Changeset 143
- Timestamp:
- 2008-04-01 08:01:59 (9 months ago)
- Files:
-
- branches/5.0/classes/misc/Format.php (modified) (1 diff)
- branches/5.0/classes/misc/Member.php (modified) (4 diffs)
- branches/5.0/classes/misc/Post.php (modified) (4 diffs)
- branches/5.0/classes/misc/Postform.php (modified) (1 diff)
- branches/5.0/classes/pages/Delete.php (modified) (1 diff)
- branches/5.0/classes/pages/Edit.php (modified) (2 diffs)
- branches/5.0/classes/pages/Lostpassword.php (modified) (1 diff)
- branches/5.0/classes/pages/Mail.php (modified) (1 diff)
- branches/5.0/classes/pages/Messenger.php (modified) (1 diff)
- branches/5.0/classes/pages/Page.php (modified) (2 diffs)
- branches/5.0/classes/pages/Register.php (modified) (3 diffs)
- branches/5.0/classes/pages/Reply.php (modified) (1 diff)
- branches/5.0/classes/pages/Search.php (modified) (2 diffs)
- branches/5.0/classes/pages/Topic.php (modified) (3 diffs)
- branches/5.0/db/mysql.sql (modified) (1 diff)
- branches/5.0/db/sqlite.sql (modified) (1 diff)
- branches/5.0/includes/config/version.php (modified) (1 diff)
- branches/5.0/includes/lang/de.php (modified) (1 diff)
- branches/5.0/includes/lang/en.php (modified) (1 diff)
- branches/5.0/includes/login.php (modified) (1 diff)
- branches/5.0/install.php (modified) (2 diffs)
- branches/5.0/redirectors/pollvote.php (modified) (2 diffs)
- branches/5.0/redirectors/uploadavatar.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/5.0/classes/misc/Format.php
r120 r143 172 172 case '[img]': 173 173 // get image width and height 174 $_img = getimagesize($_cont); 174 if (!$_img = @getimagesize($_cont)) { 175 $_img[0] = 0; 176 $_img[1] = 0; 177 } 175 178 $_attr_close = 'width="' . $_img[0] . '" height="' . $_img[1] . '"'; 176 179 break; branches/5.0/classes/misc/Member.php
r120 r143 315 315 $q = $C->prepare('SELECT COALESCE(COUNT(*), 0) FROM ' . $SETTINGS['dbtableprefix'] . 'posts WHERE poster = :membername AND postedbymember = :one'); 316 316 $q->bindParam(':membername', $this->name, PDO::PARAM_STR); 317 $q->bindValue(':one', 1, PDO::PARAM_INT);317 $q->bindValue(':one', $this->id, PDO::PARAM_INT); 318 318 $q->execute(); 319 319 $this->posts = $q->fetchColumn(); … … 383 383 $today = new DateTime('now', new DateTimeZone('UTC')); 384 384 $diff = strtotime($today->format('Y-m-d')) - strtotime($this->registration); 385 $days = max(1, $diff ) / (60 * 60 * 24);385 $days = max(1, $diff / (60 * 60 * 24)); 386 386 $table->addRow(Array($LANG['Posts'] . ':', $this->posts . ' (' . round($this->posts / $days , 1) . ' ' . $LANG['per_day'] . ')')); 387 387 $table->addRow(Array($LANG['Stage'] . ':', $this->stage)); 388 388 $table->addRow(Array($LANG['Registration'] . ':', $F->datetime($this->registration, TRUE, FALSE))); 389 if ($this->birthday !== '0000-00-00') {389 if ($this->birthday !== NULL && $this->birthday !== '0000-00-00') { 390 390 $table->addRow(Array($LANG['Birthday'] . ':', $F->datetime($this->birthday, TRUE, FALSE))); 391 391 } else { … … 702 702 $row = $q->fetchObject(); 703 703 $q = NULL; 704 if ($row->postedbymember == 1 && $row->poster == $_SESSION['membername']) {704 if ($row->postedbymember >= 1 && $row->poster == $_SESSION['membername']) { 705 705 // it IS the topic starter 706 706 $_permit = TRUE; … … 714 714 $row = $q->fetchObject(); 715 715 $q = NULL; 716 if ($row->postedbymember == 1 && $row->poster == $_SESSION['membername']) {716 if ($row->postedbymember >= 1 && $row->poster == $_SESSION['membername']) { 717 717 // it IS the poster 718 718 $_permit = TRUE; branches/5.0/classes/misc/Post.php
