phpbb 2.0.10 update to 2.0.11 and visual confirmation

Forum_easyUCP_Desc

phpbb 2.0.10 update to 2.0.11 and visual confirmation

Beitragvon mgutt » 21. Nov 2004 15:25

Hi,

das sind die Installationsschritte von dem genannten update.

Leider funktioniert die Visual Confirmation nicht. (trotz aktivierung im admin-panel)

Ich denke, dass liegt an den Änderungen in der usercp_register.php, aber ich weiß nicht was ich da ändern muss.

wäre super, wenn du schnell helfen könntest.

die änderungen in der profile_add_body.tpl sind ja bereits seit 2.0.10 inkludiert und die switches sehen richtig aus.

phpBB 2.0.10 to phpBB 2.0.11 Code Changes



These are the Changes from phpBB 2.0.10 to phpBB 2.0.11 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.

After you have finished this tutorial, you have to upload the update_to_2011.php file, execute it and then delete it from your webspace.

Ok, lets start:

The first step to do, is to upload the new file usercp_confirm.php to your includes folder:

copy usercp_confirm.php to includes/usercp_confirm.php


The two files can be found within the phpBB Archive itself.


  • admin/admin_board.php
  1. FIND - Line 100
    Code: Alles auswählen

    $activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
    $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
     


    AFTER, ADD
    Code: Alles auswählen

    $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
    $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';


  2. FIND - Line 166
    Code: Alles auswählen

       "L_NONE" => $lang['Acc_None'],
       "L_USER" => $lang['Acc_User'],
       "L_ADMIN" => $lang['Acc_Admin'],


    AFTER, ADD
    Code: Alles auswählen

       "L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
       "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],

  • common.php
  1. FIND - Line 28
    Code: Alles auswählen

    function unset_vars(&$var)
    {
       while (list($var_name, $null) = @each($var))
       {
          unset($GLOBALS[$var_name]);
       }
       return;
    }

    //
    error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
    set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

    $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';

    // Unset globally registered vars - PHP5 ... hhmmm
    if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
    {
       $var_prefix = 'HTTP';
       $var_suffix = '_VARS';
       
       $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

       foreach ($test as $var)
       {
          if (is_array(${$var_prefix . $var . $var_suffix}))
          {
             unset_vars(${$var_prefix . $var . $var_suffix});
             @reset(${$var_prefix . $var . $var_suffix});
          }

          if (is_array(${$var}))
          {
             unset_vars(${$var});
             @reset(${$var});
          }
       }

       if (is_array(${'_FILES'}))
       {
          unset_vars(${'_FILES'});
          @reset(${'_FILES'});
       }

       if (is_array(${'HTTP_POST_FILES'}))
       {
          unset_vars(${'HTTP_POST_FILES'});
          @reset(${'HTTP_POST_FILES'});
       }
    }

    // PHP5 with register_long_arrays off?
    if (!isset($HTTP_POST_VARS) && isset($_POST))
    {
       $HTTP_POST_VARS = $_POST;
       $HTTP_GET_VARS = $_GET;
       $HTTP_SERVER_VARS = $_SERVER;
       $HTTP_COOKIE_VARS = $_COOKIE;
       $HTTP_ENV_VARS = $_ENV;
       $HTTP_POST_FILES = $_FILES;


    REPLACE WITH
    Code: Alles auswählen

    error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
    set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

    // The following code (unsetting globals) was contributed by Matt Kavanagh

    // PHP5 with register_long_arrays off?
    if (!isset($HTTP_POST_VARS) && isset($_POST))
    {
       $HTTP_POST_VARS = $_POST;
       $HTTP_GET_VARS = $_GET;
       $HTTP_SERVER_VARS = $_SERVER;
       $HTTP_COOKIE_VARS = $_COOKIE;
       $HTTP_ENV_VARS = $_ENV;
       $HTTP_POST_FILES = $_FILES;

