PunBB 1.2.1 to 1.2.4 changes

PunBB 1.2.1 to 1.2.4 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.1/upload/admin_censoring.php	punbb-1.2.4/upload/admin_censoring.php
76: {	76: {
77: confirm_referrer('admin_censoring.php');	77: confirm_referrer('admin_censoring.php');
78:	78:
79: $id = key($_POST['remove']);	79: $id = intval(key($_POST['remove']));
80:	80:
81: $db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());	81: $db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
82:	82:

punbb-1.2.1/upload/admin_forums.php	punbb-1.2.4/upload/admin_forums.php
229:	229:
230: // Fetch forum info	230: // Fetch forum info
231: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());	231: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
	232: if (!$db->num_rows($result))
	233: message($lang_common['Bad request']);
	234:
232: $cur_forum = $db->fetch_assoc($result);	235: $cur_forum = $db->fetch_assoc($result);
233:	236:
234:	237:

punbb-1.2.1/upload/admin_groups.php	punbb-1.2.4/upload/admin_groups.php
54: message($lang_common['Bad request']);	54: message($lang_common['Bad request']);
55:	55:
56: $result = $db->query('SELECT * FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $db->error());	56: $result = $db->query('SELECT * FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $db->error());
	57: if (!$db->num_rows($result))
	58: message($lang_common['Bad request']);
	59:
57: $group = $db->fetch_assoc($result);	60: $group = $db->fetch_assoc($result);
58:	61:
59: $mode = 'edit';	62: $mode = 'edit';
226:	229:
227: if ($_POST['mode'] == 'add')	230: if ($_POST['mode'] == 'add')
228: {	231: {
229: $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());	232: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
230: if ($db->num_rows())	233: if ($db->num_rows($result))
231: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');	234: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
232:	235:
233: $db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());	236: $db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());
239: $db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());	242: $db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());
240: }	243: }
241: else	244: else
	245: {
	246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' && g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
	247: if ($db->num_rows($result))
	248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
	249:
242: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());	250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());
	251: }
243:	252:
244: // Regenerate the quickjump cache	253: // Regenerate the quickjump cache
245: require_once PUN_ROOT.'include/cache.php';	254: require_once PUN_ROOT.'include/cache.php';

punbb-1.2.1/upload/admin_index.php	punbb-1.2.4/upload/admin_index.php
64:	64:
65:	65:
66: // Show phpinfo() output	66: // Show phpinfo() output
67: else if ($action == 'phpinfo')	67: else if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN)
68: {	68: {
69: // Is phpinfo() a disabled function?	69: // Is phpinfo() a disabled function?
70: if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false)	70: if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false)

punbb-1.2.1/upload/admin_loader.php	punbb-1.2.4/upload/admin_loader.php
36:	36:
37:	37:
38: // The plugin to load should be supplied via GET	38: // The plugin to load should be supplied via GET
39: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : null;	39: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : '';
40: if (!$plugin)	40: if (!preg_match('/^AM?P_(\w*?)\.php$/i', $plugin))
41: message($lang_common['Bad request']);	41: message($lang_common['Bad request']);
42:	42:
43: // AP_ == Admins only, AMP_ == admins and moderators	43: // AP_ == Admins only, AMP_ == admins and moderators
49: if (!file_exists(PUN_ROOT.'plugins/'.$plugin))	49: if (!file_exists(PUN_ROOT.'plugins/'.$plugin))
50: message('There is no plugin called \''.$plugin.'\' in the plugin directory.');	50: message('There is no plugin called \''.$plugin.'\' in the plugin directory.');
51:	51:
	52: // Construct REQUEST_URI if it isn't set
	53: if (!isset($_SERVER['REQUEST_URI']))
	54: $_SERVER['REQUEST_URI'] = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '').'?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '');
52:	55:
53: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / '.$plugin;	56: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / '.$plugin;
54: require PUN_ROOT.'header.php';	57: require PUN_ROOT.'header.php';

