• [MOD] PHPBB3 Integration v0.9 helium 4 0 5 1
Currently:  

Author Topic: [MOD] PHPBB3 Integration v0.9 helium  (Read 119169 times)

0 Members and 1 Guest are viewing this topic.

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
[MOD] PHPBB3 Integration v0.9 helium
« on: September 05, 2008, 03:27:05 AM »
Ok, since there was ALOT of problems with the previous version of this mod, i have created this new and improved version. It has been completly re-writtem and you need to undo all the steps if you installed the previous mod.

The Differences
  • Should work with all mods now, except ones that change user information as the user stuff is now delt withing PHPBB3
  • It doesnt modifie much of the 4images code, its mainly alot of additions so that 4images can "mimic" the phpbb sessions stuff

OK this has been a massive mod and taked ages, its still in beta and need you guys to help me out. Mainly with the user permissions, because i have alot of stuff disabled on my gallery im not sure they work 100% (the admin stuff is sorted so this isn't a security problem.).

Other Notes
  • Admins on PHPBB are now the admins of 4images, your old admin account is lost.
  • If admin with user_id = 1 added any images these will all say they were added by "annonymous".
  • All gallery users are lost, i sujest a mass email telling them to join the forums.
  • Any images added or comments by members of the original gallery will now display as users from the forums (most likly the wrong one)
  • Not sure what permissions mods/super mods get so info on this would help

Works with the seo mod which is the one it was most likly not too, so should be ok with most things.

demo: http://liveanime.org/gallery/index.php


Ok now the boring long part.

OPEN: gallery/includes/session.php

On a new line after <?php add



/**
*
* @package phpBB3
* @version $Id: session.php 8670 2008-06-23 14:07:24Z acydburn $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
error_reporting(E_ALL);
/**
* @ignore
*/
 
define('PHPBB_DIRECTORY''http://'.$_SERVER['SERVER_NAME'].'/forums/');
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH $_SERVER['DOCUMENT_ROOT'].'/forums/';
$phpEx 'php';
require(
$phpbb_root_path 'config.' $phpEx);
require(
$_SERVER['DOCUMENT_ROOT'].'/gallery/includes/phpbb_functions.php');
require(
$phpbb_root_path 'includes/acm/acm_file.' $phpEx);
require(
$phpbb_root_path 'includes/cache.' $phpEx);

$cache
	
	
= new 
cache();
require(
$phpbb_root_path 'includes/db/' $dbms '.' $phpEx);
$db
	
	
	
= new 
$sql_db();


/////////////////////////////////
// PHPBB3 Integration
// We need to set up a few variables first
/////////////////////////////////

$bb_config obtain_config();
$db->sql_connect($dbhost$dbuser$dbpasswd$dbname$dbportfalsedefined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK false);

/**
* Session class
* @package phpBB3
*/

class session2
{
	
var 
$cookie_data = array();
	
var 
$page = array();
	
var 
$data = array();
	
var 
$browser '';
	
var 
$forwarded_for '';
	
var 
$host '';
	
var 
$session_id '';
	
var 
$ip '';
	
var 
$load 0;
	
var 
$time_now 0;
	
var 
$update_session_page true;

	
/**
	
* Extract current session page
	
*
	
* @param string $root_path current root path (phpbb_root_path)
	
*/
	
function 
extract_current_page($root_path)
	
{
	
	
$page_array = array();

	
	
// First of all, get the request uri...
	
	
$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
	
	
$args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&'$_SERVER['QUERY_STRING']) : explode('&'getenv('QUERY_STRING'));

	
	
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
	
	
if (!
$script_name)
	
	
{
	
	
	
$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
	
	
	
$script_name = (($pos strpos($script_name'?')) !== false) ? substr($script_name0$pos) : $script_name;
	
	
	
$page_array['failover'] = 1;
	
	
}

	
	
// Replace backslashes and doubled slashes (could happen on some proxy setups)
	
	
$script_name str_replace(array('\\''//'), '/'$script_name);

	
	
// Now, remove the sid and let us get a clean query string...
	
	
$use_args = array();

	
	
// Since some browser do not encode correctly we need to do this with some "special" characters...
	
	
// " -> %22, ' => %27, < -> %3C, > -> %3E
	
	
$find = array('"'"'"'<''>');
	
	
$replace = array('%22''%27''%3C''%3E');

	
	
foreach (
$args as $key => $argument)
	
	
{
	
	
	
if (
strpos($argument'sid=') === 0)
	
	
	
{
	
	
	
	
continue;
	
	
	
}

	
	
	
$use_args[str_replace($find$replace$key)] = str_replace($find$replace$argument);
	
	
}
	
	
unset(
$args);

	
	
// The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2

	
	
// The current query string
	
	
$query_string trim(implode('&'$use_args));

	
	
// basenamed page name (for example: index.php)
	
	
$page_name basename($script_name);
	
	
$page_name urlencode(htmlspecialchars($page_name));

	
	
// current directory within the phpBB root (for example: adm)
	
	
$root_dirs explode('/'str_replace('\\''/'phpbb_realpath($root_path)));
	
	
$page_dirs explode('/'str_replace('\\''/'phpbb_realpath('./')));
	
	
$intersection array_intersect_assoc($root_dirs$page_dirs);

	
	
$root_dirs array_diff_assoc($root_dirs$intersection);
	
	
$page_dirs array_diff_assoc($page_dirs$intersection);

	
	
$page_dir str_repeat('../'sizeof($root_dirs)) . implode('/'$page_dirs);

	
	
if (
$page_dir && substr($page_dir, -11) == '/')
	