       // _SESSION is the only superglobal which is conditionally set
       if (isset($_SESSION))
       {
          $HTTP_SESSION_VARS = $_SESSION;
       }
    }

    if (@phpversion() < '4.0.0')
    {
       // PHP3 path; in PHP3, globals are _always_ registered
       
       // We 'flip' the array of variables to test like this so that
       // we can validate later with isset($test[$var]) (no in_array())
       $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);

       // Loop through each input array
       @reset($test);
       while (list($input,) = @each($test))
       {
          while (list($var,) = @each($$input))
          {
             // Validate the variable to be unset
             if (!isset($test[$var]) && $var != 'test' && $var != 'input')
             {
                unset($$var);
             }
          }
       }
    }
    else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
    {
       // PHP4+ path
       
       // Not only will array_merge give a warning if a parameter
       // is not an array, it will actually fail. So we check if
       // HTTP_SESSION_VARS has been initialised.
       if (!isset($HTTP_SESSION_VARS))
       {
          $HTTP_SESSION_VARS = array();
       }

       // Merge all into one extremely huge array; unset
       // this later
       $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);

       unset($input['input']);
       
       while (list($var,) = @each($input))
       {
          unset($$var);
       }
       
       unset($input);

  • groupcp.php
  1. FIND - Line 475
    Code: Alles auswählen

                $username = ( isset($HTTP_POST_VARS['username']) ) ? htmlspecialchars($HTTP_POST_VARS['username']) : '';


    REPLACE WITH
    Code: Alles auswählen

                $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';

  • includes/constants.php
  1. FIND - Line 151
    Code: Alles auswählen



    // Table names


    AFTER, ADD
    Code: Alles auswählen

    define('CONFIRM_TABLE', $table_prefix.'confirm');

  • includes/functions.php
  1. FIND - Line 80
    Code: Alles auswählen

    //
    // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
    //


    BEFORE, ADD
    Code: Alles auswählen

    // added at phpBB 2.0.11 to properly format the username
    function phpbb_clean_username($username)
    {
       $username = htmlspecialchars(rtrim(trim($username), "\\"));
       $username = substr(str_replace("\\'", "'", $username), 0, 25);
       $username = str_replace("'", "\\'", $username);

       return $username;
    }


  2. FIND - Line 96
    Code: Alles auswählen

          $user = trim(htmlspecialchars($user));
          $user = substr(str_replace("\\'", "'", $user), 0, 25);
          $user = str_replace("'", "\\'", $user);


    REPLACE WITH
    Code: Alles auswählen

          $user = phpbb_clean_username($user);

  • includes/functions_post.php
  1. FIND - Line 131
    Code: Alles auswählen

          $username = trim(strip_tags($username));


    REPLACE WITH
    Code: Alles auswählen

          $username = phpbb_clean_username($username);

  • includes/functions_search.php
  1. FIND - Line 438
    Code: Alles auswählen

          $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match)));


    REPLACE WITH
    Code: Alles auswählen

          $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match));

  2. FIND - Line 472
    Code: Alles auswählen

          'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '',


    REPLACE WITH
    Code: Alles auswählen

          'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '',

  • includes/topic_review.php
  1. FIND - Line 33
    Code: Alles auswählen

          if ( !isset($topic_id) )
          {
             message_die(GENERAL_MESSAGE, 'Topic_not_exist');
          }


    REPLACE WITH
    Code: Alles auswählen

          if ( !isset($topic_id) || !$topic_id)
          {
             message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
          }

  • includes/usercp_register.php
  1. FIND - Line 24
    Code: Alles auswählen

    *
    ***************************************************************************/



    AFTER, ADD
    Code: Alles auswählen

    /*

       This code has been modified from its original form by psoTFX @ phpbb.com
       Changes introduce the back-ported phpBB 2.2 visual confirmation code.