r120 r143 332 332 // in case everything above was ok, proceed 333 333 if ($ok === 1) { 334 if ($postedbymember === 1) {334 if ($postedbymember >= 1) { 335 335 // don't save e-mail address every time for members 336 336 $email = ''; … … 419 419 $q = NULL; 420 420 // recount member's posts if necessary 421 if ($postedbymember == 1) {421 if ($postedbymember >= 1) { 422 422 $_member = new Member($_SESSION['memberid']); 423 423 $_member->recountPosts(); … … 467 467 if ($row2->lang != '') { 468 468 include('includes/lang/' . $row2->lang . '.php'); 469 } else { 470 // receipient has selected 'board default' 471 include('includes/lang/' . $SETTINGS['language'] . '.php'); 469 472 } 473 $_title = Topic::getTitle($reply); 470 474 /* write mail to 'todo' database table to be sent out on one of the subsequent pageviews; 471 475 * this avoids bulk sending which might clobber the system */ … … 473 477 $q->bindParam(':rec', $row2->memberemail, PDO::PARAM_STR); 474 478 $q->bindParam(':subj', $LANG['mail_notification_subject'], PDO::PARAM_STR); 475 $q->bindParam(':body', str_replace(Array('%topictitle%', '%topic%', '%page%'), Array(Topic::getTitle($reply), $reply, $page)), $LANG['mail_notification_body']);479 $q->bindParam(':body', str_replace(Array('%topictitle%', '%topic%', '%page%'), $_title, $reply, $page), $LANG['mail_notification_body'])); 476 480 $q->execute(); 477 481 $q = NULL; branches/5.0/classes/misc/Postform.php
r120 r143 42 42 public function __construct($show_orig, $page = FALSE, $id = FALSE, $subject = FALSE, $quote = '', $subscribed = FALSE) { 43 43 global $SETTINGS, $F, $C, $LANG; 44 // define replacements45 $_rep = Array(46 '&'=>'&',47 '<'=>'<',48 '>'=>'>',49 "'"=>"'",50 '"'=>'"'51 );52 // remove special characters from quote53 $quote = strtr($quote, $_rep);54 44 // form object 55 45 $this->form = new Form($F->link($show_orig).'commit=y', 'postform', 'multipart/form-data'); branches/5.0/classes/pages/Delete.php
r33 r143 74 74 $row = $q->fetchObject(); 75 75 $q = NULL; 76 if ($row->postedbymember == 1) {76 if ($row->postedbymember >= 1) { 77 77 // recount posts of this member 78 78 $_member = new Member($row->poster, TRUE); branches/5.0/classes/pages/Edit.php
r19 r143 52 52 $q2 = NULL; 53 53 $this->title = ' - ' . Category::getName($row2->forum_category) . ' - ' . $row2->forumtitle . ' - ' . $row->topictitle . ' - ' . $LANG['Edit_Post']; 54 $this->location = ' - <a href="' . $F->link('category') . 'id=' . $row2->forum_category . '">' . Category::getName($row2->forum_category) . '</a> - <a href="' . $F->link('forum') . 'id=' . $row->forum . '">' . $row2->forumtitle . '</a> - <a href="' . $F->link('topic') . 'id=' . $row3->topic . '">' . $row->topictitle . '</a> - <a href="' . $F->link(' delete') . 'id=' . $id . '">' . $LANG['Edit_Post'] . '</a>';54 $this->location = ' - <a href="' . $F->link('category') . 'id=' . $row2->forum_category . '">' . Category::getName($row2->forum_category) . '</a> - <a href="' . $F->link('forum') . 'id=' . $row->forum . '">' . $row2->forumtitle . '</a> - <a href="' . $F->link('topic') . 'id=' . $row3->topic . '">' . $row->topictitle . '</a> - <a href="' . $F->link('edit') . 'id=' . $id . '">' . $LANG['Edit_Post'] . '</a>'; 55 55 } 56 56 // call parent constructor (general HTML 'skeleton') … … 63 63 // commit to database 64 64 $q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'posts SET post=:post, edited=:edited, editedby=:by WHERE postid=:id'); 65 $q->bindParam(':post', $F->htmlentities($post ), PDO::PARAM_STR);65 $q->bindParam(':post', $F->htmlentities($post, TRUE), PDO::PARAM_STR); 66 66 $_now = new DateTime('now', new DateTimeZone('UTC')); 67 67 $q->bindParam(':edited', $_now->format('Y-m-d H:i:s'), PDO::PARAM_STR); branches/5.0/classes/pages/Lostpassword.php