punbb-1.2.1/upload/admin_options.php	punbb-1.2.4/upload/admin_options.php
38: if (isset($_POST['form_sent']))	38: if (isset($_POST['form_sent']))
39: {	39: {
40: // Lazy referer check (in case base_url isn't correct)	40: // Lazy referer check (in case base_url isn't correct)
41: if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))	41: if (!isset($_SERVER['HTTP_REFERER']) \|\| !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
42: message($lang_common['Bad referrer']);	42: message($lang_common['Bad referrer']);
43:	43:
44: $form = array_map('trim', $_POST['form']);	44: $form = array_map('trim', $_POST['form']);

punbb-1.2.1/upload/admin_ranks.php	punbb-1.2.4/upload/admin_ranks.php
69: {	69: {
70: confirm_referrer('admin_ranks.php');	70: confirm_referrer('admin_ranks.php');
71:	71:
72: $id = key($_POST['update']);	72: $id = intval(key($_POST['update']));
73:	73:
74: $rank = trim($_POST['rank'][$id]);	74: $rank = trim($_POST['rank'][$id]);
75: $min_posts = trim($_POST['min_posts'][$id]);	75: $min_posts = trim($_POST['min_posts'][$id]);
100: {	100: {
101: confirm_referrer('admin_ranks.php');	101: confirm_referrer('admin_ranks.php');
102:	102:
103: $id = key($_POST['remove']);	103: $id = intval(key($_POST['remove']));
104:	104:
105: $db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());	105: $db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());
106:	106:

punbb-1.2.1/upload/admin_reports.php	punbb-1.2.4/upload/admin_reports.php
40: {	40: {
41: confirm_referrer('admin_reports.php');	41: confirm_referrer('admin_reports.php');
42:	42:
43: $zap_id = key($_POST['zap_id']);	43: $zap_id = intval(key($_POST['zap_id']));
44:	44:
45: $result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());	45: $result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());
46: $zapped = $db->result($result);	46: $zapped = $db->result($result);

punbb-1.2.1/upload/admin_users.php	punbb-1.2.4/upload/admin_users.php
266: $conditions[] = 'u.num_posts<'.$posts_less;	266: $conditions[] = 'u.num_posts<'.$posts_less;
267:	267:
268: if ($user_group != 'all')	268: if ($user_group != 'all')
269: $conditions[] = 'u.group_id='.$user_group;	269: $conditions[] = 'u.group_id='.$db->escape($user_group);
270:	270:
271: if (!isset($conditions))	271: if (!isset($conditions))
272: message('You didn\'t enter any search terms.');	272: message('You didn\'t enter any search terms.');
300: <tbody>	300: <tbody>
301: <?php	301: <?php
302:	302:
303: $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	303: $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
304: if ($db->num_rows($result))	304: if ($db->num_rows($result))
305: {	305: {
306: while ($user_data = $db->fetch_assoc($result))	306: while ($user_data = $db->fetch_assoc($result))

punbb-1.2.1/upload/footer.php	punbb-1.2.4/upload/footer.php
140:	140:
141:	141:
142: // START SUBST - <pun_include "*">	142: // START SUBST - <pun_include "*">
143: while (preg_match('<pun_include "(.*?)">', $tpl_main, $cur_include))	143: while (preg_match('/<pun_include "(.*?)">/', $tpl_main, $cur_include))
144: {	144: {
145: ob_start();	145: ob_start();
146: include PUN_ROOT.$cur_include[1];	146: include PUN_ROOT.$cur_include[1];
147: $tpl_temp = ob_get_contents();	147: $tpl_temp = ob_get_contents();
148: $tpl_main = str_replace('<'.$cur_include[0].'>', $tpl_temp, $tpl_main);	148: $tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main);
149: ob_end_clean();	149: ob_end_clean();
150: }	150: }
151: // END SUBST - <pun_include "*">	151: // END SUBST - <pun_include "*">