       NOTE: Anyone using the modified code contained within this script MUST include
       a relevant message such as this in usercp_register.php ... failure to do so
       will affect a breach of Section 2a of the GPL and our copyright

       png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved

    */


  2. FIND - Line 112
    Code: Alles auswählen

       $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');


    AFTER, ADD
    Code: Alles auswählen

       $strip_var_list['confirm_code'] = 'confirm_code';

  3. FIND - Line 269
    Code: Alles auswählen

             $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
          }
       }
     


    AFTER, ADD
    Code: Alles auswählen

       if ($board_config['enable_confirm'] && $mode == 'register')
       {
          if (empty($HTTP_POST_VARS['confirm_id']))
          {
             $error = TRUE;
             $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
          }
          else
          {
             $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
             if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
             {
                $confirm_id = '';
             }
             
             $sql = 'SELECT code
                FROM ' . CONFIRM_TABLE . "
                WHERE confirm_id = '$confirm_id'
                   AND session_id = '" . $userdata['session_id'] . "'";
             if (!($result = $db->sql_query($sql)))
             {
                message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
             }

             if ($row = $db->sql_fetchrow($result))
             {
                if ($row['code'] != $confirm_code)
                {
                   $error = TRUE;
                   $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
                }
                else
                {
                   $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
                      WHERE confirm_id = '$confirm_id'
                         AND session_id = '" . $userdata['session_id'] . "'";
                   if (!$db->sql_query($sql))
                   {
                      message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
                   }
                }
             }
             else
             {      
                $error = TRUE;
                $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
             }
             $db->sql_freeresult($result);
          }
       }


  4. FIND - Line 903
    Code: Alles auswählen

          $template->assign_block_vars('switch_namechange_disallowed', array());
       }



    AFTER, ADD
    Code: Alles auswählen


       // Visual Confirmation
       $confirm_image = '';
       if (!empty($board_config['enable_confirm']) && $mode == 'register')
       {
          $sql = 'SELECT session_id
             FROM ' . SESSIONS_TABLE;
          if (!($result = $db->sql_query($sql)))
          {
             message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
          }

          if ($row = $db->sql_fetchrow($result))
          {
             $confirm_sql = '';
             do
             {
                $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
             }
             while ($row = $db->sql_fetchrow($result));
          
             $sql = 'DELETE FROM ' .  CONFIRM_TABLE . "
                WHERE session_id NOT IN ($confirm_sql)";
             if (!$db->sql_query($sql))
             {
                message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
             }
          }
          $db->sql_freeresult($result);

          $sql = 'SELECT COUNT(session_id) AS attempts
             FROM ' . CONFIRM_TABLE . "
             WHERE session_id = '" . $userdata['session_id'] . "'";
          if (!($result = $db->sql_query($sql)))
          {
             message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
          }

          if ($row = $db->sql_fetchrow($result))
          {
             if ($row['attempts'] > 3)
             {
                message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
             }
          }
          $db->sql_freeresult($result);
          
          $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

          list($usec, $sec) = explode(' ', microtime());
          mt_srand($sec * $usec);

          $max_chars = count($confirm_chars) - 1;
          $code = '';
          for ($i = 0; $i < 6; $i++)
          {
             $code .= $confirm_chars[mt_rand(0, $max_chars)];
          }

          $confirm_id = md5(uniqid($user_ip));

          $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
             VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
          if (!$db->sql_query($sql))
          {
             message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
          }

          unset($code);
          
          $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';
          $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

          $template->assign_block_vars('switch_confirm', array());
       }



  5. FIND - Line 993
    Code: Alles auswählen

          'NEW_PASSWORD' => $new_password,
          'PASSWORD_CONFIRM' => $password_confirm,
          'EMAIL' => $email,


    AFTER, ADD
    Code: Alles auswählen

          'CONFIRM_IMG' => $confirm_image,

  6. FIND - Line 1087
    Code: Alles auswählen

          'L_PROFILE_INFO' => $lang['Profile_info'],
          'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
          'L_EMAIL_ADDRESS' => $lang['Email_address'],