r20 r143 57 57 Member::setPassword($row->memberid, $p->get()); 58 58 // send mail 59 @mail($email, $SETTINGS['forumname'] . ' - ' . $LANG['Lost_Password'], str_replace(Array('%membername%', '%password%'), Array($row->membername, $p->get()), $LANG['lost_password_mail']), 'From: ' . $SETTINGS['forumadminemail'] );59 @mail($email, $SETTINGS['forumname'] . ' - ' . $LANG['Lost_Password'], str_replace(Array('%membername%', '%password%'), Array($row->membername, $p->get()), $LANG['lost_password_mail']), 'From: ' . $SETTINGS['forumadminemail'] . "\nContent-Type: text/plain; charset=" . $SETTINGS['encoding'] . "\nMIME-Version: 1.0"); 60 60 $div = $this->html->body->addChild('div', $LANG['new_password_sent']); 61 61 $div->addAttribute('class', 'message'); branches/5.0/classes/pages/Mail.php
r27 r143 63 63 if ($row2->memberemailhidden == '0') { 64 64 // use receipient's language 65 if ($row->lang != '') { 66 include('lang/' . $row->lang . '.php'); 65 if ($row2->lang != '') { 66 include('includes/lang/' . $row2->lang . '.php'); 67 } else { 68 // board default 69 include('includes/lang/' . $SETTINGS['language'] . '.php'); 67 70 } 68 71 // send mail 69 if (@mail($row2->memberemail, $subject, $post . "\n\n-------------\n" . $LANG['mail_sent_through_forum'], 'From: "' . $row->membername . '" <' . $row->memberemail . '>')) {72 if (@mail($row2->memberemail, $subject, $post . "\n\n-------------\n" . $LANG['mail_sent_through_forum'], 'From: "' . $row->membername . '" <' . $row->memberemail . ">\nContent-Type: text/plain; charset=" . $SETTINGS['encoding'] . "\nMIME-Version: 1.0")) { 70 73 // back to user's language 71 include(' lang/' . $language. '.php');74 include('includes/lang/' . $_SESSION['lang'] . '.php'); 72 75 // success message 73 76 $div = $this->html->body->addChild('div', str_replace('%receipient%', $row2->membername, $LANG['mail_sent'])); branches/5.0/classes/pages/Messenger.php
r24 r143 248 248 $q = NULL; 249 249 // format message 250 $title = $F->htmlentities(trim($subject) );251 $post = $F->htmlentities(trim($post) );250 $title = $F->htmlentities(trim($subject), TRUE); 251 $post = $F->htmlentities(trim($post), TRUE); 252 252 // lock table 253 253 @$C->query('LOCK TABLE ' . $SETTINGS['dbtableprefix'] . 'messages WRITE'); branches/5.0/classes/pages/Page.php
r120 r143 382 382 $q = NULL; 383 383 // send it 384 @mail($row->receipient, $row->subject, $row->body, 'From: '.$SETTINGS['forumadminemail'] );384 @mail($row->receipient, $row->subject, $row->body, 'From: '.$SETTINGS['forumadminemail'] . "\nContent-Type: text/plain; charset=" . $SETTINGS['encoding'] . "\nMIME-Version: 1.0"); 385 385 // delete mail from 'to do' list 386 386 $q = $C->prepare('DELETE FROM ' . $SETTINGS['dbtableprefix'] . 'mails WHERE id=:id'); … … 419 419 } 420 420 // add notification script 421 $ this->html->body->addChild('script', "if (confirm('" . str_replace("%count%", $count, $LANG['x_unread_messages']) . "')) { window.location.href = '" . $F->link("messenger") . "action=inbox&s=" . session_id() . "}");421 $script = $this->html->body->addChild('script', "if (confirm('" . str_replace("%count%", $count, $LANG['x_unread_messages']) . "')) { window.location.href = '" . $F->link("messenger") . "action=inbox&s=" . session_id() . "' }"); 422 422 } 423 423 } branches/5.0/classes/pages/Register.php
r35 r143 100 100 * not every db supports this, but usually, it should work without locking, too; there just is the risk of a wrong member id being returned in the second query which is very unlikely - it can only occur on forums with very high traffic */ 101 101 @$C->query('LOCK TABLE ' . $SETTINGS['dbtableprefix'] . 'members WRITE'); 102 $q = $C->prepare('INSERT INTO ' . $SETTINGS['dbtableprefix'] . 'members (membername, memberemail, memberpassword, registered, memberstatus ) VALUES (:user, :email, :pw, :ts, :member)');102 $q = $C->prepare('INSERT INTO ' . $SETTINGS['dbtableprefix'] . 