punbb-1.2.1/upload/header.php	punbb-1.2.4/upload/header.php
15: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	15: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16: GNU General Public License for more details.	16: GNU General Public License for more details.
17:	17:
18: You should have received a copy of the GNU G>eneral Public License	18: You should have received a copy of the GNU General Public License
19: along with this program; if not, write to the Free Software	19: along with this program; if not, write to the Free Software
20: Foundation, Inc., 59 Temple Place, Suite 330, Boston,	20: Foundation, Inc., 59 Temple Place, Suite 330, Boston,
21: MA 02111-1307 USA	21: MA 02111-1307 USA
171: $tpl_temp .= "\n\t\t\t\t".'<li class="maintenancelink"><strong><a href="admin_options.php#maintenance">Maintenance mode is enabled!</a></strong></li>';	171: $tpl_temp .= "\n\t\t\t\t".'<li class="maintenancelink"><strong><a href="admin_options.php#maintenance">Maintenance mode is enabled!</a></strong></li>';
172: }	172: }
173:	173:
174: if (basename($_SERVER['PHP_SELF']) == 'index.php')	174: if (in_array(basename($_SERVER['PHP_SELF']), array('index.php', 'search.php')))
175: $tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<ul class="conr">'."\n\t\t\t\t".'<li><a href="search.php?action=show_new">'.$lang_common['Show new posts'].'</a></li>'."\n\t\t\t\t".'<li><a href="misc.php?action=markread">'.$lang_common['Mark all as read'].'</a></li>'."\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';	175: $tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<ul class="conr">'."\n\t\t\t\t".'<li><a href="search.php?action=show_new">'.$lang_common['Show new posts'].'</a></li>'."\n\t\t\t\t".'<li><a href="misc.php?action=markread">'.$lang_common['Mark all as read'].'</a></li>'."\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
176: else if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'action=show_new')
177: $tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<p class="conr"><a href="misc.php?action=markread">'.$lang_common['Mark all as read'].'</a></p>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
178: else	176: else
179: $tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';	177: $tpl_temp .= "\n\t\t\t".'</ul>'."\n\t\t\t".'<div class="clearer"></div>'."\n\t\t".'</div>';
180: }	178: }

punbb-1.2.1/upload/help.php	punbb-1.2.4/upload/help.php
86:     [quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br /><br />	86:     [quote]<?php echo $lang_help['Quote text'] ?>[/quote]<br /><br />
87: <?php echo $lang_help['produces quote box'] ?><br /><br />	87: <?php echo $lang_help['produces quote box'] ?><br /><br />
88: <div class="postmsg">	88: <div class="postmsg">
89: <blockquote><div class="incqbox"></h4><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>	89: <blockquote><div class="incqbox"><p><?php echo $lang_help['Quote text'] ?></p></div></blockquote>
90: </div>	90: </div>
91: </div>	91: </div>
92: </div>	92: </div>

punbb-1.2.1/upload/include/dblayer/common_db.php	punbb-1.2.4/upload/include/dblayer/common_db.php
23: ************************************************************************/	23: ************************************************************************/
24:	24:
25:	25:
	26: // Make sure no one attempts to run this script "directly"
	27: if (!defined('PUN'))
	28: exit;
	29:
	30:
26: //	31: //
27: // Return current timestamp (with microseconds) as a float (used in dblayer)	32: // Return current timestamp (with microseconds) as a float (used in dblayer)
28: //	33: //

