4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 25, 2014, 05:43:45 AM

Login with username, password and session length
Search:     Advanced search
Follow 4images on twitter: Click here to follow!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  News & Announcements
| | |-+  4images 1.7.10
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: 4images 1.7.10  (Read 71592 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1376

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« on: May 01, 2011, 11:12:19 PM »

Deutsch Die neue Version 4images 1.7.10 wurde veröffentlicht. Das Release bringt neue Funktionen, Detailverbesserungen, behebt bugs und sicherheitsrelevante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

English The new version 4images 1.7.10 has been released. This release comes with some improvements, bugfixes, security fixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.10 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.10 version.
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1376

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« Reply #1 on: May 01, 2011, 11:22:15 PM »

=========================================================
ChangeLog Version 1.7.10
=========================================================
- [1.7 - 1.7.9] Security fix for Multiple Path disclousure (http://www.4homepages.de/forum/index.php?topic=29470.0)
- [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php (http://www.4homepages.de/forum/index.php?topic=29469.0)
- [1.7 - 1.7.9] Security fix for path disclosure in paging.php (http://www.4homepages.de/forum/index.php?topic=28481.0)
- [1.7 - 1.7.9] Security fix for input validation error (http://www.4homepages.de/forum/index.php?topic=29504.0)
- [1.7.7 - 1.7.9] Fixed {categories},{details},{index},{lightbox},etc tags don't work (http://www.4homepages.de/forum/index.php?topic=28321.0)
- [1.7.9] Fixed DB Error: Bad SQL Query: INSERT INTO 4images_wordmatch (image_id, ... (http://www.4homepages.de/forum/index.php?topic=28430.0)
- Improved password encryption using salted hashes (new file includes/security_utils.php)
- New Version of Rebuild Search Index Plugin (http://www.4homepages.de/forum/index.php?topic=6718.0)
- Added settings to define type of indexing of fields (fulltext, keywords, phrase)
- Fixed search in additional fields
- Fixed wrong width in error.html template
- Fixed issue calculating ExposureTime in EXIF data
- Fixed orphan search words are not deleted correctly if multiple image ids are passed to remove_searchwords()
- Minor fixes in text fixes in lang/deutsch/admin.php
- Changed default settings for CAPTCHA


Neue Dateien / New Files:
---------------------------------------
admin/plugins/rebuild_searchindex.php
includes/security_utils.php


Geänderte Dateien / Changed Files:
---------------------------------------
global.php
download.php
install.php
lightbox.php
member.php
register.php
search.php
admin/categories.php
admin/checkimages.php
admin/images.php
admin/thumbnailer.php
admin/users.php
admin/validateimages.php
includes/constants.php
includes/csrf_utils.php
includes/functions.php
includes/page_header.php
includes/paging.php
includes/session.php


Sprache / Language:
---------------------------------------
admin.php
« Last Edit: May 20, 2011, 08:36:04 AM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1376

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« Reply #2 on: May 06, 2011, 03:37:02 PM »

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)




1.) copy the "rebuild_searchindex.php from the attachment in "admin/plugin" folder"

2.) search in admin/categories.php 2x:
1
2
3
4
5
6
7
8
9
  $auth_viewcat $HTTP_POST_VARS['auth_viewcat'];
  
$auth_viewimage $HTTP_POST_VARS['auth_viewimage'];
  
$auth_download $HTTP_POST_VARS['auth_download'];
  
$auth_upload $HTTP_POST_VARS['auth_upload'];
  
$auth_directupload $HTTP_POST_VARS['auth_directupload'];
  
$auth_vote $HTTP_POST_VARS['auth_vote'];
  
$auth_sendpostcard $HTTP_POST_VARS['auth_sendpostcard'];
  
$auth_readcomment $HTTP_POST_VARS['auth_readcomment'];
  
$auth_postcomment $HTTP_POST_VARS['auth_postcomment'];
and replace 2x:
1
2
3
4
5
6
7
8
9
  $auth_viewcat intval($HTTP_POST_VARS['auth_viewcat']);
  
$auth_viewimage intval($HTTP_POST_VARS['auth_viewimage']);
  
$auth_download intval($HTTP_POST_VARS['auth_download']);
  
$auth_upload intval($HTTP_POST_VARS['auth_upload']);
  
$auth_directupload intval($HTTP_POST_VARS['auth_directupload']);
  