'members (membername, memberemail, memberpassword, registered, memberstatus, memberavatar) VALUES (:user, :email, :pw, :ts, :member, :avatar)'); 103 103 // the actual password will be entered seperately 104 104 $_pw = '*'; … … 110 110 $q->bindParam(':ts', $_t->format('Y-m-d H:i:s'), PDO::PARAM_STR, 19); 111 111 $q->bindParam(':member', $_member, PDO::PARAM_STR, 6); 112 $q->bindValue(':avatar', 'images/spacer.gif', PDO::PARAM_STR); 112 113 $q->execute(); 113 114 $q = NULL; … … 131 132 $q = NULL; 132 133 // send e-mail 133 @mail($email, $SETTINGS['forumname'] . ' - ' . $LANG['Registration'], str_replace('%password%', $p->get(), $LANG['welcome_mail']), 'From: ' . $SETTINGS['forumadminemail'] );134 @mail($email, $SETTINGS['forumname'] . ' - ' . $LANG['Registration'], str_replace('%password%', $p->get(), $LANG['welcome_mail']), 'From: ' . $SETTINGS['forumadminemail'] . "\nContent-Type: text/plain; charset=" . $SETTINGS['encoding'] . "\nMIME-Version: 1.0"); 134 135 $div = $this->html->body->addChild('div', $LANG['registration_success']); 135 136 $div->addAttribute('class', 'message'); branches/5.0/classes/pages/Reply.php
r120 r143 73 73 $row4 = $q->fetchObject(); 74 74 $q = NULL; 75 $_quote_text = '[quote=' . $quote . ']' . $ F->htmlentities($row4->post, TRUE). '[/quote]';75 $_quote_text = '[quote=' . $quote . ']' . $row4->post . '[/quote]'; 76 76 } 77 77 // default: not previously subscribed branches/5.0/classes/pages/Search.php
r36 r143 129 129 $_username = $q->fetchColumn(); 130 130 $q = NULL; 131 $query = 'SELECT p.postid, p.topic, p.poster, p.posttime, p.post, t.topictitle FROM ' . $SETTINGS['dbtableprefix'] . 'posts p, ' . $SETTINGS['dbtableprefix'] . 'topics t WHERE t.topicid=p.topic AND p.poster=:username AND p.postedbymember= 1%cond% ORDER BY p.posttime DESC';131 $query = 'SELECT p.postid, p.topic, p.poster, p.posttime, p.post, t.topictitle FROM ' . $SETTINGS['dbtableprefix'] . 'posts p, ' . $SETTINGS['dbtableprefix'] . 'topics t WHERE t.topicid=p.topic AND p.poster=:username AND p.postedbymember=:memberid %cond% ORDER BY p.posttime DESC'; 132 132 break; 133 133 default: … … 157 157 $q->bindParam(':username', $_username, PDO::PARAM_STR); 158 158 $q2->bindParam(':username', $_username, PDO::PARAM_STR); 159 $q->bindParam(':memberid', $all, PDO::PARAM_INT); 160 $q2->bindParam(':memberid', $all, PDO::PARAM_INT); 159 161 } 160 162 $j = 0; branches/5.0/classes/pages/Topic.php
r71 r143 103 103 $i=0; $voted=0; 104 104 while ($pollvoters[$i] != '') { 105 if ($_SESSION['member name'] == $pollvoters[$i]) {105 if ($_SESSION['memberid'] == $pollvoters[$i]) { 106 106 $voted = 1; 107 107 } … … 234 234 **/ 235 235 public function getTitle($id) { 236 global $C ;236 global $C, $SETTINGS; 237 237 $q = $C->prepare('SELECT topictitle FROM ' . $SETTINGS['dbtableprefix'] . 'topics WHERE topicid=:id'); 238 238 $q->bindParam(':id', $id, PDO::PARAM_INT, 12); … … 242 242 return $_title; 243 243 } else { 244 $q = NULL; 244 245 return FALSE; 245 246 } branches/5.0/db/mysql.sql
r120 r143 79 79 memberemailhidden INTEGER NOT NULL DEFAULT 0, 80 80 memberhomepage VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL, 81 memberavatar VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL DEFAULT 'images/spacer.gif',81 memberavatar VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, 82 82 memberpassword VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, 83 83 memberstatus VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, branches/5.0/db/sqlite.sql
r120 r143 79 79 memberemailhidden INTEGER NOT NULL DEFAULT 0, 80 80 memberhomepage VARCHAR(255) NULL COLLATE NOCASE, 81 memberavatar VARCHAR(255) NOT NULL DEFAULT 'images/spacer.gif',81 memberavatar VARCHAR(255) NOT NULL, 82 82 memberpassword VARCHAR(255) NOT NULL COLLATE BINARY, 83 83 memberstatus VARCHAR(255) NOT NULL COLLATE NOCASE, branches/5.0/includes/config/version.php