punbb-1.2.1/upload/include/email.php	punbb-1.2.4/upload/include/email.php
33: //	33: //
34: function is_valid_email($email)	34: function is_valid_email($email)
35: {	35: {
36: return preg_match('#^.{1,}@.{2,}\..{2,}$#', $email);	36: return preg_match('/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $email);
37: }	37: }
38:	38:
39:	39:
67: if (!$from)	67: if (!$from)
68: $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';	68: $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';
69:	69:
70: // Make sure the from line doesn't contain a colon (the character, that is :D)	70: // Do a little spring cleaning
71: $from = str_replace(':', ' ', $from);	71: $to = trim(preg_replace('#[\n\r]+#s', '', $to));
	72: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
	73: $from = trim(preg_replace('#[\n\r:]+#s', '', $from));
72:	74:
73: // Detect what linebreak we should use for the headers	75: // Detect what linebreak we should use for the headers
74: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))	76: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
75: $eol = "\r\n";	77: $eol = "\r\n";
76: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))	78: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))
77: $eol = "\r";	79: $eol = "\r";
78: else	80: else
79: $eol = "\n";	81: $eol = "\n";
80:	82:
81: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';	83: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';
82:	84:

punbb-1.2.1/upload/include/functions.php	punbb-1.2.4/upload/include/functions.php
46: $pun_user = $db->fetch_assoc($result);	46: $pun_user = $db->fetch_assoc($result);
47:	47:
48: // If user authorisation failed	48: // If user authorisation failed
49: if (!isset($pun_user['id']) \|\| md5($cookie_seed.$pun_user['password']) != $cookie['password_hash'])	49: if (!isset($pun_user['id']) \|\| md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
50: {	50: {
51: pun_setcookie(0, random_pass(8), $expire);	51: pun_setcookie(0, random_pass(8), $expire);
52: set_default_user();	52: set_default_user();
108:	108:
109: // Fetch guest user	109: // Fetch guest user
110: $result = $db->query('SELECT u., g., o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());	110: $result = $db->query('SELECT u., g., o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
	111: if (!$db->num_rows($result))
	112: exit('Unable to fetch guest information. The table \''.$db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.');
	113:
111: $pun_user = $db->fetch_assoc($result);	114: $pun_user = $db->fetch_assoc($result);
112:	115:
113: // Update online list	116: // Update online list
229: global $pun_config, $lang_common, $pun_user;	232: global $pun_config, $lang_common, $pun_user;
230:	233:
231: // Index and Userlist should always be displayed	234: // Index and Userlist should always be displayed
232: $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>';	235: $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>';
233: $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>';	236: $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>';
234:	237:
235: if ($pun_config['o_rules'] == '1')	238: if ($pun_config['o_rules'] == '1')
236: $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>';	239: $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>';
	240:
	241: if ($pun_user['is_guest'])
	242: {
	243: if ($pun_user['g_search'] == '1')
	244: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
	245:
	246: $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>';
	247: $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>';
237:	248:
238: if ($pun_user['is_guest'])	249: $info = $lang_common['Not logged in'];
239: {	250: }
240: if ($pun_user['g_search'] == '1')
241: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
242:
243: $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>';
244: $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>';
245:
246: $info = $lang_common['Not logged in'];
247: }
248: else	251: else
249: {	252: {
250: if ($pun_user['g_id'] > PUN_MOD)	253: if ($pun_user['g_id'] > PUN_MOD)
251: {	254: {
252: if ($pun_user['g_search'] == '1')	255: if ($pun_user['g_search'] == '1')
253: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';	256: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
254:	257:
255: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';	258: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
256: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';	259: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';
257: }	260: }
258: else	261: else
259: {	262: {
260: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';	263: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
261: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';	264: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
262: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';	265: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';
263: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';	266: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';
264: }	267: }
265: }	268: }
266:	269:
267: // Are there any additional navlinks we should insert into the array before imploding it?	270: // Are there any additional navlinks we should insert into the array before imploding it?
268: if ($pun_config['o_additional_navlinks'] != '')	271: if ($pun_config['o_additional_navlinks'] != '')
271: {	274: {
272: // Insert any additional links into the $links array (at the correct index)	275: // Insert any additional links into the $links array (at the correct index)
273: for ($i = 0; $i < count($extra_links[1]); ++$i)	276: for ($i = 0; $i < count($extra_links[1]); ++$i)
274: array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i]));	277: array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i]));
275: }	278: }
276: }	279: }
277:	280:
278: return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>';	281: return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>';
279: }	282: }
280:	283:
281:	284:
736:	739:
737: if (strpos($lang_common['lang_encoding'], '8859') !== false)	740: if (strpos($lang_common['lang_encoding'], '8859') !== false)
738: {	741: {
739: $fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0), chr(0xCA));	742: $fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0));
740: return trim(str_replace($fishy_chars, ' ', $str));	743: return trim(str_replace($fishy_chars, ' ', $str));
741: }	744: }
742: else	745: else