	
{
	
	
	
$page_dir substr($page_dir0, -1);
	
	
}

	
	
// Current page from phpBB root (for example: adm/index.php?i=10&b=2)
	
	
$page = (($page_dir) ? $page_dir '/' '') . $page_name . (($query_string) ? "?$query_string'');

	
	
// The script path from the webroot to the current directory (for example: /phpBB3/adm/) : always prefixed with / and ends in /
	
	
$script_path trim(str_replace('\\''/'dirname($script_name)));

	
	
// The script path from the webroot to the phpBB root (for example: /phpBB3/)
	
	
$script_dirs explode('/'$script_path);
	
	
array_splice($script_dirs, -sizeof($page_dirs));
	
	
$root_script_path implode('/'$script_dirs) . (sizeof($root_dirs) ? '/' implode('/'$root_dirs) : '');

	
	
// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
	
	
if (!
$root_script_path)
	
	
{
	
	
	
$root_script_path = ($page_dir) ? str_replace($page_dir''$script_path) : $script_path;
	
	
}

	
	
$script_path .= (substr($script_path, -11) == '/') ? '' '/';
	
	
$root_script_path .= (substr($root_script_path, -11) == '/') ? '' '/';

	
	
$page_array += array(
	
	
	
'page_name'
	
	
	
=> 
$page_name,
	
	
	
'page_dir'
	
	
	
=> 
$page_dir,

	
	
	
'query_string'
	
	
=> 
$query_string,
	
	
	
'script_path'
	
	
=> 
str_replace(' ''%20'htmlspecialchars($script_path)),
	
	
	
'root_script_path'
	
=> 
str_replace(' ''%20'htmlspecialchars($root_script_path)),

	
	
	
'page'
	
	
	
	
=> 
$page,
	
	
	
'forum'
	
	
	
	
=> (isset(
$_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
	
	
);

	
	
return 
$page_array;
	
}

	
/**
	
* Start session management
	
*
	
* This is where all session activity begins. We gather various pieces of
	
* information from the client and server. We test to see if a session already
	
* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
	
* new one ... pretty logical heh? We also examine the system load (if we're
	
* running on a system which makes such information readily available) and
	
* halt if it's above an admin definable limit.
	
*
	
* @param bool $update_session_page if true the session page gets updated.
	
*
	
	
	
This can be set to circumvent certain scripts to update the users last visited page.
	
*/
	
function 
session_begin($update_session_page true)
	
{
	
	
global 
$phpEx$SID$_SID$_EXTRA_URL$db$bb_config$phpbb_root_path;
	
	
$config $bb_config;
	
	
// Give us some basic information
	
	
$this->time_now
	
	
	
	
time();
	
	
$this->cookie_data
	
	
	
= array(
'u' => 0'k' => '');
	
	
$this->update_session_page
	
$update_session_page;
	
	
$this->browser
	
	
	
	
= (!empty(
$_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
	
	
$this->referer
	
	
	
	
= (!empty(
$_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
	
	
$this->forwarded_for
	
	
= (!empty(
$_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
	
	
$this->host
	
	
	
	
	
= (!empty(
$_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));

	
	
// Since HTTP_HOST may carry a port definition, we need to remove it here...
	
	
if (
strpos($this->host':') !== false)
	
	
{
	
	
	
$this->host substr($this->host0strpos($this->host':'));
	
	
}

	
	
$this->page
	
	
	
	
	
$this->extract_current_page($phpbb_root_path);

	
	
// if the forwarded for header shall be checked we have to validate its contents
	
	
if (
$config['forwarded_for_check'])
	
	
{
	
	
	
$this->forwarded_for preg_replace('#, +#'', '$this->forwarded_for);

	
	
	
// split the list of IPs
	
	
	
$ips explode(', '$this->forwarded_for);
	
	
	
foreach (
$ips as $ip)
	
	
	
{
	
	
	
	
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
	
	
	
	
if (!empty(
$ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
	
	
	
	
{
	
	
	
	
	
// contains invalid data, don't use the forwarded for header
	
	
	
	
	
$this->forwarded_for '';
	
	
	
	
	
break;
	
	
	
	
}
	
	
	
}
	
	
}
	
	
else
	
	
{
	
	
	
$this->forwarded_for '';
	
	
}

	
	
if (isset(
$_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
	
	
{
	
	
	
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u'0falsetrue);
	
	
	
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k'''falsetrue);
	
	
	
$this->session_id 
	
	
request_var($config['cookie_name'] . '_sid'''falsetrue);

	
	
	
$SID = (defined('NEED_SID')) ? '?sid=' $this->session_id '?sid=';
	
	
	
$_SID = (defined('NEED_SID')) ? $this->session_id '';

	
	
	
if (empty(
$this->session_id))
	
	
	
{
	
	
	
	
$this->session_id $_SID request_var('sid''');
	
	
	
	
$SID '?sid=' $this->session_id;
	
	
	
	
$this->cookie_data = array('u' => 0'k' => '');
	
	
	
}
	
	
}
	
	
else
	
	
{
	
	
	
$this->session_id $_SID request_var('sid''');
	
	
	
$SID '?sid=' $this->session_id;
	
	
}

	
	
$_EXTRA_URL = array();

	
	
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
	
	
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
	
	
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
	
	
$this->load false;

	
	
// Load limit check (if applicable)
	
	
if (
$config['limit_load'] || $config['limit_search_load'])
	
	
{
	
	
	
if ((
function_exists('sys_getloadavg') && $load sys_getloadavg()) || ($load explode(' ', @file_get_contents('/proc/loadavg'))))
	
