diff -crN phpbb208/admin/admin_board.php phpbb2020/admin/admin_board.php *** phpbb208/admin/admin_board.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/admin_board.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.6 2003/06/10 00:37:12 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.15 2006/02/10 22:19:01 grahamje Exp $ * * ***************************************************************************/ *************** *** 16,22 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } --- 16,22 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = $file; return; } *************** *** 43,55 **** { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; if ($config_name == 'cookie_name') { ! $cookie_name = str_replace('.', '_', $new['cookie_name']); } if( isset($HTTP_POST_VARS['submit']) ) --- 43,62 ---- { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; if ($config_name == 'cookie_name') { ! $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']); ! } ! ! // Attempt to prevent a common mistake with this value, ! // http:// is the protocol and not part of the server name ! if ($config_name == 'server_name') ! { ! $new['server_name'] = str_replace('http://', '', $new['server_name']); } if( isset($HTTP_POST_VARS['submit']) ) *************** *** 97,102 **** --- 104,115 ---- $activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : ""; $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : ""; + $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; + $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + + $allow_autologin_yes = ($new['allow_autologin']) ? 'checked="checked"' : ''; + $allow_autologin_no = (!$new['allow_autologin']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 160,165 **** --- 173,184 ---- "L_NONE" => $lang['Acc_None'], "L_USER" => $lang['Acc_User'], "L_ADMIN" => $lang['Acc_Admin'], + "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], + "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], + "L_ALLOW_AUTOLOGIN" => $lang['Allow_autologin'], + "L_ALLOW_AUTOLOGIN_EXPLAIN" => $lang['Allow_autologin_explain'], + "L_AUTOLOGIN_TIME" => $lang['Autologin_time'], + "L_AUTOLOGIN_TIME_EXPLAIN" => $lang['Autologin_time_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 179,184 **** --- 198,213 ---- "L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'], "L_FLOOD_INTERVAL" => $lang['Flood_Interval'], "L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], + "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'], + "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], + + 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'], + 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'], + 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'], + 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'], + 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'], + 'LOGIN_RESET_TIME' => $new['login_reset_time'], + "L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], "L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'], "L_TOPICS_PER_PAGE" => $lang['Topics_per_page'], *************** *** 249,259 **** "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], --- 278,291 ---- "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! 'ALLOW_AUTOLOGIN_YES' => $allow_autologin_yes, ! 'ALLOW_AUTOLOGIN_NO' => $allow_autologin_no, ! 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'], "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], + "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], diff -crN phpbb208/admin/admin_db_utilities.php phpbb2020/admin/admin_db_utilities.php *** phpbb208/admin/admin_db_utilities.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_db_utilities.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.10 2003/03/04 21:02:19 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.14 2006/02/10 20:35:40 grahamje Exp $ * ****************************************************************************/ *************** *** 499,507 **** while($row = $db->sql_fetchrow($result)) { ! unset($schema_vals); ! unset($schema_fields); ! unset($schema_insert); // // Build the SQL statement to recreate the data. // --- 499,507 ---- while($row = $db->sql_fetchrow($result)) { ! $schema_vals = ''; ! $schema_fields = ''; ! $schema_insert = ''; // // Build the SQL statement to recreate the data. // *************** *** 516,522 **** } elseif (eregi("date|timestamp", $aryType[$i])) { ! if ($empty($strVal)) { $strQuote = ""; } --- 516,522 ---- } elseif (eregi("date|timestamp", $aryType[$i])) { ! if (empty($strVal)) { $strQuote = ""; } *************** *** 693,699 **** include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 693,699 ---- include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); diff -crN phpbb208/admin/admin_disallow.php phpbb2020/admin/admin_disallow.php *** phpbb208/admin/admin_disallow.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/admin_disallow.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.4 2005/12/18 13:57:50 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,31 **** if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = append_sid($filename); return; } --- 25,31 ---- if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = $filename; return; } *************** *** 45,51 **** if ($disallowed_user == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { --- 45,51 ---- if ($disallowed_user == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { diff -crN phpbb208/admin/admin_forums.php phpbb2020/admin/admin_forums.php *** phpbb208/admin/admin_forums.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_forums.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.11 2004/03/25 15:57:19 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.13 2006/03/09 21:55:09 grahamje Exp $ * ***************************************************************************/ *************** *** 39,46 **** $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_ALL, ! "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, --- 39,46 ---- $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_REG, ! "auth_reply" => AUTH_REG, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, *************** *** 233,238 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 1024,1027 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1025,1028 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb208/admin/admin_groups.php phpbb2020/admin/admin_groups.php *** phpbb208/admin/admin_groups.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_groups.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.13 2006/03/09 19:42:41 grahamje Exp $ * * ***************************************************************************/ *************** *** 104,124 **** // // Ok, now we know everything about them, let's show the page. // ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id <> " . ANONYMOUS . " ! ORDER BY username"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! if ( $row['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $row['username']; } } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; --- 104,129 ---- // // Ok, now we know everything about them, let's show the page. // ! if ($group_info['group_moderator'] != '') { ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id = " . $group_info['group_moderator']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } + + $group_moderator = $row['username']; + } + else + { + $group_moderator = ''; } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; *************** *** 250,256 **** else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; --- 255,261 ---- else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; diff -crN phpbb208/admin/admin_ranks.php phpbb2020/admin/admin_ranks.php *** phpbb208/admin/admin_ranks.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_ranks.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.7 2006/01/23 19:47:19 grahamje Exp $ * ***************************************************************************/ *************** *** 19,33 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = "$file"; return; } // // Let's set the root dir for phpBB // --- 19,33 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = $file; return; } + define('IN_PHPBB', 1); + // // Let's set the root dir for phpBB // *************** *** 37,43 **** if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 37,43 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 59,64 **** --- 59,66 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; if( $mode != "" ) { *************** *** 213,220 **** { $rank_id = 0; } ! if( $rank_id ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; --- 215,224 ---- { $rank_id = 0; } + + $confirm = isset($HTTP_POST_VARS['confirm']); ! if( $rank_id && $confirm ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; *************** *** 238,372 **** message_die(GENERAL_MESSAGE, $message); } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); ! } ! } ! else ! { ! // ! // They didn't feel like giving us any information. Oh, too bad, we'll just display the ! // list then... ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min, rank_title"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! ! $rank_rows = $db->sql_fetchrowset($result); ! $rank_count = count($rank_rows); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Special_rank'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for( $i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if($special_rank) ! { ! $rank_min = $rank_max = "-"; ! } ! ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "RANK_MIN" => $rank_min, ! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'], ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } } } ! else { ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! for($i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! ! if( $special_rank == 1 ) ! { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); ! } } $template->pparse("body"); --- 242,336 ---- message_die(GENERAL_MESSAGE, $message); } ! elseif( $rank_id && !$confirm) { ! // Present the confirmation screen to the user ! $template->set_filenames(array( ! 'body' => 'admin/confirm_body.tpl') ! ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'], ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ); } + else + { + message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); + } } + + $template->pparse("body"); + + include('./page_footer_admin.'.$phpEx); } ! ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for($i = 0; $i < $rank_count; $i++) ! { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if( $special_rank == 1 ) { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); } $template->pparse("body"); diff -crN phpbb208/admin/admin_smilies.php phpbb2020/admin/admin_smilies.php *** phpbb208/admin/admin_smilies.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/admin_smilies.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.13 2004/03/25 15:57:20 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.17 2006/01/28 12:46:53 grahamje Exp $ * ****************************************************************************/ *************** *** 316,332 **** $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! message_die(GENERAL_MESSAGE, $message); break; case 'edit': --- 316,358 ---- $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $confirm ) { ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) ! { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); ! } ! ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! ! message_die(GENERAL_MESSAGE, $message); } + else + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'], ! ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ! ); ! $template->pparse('body'); ! } break; case 'edit': *************** *** 402,416 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 428,445 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // *************** *** 444,457 **** // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 473,489 ---- // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // *************** *** 553,556 **** // include('./page_footer_admin.'.$phpEx); ! ?> --- 585,588 ---- // include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb208/admin/admin_styles.php phpbb2020/admin/admin_styles.php *** phpbb208/admin/admin_styles.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_styles.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.12 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.16 2005/12/18 13:57:50 grahamje Exp $ * * ***************************************************************************/ *************** *** 27,33 **** $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = "$file"; $module['Styles']['Export'] = "$file?mode=export"; return; } --- 27,33 ---- $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = $file; $module['Styles']['Export'] = "$file?mode=export"; return; } *************** *** 48,53 **** --- 48,56 ---- require('./pagestart.' . $phpEx); + $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; + if ($cancel) { redirect('admin/' . append_sid("admin_styles.$phpEx", true)); *************** *** 72,78 **** if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; --- 75,81 ---- if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; *************** *** 579,584 **** --- 582,588 ---- "L_SIMPLE_NAME" => $lang['Simple_name'], "L_VALUE" => $lang['Value'], "L_STYLESHEET" => $lang['Stylesheet'], + "L_STYLESHEET_EXPLAIN" => $lang['Stylesheet_explain'], "L_BACKGROUND_IMAGE" => $lang['Background_image'], "L_BACKGROUND_COLOR" => $lang['Background_color'], "L_BODY_TEXT_COLOR" => $lang['Text_color'], *************** *** 736,742 **** @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w'); if( !$fp ) { --- 740,746 ---- @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w'); if( !$fp ) { diff -crN phpbb208/admin/admin_ug_auth.php phpbb2020/admin/admin_ug_auth.php *** phpbb208/admin/admin_ug_auth.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_ug_auth.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.10 2005/09/14 18:14:29 acydburn Exp $ * * ***************************************************************************/ *************** *** 251,259 **** } } ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 251,260 ---- } } ! $sql = 'SELECT f.* ! FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 414,419 **** --- 415,421 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 508,513 **** --- 510,557 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 526,534 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 570,579 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 561,567 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 606,612 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 764,770 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 809,815 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 787,806 **** } } if( count($name) ) { - $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } ! else ! { ! $t_usergroup_list = $lang['None']; ! } $s_column_span = 2; // Two columns always present if( !$adv ) --- 832,857 ---- } } + $t_usergroup_list = $t_pending_list = ''; if( count($name) ) { for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } ! ! $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list; ! $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list; $s_column_span = 2; // Two columns always present if( !$adv ) *************** *** 857,863 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } --- 908,914 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } diff -crN phpbb208/admin/admin_user_ban.php phpbb2020/admin/admin_user_ban.php *** phpbb208/admin/admin_user_ban.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_user_ban.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $ * * ***************************************************************************/ *************** *** 155,161 **** // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } diff -crN phpbb208/admin/admin_users.php phpbb2020/admin/admin_users.php *** phpbb208/admin/admin_users.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/admin_users.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.26 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.35 2006/03/26 14:43:24 grahamje Exp $ * * ***************************************************************************/ *************** *** 71,77 **** message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g --- 71,77 ---- message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g *************** *** 86,92 **** $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { --- 86,92 ---- $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { *************** *** 177,182 **** --- 177,196 ---- message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); } + $sql = "DELETE FROM " . SESSIONS_TABLE . " + WHERE session_user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . " + WHERE user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql); + } + $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_from_userid = $user_id *************** *** 217,223 **** message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 231,237 ---- message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 247,259 **** $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; - $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; --- 261,273 ---- $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); + $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; *************** *** 293,299 **** if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } --- 307,313 ---- if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_category . '/' . $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } *************** *** 389,397 **** { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; --- 403,411 ---- { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; *************** *** 645,651 **** } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_local) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // --- 659,665 ---- } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // *************** *** 681,693 **** message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 695,713 ---- message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } + + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } $message .= $lang['Admin_user_updated']; } else { ! message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql); } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 822,828 **** { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . "/" . $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) --- 842,848 ---- { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) *************** *** 867,873 **** for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . "/" . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( --- 887,893 ---- for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( *************** *** 878,884 **** $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; --- 898,904 ---- $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; *************** *** 934,940 **** if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) --- 954,960 ---- if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) diff -crN phpbb208/admin/admin_words.php phpbb2020/admin/admin_words.php *** phpbb208/admin/admin_words.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/admin_words.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.5 2006/01/23 21:24:40 grahamje Exp $ * * ***************************************************************************/ *************** *** 20,34 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = "$file"; return; } // // Load default header // --- 20,34 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = $file; return; } + define('IN_PHPBB', 1); + // // Load default header // *************** *** 38,44 **** if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 38,44 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 60,65 **** --- 60,68 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; + if( $mode != "" ) { if( $mode == "edit" || $mode == "add" ) *************** *** 70,75 **** --- 73,79 ---- "body" => "admin/words_edit_body.tpl") ); + $word_info = array('word' => '', 'replacement' => ''); $s_hidden_fields = ''; if( $mode == "edit" ) *************** *** 158,164 **** $word_id = 0; } ! if( $word_id ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; --- 162,170 ---- $word_id = 0; } ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $word_id && $confirm ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; *************** *** 172,177 **** --- 178,203 ---- message_die(GENERAL_MESSAGE, $message); } + elseif( $word_id && !$confirm) + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); + + $hidden_fields = ''; + + $template->assign_vars(array( + 'MESSAGE_TITLE' => $lang['Confirm'], + 'MESSAGE_TEXT' => $lang['Confirm_delete_word'], + + 'L_YES' => $lang['Yes'], + 'L_NO' => $lang['No'], + + 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"), + 'S_HIDDEN_FIELDS' => $hidden_fields) + ); + } else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); *************** *** 193,198 **** --- 219,225 ---- } $word_rows = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); $word_count = count($word_rows); $template->assign_vars(array( diff -crN phpbb208/admin/index.php phpbb2020/admin/index.php *** phpbb208/admin/index.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/index.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.5 2003/08/03 11:50:51 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.10 2005/12/04 12:55:28 grahamje Exp $ * * ***************************************************************************/ *************** *** 60,66 **** { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include($file); } } --- 60,66 ---- { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include('./' . $file); } } *************** *** 234,242 **** $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; --- 234,242 ---- $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.|5\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; *************** *** 332,338 **** WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND u.user_session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { --- 332,338 ---- WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND s.session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { *************** *** 560,565 **** --- 560,630 ---- ); } + // Check for new version + $current_version = explode('.', '2' . $board_config['version']); + $minor_revision = (int) $current_version[2]; + + $errno = 0; + $errstr = $version_info = ''; + + if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr, 10)) + { + @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); + @fputs($fsock, "HOST: www.phpbb.com\r\n"); + @fputs($fsock, "Connection: close\r\n\r\n"); + + $get_info = false; + while (!@feof($fsock)) + { + if ($get_info) + { + $version_info .= @fread($fsock, 1024); + } + else + { + if (@fgets($fsock, 1024) == "\r\n") + { + $get_info = true; + } + } + } + @fclose($fsock); + + $version_info = explode("\n", $version_info); + $latest_head_revision = (int) $version_info[0]; + $latest_minor_revision = (int) $version_info[2]; + $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2]; + + if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision) + { + $version_info = '

' . $lang['Version_up_to_date'] . '

'; + } + else + { + $version_info = '

' . $lang['Version_not_up_to_date']; + $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . ' ' . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; + } + } + else + { + if ($errstr) + { + $version_info = '

' . sprintf($lang['Connect_socket_error'], $errstr) . '

'; + } + else + { + $version_info = '

' . $lang['Socket_functions_disabled'] . '

'; + } + } + + $version_info .= '

' . $lang['Mailing_list_subscribe_reminder'] . '