    AFTER, ADD
    Code: Alles auswählen


          'L_CONFIRM_CODE_IMPAIRED'   => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
          'L_CONFIRM_CODE'         => $lang['Confirm_code'],
          'L_CONFIRM_CODE_EXPLAIN'   => $lang['Confirm_code_explain'],

  • includes/usercp_sendpasswd.php
  1. FIND - Line 32
    Code: Alles auswählen

       $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';


    REPLACE WITH
    Code: Alles auswählen

       $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';

  • includes/usercp_viewprofile.php
  1. FIND - Line 172
    Code: Alles auswählen

    $page_title = $lang['Viewing_profile'];
    include($phpbb_root_path . 'includes/page_header.'.$phpEx);
     


    AFTER, ADD
    Code: Alles auswählen

    if (function_exists('get_html_translation_table'))
    {
       $u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES))));
    }
    else
    {
       $u_search_author = urlencode(str_replace(array('&amp;', ''', '&quot;', '&lt;', '&gt;'), array('&', "'", '"', '<', '>'), $profiledata['username']));
    }


  2. FIND - Line 235
    Code: Alles auswählen

       'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username'])),


    REPLACE WITH
    Code: Alles auswählen

       'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . $u_search_author),

  • login.php
  1. FIND - Line 57
    Code: Alles auswählen

          $username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
          $username = substr(str_replace("\\'", "'", $username), 0, 25);
          $username = str_replace("'", "\\'", $username);


    REPLACE WITH
    Code: Alles auswählen

          $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';

  • privmsg.php
  1. FIND - Line 1135
    Code: Alles auswählen

             $to_username = $HTTP_POST_VARS['username'];


    REPLACE WITH
    Code: Alles auswählen

             $to_username = phpbb_clean_username($HTTP_POST_VARS['username']);

  2. FIND - Line 1340
    Code: Alles auswählen

          $to_username = ( isset($HTTP_POST_VARS['username']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['username']))) : '';


    REPLACE WITH
    Code: Alles auswählen

          $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';


  3. FIND - Line 1711
    Code: Alles auswählen

          'USERNAME' => preg_replace($html_entities_match, $html_entities_replace, $to_username),


    REPLACE WITH
    Code: Alles auswählen

          'USERNAME' => $to_username,

  • profile.php
  1. FIND - Line 103
    Code: Alles auswählen

          include($phpbb_root_path . 'includes/usercp_register.'.$phpEx);
          exit;
       }


    AFTER, ADD
    Code: Alles auswählen

       else if ( $mode == 'confirm' )
       {
          // Visual Confirmation
          if ( $userdata['session_logged_in'] )
          {
             exit;
          }

          include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx);
          exit;
       }

  • search.php
  1. FIND - Line 63
    Code: Alles auswählen

       $search_author = htmlspecialchars($search_author);


    REPLACE WITH
    Code: Alles auswählen

       $search_author = phpbb_clean_username($search_author);

  • templates/subSilver/admin/board_config_body.tpl
  1. FIND - Line 38
    Code: Alles auswählen

       <tr>
          <td class="row2"><input type="radio" name="require_activation" value="{ACTIVATION_NONE}" {ACTIVATION_NONE_CHECKED} />{L_NONE}&nbsp; &nbsp;<input type="radio" name="require_activation" value="{ACTIVATION_USER}" {ACTIVATION_USER_CHECKED} />{L_USER}&nbsp; &nbsp;<input type="radio" name="require_activation" value="{ACTIVATION_ADMIN}" {ACTIVATION_ADMIN_CHECKED} />{L_ADMIN}</td>
       </tr>