$auth_vote intval($HTTP_POST_VARS['auth_vote']);
  
$auth_sendpostcard intval($HTTP_POST_VARS['auth_sendpostcard']);
  
$auth_readcomment intval($HTTP_POST_VARS['auth_readcomment']);
  
$auth_postcomment intval($HTTP_POST_VARS['auth_postcomment']);

3.) search and remove in admin/checkimages.php:
1
2
3
                            if ($image_column == 'image_keywords') {
                              
$search_words[$image_column] = explode(','$search_words[$image_column]);
                            }

4.) search and remove in admin/images.php:
1
2
3
          if ($image_column == 'image_keywords') {
            
$search_words[$image_column] = explode(','$search_words[$image_column]);
          }

5.) search in admin/thumbnailer.php:
1
2
3
4
5
        if (create_thumbnail(MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], $quality$dimension$resize_type)) {
          
$sql "UPDATE ".IMAGES_TABLE."
                  SET image_thumb_file = '"
.addslashes($image_cache[$key]['image_media_file'])."'
                  WHERE image_id = 
$key";
          
$site_db->query($sql);
and replace:
1
2
3
4
5
6
7
8
9
10
11
12
13
        if (is_remote($image_cache[$key]['image_media_file'])) {
          
$src $image_cache[$key]['image_media_file'];
          
$dest create_unique_filename(THUMB_PATH."/".$image_cache[$key]['cat_id'], filterFileName($image_cache[$key]['image_media_file']));
        } else {
          
$src MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'];
          
$dest $image_cache[$key]['image_media_file'];
        }

        if (
create_thumbnail($srcTHUMB_PATH."/".$image_cache[$key]['cat_id']."/".$dest$quality$dimension$resize_type)) {
          
$sql "UPDATE ".IMAGES_TABLE."
                  SET image_thumb_file = '"
.addslashes($dest)."'
                  WHERE image_id = 
$key";
          
$site_db->query($sql);
5.1) search:
1
2
      if ((!file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']) || $image_row['image_thumb_file'] == "") && file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'])) {
        
$image_info getimagesize(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
and replace:
1
2
3
4
5
6
7
8
9
10
11
12
      if ($image_row['image_thumb_file'] == "") {
        
$exists false;
      } else {
        if (
is_remote($image_row['image_thumb_file'])) {
          
$exists true;
        } else {
          
$exists file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
        }
      }
      if (!
$exists && (file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']) || is_remote($image_row['image_media_file']))) {
        
$src is_remote($image_row['image_media_file']) ? $image_row['image_media_file'] : MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'];
        
$image_info getimagesize($src);

6.) search in admin/users.php:
1
    $passinsert = ($user_password != "") ? " ".get_user_table_field("""user_password")." = '".md5($user_password)."'," "";
replace:
1
    $passinsert = ($user_password != "") ? " ".get_user_table_field("""user_password")." = '".salted_hash($user_password)."'," "";
6.1) search:
1
      $user_password md5(trim($HTTP_POST_VARS['user_password_'.$i]));
replace:
1
      $user_password trim($HTTP_POST_VARS['user_password_'.$i]);
6.2) search:
1
2
3
4
5
6
      //(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
      
$sql "INSERT INTO ".USERS_TABLE."
              ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
              VALUES
              (
$user_id$user_level, '$user_name', '$user_password', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

replace:
1
2
3
4
5
6
      $user_password_hashed salted_hash($user_password);
      
//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
      
$sql "INSERT INTO ".USERS_TABLE."
              ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
              VALUES
              (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";


7.) search and remove in admin/validateimages.php:
1
2
3
                if ($image_column == 'image_keywords') {
                  
$search_words[$image_column] = explode(','$search_words[$image_column]);
                }


* rebuild_searchindex.php (11.61 KB - downloaded 83 times.)
« Last Edit: May 09, 2011, 08:43:36 AM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1376

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« Reply #3 on: May 06, 2011, 03:39:03 PM »

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)




8.) search in includes/constants.php:
1
define('GROUPTYPE_SINGLE'2);
insert below:
1
2
3
// Password
define('PASSWORD_HASH_ALGO''md5');
define('PASSWORD_SALT_LENGTH'9);
8.1) search:
1
define('SCRIPT_VERSION''1.7.9');
replace:
1
define('SCRIPT_VERSION''1.7.10');