r120 r143 28 28 * Also good: Spam Board Viking Edition 1.0 (then, you can do your own version numbering from there) */ 29 29 30 $VERSION = '5.0 RC5';30 $VERSION = '5.0'; 31 31 32 32 ?> branches/5.0/includes/lang/de.php
r120 r143 386 386 $LANG['group_memberships_updated'] = 'Ihre Gruppenmitgliedschaften wurden gespeichert.'; 387 387 $LANG['installer_intro'] = 'Hallo und willkommen zum Spam-Board-Installationsskript! Hiermit installieren sie Version ' . $VERSION . " des Forums.<br /><br />Es werden Ihnen im Folgenden ein paar Fragen gestellt. Sie brauchen sich jedoch nicht darum zu sorgen, etwas falsch zu machen, denn nichts wird tatsächlich durchgeführt, bevor Sie im vorletzten Schritt die Gelegenheit hatten, alle Daten nochmals zu überprüfen. Bitte benutzen Sie nicht die Vor und Zurück-Buttons Ihres Browsers, da dies zu Problemen führen kann. Sollten Sie eventuelle Fehler bemerken, oder sich während des Vorgangs bzgl. einer Angabe umentscheiden, können Sie jederzeit mit Hilfe des entsprechenden Buttons vor vorne beginnen.<br /><br />Diese Einleitungstexte sollten Ihnen die benötigten Hintergrunderklärungen liefern. Sollten Sie weitere Informationen benötigen, könnte Sie der (englische) <a href=\"http://www.spamboard.net/wiki/UsersGuide\" target=\"_blank\">"User's Guide"</a> auf der Spam-Board-Homepage interessieren."; 388 $LANG['installer_permissions'] = "Um zu funktionieren, benötigt das Boardskript Schreibrechte auf bestimmte Verzeichnisse und Dateien. Das Installationsskript kann versuchen, diese Rechte automatisch zu setzen, und wenn Ihr Webserver auf einem UNIX-artigen System läuft, wird das mit größter Wahrscheinlichkeit funktionieren (sofern die UID, unter der der Webserver läuft, der Besitzer der Dateien ist). Sofern Sie jedoch einfach das Releasearchiv von der offiziellen Homepage heruntergeladen, und direkt auf Ihren Webserver entpackt haben, ist dies wahrscheinlich unnötig, da die Rechte bereits korrekt sind. Wenn Sie das Archiv jedoch zuerst auf einem andersartigen System (z.B. Microsoft Windows) entpackt, und die Dateien von dort hochgeladen haben, sind die Rechte verlorengegangen. Wählen Sie die Checkbox an, sofern Sie möchten, dass das Installationsskript für Sie die Rechte wieder setzt. ";388 $LANG['installer_permissions'] = "Um zu funktionieren, benötigt das Boardskript Schreibrechte auf bestimmte Verzeichnisse und Dateien. Das Installationsskript kann versuchen, diese Rechte automatisch zu setzen, und wenn Ihr Webserver auf einem UNIX-artigen System läuft, wird das mit größter Wahrscheinlichkeit funktionieren (sofern die UID, unter der der Webserver läuft, der Besitzer der Dateien ist). Sofern Sie jedoch einfach das Releasearchiv von der offiziellen Homepage heruntergeladen, und direkt auf Ihren Webserver entpackt haben, ist dies wahrscheinlich unnötig, da die Rechte bereits korrekt sind. Wenn Sie das Archiv jedoch zuerst auf einem andersartigen System (z.B. Microsoft Windows) entpackt, und die Dateien von dort hochgeladen haben, sind die Rechte verlorengegangen. Wählen Sie die Checkbox an, sofern Sie möchten, dass das Installationsskript für Sie die Rechte wieder setzt. Sollte es nötig sein, dass Sie die Rechte manuell setzen, folgen Sie bitte den Anweisungen unter <a href=\"http://www.spamboard.net/wiki/FilePermissions\" target=\"_blank\">https://www.spamboard.net/wiki/FilePermissions</a>."; 389 389 $LANG['installer_database'] = "Bitte geben Sie nun einige Informationen über das von Ihnen benutzte Datenbanksystem ein. Wenn Sie SQLite benutzen, brauchen Sie keinen Benutzernamen und kein Passwort einzugeben. Andere Datenbanksysteme benötigen diese Angaben, und die Datenbank muss bereits existieren. Das Tabellenpräfix wird an den Anfang jedes Tabellennamens geschrieben. Dadurch kann das Board in einer Datenbank, die auch noch andere (boardfremde) Tabellen enthält, betrieben werden."; 390 390 $LANG['installer_pathes'] = "Bitte geben Sie zwei Pfade ein, die den Installationsort des Boards definieren. Der Dateisystempfad ist der Pfad vom Root des Dateisystems zum Root des Boardskripts. Der Webserverpfad ist der Verzeichnisbaum nach der Top-Level-Domain (.com, .net, .org) bis zum Board-Root. Das Installationsskript hat bereits versucht, diese Angaben herauszubekommen und gibt Ihnen Werte vor, die höchstwahrscheinlich stimmen. Bitte ändern Sie sie nur, wenn Sie wissen, was Sie tun."; branches/5.0/includes/lang/en.php