    AFTER, ADD
    Code: Alles auswählen

       <tr>
          <td class="row1">{L_VISUAL_CONFIRM}<br /><span class="gensmall">{L_VISUAL_CONFIRM_EXPLAIN}</span></td>
          <td class="row2"><input type="radio" name="enable_confirm" value="1" {CONFIRM_ENABLE} />{L_YES}&nbsp; &nbsp;<input type="radio" name="enable_confirm" value="0" {CONFIRM_DISABLE} />{L_NO}</td>
       </tr>

  • viewtopic.php
  1. FIND - Line 486
    Code: Alles auswählen

       $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));


    REPLACE WITH
    Code: Alles auswählen

       $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
     

mgutt
User
 
Beiträge: 63
Registriert: 14. Okt 2004 22:23

easyUCP Visual Confirmation update für Boards > 2.0.10

Beitragvon AmigaLink » 21. Nov 2004 20:58

Danke für das Posten der Update-Anleitung, jetzt brauch ich das nicht mehr tun! :mrgreen:
Diejenigen die jetzt nicht wissen sollten worum es geht, finden hier die entsprechende Meldung und im Anhang die, für's Update, zusätzlich noch benötigten Files! 8)

Dieses Update schließt eine große Sicherheitslücke und ist deswegen sehr zu Empfehlen!!!

Nach der Installation dieses Updates muss für das easyUCP noch folgendes gemacht werden:
Code: Alles auswählen
#
#----------[ OPEN ]-------------------------------------
#

includes/usercp_register.php

#
#----------[ FIND ]-------------------------------------
#

   // Visual Confirmation
   $confirm_image = '';
   if (!empty($board_config['enable_confirm']) && $mode == 'register')
   {
      $sql = 'SELECT session_id
         FROM ' . SESSIONS_TABLE;
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
      }

      if ($row = $db->sql_fetchrow($result))
      {
         $confirm_sql = '';
         do
         {
            $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
         }
         while ($row = $db->sql_fetchrow($result));
       
         $sql = 'DELETE FROM ' .  CONFIRM_TABLE . "
            WHERE session_id NOT IN ($confirm_sql)";
         if (!$db->sql_query($sql))
         {
            message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
         }
      }
      $db->sql_freeresult($result);

      $sql = 'SELECT COUNT(session_id) AS attempts
         FROM ' . CONFIRM_TABLE . "
         WHERE session_id = '" . $userdata['session_id'] . "'";
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
      }

      if ($row = $db->sql_fetchrow($result))
      {
         if ($row['attempts'] > 3)
         {
            message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
         }
      }
      $db->sql_freeresult($result);
       
      $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

      list($usec, $sec) = explode(' ', microtime());
      mt_srand($sec * $usec);

      $max_chars = count($confirm_chars) - 1;
      $code = '';
      for ($i = 0; $i < 6; $i++)
      {
         $code .= $confirm_chars[mt_rand(0, $max_chars)];
      }

      $confirm_id = md5(uniqid($user_ip));

      $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
         VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
      if (!$db->sql_query($sql))
      {
         message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
      }

      unset($code);
       
      $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';
      $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

      $template->assign_block_vars('switch_confirm', array());
   }

#
#----------[ REPLACE WITH ]-----------------------------
#

/*
   // Visual Confirmation
   $confirm_image = '';
   if (!empty($board_config['enable_confirm']) && $mode == 'register')
   {
      $sql = 'SELECT session_id
         FROM ' . SESSIONS_TABLE;
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
      }

      if ($row = $db->sql_fetchrow($result))
      {
         $confirm_sql = '';
         do
         {
            $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
         }
         while ($row = $db->sql_fetchrow($result));
       
         $sql = 'DELETE FROM ' .  CONFIRM_TABLE . "
            WHERE session_id NOT IN ($confirm_sql)";
         if (!$db->sql_query($sql))
         {
            message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
         }
      }
      $db->sql_freeresult($result);