9.) search in includes/csrf_utils.php:
1
            if ($token !== (string) $HTTP_POST_VARS[$csrf_protection_name]) {
replace:
1
            if (!secure_compare($token, (string) $HTTP_POST_VARS[$csrf_protection_name])) {

10.) search in includes/functions.php:
1
2
3
4
5
6
7
8
9
10
11
        elseif ( $key == "ExposureTime" ) {
            
$ExposureTime explode("/"$exif_info);
            if ( 
$ExposureTime[0] == && $ExposureTime[1] == ){
                
$exif_array[$exif_match[$key]] = $ExposureTime[1]." sec(s)";
            } elseif ( 
$ExposureTime[0] == ) {
                
$exif_array[$exif_match[$key]] = "1/".($ExposureTime[1] * $ExposureTime[0])." sec(s)";
            } elseif ( 
$ExposureTime[1] > ) {
                
$exif_array[$exif_match[$key]] = ($ExposureTime[0]/$ExposureTime[1])." sec(s)";
            } elseif( 
$ExposureTime[1] == ) {
                
$exif_array[$exif_match[$key]] = ($ExposureTime[0] * $ExposureTime[1])." sec(s)";
            }
replace:
1
2
3
4
5
6
7
8
9
10
11
12
        elseif ($key == "ExposureTime") {
          
$ExposureTime explode("/"$exif_info);
          if ((float)
$ExposureTime[1] == 0) {
            
$exif_array[$exif_match[$key]] = "0 sec(s)";
          }
          elseif ((
$ExposureTime[0]/$ExposureTime[1]) >= 0.3) {
            
$exif_array[$exif_match[$key]] = round(($ExposureTime[0]/$ExposureTime[1]),1)." sec(s)";
          }
          else {
            
$exif_array[$exif_match[$key]] = "1/".round((1/($ExposureTime[0]/$ExposureTime[1])),0)." sec(s)";
          }
       }
10.1) search:
1
      $keywords .= (($keywords != "" ) ? ", " "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($val))."\">".format_text($val2)."</a>";
replace:
1
2
3
4
5
      $url_val $val;
      if (
preg_match('/[^a-z0-9]+/i'$url_val)) {
        
$url_val '"' $url_val '"';
      }
      
$keywords .= (($keywords != "" ) ? ", " "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($url_val))."\">".format_text($val2)."</a>";
10.2) search:
insert above:
1
2
3
4
5
6
7
8
9
10
11
12
function create_unique_filename($base$file)
{
  
$ext get_file_extension($file);
  
$name get_file_name($file);
  
$n 2;
  
$copy "";
  while (
file_exists($base."/".$name.$copy.".".$ext)) {
    
$copy "_".$n;
    
$n++;
  }
  return 
$name.$copy.".".$ext;
}

11.) search in includes/page_header.php:
1
2
$file get_file_name(basename(MAIN_SCRIPT));
$array = array(
insert below:
1
2
3
4
5
6
7
8
9
10
11
    "page_categories" => false,
    
"page_details"    => false,
    
"page_index"      => false,
    
"page_lightbox"   => false,
    
"page_member"     => false,
    
"page_postcards"  => false,
    
"page_register"   => false,
    
"page_search"     => false,
    
"page_top"        => false,

    
// Backwards compatibility
11.1) search:
1
  $array[$file] = true;
insert below:
1
2
3
}
if (isset(
$array["page_" $file])) {
  
$array["page_" $file] = true;
11.2) search:
1
  $cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
replace:
1
  $cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" "stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
11.3) search:
1
      setcookie($cookie_name.'rated'serialize($cookie_rated), $cookie_expireCOOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);
replace:
1
      setcookie($cookie_name.'rated'implode(" "$cookie_rated), $cookie_expireCOOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);

12.) search in includes/paging.php
1
2
3
4
5
6
7
8
9
    $this->page $page;
    
$this->perpage $perpage;
    
$this->num_rows_all $num_rows_all;

    if (!isset(
$this->page) || !intval($this->page)) {
      
$this->page 1;
    }
    if (!
$this->num_rows_all) {

replace:
1
2
3
4
5
6
7
8
9
10
11
    $this->page intval($page);
    
$this->perpage intval($perpage);
    
$this->num_rows_all intval($num_rows_all);

    if (
$this->page <= 0) {
      
$this->page 1;
    }
    if (
$this->perpage <= 0) {
      
$this->perpage 1;
    }
    if (
$this->num_rows_all <= 0) {

13.) copy the "search_utils.php" from the attachment in your "includes" folder:

14.) copy the "security_utils.php" from the attachment in your "includes" folder.