r120 r143 387 387 $LANG['group_memberships_updated'] = 'Your group memberships have been updated successfully.'; 388 388 $LANG['installer_intro'] = 'Hello and welcome to the Spam Board installer script! You are about to install version ' . $VERSION . " of this forum.<br /><br />We will ask you a few questions now. Don't worry, nothing will be committed before you had a chance to review all the options again. Please don't use your browser's back and forward buttons, as they'll break things. If you feel the need to change anything, you can start over at any time by using the respective button.<br /><br />These texts should give you the information needed to fill everything out. If you need additional help, try the <a href=\"http://www.spamboard.net/wiki/UsersGuide\" target=\"_blank\">User's Guide</a> available on the Spam Board website."; 389 $LANG['installer_permissions'] = "To function properly, the board needs write permissions on certain directories and files. The script can attempt to set these permissions automatically for you, if your webserver runs on a UNIX-ish system, chances are it'll work (if the UID the webserver is running under owns the files that is). However, if you've just downloaded a release archive from the official website and extracted it directly on your webserver, this isn't necessary, as everything should already be set up correctly. If, however, you extracted the archive on another system (e.g. Microsoft Windows) first and uploaded the files to your webspace from there, the permissions have been lost. Check the box below if you want the script to set the permissions again. ";389 $LANG['installer_permissions'] = "To function properly, the board needs write permissions on certain directories and files. The script can attempt to set these permissions automatically for you, if your webserver runs on a UNIX-ish system, chances are it'll work (if the UID the webserver is running under owns the files that is). However, if you've just downloaded a release archive from the official website and extracted it directly on your webserver, this isn't necessary, as everything should already be set up correctly. If, however, you extracted the archive on another system (e.g. Microsoft Windows) first and uploaded the files to your webspace from there, the permissions have been lost. Check the box below if you want the script to set the permissions again. If you need to set these up manually, follow the instructions found at <a href=\"http://www.spamboard.net/wiki/FilePermissions\" target=\"_blank\">https://www.spamboard.net/wiki/FilePermissions</a>."; 390 390 $LANG['installer_database'] = "Now please enter some information about the database system you're going to use. If you select SQLite, you don't have to enter a username and password. For other database systems, the database you enter here already has to exist. The table prefix is put in front of the name of each table the board will create. This enabled you to run the board within a database which also contains other tables."; 391 391 $LANG['installer_pathes'] = "Please enter two pathes which define the location you're installing the board to. The file system path is the board root in respect to the filesystem root. The web path is the directory tree after the top level domain (.com, .net, .org) to the board root. The installer script has already tried to guess them and entered these values into the respective fields. Usually, this should be correct. Only change these values if you know what you're doing."; branches/5.0/includes/login.php