	
	
{
	
	
	
	
$this->load array_slice($load01);
	
	
	
	
$this->load floatval($this->load[0]);
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
set_config('limit_load''0');
	
	
	
	
set_config('limit_search_load''0');
	
	
	
}
	
	
}

	
	
// Is session_id is set or session_id is set and matches the url param if required
	
	
if (!empty(
$this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
	
	
{
	
	
	
$sql 'SELECT u.*, s.*
	
	
	
	
FROM ' 
PHPBB_SESSIONS_TABLE ' s, ' PHPBB_USERS_TABLE " u
	
	
	
	
WHERE s.session_id = '" 
$db->sql_escape($this->session_id) . "'
	
	
	
	
	
AND u.user_id = s.session_user_id"
;
	
	
	
$result $db->sql_query($sql);
	
	
	
$this->data $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);

	
	
	
// Did the session exist in the DB?
	
	
	
if (isset(
$this->data['user_id']))
	
	
	
{
	
	
	
	
// Validate IP length according to admin ... enforces an IP
	
	
	
	
// check on bots if admin requires this
//
	
	
	
	
$quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];

	
	
	
	
if (
strpos($this->ip':') !== false && strpos($this->data['session_ip'], ':') !== false)
	
	
	
	
{
	
	
	
	
	
$s_ip short_ipv6($this->data['session_ip'], $config['ip_check']);
	
	
	
	
	
$u_ip short_ipv6($this->ip$config['ip_check']);
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
$s_ip implode('.'array_slice(explode('.'$this->data['session_ip']), 0$config['ip_check']));
	
	
	
	
	
$u_ip implode('.'array_slice(explode('.'$this->ip), 0$config['ip_check']));
	
	
	
	
}

	
	
	
	
$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0149))) : '';
	
	
	
	
$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser0149))) : '';

	
	
	
	
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0254) : '';
	
	
	
	
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for0254) : '';

	
	
	
	
// referer checks
	
	
	
	
// The @ before $config['referer_validation'] suppresses notices present while running the updater
	
	
	
	
$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
	
	
	
	
$referer_valid true;

	
	
	
	
// we assume HEAD and TRACE to be foul play and thus only whitelist GET
	
	
	
	
if (@
$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
	
	
	
	
{
	
	
	
	
	
$referer_valid $this->validate_referer($check_referer_path);
	
	
	
	
}

	
	
	
	
if (
$u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
	
	
	
	
{
	
	
	
	
	
$session_expired false;

	
	
	
	
	
// Check whether the session is still valid if we have one
	
	
	
	
	
$method basename(trim($config['auth_method']));
	
	
	
	
	
include_once(
$phpbb_root_path 'includes/auth/auth_' $method '.' $phpEx);

	
	
	
	
	
$method 'validate_session_' $method;
	
	
	
	
	
if (
function_exists($method))
	
	
	
	
	
{
	
	
	
	
	
	
if (!
$method($this->data))
	
	
	
	
	
	
{
	
	
	
	
	
	
	
$session_expired true;
	
	
	
	
	
	
}
	
	
	
	
	
}

	
	
	
	
	
if (!
$session_expired)
	
	
	
	
	
{
	
	
	
	
	
	
// Check the session length timeframe if autologin is not enabled.
	
	
	
	
	
	
// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
	
	
	
	
	
	
if (!
$this->data['session_autologin'])
	
	
	
	
	
	
{
	
	
	
	
	
	
	
if (
$this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
	
	
	
	
	
	
	
{
	
	
	
	
	
	
	
	
$session_expired true;
	
	
	
	
	
	
	
}
	
	
	
	
	
	
}
	
	
	
	
	
	
else if (!
$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60))
	
	
	
	
	
	
{
	
	
	
	
	
	
	
$session_expired true;
	
	
	
	
	
	
}
	
	
	
	
	
}

	
	
	
	
	
if (!
$session_expired)
	
	
	
	
	
{
	
	
	
	
	
	
// Only update session DB a minute or so after last update or if page changes
	
	
	
	
	
	
if (
$this->time_now $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
	
	
	
	
	
	
{
	
	
	
	
	
	
	
$sql_ary = array('session_time' => $this->time_now);

	
	
	
	
	
	
	
if (
$this->update_session_page)
	
	
	
	
	
	
	
{
	
	
	
	
	
	
	
	
$sql_ary['session_page'] = substr($this->page['page'], 0199);
	
	
	
	
	
	
	
	
$sql_ary['session_forum_id'] = $this->page['forum'];
	
	
	
	
	
	
	
}

	
	
	
	
	
	
	
$db->sql_return_on_error(true);

	
	
	
	
	
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE ' SET ' $db->sql_build_array('UPDATE'$sql_ary) . "
	
	
	
	
	
	
	
	
WHERE session_id = '" 
$db->sql_escape($this->session_id) . "'";
	
	
	
	
	
	
	
$result $db->sql_query($sql);

	
	
	
	
	
	
	
$db->sql_return_on_error(false);

	
	
	
	
	
	
	
// If the database is not yet updated, there will be an error due to the session_forum_id
	
	
	
	
	
	
	
// @todo REMOVE for 3.0.2
	
	
	
	
	
	
	
if (
$result === false)
	
	
	
	
	
	
	
{
	
	
	
	
	
	
	
	
unset(
$sql_ary['session_forum_id']);

	
	
	
	
	
	
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE ' SET ' $db->sql_build_array('UPDATE'$sql_ary) . "
	
	
	
	
	
	
	
	
	
WHERE session_id = '" 
$db->sql_escape($this->session_id) . "'";
	
	
	
	
	
	
	
	
$db->sql_query($sql);
	
	
	
	
	
	
	
}
	
	
	
	
	
	
}

	
	
	
	
	
	
$this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true false;
	
	
	
	
	
	
$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true false;
	
	
	
	
	
	
$this->data['user_lang'] = basename($this->data['user_lang']);

	
	
	
	
	
	
return 
true;
	
	
	
	
	
}
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
// Added logging temporarly to help debug bugs...
	