15.) search in includes/session.php:
1
2
      if ($this->read_cookie_data("userpass") == $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
        
$this->set_cookie_data("userpass"$this->user_info['user_password']);
replace:
1
2
      if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
        
$this->set_cookie_data("userpass"md5($this->user_info['user_password']));
15.1) search and remove:
1
        $user_password md5($user_password);
15.2) search:
1
      if ($row[$user_table_fields['user_password']] == $user_password) {
replace:
1
      if (compare_passwords($user_password$row[$user_table_fields['user_password']])) {
15.3) search:
1
          $this->set_cookie_data("userpass", ($auto_login) ? $user_password "");
replace:
1
          $this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : "");

* search_utils.php (12.07 KB - downloaded 53 times.)
* security_utils.php (3.06 KB - downloaded 49 times.)
« Last Edit: June 15, 2011, 06:02:52 PM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1376

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« Reply #4 on: May 06, 2011, 03:39:41 PM »

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)




16.) search in lang/admin.php (deutsch)
1
2
$lang['cni_iptc_description'] = "Verwenden Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwenden Schlüsselwörter aus IPTC Daten:";
replace:
1
2
$lang['cni_iptc_description'] = "Verwende Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwende Schlüsselwörter aus IPTC Daten:";
16.1) search:
1
$lang['cni_big_folder'] = "Ordnername in welchen das Originalbild gespeicher werden soll:";
replace:
1
$lang['cni_big_folder'] = "Ordnername in denen das Originalbild gespeichert werden soll:";

17.) search in root/download.php
1
$file = array();
insert below:
1
2
$file_path null;
$file_name null;
17.1) search:
1
    while ($image_row $site_db->fetch_array($result)) {
insert below:
1
2
      $file_path null;
      
$file_name null;

18.)
search in root/global:
1
$cat_cache = array();
insert above:
1
2
$search_match_fields null;
$search_index_types null;
18.1) search:
1
2
$captcha_chars               "abcdefghijklmnopqrstuvwxyz1234567890";
$captcha_length              5;
replace:
1
2
$captcha_chars               "abcdefghijklmnopqrstuvwxyz123456789";
$captcha_length              6;
18.2) search:
1
2
$captcha_text_size           25;
$captcha_text_transparency   60;
replace:
1
2
$captcha_text_size           20;
$captcha_text_transparency   50;
18.3) search:
1
  $action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim($HTTP_POST_VARS['action'])) : stripslashes(trim($HTTP_GET_VARS['action']));
replace:
1
  $action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim((string)$HTTP_POST_VARS['action'])) : stripslashes(trim((string)$HTTP_GET_VARS['action']));
18.4) search:
1
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
replace:
1
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : stripslashes(trim((string)$HTTP_GET_VARS['mode']));
18.5) search:
1
  $search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
replace:
1
  $search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim((string)$HTTP_POST_VARS['search_keywords']) : trim((string)$HTTP_GET_VARS['search_keywords']);
18.6) search:
1
  $search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
replace:
1
  $search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim((string)$HTTP_POST_VARS['search_user']) : trim((string)$HTTP_GET_VARS['search_user']);
18.7) search:
1
2
//-----------------------------------------------------
//--- Cache -------------------------------------------
insert above:
1
2
3
4
//-----------------------------------------------------
//--- Security ----------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/security_utils.php');

19.) search in root/install.php
1
2
3
4
5
      $admin_pass_md5 md5($admin_password);
      
$current_time time();
      
$sql "UPDATE ".$table_prefix."users
              SET user_name = '
$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
              WHERE user_name = 'admin'"
;
replace:
1
2
3
4
5
6
7
      include(ROOT_PATH.'includes/security_utils.php');

      
$admin_pass_hashed salted_hash($admin_password);
      
$current_time time();
      
$sql "UPDATE ".$table_prefix."users
              SET user_name = '
$admin_user', user_password = '$admin_pass_hashed', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
              WHERE user_name = 'admin'"
;

20.) search in root/lightbox.php
1
define('ROOT_PATH''./');
insert below:
1
define('MAIN_SCRIPT'__FILE__);

21.) search and remove in root/member.php 2x:
1
2
3
          if ($image_column == 'image_keywords') {
            