'; + + + $template->assign_vars(array( + 'VERSION_INFO' => $version_info, + 'L_VERSION_INFORMATION' => $lang['Version_information']) + ); + $template->pparse("body"); include('./page_footer_admin.'.$phpEx); diff -crN phpbb208/admin/page_footer_admin.php phpbb2020/admin/page_footer_admin.php *** phpbb208/admin/page_footer_admin.php Sat Jul 10 20:16:27 2004 --- phpbb2020/admin/page_footer_admin.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.5 2005/09/19 20:49:06 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,30 **** --- 25,32 ---- die("Hacking attempt"); } + global $do_gzip_compress; + // // Show the overall footer. // *************** *** 33,40 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], ! 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); $template->pparse('page_footer'); --- 35,42 ---- ); $template->assign_vars(array( ! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', ! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : '')) ); $template->pparse('page_footer'); diff -crN phpbb208/admin/page_header_admin.php phpbb2020/admin/page_header_admin.php *** phpbb208/admin/page_header_admin.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/page_header_admin.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.5 2003/06/10 20:48:18 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.7 2006/01/29 21:19:02 grahamje Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { --- 35,41 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { *************** *** 132,137 **** --- 132,149 ---- 'T_SPAN_CLASS3' => $theme['span_class3']) ); + // Work around for "current" Apache 2 + PHP module which seems to not + // cope with private cache control setting + if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) + { + header ('Cache-Control: no-cache, pre-check=0, post-check=0'); + } + else + { + header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); + } + header ('Expires: 0'); + header ('Pragma: no-cache'); $template->pparse('header'); diff -crN phpbb208/admin/pagestart.php phpbb2020/admin/pagestart.php *** phpbb208/admin/pagestart.php Sat Jul 10 20:16:26 2004 --- phpbb2020/admin/pagestart.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.7 2004/03/24 14:43:31 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.10 2006/01/22 17:11:09 grahamje Exp $ * * ***************************************************************************/ *************** *** 40,46 **** if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/", true)); } else if ($userdata['user_level'] != ADMIN) { --- 40,46 ---- if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } else if ($userdata['user_level'] != ADMIN) { *************** *** 49,64 **** if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); - $url = str_replace('//', '/', $url); - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; - redirect("index.$phpEx?sid=" . $userdata['session_id']); } if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are --- 49,62 ---- if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { redirect("index.$phpEx?sid=" . $userdata['session_id']); } + if (!$userdata['session_admin']) + { + redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); + } + if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are diff -crN phpbb208/common.php phpbb2020/common.php *** phpbb208/common.php Sat Jul 10 20:16:27 2004 --- phpbb2020/common.php Wed Apr 5 18:53:37 2006 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.10 2003/06/04 17:41:39 acydburn Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.23 2006/02/26 17:34:50 grahamje Exp $ * ***************************************************************************/ *************** *** 25,33 **** --- 24,96 ---- die("Hacking attempt"); } + // error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime + // The following code (unsetting globals) + // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files + + // PHP5 with register_long_arrays off? + if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) + { + $HTTP_POST_VARS = $_POST; + $HTTP_GET_VARS = $_GET; + $HTTP_SERVER_VARS = $_SERVER; + $HTTP_COOKIE_VARS = $_COOKIE; + $HTTP_ENV_VARS = $_ENV; + $HTTP_POST_FILES = $_FILES; + + // _SESSION is the only superglobal which is conditionally set + if (isset($_SESSION)) + { + $HTTP_SESSION_VARS = $_SESSION; + } + } + + // Protect against GLOBALS tricks + if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) + { + die("Hacking attempt"); + } + + // Protect against HTTP_SESSION_VARS tricks + if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) + { + die("Hacking attempt"); + } + + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') + { + // PHP4+ path + $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // HTTP_SESSION_VARS has been initialised. + if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) + { + $HTTP_SESSION_VARS = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)) + { + if (!in_array($var, $not_unset)) + { + unset($$var); + } + } + + unset($input); + } + // // addslashes to vars if magic_quotes_gpc is off // this is a security precaution to prevent someone *************** *** 106,118 **** $theme = array(); $images = array(); $lang = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); exit; } --- 169,183 ---- $theme = array(); $images = array(); $lang = array(); + $nav_links = array(); + $dss_seeded = false; $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); exit; } *************** *** 123,157 **** include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); // // Obtain and encode users IP // ! if( getenv('HTTP_X_FORWARDED_FOR') != '' ) ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! ! $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR')); ! reset($entries); ! while (list(, $entry) = each($entries)) ! { ! $entry = trim($entry); ! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) ) ! { ! $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); ! $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); ! ! if ($client_ip != $found_ip) ! { ! $client_ip = $found_ip; ! break; ! } ! } ! } ! } ! else ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! } $user_ip = encode_ip($client_ip); // --- 188,205 ---- include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); + // We do not need this any longer, unset for safety purposes + unset($dbpasswd); + // // Obtain and encode users IP // ! // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as ! // private range IP's appearing instead of the guilty routable IP, tough, don't ! // even bother complaining ... go scream and shout at the idiots out there who feel ! // "clever" is doing harm rather than good ... karma is a great thing ... :) ! // ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); $user_ip = encode_ip($client_ip); // *************** *** 173,179 **** if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // --- 221,227 ---- if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); } // diff -crN phpbb208/db/mssql.php phpbb2020/db/mssql.php *** phpbb208/db/mssql.php Sat Jul 10 20:16:26 2004 --- phpbb2020/db/mssql.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.4 2006/03/09 19:57:37 grahamje Exp $ * ***************************************************************************/ *************** *** 289,295 **** while( list($key, $value) = @each($row) ) { ! $row[$key] = stripslashes($value); } @reset($row); --- 289,295 ---- while( list($key, $value) = @each($row) ) { ! $row[$key] = ($value === ' ') ? '' : stripslashes($value); } @reset($row); *************** *** 317,323 **** { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = stripslashes($value); } $i++; } --- 317,323 ---- { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value); } $i++; } *************** *** 356,362 **** if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = stripslashes($this->row[$query_id][$field]); } } --- 356,362 ---- if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]); } } diff -crN phpbb208/db/mysql.php phpbb2020/db/mysql.php *** phpbb208/db/mysql.php Sat Jul 10 20:16:26 2004 --- phpbb2020/db/mysql.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php,v 1.16 2002/03/19 01:07:36 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php,v 1.16.2.1 2005/09/18 16:17:20 acydburn Exp $ * ***************************************************************************/ *************** *** 259,265 **** { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][$field]; } else if($this->row[$query_id]) { --- 259,265 ---- { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][0][$field]; } else if($this->row[$query_id]) { diff -crN phpbb208/db/mysql4.php phpbb2020/db/mysql4.php *** phpbb208/db/mysql4.php Sat Jul 10 20:16:26 2004 --- phpbb2020/db/mysql4.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php,v 1.5 2002/04/02 21:13:47 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php,v 1.5.2.1 2005/09/18 16:17:20 acydburn Exp $ * ***************************************************************************/ *************** *** 271,277 **** { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][$field]; } else if( $this->row[$query_id] ) { --- 271,277 ---- { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][0][$field]; } else if( $this->row[$query_id] ) { diff -crN phpbb208/db/oracle.php phpbb2020/db/oracle.php *** phpbb208/db/oracle.php Sat Jul 10 20:16:26 2004 --- phpbb2020/db/oracle.php Thu Jan 1 01:00:00 1970 *************** *** 1,472 **** - persistency = $persistency; - $this->user = $sqluser; - $this->password = $sqlpassword; - $this->server = $sqlserver; - $this->dbname = $database; - - if($this->persistency) - { - $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server); - } - else - { - $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server); - } - if($this->db_connect_id) - { - return $this->db_connect_id; - } - else - { - return false; - } - } - - // - // Other base methods - // - function sql_close() - { - if($this->db_connect_id) - { - // Commit outstanding transactions - if($this->in_transaction) - { - OCICommit($this->db_connect_id); - } - - if($this->query_result) - { - @OCIFreeStatement($this->query_result); - } - $result = @OCILogoff($this->db_connect_id); - return $result; - } - else - { - return false; - } - } - - // - // Base query method - // - function sql_query($query = "", $transaction = FALSE) - { - // Remove any pre-existing queries - unset($this->query_result); - - // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction - $this->in_transaction = TRUE; - - if($query != "") - { - $this->last_query = $query; - $this->num_queries++; - - if(eregi("LIMIT", $query)) - { - preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits); - - $query = $limits[1]; - if($limits[3]) - { - $row_offset = $limits[2]; - $num_rows = $limits[3]; - } - else - { - $row_offset = 0; - $num_rows = $limits[2]; - } - } - - if(eregi("^(INSERT|UPDATE) ", $query)) - { - $query = preg_replace("/\\\'/s", "''", $query); - } - - $this->query_result = @OCIParse($this->db_connect_id, $query); - $success = @OCIExecute($this->query_result, OCI_DEFAULT); - } - if($success) - { - if($transaction == END_TRANSACTION) - { - OCICommit($this->db_connect_id); - $this->in_transaction = FALSE; - } - - unset($this->row[$this->query_result]); - unset($this->rowset[$this->query_result]); - $this->last_query_text[$this->query_result] = $query; - - return $this->query_result; - } - else - { - if($this->in_transaction) - { - OCIRollback($this->db_connect_id); - } - return false; - } - } - - // - // Other query methods - // - function sql_numrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFetchStatement($query_id, $this->rowset); - // OCIFetchStatment kills our query result so we have to execute the statment again - // if we ever want to use the query_id again. - @OCIExecute($query_id, OCI_DEFAULT); - return $result; - } - else - { - return false; - } - } - function sql_affectedrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIRowCount($query_id); - return $result; - } - else - { - return false; - } - } - function sql_numfields($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCINumCols($query_id); - return $result; - } - else - { - return false; - } - } - function sql_fieldname($offset, $query_id = 0) - { - // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain - // full abstraction compatibitly - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = strtolower(@OCIColumnName($query_id, $offset)); - return $result; - } - else - { - return false; - } - } - function sql_fieldtype($offset, $query_id = 0) - { - // This situation is the same as fieldname - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIColumnType($query_id, $offset); - return $result; - } - else - { - return false; - } - } - function sql_fetchrow($query_id = 0, $debug = FALSE) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result_row = ""; - $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS); - if($debug) - { - echo "Query was: ".$this->last_query . "
"; - echo "Result: $result
"; - echo "Query ID: $query_id
"; - echo "
";
- 				var_dump($result_row);
- 				echo "
"; - } - if($result_row == "") - { - return false; - } - - for($i = 0; $i < count($result_row); $i++) - { - list($key, $val) = each($result_row); - $return_arr[strtolower($key)] = $val; - } - $this->row[$query_id] = $return_arr; - - return $this->row[$query_id]; - } - else - { - return false; - } - } - // This function probably isn't as efficant is it could be but any other way I do it - // I end up losing 1 row... - function sql_fetchrowset($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $rows = @OCIFetchStatement($query_id, $results); - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rows; $i++) - { - @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - for($j = 0; $j < count($tmp_result); $j++) - { - list($key, $val) = each($tmp_result); - $return_arr[strtolower($key)] = $val; - } - $result[] = $return_arr; - } - return $result; - } - else - { - return false; - } - } - function sql_fetchfield($field, $rownum = -1, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - if($rownum > -1) - { - // Reset the internal rownum pointer. - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - // Move the interal pointer to the row we want - @OCIFetch($query_id); - } - // Get the field data. - $result = @OCIResult($query_id, strtoupper($field)); - } - else - { - // The internal pointer should be where we want it - // so we just grab the field out of the current row. - $result = @OCIResult($query_id, strtoupper($field)); - } - return $result; - } - else - { - return false; - } - } - function sql_rowseek($rownum, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - @OCIFetch($query_id); - } - $result = @OCIFetch($query_id); - return $result; - } - else - { - return false; - } - } - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL"; - $stmt = @OCIParse($this->db_connect_id, $query); - @OCIExecute($stmt,OCI_DEFAULT ); - $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL"; - $temp_q_id = @OCIParse($this->db_connect_id, $query); - @OCIExecute($temp_q_id, OCI_DEFAULT); - @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - - - function sql_freeresult($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFreeStatement($query_id); - return $result; - } - else - { - return false; - } - } - function sql_error($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - $result = @OCIError($query_id); - return $result; - } - - } // class sql_db - - } // if ... define - - ?> \ No newline at end of file --- 0 ---- diff -crN phpbb208/db/postgres7.php phpbb2020/db/postgres7.php *** phpbb208/db/postgres7.php Sat Jul 10 20:16:26 2004 --- phpbb2020/db/postgres7.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $ * ***************************************************************************/ diff -crN phpbb208/faq.php phpbb2020/faq.php *** phpbb208/faq.php Sat Jul 10 20:16:27 2004 --- phpbb2020/faq.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14 2002/03/31 00:06:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14.2.2 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 34,39 **** --- 34,42 ---- // End session management // + // Set vars to prevent naughtiness + $faq = array(); + // // Load the appropriate faq file // *************** *** 97,103 **** $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, --- 100,106 ---- $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, diff -crN phpbb208/groupcp.php phpbb2020/groupcp.php *** phpbb208/groupcp.php Sat Jul 10 20:16:26 2004 --- phpbb2020/groupcp.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.19 2003/12/30 14:17:49 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.25 2005/09/17 18:36:48 grahamje Exp $ * * ***************************************************************************/ *************** *** 99,107 **** $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; return; } --- 99,107 ---- $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($row['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; return; } *************** *** 337,343 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 337,343 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " *************** *** 425,431 **** $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id = g.group_id(+)"; break; default: --- 425,431 ---- $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: *************** *** 472,478 **** if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? htmlspecialchars($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " --- 472,478 ---- if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " *************** *** 1149,1154 **** --- 1149,1156 ---- // Select all group that the user is a member of or where the user has // a pending membership. // + $in_group = array(); + if ( $userdata['session_logged_in'] ) { $sql = "SELECT g.group_id, g.group_name, g.group_type, ug.user_pending *************** *** 1216,1221 **** --- 1218,1224 ---- // // Load and process templates // + $page_title = $lang['Group_Control_Panel']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 1243,1249 **** $template->assign_block_vars('switch_groups_remaining', array() ); } ! $s_hidden_fields = ''; $template->assign_vars(array( 'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'], --- 1246,1252 ---- $template->assign_block_vars('switch_groups_remaining', array() ); } ! $s_hidden_fields = ''; $template->assign_vars(array( 'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'], diff -crN phpbb208/includes/auth.php phpbb2020/includes/auth.php *** phpbb208/includes/auth.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/auth.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.7 2006/03/06 17:28:51 grahamje Exp $ * * ***************************************************************************/ *************** *** 234,239 **** --- 234,240 ---- { $value = $f_access[$k][$key]; $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); switch( $value ) { *************** *** 282,287 **** --- 283,289 ---- for($k = 0; $k < count($f_access); $k++) { $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; } diff -crN phpbb208/includes/bbcode.php phpbb2020/includes/bbcode.php *** phpbb208/includes/bbcode.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/bbcode.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.31 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.41 2006/02/26 17:34:50 grahamje Exp $ * ***************************************************************************/ *************** *** 124,129 **** --- 124,131 ---- { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 194,216 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. --- 196,218 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. *************** *** 233,239 **** { // Unique ID for this message.. ! $uid = md5(mt_rand()); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; --- 235,241 ---- { // Unique ID for this message.. ! $uid = dss_rand(); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; *************** *** 250,256 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 281,287 **** $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. return substr($text, 1);; --- 283,289 ---- $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. return substr($text, 1);; *************** *** 387,401 **** // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); } } } --- 389,403 ---- // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 14)) { ! if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7); } } } *************** *** 430,436 **** // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! bbcode_array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found --- 432,438 ---- // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found *************** *** 452,458 **** // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = bbcode_array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); --- 454,460 ---- // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); *************** *** 518,524 **** // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; --- 520,526 ---- // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; *************** *** 614,619 **** --- 616,622 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. $ret = ' ' . $text; *************** *** 621,633 **** // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". --- 624,636 ---- // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". *************** *** 697,702 **** --- 700,706 ---- * This function does exactly what the PHP4 function array_push() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_push(&$stack, $value) { *************** *** 708,713 **** --- 712,718 ---- * This function does exactly what the PHP4 function array_pop() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_pop(&$stack) { *************** *** 758,764 **** for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } --- 763,769 ---- for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } diff -crN phpbb208/includes/constants.php phpbb2020/includes/constants.php *** phpbb208/includes/constants.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/constants.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.4 2003/06/10 00:39:51 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.6 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 148,153 **** --- 148,154 ---- // Table names + define('CONFIRM_TABLE', $table_prefix.'confirm'); define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); define('BANLIST_TABLE', $table_prefix.'banlist'); define('CATEGORIES_TABLE', $table_prefix.'categories'); *************** *** 166,171 **** --- 167,173 ---- define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist'); define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch'); define('SESSIONS_TABLE', $table_prefix.'sessions'); + define('SESSIONS_KEYS_TABLE', $table_prefix.'sessions_keys'); define('SMILIES_TABLE', $table_prefix.'smilies'); define('THEMES_TABLE', $table_prefix.'themes'); define('THEMES_NAME_TABLE', $table_prefix.'themes_name'); diff -crN phpbb208/includes/db.php phpbb2020/includes/db.php *** phpbb208/includes/db.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/db.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php,v 1.10 2002/03/18 13:35:22 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php,v 1.10.2.3 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 60,66 **** $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file --- 60,66 ---- $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file diff -crN phpbb208/includes/emailer.php phpbb2020/includes/emailer.php *** phpbb208/includes/emailer.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/emailer.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.35 2005/10/05 17:42:04 grahamje Exp $ ***************************************************************************/ *************** *** 164,170 **** if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 164,170 ---- if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 174,180 **** if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 174,180 ---- if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 261,267 **** $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } --- 261,267 ---- $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } diff -crN phpbb208/includes/functions.php phpbb2020/includes/functions.php *** phpbb208/includes/functions.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.31 2003/07/20 13:14:27 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.44 2006/02/26 19:37:50 grahamje Exp $ * * ***************************************************************************/ *************** *** 74,79 **** --- 74,175 ---- return false; } + // added at phpBB 2.0.11 to properly format the username + function phpbb_clean_username($username) + { + $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); + $username = phpbb_rtrim($username, "\\"); + $username = str_replace("'", "\'", $username); + + return $username; + } + + /** + * This function is a wrapper for ltrim, as charlist is only supported in php >= 4.1.0 + * Added in phpBB 2.0.18 + */ + function phpbb_ltrim($str, $charlist = false) + { + if ($charlist === false) + { + return ltrim($str); + } + + $php_version = explode('.', PHP_VERSION); + + // php version < 4.1.0 + if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) + { + while ($str{0} == $charlist) + { + $str = substr($str, 1); + } + } + else + { + $str = ltrim($str, $charlist); + } + + return $str; + } + + // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) + function phpbb_rtrim($str, $charlist = false) + { + if ($charlist === false) + { + return rtrim($str); + } + + $php_version = explode('.', PHP_VERSION); + + // php version < 4.1.0 + if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) + { + while ($str{strlen($str)-1} == $charlist) + { + $str = substr($str, 0, strlen($str)-1); + } + } + else + { + $str = rtrim($str, $charlist); + } + + return $str; + } + + /** + * Our own generator of random values + * This uses a constantly changing value as the base for generating the values + * The board wide setting is updated once per page if this code is called + * With thanks to Anthrax101 for the inspiration on this one + * Added in phpBB 2.0.20 + */ + function dss_rand() + { + global $db, $board_config, $dss_seeded; + + $val = $board_config['rand_seed'] . microtime(); + $val = md5($val); + $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); + + if($dss_seeded !