- * $Id: common.php,v 1.74.2.5 2002/12/17 23:59:37 psotfx Exp $
+ * $Id: common.php,v 1.74.2.10 2003/06/04 17:41:39 acydburn Exp $
*
*
***************************************************************************/
@@ -124,38 +124,28 @@
include($phpbb_root_path . 'includes/db.'.$phpEx);
//
-// Mozilla navigation bar
-// Default items that should be valid on all pages.
-// Defined here and not in page_header.php so they can be redefined in the code
-//
-$nav_links['top'] = array (
- 'url' => append_sid($phpbb_root_dir."index.".$phpEx),
- 'title' => sprintf($lang['Forum_Index'], $board_config['sitename'])
-);
-$nav_links['search'] = array (
- 'url' => append_sid($phpbb_root_dir."search.".$phpEx),
- 'title' => $lang['Search']
-);
-$nav_links['help'] = array (
- 'url' => append_sid($phpbb_root_dir."faq.".$phpEx),
- 'title' => $lang['FAQ']
-);
-$nav_links['author'] = array (
- 'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx),
- 'title' => $lang['Memberlist']
-);
-
-//
// Obtain and encode users IP
//
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
- if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
+ reset($entries);
+ while (list(, $entry) = each($entries))
{
- $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
- $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ $entry = trim($entry);
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
+ {
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
+ $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+
+ if ($client_ip != $found_ip)
+ {
+ $client_ip = $found_ip;
+ break;
+ }
+ }
}
}
else
diff -ur phpBB2/contrib/README.html phpBB-2.0.6/contrib/README.html
--- phpBB2/contrib/README.html 2003-01-15 13:34:07.000000000 +0000
+++ phpBB-2.0.6/contrib/README.html 2003-07-20 15:25:54.000000000 +0000
@@ -4,7 +4,7 @@