	
	
	
	
if (
defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS)
	
	
	
	
	
{
	
	
	
	
	
	
if (
$referer_valid)
	
	
	
	
	
	
{
	
	
	
	
	
	
	
add_log('critical''LOG_IP_BROWSER_FORWARDED_CHECK'$u_ip$s_ip$u_browser$s_browserhtmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
	
	
	
	
	
	
}
	
	
	
	
	
	
else
	
	
	
	
	
	
{
	
	
	
	
	
	
	
add_log('critical''LOG_REFERER_INVALID'$this->referer);
	
	
	
	
	
	
}
	
	
	
	
	
}
	
	
	
	
}
	
	
	
}
	
	
}

	
	
// If we reach here then no (valid) session exists. So we'll create a new one
	
	
return 
$this->session_create();
	
}

	
/**
	
* Create a new session
	
*
	
* If upon trying to start a session we discover there is nothing existing we
	
* jump here. Additionally this method is called directly during login to regenerate
	
* the session for the specific user. In this method we carry out a number of tasks;
	
* garbage collection, (search)bot checking, banned user comparison. Basically
	
* though this method will result in a new session for a specific user.
	
*/
	
function 
session_create($user_id false$set_admin false$persist_login false$viewonline true)
	
{
	
	
global 
$SID$_SID$db$bb_config$cache$phpbb_root_path$phpEx;
	
	
$config $bb_config;
	
	
$this->data = array();

	
	
/* Garbage collection ... remove old sessions updating user information
	
	
// if necessary. It means (potentially) 11 queries but only infrequently
	
	
if ($this->time_now > $config['session_last_gc'] + $config['session_gc'])
	
	
{
	
	
	
$this->session_gc();
	
	
}*/

	
	
// Do we allow autologin on this board? No? Then override anything
	
	
// that may be requested here
	
	
if (!
$config['allow_autologin'])
	
	
{
	
	
	
$this->cookie_data['k'] = $persist_login false;
	
	
}

	
	
/**
	
	
* Here we do a bot check, oh er saucy! No, not that kind of bot
	
	
* check. We loop through the list of bots defined by the admin and
	
	
* see if we have any useragent and/or IP matches. If we do, this is a
	
	
* bot, act accordingly
	
	
*/
	
	
$bot false;
	
	
$active_bots $cache->obtain_bots();

	
	
foreach (
$active_bots as $row)
	
	
{
	
	
	
if (
$row['bot_agent'] && preg_match('#' str_replace('\*''.*?'preg_quote($row['bot_agent'], '#')) . '#i'$this->browser))
	
	
	
{
	
	
	
	
$bot $row['user_id'];
	
	
	
}

	
	
	
// If ip is supplied, we will make sure the ip is matching too...
	
	
	
if (
$row['bot_ip'] && ($bot || !$row['bot_agent']))
	
	
	
{
	
	
	
	
// Set bot to false, then we only have to set it to true if it is matching
	
	
	
	
$bot false;

	
	
	
	
foreach (
explode(','$row['bot_ip']) as $bot_ip)
	
	
	
	
{
	
	
	
	
	
if (
strpos($this->ip$bot_ip) === 0)
	
	
	
	
	
{
	
	
	
	
	
	
$bot = (int) $row['user_id'];
	
	
	
	
	
	
break;
	
	
	
	
	
}
	
	
	
	
}
	
	
	
}

	
	
	
if (
$bot)
	
	
	
{
	
	
	
	
break;
	
	
	
}
	
	
}

	
	
$method basename(trim($config['auth_method']));
	
	
include_once(
$phpbb_root_path 'includes/auth/auth_' $method '.' $phpEx);

	
	
$method 'autologin_' $method;
	
	
if (
function_exists($method))
	
	
{
	
	
	
$this->data $method();

	
	
	
if (
sizeof($this->data))
	
	
	
{
	
	
	
	
$this->cookie_data['k'] = '';
	
	
	
	
$this->cookie_data['u'] = $this->data['user_id'];
	
	
	
}
	
	
}

	
	
// If we're presented with an autologin key we'll join against it.
	
	
// Else if we've been passed a user_id we'll grab data based on that
	
	
if (isset(
$this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
	
	
{
	
	
	
$sql 'SELECT u.*
	
	
	
	
FROM ' 
PHPBB_USERS_TABLE ' u, ' SESSIONS_KEYS_TABLE ' k
	
	
	
	
WHERE u.user_id = ' 
. (int) $this->cookie_data['u'] . '
	
	
	
	
	
AND u.user_type IN (' 
USER_NORMAL ', ' USER_FOUNDER ")
	
	
	
	
	
AND k.user_id = u.user_id
	
	
	
	
	
AND k.key_id = '" 
$db->sql_escape(md5($this->cookie_data['k'])) . "'";
	
	
	
$result $db->sql_query($sql);
	
	
	
$this->data $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);
	
	
	
$bot false;
	
	
}
	
	
else if (
$user_id !== false && !sizeof($this->data))
	
	
{
	
	
	