== true) + { + $sql = "UPDATE " . CONFIG_TABLE . " SET + config_value = '" . $board_config['rand_seed'] . "' + WHERE config_name = 'rand_seed'"; + + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); + } + + $dss_seeded = true; + } + + return substr($val, 16); + } // // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. // *************** *** 81,91 **** { global $db; ! if (intval($user) == 0 || $force_str) { ! $user = trim(htmlspecialchars($user)); ! $user = substr(str_replace("\\'", "'", $user), 0, 25); ! $user = str_replace("'", "\\'", $user); } else { --- 177,185 ---- { global $db; ! if (!is_numeric($user) || $force_str) { ! $user = phpbb_clean_username($user); } else { *************** *** 95,101 **** $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 189,195 ---- $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 188,197 **** $boxstring .= ''; } ! if ( !empty($SID) ) ! { $boxstring .= ''; ! } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') --- 282,292 ---- $boxstring .= ''; } ! // Let the jumpbox work again in sites having additional session id checks. ! // if ( !empty($SID) ) ! // { $boxstring .= ''; ! // } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') *************** *** 308,314 **** if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } $template_path = 'templates/' ; --- 403,442 ---- if ( !($row = $db->sql_fetchrow($result)) ) { ! // We are trying to setup a style which does not exist in the database ! // Try to fallback to the board default (if the user had a custom style) ! // and then any users using this style to the default if it succeeds ! if ( $style != $board_config['default_style']) ! { ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . $board_config['default_style']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not query database for theme info'); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! $db->sql_freeresult($result); ! ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_style = ' . $board_config['default_style'] . " ! WHERE user_style = $style"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user theme info'); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } } $template_path = 'templates/' ; *************** *** 504,510 **** { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); --- 632,638 ---- { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); *************** *** 543,549 **** die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define(HAS_DIED, 1); $sql_store = $sql; --- 671,677 ---- die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define('HAS_DIED', 1); $sql_store = $sql; *************** *** 570,576 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . $err_file; } } --- 698,704 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 597,607 **** } } ! if ( empty($template) ) ! { ! $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); ! } ! if ( empty($theme) ) { $theme = setup_style($board_config['default_style']); } --- 725,731 ---- } } ! if ( empty($template) || empty($theme) ) { $theme = setup_style($board_config['default_style']); } *************** *** 744,749 **** --- 868,878 ---- $db->sql_close(); } + if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])); $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; diff -crN phpbb208/includes/functions_admin.php phpbb2020/includes/functions_admin.php *** phpbb208/includes/functions_admin.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions_admin.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.3 2002/07/19 17:03:47 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.5 2005/09/14 19:16:21 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); ! $sql = "SELECT forum_id, forum_name ! FROM " . FORUMS_TABLE . " ! ORDER BY cat_id, forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Couldn not obtain forums information', '', __LINE__, __FILE__, $sql); --- 30,39 ---- $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); ! $sql = 'SELECT f.forum_id, f.forum_name ! FROM ' . CATEGORIES_TABLE . ' c, ' . FORUMS_TABLE . ' f ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Couldn not obtain forums information', '', __LINE__, __FILE__, $sql); *************** *** 140,149 **** if ( $row = $db->sql_fetchrow($result) ) { ! $sql = ( $row['total_posts'] ) ? "UPDATE " . TOPICS_TABLE . " SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " WHERE topic_id = $id" : "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $id"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); } } break; --- 141,185 ---- if ( $row = $db->sql_fetchrow($result) ) { ! if ($row['total_posts']) { ! // Correct the details of this topic ! $sql = 'UPDATE ' . TOPICS_TABLE . ' ! SET topic_replies = ' . ($row['total_posts'] - 1) . ', topic_first_post_id = ' . $row['first_post'] . ', topic_last_post_id = ' . $row['last_post'] . " ! WHERE topic_id = $id"; ! ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); ! } ! } ! else ! { ! // There are no replies to this topic ! // Check if it is a move stub ! $sql = 'SELECT topic_moved_id ! FROM ' . TOPICS_TABLE . " ! WHERE topic_id = $id"; ! ! if (!($result = $db->sql_query($sql))) ! { ! message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql); ! } ! ! if ($row = $db->sql_fetchrow($result)) ! { ! if (!$row['topic_moved_id']) ! { ! $sql = 'DELETE FROM ' . TOPICS_TABLE . " WHERE topic_id = $id"; ! ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not remove topic', '', __LINE__, __FILE__, $sql); ! } ! } ! } ! ! $db->sql_freeresult($result); } } break; diff -crN phpbb208/includes/functions_post.php phpbb2020/includes/functions_post.php *** phpbb208/includes/functions_post.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions_post.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.35 2003/06/09 19:35:56 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.49 2006/03/14 20:40:32 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,32 **** die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); $unhtml_specialchars_replace = array('>', '<', '"', '&'); --- 25,32 ---- die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); $unhtml_specialchars_replace = array('>', '<', '"', '&'); *************** *** 46,102 **** if ($html_on) { ! $allowed_html_tags = split(',', $board_config['allow_html_tags']); ! $end_html = 0; ! $start_html = 1; ! $tmp_message = ''; ! $message = ' ' . $message . ' '; ! while ($start_html = strpos($message, '<', $start_html)) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! ! if ($end_html = strpos($message, '>', $start_html)) ! { ! $length = $end_html - $start_html + 1; ! $hold_string = substr($message, $start_html, $length); ! ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); ! $hold_string = substr($hold_string, $unclosed_open - 1); ! } ! $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) ! { ! $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) ! { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; ! } ! } ! ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; ! ! $start_html += $length; ! } ! else ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); ! ! $start_html = strlen($message); ! $end_html = $start_html; ! } ! } ! ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { --- 46,70 ---- if ($html_on) { ! // If HTML is on, we try to make it safe ! // This approach is quite agressive and anything that does not look like a valid tag ! // is going to get converted to HTML entities ! $message = stripslashes($message); ! $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; ! $matches = array(); ! $message_split = preg_split($html_match, $message); ! preg_match_all($html_match, $message, $matches); ! $message = ''; ! foreach ($message_split as $part) { ! $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); ! $message .= htmlspecialchars($part) . clean_html($tag); } ! $message = addslashes($message); } else { *************** *** 128,134 **** // Check username if (!empty($username)) { ! $username = trim(strip_tags($username)); if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { --- 96,102 ---- // Check username if (!empty($username)) { ! $username = phpbb_clean_username($username); if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { *************** *** 187,193 **** $option_text = trim($option_text); if (!empty($option_text)) { ! $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; --- 155,161 ---- $option_text = trim($option_text); if (!empty($option_text)) { ! $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; *************** *** 213,219 **** // // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; --- 181,187 ---- // // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; *************** *** 578,593 **** $current_time = time(); ! if ($mode == 'delete') ! { ! $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); ! } ! } ! else { if ($mode == 'reply') { --- 546,552 ---- $current_time = time(); ! if ($mode != 'delete') { if ($mode == 'reply') { *************** *** 769,775 **** $gen_simple_header = TRUE; ! $page_title = $lang['Review_topic'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( --- 728,734 ---- $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 859,862 **** --- 818,883 ---- } } + /** + * Called from within prepare_message to clean included HTML tags if HTML is + * turned on for that post + * @param array $tag Matching text from the message to parse + */ + function clean_html($tag) + { + global $board_config; + + if (empty($tag[0])) + { + return ''; + } + + $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); + $disallowed_attributes = '/^(?:style|on)/i'; + + // Check if this is an end tag + preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); + if (sizeof($matches)) + { + if (in_array(strtolower($matches[1]), $allowed_html_tags)) + { + return ''; + } + else + { + return htmlspecialchars(''); + } + } + + // Check if this is an allowed tag + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + $attributes = ''; + if (!empty($tag[2])) + { + preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); + for ($i = 0; $i < sizeof($test[0]); $i++) + { + if (preg_match($disallowed_attributes, $test[1][$i])) + { + continue; + } + $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; + } + } + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + return '<' . $tag[1] . $attributes . '>'; + } + else + { + return htmlspecialchars('<' . $tag[1] . $attributes . '>'); + } + } + // Finally, this is not an allowed tag so strip all the attibutes and escape it + else + { + return htmlspecialchars('<' . $tag[1] . '>'); + } + } ?> \ No newline at end of file diff -crN phpbb208/includes/functions_search.php phpbb2020/includes/functions_search.php *** phpbb208/includes/functions_search.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions_search.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.18 2004/03/25 15:57:20 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.20 2005/09/14 18:14:30 acydburn Exp $ * ****************************************************************************/ *************** *** 89,95 **** return $entry; } ! function split_words(&$entry, $mode = 'post') { // If you experience problems with the new method, uncomment this block. /* --- 89,95 ---- return $entry; } ! function split_words($entry, $mode = 'post') { // If you experience problems with the new method, uncomment this block. /* *************** *** 435,441 **** $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); $sql = "SELECT username FROM " . USERS_TABLE . " --- 435,441 ---- $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username FROM " . USERS_TABLE . " *************** *** 469,475 **** ); $template->assign_vars(array( ! 'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], --- 469,475 ---- ); $template->assign_vars(array( ! 'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], diff -crN phpbb208/includes/functions_selects.php phpbb2020/includes/functions_selects.php *** phpbb208/includes/functions_selects.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions_selects.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.4 2002/12/22 12:20:35 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 108,111 **** return $tz_select; } ! ?> --- 108,111 ---- return $tz_select; } ! ?> \ No newline at end of file diff -crN phpbb208/includes/functions_validate.php phpbb2020/includes/functions_validate.php *** phpbb208/includes/functions_validate.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/functions_validate.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,46 **** global $db, $lang, $userdata; // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', $username); ! // Limit username length ! $username = substr(str_replace("\'", "'", $username), 0, 25); ! $username = str_replace("'", "''", $username); $sql = "SELECT username ! FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { --- 30,44 ---- global $db, $lang, $userdata; // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', trim($username)); ! $username = phpbb_clean_username($username); $sql = "SELECT username ! FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { ! while ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { *************** *** 72,78 **** { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); --- 70,76 ---- { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); *************** *** 91,97 **** { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); --- 89,95 ---- { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); diff -crN phpbb208/includes/page_header.php phpbb2020/includes/page_header.php *** phpbb208/includes/page_header.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/page_header.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.22 2004/03/01 16:46:37 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.25 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { --- 35,41 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { *************** *** 91,96 **** --- 91,97 ---- $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; + $l_online_users = ''; if (defined('SHOW_ONLINE')) { *************** *** 111,117 **** $userlist_visible = array(); $prev_user_id = 0; ! $prev_user_ip = ''; while( $row = $db->sql_fetchrow($result) ) { --- 112,118 ---- $userlist_visible = array(); $prev_user_id = 0; ! $prev_user_ip = $prev_session_ip = ''; while( $row = $db->sql_fetchrow($result) ) { *************** *** 449,454 **** --- 450,463 ---- if ( !$userdata['session_logged_in'] ) { $template->assign_block_vars('switch_user_logged_out', array()); + // + // Allow autologin? + // + if (!isset($board_config['allow_autologin']) || $board_config['allow_autologin'] ) + { + $template->assign_block_vars('switch_allow_autologin', array()); + $template->assign_block_vars('switch_user_logged_out.switch_allow_autologin', array()); + } } else { *************** *** 465,471 **** // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting ! if (!empty($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache/2')) { header ('Cache-Control: no-cache, pre-check=0, post-check=0'); } --- 474,480 ---- // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting ! if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) { header ('Cache-Control: no-cache, pre-check=0, post-check=0'); } diff -crN phpbb208/includes/page_tail.php phpbb2020/includes/page_tail.php *** phpbb208/includes/page_tail.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/page_tail.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.2 2002/11/26 11:42:12 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.4 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 25,30 **** --- 25,32 ---- die('Hacking attempt'); } + global $do_gzip_compress; + // // Show the overall footer. // *************** *** 35,42 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); --- 37,43 ---- ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : ''), 'ADMIN_LINK' => $admin_link) ); diff -crN phpbb208/includes/prune.php phpbb2020/includes/prune.php *** phpbb208/includes/prune.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/prune.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.6 2003/03/18 23:23:57 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.7 2006/01/29 17:31:16 grahamje Exp $ * * ***************************************************************************/ *************** *** 31,36 **** --- 31,51 ---- { global $db, $lang; + // Before pruning, lets try to clean up the invalid topic entries + $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' + WHERE topic_last_post_id = 0'; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql); + } + + while( $row = $db->sql_fetchrow($result) ) + { + sync('topic', $row['topic_id']); + } + + $db->sql_freeresult($result); + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // // Those without polls and announcements ... unless told otherwise! *************** *** 39,46 **** FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id $prune_all ! AND ( p.post_id = t.topic_last_post_id ! OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) { $sql .= " AND p.post_time < $prune_date"; --- 54,60 ---- FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id $prune_all ! AND p.post_id = t.topic_last_post_id"; if ( $prune_date != '' ) { $sql .= " AND p.post_time < $prune_date"; diff -crN phpbb208/includes/sessions.php phpbb2020/includes/sessions.php *** phpbb208/includes/sessions.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/sessions.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.10 2003/04/05 12:04:33 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.23 2006/04/05 12:42:23 grahamje Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; --- 24,30 ---- // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; *************** *** 47,111 **** $sessionmethod = SESSION_METHOD_GET; } $last_visit = 0; $current_time = time(); - $expiry_time = $current_time - $board_config['session_length']; // ! // Try and pull the last time stored in a cookie, if it exists // ! $sql = "SELECT * ! FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql); } ! $userdata = $db->sql_fetchrow($result); ! if ( $user_id != ANONYMOUS ) { ! $auto_login_key = $userdata['user_password']; ! ! if ( $auto_create ) { ! if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { ! // We have to login automagically ! if( $sessiondata['autologinid'] == $auto_login_key ) ! { ! // autologinid matches password ! $login = 1; ! $enable_autologin = 1; ! } ! else ! { ! // No match; don't login, set as anonymous user ! $login = 0; ! $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! } ! } ! else ! { ! // Autologin is not set. Don't login, set as anonymous user ! $login = 0; ! $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; } } ! else { $login = 1; } } ! else ! { ! $login = 0; ! $enable_autologin = 0; } // // Initial ban check against user id, IP and email address // --- 47,146 ---- $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $page_id = (int) $page_id; + $last_visit = 0; $current_time = time(); // ! // Are auto-logins allowed? ! // If allow_autologin is not set or is true then they are ! // (same behaviour as old 2.0.x session code) // ! if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin']) { ! $enable_autologin = $sessiondata['autologinid'] = false; } ! // ! // First off attempt to join with the autologin value if we have one ! // If not, just use the user_id value ! // ! $userdata = array(); ! if ($user_id != ANONYMOUS) { ! if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id) { ! $sql = 'SELECT u.* ! FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k ! WHERE u.user_id = ' . (int) $user_id . " ! AND u.user_active = 1 ! AND k.user_id = u.user_id ! AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"; ! if (!($result = $db->sql_query($sql))) { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } + + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $enable_autologin = $login = 1; } ! else if (!$auto_create) { + $sessiondata['autologinid'] = ''; + $sessiondata['userid'] = $user_id; + + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $user_id . ' + AND user_active = 1'; + if (!($result = $db->sql_query($sql))) + { + message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); + } + + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $login = 1; } } ! ! // ! // At this point either $userdata should be populated or ! // one of the below is true ! // * Key didn't match one in the DB ! // * User does not exist ! // * User is inactive ! // ! if (!sizeof($userdata) || !is_array($userdata) || !$userdata) ! { ! $sessiondata['autologinid'] = ''; ! $sessiondata['userid'] = $user_id = ANONYMOUS; ! $enable_autologin = $login = 0; ! ! $sql = 'SELECT * ! FROM ' . USERS_TABLE . ' ! WHERE user_id = ' . (int) $user_id; ! if (!($result = $db->sql_query($sql))) ! { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); ! } ! ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } + // // Initial ban check against user id, IP and email address // *************** *** 137,152 **** // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); --- 172,187 ---- // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(dss_rand()); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); *************** *** 154,173 **** } if ( $user_id != ANONYMOUS ) ! {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; $sessiondata['userid'] = $user_id; } --- 189,243 ---- } if ( $user_id != ANONYMOUS ) ! { $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! if (!$admin) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); ! } } $userdata['user_lastvisit'] = $last_visit; ! // ! // Regenerate the auto-login key ! // ! if ($enable_autologin) ! { ! $auto_login_key = dss_rand() . dss_rand(); ! ! if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') ! { ! $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " ! SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time ! WHERE key_id = '" . md5($sessiondata['autologinid']) . "'"; ! } ! else ! { ! $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login) ! VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)"; ! } ! ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); ! } ! ! $sessiondata['autologinid'] = $auto_login_key; ! unset($auto_login_key); ! } ! else ! { ! $sessiondata['autologinid'] = ''; ! } ! ! // $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 178,183 **** --- 248,255 ---- $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; + $userdata['session_admin'] = $admin; + $userdata['session_key'] = $sessiondata['autologinid']; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); *************** *** 217,222 **** --- 289,302 ---- $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $thispage_id = (int) $thispage_id; + // // Does a session exist? // *************** *** 259,266 **** // if ( $current_time - $userdata['session_time'] > 60 ) { $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { --- 339,349 ---- // if ( $current_time - $userdata['session_time'] > 60 ) { + // A little trick to reset session_admin on session re-usage + $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; + $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id$update_admin WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { *************** *** 270,276 **** if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { --- 353,359 ---- if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { *************** *** 278,294 **** } } ! // ! // Delete expired sessions ! // ! $expiry_time = $current_time - $board_config['session_length']; ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); ! } setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); --- 361,367 ---- } } ! session_clean($userdata['session_id']); setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); *************** *** 314,327 **** } ! // ! // session_end closes out a session ! // deleting the corresponding entry ! // in the sessions table ! // function session_end($session_id, $user_id) { ! global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; --- 387,400 ---- } ! /** ! * Terminates the specified session ! * It will delete the entry in the sessions table for this session, ! * remove the corresponding auto-login key and reset the cookies ! */ function session_end($session_id, $user_id) { ! global $db, $lang, $board_config, $userdata; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; *************** *** 331,354 **** $current_time = time(); ! // ! // Pull cookiedata or grab the URI propagated sid ! // ! if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ) ! { ! $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessionmethod = SESSION_METHOD_COOKIE; ! } ! else { ! $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; ! $sessionmethod = SESSION_METHOD_GET; } ! // // Delete existing session // ! $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; if ( !$db->sql_query($sql) ) --- 404,418 ---- $current_time = time(); ! if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { ! return; } ! // // Delete existing session // ! $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; if ( !$db->sql_query($sql) ) *************** *** 356,367 **** --- 420,556 ---- message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } + // + // Remove this auto-login entry (if applicable) + // + if ( isset($userdata['session_key']) && $userdata['session_key'] != '' ) + { + $autologin_key = md5($userdata['session_key']); + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + AND key_id = '$autologin_key'"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql); + } + } + + // + // We expect that message_die will be called after this function, + // but just in case it isn't, reset $userdata to the details for a guest + // + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . ANONYMOUS; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); + } + if ( !