$search_words[$image_column] = explode(','$search_words[$image_column]);
          }
21.1) search:
1
2
3
4
5
6
7
8
    elseif ($config['auto_thumbnail'] == && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
      if (
$direct_upload) {
        
$src MEDIA_PATH."/".$cat_id."/".$new_name;
        
$dest THUMB_PATH."/".$cat_id."/".$new_name;
      }
      else {
        
$src MEDIA_TEMP_PATH."/".$new_name;
        
$dest THUMB_TEMP_PATH."/".$new_name;
replace:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
    elseif ($config['auto_thumbnail'] == && !empty($new_name) && !$uploaderror && ((!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") || is_remote($new_name))) {
      if (
$direct_upload) {
        if (
is_remote($new_name)) {
          
$src $new_name;
          
$thumb create_unique_filename(THUMB_PATH."/".$cat_idfilterFileName($new_name));
        } else {
          
$src MEDIA_PATH."/".$cat_id."/".$new_name;
          
$thumb $new_name;
        }
        
$dest THUMB_PATH."/".$cat_id."/".$thumb;
      }
      else {
        if (
is_remote($new_name)) {
          
$src $new_name;
          
$thumb create_unique_filename(THUMB_TEMP_PATHfilterFileName($new_name));
        } else {
          
$src MEDIA_TEMP_PATH."/".$new_name;
          
$thumb $new_name;
        }
        
$dest THUMB_TEMP_PATH."/".$thumb;
21.2) search:
1
            $new_thumb_name $new_name;
replace:
1
            $new_thumb_name $thumb;
21.3) search:
1
2
3
4
5
6
      mt_srand((double) microtime() * 1000000);
      
$puddle 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
      
$user_password "";
      for (
$i 0$i 8$i++) {
        
$user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
      }
replace:
1
2
      $user_password random_string(8);
      
$user_password_hashed salted_hash($user_password);
21.4) search:
1
2
              SET ".get_user_table_field("", "user_password")." '".md5($user_password)."'
              
WHERE ".get_user_table_field("", "user_id")." ".$checkuser[$user_table_fields['user_id']];
replace:
1
2
              SET ".get_user_table_field("", "user_password")." '".$user_password_hashed."'
              
WHERE ".get_user_table_field("", "user_id")." ".$checkuser[$user_table_fields['user_id']];
21.5) search:
1
  $current_user_password md5(trim($HTTP_POST_VARS['current_user_password']));
replace:
1
  $current_user_password trim($HTTP_POST_VARS['current_user_password']);
21.6) search:
1
  if ($current_user_password != $user_info['user_password']) {
replace:
1
  if (!compare_passwords($current_user_password$user_info['user_password'])) {
21.7) search:
1
2
3
    $sql "UPDATE ".USERS_TABLE."
            SET "
.get_user_table_field("""user_password")." = '".md5($user_password)."'
            WHERE "
.get_user_table_field("""user_id")." = ".$user_info['user_id'];
replace:
1
2
3
4
    $user_password_hashed salted_hash($user_password);
    
$sql "UPDATE ".USERS_TABLE."
            SET "
.get_user_table_field("""user_password")." = '".$user_password_hashed."'
            WHERE "
.get_user_table_field("""user_id")." = ".$user_info['user_id'];

22.) search in root/register.php
1
2
3
4
    $sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
replace:
1
2
3
4
5
    $user_password_hashed salted_hash($user_password);
    
$sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

23.) search in root/search.php:
1
  $split_words prepare_searchwords($search_keywordstrue);
replace:
1
  $split_words prepare_searchwords_for_search($search_keywords);
23.1) search:
1
2
3
      $sql "SELECT m.image_id
              FROM ("
.WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
              WHERE w.word_text LIKE '"
.addslashes(str_replace("*""%"$split_words[$i]))."'
replace:
1
2
3
4
5
6
7
8
9
10
11
12
13
      $curr_words $split_words[$i];
      if (!
is_array($curr_words)) {
          
$curr_words = array($curr_words);
      }

      
$where = array();
      foreach (
$curr_words as $curr_word) {
          
$where[] = "w.word_text LIKE '".addslashes(str_replace("*""%"$curr_word))."'";
      }
 
      
$sql "SELECT m.image_id
              FROM ("
.WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
              WHERE (" 
implode(' OR '$where) . ")
« Last Edit: May 06, 2011, 04:52:18 PM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.209 seconds with 19 queries.
Post your comments here