$this->cookie_data['k'] = '';
	
	
	
$this->cookie_data['u'] = $user_id;

	
	
	
$sql 'SELECT *
	
	
	
	
FROM ' 
PHPBB_USERS_TABLE '
	
	
	
	
WHERE user_id = ' 
. (int) $this->cookie_data['u'] . '
	
	
	
	
	
AND user_type IN (' 
USER_NORMAL ', ' USER_FOUNDER ')';
	
	
	
$result $db->sql_query($sql);
	
	
	
$this->data $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);
	
	
	
$bot false;
	
	
}

	
	
// If no data was returned one or more of the following occurred:
	
	
// Key didn't match one in the DB
	
	
// User does not exist
	
	
// User is inactive
	
	
// User is bot
	
	
if (!
sizeof($this->data) || !is_array($this->data))
	
	
{
	
	
	
$this->cookie_data['k'] = '';
	
	
	
$this->cookie_data['u'] = ($bot) ? $bot ANONYMOUS;

	
	
	
if (!
$bot)
	
	
	
{
	
	
	
	
$sql 'SELECT *
	
	
	
	
	
FROM ' 
PHPBB_USERS_TABLE '
	
	
	
	
	
WHERE user_id = ' 
. (int) $this->cookie_data['u'];
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
// We give bots always the same session if it is not yet expired.
	
	
	
	
$sql 'SELECT u.*, s.*
	
	
	
	
	
FROM ' 
PHPBB_USERS_TABLE ' u
	
	
	
	
	
LEFT JOIN ' 
PHPBB_SESSIONS_TABLE ' s ON (s.session_user_id = u.user_id)
	
	
	
	
	
WHERE u.user_id = ' 
. (int) $bot;
	
	
	
}

	
	
	
$result $db->sql_query($sql);
	
	
	
$this->data $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);
	
	
}

	
	
if (
$this->data['user_id'] != ANONYMOUS && !$bot)
	
	
{
	
	
	
$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
	
	
}
	
	
else
	
	
{
	
	
	
$this->data['session_last_visit'] = $this->time_now;
	
	
}

	
	
// Force user id to be integer...
	
	
$this->data['user_id'] = (int) $this->data['user_id'];

	
	
// At this stage we should have a filled data array, defined cookie u and k data.
	
	
// data array should contain recent session info if we're a real user and a recent
	
	
// session exists in which case session_id will also be set

	
	
// Is user banned? Are they excluded? Won't return on ban, exists within method
	
	
if (
$this->data['user_type'] != USER_FOUNDER)
	
	
{
	
	
	
if (!
$config['forwarded_for_check'])
	
	
	
{
	
	
	
	
$this->check_ban($this->data['user_id'], $this->ip);
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
$ips explode(', '$this->forwarded_for);
	
	
	
	
$ips[] = $this->ip;
	
	
	
	
$this->check_ban($this->data['user_id'], $ips);
	
	
	
}
	
	
}

	
	
$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true false;
	
	
$this->data['is_bot'] = ($bot) ? true false;

	
	
// If our friend is a bot, we re-assign a previously assigned session
	
	
if (
$this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id'])
	
	
{
	
	
	
// Only assign the current session if the ip, browser and forwarded_for match...
	
	
	
if (
strpos($this->ip':') !== false && strpos($this->data['session_ip'], ':') !== false)
	
	
	
{
	
	
	
	
$s_ip short_ipv6($this->data['session_ip'], $config['ip_check']);
	
	
	
	
$u_ip short_ipv6($this->ip$config['ip_check']);
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
$s_ip implode('.'array_slice(explode('.'$this->data['session_ip']), 0$config['ip_check']));
	
	
	
	
$u_ip implode('.'array_slice(explode('.'$this->ip), 0$config['ip_check']));
	
	
	
}

	
	
	
$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0149))) : '';
	
	
	
$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser0149))) : '';

	
	
	
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0254) : '';
	
	
	
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for0254) : '';

	
	
	
if (
$u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
	
	
	
{
	
	
	
	
$this->session_id $this->data['session_id'];

	
	
	
	
// Only update session DB a minute or so after last update or if page changes
	
	
	
	
if (
$this->time_now $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
	
	
	
	
{
	
	
	
	
	
$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;

	
	
	
	
	
$sql_ary = array('session_time' => $this->time_now'session_last_visit' => $this->time_now'session_admin' => 0);

	
	
	
	
	
if (
$this->update_session_page)
	
	
	
	
	
{
	
	
	
	
	
	
$sql_ary['session_page'] = substr($this->page['page'], 0199);
	
	
	
	
	
	
$sql_ary['session_forum_id'] = $this->page['forum'];
	
	
	
	
	
}

	
	
	
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE ' SET ' $db->sql_build_array('UPDATE'$sql_ary) . "
	
	
	
	
	
	
WHERE session_id = '" 
$db->sql_escape($this->session_id) . "'";
	
	
	
	
	
$db->sql_query($sql);

	
	
	
	
	
// Update the last visit time
	
	
	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE '
	
	
	
	
	
	
SET user_lastvisit = ' 
. (int) $this->data['session_time'] . '
	
	
	
	
	
	
WHERE user_id = ' 
. (int) $this->data['user_id'];
	
	
	
	
	
$db->sql_query($sql);
	
	
	
	
}

	
	
	
	
$SID '?sid=';
	
	
	
	
$_SID '';
	
	
	
	
return 
true;
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
// If the ip and browser does not match make sure we only have one bot assigned to one session
	
	
	