($userdata = $db->sql_fetchrow($result)) ) + { + message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); + } + $db->sql_freeresult($result); + + setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); return true; } + /** + * Removes expired sessions and auto-login keys from the database + */ + function session_clean($session_id) + { + global $board_config, $db; + + // + // Delete expired sessions + // + $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' + WHERE session_time < ' . (time() - (int) $board_config['session_length']) . " + AND session_id <> '$session_id'"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); + } + + // + // Delete expired auto-login keys + // If max_autologin_time is not set then keys will never be deleted + // (same behaviour as old 2.0.x session code) + // + if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0) + { + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time'])); + $db->sql_query($sql); + } + + return true; + } + + /** + * Reset all login keys for the specified user + * Called on password changes + */ + function session_reset_keys($user_id, $user_ip) + { + global $db, $userdata; + + $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; + + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + $key_sql"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); + } + + $where_sql = 'session_user_id = ' . (int) $user_id; + $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE $where_sql"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); + } + + if ( !empty($key_sql) ) + { + $auto_login_key = dss_rand() . dss_rand(); + + $current_time = time(); + + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " + SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time + WHERE key_id = '" . md5($userdata['session_key']) . "'"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); + } + + // And now rebuild the cookie + $sessiondata['userid'] = $user_id; + $sessiondata['autologinid'] = $autologin_id; + $cookiename = $board_config['cookie_name']; + $cookiepath = $board_config['cookie_path']; + $cookiedomain = $board_config['cookie_domain']; + $cookiesecure = $board_config['cookie_secure']; + + setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); + + $userdata['session_key'] = $auto_login_key; + unset($sessiondata); + unset($auto_login_key); + } + } + // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper *************** *** 374,380 **** if ( !empty($SID) && !preg_match('#sid=#', $url) ) { ! $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; --- 563,569 ---- if ( !empty($SID) && !preg_match('#sid=#', $url) ) { ! $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; diff -crN phpbb208/includes/smtp.php phpbb2020/includes/smtp.php *** phpbb208/includes/smtp.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/smtp.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.9 2003/07/18 16:34:01 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.11 2005/09/27 20:24:35 grahamje Exp $ * ***************************************************************************/ *************** *** 27,33 **** // using SMTP Extensions // function server_parse($socket, $response, $line = __LINE__) ! { while (substr($server_response, 3, 1) != ' ') { if (!($server_response = fgets($socket, 256))) --- 27,34 ---- // using SMTP Extensions // function server_parse($socket, $response, $line = __LINE__) ! { ! $server_response = ''; while (substr($server_response, 3, 1) != ' ') { if (!($server_response = fgets($socket, 256))) *************** *** 106,112 **** // Ok we have error checked as much as we can to this point let's get on // it already. ! if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) ) { message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__); } --- 107,113 ---- // Ok we have error checked as much as we can to this point let's get on // it already. ! if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) ) { message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__); } diff -crN phpbb208/includes/template.php phpbb2020/includes/template.php *** phpbb208/includes/template.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/template.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.3 2002/12/21 19:09:57 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 230,236 **** // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = phpbb_realpath($this->root . '/' . $filename); } if (!file_exists($filename)) --- 230,236 ---- // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = ($rp_filename = phpbb_realpath($this->root . '/' . $filename)) ? $rp_filename : $filename; } if (!file_exists($filename)) *************** *** 475,478 **** } ! ?> --- 475,478 ---- } ! ?> \ No newline at end of file diff -crN phpbb208/includes/topic_review.php phpbb2020/includes/topic_review.php *** phpbb208/includes/topic_review.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/topic_review.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.2 2004/03/01 15:56:51 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** if ( !$is_inline_review ) { ! if ( !isset($topic_id) ) { ! message_die(GENERAL_MESSAGE, 'Topic_not_exist'); } // --- 30,38 ---- if ( !$is_inline_review ) { ! if ( !isset($topic_id) || !$topic_id) { ! message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } // *************** *** 225,228 **** } } ! ?> --- 225,228 ---- } } ! ?> \ No newline at end of file diff -crN phpbb208/includes/usercp_activate.php phpbb2020/includes/usercp_activate.php *** phpbb208/includes/usercp_activate.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/usercp_activate.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.7 2003/05/03 23:24:02 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.9 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 47,52 **** --- 47,64 ---- } else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { + if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $row['user_newpasswd'] == '') + { + if (!$userdata['session_logged_in']) + { + redirect(append_sid('login.' . $phpEx . '?redirect=profile.' . $phpEx . '&mode=activate&' . POST_USERS_URL . '=' . $row['user_id'] . '&act_key=' . trim($HTTP_GET_VARS['act_key']))); + } + else if ($userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); + } + } + $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " diff -crN phpbb208/includes/usercp_avatar.php phpbb2020/includes/usercp_avatar.php *** phpbb208/includes/usercp_avatar.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/usercp_avatar.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.17 2003/03/04 21:02:36 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.23 2006/01/27 21:23:22 grahamje Exp $ * * ***************************************************************************/ *************** *** 51,56 **** --- 51,57 ---- { global $board_config, $userdata; + $avatar_file = basename($avatar_file); if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $avatar_file)) ) *************** *** 62,73 **** return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; } ! function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { global $board_config; ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') ) { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } else { --- 63,88 ---- return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; } ! function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category) { global $board_config; ! ! $avatar_filename = phpbb_ltrim(basename($avatar_filename), "'"); ! $avatar_category = phpbb_ltrim(basename($avatar_category), "'"); ! ! if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename)) ! { ! return ''; ! } ! ! if ($avatar_filename == "" || $avatar_category == "") ! { ! return ''; ! } ! ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') ) { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_category . '/' . $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } else { *************** *** 78,89 **** function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match('#^((http)|(ftp):\/\/[\w\-]+?\.([\w\-]+\.)+[\w]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; --- 93,108 ---- function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { + global $lang; + if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! $avatar_filename = substr($avatar_filename, 0, 100); ! ! if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; *************** *** 100,105 **** --- 119,127 ---- $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; + $width = $height = 0; + $type = ''; + if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) *************** *** 157,163 **** message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__); } ! list($width, $height) = @getimagesize($tmp_filename); } else { --- 179,185 ---- message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__); } ! list($width, $height, $type) = @getimagesize($tmp_filename); } else { *************** *** 183,189 **** return; } ! list($width, $height) = @getimagesize($avatar_filename); } if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) ) --- 205,211 ---- return; } ! list($width, $height, $type) = @getimagesize($avatar_filename); } if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) ) *************** *** 191,206 **** return; } ! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) ) ! { ! @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); ! } } if( $avatar_mode == 'remote' ) --- 213,263 ---- return; } ! switch ($type) ! { ! // GIF ! case 1: ! if ($imgtype != '.gif') ! { ! @unlink($tmp_filename); ! message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); ! } ! break; ! ! // JPG, JPC, JP2, JPX, JB2 ! case 2: ! case 9: ! case 10: ! case 11: ! case 12: ! if ($imgtype != '.jpg' && $imgtype != '.jpeg') ! { ! @unlink($tmp_filename); ! message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); ! } ! break; ! ! // PNG ! case 3: ! if ($imgtype != '.png') ! { ! @unlink($tmp_filename); ! message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); ! } ! break; ! ! default: ! @unlink($tmp_filename); ! message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); ! } ! ! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! user_avatar_delete($current_type, $current_avatar); } if( $avatar_mode == 'remote' ) *************** *** 224,229 **** --- 281,290 ---- $move_file = 'copy'; } + if (!is_uploaded_file($avatar_filename)) + { + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } $move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename"); } *************** *** 262,268 **** { if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . '/' . $sub_file; $avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file))); $avatar_col_count++; --- 323,329 ---- { if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file; $avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file))); $avatar_col_count++; *************** *** 308,314 **** for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars('avatar_row.avatar_column', array( ! "AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $avatar_images[$category][$i][$j], "AVATAR_NAME" => $avatar_name[$category][$i][$j]) ); --- 369,375 ---- for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars('avatar_row.avatar_column', array( ! "AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j], "AVATAR_NAME" => $avatar_name[$category][$i][$j]) ); *************** *** 320,326 **** $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { --- 381,387 ---- $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { *************** *** 342,345 **** return; } ! ?> --- 403,406 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb208/includes/usercp_confirm.php phpbb2020/includes/usercp_confirm.php *** phpbb208/includes/usercp_confirm.php Thu Jan 1 01:00:00 1970 --- phpbb2020/includes/usercp_confirm.php Wed Apr 5 18:53:36 2006 *************** *** 0 **** --- 1,434 ---- + sql_query($sql); + + // If we have a row then grab data else create a new id + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + $code = $row['code']; + } + else + { + exit; + } + + // If we can we will generate a single filtered png else we will have to simply + // output six seperate original pngs ... first way is preferable! + if (@extension_loaded('zlib')) + { + $_png = define_filtered_pngs(); + + $total_width = 320; + $total_height = 50; + $img_height = 40; + $img_width = 0; + $l = 0; + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $char_widths = array(); + for ($i = 0; $i < strlen($code); $i++) + { + $char = $code{$i}; + + $width = mt_rand(0, 4); + $char_widths[] = $width; + $img_width += $_png[$char]['width'] - $width; + } + + $offset_x = mt_rand(0, $total_width - $img_width); + $offset_y = mt_rand(0, $total_height - $img_height); + + $image = ''; + $hold_chars = array(); + for ($i = 0; $i < $total_height; $i++) + { + $image .= chr(0); + + if ($i > $offset_y && $i < $offset_y + $img_height) + { + $j = 0; + + for ($k = 0; $k < $offset_x; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + for ($k = 0; $k < strlen($code); $k++) + { + $char = $code{$k}; + + if (empty($hold_chars[$char])) + { + $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); + } + $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); + $j++; + } + + for ($k = $offset_x + $img_width; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + } + + } + unset($hold); + + $image = create_png(gzcompress($image), $total_width, $total_height); + + // Output image + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo $image; + + unset($image); + unset($_png); + exit; + + } + else + { + $_png = define_raw_pngs(); + + $c = intval($HTTP_GET_VARS['c']); + $char = substr($code, $c - 1, 1); + + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo base64_decode($_png[$char]); + + unset($_png); + exit; + } + + exit; + + // This is designed to randomise the pixels of the image data within + // certain limits so as to keep it readable. It also varies the image + // width a little + function randomise($scanline, $width) + { + $new_line = ''; + $start = floor($width/2); + $end = strlen($scanline) - ceil($width/2); + + for ($i = $start; $i < $end; $i++) + { + $pixel = ord($scanline{$i}); + + if ($pixel < 190) + { + $new_line .= chr(mt_rand(0, 205)); + } + else if ($pixel > 190) + { + $new_line .= chr(mt_rand(145, 255)); + } + else + { + $new_line .= $scanline{$i}; + } + } + + return $new_line; + } + + // This creates a chunk of the given type, with the given data + // of the given length adding the relevant crc + function png_chunk($length, $type, $data) + { + $raw = $type; + $raw .= $data; + $crc = crc32($raw); + $raw .= pack('C4', $crc >> 24, $crc >> 16, $crc >> 8, $crc); + + return pack('C4', $length >> 24, $length >> 16, $length >> 8, $length) . $raw; + } + + // Creates greyscale 8bit png - The PNG spec can be found at + // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use + // png because it's a fully recognised open standard and supported + // by practically all modern browsers and OSs + function create_png($gzimage, $width, $height) + { + // SIG + $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); + // IHDR + $raw = pack('C4', $width >> 24, $width >> 16, $width >> 8, $width); + $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); + $raw .= pack('C5', 8, 0, 0, 0, 0); + $image .= png_chunk(13, 'IHDR', $raw); + // IDAT + $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); + // IEND + $image .= png_chunk(0, 'IEND', ''); + + return $image; + } + + // Each 'data' element is base64_encoded uncompressed IDAT + // png image data + function define_filtered_pngs() + { + $_png = array( + '0' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////olFAkBAAAGDyA4P///M31/////////////wD////////////////0dAgAAAAAAAAAAAAEcPipFGHn////////////AP//////////////6DAAAAAAAAAAAAAAAAAALSEAN+T///////////8A//////////////xAAAAAAAAAAAAAAAAAAAAAACPA/////////////wD/////////////oAAAAAAAAAAAAAAAAAAAAAAAev//////////////AP////////////8oAAAAAAAAPNj/zDAAAAAAAABD//////////////8A////////////1AAAAAAAABjw////5BAAAAAAAADo/////////////wD///////////+QAAAAAAAAbP//////QgAAAAAAAKj/////////////AP///////////1wAAAAAAACs/////8AXAAAAAAAAcP////////////8A////////////OAAAAAAAAND////dNwAAAAAAAABI/////////////wD///////////8gAAAAAAAA4P//7koACwAAAAAAACT/////////////AP///////////wgAAAAAAAD///VqAwaPAAAAAAAAEP////////////8A////////////AAAAAAAAAP/8kQYDavUAAAAAAAAA/////////////wD///////////8AAAAAAAAA/6kNAEru/wAAAAAAAAD/////////////AP///////////wAAAAAAAADAIwA33f//AAAAAAAAAP////////////8A////////////FAAAAAAAADYAI8D///8AAAAAAAAQ/////////////wD///////////8kAAAAAAAAAA2p////5AAAAAAAACD/////////////AP///////////0gAAAAAAAAFkfz////UAAAAAAAAQP////////////8A////////////cAAAAAAAAET1/////7AAAAAAAABo/////////////wD///////////+oAAAAAAAAXfX/////sAAAAAAAAGj/////////////AAAAALgAAAAAAAAwAAAAAAAAAAAAAAD////////////oAAAAAAAACOT////oEAAAAAAAAOD/////////////AP////////////8+AAAAAAAAKMz/zDQAAAAAAAA0//////////////8A////////////7jgAAAAAAAAAAAAAAAAAAAAAAKT//////////////wD///////////VqAwIAAAAAAAAAAAAAAAAAAAA8////////////////AP//////////rQcDaVEAAAAAAAAAAAAAAAAAKOj///////////////8A///////////nblnu/IAIAAAAAAAAAAAAAFzw/////////////////wD////////////79////+iITCAAAAAgSITg////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////w==', + 'width' => 40 + ), + '1' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////8BAAAAAAAP//////////////////AP////////////////////////9sAAAAAAAA//////////////////8A////////////////////////pAAAAAAAAAD//////////////////wD//////////////////////6wEAAAAAAAAAP//////////////////AP////////////////////h4AAAAAAAAAAAA//////////////////8A//////////////////ygJAAAAAAAAAAAAAD//////////////////wD//////////////9x8HAAAAAAAAAAAAAAAAP//////////////////AP//////////////AAAAAAAAAAAAAAAAAAAA//////////////////8A//////////////8AAAAAAAAAAAAAAAAAAAD//////////////////wD//////////////wAAAAAAAAR4AAAAAAAAAP//////////////////AP//////////////AAAAAAA4zP8AAAAAAAAA//////////////////8A//////////////8AAAA4sP///wAAAAAAAAD//////////////////wD//////////////yR80P//////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '2' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////okFAkCAAABCBIfNT///////////////////8A///////////////8hAgAAAAAAAAAAAAAAFTo/////////////////wD//////////////1QAAAAAAAAAAAAAAAAAACjo////////////////AP////////////+MAAAAAAAAAAAAAAAAAAAAADj///////////////8A////////////9BAAAAAAAAAAAAAAAAAAAAAAALD//////////////wD///////////+gAAAAAAAAAHjs+KwMAAAAAAAAVP//////////////AP///////////1gAAAAAAABM/////6QAAAAAAAAU//////////////8A////////////KAAAAAAAALj/////+AAAAAAAAAD//////////////wD///////////+MfGBMOCAI8P/////wAAAAAAAACP//////////////AP///////////////////////////5wAAAAAAAAw//////////////8A///////////////////////////oFAAAAAAAAHz//////////////wD/////////////////////////6CgAAAAAAAAE3P//////////////AP///////////////////////9ggAAAAAAAAAHT///////////////8A//////////////////////+0DAAAAAAAAAA8+P///////////////wD/////////////////////gAAAAAAAAAAAKOj/////////////////AP//////////////////9FAAAAAAAAAAADzw//////////////////8A/////////////////+g4AAAAAAAAAABk/P///////////////////wD////////////////oKAAAAAAAAAAMqP//////////////////////AP//////////////6CgAAAAAAAAAMNz///////////////////////8A//////////////g4AAAAAAAAAFT0/////////////////////////wD/////////////bAAAAAAAAABU/P//////////////////////////AP///////////8wAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A////////////SAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////9AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////xAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '3' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////8sGg0FAAAACA4cLz8////////////////////AP//////////////rBgAAAAAAAAAAAAAACTA//////////////////8A/////////////3QAAAAAAAAAAAAAAAAAAASs/////////////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAjc////////////////AP//////////6AwAAAAAAAAAAAAAAAAAAAAAAGT///////////////8A//////////94AAAAAAAABJDw/8g4AAAAAAAAHP///////////////wD//////////yAAAAAAAACE/////9gAAAAAAAAA////////////////AP///////////NSwiGQ4FOT//////AAAAAAAABD///////////////8A//////////////////////////+YAAAAAAAAVP///////////////wD//////////////////////P/ggAQAAAAAAATM////////////////AP////////////////////9gAAAAAAAAAAAElP////////////////8A/////////////////////0AAAAAAAAAAHLj//////////////////wD/////////////////////OAAAAAAAAAAwkPj/////////////////AP////////////////////8gAAAAAAAAAAAAINj///////////////8A/////////////////////xAAAAAAAAAAAAAAIPD//////////////wD/////////////////////uOz/4HgEAAAAAAAAhP//////////////AP///////////////////////////3wAAAAAAAAw//////////////8A////////////////////////////6AAAAAAAAAj//////////////wD/////////////////////////////AAAAAAAAAP//////////////AP//////////tJh8YEQoDNz//////+AAAAAAAAAY//////////////8A//////////88AAAAAAAAaP//////dAAAAAAAAEz//////////////wD//////////6QAAAAAAAAAdOD/5HQAAAAAAAAApP//////////////AP///////////CgAAAAAAAAAAAAAAAAAAAAAACD4//////////////8A////////////yAQAAAAAAAAAAAAAAAAAAAAEuP///////////////wD/////////////rAQAAAAAAAAAAAAAAAAABJD/////////////////AP//////////////zDQAAAAAAAAAAAAAACTA//////////////////8A/////////////////8BwOCAAAAAUNGi0/P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '4' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////////////nAAAAAAAAAD///////////////8A/////////////////////////8AEAAAAAAAAAP///////////////wD////////////////////////gGAAAAAAAAAAA////////////////AP//////////////////////9DAAAAAAAAAAAAD///////////////8A//////////////////////9UAAAAAAAAAAAAAP///////////////wD/////////////////////hAAAAAAAAAAAAAAA////////////////AP///////////////////7QAAAAAAAAAAAAAAAD///////////////8A///////////////////UDAAAAAAUAAAAAAAAAP///////////////wD/////////////////7CQAAAAABMAAAAAAAAAA////////////////AP////////////////xEAAAAAACU/wAAAAAAAAD///////////////8A////////////////cAAAAAAAZP//AAAAAAAAAP///////////////wD//////////////6AAAAAAADz8//8AAAAAAAAA////////////////AP/////////////IBAAAAAAc6P///wAAAAAAAAD///////////////8A////////////5BgAAAAADMz/////AAAAAAAAAP///////////////wD///////////g0AAAAAACk//////8AAAAAAAAA////////////////AP//////////XAAAAAAAfP///////wAAAAAAAAD///////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP///////////////////////////wAAAAAAAAD///////////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '5' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////8AAAAAAAAAAAAAAAAAAAAAAA//////////////8A///////////////MAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////6wAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////iAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////////9kAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////0QAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////IAAAAAAAYP////////////////////////////8A//////////////wAAAAAAAB8/////////////////////////////wD/////////////3AAAAAAAAIj/////////////////////////////AP////////////+4AAAAAAAAoLRYHAAEKGTE//////////////////8A/////////////5QAAAAAAAAQAAAAAAAAAABY9P///////////////wD/////////////dAAAAAAAAAAAAAAAAAAAAAA89P//////////////AP////////////9QAAAAAAAAAAAAAAAAAAAAAABg//////////////8A/////////////zAAAAAAAAAAAAAAAAAAAAAAAADQ/////////////wD/////////////IAAAAAAAAGjY/+h4BAAAAAAAAGz/////////////AP//////////////9NS0lHSc//////90AAAAAAAALP////////////8A/////////////////////////////9QAAAAAAAAE/////////////wD//////////////////////////////wAAAAAAAAD/////////////AP/////////////////////////////8AAAAAAAAEP////////////8A////////////pIRwWEAgDOD//////8wAAAAAAAA8/////////////wD///////////9EAAAAAAAAaP//////ZAAAAAAAAHz/////////////AP///////////6QAAAAAAAAAaOD/4GQAAAAAAAAE4P////////////8A/////////////CQAAAAAAAAAAAAAAAAAAAAAAGD//////////////wD/////////////yAQAAAAAAAAAAAAAAAAAAAAc7P//////////////AP//////////////rAwAAAAAAAAAAAAAAAAAGNj///////////////8A////////////////0EAAAAAAAAAAAAAAAFTo/////////////////wD//////////////////8h4QCAAAAAcQHzU////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '6' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////+0ZCwMAAAUNGjI////////////////////AP/////////////////EMAAAAAAAAAAAAABM6P////////////////8A////////////////lAQAAAAAAAAAAAAAAAAo6P///////////////wD//////////////6wAAAAAAAAAAAAAAAAAAABI////////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAACw//////////////8A/////////////3AAAAAAAAAoxP/YPAAAAAAAAEj//////////////wD////////////4EAAAAAAACOD////YDCBAVGiAoP//////////////AP///////////7gAAAAAAABY//////////////////////////////8A////////////eAAAAAAAAJT//////////////////////////////wD///////////9MAAAAAAAAvP/IXBgABCx03P//////////////////AP///////////ygAAAAAAADcdAAAAAAAAAAEiP////////////////8A////////////FAAAAAAAAFAAAAAAAAAAAAAAcP///////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAlP//////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAQ8P////////////8A////////////AAAAAAAAAABAyP/kZAAAAAAAAACQ/////////////wD///////////8MAAAAAAAALPj/////WAAAAAAAAET/////////////AP///////////yQAAAAAAACY///////MAAAAAAAAFP////////////8A////////////SAAAAAAAAMD///////wAAAAAAAAA/////////////wD///////////9wAAAAAAAAvP///////wAAAAAAAAD/////////////AP///////////7QAAAAAAACI///////UAAAAAAAAJP////////////8A////////////+AwAAAAAACDw/////2wAAAAAAABY/////////////wD/////////////cAAAAAAAADC8/Ox4AAAAAAAAAKj/////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAAAk/P////////////8A//////////////+oAAAAAAAAAAAAAAAAAAAABLj//////////////wD///////////////+QAAAAAAAAAAAAAAAAAACQ////////////////AP////////////////+0JAAAAAAAAAAAAAAkuP////////////////8A///////////////////8sGg0FAAADCxgqPz//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '7' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAABP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAy4/////////////wD//////////////////////////+QUAAAAAAAEuP//////////////AP/////////////////////////8QAAAAAAAAKT///////////////8A/////////////////////////4wAAAAAAAB0/////////////////wD////////////////////////cCAAAAAAANPz/////////////////AP///////////////////////0QAAAAAAATY//////////////////8A//////////////////////+0AAAAAAAAeP///////////////////wD//////////////////////CQAAAAAABTw////////////////////AP////////////////////+gAAAAAAAAkP////////////////////8A/////////////////////ywAAAAAABDw/////////////////////wD///////////////////+4AAAAAAAAbP//////////////////////AP///////////////////1wAAAAAAADQ//////////////////////8A///////////////////4DAAAAAAAMP///////////////////////wD//////////////////7QAAAAAAAB8////////////////////////AP//////////////////aAAAAAAAAMj///////////////////////8A//////////////////8oAAAAAAAM/P///////////////////////wD/////////////////8AAAAAAAAET/////////////////////////AP////////////////+0AAAAAAAAcP////////////////////////8A/////////////////4wAAAAAAACY/////////////////////////wD/////////////////WAAAAAAAAMD/////////////////////////AP////////////////80AAAAAAAA4P////////////////////////8A/////////////////xAAAAAAAAD4/////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '8' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////////IdDQUAAAEIEiA1P//////////////////AP/////////////////gRAAAAAAAAAAAAAAAROD///////////////8A////////////////0BgAAAAAAAAAAAAAAAAAEMj//////////////wD///////////////AcAAAAAAAAAAAAAAAAAAAAHPD/////////////AP//////////////hAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A//////////////8sAAAAAAAAKMz/zCgAAAAAAAAs/////////////wD//////////////wAAAAAAAADM////zAAAAAAAAAD/////////////AP//////////////BAAAAAAAAP//////AAAAAAAABP////////////8A//////////////8sAAAAAAAAzP///9QAAAAAAAAw/////////////wD//////////////3wAAAAAAAAoyP/YNAAAAAAAAIT/////////////AP//////////////7BgAAAAAAAAAAAAAAAAAAAAc8P////////////8A////////////////xBgAAAAAAAAAAAAAAAAAGNj//////////////wD/////////////////tAQAAAAAAAAAAAAAAACo////////////////AP///////////////HAAAAAAAAAAAAAAAAAAAAB8//////////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB8/////////////wD/////////////wAAAAAAAAABk4P/UWAAAAAAAAATQ////////////AP////////////9UAAAAAAAAaP//////XAAAAAAAAGT///////////8A/////////////xgAAAAAAADg///////cAAAAAAAAJP///////////wD/////////////AAAAAAAAAP////////8AAAAAAAAA////////////AP////////////8AAAAAAAAA4P//////3AAAAAAAAAT///////////8A/////////////ygAAAAAAABg//////9cAAAAAAAALP///////////wD/////////////ZAAAAAAAAABY1P/cXAAAAAAAAABw////////////AP/////////////QAAAAAAAAAAAAAAAAAAAAAAAABNz///////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB0/////////////wD///////////////Q8AAAAAAAAAAAAAAAAAAAAUPz/////////////AP////////////////x4CAAAAAAAAAAAAAAAEIT8//////////////8A///////////////////smFQwGAAAABg0ZKT0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '9' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////ysYCwMAAAUNGiw/P//////////////