punbb-1.2.1/upload/include/parser.php	punbb-1.2.4/upload/include/parser.php
67: if (!$is_signature)	67: if (!$is_signature)
68: {	68: {
69: // For non-signatures, we have to do the quote and code tags as well	69: // For non-signatures, we have to do the quote and code tags as well
70: $a[] = '#\[quote=("\|"\|\'\|)(.)\\1\]\s#i';	70: $a[] = '#\[quote=("\|"\|\'\|)(.?)\\1\]\s#i';
71: $a[] = '#\[quote\]\s*#i';	71: $a[] = '#\[quote\]\s*#i';
72: $a[] = '#\s\[/quote\]\s#i';	72: $a[] = '#\s\[/quote\]\s#i';
73: $a[] = '#\[code\][\r\n](.?)\s\[/code\]\s#is';	73: $a[] = '#\[code\][\r\n](.?)\s\[/code\]\s#is';

punbb-1.2.1/upload/install.php	punbb-1.2.4/upload/install.php
24:	24:
25:	25:
26: // The PunBB version this script installs	26: // The PunBB version this script installs
27: $punbb_version = '1.2.1';	27: $punbb_version = '1.2.4';
28:	28:
29:	29:
30: define('PUN_ROOT', './');	30: define('PUN_ROOT', './');
33:	33:
34:	34:
35: // Make sure we are running at least PHP 4.1.0	35: // Make sure we are running at least PHP 4.1.0
36: if (version_compare(PHP_VERSION, '4.1.0', '<'))	36: if (intval(str_replace('.', '', phpversion())) < 410)
37: exit('You are running PHP version '.PHP_VERSION.'. PunBB requires at least PHP 4.1.0 to run properly. You must upgrade your PHP installation before you can continue.');	37: exit('You are running PHP version '.PHP_VERSION.'. PunBB requires at least PHP 4.1.0 to run properly. You must upgrade your PHP installation before you can continue.');
38:	38:
39: // Disable error reporting for uninitialized variables	39: // Disable error reporting for uninitialized variables

punbb-1.2.1/upload/login.php	punbb-1.2.4/upload/login.php
91: // Remove user from "users online" list.	91: // Remove user from "users online" list.
92: $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());	92: $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
93:	93:
94: // Update last_visit	94: // Update last_visit (make sure there's something to update it with)
95: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());	95: if (isset($pun_user['logged']))
	96: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
96:	97:
97: pun_setcookie(1, random_pass(8), time() + 31536000);	98: pun_setcookie(1, random_pass(8), time() + 31536000);
98:	99:

punbb-1.2.1/upload/misc.php	punbb-1.2.4/upload/misc.php
245:	245:
246: else if (isset($_GET['subscribe']))	246: else if (isset($_GET['subscribe']))
247: {	247: {
248: if ($pun_user['is_guest'])	248: if ($pun_user['is_guest'] \|\| $pun_config['o_subscriptions'] != '1')
249: message($lang_common['No permission']);	249: message($lang_common['No permission']);
250:	250:
251: $topic_id = intval($_GET['subscribe']);	251: $topic_id = intval($_GET['subscribe']);
264:	264:
265: else if (isset($_GET['unsubscribe']))	265: else if (isset($_GET['unsubscribe']))
266: {	266: {
267: if ($pun_user['is_guest'])	267: if ($pun_user['is_guest'] \|\| $pun_config['o_subscriptions'] != '1')
268: message($lang_common['No permission']);	268: message($lang_common['No permission']);
269:	269:
270: $topic_id = intval($_GET['unsubscribe']);	270: $topic_id = intval($_GET['unsubscribe']);