	
$db->sql_query('DELETE FROM ' PHPBB_SESSIONS_TABLE ' WHERE session_user_id = ' $this->data['user_id']);
	
	
	
}
	
	
}

	
	
$session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true false;
	
	
$set_admin = ($set_admin && $this->data['is_registered']) ? true false;

	
	
// Create or update the session
	
	
$sql_ary = array(
	
	
	
'session_user_id'
	
	
=> (int) 
$this->data['user_id'],
	
	
	
'session_start'
	
	
	
=> (int) 
$this->time_now,
	
	
	
'session_last_visit'
	
=> (int) 
$this->data['session_last_visit'],
	
	
	
'session_time'
	
	
	
=> (int) 
$this->time_now,
	
	
	
'session_browser'
	
	
=> (string) 
trim(substr($this->browser0149)),
	
	
	
'session_forwarded_for'
	
=> (string) 
$this->forwarded_for,
	
	
	
'session_ip'
	
	
	
=> (string) 
$this->ip,
	
	
	
'session_autologin'
	
	
=> (
$session_autologin) ? 0,
	
	
	
'session_admin'
	
	
	
=> (
$set_admin) ? 0,
	
	
	
'session_viewonline'
	
=> (
$viewonline) ? 0,
	
	
);

	
	
if (
$this->update_session_page)
	
	
{
	
	
	
$sql_ary['session_page'] = (string) substr($this->page['page'], 0199);
	
	
	
$sql_ary['session_forum_id'] = $this->page['forum'];
	
	
}

	
	
$db->sql_return_on_error(true);

	
	
$sql 'DELETE
	
	
	
FROM ' 
PHPBB_SESSIONS_TABLE '
	
	
	
WHERE session_id = \'' 
$db->sql_escape($this->session_id) . '\'
	
	
	
	
AND session_user_id = ' 
ANONYMOUS;

	
	
if (!
defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows()))
	
	
{
	
	
	
// Limit new sessions in 1 minute period (if required)
	
	
	
if (empty(
$this->data['session_time']) && $config['active_sessions'])
	
	
	
{
//
	
	
	
	
$db->sql_return_on_error(false);

	
	
	
	
$sql 'SELECT COUNT(session_id) AS sessions
	
	
	
	
	
FROM ' 
PHPBB_SESSIONS_TABLE '
	
	
	
	
	
WHERE session_time >= ' 
. ($this->time_now 60);
	
	
	
	
$result $db->sql_query($sql);
	
	
	
	
$row $db->sql_fetchrow($result);
	
	
	
	
$db->sql_freeresult($result);

	
	
	
	
if ((int) 
$row['sessions'] > (int) $config['active_sessions'])
	
	
	
	
{
	
	
	
	
	
header('HTTP/1.1 503 Service Unavailable');
	
	
	
	
	
trigger_error('BOARD_UNAVAILABLE');
	
	
	
	
}
	
	
	
}
	
	
}

	
	
// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
	
	
// Commented out because it will not allow forums to update correctly
//
	
	
$db->sql_return_on_error(false);

	
	
$this->session_id $this->data['session_id'] = md5(unique_id());

	
	
$sql_ary['session_id'] = (string) $this->session_id;
	
	
$sql_ary['session_page'] = (string) substr($this->page['page'], 0199);
	
	
$sql_ary['session_forum_id'] = $this->page['forum'];

	
	
$sql 'INSERT INTO ' PHPBB_SESSIONS_TABLE ' ' $db->sql_build_array('INSERT'$sql_ary);
	
	
$db->sql_query($sql);

	
	
$db->sql_return_on_error(false);

	
	
// Regenerate autologin/persistent login key
	
	
if (
$session_autologin)
	
	
{
	
	
	
$this->set_login_key();
	
	
}

	
	
// refresh data
	
	
$SID '?sid=' $this->session_id;
	
	
$_SID $this->session_id;
	
	
$this->data array_merge($this->data$sql_ary);

	
	
if (!
$bot)
	
	
{
	
	
	
$cookie_expire $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000);

	
	
	
$this->set_cookie('u'$this->cookie_data['u'], $cookie_expire);
	
	
	
$this->set_cookie('k'$this->cookie_data['k'], $cookie_expire);
	
	
	
$this->set_cookie('sid'$this->session_id$cookie_expire);

	
	
	
unset(
$cookie_expire);

	
	
	
$sql 'SELECT COUNT(session_id) AS sessions
	
	
	
	
	
FROM ' 
PHPBB_SESSIONS_TABLE '
	
	
	
	
	
WHERE session_user_id = ' 
. (int) $this->data['user_id'] . '
	
	
	
	
	
AND session_time >= ' 
. (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
	
	
	
$result $db->sql_query($sql);
	
	
	
$row $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);

	
	
	
if ((int) 
$row['sessions'] <= || empty($this->data['user_form_salt']))
	
	
	
{
	
	
	
	
$this->data['user_form_salt'] = unique_id();
	
	
	
	
// Update the form key
	
	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE '
	
	
	
	
	
SET user_form_salt = \'' 
$db->sql_escape($this->data['user_form_salt']) . '\'
	
	
	
	
	
WHERE user_id = ' 
. (int) $this->data['user_id'];
	
	
	
	
$db->sql_query($sql);
	
	
	
}
	
	
}
	
	
else
	
	
{
	
	
	
$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;

	
	
	
// Update the last visit time
	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE '
	
	
	
	
SET user_lastvisit = ' 
. (int) $this->data['session_time'] . '
	
	
	
	
WHERE user_id = ' 
. (int) $this->data['user_id'];
	
	
	
$db->sql_query($sql);

	
	
	
$SID '?sid=';
	
	
	
$_SID '';
	
	
}

	
	
return 
true;
	
}

	
/**
	
* Kills a session
	
*
	
* This method does what it says on the tin. It will delete a pre-existing session.
	