////AP////////////////+4JAAAAAAAAAAAAAAkuP////////////////8A////////////////lAQAAAAAAAAAAAAAAAAAkP///////////////wD//////////////8AEAAAAAAAAAAAAAAAAAAAAqP//////////////AP/////////////8JAAAAAAAAAAAAAAAAAAAAAAQ7P////////////8A/////////////6wAAAAAAAAAfOz8vCwAAAAAAABw/////////////wD/////////////WAAAAAAAAHD/////7BgAAAAAAAz4////////////AP////////////8kAAAAAAAA1P//////hAAAAAAAALT///////////8A/////////////wAAAAAAAAD///////+4AAAAAAAAcP///////////wD/////////////AAAAAAAAAPz//////8AAAAAAAABI////////////AP////////////8UAAAAAAAAzP//////lAAAAAAAACT///////////8A/////////////0QAAAAAAABY//////gsAAAAAAAADP///////////wD/////////////kAAAAAAAAABw5P/IPAAAAAAAAAAA////////////AP/////////////wEAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////////+UAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////9wAAAAAAAAAAAAAFAAAAAAAAAU////////////AP////////////////+IBAAAAAAAAABw3AAAAAAAACj///////////8A///////////////////cdCwEABhcxP+8AAAAAAAATP///////////wD//////////////////////////////5AAAAAAAAB4////////////AP//////////////////////////////UAAAAAAAALj///////////8A//////////////+kgGxUQCAM2P///+AIAAAAAAAQ+P///////////wD//////////////0gAAAAAAAA42P/EKAAAAAAAAHD/////////////AP//////////////sAAAAAAAAAAAAAAAAAAAAAAQ6P////////////8A////////////////TAAAAAAAAAAAAAAAAAAAAKz//////////////wD////////////////oKAAAAAAAAAAAAAAAAASU////////////////AP/////////////////sUAAAAAAAAAAAAAAwxP////////////////8A////////////////////yHA0FAAADCxktP///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'A' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////+QAAAAAAAAAAAAAAOT/////////////////AP//////////////////kAAAAAAAAAAAAAAAkP////////////////8A//////////////////88AAAAAAAAAAAAAAA8/////////////////wD/////////////////5AAAAAAAAAAAAAAAAADk////////////////AP////////////////+QAAAAAAAAAAAAAAAAAJD///////////////8A/////////////////zwAAAAAAAAAAAAAAAAAPP///////////////wD////////////////kAAAAAAAAAAgAAAAAAAAA5P//////////////AP///////////////5AAAAAAAAAAgAAAAAAAAACQ//////////////8A////////////////PAAAAAAAAAz8HAAAAAAAADz//////////////wD//////////////+QAAAAAAAAAWP9kAAAAAAAAANz/////////////AP//////////////kAAAAAAAAACk/7wAAAAAAAAAhP////////////8A//////////////88AAAAAAAABOz//BQAAAAAAAAw/////////////wD/////////////4AAAAAAAAAA8////ZAAAAAAAAADc////////////AP////////////+EAAAAAAAAAIj///+8AAAAAAAAAIT///////////8A/////////////zAAAAAAAAAA2P////wQAAAAAAAAMP///////////wD////////////cAAAAAAAAACT//////1wAAAAAAAAA3P//////////AP///////////4QAAAAAAAAAAAAAAAAAAAAAAAAAAACE//////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAAAAAADD//////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANz/////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhP////////8A//////////8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/////////wD/////////3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADc////////AP////////+EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIT///////8A/////////zAAAAAAAAAAhP///////////2QAAAAAAAAAMP///////wD////////cAAAAAAAAAADM////////////vAAAAAAAAAAA3P//////AP///////4QAAAAAAAAAHP/////////////4DAAAAAAAAACE//////8A////////MAAAAAAAAABk//////////////9cAAAAAAAAADD//////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'B' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAEDh83P///////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAEhP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAeP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAABY////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAABT///////////8A//////////8AAAAAAAAAAP/////4zEwAAAAAAAAAAP///////////wD//////////wAAAAAAAAAA////////7AAAAAAAAAAQ////////////AP//////////AAAAAAAAAAD////////sAAAAAAAAAEj///////////8A//////////8AAAAAAAAAAP/////4zEQAAAAAAAAAtP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAFz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAiA/P////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAIjPj//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAGKz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAABNz//////////wD//////////wAAAAAAAAAA///////sqCAAAAAAAAAAbP//////////AP//////////AAAAAAAAAAD/////////yAAAAAAAAAAs//////////8A//////////8AAAAAAAAAAP//////////AAAAAAAAAAT//////////wD//////////wAAAAAAAAAA/////////7wAAAAAAAAAAP//////////AP//////////AAAAAAAAAAD//////+ikGAAAAAAAAAAY//////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFT//////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsP//////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAADj///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAc6P///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAATOj/////////////AP//////////AAAAAAAAAAAAAAAAAAAEIEBkkNj///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'C' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////5JRULBAAAAgkTIDQ//////////////////8A////////////////1FAAAAAAAAAAAAAAAABAyP///////////////wD//////////////4gEAAAAAAAAAAAAAAAAAAAElP//////////////AP////////////9wAAAAAAAAAAAAAAAAAAAAAAAAlP////////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAEyP///////////wD//////////9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAw////////////AP//////////WAAAAAAAAAAAWMz/8JwQAAAAAAAAAACw//////////8A/////////+wEAAAAAAAAAID//////9QMAAAAAAAAAET//////////wD/////////nAAAAAAAAAAo/P///////3wAAAAABDBspP//////////AP////////9gAAAAAAAAAIz/////////3BxQjMT0//////////////8A/////////zQAAAAAAAAAzP///////////////////////////////wD/////////GAAAAAAAAADo////////////////////////////////AP////////8AAAAAAAAAAP////////////////////////////////8A/////////wAAAAAAAAAA/////////////////////////////////wD/////////AAAAAAAAAAD/////////////////////////////////AP////////8cAAAAAAAAAOj///////////////////////////////8A/////////zgAAAAAAAAA0P/////////kIGio7P///////////////wD/////////bAAAAAAAAACg/////////5wAAAAAMHS49P//////////AP////////+oAAAAAAAAAEz/////////PAAAAAAAAAAc//////////8A//////////QIAAAAAAAAALz//////6QAAAAAAAAAAGT//////////wD//////////3AAAAAAAAAADIzo/+SEBAAAAAAAAAAAyP//////////AP//////////7BAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////rAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD/////////////fAAAAAAAAAAAAAAAAAAAAAAAAJz/////////////AP//////////////iAQAAAAAAAAAAAAAAAAAAASY//////////////8A////////////////yEAAAAAAAAAAAAAAAAA8yP///////////////wD//////////////////9yIUCwQAAAAIEB4yP//////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'D' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAADChQkOT/////////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAABGjw//////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAACDY/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAABjk////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAKj//////////wD///////////8AAAAAAAAAAP///+isSAAAAAAAAAAANP//////////AP///////////wAAAAAAAAAA////////hAAAAAAAAAAA2P////////8A////////////AAAAAAAAAAD/////////MAAAAAAAAACQ/////////wD///////////8AAAAAAAAAAP////////+MAAAAAAAAAFj/////////AP///////////wAAAAAAAAAA/////////8gAAAAAAAAAMP////////8A////////////AAAAAAAAAAD/////////5AAAAAAAAAAY/////////wD///////////8AAAAAAAAAAP//////////AAAAAAAAAAD/////////AP///////////wAAAAAAAAAA//////////8AAAAAAAAAAP////////8A////////////AAAAAAAAAAD//////////wAAAAAAAAAA/////////wD///////////8AAAAAAAAAAP/////////wAAAAAAAAABD/////////AP///////////wAAAAAAAAAA/////////9QAAAAAAAAAJP////////8A////////////AAAAAAAAAAD/////////qAAAAAAAAABI/////////wD///////////8AAAAAAAAAAP////////9QAAAAAAAAAHj/////////AP///////////wAAAAAAAAAA////////uAAAAAAAAAAAvP////////8A////////////AAAAAAAAAAD////w0HwEAAAAAAAAACT8/////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAADz8//////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAY6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAKNz/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAACHT0//////////////8A////////////AAAAAAAAAAAAAAAAABg4bKj0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'E' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'F' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'G' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////MB8TCgQAAAACCA4YJzs////////////////AP///////////////JQcAAAAAAAAAAAAAAAAAAhw8P////////////8A/////////////9gwAAAAAAAAAAAAAAAAAAAAAAAk2P///////////wD////////////EDAAAAAAAAAAAAAAAAAAAAAAAAAAc7P//////////AP//////////2AwAAAAAAAAAAAAAAAAAAAAAAAAAAABY//////////8A//////////wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ/////////wD/////////kAAAAAAAAAAAEHzQ/P/gmCAAAAAAAAAAAFz/////////AP////////wcAAAAAAAAACjg////////8CwAAAAAAAAgWP////////8A////////vAAAAAAAAAAI2P//////////yBRAcJjI8P///////////wD///////94AAAAAAAAAGD/////////////////////////////////AP///////0AAAAAAAAAAsP////////////////////////////////8A////////IAAAAAAAAADc/////////////////////////////////wD///////8AAAAAAAAAAP///////wAAAAAAAAAAAAAAAAD/////////AP///////wAAAAAAAAAA////////AAAAAAAAAAAAAAAAAP////////8A////////AAAAAAAAAAD///////8AAAAAAAAAAAAAAAAA/////////wD///////8gAAAAAAAAAOD//////wAAAAAAAAAAAAAAAAD/////////AP///////0AAAAAAAAAAtP//////AAAAAAAAAAAAAAAAAP////////8A////////cAAAAAAAAABw//////8AAAAAAAAAAAAAAAAA/////////wD///////+8AAAAAAAAABDs////////////AAAAAAAAAAD/////////AP////////wYAAAAAAAAADz0//////////AAAAAAAAAAAP////////8A/////////5AAAAAAAAAAACCY4P//3KhcCAAAAAAAAAAA/////////wD/////////+CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////AP//////////xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIP////////8A////////////rAQAAAAAAAAAAAAAAAAAAAAAAAAAAGTw/////////wD/////////////vBQAAAAAAAAAAAAAAAAAAAAAADjI////////////AP//////////////8HAQAAAAAAAAAAAAAAAAAEiw//////////////8A//////////////////iwcEAgBAAABCA4aKDk/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'H' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'I' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'J' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAj//////////////wD//////////+zMrIxwUDAQ//////wAAAAAAAAAIP//////////////AP//////////DAAAAAAAAADo////2AAAAAAAAAA0//////////////8A//////////8wAAAAAAAAAKj///+YAAAAAAAAAFj//////////////wD//////////2gAAAAAAAAAIND/yBgAAAAAAAAAkP//////////////AP//////////vAAAAAAAAAAAAAAAAAAAAAAAAADc//////////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAUP///////////////wD////////////EBAAAAAAAAAAAAAAAAAAAABjk////////////////AP////////////+sBAAAAAAAAAAAAAAAAAAY2P////////////////8A///////////////EMAAAAAAAAAAAAAAAVOj//////////////////wD/////////////////vHBAIAAAABg8fNT/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'K' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////8AAAAAAAAAAP//////////wAQAAAAAAAAAAABw////////AP///////wAAAAAAAAAA/////////9AMAAAAAAAAAAAAcP////////8A////////AAAAAAAAAAD////////cGAAAAAAAAAAAAHD//////////wD///////8AAAAAAAAAAP//////6CgAAAAAAAAAAABs////////////AP///////wAAAAAAAAAA//////Q0AAAAAAAAAAAAVPz///////////8A////////AAAAAAAAAAD////8RAAAAAAAAAAAAFT8/////////////wD///////8AAAAAAAAAAP///1gAAAAAAAAAAABU/P//////////////AP///////wAAAAAAAAAA//9wAAAAAAAAAAAASPz///////////////8A////////AAAAAAAAAAD/jAAAAAAAAAAAADz0/////////////////wD///////8AAAAAAAAAAKQAAAAAAAAAAAA89P//////////////////AP///////wAAAAAAAAAABAAAAAAAAAAAFPT///////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAApP///////////////////wD///////8AAAAAAAAAAAAAAAAAAAAAAAAU8P//////////////////AP///////wAAAAAAAAAAAAAAAAAAAAAAAABk//////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAAAADE/////////////////wD///////8AAAAAAAAAAAAAAAAoEAAAAAAAACz8////////////////AP///////wAAAAAAAAAAAAAAGNiAAAAAAAAAAIj///////////////8A////////AAAAAAAAAAAAABjY//gYAAAAAAAACOD//////////////wD///////8AAAAAAAAAAAAY2P///5wAAAAAAAAASP//////////////AP///////wAAAAAAAAAAGNj//////CgAAAAAAAAAqP////////////8A////////AAAAAAAAAADI////////sAAAAAAAAAAc8P///////////wD///////8AAAAAAAAAAP//////////QAAAAAAAAABs////////////AP///////wAAAAAAAAAA///////////IAAAAAAAAAATI//////////8A////////AAAAAAAAAAD///////////9YAAAAAAAAADD8/////////wD///////8AAAAAAAAAAP///////////9wEAAAAAAAAAJD/////////AP///////wAAAAAAAAAA/////////////3AAAAAAAAAADOT///////8A////////AAAAAAAAAAD/////////////7BAAAAAAAAAAUP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'L' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'M' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////8AAAAAAAAAAAAAAHz//////3wAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAATP//////UAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAc//////8cAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAADw////8AAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAAALz////AAAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAAkP///5AAAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAABc////ZAAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAoAAAAADD///8wAAAAACQAAAAAAAAA////////AP//////AAAAAAAAAFwAAAAABPz//AgAAAAAXAAAAAAAAAD///////8A//////8AAAAAAAAAkAAAAAAA0P/UAAAAAACQAAAAAAAAAP///////wD//////wAAAAAAAADMAAAAAACg/6gAAAAAAMQAAAAAAAAA////////AP//////AAAAAAAAAPgEAAAAAHD/dAAAAAAE+AAAAAAAAAD///////8A//////8AAAAAAAAA/zQAAAAAQP9IAAAAADD/AAAAAAAAAP///////wD//////wAAAAAAAAD/bAAAAAAQ/xQAAAAAaP8AAAAAAAAA////////AP//////AAAAAAAAAP+gAAAAAADQAAAAAACc/wAAAAAAAAD///////8A//////8AAAAAAAAA/9QAAAAAAGgAAAAAAND/AAAAAAAAAP///////wD//////wAAAAAAAAD//wwAAAAAFAAAAAAM/P8AAAAAAAAA////////AP//////AAAAAAAAAP//RAAAAAAAAAAAADz//wAAAAAAAAD///////8A//////8AAAAAAAAA//94AAAAAAAAAAAAcP//AAAAAAAAAP///////wD//////wAAAAAAAAD//7AAAAAAAAAAAACo//8AAAAAAAAA////////AP//////AAAAAAAAAP//5AAAAAAAAAAAANz//wAAAAAAAAD///////8A//////8AAAAAAAAA////HAAAAAAAAAAQ////AAAAAAAAAP///////wD//////wAAAAAAAAD///9QAAAAAAAAAEz///8AAAAAAAAA////////AP//////AAAAAAAAAP///4gAAAAAAAAAfP///wAAAAAAAAD///////8A//////8AAAAAAAAA////vAAAAAAAAACw////AAAAAAAAAP///////wD//////wAAAAAAAAD////wAAAAAAAAAOz///8AAAAAAAAA////////AP//////AAAAAAAAAP////8sAAAAAAAc/////wAAAAAAAAD///////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'N' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAALD/////////////AAAAAAAAAP//////////AP////////8AAAAAAAAAFOj///////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAASP///////////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAkP//////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAI1P////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAw+P///////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAABw////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAC8//////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAABzs/////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAFD/////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAJz///8AAAAAAAAA//////////8A/////////wAAAAAAAAAUAAAAAAAADNz//wAAAAAAAAD//////////wD/////////AAAAAAAAALQAAAAAAAAANPz/AAAAAAAAAP//////////AP////////8AAAAAAAAA/2wAAAAAAAAAfP8AAAAAAAAA//////////8A/////////wAAAAAAAAD/+CwAAAAAAAAExAAAAAAAAAD//////////wD/////////AAAAAAAAAP//0AQAAAAAAAAgAAAAAAAAAP//////////AP////////8AAAAAAAAA////jAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////RAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP/////kFAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA//////+sAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD///////9kAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP////////QkAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA/////////8wEAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD//////////4QAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP///////////DwAAAAAAAAAAP//////////AP////////8AAAAAAAAA////////////4BAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////////////qAAAAAAAAAD//////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'O' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////0qGw4HAAAABw4aKT0/////////////////wD////////////////wcAwAAAAAAAAAAAAAAAho6P//////////////AP//////////////uBQAAAAAAAAAAAAAAAAAAAAMoP////////////8A/////////////6AEAAAAAAAAAAAAAAAAAAAAAAAAkP///////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP//////////8BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAM5P////////8A//////////9wAAAAAAAAAAAsrPD/7KQsAAAAAAAAAABg/////////wD/////////+BAAAAAAAAAAUPj///////hQAAAAAAAAAAjs////////AP////////+sAAAAAAAAABDw//////////AYAAAAAAAAAKD///////8A/////////2wAAAAAAAAAdP///////////3wAAAAAAAAAYP///////wD/////////OAAAAAAAAAC4////////////xAAAAAAAAAAw////////AP////////8cAAAAAAAAAOD////////////oAAAAAAAAABT///////8A/////////wAAAAAAAAAA//////////////8AAAAAAAAAAP///////wD/////////AAAAAAAAAAD//////////////wAAAAAAAAAA////////AP////////8AAAAAAAAAAP/////////////8AAAAAAAAAAD///////8A/////////xwAAAAAAAAA5P///////////+AAAAAAAAAAHP///////wD/////////NAAAAAAAAAC8////////////uAAAAAAAAAA4////////AP////////9oAAAAAAAAAHj///////////98AAAAAAAAAGT///////8A/////////6gAAAAAAAAAGPD/////////+BgAAAAAAAAApP///////wD/////////9AwAAAAAAAAAUPz///////xcAAAAAAAAAAjs////////AP//////////cAAAAAAAAAAALKjs//CwOAAAAAAAAAAAYP////////8A///////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzk/////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP////////////+QAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A//////////////+sEAAAAAAAAAAAAAAAAAAAAAyg/////////////wD////////////////oZAgAAAAAAAAAAAAAAARg4P//////////////AP//////////////////9KhsOCAAAAAUMFyc7P////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'P' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////wAAAAAAAAAAAAAAAAAACCxguP////////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAOOD//////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAGOD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAARP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAABo////////////AP///////////wAAAAAAAAAA////6JwMAAAAAAAAADD///////////8A////////////AAAAAAAAAAD//////6AAAAAAAAAADP///////////wD///////////8AAAAAAAAAAP//////9AAAAAAAAAAA////////////AP///////////wAAAAAAAAAA///////0AAAAAAAAAAD///////////8A////////////AAAAAAAAAAD//////5gAAAAAAAAAHP///////////wD///////////8AAAAAAAAAAP///9iICAAAAAAAAABI////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAIT/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAABU/P////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAIhPz//////////////wD///////////8AAAAAAAAAAAAAAAAABCRMkOz/////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Q' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////SoaDQcAAAAHDhoqPT///////////////////8A//////////////BwDAAAAAAAAAAAAAAACHDo/////////////////wD///////////+4FAAAAAAAAAAAAAAAAAAAABCo////////////////AP//////////nAQAAAAAAAAAAAAAAAAAAAAAAACQ//////////////8A/////////7gEAAAAAAAAAAAAAAAAAAAAAAAAAACg/////////////wD////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzo////////////AP///////3AAAAAAAAAAACyo8P/sqCwAAAAAAAAAAGT///////////8A///////4EAAAAAAAAABM+P///////FQAAAAAAAAACPT//////////wD//////7AAAAAAAAAAFPD/////////9BgAAAAAAAAApP//////////AP//////bAAAAAAAAAB4////////////fAAAAAAAAABk//////////8A//////84AAAAAAAAALz///////////+8AAAAAAAAADT//////////wD//////xwAAAAAAAAA6P///////////+QAAAAAAAAAHP//////////AP//////AAAAAAAAAAD//////////////wAAAAAAAAAA//////////8A//////8AAAAAAAAAAP//////////////AAAAAAAAAAD//////////wD//////wAAAAAAAAAA/P////////////8AAAAAAAAAAP//////////AP//////GAAAAAAAAADg////////////4AAAAAAAAAAc//////////8A//////84AAAAAAAAALT////MJHTo//+8AAAAAAAAADT//////////wD//////2wAAAAAAAAAdP///2AAABCg/3wAAAAAAAAAZP//////////AP//////rAAAAAAAAAAY9P/sCAAAAABMGAAAAAAAAACk//////////8A///////4EAAAAAAAAABU/P+0OAAAAAAAAAAAAAAACPT//////////wD///////94AAAAAAAAAAA4sPD/gAAAAAAAAAAAAABk////////////AP////////AcAAAAAAAAAAAAAAAAAAAAAAAAAAAADOT///////////8A/////////7wEAAAAAAAAAAAAAAAAAAAAAAAAAACQ/////////////wD//////////6wEAAAAAAAAAAAAAAAAAAAAAAAAABSs////////////AP///////////7gUAAAAAAAAAAAAAAAAAAAAAAAAAABAwP////////8A//////////////BwDAAAAAAAAAAAAAAABAgAAAAAAAA8/////////wD////////////////0qGg0GAAAABgwXJjkxBgAAAAAALD/////////AP//////////////////////////////////5DQAAAAk/P////////8A////////////////////////////////////+GwAAJD//////////wD//////////////////////////////////////8A49P//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'R' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////wAAAAAAAAAAAAAAAAAAAAQgOGSk+P///////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAcuP//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAEsP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ6P///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADD///////////8A/////////wAAAAAAAAAA///////svDgAAAAAAAAACP///////////wD/////////AAAAAAAAAAD/////////7AAAAAAAAAAA////////////AP////////8AAAAAAAAAAP/////////cAAAAAAAAABD///////////8A/////////wAAAAAAAAAA//////DQoCQAAAAAAAAAQP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPj///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAzU/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAA02P//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAxctPz///////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAEDY/////////////////wD/////////AAAAAAAAAAD/9LAsAAAAAAAAAAzc////////////////AP////////8AAAAAAAAAAP///+wkAAAAAAAAADD8//////////////8A/////////wAAAAAAAAAA/////8QAAAAAAAAAAJD//////////////wD/////////AAAAAAAAAAD//////1QAAAAAAAAAFPD/////////////AP////////8AAAAAAAAAAP//////3AQAAAAAAAAAgP////////////8A/////////wAAAAAAAAAA////////aAAAAAAAAAAM6P///////////wD/////////AAAAAAAAAAD////////oCAAAAAAAAABs////////////AP////////8AAAAAAAAAAP////////+AAAAAAAAAAATc//////////8A/////////wAAAAAAAAAA//////////AUAAAAAAAAAFj//////////wD/////////AAAAAAAAAAD//////////5AAAAAAAAAAAND/////////AP////////8AAAAAAAAAAP//////////+CQAAAAAAAAAQP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'S' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////8vHBEIAgAAAQgQHC8/P////////////////8A////////////////pCQAAAAAAAAAAAAAAAAcoP///////////////wD//////////////FwAAAAAAAAAAAAAAAAAAAAAXP//////////////AP////////////9oAAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A////////////zAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////9cAAAAAAAAAAAAAAAAAAAAAAAAAACA////////////AP///////////xgAAAAAAAAAUOD/8KwkAAAAAAAAADj///////////8A////////////AAAAAAAAAAD0/////8wABCAgICxASP///////////wD///////////8MAAAAAAAAAMz/////////////////////////////AP///////////0AAAAAAAAAACFiQxPT///////////////////////8A////////////oAAAAAAAAAAAAAAAADBwtPT//////////////////wD////////////8QAAAAAAAAAAAAAAAAAAACFTA////////////////AP/////////////oOAAAAAAAAAAAAAAAAAAAAABM6P////////////8A///////////////4fAgAAAAAAAAAAAAAAAAAAAAY2P///////////wD/////////////////7IwwAAAAAAAAAAAAAAAAAAAo+P//////////AP/////////////////////koGw0BAAAAAAAAAAAAACU//////////8A///////////////////////////4uFgAAAAAAAAAADz//////////wD//////////2BgSEA0IBwA6P///////5QAAAAAAAAADP//////////AP//////////JAAAAAAAAACc/////////AAAAAAAAAAA//////////8A//////////9YAAAAAAAAACDo///////AAAAAAAAAABT//////////wD//////////6QAAAAAAAAAACCk7P/snBQAAAAAAAAAUP//////////AP//////////+BAAAAAAAAAAAAAAAAAAAAAAAAAAAACs//////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAAOP///////////wD////////////8RAAAAAAAAAAAAAAAAAAAAAAAABjc////////////AP/////////////0PAAAAAAAAAAAAAAAAAAAAAAg2P////////////8A///////////////8hBQAAAAAAAAAAAAAAAAMdPT//////////////wD/////////////////+LRwSCAMAAAAHDhoqPT/////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'T' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'U' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////JAAAAAAAAADk/////////+gAAAAAAAAAHP//////////AP////////9MAAAAAAAAAJz/////////nAAAAAAAAABE//////////8A/////////4gAAAAAAAAAHOj//////+ggAAAAAAAAAHz//////////wD/////////0AAAAAAAAAAAIJzs/+ykIAAAAAAAAAAA0P//////////AP//////////QAAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A///////////IBAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAAAAJj/////////////AP////////////+UBAAAAAAAAAAAAAAAAAAAAASU//////////////8A///////////////IPAAAAAAAAAAAAAAAAAAwyP///////////////wD/////////////////0IxYOCAIAAAEIEiAyP//////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'V' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////zAAAAAAAAAAYP//////////////ZAAAAAAAAAAw////////AP//////kAAAAAAAAAAU/P////////////8UAAAAAAAAAJD///////8A///////oBAAAAAAAAADE////////////xAAAAAAAAAAE7P///////wD///////9MAAAAAAAAAHD///////////94AAAAAAAAAEz/////////AP///////6gAAAAAAAAAJP///////////yQAAAAAAAAArP////////8A////////+BAAAAAAAAAA1P/////////YAAAAAAAAABT4/////////wD/////////aAAAAAAAAACE/////////4QAAAAAAAAAbP//////////AP/////////EAAAAAAAAADT/////////OAAAAAAAAADM//////////8A//////////8kAAAAAAAAAOT//////+QAAAAAAAAAKP///////////wD//////////4QAAAAAAAAAmP//////nAAAAAAAAACI////////////AP//////////5AAAAAAAAABE//////9EAAAAAAAABOT///////////8A////////////QAAAAAAAAAT0////9AgAAAAAAABI/////////////wD///////////+gAAAAAAAAAKT///+kAAAAAAAAAKj/////////////AP////////////QIAAAAAAAAXP///1wAAAAAAAAM+P////////////8A/////////////1wAAAAAAAAM+P/8DAAAAAAAAGT//////////////wD/////////////vAAAAAAAAAC8/7wAAAAAAAAAxP//////////////AP//////////////HAAAAAAAAGj/aAAAAAAAACT///////////////8A//////////////94AAAAAAAAHP8cAAAAAAAAhP///////////////wD//////////////9gAAAAAAAAAkAAAAAAAAADk////////////////AP///////////////zgAAAAAAAAQAAAAAAAAQP////////////////8A////////////////lAAAAAAAAAAAAAAAAACg/////////////////wD////////////////sCAAAAAAAAAAAAAAADPT/////////////////AP////////////////9QAAAAAAAAAAAAAABg//////////////////8A/////////////////7AAAAAAAAAAAAAAAMD//////////////////wD//////////////////BQAAAAAAAAAAAAc////////////////////AP//////////////////cAAAAAAAAAAAAHz///////////////////8A///////////////////MAAAAAAAAAAAA3P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'W' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//8cAAAAAAAAALz/////4AAAAAAAAAAA6P////+8AAAAAAAAABz//wD//1QAAAAAAAAAjP////+gAAAAAAAAAACo/////4wAAAAAAAAAUP//AP//jAAAAAAAAABU/////2AAAAAAAAAAAGj/////VAAAAAAAAACM//8A///EAAAAAAAAACT/////IAAAAAAAAAAAKP////8kAAAAAAAAAMT//wD///gEAAAAAAAAAPD//+AAAAAAAAAAAAAA6P//8AAAAAAAAAAE9P//AP///zAAAAAAAAAAvP//oAAAAAAAAAAAAACo//+8AAAAAAAAADD///8A////bAAAAAAAAACM//9gAAAAAAAAAAAAAGT//4wAAAAAAAAAaP///wD///+kAAAAAAAAAFT//yAAAAAAAAAAAAAAIP//VAAAAAAAAACc////AP///9gAAAAAAAAAJP/gAAAAAAAAAAAAAAAA4P8kAAAAAAAAANT///8A/////xAAAAAAAAAA8KAAAAAAAAAAAAAAAACg8AAAAAAAAAAQ/////wD/////TAAAAAAAAAC8YAAAAAAAAAAAAAAAAGC8AAAAAAAAAET/////AP////+AAAAAAAAAAIwgAAAAAAAAAAAAAAAAIIwAAAAAAAAAfP////8A/////7gAAAAAAAAANAAAAAAAACwwAAAAAAAANAAAAAAAAACw/////wD/////8AAAAAAAAAAAAAAAAAAAdHgAAAAAAAAAAAAAAAAAAOz/////AP//////KAAAAAAAAAAAAAAAAAC4vAAAAAAAAAAAAAAAAAAg//////8A//////9gAAAAAAAAAAAAAAAACPj4CAAAAAAAAAAAAAAAAFj//////wD//////5QAAAAAAAAAAAAAAABE//9IAAAAAAAAAAAAAAAAkP//////AP//////0AAAAAAAAAAAAAAAAIj//4wAAAAAAAAAAAAAAADI//////8A///////8DAAAAAAAAAAAAAAAzP//1AAAAAAAAAAAAAAABPj//////wD///////88AAAAAAAAAAAAABT/////GAAAAAAAAAAAAAA0////////AP///////3QAAAAAAAAAAAAAWP////9gAAAAAAAAAAAAAHD///////8A////////sAAAAAAAAAAAAACg/////6QAAAAAAAAAAAAApP///////wD////////kAAAAAAAAAAAAAOT/////6AAAAAAAAAAAAADc////////AP////////8cAAAAAAAAAAAo////////MAAAAAAAAAAAEP////////8A/////////1QAAAAAAAAAAHD///////94AAAAAAAAAABM/////////wD/////////jAAAAAAAAAAAtP///////7wAAAAAAAAAAID/////////AP/////////EAAAAAAAAAAT0////////+AgAAAAAAAAAuP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'X' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////9UAAAAAAAAAKz///////////+sAAAAAAAAAFD/////////AP///////+QQAAAAAAAAFOT/////////8BwAAAAAAAAM5P////////8A/////////5gAAAAAAAAATP////////9kAAAAAAAAAJD//////////wD//////////0AAAAAAAAAAoP//////wAAAAAAAAAA0/P//////////AP//////////2AgAAAAAAAAQ4P////gkAAAAAAAABMz///////////8A////////////iAAAAAAAAABA////dAAAAAAAAABw/////////////wD////////////8MAAAAAAAAACU/9AEAAAAAAAAHPD/////////////AP/////////////IBAAAAAAAAAzYMAAAAAAAAACs//////////////8A//////////////90AAAAAAAAABAAAAAAAAAATP///////////////wD///////////////QgAAAAAAAAAAAAAAAAAAzg////////////////AP///////////////7wAAAAAAAAAAAAAAAAAjP////////////////8A/////////////////2AAAAAAAAAAAAAAADD8/////////////////wD/////////////////7BQAAAAAAAAAAAAEyP//////////////////AP/////////////////gDAAAAAAAAAAAAAjY//////////////////8A/////////////////0AAAAAAAAAAAAAAADj8/////////////////wD///////////////+UAAAAAAAAAAAAAAAAAJD/////////////////AP//////////////4AwAAAAAAAAAAAAAAAAADOD///////////////8A//////////////9AAAAAAAAAAAAAAAAAAAAAQP///////////////wD/////////////nAAAAAAAAAAAWAAAAAAAAAAAlP//////////////AP///////////+QQAAAAAAAAAGD/YAAAAAAAAAAM4P////////////8A////////////TAAAAAAAAAAs9P/0LAAAAAAAAABM/////////////wD//////////6AAAAAAAAAADNT////UDAAAAAAAAACg////////////AP/////////kEAAAAAAAAACg//////+gAAAAAAAAABDk//////////8A/////////0wAAAAAAAAAYP////////9gAAAAAAAAAEz//////////wD///////+oAAAAAAAAACz0//////////QsAAAAAAAAAKT/////////AP//////7BQAAAAAAAAM1P///////////9QMAAAAAAAAFOz///////8A//////9UAAAAAAAAAKD//////////////6AAAAAAAAAAVP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Y' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////1QAAAAAAAAAAGj//////////2gAAAAAAAAAAFT///////8A////////5BAAAAAAAAAAAMT////////EAAAAAAAAAAAQ5P///////wD/////////mAAAAAAAAAAAKPj/////+CgAAAAAAAAAAJj/////////AP//////////PAAAAAAAAAAAgP////+AAAAAAAAAAAA8//////////8A///////////YCAAAAAAAAAAE2P//2AQAAAAAAAAACNj//////////wD///////////+AAAAAAAAAAAA4//84AAAAAAAAAACA////////////AP////////////woAAAAAAAAAACUlAAAAAAAAAAAKPz///////////8A/////////////8gAAAAAAAAAABAQAAAAAAAAAADI/////////////wD//////////////2wAAAAAAAAAAAAAAAAAAAAAbP//////////////AP//////////////8BwAAAAAAAAAAAAAAAAAABzw//////////////8A////////////////tAAAAAAAAAAAAAAAAAAAtP///////////////wD/////////////////VAAAAAAAAAAAAAAAAFT/////////////////AP/////////////////oEAAAAAAAAAAAAAAQ6P////////////////8A//////////////////+cAAAAAAAAAAAAAJz//////////////////wD///////////////////9AAAAAAAAAAABA////////////////////AP///////////////////9gAAAAAAAAAANj///////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Z' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAQ//////////////8A/////////////////////////1AAAAAAAAAABLz//////////////wD///////////////////////98AAAAAAAAAACY////////////////AP//////////////////////pAAAAAAAAAAAaP////////////////8A/////////////////////8QIAAAAAAAAAET8/////////////////wD////////////////////gGAAAAAAAAAAo9P//////////////////AP//////////////////9CwAAAAAAAAAFNz///////////////////8A//////////////////xMAAAAAAAAAATA/////////////////////wD/////////////////eAAAAAAAAAAAnP//////////////////////AP///////////////5wAAAAAAAAAAHT///////////////////////8A///////////////ABAAAAAAAAABM/P///////////////////////wD/////////////3BQAAAAAAAAALPT/////////////////////////AP////////////QoAAAAAAAAABjg//////////////////////////8A///////////8SAAAAAAAAAAExP///////////////////////////wD//////////2wAAAAAAAAAAKD/////////////////////////////AP////////+YAAAAAAAAAAB8//////////////////////////////8A/////////wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + ); + + return $_png; + } + + // These define base64_encoded raw png image data used + // when we cannot generate our own single png image + function define_raw_pngs() + { + $_png = array( + '0' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QKCNGXKO6AAAAB3RJTUUH0wUOEDQ6EUG1VwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNpj/M9AHGAiUt2wVvhyaqAqKyOjpG3jQwaGv+e+IUn9RwJfSjjg4iwFP1aKJD6HyyErfGGAYrquIoP5E2wK/zigu0v5wH9sChdgeKDqP1aFGhBZmxv/z0Dd4IxV4RWIpMQHIPuJAITzAqEQETx7IFQIP5CQNoJwDmALxzMQCuyjg1chnBPYwtECwr8AZN41h0p6YHOjAkTuwf//77wYuCEcFWwKOWA2fM1iZuuHcASwKYQ55c9ENuasrxgRjKlwJS+D17v/hBUeUGYwv/sfn0IRiJQZJIbxuFEFagjvSlDUQNgK2GIGqpC1JRhIfoAqxBYz0DRhn8IMJO+giKEqhMaMJBeI3AHhIKdkRPqG8DlAifqFADyasKRHO6h1Z/6fMYEwTbCmx3cWGCl8CTaFwBhGz+M2/7EpXMvOnBmIok7jBVaFz/Mi3/1pQORrhpgPyOr+M8IL0j9/gKpeLjhy5QEwoDVsYuRR3cE4IktcAJNx8cJaZBeQAAAAAElFTkSuQmCC', + '1' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMi//xxVKAAAAB3RJTUUH0wUOEDYLcqnX7wAAAAlwSFlzAAALEgAACxIB0t1+/AAAAHpJREFUeNpj/M9AHGAiUh1WhR8FGUGAsMKaD9iM/I8BlmCVwVS4hoUohT8qcNiFyv2zQIWBCIV3amRwu54RKcDRAgQ1KigIcJYK7CqR3QsCFmf+Y8qgeQakbANMAz6FKjUXECbj8zWa76nm61GFw1UhI10KqVGFNFQIADdK9Zj7PsV9AAAAAElFTkSuQmCC', + '2' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMwPUBEjoAAAAB3RJTUUH0wUOEDUqFe2UcgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQxJREFUeNpj/M9AHGAiUt2owkGrkAWF93LFgStPfjCwyGiYRGijqfyPAH9aOJAkQl78RwbICkNQjdB4gUNhD7qzLLAr/CKA4YENSAoRvl7zAUJXvPmxhgfCXILVMxEQvg+IDVUhgtVqDYjkDhD7B2aQIMIx5cOTN29evLAAsaEKObBajQzmQOQMcIQjHLwQgSisIaDwBdS5LHfwK7yhAHVVyX+8CrdAA5HB5gdehQ3Yoxpd4ZcAmDqbD//xKISEIjhU//zHoxDmXQaeFRhOZ8CmzuDOf3wKf8DsDfnyH6/CHJi6P//xKjyDJethVehBpMI7DPgVwrPCCgb8AK5wDwGFcNMF8EkCASOx1QcAGUxu1untnFIAAAAASUVORK5CYII=', + '3' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMxBQugk2AAAAB3RJTUUH0wUOEDU3duv4qwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATdJREFUeNpj/M9AHGAiUt0IVciCzPm7ZceZB28YGBQkLHwcmNFU/keANRJI4ioH/qMAJIUlaHatwaFwBrqrOO5gVfiCB8P9KVgVVkAtnPDh/wkLCFsGq0IFiGQLiH0D06P/GWHJ7O+NOzfuXLlzQRrEhgSawHscwYPurxAcwQMBf/4/aIAYyHIGr8IEeDhO+Y9XoQNUncwOVHGMRPEDSovc+IkzrpGDCQgUbuC1WgBhhsIHfAp3vPn/oIIFKfRxKQSDGohCA4IKX0DTD7YoRAWMUJ9iyQpbn4DBBWUQ5yFEDDnFw622gXAzwBxoYvfB5sYlUI0lD/4/gWWKJdgU/tHAcKjCD6y+PsGCpo4FJbaRgmcNqkqWCThTzxkTJHXo+Ro1HA9uOPHiATDlKJj4eKCVFIzDqWgGAK7GW/haPS+zAAAAAElFTkSuQmCC', + '4' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMyqWttCEAAAAB3RJTUUH0wUOEDUxn4hdngAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKBJREFUeNpj/M9AHGAiUh2FCucyQgCK4H9McIAFixwWhQ8kGIhS+MWAgTiFIQzEKWxhIE7hFgbiFF7hASkQIajwjQpInuUAIYV/XMDyU/4TUlgAlk75T0jhArCszR9CCk+AY07mxX8CCp+AY47nzH8CCn+YgOWW/CekMAYsVfMfl0JGmCBq4kNEDp2zAn0UMmItABjRvDykPTO43DgyFQIANP6pTFLWAdoAAAAASUVORK5CYII=', + '5' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMzPy3XhEAAAAB3RJTUUH0wUOEDUk8lW5dQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQpJREFUeNpj/M9AHGAiUt2oQuIVfmREBzgU3iHWxAfEKiTaRFpZnfAfAbAr/AsxUYagiVCbeQgqhPpFYmukLCOrZupRNJUIB02BCAjAZCK+/Ed2LoJZgm6bzRfsCgMw3JWAXaEBpg8uIGSRPPMBQmXc+P+iggXCnoOQZUQK1K8PgEAjGcQs7QGL6FzG5mtkcAUiyYIQYcRRUkDTLEIWR1b4ixamQMPhrKUP3rx48eDNFXmwdyFiOthixgXqaTAnBcKpwRaOS6A6Mx78fwBVx/IAm8I/KsTGzAkWNHUyb7Ar/L8GNSlK3MCRev7/v+CApC7kBUoUoAX4yQ0nHjwAWqpiE6GNFgNDoAwHAKC2Q2lMNcCmAAAAAElFTkSuQmCC', + '6' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNAObRd4vAAAAB3RJTUUH0wUOEDUc2lcB6wAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUh2Gwq2puryMjKKmmSfRVf5HBkcMEBI+L1CkUBROYUE2QuMFLoVr0CzzwKHwhQC6szZgV1gAtfHI/xs2mEYywsPxp8QHEMVxQ56B4aaJiIKIiIRCPDZf74DwI/5jB4hwPAChbAgG+BWoExlOxkoysuqW3sUV4BoQ/p0SqARLB44AF4HIByDMKMCuEIu7phCrUOADNl/DgMOJ/09SIMwPC7B5hgfC1/kB4kRAOC7YrFaByM0Ac85AOCLYrFaBhSMIQNPlG2wBDg3HP2CSGU/MuEAoiKVXUWxB9cwPiG8UwEGSg5FCMNOjwZ4/byqgpqwgMoWr/MGeZ1agqWPZgSNz/Z+AqnDCf1wK/29B8qbKDhQpRtTE8HfLjjMP3jDwKJh4hKCGJSPNC6lRhTRWCABWpdoxd/bZ4QAAAABJRU5ErkJggg==', + '7' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNA18/fMoAAAAB3RJTUUH0wUOEDUVo4u5TwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt2oQnorZIGzGLFJIyJ40HqGhUiFPFuQ/YUFPBGBmLcDSQybwj8OEDOW/CegsAeiruQ/AYV3OMDqTP4QUugCceCN/wQUQn1a8Z+Awj8qYHUiHwgpXAAxcMJ/Qgp1wOoEPhBSuANiYM5/QgpjIAovEFL4gweszgAz0NASxZ4vYMqHYDKDBiIWhWhWa0CS1x9CVn+8AaYsmAlZfQRC6RDMChADGTQIKjxDrMI7EEoBi0JGlMJe8AOY+sFOSCEeQHQBAABCZ7xyT9fJhwAAAABJRU5ErkJggg==', + '8' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNBeBnwpSAAAAB3RJTUUH0wUOEDUOKe5wowAAAAlwSFlzAAALEgAACxIB0t1+/AAAATVJREFUeNpj/M9AHGAiUt1AKmRB459cc+DBGwYWGQ2LEG1Umf/I4IELkozLA2QpFIUXJFDMEDiBQ+EHGTR3yHzArrAFwwct2BXqQGQ1zvw/owFh6mBXCDXmDJB5BsOrjEhxzfoHIgkiGCGB9xtrgEPtOwvEV6FWY4+ZAAgVc5LhZgKEGYI9wN+gBiPu4Pl/BFWlxA1cMfN/C0rUr8AVhX8K0KyuwaEwASNmarAqPACVTXnw/0oENBFewKYQGhYZYE4MVBM2hVAvQ1LhHQhHBVsUMjIgYhCdhy3PPASTd6GOxBYz0KhOQHajDjY3pkC1Rlz5fweqjqEAm8ILGK5gYLlDZICXYI+ZLzZo6gL+4EgUfyo4kJQJtCCpQ8kKQPB2zZ47L14AU5iMgUMAN7IM43AqHwdQIQAhMPz6Gz5V/wAAAABJRU5ErkJggg==', + '9' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNCQ+T2tEAAAAB3RJTUUH0wUOEDUHUDLIBwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAUZJREFUeNpj/M9AHGAiUh26wr9rE3V5GRlFTTM3/kVT+R8Z7FBBSKjsQJFCUTiFBcWMCbgUHmBBs20FdoV/VNDUMQi8wapwDVS65s2fPToQZgFWhRFIkm8kwGyeH9gUQm2+Aua0QDhb4LJI4XgHQmmDSRMIZw+emIEENAeEcwObQhEIdQHiABRbUGPGBSIQAWL/gHqbB5tnJkC1Fjz5f8IGwxwkhR8EsCQarFE4hViF/wsQCgKgHsSu8H8HLFkUQL2rgUPh/zslOiwMEjFH/kND2geXQvQgqMAWhSjgAIRygAswIuXCpXfevHjz4M0ZdQaGhxo/wAnyBTuWmPnvARGxuPH/iAa+9Ph/A7r9Ai+wK/zvg6ZwzX8cCl9oICtjmfIfl8L/bwIQ6gyO/Met8P//EwUmwHTJo5OyBU2CkdaF1KhCWisEAM/sJxmZkdWnAAAAAElFTkSuQmCC', + 'A' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFwy1U7TfAAAAB3RJTUUH0wUOEC0ZKCZtPQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAO1JREFUeNrt1LERwiAUBuAHZ2GRwsIypQMwQEZwgBQpM4QDZBSLFI7gCA5gQWGRdA5gkTuMSh48eMTUnq96wH98B+QiDCwruTD3D76qF676ueAp0Y9lSBXeSkFWaLAje3T+kkzK4SgpBzZw8pqxJWcdOJuRsyGPbWDk0tS20zw9SXsobdfytJVXdzNsP61i6Zt3K7Ht0UeUgbPdjsrOXMd+2IS2C2qb271HVWi7YANcNXFQsUEVBTXwNdl46jYRxPl52dnwRUZbhkLSDmS8DnxFRWiULxg8UxvobefuRR8ZQYDKtffVVcQWv/RrfgJC4bd0upw4MQAAAABJRU5ErkJggg==', + 'B' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGAusrz2zAAAAB3RJTUUH0wUOEC01Gv4B3gAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNpj/M9AHGAiUh0tFTKiAUHL2rsoKv9DARZDWFr+IwA+hQwMFcQqZDhCrMIIYhWK4FYIYv8444PuV+wK//9/A+UJwBUSCHAL3OEIsdoFyttCpGdiiAtHjoY/RCnk6PlBbBRKrCE6CqcQq5DlDs5whIT3CgUI788EvOEIBCegXB2YPCNMBSNMISqf5TeUjysK90LpP/itfrFEAhZCMHkWdKMYUbk2MAah7BqD02pUYEFkgMu8IE6hD0IdpmegwSejoKLjoY7syaFU7A0HhQA2e4cJytImvAAAAABJRU5ErkJggg==', + 'C' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGBbPqVFqAAAAB3RJTUUH0wUOEC4BEGemqAAAAAlwSFlzAAALEgAACxIB0t1+/AAAASlJREFUeNpj/M9AHGAiUt2owkGrkAWV+3TDgRtPPjBwyGiYBOijSv1HAlcCkGUcTiDLISvsQDOeZQp2hQWYDpuCTeEEbD44ganwDgc2vxpgKoyAyUWc+f9hjgCMtwFd4RuYRxog/ueBcl3QFc6BSmj8gfBrwE40yFmCrjABqrAH5mSZgJ4jX7AEjwlU4Zn/OAAsrp9AaRlccc0IzdeMsBilOPWQrBDmtpfEKnwBpZ8qZq58i6IS6vscKHcBcgQYlOz4gh6OK6AKfaB8G5hN6Aq/wBLPHjB3CczCFIzUA0u2PD0v/j9pgaf1ExgK3wgwYAEOWFL4GizqWC5gyzM1mArnEJkLZ2DPhf//n3BAVmeDkq8ZUZPL3TUn7gBLCgYFBYsAcxQZRmKrDwABNsv9SJSDwwAAAABJRU5ErkJggg==', + 'D' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGC1+orhOAAAAB3RJTUUH0wUOEC4yr7fHvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt1AKmSBsxiRhXlkNBxCpFFU/ocBTDMyPvxHADwKGRgUbhCpkEHiCZEKGRyIVciwArdCIPPFGg8YzwSvQiBogXFvEFD43wDKnQDl44yZGCh9glAU2sCsJqRQBkq/gMUw3G2wuP6PnU/H9PgRSgsQUvgESosQUngFSqsQUrgCSsNiCFcU7oBx9+CL6w8XamB5SeUPkelxAZEJ1+YPcQolXhCXFTTuEJULOUq+IOVrFgasQELBxMaHG1mEcTiVjwOoEADAIkCnGpmJKgAAAABJRU5ErkJggg==', + 'E' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGDeDwEE0AAAAB3RJTUUH0wUOEC8CkHXGUwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt2owkGrkAXGYMQqjUgJQ8EzpPsa05+D140oMYTk4KEQ4MMqZqgUhcM1czESW30AABfqB1XDnLzcAAAAAElFTkSuQmCC', + 'F' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGQe8AkDZAAAAB3RJTUUH0wUOEC8JB6cf2wAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt3wUsiCYDJikUYE3lDwDDm+xvTp4HUjIoaQXTsUAnxYxcyoQryAcUSWuAAW/gZTg/yEMAAAAABJRU5ErkJggg==', + 'G' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRFI1vWIAAAAB3RJTUUH0wUOEC8QY8y3GwAAAAlwSFlzAAALEgAACxIB0t1+/AAAASZJREFUeNpj/M9AHGAiUt0IVciCwvt7ZM+FOy8+MDBwSEho2AQII8v9R4A/U2RQtHEUfEBIIim8YYBhn8oNLAqP8GBxmcwbDIU3sKljYIhAV/jHgAE7uICmcAJMQqDmwp//D2YowPgxqAr/wPyr8QAi8EEHwleIQFW4BxYicG+eEHEomHECET5QhRVQhQn/cQFoFJ6AKgwgFNcPoFwdnAoZIXmGERahKDwkIdqlR1j4PiRW4RVCCmExvQenQrSYEXiDiAoUBfC4loAK23yBSnzArhCRehRmAJPFnRUxHDgU/lDA7zZECj/Cgl2dAkaeWYNVZcoHDIX/94hgKLM4gS27/v9QIICizGMDkiQjSon7c8eBCw+e/GFgkZEwsHCRRpZiHE5FMwCa2YE+WcAOUwAAAABJRU5ErkJggg==', + 'H' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRw2Z4k1AAAAB3RJTUUH0wUOEC8agxleBQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD1JREFUeNpj/M9AHGAiUt2oQvyABUozQml4+KMLDAXPDAWFLGh8RlwKh4JnaB88GOlxELhxVCFewDgEynAAN2sFVHAvevkAAAAASUVORK5CYII=', + 'I' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGSlg1E0WAAAAB3RJTUUH0wUOEC86uHd+zQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt1AKmRBMBkxJJE9OhQ8Q32FjGhxDQsjjCQwFDwzqnCwKkRKZqO5EBMwDqcSl2iFAMMeB0s/kLo2AAAAAElFTkSuQmCC', + 'J' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGywiiNsbAAAAB3RJTUUH0wUOEDAFw0tdbgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKdJREFUeNpj/M9AHGAiUh3xClmwijJCaSR3Ud/qUYWjCklTyIHEhifctw8ePHgCxO+B7L9QMQlsChW+QOiX4gwMd6BiItisVoHSB6AYWQwM/kNBBszkC/9PwKyc8B8B4Ar3YPHMHWwK/xtgqAv4j1XhEfScK/EEu8L/a1BVStz4j0Ph/yPItoe8QFH3nxGlkNq75cKDB0DDVBwitNEcwjhwpdmoQrwAAN6ioiFapgUdAAAAAElFTkSuQmCC', + 'K' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHAEoFhGpAAAAB3RJTUUH0wUOEDANzZDVXAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPZJREFUeNpj/M9AHGAiUt2owgFSyAgFMOGDrDARxkKo0H8wYEDh/b/AAzepACqEVeEdCQx1WBW+0ICry/mPR+EXE7i6kD94FP5xwaYOi8IIrOowFRbA1Xkgq8NQ2ANXZ/PlPx6FS3CpQ1fIAmOIoKn7jxbXf2CMNxvQIxvVRAQQ+YDXaiSQQqxChiOEFGoIQGidP/gVStxogLI68CqUuPH/BzSVcTzAoxCo7v//ObBIxK0QrO7/H1iCXIFT4QkIFxbaMh9wKYQJO0D5OYQUnoDF/QkCCuHJ1+APAYV3YOloAgGF8JTO84SAwjfQiGQIgPAZqV4rAACnKSarzdlc4gAAAABJRU5ErkJggg==', + 'L' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHA64qQw4AAAAB3RJTUUH0wUOEDAXMPIsJgAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt2QUMiCYDJCaezhMBQ8M6pwVCEdFLJgCjEisRH5Zyh4hvoKGUdkQUq0QgARaARRV9jUFQAAAABJRU5ErkJggg==', + 'M' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHBhMfblpAAAAB3RJTUUH0wUOEDAqaJpgNwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPNJREFUeNrdlK0OgzAUhS8bCQYxMYmcmEAgEAgejQfZQyG2pAIxOYlATkAu691o2tvSYia2iv7lyzn3NG0jhG1tt5H7Aggom7ZuaKPhBFqKV+pFWDGjjcxStEAYXuvBkrKtoVX+gdRiK9i6sxjgeVGUMJzWwZLACaZOTqoAOAronmrlBuvPkQsIgHn8BqnE2AMmhaaYJ57jqTRFMwsDyW249XaJLhAujizm7UFM5XCUXTqiTvBLQYWRc7H3WWt+3NmlyGbOGh9q/45mjQxUb+CA6A2jSqu5MweX0ooQWLJxLYx6fz0GwmBOsww5GP3At/dX4Ayb7qpFI9y5ygAAAABJRU5ErkJggg==', + 'N' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHC6DxyzwAAAAB3RJTUUH0wUOEDAye/b4YQAAAAlwSFlzAAALEgAACxIB0t1+/AAAALRJREFUeNpj/M9AHGAiUt0IV8gIARsRMlAROP8/BEB5Ii/+/0cVgXNRhRk8iFXIMIFYhRxXiFTIYPCDSIUMBcQqZNhDrEKZN0QqZAggViHDHIIKRSAUzx1CCrdAaZM/BBT+z4Eyaggp/KEDYbAcIaDw/wUWCEuBkML/PagBgFvhfxdiFT4RIVLh/zXEKvyfQqzCLypEKvx/hoVIhf9biFX4x4ZIhf8fCBCp8P8KNBHG4VQ0AwDEOyeZhO5p1AAAAABJRU5ErkJggg==', + 'O' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQExDSDoAAAAB3RJTUUH0wUOEDA4myMRfwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUt3wUsiCyv265ciZJ08YGGRkDGwCuFGk/iOBDwU8SDIcGS+Q5JAV7hBBs45nAVaFC1gwXTYBi8IdWNQxMCzAUPhBBJs6Bp4n6AoLYFI6az78f7NEB8ZNQFP4QwAqEfADwg+A+f0NqsI1UHGBDzCnSKC6EhYzB6B0Cj+UwZ+CKgNTeAZKu8C94QGlL6DGjAyU+wAeXC+gIiIQLiM0KzDC9CFCBlWICsnsL3aFMDc+hcs8QZWBKYSF2g24whvYFZpA6T1whUegNCwyoYGxAmYyLGZ+wOxYghqFX2BpO+APmP8nBspHj2uk1LPizf8PGyxgXPTUQ3x6JDqF//8/AYs6bHkGmCYF0O3FnguBCSaFA0kZS8IDJDlG1IIUVFK8eABMWzI6DgHCyDKMI7LEBQCD5YgI9wbKGgAAAABJRU5ErkJggg==', + 'P' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQvR2Mn2AAAAB3RJTUUH0wUOEDEDMzPJGgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKVJREFUeNpj/M9AHGAiUh05ChlRAKdu4k5Ulf9hANMQiwf/EQCfQgaJB0QqZHAhViHDEbg0AV8vwRM8QN0v5vBAOSfw+BrMWQDl8MClGeEKGGEKQcRXHmQemTGD1RMy+N14o4MDyvGAS7NgGMaIzPHAYyIy4HhBZMy0EBmFIX+IUsjRgqQOi2fAgEVBwyVGGEUEQw2O3EbLzDWSFDIOhtJsVCEWAAC/Yt2X+2PYcgAAAABJRU5ErkJggg==', + 'Q' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHRxSC0wxAAAAB3RJTUUH0wUOEDEKSu9xvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAW1JREFUeNpj/M9AHGAiUt2QUMiCzPm65cCZF08YGGRkDBx8uNFU/oeDDwU8SOIcBS/+IwOEwh0iaEYIrMCqcA4LprsmYFG4A4s6BoYFGAo/iGBTx8DzAl1hAUxKZ8WH/29W6MC4KWgKfwhAJXx+gPl/QmB+/4KqcANUXOQDVPiLBFRkCUwhJGb2wGzihzK4U6CMA6hReAbKc4F7wwFKX0CNGRkoB+HJJ1ARGZgAIziFM8J0IUIGXYjMZPaXkEJYYDyBiz+EuRFVoQKUdwWIz6qWvmRguAMVkUBVaIIUalPu9GgshIefAWrwrIHp//L/DQc4KjFiBi2uQ/7832KB5AX0uP5fAZOx2PDhfwNCIXrq+f9BhgEb4HmCkcL3YE3hSHkBnmfWYFMpsoaYXAgGDgcwFKLlaxYOCG2DqRCYrldkmIACUMIgZsaTI5Cg3IBNISp4AoovlT+EFf7/kYPkb3wK//8/YAGPGcYhUIYDAHBC9Yak1w7iAAAAAElFTkSuQmCC', + 'R' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHSkEuIgSAAAAB3RJTUUH0wUOEDEUsOBM3QAAAAlwSFlzAAALEgAACxIB0t1+/AAAAOZJREFUeNpj/M9AHGAiUh0NFLJAaUY0YRkJHYcQdmSh/xCAzRCZHf8RAJ9CBpYNRCpkEHgBV4jfMx+mEOVGIDDAaTWY82aPBZTLgV8hUCkaH6cbP8B8gxHgyODjgwstMDfiVIgWQyFE+lrhB3EBznOFuJgxuUFMXPPEbPmDpA53FH55osKMIoAe4F826MDMvPMfj9WgWFGBBeIf/Ar/H4FxJhBQ+B8WzCIfCCi8A4uvBgIK/2fA/POCgMIXHFBuDqH02ABLM3cIKPwgAuVHEFD4fwJM4AIBhT9goe4AFWAcAsXesFIIAEvJyZHTCSiTAAAAAElFTkSuQmCC', + 'S' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHTRnvuTLAAAAB3RJTUUH0wUOEDEbIF9RTAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVZJREFUeNpj/M9AHGAiUt2oQvyABYX398CWK3de/GBgkVEw8HFgRpH7jwSWqCDLyCxAlkNS+CcG3boY7AozMB3Wgk3hGSw+4HgBl0b4egIWhT9mYPGMBFQg4MH/D2tgvrKASzPC0yMjlP7CDSTOmrDIMDDwiHBsxzSRBypw5j9WgFDoAPNAxIQjX/ApXIDsC4OCLV9wKfzjwIACOEIO4IiZFxbooePzAqvC/z9qONBUStzAqvD//zc9BqgqNX5gVwgETxbkmCClvSk4FYLdsCMCptAGI2YSGV78+PLmz5MX4mDu1ByIMM9n9JiBxe4caGChy8MZMMsUIEFyAMoVwVC4BGaEwpI3/9/MEYGlJQyFPwQYsIE1mL7GlnCR0iNSXLtgqpO4gy1mvtigq1NAxCBKgP9pEUFWxlOCnNIYUYrmn3v23Ljx5gsw88sYOPhwI0sxDoEyHAABtSc836a1EQAAAABJRU5ErkJggg==', + 'T' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHgUdTbcyAAAAB3RJTUUH0wUOEDEgkVS4aAAAAAlwSFlzAAALEgAACxIB0t1+/AAAADdJREFUeNpj/M9AHGAiUt0IVcgCpRlxyMODeSh4hmiFjGipB+Z7jEQ1FDwzqnBU4WBSyDicimYAb/AFTaJpyH8AAAAASUVORK5CYII=', + 'U' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHhEHl2NPAAAAB3RJTUUH0wUOEDEon48wWgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKlJREFUeNpj/M9AHGAiUh3xClmgNCOUhrsEXYD6Vo8qHFVIuUIVKP0USr+E0jLoCjWg9A4ovQVNHJjUIaADZsILMPeFApRfA5X/D1N4AaZRYc6b/2+WwNQxXEBX+N8Bqxcc/mMoPMGCRR3LBUyF/2dgUTjjPxaF/6egm8ky5T9Whf9P2KCoMziBJPefEaWQurjnzIMXL34wsMhoWHiYo2hjHLjSbFQhXgAAKzejCLAOcVMAAAAASUVORK5CYII=', + 'V' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHh/gL05IAAAAB3RJTUUH0wUOEDEuduyVbwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVNJREFUeNpj/M9AHGAiUt2owoFRaMgIAYlIMqlQMUMo/z8ITIByRP78hwMRqNgECBei8AULVPQIXN0RqAjLGwgfYrW4B1R4DdzmLVDaQxjZ6v8roDwVuIkqMK3/ka3+/0MAKn4FKn4D5uof/5GtZmCPgEpsQHNDBDsDitVwt5tA+RZQ/pn/qFYj3PQEzHsC5WnA3QyPmQQU3+5AE0VYDTfDBcxzgQbik/8YVv93gMp9AbK/cEAD8T+m1TBb/oD8veEHhs0IE2GmxADZMRAmz4//WKxGkv3DA2Gm/MeqcA/Ujj1w1hHsCv/LQKQz/megRzyawgqIvAxMRwsuhbCEAEvGT3AphEUwNCU5IEv9R8lcUH9/wAxE5HAEgjccSBI8X3CbKOyBxAnhxm3i/w1IEgdQZFA98/+PCFydDKo6VKsZmGPQ0wgOq/+fgYvfQTORkeq1AgCIAvD7+THsDgAAAABJRU5ErkJggg==', + 'W' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFhZRKnzkAAAAB3RJTUUH0wUOEDIR66frkQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNrtlK1ywkAUhZdMZsJMKyIqKhAIBAKBiEBEVCDyCJV9iIo+Do9QGRERgUBEVCAqKhAIREVERURnTvfn3t27xSA6g+kOQ/ZkP/aec5NlBHXZSC7k/sE/AhUwoVkDPQ58/2RUQ2IC6B1XpN7MV8tg62/pUdjSDO7OwR2J0pbekpqZYlMG50bNSGwBDQ4pyV5YtCZ7mqZf1mO2IN2Jynba0XRx49pThjQCbEKWFfVRpIlBzlK4PuLdpxEWlTr4LHvYMEDOaTYS3HCW3DAJt8mmaSXYchZbOfEzkyYGZRbrEbX8qe7GMpLqFeyxV9F4fon1pwcxjxbqJpJTBPBJLoyHYSz1I3xq78aOMssepHZZHFjKhbX9/AZd6e9bsdABeyHTQXiE2PLO6PugCwiP/r1QVLYSlpXwKE1Wno7b7jY+hoWj0aegPyA9+jPrzgqwZJ0j8hhMVtElmDoD19FFPAvamc+sOXBm+KdYEzC63p/9D7Tr72kj/8qjAAAAAElFTkSuQmCC', + 'X' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHi/G9n7kAAAAB3RJTUUH0wUOEDIXAsROpAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAT9JREFUeNpj/M9AHGAiUt3IVhjKCAFr4RJroSKBMIH/YPBEAMITeQLh//8gAxHggQlAFf6fAdXnA+WnQPkT/qMp/O8AlVkA5h2A8kz+YCi8wQGREngA5PxQgXBYzvzHUPi/A2qIA5BdAmUX/Mei8I8BVHbK/wssEJbMB2wK/5+ASvPcgGlZ8x+rQriFAmghgKHwiwJKXPA8wKXw/x4UhT3/cSr8n4CkzuAPHoVvRODqWE6gyPxHTT1ffiAUCjCgAhRtDkgSFnisnoJixAScCh/wEBk8DmiucsChcA5MQQSMMQWrQlgiZ0iAByey5QiFPlBZnS//v+hgxjZc4QKYKVeAnCswby3AUAi3eAGKNoEn6Ap94A5EjXUfNIUrEA6EALgzl6AohCUGsAMhAOZMkTfICkMw3I5wZgiEyzicimYAFRFkVwgDfJ0AAAAASUVORK5CYII=', + 'Y' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHjkyIsu1AAAAB3RJTUUH0wUOEDIkvRQvsgAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNrt1L0NgzAQBWAcUVB6AAZgBAoKhmAICoZgCAoKxmAECkbwABSUlBRILwF8duwYhFJEihJ37+6T5T9g8K6N20X3FdDDNjKKOeTIqZLtWcKBU73bCx1lPhgQNTWieY1zRLmGCZFQp1xTSSmBDUUgW754BF+GQLxAPUkMxMb0FlzUsqpKLXhxQPRqo+oIerggCvuMC7jhFJounA4gWhO2OIL6Jp/uzglHrh0fTyAaDRucQaTkUpxDQVBYDWZ/hYze6bsv/A8/DNlP/kgvwzuer4kCMGPZDgAAAABJRU5ErkJggg==', + 'Z' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHwfqWOdfAAAAB3RJTUUH0wUOEDIrLasyIwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAL5JREFUeNrl1C0OwkAQBWCWQIJEVPQIFT0GAlHBMRBIBKIHqahAIDlERY9R0UOs3ORh5qVLunmp5GfUZvczbzKzDqtltV7ofgtueHCp16h33xBGwn0KYqoTO/J868Csaj418e0cPujOkLDfmTsECcfcXOGhoC/NZQMUDBUDd5DwxiAtJGzprpCw48xVQcIhM1d6KOgLc/kIBcORgXtIeGGQOyRs6Oq0g7P92YbkRE7bRZhcwhh+6nLF5f7yx30B8Z7FgxzMWtEAAAAASUVORK5CYII=', + ); + + return $_png; + } + + ?> \ No newline at end of file diff -crN phpbb208/includes/usercp_register.php phpbb2020/includes/usercp_register.php *** phpbb208/includes/usercp_register.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/usercp_register.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.57 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.74 2006/04/05 12:42:23 grahamje Exp $ * * ***************************************************************************/ *************** *** 21,26 **** --- 21,39 ---- * ***************************************************************************/ + /* + + This code has been modified from its original form by psoTFX @ phpbb.com + Changes introduce the back-ported phpBB 2.2 visual confirmation code. + + NOTE: Anyone using the modified code contained within this script MUST include + a relevant message such as this in usercp_register.php ... failure to do so + will affect a breach of Section 2a of the GPL and our copyright + + png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved + + */ + if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); *************** *** 60,65 **** --- 73,79 ---- // --------------------------------------- $error = FALSE; + $error_msg = ''; $page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register']; if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) ) *************** *** 93,99 **** $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } ! $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); // Strip all tags from data ... may p**s some people off, bah, strip_tags is // doing the job but can still break HTML output ... have no choice, have --- 107,113 ---- $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } ! $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code'); // Strip all tags from data ... may p**s some people off, bah, strip_tags is // doing the job but can still break HTML output ... have no choice, have *************** *** 106,111 **** --- 120,127 ---- } } + $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; + $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature'); while( list($var, $param) = @each($trim_var_list) ) *************** *** 116,122 **** } } ! $signature = str_replace('
', "\n", $signature); // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. --- 132,139 ---- } } ! $signature = (isset($signature)) ? str_replace('
', "\n", $signature) : ''; ! $signature_bbcode_uid = ''; // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. *************** *** 138,144 **** } else { ! $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : 0; $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; --- 155,161 ---- } else { ! $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig']; $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; *************** *** 178,183 **** --- 195,201 ---- $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat']; $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); + $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : ''; $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); *************** *** 185,192 **** $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : ''; ! $user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; ! $user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) ) { --- 203,210 ---- $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : ''; ! $user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; ! $user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) ) { *************** *** 205,218 **** $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } --- 223,236 ---- $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_category . '/' . $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } *************** *** 253,258 **** --- 271,327 ---- } } + if ($board_config['enable_confirm'] && $mode == 'register') + { + if (empty($HTTP_POST_VARS['confirm_id'])) + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + else + { + $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); + if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) + { + $confirm_id = ''; + } + + $sql = 'SELECT code + FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '$confirm_id' + AND session_id = '" . $userdata['session_id'] . "'"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + if ($row['code'] != $confirm_code) + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + else + { + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '$confirm_id' + AND session_id = '" . $userdata['session_id'] . "'"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); + } + } + } + else + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + $db->sql_freeresult($result); + } + } + $passwd_sql = ''; if ( !empty($new_password) && !empty($password_confirm) ) { *************** *** 344,352 **** // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register' ) { ! if (strtolower($username) != strtolower($userdata['username'])) { $result = validate_username($username); if ( $result['error'] ) --- 413,421 ---- // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register') { ! if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register') { $result = validate_username($username); if ( $result['error'] ) *************** *** 371,377 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Signature_too_long']; } ! if ( $signature_bbcode_uid == '' ) { $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : ''; } --- 440,446 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Signature_too_long']; } ! if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' ) { $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : ''; } *************** *** 389,400 **** { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) --- 458,469 ---- { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) *************** *** 407,425 **** } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) ! { ! @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); ! } $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) ! { ! @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); ! } ! $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); } if ( !$error ) --- 476,488 ---- } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { ! user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { ! user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); ! $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category); } if ( !$error ) *************** *** 459,464 **** --- 522,534 ---- message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql); } + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } + if ( !$user_active ) { // *************** *** 467,488 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->use_template('user_activate', stripslashes($user_lang)); ! $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); $message = $lang['Profile_updated_inactive'] . '

