1 (edited by Sirenic 2008-12-17 13:22)

Topic: FORUM_ROOT?? :s

The constant FORUM_ROOT must be defined and point to a valid PunBB installation root directory.

I have a secondary "Register" link on my forums.

I host a game, and when they Register it makes a game account.

I am not sure what that error means.

I can't even access my /highscores.php file either, says the same thing.

D;

Everything I've added from my old forums (1.2.17) then I move to 1.3.2 and it's all blah.

-- EDIT -- Been looking into it and my guess is...

(Here's some of my profile addon file)

<?php

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';

if($pun_user['is_guest'])
    message($lang_common['No permission']);

// Load the register.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';

// Load the register.php/profile.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';

$action = isset($_GET['action']) ? $_GET['action'] : null;

if ($action == 'delete') {
    $id = trim($_GET['user']);
    if (!ctype_digit($id)) {
      message($lang_common['Bad request']);
      }
    $result = $db->query('SELECT * FROM '.$db->prefix.'rscd_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
    if(!$db->num_rows($result))
        message($lang_common['Bad request']);
    
    $user = $db->fetch_assoc($result);
    
    if($pun_user['g_id'] != PUN_ADMIN)
        message($lang_common['No permission']);
    
    if(isset($_POST['form_sent'])) {
              $db->query('DELETE FROM '.$db->prefix.'rscd_curstats WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_curstats', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_experience WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_experience', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_friends WHERE `user`=\''.$db->escape($id).'\' OR `friend`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_friends', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_ignores WHERE `user`=\''.$db->escape($id).'\' OR `ignore`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_ignores', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_invitems WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_invitems', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_players WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_players', __FILE__, __LINE__, $db->error());
              $db->query('DELETE FROM '.$db->prefix.'rscd_reports WHERE `from`=\''.$db->escape($id).'\' OR `about`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_reports', __FILE__, __LINE__, $db->error());
              
              logoutuser($id);
              
              redirect('profile.php?section=rscd&id='.$user['owner'], 'Player deleted');
          }
          
    $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Confirm Delete';
    require PUN_ROOT.'header.php';
?>
<div class="blockform">
    <h2><span>Confirm Delete</span></h2>
    <div class="box">
        <form action="rscd.php?action=delete&user=<?php echo pun_htmlspecialchars($id); ?>" method="POST">
            <div class="inform">
                <fieldset>
                    <input type="hidden" name="form_sent" value="1" />
                    <legend>Delete Player</legend>
                    <div class="infldset" style="text-align:center">
                        <p><input type="submit" name="delete" value="Confirm Delete" style="width:200px" /></p>
                            <p>Please confirm you wish to delete the player "<?php echo pun_htmlspecialchars($user['username']); ?>". <b>This action is not reversible!</b></p>
                    </div>
                </fieldset>
            </div>
        </form>
    </div>
</div>
<?php
    require PUN_ROOT.'footer.php';
          
}
else if ($action == 'change_pass') {
    $id = trim($_GET['user']);
     if (!ctype_digit($id)) {
    message($lang_common['Bad request']);
    }
    
    $result = $db->query('SELECT * FROM '.$db->prefix.'rscd_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
    if(!$db->num_rows($result))
        message($lang_common['Bad request']);
    
    $user = $db->fetch_assoc($result);
    
    if($user['owner'] != $pun_user['id'] && $pun_user['g_id'] != PUN_ADMIN)
        message($lang_common['No permission']);
    
    if(isset($_POST['form_sent'])) {
        $password1 = trim($_POST['req_password1']);
        $password2 = trim($_POST['req_password2']);
        
        if (strlen($password1) < 4)
            message($lang_prof_reg['Pass too short']);
        else if ($password1 != $password2)
            message($lang_prof_reg['Pass not match']);
        
        if($pun_user['g_id'] != PUN_ADMIN) {
            $old_password = md5(pun_trim($_POST['old_password']));
            
            $result = $db->query('SELECT 1 FROM '.$db->prefix.'rscd_players WHERE `user`=\''.$id.'\' AND `pass`=\''.$old_password.'\'') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
            if(!$db->num_rows($result)) {
                message('The provided password does not match!');
            }
        }
        
        $db->query('UPDATE '.$db->prefix.'rscd_players SET pass=\''.md5($password1).'\' WHERE user=\''.$id.'\'') or error('Unable to update players password', __FILE__, __LINE__, $db->error());
        
        redirect('profile.php?section=rscd&id='.$user['owner'], 'Password updated');
    }
    
    $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Change Password';
    $required_fields = array('req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
    $focus_element = array('register', 'req_password1');
    require PUN_ROOT.'header.php';

?>
<div class="blockform">
    <h2><span>Change Password</span></h2>
    <div class="box">
        <form id="register" method="post" action="rscd.php?action=change_pass&amp;user=<?php echo $id; ?>" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
            <div class="inform">
                <fieldset>
                    <legend>Please enter and confirm your new password</legend>
                    <div class="infldset">
                        <input type="hidden" name="form_sent" value="1" />
<?php if($pun_user['g_id'] != PUN_ADMIN): ?>                        <label class="conl"><strong>Old Password</strong><br /><input type="password" name="old_password" size="16" maxlength="16" /><br /></label>
<?php endif; ?>                        <label class="conl"><strong>New Password</strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
                        <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
                        <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="change_pass" value="Change Password" /></p>
        </form>
    </div>
</div>
<?php

    require PUN_ROOT.'footer.php';
    
}
else if ($action == 'register') {
    // Load the register.php language file
    require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
    
    if(isset($_GET['cancel']))
        redirect('index.php', $lang_register['Reg cancel redirect']);
    else if($pun_config['o_rscd_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent'])) {
        