* It resets cookie information (destroying any autologin key within that cookie data)
	
* and update the users information from the relevant session data. It will then
	
* grab guest user information.
	
*/
	
function 
session_kill($new_session true)
	
{
	
	
global 
$SID$_SID$db$config$phpbb_root_path$phpEx;

	
	
$sql 'DELETE FROM ' SESSIONS_TABLE "
	
	
	
WHERE session_id = '" 
$db->sql_escape($this->session_id) . "'
	
	
	
	
AND session_user_id = " 
. (int) $this->data['user_id'];
	
	
$db->sql_query($sql);

	
	
// Allow connecting logout with external auth method logout
	
	
$method basename(trim($config['auth_method']));
	
	
include_once(
$phpbb_root_path 'includes/auth/auth_' $method '.' $phpEx);

	
	
$method 'logout_' $method;
	
	
if (
function_exists($method))
	
	
{
	
	
	
$method($this->data$new_session);
	
	
}

	
	
if (
$this->data['user_id'] != ANONYMOUS)
	
	
{
	
	
	
// Delete existing session, update last visit info first!
	
	
	
if (!isset(
$this->data['session_time']))
	
	
	
{
	
	
	
	
$this->data['session_time'] = time();
	
	
	
}

	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE '
	
	
	
	
SET user_lastvisit = ' 
. (int) $this->data['session_time'] . '
	
	
	
	
WHERE user_id = ' 
. (int) $this->data['user_id'];
	
	
	
$db->sql_query($sql);

	
	
	
if (
$this->cookie_data['k'])
	
	
	
{
	
	
	
	
$sql 'DELETE FROM ' SESSIONS_KEYS_TABLE '
	
	
	
	
	
WHERE user_id = ' 
. (int) $this->data['user_id'] . "
	
	
	
	
	
	
AND key_id = '" 
$db->sql_escape(md5($this->cookie_data['k'])) . "'";
	
	
	
	
$db->sql_query($sql);
	
	
	
}

	
	
	
// Reset the data array
	
	
	
$this->data = array();

	
	
	
$sql 'SELECT *
	
	
	
	
FROM ' 
PHPBB_USERS_TABLE '
	
	
	
	
WHERE user_id = ' 
ANONYMOUS;
	
	
	
$result $db->sql_query($sql);
	
	
	
$this->data $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);
	
	
}

	
	
$cookie_expire $this->time_now 31536000;
	
	
$this->set_cookie('u'''$cookie_expire);
	
	
$this->set_cookie('k'''$cookie_expire);
	
	
$this->set_cookie('sid'''$cookie_expire);
	
	
unset(
$cookie_expire);

	
	
$SID '?sid=';
	
	
$this->session_id $_SID '';

	
	
// To make sure a valid session is created we create one for the anonymous user
	
	
if (
$new_session)
	
	
{
	
	
	
$this->session_create(ANONYMOUS);
	
	
}

	
	
return 
true;
	
}

	
/**
	
* Session garbage collection
	
*
	
* This looks a lot more complex than it really is. Effectively we are
	
* deleting any sessions older than an admin definable limit. Due to the
	
* way in which we maintain session data we have to ensure we update user
	
* data before those sessions are destroyed. In addition this method
	
* removes autologin key information that is older than an admin defined
	
* limit.
	
*/
	
function 
session_gc()
	
{
	
	
global 
$db$config;

	
	
$batch_size 10;

	
	
if (!
$this->time_now)
	
	
{
	
	
	
$this->time_now time();
	
	
}

	
	
// Firstly, delete guest sessions
	
	
$sql 'DELETE FROM ' PHPBB_SESSIONS_TABLE '
	
	
	
WHERE session_user_id = ' 
ANONYMOUS '
	
	
	
	
AND session_time < ' 
. (int) ($this->time_now $config['session_length']);
	
	
$db->sql_query($sql);

	
	
// Get expired sessions, only most recent for each user
	
	
$sql 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
	
	
	
FROM ' 
PHPBB_SESSIONS_TABLE '
	
	
	
WHERE session_time < ' 
. ($this->time_now $config['session_length']) . '
	
	
	
GROUP BY session_user_id, session_page'
;
	
	
$result $db->sql_query_limit($sql$batch_size);

	
	
$del_user_id = array();
	
	
$del_sessions 0;

	
	
while (
$row $db->sql_fetchrow($result))
	
	
{
	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE '
	
	
	
	
SET user_lastvisit = ' 
. (int) $row['recent_time'] . ", user_lastpage = '" $db->sql_escape($row['session_page']) . "'
	
	
	
	
WHERE user_id = " 
. (int) $row['session_user_id'];
	
	
	
$db->sql_query($sql);

	
	
	
$del_user_id[] = (int) $row['session_user_id'];
	
	
	
$del_sessions++;
	
	
}
	
	
$db->sql_freeresult($result);

	
	
if (
sizeof($del_user_id))
	
	
{
	
	
	
// Delete expired sessions
	
	
	
$sql 'DELETE FROM ' PHPBB_SESSIONS_TABLE '
	
	
	
	
WHERE ' 
$db->sql_in_set('session_user_id'$del_user_id) . '
	
	
	
	
	
AND session_time < ' 
. ($this->time_now $config['session_length']);
	
	
	
$db->sql_query($sql);
	