      $sql = 'SELECT COUNT(session_id) AS attempts
         FROM ' . CONFIRM_TABLE . "
         WHERE session_id = '" . $userdata['session_id'] . "'";
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
      }

      if ($row = $db->sql_fetchrow($result))
      {
         if ($row['attempts'] > 3)
         {
            message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
         }
      }
      $db->sql_freeresult($result);
       
      $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

      list($usec, $sec) = explode(' ', microtime());
      mt_srand($sec * $usec);

      $max_chars = count($confirm_chars) - 1;
      $code = '';
      for ($i = 0; $i < 6; $i++)
      {
         $code .= $confirm_chars[mt_rand(0, $max_chars)];
      }

      $confirm_id = md5(uniqid($user_ip));

      $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
         VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
      if (!$db->sql_query($sql))
      {
         message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
      }

      unset($code);
       
      $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';
      $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

      $template->assign_block_vars('switch_confirm', array());
   }
*/

#
#----------[ FIND ]-------------------------------------
#

   if ( $ucp_mode == 'ucp_require' || $ucp_mode == '' )
   {
      $template->assign_block_vars('switch_ucp_require', array());
      if ( $mode == 'editprofile' )
      {
         $template->assign_block_vars('switch_ucp_require.switch_edit_profile', array());
      }
      if ( ($mode == 'register') || ($board_config['allow_namechange']) )
      {
         $template->assign_block_vars('switch_ucp_require.switch_namechange_allowed', array());
      }
      else
      {
         $template->assign_block_vars('switch_ucp_require.switch_namechange_disallowed', array());
      }

#
#----------[ AFTER, ADD ]-------------------------------
#

         // Visual Confirmation
         $confirm_image = '';
         if (!empty($board_config['enable_confirm']) && $mode == 'register')
         {
            $sql = 'SELECT session_id
               FROM ' . SESSIONS_TABLE;
            if (!($result = $db->sql_query($sql)))
            {
               message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
            }

            if ($row = $db->sql_fetchrow($result))
            {
               $confirm_sql = '';
               do
               {
                  $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
               }
               while ($row = $db->sql_fetchrow($result));
            
               $sql = 'DELETE FROM ' .  CONFIRM_TABLE . "
                  WHERE session_id NOT IN ($confirm_sql)";
               if (!$db->sql_query($sql))
               {
                  message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
               }
            }
            $db->sql_freeresult($result);

            $sql = 'SELECT COUNT(session_id) AS attempts
               FROM ' . CONFIRM_TABLE . "
               WHERE session_id = '" . $userdata['session_id'] . "'";
            if (!($result = $db->sql_query($sql)))
            {
               message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
            }

            if ($row = $db->sql_fetchrow($result))
            {
               if ($row['attempts'] > 3)
               {
                  message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
               }
            }
            $db->sql_freeresult($result);
            
            $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

            list($usec, $sec) = explode(' ', microtime());
            mt_srand($sec * $usec);

            $max_chars = count($confirm_chars) - 1;
            $code = '';
            for ($i = 0; $i < 6; $i++)
            {
               $code .= $confirm_chars[mt_rand(0, $max_chars)];
            }

            $confirm_id = md5(uniqid($user_ip));

            $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
               VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
            if (!$db->sql_query($sql))
            {
               message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
            }

            unset($code);
            
            $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';
            $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

            $template->assign_block_vars('switch_ucp_require.switch_confirm', array());
         }

#
#----------[ SAVE AND CLOSE ALL FILES ]-----------------
#
Dateianhänge
phpbb_update_files.zip
Update des phpBB 2.0.10 auf 2.0.11
(34.22 KiB) 788-mal heruntergeladen
Die deutsche Sprache ist Freeware, du kannst sie benutzen, ohne dafür zu bezahlen. Sie ist aber nicht Open Source, also darfst du sie nicht verändern, wie es dir gerade passt.
Benutzeravatar
AmigaLink
Administrator
 
Beiträge: 3987
Registriert: 11. Aug 2004 01:06
Wohnort: NRW


Zurück zu easy UCP



Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast

cron