r93 r143 43 43 $_SESSION['boardstyle'] = $row->boardstyle; 44 44 // language 45 $_SESSION['lang'] = $row->lang; 45 if ($row->lang != '') { 46 $_SESSION['lang'] = $row->lang; 47 } else { 48 // board default 49 $_SESSION['lang'] = $SETTINGS['lang']; 50 } 46 51 // update session in online table 47 52 $q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'online SET onlinememberid=:id WHERE onlinesession=:session'); branches/5.0/install.php
r120 r143 60 60 $nextpage = $page + 1; 61 61 62 // since this is important define the order in which the password hashes should be suggested62 // since this is important, define the order in which the password hashes should be suggested 63 63 $hashes_default = Array(); 64 64 $hashes_default[0] = 'sha512'; … … 334 334 } 335 335 } 336 /* test whether db and settings directories are accessable via HTTP */ 337 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 338 if ($fp !== FALSE) { 339 // db 340 $req = 'GET ' . $SETTINGS['webpath'] . "db/spamboard.sql HTTP/1.1\r\n"; 341 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 342 $req .= "Connection: Close\r\n\r\n"; 343 fwrite($fp, $req); 344 $reply = ''; 345 while (!feof($fp)) { 346 $reply .= fgets($fp, 128); 347 } 348 fclose($fp); 349 if (strpos($reply, '403 Forbidden') === FALSE) { 350 // db accessable via HTTP -> bad 336 if ($ok == 1) { 337 /* test whether db and settings directories are accessable via HTTP */ 338 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 339 if ($fp !== FALSE) { 340 // db 341 $req = 'GET ' . $SETTINGS['webpath'] . "db/spamboard.sql HTTP/1.1\r\n"; 342 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 343 $req .= "Connection: Close\r\n\r\n"; 344 fwrite($fp, $req); 345 $reply = ''; 346 while (!feof($fp)) { 347 $reply .= fgets($fp, 128); 348 } 349 fclose($fp); 350 if (strpos($reply, '403 Forbidden') === FALSE) { 351 // db accessable via HTTP -> bad 352 $ok = -1; 353 } 354 } else { 351 355 $ok = -1; 352 356 } 353 } else { 354 $ok = -1; 355 } 356 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 357 if ($fp !== FALSE) { 358 // sessions 359 @touch('sessions/test.file'); 360 $req = 'GET ' . $SETTINGS['webpath'] . "sessions/test.file HTTP/1.1\r\n"; 361 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 362 $req .= "Connection: Close\r\n\r\n"; 363 fwrite($fp, $req); 364 $reply = ''; 365 while (!feof($fp)) { 366 $reply .= fgets($fp, 128); 367 } 368 fclose($fp); 369 if (strpos($reply, '403 Forbidden') === FALSE) { 370 // db accessable via HTTP -> bad 357 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 358 if ($fp !== FALSE) { 359 // sessions 360 @touch('sessions/test.file'); 361 $req = 'GET ' . $SETTINGS['webpath'] . "sessions/test.file HTTP/1.1\r\n"; 362 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 363 $req .= "Connection: Close\r\n\r\n"; 364 fwrite($fp, $req); 365 $reply = ''; 366 while (!feof($fp)) { 367 $reply .