        $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Register'];
        require PUN_ROOT.'header.php';
        
    
?>
<div class="blockform">
    <h2><span>Project F2P Rules</span></h2>
    <div class="box">
        <form method="get" action="rscd.php">
            <div class="inform">
                <input type="hidden" name="action" value="register" />
                <fieldset>
                    <legend><?php echo $lang_register['Rules legend'] ?></legend>
                    <div class="infldset">
                        <p><?php echo $pun_config['o_rscd_rules_message'] ?></p>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
        </form>
    </div>
</div>
<?php

        require PUN_ROOT.'footer.php';
    }
    else if (isset($_POST['form_sent'])) {
        $username = pun_trim($_POST['req_username']);
        $password1 = trim($_POST['req_password1']);
        $password2 = trim($_POST['req_password2']);
        
        $username_hash = encode_username($username);
        $username = decode_username($username_hash);
        
        // Validate username and passwords
        if (!$username_hash)
            message('Invalid username');
        else if (strlen($username) < 2)
            message($lang_prof_reg['Username too short']);
        else if (pun_strlen($username) > 12)    // This usually doesn't happen since the form element only accepts 12 characters
            message($lang_common['Bad request']);
        else if (strlen($password1) < 4)
            message($lang_prof_reg['Pass too short']);
        else if (pun_strlen($password1) > 16)    // This usually doesn't happen since the form element only accepts 16 characters
            message($lang_common['Bad request']);
        else if ($password1 != $password2)
            message($lang_prof_reg['Pass not match']);
        else if (preg_match('/^Mod\s+/i', $username) || preg_match('/^Admin\s+/i', $username))
            message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
        
        // Check that the username (or a too similar username) is not already registered
        $result = $db->query('SELECT username FROM '.$db->prefix.'rscd_players WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/\s\s+/', ' ', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
    
        if ($db->num_rows($result))
        {
            $busy = $db->result($result);
            message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
        }
        
        $db->query('INSERT INTO '.$db->prefix.'rscd_curstats(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
        $db->query('INSERT INTO '.$db->prefix.'rscd_experience(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
        $db->query('INSERT INTO '.$db->prefix.'rscd_players(`user`, `username`, `owner`, `pass`, `creation_date`, `creation_ip`) VALUES(\''.$db->escape($username_hash).'\', \''.$db->escape($username).'\', \''.intval($pun_user['id']).'\', \''.md5($password1).'\', \''.time().'\', \''.get_remote_address().'\')') or error('Unable to fill players', __FILE__, __LINE__, $db->error());
        $db->query('INSERT INTO '.$db->prefix."rscd_invitems(`user`, `id`, `amount`, `wielded`, `slot`) VALUES
            ('".$db->escape($username_hash)."', '10', '50', '0', '0'),
            ('".$db->escape($username_hash)."', '1263', '1', '0', '1'),
            ('".$db->escape($username_hash)."', '77', '1', '0', '2')
            ") or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
        
        redirect('profile.php?section=rscd&id='.$pun_user['id'], 'Your Project F2P account has been created.');
    }
    
    $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
    $required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
    $focus_element = array('register', 'req_username');
    require PUN_ROOT.'header.php';

?>
<div class="blockform">
    <h2><span><?php echo $lang_register['Register'] ?></span></h2>
    <div class="box">
        <form id="register" method="post" action="rscd.php?action=register" onsubmit="return process_form(this);">
            <div class="inform">
                <fieldset>
                    <legend>Please enter a username between 2 and 12 characters long</legend>
                    <div class="infldset">
                        <input type="hidden" name="form_sent" value="1" />
                        <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="20" maxlength="12" /><br /></label>
                    </div>
                </fieldset>
            </div>
            <div class="inform">
                <fieldset>
                    <legend>Please enter and confirm your chosen password</legend>
                    <div class="infldset">
                        <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="20" maxlength="16" /><br /></label>
                        <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="20" maxlength="16" /><br /></label>
                        <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
        </form>
    </div>
</div>
<?php

    require PUN_ROOT.'footer.php';
    
}
else
    message($lang_common['Bad request']);





I noticed everything is pun_root and pun_user

Shouldn't I be changing these to something else?

Re: FORUM_ROOT?? :s

You should modify your code. For example

  • Replace PUN_ROOT constant with FORUM_ROOT

  • $pun_user should be $forum_user

  • $db it's $forum_db now

  • PUN_ADMIN should be FORUM_ADMIN

And some others vars and functions should be replace.

3 (edited by Sirenic 2008-12-17 14:44)

Re: FORUM_ROOT?? :s

Alright.

Is there like a huge list I can look at so I can change most of these.

It's only a few files I have created my self, so I won't be editing much.

Re: FORUM_ROOT?? :s

In vars and function prefix "pun_" should be replaced with "forum_"

5 (edited by Sirenic 2008-12-17 14:46)

Re: FORUM_ROOT?? :s

Alright.

What about this one? D:

pun_htmlspecialchars

I tryed forum_htmlspecialchars but that didn't work lol

It just gave me this error.

Fatal error: Call to undefined function forum_htmlspecialchars() in (file here) line 112

Re: FORUM_ROOT?? :s

forum_htmlencode, I think.

Re: FORUM_ROOT?? :s

forum_htmlspecialchars -> forum_htmlencode. Look at forum pages which functions is used now

Re: FORUM_ROOT?? :s

Hah..

This is alot of work.

Is there any tools that can do this for me? hmm

I'd be editing alot of files, is it erally worth it from 1.2.17 to 1.3?

Re: FORUM_ROOT?? :s

No, it's not. There is no special tools to change code from 1.2 to 1.3