' . sprintf($lang['Click_return_index'], '', ''); } --- 537,592 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN ) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->use_template('user_activate', stripslashes($user_lang)); ! $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) ! { ! $sql = 'SELECT user_email, user_lang ! FROM ' . USERS_TABLE . ' ! WHERE user_level = ' . ADMIN; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql); ! } ! ! while ($row = $db->sql_fetchrow($result)) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->email_address(trim($row['user_email'])); ! $emailer->use_template("admin_activate", $row['user_lang']); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $db->sql_freeresult($result); ! } $message = $lang['Profile_updated_inactive'] . '

' . sprintf($lang['Click_return_index'], '', ''); } *************** *** 667,672 **** --- 771,777 ---- // $username = stripslashes($username); $email = stripslashes($email); + $cur_password = ''; $new_password = ''; $password_confirm = ''; *************** *** 691,696 **** --- 796,802 ---- $user_id = $userdata['user_id']; $username = $userdata['username']; $email = $userdata['user_email']; + $cur_password = ''; $new_password = ''; $password_confirm = ''; *************** *** 753,759 **** $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { --- 859,865 ---- $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $new_password, $cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { *************** *** 764,772 **** $coppa = FALSE; } ! if ( !isset($user_template) ) { ! $selected_template = $board_config['system_template']; } $avatar_img = ''; --- 870,878 ---- $coppa = FALSE; } ! if ( !isset($user_style) ) { ! $user_style = $board_config['default_style']; } $avatar_img = ''; *************** *** 799,805 **** if ( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF']; --- 905,911 ---- if ( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF']; *************** *** 835,840 **** --- 941,1016 ---- $template->assign_block_vars('switch_namechange_disallowed', array()); } + + // Visual Confirmation + $confirm_image = ''; + if (!empty($board_config['enable_confirm']) && $mode == 'register') + { + $sql = 'SELECT session_id + FROM ' . SESSIONS_TABLE; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $confirm_sql = ''; + do + { + $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'"; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE session_id NOT IN ($confirm_sql)"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql); + } + } + $db->sql_freeresult($result); + + $sql = 'SELECT COUNT(session_id) AS attempts + FROM ' . CONFIRM_TABLE . " + WHERE session_id = '" . $userdata['session_id'] . "'"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + if ($row['attempts'] > 3) + { + message_die(GENERAL_MESSAGE, $lang['Too_many_registers']); + } + } + $db->sql_freeresult($result); + + // Generate the required confirmation code + // NB 0 (zero) could get confused with O (the letter) so we make change it + $code = dss_rand(); + $code = strtoupper(str_replace('0', 'o', substr($code, 6))); + + $confirm_id = md5(uniqid($user_ip)); + + $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) + VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql); + } + + unset($code); + + $confirm_image = (@extension_loaded('zlib')) ? '' : ''; + $s_hidden_fields .= ''; + + $template->assign_block_vars('switch_confirm', array()); + } + + // // Let's do an overall check for settings/versions which would prevent // us from doing file uploads.... *************** *** 843,853 **** $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; $template->assign_vars(array( ! 'USERNAME' => $username, ! 'CUR_PASSWORD' => $cur_password, ! 'NEW_PASSWORD' => $new_password, ! 'PASSWORD_CONFIRM' => $password_confirm, ! 'EMAIL' => $email, 'YIM' => $yim, 'ICQ' => $icq, 'MSN' => $msn, --- 1019,1030 ---- $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; $template->assign_vars(array( ! 'USERNAME' => isset($username) ? $username : '', ! 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '', ! 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', ! 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', ! 'EMAIL' => isset($email) ? $email : '', ! 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, 'ICQ' => $icq, 'MSN' => $msn, *************** *** 942,947 **** --- 1119,1128 ---- 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'], 'L_EMAIL_ADDRESS' => $lang['Email_address'], + 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '', ''), + 'L_CONFIRM_CODE' => $lang['Confirm_code'], + 'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'], + 'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'], 'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'], 'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'], diff -crN phpbb208/includes/usercp_sendpasswd.php phpbb2020/includes/usercp_sendpasswd.php *** phpbb208/includes/usercp_sendpasswd.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/usercp_sendpasswd.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.11 2003/05/03 23:24:03 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.13 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 29,35 **** if ( isset($HTTP_POST_VARS['submit']) ) { ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang --- 29,35 ---- if ( isset($HTTP_POST_VARS['submit']) ) { ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang *************** *** 50,56 **** $user_actkey = gen_rand_string(true); $key_len = 54 - strlen($server_url); ! $key_len = ( $str_len > 6 ) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = gen_rand_string(false); --- 50,56 ---- $user_actkey = gen_rand_string(true); $key_len = 54 - strlen($server_url); ! $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = gen_rand_string(false); diff -crN phpbb208/includes/usercp_viewprofile.php phpbb2020/includes/usercp_viewprofile.php *** phpbb208/includes/usercp_viewprofile.php Sat Jul 10 20:16:27 2004 --- phpbb2020/includes/usercp_viewprofile.php Wed Apr 5 18:53:36 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.1 2003/02/25 23:28:30 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.6 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,38 **** --- 33,43 ---- } $profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]); + if (!$profiledata) + { + message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']); + } + $sql = "SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_special, rank_min"; *************** *** 41,46 **** --- 46,52 ---- message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql); } + $ranksrow = array(); while ( $row = $db->sql_fetchrow($result) ) { $ranksrow[] = $row; *************** *** 159,166 **** $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; // // Generate page --- 165,172 ---- $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; // // Generate page *************** *** 168,173 **** --- 174,188 ---- $page_title = $lang['Viewing_profile']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); + if (function_exists('get_html_translation_table')) + { + $u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES)))); + } + else + { + $u_search_author = urlencode(str_replace(array('&', ''', '"', '<', '>'), array('&', "'", '"', '<', '>'), $profiledata['username'])); + } + $template->assign_vars(array( 'USERNAME' => $profiledata['username'], 'JOINED' => create_date($lang['DATE_FORMAT'], $profiledata['user_regdate'], $board_config['board_timezone']), *************** *** 222,228 **** 'L_OCCUPATION' => $lang['Occupation'], 'L_INTERESTS' => $lang['Interests'], ! 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username'])), 'S_PROFILE_ACTION' => append_sid("profile.$phpEx")) ); --- 237,243 ---- 'L_OCCUPATION' => $lang['Occupation'], 'L_INTERESTS' => $lang['Interests'], ! 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . $u_search_author), 'S_PROFILE_ACTION' => append_sid("profile.$phpEx")) ); diff -crN phpbb208/index.php phpbb2020/index.php *** phpbb208/index.php Sat Jul 10 20:16:27 2004 --- phpbb2020/index.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99.2.2 2004/03/01 15:56:52 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99.2.7 2006/01/28 11:13:39 acydburn Exp $ * * ***************************************************************************/ *************** *** 118,124 **** message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql); } ! while( $category_rows[] = $db->sql_fetchrow($result) ); $db->sql_freeresult($result); if( ( $total_categories = count($category_rows) ) ) --- 118,128 ---- message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql); } ! $category_rows = array(); ! while ($row = $db->sql_fetchrow($result)) ! { ! $category_rows[] = $row; ! } $db->sql_freeresult($result); if( ( $total_categories = count($category_rows) ) ) *************** *** 182,189 **** // Obtain a list of topic ids which contain // posts made since user last visited // ! if ( $userdata['session_logged_in'] ) { $sql = "SELECT t.forum_id, t.topic_id, p.post_time FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p WHERE p.post_id = t.topic_last_post_id --- 186,199 ---- // Obtain a list of topic ids which contain // posts made since user last visited // ! if ($userdata['session_logged_in']) { + // 60 days limit + if ($userdata['user_lastvisit'] < (time() - 5184000)) + { + $userdata['user_lastvisit'] = time() - 5184000; + } + $sql = "SELECT t.forum_id, t.topic_id, p.post_time FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p WHERE p.post_id = t.topic_last_post_id *************** *** 293,298 **** --- 303,321 ---- ); // + // Let's decide which categories we should display + // + $display_categories = array(); + + for ($i = 0; $i < $total_forums; $i++ ) + { + if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view']) + { + $display_categories[$forum_data[$i]['cat_id']] = true; + } + } + + // // Okay, let's build the index // for($i = 0; $i < $total_categories; $i++) *************** *** 300,321 **** $cat_id = $category_rows[$i]['cat_id']; // - // Should we display this category/forum set? - // - $display_forums = false; - for($j = 0; $j < $total_forums; $j++) - { - if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id ) - { - $display_forums = true; - } - } - - // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if ( $display_forums ) { $template->assign_block_vars('catrow', array( 'CAT_ID' => $cat_id, --- 323,332 ---- $cat_id = $category_rows[$i]['cat_id']; // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if (isset($display_categories[$cat_id]) && $display_categories[$cat_id]) { $template->assign_block_vars('catrow', array( 'CAT_ID' => $cat_id, diff -crN phpbb208/language/lang_english/email/group_request.tpl phpbb2020/language/lang_english/email/group_request.tpl *** phpbb208/language/lang_english/email/group_request.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/language/lang_english/email/group_request.tpl Wed Apr 5 18:53:37 2006 *************** *** 3,9 **** Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderator on {SITENAME}. To approve or deny this request for group membership please visit the following link: {U_GROUPCP} --- 3,9 ---- Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderate on {SITENAME}. To approve or deny this request for group membership please visit the following link: {U_GROUPCP} diff -crN phpbb208/language/lang_english/email/topic_notify.tpl phpbb2020/language/lang_english/email/topic_notify.tpl *** phpbb208/language/lang_english/email/topic_notify.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/language/lang_english/email/topic_notify.tpl Wed Apr 5 18:53:37 2006 *************** *** 1,7 **** Subject: Topic Reply Notification - {TOPIC_TITLE} Charset: iso-8859-1 ! Hello {USERNAME}, You are receiving this email because you are watching the topic, "{TOPIC_TITLE}" at {SITENAME}. This topic has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic. --- 1,7 ---- Subject: Topic Reply Notification - {TOPIC_TITLE} Charset: iso-8859-1 ! Hello, You are receiving this email because you are watching the topic, "{TOPIC_TITLE}" at {SITENAME}. This topic has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic. diff -crN phpbb208/language/lang_english/email/user_activate_passwd.tpl phpbb2020/language/lang_english/email/user_activate_passwd.tpl *** phpbb208/language/lang_english/email/user_activate_passwd.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/language/lang_english/email/user_activate_passwd.tpl Wed Apr 5 18:53:37 2006 *************** *** 9,15 **** {U_ACTIVATE} ! If sucessful you will be able to login using the following password: Password: {PASSWORD} --- 9,15 ---- {U_ACTIVATE} ! If successful you will be able to login using the following password: Password: {PASSWORD} diff -crN phpbb208/language/lang_english/lang_admin.php phpbb2020/language/lang_english/lang_admin.php *** phpbb208/language/lang_english/lang_admin.php Sat Jul 10 20:16:27 2004 --- phpbb2020/language/lang_english/lang_admin.php Wed Apr 5 18:53:37 2006 *************** *** 7,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.9 2003/06/10 00:31:19 psotfx Exp $ * ****************************************************************************/ --- 7,13 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.17 2006/02/05 15:59:48 grahamje Exp $ * ****************************************************************************/ *************** *** 335,340 **** --- 335,350 ---- $lang['Visual_confirm'] = 'Enable Visual Confirmation'; $lang['Visual_confirm_explain'] = 'Requires users enter a code defined by an image when registering.'; + // Autologin Keys - added 2.0.18 + $lang['Allow_autologin'] = 'Allow automatic logins'; + $lang['Allow_autologin_explain'] = 'Determines whether users are allowed to select to be automatically logged in when visiting the forum'; + $lang['Autologin_time'] = 'Automatic login key expiry'; + $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.'; + + // Search Flood Control - added 2.0.20 + $lang['Search_Flood_Interval'] = 'Search Flood Interval'; + $lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; + // // Forum Management // *************** *** 419,424 **** --- 429,435 ---- $lang['smiley_del_success'] = 'The Smiley was successfully removed'; $lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration'; + $lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?'; // // User Management *************** *** 512,517 **** --- 523,530 ---- $lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration'; + $lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?'; + // // Mass Email *************** *** 551,556 **** --- 564,570 ---- $lang['Click_return_rankadmin'] = 'Click %sHere%s to return to Rank Administration'; + $lang['Confirm_delete_rank'] = 'Are you sure you want to delete this rank?'; // // Disallow Username Admin *************** *** 621,626 **** --- 635,641 ---- $lang['Save_Settings'] = 'Save Settings'; $lang['Stylesheet'] = 'CSS Stylesheet'; + $lang['Stylesheet_explain'] = 'Filename for CSS stylesheet to use for this theme.'; $lang['Background_image'] = 'Background Image'; $lang['Background_color'] = 'Background Colour'; $lang['Theme_name'] = 'Theme Name'; *************** *** 725,730 **** --- 740,765 ---- $lang['Install_No_PCRE'] = 'phpBB2 Requires the Perl-Compatible Regular Expressions Module for PHP which your PHP configuration doesn\'t appear to support!'; // + // Version Check + // + $lang['Version_up_to_date'] = 'Your installation is up to date, no updates are available for your version of phpBB.'; + $lang['Version_not_up_to_date'] = 'Your installation does not seem to be up to date. Updates are available for your version of phpBB, please visit http://www.phpbb.com/downloads.php to obtain the latest version.'; + $lang['Latest_version_info'] = 'The latest available version is phpBB %s.'; + $lang['Current_version_info'] = 'You are running phpBB %s.'; + $lang['Connect_socket_error'] = 'Unable to open connection to phpBB Server, reported error is:
%s'; + $lang['Socket_functions_disabled'] = 'Unable to use socket functions.'; + $lang['Mailing_list_subscribe_reminder'] = 'For the latest information on updates to phpBB, why not subscribe to our mailing list.'; + $lang['Version_information'] = 'Version Information'; + + // + // Login attempts configuration + // + $lang['Max_login_attempts'] = 'Allowed login attempts'; + $lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.'; + $lang['Login_reset_time'] = 'Login lock time'; + $lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.'; + + // // That's all Folks! // ------------------------------------------------- diff -crN phpbb208/language/lang_english/lang_main.php phpbb2020/language/lang_english/lang_main.php *** phpbb208/language/lang_english/lang_main.php Sat Jul 10 20:16:27 2004 --- phpbb2020/language/lang_english/lang_main.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.15 2003/06/10 00:31:19 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.21 2006/02/05 15:59:48 grahamje Exp $ * ****************************************************************************/ *************** *** 274,280 **** $lang['Back_to_top'] = 'Back to top'; $lang['Read_profile'] = 'View user\'s profile'; - $lang['Send_email'] = 'Send e-mail to user'; $lang['Visit_website'] = 'Visit poster\'s website'; $lang['ICQ_status'] = 'ICQ Status'; $lang['Edit_delete_post'] = 'Edit/Delete this post'; --- 274,279 ---- *************** *** 367,373 **** $lang['Attach_signature'] = 'Attach signature (signatures can be changed in profile)'; $lang['Notify'] = 'Notify me when a reply is posted'; - $lang['Delete_post'] = 'Delete this post'; $lang['Stored'] = 'Your message has been entered successfully.'; $lang['Deleted'] = 'Your message has been deleted successfully.'; --- 366,371 ---- *************** *** 527,536 **** $lang['Location'] = 'Location'; $lang['Contact'] = 'Contact'; $lang['Email_address'] = 'E-mail address'; - $lang['Email'] = 'E-mail'; $lang['Send_private_message'] = 'Send private message'; $lang['Hidden_email'] = '[ Hidden ]'; - $lang['Search_user_posts'] = 'Search for posts by this user'; $lang['Interests'] = 'Interests'; $lang['Occupation'] = 'Occupation'; $lang['Poster_rank'] = 'Poster rank'; --- 525,532 ---- *************** *** 604,610 **** $lang['Password_mismatch'] = 'The passwords you entered did not match.'; $lang['Current_password_mismatch'] = 'The current password you supplied does not match that stored in the database.'; $lang['Password_long'] = 'Your password must be no more than 32 characters.'; - $lang['Too_many_registers'] = 'You have made too many registration attempts. Please try again later.'; $lang['Username_taken'] = 'Sorry, but this username has already been taken.'; $lang['Username_invalid'] = 'Sorry, but this username contains an invalid character such as \'.'; $lang['Username_disallowed'] = 'Sorry, but this username has been disallowed.'; --- 600,605 ---- *************** *** 789,794 **** --- 784,790 ---- $lang['No_search_match'] = 'No topics or posts met your search criteria'; $lang['Found_search_match'] = 'Search found %d match'; // eg. Search found 1 match $lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches + $lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.'; $lang['Close_window'] = 'Close Window'; *************** *** 1018,1023 **** --- 1014,1023 ---- $lang['An_error_occured'] = 'An Error Occurred'; $lang['A_critical_error'] = 'A Critical Error Occurred'; + $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.'; + $lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.'; + $lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted'; + // // That's all, Folks! // ------------------------------------------------- diff -crN phpbb208/login.php phpbb2020/login.php *** phpbb208/login.php Sat Jul 10 20:16:27 2004 --- phpbb2020/login.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.15 2004/03/18 18:15:51 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.23 2006/01/13 20:10:02 grahamje Exp $ * * ***************************************************************************/ *************** *** 52,65 **** if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) { ! $username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : ''; ! $username = substr(str_replace("\\'", "'", $username), 0, 25); ! $username = str_replace("'", "\\'", $username); $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql)) ) --- 52,63 ---- if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) ) { ! $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql)) ) *************** *** 75,85 **** } else { if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin); if( $session_id ) { --- 73,101 ---- } else { + // If the last login is more than x minutes ago, then reset the login tries/time + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) + { + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); + $row['user_last_login_try'] = $row['user_login_tries'] = 0; + } + + // Check to see if user is allowed to login again... if his tries are exceeded + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && + $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); + } + if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; ! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); ! ! // Reset login tries ! $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); if( $session_id ) { *************** *** 91,101 **** message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } ! else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); $template->assign_vars(array( 'META' => "") ); --- 107,132 ---- message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } ! // Only store a failed login attempt for an active user - inactive users can't login even with a correct password ! elseif( $row['user_active'] ) { + // Save login tries and last login + if ($row['user_id'] != ANONYMOUS) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + } + $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); + if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + $template->assign_vars(array( 'META' => "") ); *************** *** 111,116 **** --- 142,152 ---- $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); + if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + $template->assign_vars(array( 'META' => "") ); *************** *** 122,127 **** --- 158,169 ---- } else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(GENERAL_ERROR, 'Invalid_session'); + } + if( $userdata['session_logged_in'] ) { session_end($userdata['session_id'], $userdata['user_id']); *************** *** 150,156 **** // Do a full login page dohickey if // user not already logged in // ! if( !$userdata['session_logged_in'] ) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); --- 192,198 ---- // Do a full login page dohickey if // user not already logged in // ! if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN)) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); *************** *** 159,164 **** --- 201,208 ---- 'body' => 'login_body.tpl') ); + $forward_page = ''; + if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; *************** *** 170,177 **** if(count($forward_match) > 1) { - $forward_page = ''; - for($i = 1; $i < count($forward_match); $i++) { if( !ereg("sid=", $forward_match[$i]) ) --- 214,219 ---- *************** *** 191,210 **** } } } - else - { - $forward_page = ''; - } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), --- 233,249 ---- } } } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; + $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : ''; ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), diff -crN phpbb208/memberlist.php phpbb2020/memberlist.php *** phpbb208/memberlist.php Sat Jul 10 20:16:27 2004 --- phpbb2020/memberlist.php Wed Apr 5 18:53:37 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: memberlist.php,v 1.36.2.9 2004/03/01 15:56:52 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: memberlist.php,v 1.36.2.12 2006/02/07 20:42:51 grahamje Exp $ * ***************************************************************************/ *************** *** 61,67 **** // Memberlist sorting // $mode_types_text = array($lang['Sort_Joined'], $lang['Sort_Username'], $lang['Sort_Location'], $lang['Sort_Posts'], $lang['Sort_Email'], $lang['Sort_Website'], $lang['Sort_Top_Ten']); ! $mode_types = array('joindate', 'username', 'location', 'posts', 'email', 'website', 'topten'); $select_sort_mode = ''; for($i = 0; $i < count($mode_types_text); $i++) *************** *** 228,241 **** $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars('memberrow', array( ! 'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ), 'ROW_COLOR' => '#' . $row_color, 'ROW_CLASS' => $row_class, 'USERNAME' => $username, --- 228,241 ---- $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $username) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $username) . ''; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars('memberrow', array( ! 'ROW_NUMBER' => $i + ( $start + 1 ), 'ROW_COLOR' => '#' . $row_color, 'ROW_CLASS' => $row_class, 'USERNAME' => $username, diff -crN phpbb208/modcp.php phpbb2020/modcp.php *** phpbb208/modcp.php Sat Jul 10 20:16:27 2004 --- phpbb2020/modcp.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.23 2004/03/13 15:08:22 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.28 2006/01/20 19:50:27 grahamje Exp $ * ***************************************************************************/ *************** *** 131,136 **** --- 131,141 ---- } $topic_row = $db->sql_fetchrow($result); + if (!$topic_row) + { + message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); + } + $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_id = $topic_row['forum_id']; $forum_name = $topic_row['forum_name']; *************** *** 146,151 **** --- 151,161 ---- } $topic_row = $db->sql_fetchrow($result); + if (!$topic_row) + { + message_die(GENERAL_MESSAGE, 'Forum_not_exist'); + } + $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_name = $topic_row['forum_name']; } *************** *** 212,218 **** case 'delete': if (!$is_auth['auth_delete']) { ! message_die(MESSAGE, sprintf($lang['Sorry_auth_delete'], $is_auth['auth_delete_type'])); } $page_title = $lang['Mod_CP']; --- 222,228 ---- case 'delete': if (!$is_auth['auth_delete']) { ! message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_auth_delete'], $is_auth['auth_delete_type'])); } $page_title = $lang['Mod_CP']; *************** *** 220,225 **** --- 230,240 ---- if ( $confirm ) { + if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + include($phpbb_root_path . 'includes/functions_search.'.$phpEx); $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); *************** *** 246,251 **** --- 261,271 ---- } $db->sql_freeresult($result); + if ( $topic_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT poster_id, COUNT(post_id) AS posts FROM " . POSTS_TABLE . " WHERE topic_id IN ($topic_id_sql) *************** *** 453,458 **** --- 473,492 ---- $new_forum_id = intval($HTTP_POST_VARS['new_forum']); $old_forum_id = $forum_id; + $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $new_forum_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); + } + + if (!$db->sql_fetchrow($result)) + { + message_die(GENERAL_MESSAGE, 'New forum does not exist'); + } + + $db->sql_freeresult($result); + if ( $new_forum_id != $old_forum_id ) { $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); *************** *** 713,718 **** --- 747,757 ---- } $db->sql_freeresult($result); + if ($post_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql) *************** *** 746,751 **** --- 785,804 ---- $new_forum_id = intval($HTTP_POST_VARS['new_forum_id']); $topic_time = time(); + $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $new_forum_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); + } + + if (!$db->sql_fetchrow($result)) + { + message_die(GENERAL_MESSAGE, 'New forum does not exist'); + } + + $db->sql_freeresult($result); + $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type) VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")"; if (!($db->sql_query($sql, BEGIN_TRANSACTION))) *************** *** 841,850 **** 'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id)) ); for($i = 0; $i < $total_posts; $i++) { $post_id = $postrow[$i]['post_id']; ! $poster_id = $postrow[$i]['user_id']; $poster = $postrow[$i]['username']; $post_date = create_date($board_config['default_dateformat'], $postrow[$i]['post_time'], $board_config['board_timezone']); --- 894,910 ---- 'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id)) ); + // + // Define censored word matches + // + $orig_word = array(); + $replacement_word = array(); + obtain_word_list($orig_word, $replacement_word); + for($i = 0; $i < $total_posts; $i++) { $post_id = $postrow[$i]['post_id']; ! $poster_id = $postrow[$i]['poster_id']; $poster = $postrow[$i]['username']; $post_date = create_date($board_config['default_dateformat'], $postrow[$i]['post_time'], $board_config['board_timezone']); *************** *** 870,882 **** $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); } - // - // Define censored word matches - // - $orig_word = array(); - $replacement_word = array(); - obtain_word_list($orig_word, $replacement_word); - if ( count($orig_word) ) { $post_subject = preg_replace($orig_word, $replacement_word, $post_subject); --- 930,935 ---- *************** *** 949,955 **** } $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post; $poster_id = $post_row['poster_id']; --- 1002,1008 ---- } $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post; $poster_id = $post_row['poster_id']; *************** *** 995,1001 **** } $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; --- 1048,1054 ---- } $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; *************** *** 1047,1053 **** 'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username), 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"), ! 'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=topics")) ); $i++; --- 1100,1106 ---- 'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username), 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"), ! 'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . (($id == ANONYMOUS) ? 'Anonymous' : urlencode($username)) . "&showresults=topics")) ); $i++; diff -crN phpbb208/posting.php phpbb2020/posting.php *** phpbb208/posting.php Sat Jul 10 20:16:27 2004 --- phpbb2020/posting.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.21 2004/03/13 15:08:22 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.28 2006/01/28 14:56:51 grahamje Exp $ * * ***************************************************************************/ *************** *** 30,36 **** // // Check and set various parameters // ! $params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode'); while( list($var, $param) = @each($params) ) { if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) --- 30,36 ---- // // Check and set various parameters // ! $params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode'); while( list($var, $param) = @each($params) ) { if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) *************** *** 43,48 **** --- 43,50 ---- } } + $confirm = isset($HTTP_POST_VARS['confirm']) ? true : false; + $params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL); while( list($var, $param) = @each($params) ) { *************** *** 57,67 **** --- 59,71 ---- } $refresh = $preview || $poll_add || $poll_edit || $poll_delete; + $orig_word = $replacement_word = array(); // // Set topic type // $topic_type = ( !empty($HTTP_POST_VARS['topictype']) ) ? intval($HTTP_POST_VARS['topictype']) : POST_NORMAL; + $topic_type = ( in_array($topic_type, array(POST_NORMAL, POST_STICKY, POST_ANNOUNCE)) ) ? $topic_type : POST_NORMAL; // // If the mode is set to topic review then output *************** *** 187,193 **** message_die(GENERAL_MESSAGE, $lang['No_topic_id']); } ! $sql = "SELECT f.*, t.topic_status, t.topic_title FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t WHERE t.topic_id = $topic_id AND f.forum_id = t.forum_id"; --- 191,197 ---- message_die(GENERAL_MESSAGE, $lang['No_topic_id']); } ! $sql = "SELECT f.*, t.topic_status, t.topic_title, t.topic_type FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t WHERE t.topic_id = $topic_id AND f.forum_id = t.forum_id"; *************** *** 202,208 **** message_die(GENERAL_MESSAGE, $lang['No_post_id']); } ! $select_sql = ( !$submit ) ? ", t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig" : ''; $from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : ''; $where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : ''; --- 206,212 ---- message_die(GENERAL_MESSAGE, $lang['No_post_id']); } ! $select_sql = (!$submit) ? ', t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid' : ''; $from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : ''; $where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : ''; *************** *** 310,321 **** --- 314,333 ---- { $topic_id = $post_info['topic_id']; } + if ( $mode == 'newtopic' ) + { + $post_data['topic_type'] = POST_NORMAL; + } $post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0; $post_data['last_post'] = false; $post_data['has_poll'] = false; $post_data['edit_poll'] = false; } + if ( $mode == 'poll_delete' && !isset($poll_id) ) + { + message_die(GENERAL_MESSAGE, $lang['No_such_post']); + } } else { *************** *** 615,621 **** } else if ( !empty($option_text) ) { ! $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text))); } } } --- 627,633 ---- } else if ( !empty($option_text) ) { ! $poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text))); } } } *************** *** 632,637 **** --- 644,650 ---- else if ( $mode == 'editpost' ) { $user_sig = ( $post_info['user_sig'] != '' && $board_config['allow_sig'] ) ? $post_info['user_sig'] : ''; + $userdata['user_sig_bbcode_uid'] = $post_info['user_sig_bbcode_uid']; } if( $preview ) *************** *** 1103,1106 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 1116,1119 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb208/privmsg.php phpbb2020/privmsg.php *** phpbb208/privmsg.php Mon Jul 12 20:46:17 2004 --- phpbb2020/privmsg.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.35 2004/03/28 16:38:51 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.48 2006/03/18 12:33:06 grahamje Exp $ * * ***************************************************************************/ *************** *** 35,42 **** message_die(GENERAL_MESSAGE, 'PM_disabled'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); // // Parameters --- 35,42 ---- message_die(GENERAL_MESSAGE, 'PM_disabled'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); // // Parameters *************** *** 212,218 **** break; case 'savebox': $l_box_name = $lang['Savebox']; ! $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) --- 212,218 ---- break; case 'savebox': $l_box_name = $lang['Savebox']; ! $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) *************** *** 295,301 **** if ( $sent_info = $db->sql_fetchrow($result) ) { ! if ( $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " --- 295,301 ---- if ( $sent_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_sentbox_privmsgs'] && $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs']) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " *************** *** 493,499 **** $profile_img = '' . $lang['Read_profile'] . ''; $profile = '' . $lang['Read_profile'] . ''; ! $temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$poster_id"); $pm_img = '' . $lang['Send_private_message'] . ''; $pm = '' . $lang['Send_private_message'] . ''; --- 493,499 ---- $profile_img = '' . $lang['Read_profile'] . ''; $profile = '' . $lang['Read_profile'] . ''; ! $temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id_from"); $pm_img = '' . $lang['Send_private_message'] . ''; $pm = '' . $lang['Send_private_message'] . ''; *************** *** 537,544 **** $yim = ( $privmsg['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; // // Processing of post --- 537,544 ---- $yim = ( $privmsg['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $username_from) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $username_from) . ''; // // Processing of post *************** *** 563,571 **** // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] ) { ! if ( $user_sig != '' && $privmsg['privmsgs_enable_sig'] && $userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 563,571 ---- // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] || !$userdata['user_allowhtml']) { ! if ( $user_sig != '') { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 698,744 **** } else if ( $confirm ) { ! if ( $delete_all ) { ! switch($folder) { ! case 'inbox': ! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( ! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'outbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'sentbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; ! break; ! case 'savebox': ! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) ! OR ( privmsgs_to_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )"; ! break; ! } ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE $delete_type"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain id list to delete all messages', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row['privmsgs_id']; ! } ! unset($delete_type); } if ( count($mark_list) ) { $delete_sql_id = ''; --- 698,754 ---- } else if ( $confirm ) { ! $delete_sql_id = ''; ! ! if (!$delete_all) { ! for ($i = 0; $i < count($mark_list); $i++) { ! $delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]); ! } ! $delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)"; ! } ! switch($folder) ! { ! case 'inbox': ! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( ! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'outbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'sentbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; ! break; ! case 'savebox': ! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) ! OR ( privmsgs_to_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )"; ! break; ! } ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE $delete_type $delete_sql_id"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql); ! } ! ! $mark_list = array(); ! while ( $row = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row['privmsgs_id']; } + unset($delete_type); + if ( count($mark_list) ) { $delete_sql_id = ''; *************** *** 901,907 **** if ( $saved_info = $db->sql_fetchrow($result) ) { ! if ( $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " --- 911,917 ---- if ( $saved_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_savebox_privmsgs'] && $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " *************** *** 1042,1048 **** $saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " WHERE privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ! OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) "; break; case 'sentbox': --- 1052,1058 ---- $saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " WHERE privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ! OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) "; break; case 'sentbox': *************** *** 1128,1138 **** // } if ( $submit ) { if ( !empty($HTTP_POST_VARS['username']) ) { ! $to_username = $HTTP_POST_VARS['username']; $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active FROM " . USERS_TABLE . " --- 1138,1169 ---- // } + if ($submit && $mode == 'edit') + { + $sql = 'SELECT privmsgs_from_userid + FROM ' . PRIVMSGS_TABLE . ' + WHERE privmsgs_id = ' . (int) $privmsg_id . ' + AND privmsgs_from_userid = ' . $userdata['user_id']; + + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql); + } + + if (!($row = $db->sql_fetchrow($result))) + { + message_die(GENERAL_MESSAGE, $lang['No_such_post']); + } + $db->sql_freeresult($result); + + unset($row); + } + if ( $submit ) { if ( !empty($HTTP_POST_VARS['username']) ) { ! $to_username = phpbb_clean_username($HTTP_POST_VARS['username']); $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active FROM " . USERS_TABLE . " *************** *** 1144,1150 **** $error_msg = $lang['No_such_user']; } ! $to_userdata = $db->sql_fetchrow($result); } else { --- 1175,1185 ---- $error_msg = $lang['No_such_user']; } ! if (!($to_userdata = $db->sql_fetchrow($result))) ! { ! $error = TRUE; ! $error_msg = $lang['No_such_user']; ! } } else { *************** *** 1152,1158 **** $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['No_to_user']; } ! $privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject'])); if ( empty($privmsg_subject) ) { $error = TRUE; --- 1187,1193 ---- $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['No_to_user']; } ! $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); if ( empty($privmsg_subject) ) { $error = TRUE; *************** *** 1212,1218 **** if ( $inbox_info = $db->sql_fetchrow($result) ) { ! if ( $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " --- 1247,1253 ---- if ( $inbox_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_inbox_privmsgs'] && $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs']) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " *************** *** 1274,1280 **** if ( !$db->sql_query($sql, END_TRANSACTION) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info); } if ( $mode != 'edit' ) --- 1309,1315 ---- if ( !$db->sql_query($sql, END_TRANSACTION) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql); } if ( $mode != 'edit' ) *************** *** 1309,1315 **** $emailer->set_subject($lang['Notification_subject']); $emailer->assign_vars(array( ! 'USERNAME' => $to_username, 'SITENAME' => $board_config['sitename'], 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', --- 1344,1350 ---- $emailer->set_subject($lang['Notification_subject']); $emailer->assign_vars(array( ! 'USERNAME' => stripslashes($to_username), 'SITENAME' => $board_config['sitename'], 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', *************** *** 1337,1344 **** // passed to the script, process it a little, do some checks // where neccessary, etc. // ! $to_username = ( isset($HTTP_POST_VARS['username']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['username']))) : ''; ! $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : ''; $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); + $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); $msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); *************** *** 1493,1498 **** --- 1533,1542 ---- $mode = 'reply'; } } + else + { + $privmsg_subject = $privmsg_message = $to_username = ''; + } } // *************** *** 1527,1535 **** // // Finalise processing as per viewtopic // ! if ( !$html_on ) { ! if ( $user_sig != '' || !$userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 1571,1579 ---- // // Finalise processing as per viewtopic // ! if ( !$html_on || !$board_config['allow_html'] || !$userdata['user_allowhtml'] ) { ! if ( $user_sig != '' ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 1702,1713 **** // generate_smilies('inline', PAGE_PRIVMSGS); - $privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject); - $privmsg_subject = str_replace('"', '"', $privmsg_subject); - $template->assign_vars(array( 'SUBJECT' => $privmsg_subject, ! 'USERNAME' => preg_replace($html_entities_match, $html_entities_replace, $to_username), 'MESSAGE' => $privmsg_message, 'HTML_STATUS' => $html_status, 'SMILIES_STATUS' => $smilies_status, --- 1746,1754 ---- // generate_smilies('inline', PAGE_PRIVMSGS); $template->assign_vars(array( 'SUBJECT' => $privmsg_subject, ! 'USERNAME' => $to_username, 'MESSAGE' => $privmsg_message, 'HTML_STATUS' => $html_status, 'SMILIES_STATUS' => $smilies_status, *************** *** 1784,1790 **** 'S_BBCODE_CHECKED' => ( !$bbcode_on ) ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => ( !$smilies_on ) ? ' checked="checked"' : '', 'S_SIGNATURE_CHECKED' => ( $attach_sig ) ? ' checked="checked"' : '', - 'S_NAMES_SELECT' => $user_names_select, 'S_HIDDEN_FORM_FIELDS' => $s_hidden_fields, 'S_POST_ACTION' => append_sid("privmsg.$phpEx"), --- 1825,1830 ---- *************** *** 1852,1858 **** // // New message // ! $post_new_mesg_url = '' . $lang['Post_new_message'] . ''; // // General SQL to obtain messages --- 1892,1898 ---- // // New message // ! $post_new_mesg_url = '' . $lang['Send_a_new_message'] . ''; // // General SQL to obtain messages *************** *** 1932,1939 **** } else { ! $limit_msg_time = ''; ! $post_days = 0; } $sql .= $limit_msg_time . " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $board_config['topics_per_page']; --- 1972,1979 ---- } else { ! $limit_msg_time = $limit_msg_time_total = ''; ! $msg_days = 0; } $sql .= $limit_msg_time . " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $board_config['topics_per_page']; *************** *** 2019,2024 **** --- 2059,2068 ---- break; } } + else + { + $inbox_limit_img_length = $inbox_limit_pct = $l_box_size_status = ''; + } // // Dump vars to template *************** *** 2063,2069 **** 'S_POST_NEW_MSG' => $post_new_mesg_url, 'S_SELECT_MSG_DAYS' => $select_msg_days, ! 'U_POST_NEW_TOPIC' => $post_new_topic_url) ); // --- 2107,2113 ---- 'S_POST_NEW_MSG' => $post_new_mesg_url, 'S_SELECT_MSG_DAYS' => $select_msg_days, ! 'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post")) ); // *************** *** 2152,2155 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 2196,2199 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb208/profile.php phpbb2020/profile.php *** phpbb208/profile.php Sat Jul 10 20:16:27 2004 --- phpbb2020/profile.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: profile.php,v 1.193.2.3 2003/03/02 23:16:17 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: profile.php,v 1.193.2.6 2006/02/26 17:34:50 grahamje Exp $ * * ***************************************************************************/ *************** *** 60,77 **** // function gen_rand_string($hash) { ! $chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); ! ! $max_chars = count($chars) - 1; ! srand( (double) microtime()*1000000); ! ! $rand_str = ''; ! for($i = 0; $i < 8; $i++) ! { ! $rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)]; ! } ! return ( $hash ) ? md5($rand_str) : $rand_str; } // // End page specific functions --- 60,68 ---- // function gen_rand_string($hash) { ! $rand_str = dss_rand(); ! return ( $hash ) ? md5($rand_str) : substr($rand_str, 8); } // // End page specific functions *************** *** 83,88 **** --- 74,80 ---- if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); if ( $mode == 'viewprofile' ) { *************** *** 99,104 **** --- 91,107 ---- include($phpbb_root_path . 'includes/usercp_register.'.$phpEx); exit; } + else if ( $mode == 'confirm' ) + { + // Visual Confirmation + if ( $userdata['session_logged_in'] ) + { + exit; + } + + include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx); + exit; + } else if ( $mode == 'sendpassword' ) { include($phpbb_root_path . 'includes/usercp_sendpasswd.'.$phpEx); diff -crN phpbb208/search.php phpbb2020/search.php *** phpbb208/search.php Sat Jul 10 20:16:27 2004 --- phpbb2020/search.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.12 2004/03/18 18:16:45 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.19 2006/02/05 15:59:48 grahamje Exp $ * * ***************************************************************************/ *************** *** 60,65 **** --- 60,66 ---- if ( isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author'])) { $search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author']; + $search_author = phpbb_clean_username($search_author); } else { *************** *** 108,117 **** --- 109,120 ---- if ( !empty($HTTP_POST_VARS['search_time']) || !empty($HTTP_GET_VARS['search_time'])) { $search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 ); + $topic_days = (!empty($HTTP_POST_VARS['search_time'])) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']); } else { $search_time = 0; + $topic_days = 0; } $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; *************** *** 150,161 **** --- 153,183 ---- // // Search ID Limiter, decrease this value if you experience further timeout problems with searching forums $limiter = 5000; + $current_time = time(); // // Cycle through options ... // if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' ) { + // + // Flood control + // + $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id']; + $sql = 'SELECT MAX(sr.search_time) AS last_search_time + FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se + WHERE sr.session_id = se.session_id + AND $where_sql"; + if ($result = $db->sql_query($sql)) + { + if ($row = $db->sql_fetchrow($result)) + { + if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval'])) + { + message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']); + } + } + } if ( $search_id == 'newposts' || $search_id == 'egosearch' || ( $search_author != '' && $search_keywords == '' ) ) { if ( $search_id == 'newposts' ) *************** *** 195,201 **** else { $search_author = str_replace('*', '%', trim($search_author)); ! $sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'"; --- 217,228 ---- else { $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) ) ! { ! $search_author = ''; ! } ! $sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'"; *************** *** 249,255 **** $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/search_synonyms.txt'); $split_search = array(); ! $split_search = ( !strstr($multibyte_charset, $lang['ENCODING']) ) ? split_words(clean_words('search', stripslashes($search_keywords), $stopword_array, $synonym_array), 'search') : split(' ', $search_keywords); $search_msg_only = ( !$search_fields ) ? "AND m.title_match = 0" : ( ( strstr($multibyte_charset, $lang['ENCODING']) ) ? '' : '' ); --- 276,284 ---- $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/search_synonyms.txt'); $split_search = array(); ! $stripped_keywords = stripslashes($search_keywords); ! $split_search = ( !strstr($multibyte_charset, $lang['ENCODING']) ) ? split_words(clean_words('search', $stripped_keywords, $stopword_array, $synonym_array), 'search') : split(' ', $search_keywords); ! unset($stripped_keywords); $search_msg_only = ( !$search_fields ) ? "AND m.title_match = 0" : ( ( strstr($multibyte_charset, $lang['ENCODING']) ) ? '' : '' ); *************** *** 261,266 **** --- 290,301 ---- for($i = 0; $i < count($split_search); $i++) { + if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i])))) + { + $split_search[$i] = ''; + continue; + } + switch ( $split_search[$i] ) { case 'and': *************** *** 404,410 **** // if ( $search_author != '' ) { ! $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author))); } if ( $total_match_count ) --- 439,450 ---- // if ( $search_author != '' ) { ! $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) ) ! { ! $search_author = ''; ! } } if ( $total_match_count ) *************** *** 608,635 **** } // ! // Finish building query (for all combinations) ! // and run it ... // ! $sql = "SELECT session_id ! FROM " . SESSIONS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! $delete_search_ids = array(); ! while( $row = $db->sql_fetchrow($result) ) ! { ! $delete_search_ids[] = "'" . $row['session_id'] . "'"; ! } ! ! if ( count($delete_search_ids) ) ! { ! $sql = "DELETE FROM " . SEARCH_TABLE . " ! WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")"; ! if ( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); ! } ! } } // --- 648,660 ---- } // ! // Delete old data from the search result table // ! $sql = 'DELETE FROM ' . SEARCH_TABLE . ' ! WHERE search_time < ' . ($current_time - (int) $board_config['session_length']); ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); } // *************** *** 670,681 **** $search_id = mt_rand(); $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql); --- 695,706 ---- $search_id = mt_rand(); $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql); *************** *** 1282,1288 **** $sql = "SELECT c.cat_title, c.cat_id, f.forum_name, f.forum_id FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_id, f.forum_order"; $result = $db->sql_query($sql); if ( !$result ) { --- 1307,1313 ---- $sql = "SELECT c.cat_title, c.cat_id, f.forum_name, f.forum_id FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order"; $result = $db->sql_query($sql); if ( !$result ) { diff -crN phpbb208/templates/subSilver/admin/board_config_body.tpl phpbb2020/templates/subSilver/admin/board_config_body.tpl *** phpbb208/templates/subSilver/admin/board_config_body.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/templates/subSilver/admin/board_config_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 36,41 **** --- 36,53 ---- {L_NONE}   {L_USER}   {L_ADMIN} + {L_VISUAL_CONFIRM}
{L_VISUAL_CONFIRM_EXPLAIN} + {L_YES}   {L_NO} + + + {L_ALLOW_AUTOLOGIN}
{L_ALLOW_AUTOLOGIN_EXPLAIN} + {L_YES}   {L_NO} + + + {L_AUTOLOGIN_TIME}
{L_AUTOLOGIN_TIME_EXPLAIN} + + + {L_BOARD_EMAIL_FORM}
{L_BOARD_EMAIL_FORM_EXPLAIN} {L_ENABLED}   {L_DISABLED} *************** *** 44,49 **** --- 56,73 ---- + {L_SEARCH_FLOOD_INTERVAL}
{L_SEARCH_FLOOD_INTERVAL_EXPLAIN} + + + + {L_MAX_LOGIN_ATTEMPTS}
{L_MAX_LOGIN_ATTEMPTS_EXPLAIN} + + + + {L_LOGIN_RESET_TIME}
{L_LOGIN_RESET_TIME_EXPLAIN} + + + {L_TOPICS_PER_PAGE} diff -crN phpbb208/templates/subSilver/admin/confirm_body.tpl phpbb2020/templates/subSilver/admin/confirm_body.tpl *** phpbb208/templates/subSilver/admin/confirm_body.tpl Thu Jan 1 01:00:00 1970 --- phpbb2020/templates/subSilver/admin/confirm_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 0 **** --- 1,11 ---- + + + + + + + + +
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
+ +
diff -crN phpbb208/templates/subSilver/admin/forum_admin_body.tpl phpbb2020/templates/subSilver/admin/forum_admin_body.tpl *** phpbb208/templates/subSilver/admin/forum_admin_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/admin/forum_admin_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 13,19 **** {L_EDIT} {L_DELETE} {L_MOVE_UP} {L_MOVE_DOWN} !   --- 13,19 ---- {L_EDIT} {L_DELETE} {L_MOVE_UP} {L_MOVE_DOWN} !   diff -crN phpbb208/templates/subSilver/admin/index_body.tpl phpbb2020/templates/subSilver/admin/index_body.tpl *** phpbb208/templates/subSilver/admin/index_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/admin/index_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 43,48 **** --- 43,55 ---- {GZIP_COMPRESSION} + +