= fgets($fp, 128); 368 } 369 fclose($fp); 370 if (strpos($reply, '403 Forbidden') === FALSE) { 371 // db accessable via HTTP -> bad 372 $ok = -1; 373 } 374 @unlink('sessions/test.file'); 375 } else { 371 376 $ok = -1; 372 377 } 373 @unlink('sessions/test.file'); 374 } else { 375 $ok = -1; 376 } 377 if ($ok == -1) { 378 // message about securing db and settings directories 379 print($LANG['installer_warning_insecure_directories'] . '<br /><br />'); 380 // this won't make the overall installation fail 381 $ok = 1; 382 } 383 /* clean up */ 384 if ($ok == 1) { 385 // remove settings.tmpl 386 if (@unlink('includes/config/settings.tmpl')) { 387 } else { $ok = 2; } 388 // remove crypt.tmpl 389 if (@unlink('includes/config/crypt.tmpl')) { 390 } else { $ok = 2; } 391 // remove bans.tmpl 392 if (@unlink('includes/config/bans.tmpl')) { 393 } else { $ok = 2; } 394 // remove logins.tmpl 395 if (@unlink('includes/config/logins.tmpl')) { 396 } else { $ok = 2; } 397 // remove memberstages.tmpl 398 if (@unlink('includes/config/memberstages.tmpl')) { 399 } else { $ok = 2; } 400 } else { 401 // something went wrong, so remove everything from the database again 402 if ($db = @file_get_contents('db/clean.sql')) { 403 // one SQL query at a time 404 $db = explode(';', $db); 405 foreach ($db as $query) { 406 @$C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query)); 407 } 408 } 409 } 410 /* everything done */ 411 if ($ok >= 1) { 412 if ($ok == 2) { 413 print($LANG['installer_warning_cleanup_failed'] . '<br /><br />'); 414 } 415 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { 416 $_s = 's'; 417 } else { $_s = ''; } 418 print(str_replace('%boardurl%', 'http' . $_s . '://' . $_SERVER['HTTP_HOST'] . $SETTINGS['webpath'] , $LANG['installer_overall_success'])); 378 if ($ok == -1) { 379 // message about securing db and settings directories 380 print($LANG['installer_warning_insecure_directories'] . '<br /><br />'); 381 // this won't make the overall installation fail 382 $ok = 1; 383 } 384 /* clean up */ 385 if ($ok == 1) { 386 // remove settings.tmpl 387 if (@unlink('includes/config/settings.tmpl')) { 388 } else { $ok = 2; } 389 // remove crypt.tmpl 390 if (@unlink('includes/config/crypt.tmpl')) { 391 } else { $ok = 2; } 392 // remove bans.tmpl 393 if (@unlink('includes/config/bans.tmpl')) { 394 } else { $ok = 2; } 395 // remove logins.tmpl 396 if (@unlink('includes/config/logins.tmpl')) { 397 } else { $ok = 2; } 398 // remove memberstages.tmpl 399 if (@unlink('includes/config/memberstages.tmpl')) { 400 } else { $ok = 2; } 401 } else { 402 // something went wrong, so remove everything from the database again 403 if ($db = @file_get_contents('db/clean.sql')) { 404 // one SQL query at a time 405 $db = explode(';', $db); 406 foreach ($db as $query) { 407 @$C->query(str_replace('%prefix%', $SETTINGS['dbtableprefix'], $query)); 408 } 409 } 410 } 411 /* everything done */ 412 if ($ok >= 1) { 413 if ($ok == 2) { 414 print($LANG['installer_warning_cleanup_failed'] . '<br /><br />'); 415 } 416 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { 417 $_s = 's'; 418 } else { $_s = ''; } 419 print(str_replace('%boardurl%', 'http' . $_s . '://' . $_SERVER['HTTP_HOST'] . $SETTINGS['webpath'] , $LANG['installer_overall_success'])); 420 } 419 421 } 420 422 break; branches/5.0/redirectors/pollvote.php
r39 r143 131 131 $i = 0; $voted = 0; 132 132 while ($pollvoters[$i] != '') { 133 if ($_SESSION['member name'] == $pollvoters[$i]) {133 if ($_SESSION['memberid'] == $pollvoters[$i]) { 134 134 $voted = 1; 135 135 } … … 141 141 $pollvotes[$vote]++; 142 142 $row->pollvotes = implode("\n", $pollvotes); 143 $row->pollvoters .= $_SESSION['member name'] . "\n";143 $row->pollvoters .= $_SESSION['memberid'] . "\n"; 144 144 // update database 145 145 $q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'polls SET pollvotes=:votes, pollvoters=:voters WHERE pollid=:id'); branches/5.0/redirectors/uploadavatar.php
r39 r143 63 63 if ($_FILES['avatarfile']['size'] <= 512000) { 64 64 // check file type 65 if (in_array($_FILES['avatarfile']['type'], Array('image/gif', 'image/png', 'image/jpg' ))) {65 if (in_array($_FILES['avatarfile']['type'], Array('image/gif', 'image/png', 'image/jpg', 'image/jpeg'))) { 66 66 // this wasn't too reliable, so check file type again 67 67 $_size = @getimagesize($_FILES['avatarfile']['tmp_name']);