punbb-1.2.1/upload/moderate.php	punbb-1.2.4/upload/moderate.php
50: $ip = $db->result($result);	50: $ip = $db->result($result);
51: }	51: }
52:	52:
53: message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');	53: message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
54: }	54: }
55:	55:
56:	56:
98: {	98: {
99: confirm_referrer('moderate.php');	99: confirm_referrer('moderate.php');
100:	100:
	101: if (preg_match('/[^0-9,]/', $posts))
	102: message($lang_common['Bad request']);
	103:
101: // Delete the posts	104: // Delete the posts
102: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error());	105: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error());
103:	106:
278: {	281: {
279: confirm_referrer('moderate.php');	282: confirm_referrer('moderate.php');
280:	283:
	284: if (preg_match('/[^0-9,]/', $_POST['topics']))
	285: message($lang_common['Bad request']);
	286:
281: $topics = explode(',', $_POST['topics']);	287: $topics = explode(',', $_POST['topics']);
282: $move_to_forum = intval($_POST['move_to_forum']);	288: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
283: if (empty($topics) \|\| $move_to_forum < 1)	289: if (empty($topics) \|\| $move_to_forum < 1)
284: message($lang_common['Bad request']);	290: message($lang_common['Bad request']);
285:	291:
345: <br /><select name="move_to_forum">	351: <br /><select name="move_to_forum">
346: <?php	352: <?php
347:	353:
348: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());	354: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['group_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
349:	355:
350: $cur_category = 0;	356: $cur_category = 0;
351: while ($cur_forum = $db->fetch_assoc($result))	357: while ($cur_forum = $db->fetch_assoc($result))
394: {	400: {
395: confirm_referrer('moderate.php');	401: confirm_referrer('moderate.php');
396:	402:
	403: if (preg_match('/[^0-9,]/', $topics))
	404: message($lang_common['Bad request']);
	405:
397: require PUN_ROOT.'include/search_idx.php';	406: require PUN_ROOT.'include/search_idx.php';
398:	407:
399: // Delete the topics and any redirect topics	408: // Delete the topics and any redirect topics
459: {	468: {
460: confirm_referrer('moderate.php');	469: confirm_referrer('moderate.php');
461:	470:
462: $topics = isset($_POST['topics']) ? $_POST['topics'] : array();	471: $topics = isset($_POST['topics']) ? @array_map('intval', @array_keys($_POST['topics'])) : array();
463: if (empty($topics))	472: if (empty($topics))
464: message($lang_misc['No topics selected']);	473: message($lang_misc['No topics selected']);
465:	474:

punbb-1.2.1/upload/post.php	punbb-1.2.4/upload/post.php
207:	207:
208: update_forum($cur_posting['id']);	208: update_forum($cur_posting['id']);
209:	209:
210:	210: // Should we send out notifications?
211: // Get the post time for the previous post in this topic	211: if ($pun_config['o_subscriptions'] == '1')
212: $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
213: $previous_post_time = $db->result($result);
214:
215: // Get any subscribed users that should be notified (banned users are excluded)
216: $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
217: if ($db->num_rows($result))
218: {	212: {
219: require_once PUN_ROOT.'include/email.php';	213: // Get the post time for the previous post in this topic
	214: $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
	215: $previous_post_time = $db->result($result);
	216:
	217: // Get any subscribed users that should be notified (banned users are excluded)
	218: $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
	219: if ($db->num_rows($result))
	220: {
	221: require_once PUN_ROOT.'include/email.php';
220:	222:
221: $notification_emails = array();	223: $notification_emails = array();
222:	224:
223: // Loop through subscribed users and send e-mails	225: // Loop through subscribed users and send e-mails
224: while ($cur_subscriber = $db->fetch_assoc($result))	226: while ($cur_subscriber = $db->fetch_assoc($result))
225: {
226: // Is the subscription e-mail for $cur_subscriber['language'] cached or not?
227: if (!isset($notification_emails[$cur_subscriber['language']]))
228: {	227: {
229: if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))	228: // Is the subscription e-mail for $cur_subscriber['language'] cached or not?
	229: if (!isset($notification_emails[$cur_subscriber['language']]))
230: {	230: {
231: // Load the "new reply" template	231: if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
232: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));	232: {
233:	233: // Load the "new reply" template
234: // Load the "new reply full" template (with post included)	234: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));
235: $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));	235:
	236: // Load the "new reply full" template (with post included)
	237: $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));
	238:
	239: // The first row contains the subject (it also starts with "Subject:")
	240: $first_crlf = strpos($mail_tpl, "\n");
	241: $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
	242: $mail_message = trim(substr($mail_tpl, $first_crlf));
	243:
	244: $first_crlf = strpos($mail_tpl_full, "\n");
	245: $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
	246: $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
	247:
	248: $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
	249: $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
	250: $mail_message = str_replace('<replier>', $username, $mail_message);
	251: $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
	252: $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
	253: $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
	254:
	255: $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
	256: $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
	257: $mail_message_full = str_replace('<replier>', $username, $mail_message_full);
	258: $mail_message_full = str_replace('<message>', $message, $mail_message_full);
	259: $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
	260: $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
	261: $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
	262:
	263: $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
	264: $notification_emails[$cur_subscriber['language']][1] = $mail_message;
	265: $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
	266: $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
236:	267:
237: // The first row contains the subject (it also starts with "Subject:")	268: $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
238: $first_crlf = strpos($mail_tpl, "\n");	269: }
239: $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
240: $mail_message = trim(substr($mail_tpl, $first_crlf));
241:
242: $first_crlf = strpos($mail_tpl_full, "\n");
243: $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
244: $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
245:
246: $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
247: $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
248: $mail_message = str_replace('<replier>', $username, $mail_message);
249: $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
250: $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
251: $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
252:
253: $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
254: $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
255: $mail_message_full = str_replace('<replier>', $username, $mail_message_full);
256: $mail_message_full = str_replace('<message>', $message, $mail_message_full);
257: $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
258: $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
259: $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
260:
261: $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
262: $notification_emails[$cur_subscriber['language']][1] = $mail_message;
263: $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
264: $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
265:
266: $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
267: }	270: }
268: }
269:	271:
270: // We have to double check here because the templates could be missing	272: // We have to double check here because the templates could be missing
271: if (isset($notification_emails[$cur_subscriber['language']]))	273: if (isset($notification_emails[$cur_subscriber['language']]))
272: {	274: {
273: if ($cur_subscriber['notify_with_post'] == '0')	275: if ($cur_subscriber['notify_with_post'] == '0')
274: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);	276: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
275: else	277: else
276: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);	278: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
	279: }
277: }	280: }
278: }	281: }
279: }	282: }

punbb-1.2.1/upload/register.php	punbb-1.2.4/upload/register.php
180: $password_hash = pun_hash($password1);	180: $password_hash = pun_hash($password1);
181:	181:
182: // Add the user	182: // Add the user
183: $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$language.'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());	183: $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
184: $new_uid = $db->insert_id();	184: $new_uid = $db->insert_id();
185:	185:
186:	186:

punbb-1.2.1/upload/userlist.php	punbb-1.2.4/upload/userlist.php
116: $where_sql[] = 'u.group_id='.$show_group;	116: $where_sql[] = 'u.group_id='.$show_group;
117:	117:
118: // Fetch user count	118: // Fetch user count
119: $result = $db->query('SELECT COUNT(id)-1 FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());	119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
120: $num_users = $db->result($result);	120: $num_users = $db->result($result);
121:	121:
122:	122:
154: <?php	154: <?php
155:	155:
156: // Grab the users	156: // Grab the users
157: $result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());	157: $result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());
158: if ($db->num_rows($result))	158: if ($db->num_rows($result))
159: {	159: {
160: while ($user_data = $db->fetch_assoc($result))	160: while ($user_data = $db->fetch_assoc($result))