{L_VERSION_INFORMATION}

+ + {VERSION_INFO} + +
+

{L_WHO_IS_ONLINE}

diff -crN phpbb208/templates/subSilver/admin/index_frameset.tpl phpbb2020/templates/subSilver/admin/index_frameset.tpl *** phpbb208/templates/subSilver/admin/index_frameset.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/templates/subSilver/admin/index_frameset.tpl Wed Apr 5 18:53:37 2006 *************** *** 1,4 **** ! phpBB Administration --- 1,4 ---- ! phpBB Administration diff -crN phpbb208/templates/subSilver/admin/page_header.tpl phpbb2020/templates/subSilver/admin/page_header.tpl *** phpbb208/templates/subSilver/admin/page_header.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/templates/subSilver/admin/page_header.tpl Wed Apr 5 18:53:37 2006 *************** *** 1,5 **** ! {META} --- 1,5 ---- ! {META} diff -crN phpbb208/templates/subSilver/admin/styles_addnew_body.tpl phpbb2020/templates/subSilver/admin/styles_addnew_body.tpl *** phpbb208/templates/subSilver/admin/styles_addnew_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/admin/styles_addnew_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 1,7 ****

{L_STYLES_TITLE}

!

{L_STYLES_ADD_TEXT}

--- 1,7 ----

{L_STYLES_TITLE}

!

{L_STYLES_ADD_TEXT}

*************** *** 16,19 **** !
{L_INSTALL}
--- 16,19 ---- {L_INSTALL} ! diff -crN phpbb208/templates/subSilver/admin/styles_edit_body.tpl phpbb2020/templates/subSilver/admin/styles_edit_body.tpl *** phpbb208/templates/subSilver/admin/styles_edit_body.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/templates/subSilver/admin/styles_edit_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 21,27 **** {L_SIMPLE_NAME} ! {L_STYLESHEET}:
Filename for CSS stylesheet to use for this theme.   --- 21,27 ---- {L_SIMPLE_NAME} ! {L_STYLESHEET}:
{L_STYLESHEET_EXPLAIN}   diff -crN phpbb208/templates/subSilver/admin/styles_list_body.tpl phpbb2020/templates/subSilver/admin/styles_list_body.tpl *** phpbb208/templates/subSilver/admin/styles_list_body.tpl Sat Jul 10 20:16:27 2004 --- phpbb2020/templates/subSilver/admin/styles_list_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 1,7 ****

{L_STYLES_TITLE}

!

{L_STYLES_TEXT}

--- 1,7 ----

{L_STYLES_TITLE}

!

{L_STYLES_TEXT}

*************** *** 18,21 **** !
{L_DELETE}
--- 18,21 ---- {L_DELETE} ! diff -crN phpbb208/templates/subSilver/admin/user_edit_body.tpl phpbb2020/templates/subSilver/admin/user_edit_body.tpl *** phpbb208/templates/subSilver/admin/user_edit_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/admin/user_edit_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 236,242 **** {L_UPLOAD_AVATAR_URL} ! --- 236,242 ---- {L_UPLOAD_AVATAR_URL} ! *************** *** 244,250 **** {L_LINK_REMOTE_AVATAR} ! --- 244,250 ---- {L_LINK_REMOTE_AVATAR} ! diff -crN phpbb208/templates/subSilver/bbcode.tpl phpbb2020/templates/subSilver/bbcode.tpl *** phpbb208/templates/subSilver/bbcode.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/bbcode.tpl Wed Apr 5 18:53:37 2006 *************** *** 57,60 **** {DESCRIPTION} ! {EMAIL} --- 57,60 ---- {DESCRIPTION} ! {EMAIL} diff -crN phpbb208/templates/subSilver/confirm_body.tpl phpbb2020/templates/subSilver/confirm_body.tpl *** phpbb208/templates/subSilver/confirm_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/confirm_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 7,13 **** ! --- 7,13 ----
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
! diff -crN phpbb208/templates/subSilver/faq_body.tpl phpbb2020/templates/subSilver/faq_body.tpl *** phpbb208/templates/subSilver/faq_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/faq_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 34,40 **** ! --- 34,40 ---- ! diff -crN phpbb208/templates/subSilver/groupcp_info_body.tpl phpbb2020/templates/subSilver/groupcp_info_body.tpl *** phpbb208/templates/subSilver/groupcp_info_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/groupcp_info_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 33,39 **** !
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
{faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP}
{faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP}
{L_GROUP_TYPE}: {L_GROUP_OPEN}    {L_GROUP_CLOSED}    {L_GROUP_HIDDEN}   
--- 33,39 ---- {L_GROUP_TYPE}: ! {L_GROUP_OPEN}    {L_GROUP_CLOSED}    {L_GROUP_HIDDEN}    *************** *** 99,106 **** ! ! --- 99,106 ---- ! ! diff -crN phpbb208/templates/subSilver/index_body.tpl phpbb2020/templates/subSilver/index_body.tpl *** phpbb208/templates/subSilver/index_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/index_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 41,47 **** !
{L_MARK_FORUMS_READ} {S_TIMEZONE}
--- 41,51 ---- !
! ! {L_MARK_FORUMS_READ} ! ! {S_TIMEZONE}
*************** *** 77,84 **** --- 81,90 ----    {L_PASSWORD}: +      {L_AUTO_LOGIN} +     diff -crN phpbb208/templates/subSilver/login_body.tpl phpbb2020/templates/subSilver/login_body.tpl *** phpbb208/templates/subSilver/login_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/login_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 19,36 **** {L_USERNAME}: ! {L_PASSWORD}: ! {L_AUTO_LOGIN}: {S_HIDDEN_FIELDS} --- 19,38 ---- {L_USERNAME}: ! {L_PASSWORD}: ! + {L_AUTO_LOGIN}: + {S_HIDDEN_FIELDS} diff -crN phpbb208/templates/subSilver/overall_footer.tpl phpbb2020/templates/subSilver/overall_footer.tpl *** phpbb208/templates/subSilver/overall_footer.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/overall_footer.tpl Wed Apr 5 18:53:37 2006 *************** *** 4,16 **** We request you retain the full copyright notice below including the link to www.phpbb.com. This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of phpBB 2.0. If you cannot (for good ! reason) retain the full copyright we request you at least leave in place the ! Powered by phpBB {PHPBB_VERSION} line, with phpBB linked to www.phpbb.com. If you refuse ! to include even this then support on our forums may be affected. The phpBB Group : 2002 // --> ! Powered by phpBB {PHPBB_VERSION} © 2001, 2002 phpBB Group
{TRANSLATION_INFO} --- 4,16 ---- We request you retain the full copyright notice below including the link to www.phpbb.com. This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of phpBB 2.0. If you cannot (for good ! reason) retain the full copyright we request you at least leave in place the ! Powered by phpBB line, with phpBB linked to www.phpbb.com. If you refuse ! to include even this then support on our forums may be affected. The phpBB Group : 2002 // --> ! Powered by phpBB © 2001, 2005 phpBB Group
{TRANSLATION_INFO} diff -crN phpbb208/templates/subSilver/overall_header.tpl phpbb2020/templates/subSilver/overall_header.tpl *** phpbb208/templates/subSilver/overall_header.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/overall_header.tpl Wed Apr 5 18:53:37 2006 *************** *** 232,242 **** {SITENAME}
{SITE_DESCRIPTION}
  ! --- 232,242 ----
 {L_FAQ}{L_FAQ}   {L_SEARCH}{L_SEARCH}   {L_MEMBERLIST}{L_MEMBERLIST}   {L_USERGROUPS}{L_USERGROUPS}  !  {L_REGISTER}{L_REGISTER}  !
 {L_PROFILE}{L_PROFILE}   {PRIVATE_MESSAGE_INFO}{PRIVATE_MESSAGE_INFO}   {L_LOGIN_LOGOUT}{L_LOGIN_LOGOUT} {SITENAME}
{SITE_DESCRIPTION}
  ! diff -crN phpbb208/templates/subSilver/profile_add_body.tpl phpbb2020/templates/subSilver/profile_add_body.tpl *** phpbb208/templates/subSilver/profile_add_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/profile_add_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 77,131 **** --- 77,131 ---- diff -crN phpbb208/templates/subSilver/search_body.tpl phpbb2020/templates/subSilver/search_body.tpl *** phpbb208/templates/subSilver/search_body.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/search_body.tpl Wed Apr 5 18:53:37 2006 *************** *** 31,37 **** ! --- 31,37 ---- ! diff -crN phpbb208/templates/subSilver/search_results_posts.tpl phpbb2020/templates/subSilver/search_results_posts.tpl *** phpbb208/templates/subSilver/search_results_posts.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/search_results_posts.tpl Wed Apr 5 18:53:37 2006 *************** *** 18,24 **** ! !
 {L_FAQ}{L_FAQ}   {L_SEARCH}{L_SEARCH}   {L_MEMBERLIST}{L_MEMBERLIST}   {L_USERGROUPS}{L_USERGROUPS}  !  {L_REGISTER}{L_REGISTER}  !
 {L_PROFILE}{L_PROFILE}   {PRIVATE_MESSAGE_INFO}{PRIVATE_MESSAGE_INFO}   {L_LOGIN_LOGOUT}{L_LOGIN_LOGOUT} 
{L_ICQ_NUMBER}: !
{L_AIM}: !
{L_MESSENGER}: !
{L_YAHOO}: !
{L_WEBSITE}: !
{L_LOCATION}: !
{L_OCCUPATION}: !
{L_INTERESTS}: !
{L_SIGNATURE}:
{L_SIGNATURE_EXPLAIN}

{HTML_STATUS}
{BBCODE_STATUS}
{SMILIES_STATUS}		 !
{L_ICQ_NUMBER}: !
{L_AIM}: !
{L_MESSENGER}: !
{L_YAHOO}: !
{L_WEBSITE}: !
{L_LOCATION}: !
{L_OCCUPATION}: !
{L_INTERESTS}: !
{L_SIGNATURE}:
{L_SIGNATURE_EXPLAIN}

{HTML_STATUS}
{BBCODE_STATUS}
{SMILIES_STATUS}		 !
{L_SORT_BY}: 
{L_SORT_ASCENDING}
{L_SORT_DESCENDING} 
{L_DISPLAY_RESULTS}:  {L_SORT_BY}: 
{L_SORT_ASCENDING}
{L_SORT_DESCENDING} 
{L_DISPLAY_RESULTS}: 
  {L_TOPIC}: {searchresults.TOPIC_TITLE}
{searchresults.POSTER_NAME}
--- 18,24 ----
  {L_TOPIC}: {searchresults.TOPIC_TITLE}
{searchresults.POSTER_NAME}
diff -crN phpbb208/templates/subSilver/simple_footer.tpl phpbb2020/templates/subSilver/simple_footer.tpl *** phpbb208/templates/subSilver/simple_footer.tpl Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/simple_footer.tpl Wed Apr 5 18:53:37 2006 *************** *** 5,16 **** This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of phpBB 2.0. If you cannot (for good reason) retain the full copyright we request you at least leave in place the ! Powered by phpBB {PHPBB_VERSION} line, with phpBB linked to www.phpbb.com. If you refuse to include even this then support on our forums may be affected. The phpBB Group : 2002 // --> ! Powered by phpBB {PHPBB_VERSION} © 2001,2002 phpBB Group
--- 5,16 ---- This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of phpBB 2.0. If you cannot (for good reason) retain the full copyright we request you at least leave in place the ! Powered by phpBB line, with phpBB linked to www.phpbb.com. If you refuse to include even this then support on our forums may be affected. The phpBB Group : 2002 // --> ! Powered by phpBB © 2001, 2005 phpBB Group
diff -crN phpbb208/templates/subSilver/subSilver.cfg phpbb2020/templates/subSilver/subSilver.cfg *** phpbb208/templates/subSilver/subSilver.cfg Sat Jul 10 20:16:28 2004 --- phpbb2020/templates/subSilver/subSilver.cfg Wed Apr 5 18:53:37 2006 *************** *** 8,14 **** // // ** subSilver dev. forum: www.subSky.com/phpBB2/ ** // ! // $Id: subSilver.cfg,v 1.11 2002/02/04 18:31:15 psotfx Exp $ // // Please note that to enable support of different languages // the {LANG} place holder is available. This will be replaced --- 8,14 ---- // // ** subSilver dev. forum: www.subSky.com/phpBB2/ ** // ! // $Id: subSilver.cfg,v 1.11.2.1 2005/10/08 19:41:31 grahamje Exp $ // // Please note that to enable support of different languages // the {LANG} place holder is available. This will be replaced *************** *** 77,83 **** $images['pm_new_msg'] = ""; $images['pm_no_new_msg'] = ""; ! $images['topic_watch'] = ""; $images['topic_un_watch'] = ""; $images['topic_mod_lock'] = "$current_template_images/topic_lock.gif"; $images['topic_mod_unlock'] = "$current_template_images/topic_unlock.gif"; --- 77,83 ---- $images['pm_new_msg'] = ""; $images['pm_no_new_msg'] = ""; ! $images['Topic_watch'] = ""; $images['topic_un_watch'] = ""; $images['topic_mod_lock'] = "$current_template_images/topic_lock.gif"; $images['topic_mod_unlock'] = "$current_template_images/topic_unlock.gif"; diff -crN phpbb208/viewonline.php phpbb2020/viewonline.php *** phpbb208/viewonline.php Sat Jul 10 20:16:27 2004 --- phpbb2020/viewonline.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewonline.php,v 1.54.2.2 2002/12/02 10:53:42 bartvb Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewonline.php,v 1.54.2.4 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 46,52 **** make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( ! 'L_WHOSONLINE' => $lang['Who_is_online'], 'L_ONLINE_EXPLAIN' => $lang['Online_explain'], 'L_USERNAME' => $lang['Username'], 'L_FORUM_LOCATION' => $lang['Forum_Location'], --- 46,52 ---- make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( ! 'L_WHOSONLINE' => $lang['Who_is_Online'], 'L_ONLINE_EXPLAIN' => $lang['Online_explain'], 'L_USERNAME' => $lang['Username'], 'L_FORUM_LOCATION' => $lang['Forum_Location'], *************** *** 286,289 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 286,289 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb208/viewtopic.php phpbb2020/viewtopic.php *** phpbb208/viewtopic.php Sat Jul 10 20:16:27 2004 --- phpbb2020/viewtopic.php Wed Apr 5 18:53:38 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.35 2004/03/13 15:08:23 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.45 2005/10/05 17:42:04 grahamje Exp $ * * ***************************************************************************/ *************** *** 47,53 **** $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; ! if ( !isset($topic_id) && !isset($post_id) ) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } --- 47,53 ---- $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; ! if (!$topic_id && !$post_id) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } *************** *** 64,69 **** --- 64,74 ---- { $session_id = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : $HTTP_GET_VARS['sid']; + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + if ( $session_id ) { $sql = "SELECT p.post_id *************** *** 109,114 **** --- 114,120 ---- WHERE t2.topic_id = $topic_id AND t.forum_id = t2.forum_id + AND t.topic_moved_id = 0 AND t.topic_last_post_id $sql_condition t2.topic_last_post_id ORDER BY t.topic_last_post_id $sql_ordering LIMIT 1"; *************** *** 134,144 **** // also allows for direct linking to a post (and the calculation of which // page the post is on and the correct display of viewtopic) // ! $join_sql_table = ( empty($post_id) ) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 "; ! $join_sql = ( empty($post_id) ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; ! $count_sql = ( empty($post_id) ) ? '' : ", COUNT(p2.post_id) AS prev_posts"; ! $order_sql = ( empty($post_id) ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " --- 140,150 ---- // also allows for direct linking to a post (and the calculation of which // page the post is on and the correct display of viewtopic) // ! $join_sql_table = (!$post_id) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 "; ! $join_sql = (!$post_id) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; ! $count_sql = (!$post_id) ? '' : ", COUNT(p2.post_id) AS prev_posts"; ! $order_sql = (!$post_id) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " *************** *** 176,183 **** { if ( !$userdata['session_logged_in'] ) { ! $redirect = ( isset($post_id) ) ? POST_POST_URL . "=$post_id" : POST_TOPIC_URL . "=$topic_id"; ! $redirect .= ( isset($start) ) ? "&start=$start" : ''; redirect(append_sid("login.$phpEx?redirect=viewtopic.$phpEx&$redirect", true)); } --- 182,189 ---- { if ( !$userdata['session_logged_in'] ) { ! $redirect = ($post_id) ? POST_POST_URL . "=$post_id" : POST_TOPIC_URL . "=$topic_id"; ! $redirect .= ($start) ? "&start=$start" : ''; redirect(append_sid("login.$phpEx?redirect=viewtopic.$phpEx&$redirect", true)); } *************** *** 194,200 **** $topic_id = intval($forum_topic_data['topic_id']); $topic_time = $forum_topic_data['topic_time']; ! if ( !empty($post_id) ) { $start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']); } --- 200,206 ---- $topic_id = intval($forum_topic_data['topic_id']); $topic_time = $forum_topic_data['topic_time']; ! if ($post_id) { $start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']); } *************** *** 478,495 **** if (isset($HTTP_GET_VARS['highlight'])) { // Split words and phrases ! $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); for($i = 0; $i < sizeof($words); $i++) { if (trim($words[$i]) != '') { ! $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#')); } } unset($words); $highlight = urlencode($HTTP_GET_VARS['highlight']); } // --- 484,502 ---- if (isset($HTTP_GET_VARS['highlight'])) { // Split words and phrases ! $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); for($i = 0; $i < sizeof($words); $i++) { if (trim($words[$i]) != '') { ! $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', preg_quote($words[$i], '#')); } } unset($words); $highlight = urlencode($HTTP_GET_VARS['highlight']); + $highlight_match = phpbb_rtrim($highlight_match, "\\"); } // *************** *** 983,990 **** $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) { --- 990,997 ---- $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) { *************** *** 1043,1051 **** // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] ) { ! if ( $user_sig != '' && $userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 1050,1058 ---- // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] || !$userdata['user_allowhtml']) { ! if ( $user_sig != '' ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 1059,1075 **** // // Parse message and/or sig for BBCode if reqd // ! if ( $board_config['allow_bbcode'] ) { ! if ( $user_sig != '' && $user_sig_bbcode_uid != '' ) ! { ! $user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $user_sig); ! } ! if ( $bbcode_uid != '' ) ! { ! $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); ! } } if ( $user_sig != '' ) --- 1066,1079 ---- // // Parse message and/or sig for BBCode if reqd // ! if ($user_sig != '' && $user_sig_bbcode_uid != '') { ! $user_sig = ($board_config['allow_bbcode']) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace("/\:$user_sig_bbcode_uid/si", '', $user_sig); ! } ! if ($bbcode_uid != '') ! { ! $message = ($board_config['allow_bbcode']) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace("/\:$bbcode_uid/si", '', $message); } if ( $user_sig != '' ) *************** *** 1101,1107 **** { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1)); } // --- 1105,1111 ---- { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1)); } // *************** *** 1113,1122 **** if ($user_sig != '') { ! $user_sig = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $user_sig . '<'), 1, -1)); } ! $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $message . '<'), 1, -1)); } // --- 1117,1126 ---- if ($user_sig != '') { ! $user_sig = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $user_sig . '<'), 1, -1)); } ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $message . '<'), 1, -1)); } // *************** *** 1207,1210 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 1211,1214 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file