hdiff - version: 2.1.0 (modified)

punbb-1.2.1/upload/profile.php	punbb-1.2.4/upload/profile.php
59: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());	59: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
60: list($new_password_hash, $new_password_key) = $db->fetch_row($result);	60: list($new_password_hash, $new_password_key) = $db->fetch_row($result);
61:	61:
62: if ($key != $new_password_key)	62: if ($key == '' \|\| $key != $new_password_key)
63: message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');	63: message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
64: else	64: else
65: {	65: {
223: }	223: }
224:	224:
225: // Check if someone else already has registered with that e-mail address	225: // Check if someone else already has registered with that e-mail address
226: $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$new_email.'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	226: $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
227: if ($db->num_rows($result))	227: if ($db->num_rows($result))
228: {	228: {
229: if ($pun_config['p_allow_dupe_email'] == '0')	229: if ($pun_config['p_allow_dupe_email'] == '0')
243:	243:
244: $new_email_key = random_pass(8);	244: $new_email_key = random_pass(8);
245:	245:
246: $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$new_email.'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());	246: $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
247:	247:
248: // Load the "activate e-mail" template	248: // Load the "activate e-mail" template
249: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl'));	249: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl'));
711: {	711: {
712: $form = extract_elements(array('realname', 'url', 'location'));	712: $form = extract_elements(array('realname', 'url', 'location'));
713:	713:
714: if ($pun_user['g_id'] < PUN_GUEST)	714: if ($pun_user['g_id'] == PUN_ADMIN)
715: $form['title'] = trim($_POST['title']);	715: $form['title'] = trim($_POST['title']);
716: else if ($pun_user['g_set_title'] == '1')	716: else if ($pun_user['g_set_title'] == '1')
717: {	717: {
819: // Singlequotes around non-empty values and NULL for empty values	819: // Singlequotes around non-empty values and NULL for empty values
820: while (list($key, $input) = @each($form))	820: while (list($key, $input) = @each($form))
821: {	821: {
822: $value = ($input != '') ? '\''.$db->escape($input).'\'' : 'NULL';	822: $value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL';
823:	823:
824: $temp[] = $key.'='.$value;	824: $temp[] = $key.'='.$value;
825: }	825: }
966: <div class="infldset">	966: <div class="infldset">
967: <dl>	967: <dl>
968: <dt><?php echo $lang_profile['Jabber'] ?>: </dt>	968: <dt><?php echo $lang_profile['Jabber'] ?>: </dt>
969: <dd><?php echo ($user['jabber'] !='') ? $user['jabber'] : $lang_profile['Unknown']; ?></dd>	969: <dd><?php echo ($user['jabber'] !='') ? pun_htmlspecialchars($user['jabber']) : $lang_profile['Unknown']; ?></dd>
970: <dt><?php echo $lang_profile['ICQ'] ?>: </dt>	970: <dt><?php echo $lang_profile['ICQ'] ?>: </dt>
971: <dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd>	971: <dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd>
972: <dt><?php echo $lang_profile['MSN'] ?>: </dt>	972: <dt><?php echo $lang_profile['MSN'] ?>: </dt>
1182: }	1182: }
1183: else if ($section == 'personal')	1183: else if ($section == 'personal')
1184: {	1184: {
1185: if ($pun_user['g_set_title'] == '1' \|\| $pun_user['g_id'] < PUN_GUEST)	1185: if ($pun_user['g_set_title'] == '1')
1186: $title_field = '<label>'.$lang_common['Title'].'  (<em>'.$lang_profile['Leave blank'].'</em>)<br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n";	1186: $title_field = '<label>'.$lang_common['Title'].'  (<em>'.$lang_profile['Leave blank'].'</em>)<br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n";
1187:	1187:
1188: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];	1188: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];