	
}

	
	
if (
$del_sessions $batch_size)
	
	
{
	
	
	
// Less than 10 users, update gc timer ... else we want gc
	
	
	
// called again to delete other sessions
	
	
	
set_config('session_last_gc'$this->time_nowtrue);

	
	
	
if (
$config['max_autologin_time'])
	
	
	
{
	
	
	
	
$sql 'DELETE FROM ' SESSIONS_KEYS_TABLE '
	
	
	
	
	
WHERE last_login < ' 
. (time() - (86400 * (int) $config['max_autologin_time']));
	
	
	
	
$db->sql_query($sql);
	
	
	
}
	
	
	
$this->confirm_gc();
	
	
}

	
	
return;
	
}

	
function 
confirm_gc($type 0)
	
{
	
	
global 
$db$bb_config;
	
	
$config $bb_config;
	
	

	
	
$sql 'SELECT DISTINCT c.session_id
	
	
	
	
FROM ' 
CONFIRM_TABLE ' c
	
	
	
	
LEFT JOIN ' 
PHPBB_SESSIONS_TABLE ' s ON (c.session_id = s.session_id)
	
	
	
	
WHERE s.session_id IS NULL' 
.
	
	
	
	
	
((empty(
$type)) ? '' ' AND c.confirm_type = ' . (int) $type);
	
	
$result $db->sql_query($sql);

	
	
if (
$row $db->sql_fetchrow($result))
	
	
{
	
	
	
$sql_in = array();
	
	
	
do
	
	
	
{
	
	
	
	
$sql_in[] = (string) $row['session_id'];
	
	
	
}
	
	
	
while (
$row $db->sql_fetchrow($result));

	
	
	
if (
sizeof($sql_in))
	
	
	
{
	
	
	
	
$sql 'DELETE FROM ' CONFIRM_TABLE '
	
	
	
	
	
WHERE ' 
$db->sql_in_set('session_id'$sql_in);
	
	
	
	
$db->sql_query($sql);
	
	
	
}
	
	
}
	
	
$db->sql_freeresult($result);
	
}


	
/**
	
* Sets a cookie
	
*
	
* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
	
*
	
* @param string $name
	
	
Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
	
* @param string $cookiedata
	
The data to hold within the cookie
	
* @param int $cookietime
	
The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
	
*/
	
function 
set_cookie($name$cookiedata$cookietime)
	
{
	
	
global 
$bb_config;
	
	
$config $bb_config;
	
	

	
	
$name_data rawurlencode($config['cookie_name'] . '_' $name) . '=' rawurlencode($cookiedata);
	
	
$expire gmdate('D, d-M-Y H:i:s \\G\\M\\T'$cookietime);
	
	
$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' '; domain=' $config['cookie_domain'];

	
	
header('Set-Cookie: ' $name_data . (($cookietime) ? '; expires=' $expire '') . '; path=' $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' '; secure') . '; HttpOnly'false);
	
}

	
/**
	
* Check for banned user
	
*
	
* Checks whether the supplied user is banned by id, ip or email. If no parameters
	
* are passed to the method pre-existing session data is used. If $return is false
	
* this routine does not return on finding a banned user, it outputs a relevant
	
* message and stops execution.
	
*
	
* @param string|array
	
$user_ips
	
Can contain a string with one IP or an array of multiple IPs
	
*/
	
function 
check_ban($user_id false$user_ips false$user_email false$return false)
	
{
	
	
global 
$bb_config$db;
	
	
$config $bb_config;

	
	
if (
defined('IN_CHECK_BAN'))
	
	
{
	
	
	
return;
	
	
}

	
	
$banned false;
	
	
$cache_ttl 3600;
	
	
$where_sql = array();

	
	
$sql 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
	
	
	
FROM ' 
BANLIST_TABLE '
	
	
	
WHERE '
;

	
	
// Determine which entries to check, only return those
	
	
if (
$user_email === false)
	
	
{
	
	
	
$where_sql[] = "ban_email = ''";
	
	
}

	
	
if (
$user_ips === false)
	
	
{
	
	
	
$where_sql[] = "(ban_ip = '' OR ban_exclude = 1)";
	
	
}

	
	
if (
$user_id === false)
	
	
{
	
	
	
$where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)';
	
	
}
	
	
else
	
	
{
	
	
	
$cache_ttl = ($user_id == ANONYMOUS) ? 3600 0;
	
	
	
$_sql '(ban_userid = ' $user_id;

	
	
	
if (
$user_email !== false)
	
	
	
{
	
	
	
	
$_sql .= " OR ban_email <> ''";
	
	
	
}

	
	
	
if (
$user_ips !== false)
	
	
	
{
	
	
	
	
$_sql .= " OR ban_ip <> ''";
	
	
	
}

	
	
	
$_sql .= ')';

	
	
	
$where_sql[] = $_sql;
	
	
}

	
	
$sql .= (sizeof($where_sql)) ? implode(' AND '$where_sql) : '';
	
	
$result $db->sql_query($sql$cache_ttl);

	
	
$ban_triggered_by 'user';
	
	
while (
$row $db->sql_fetchrow($result))
	
	
{
	
	
	
if (
$row['ban_end'] && $row['ban_end'] < time())
	
	
	
{
	
	
	
	
continue;
	
	
	
}

	
	
	
$ip_banned false;
	
	
	
if (!empty(
$row['ban_ip']))
	
	
	
{
	
	
	
	
if (!
is_array($user_ips))
	
	
	
	
{
	
	
	
	
	
$ip_banned preg_match('#^' str_replace('\*''.*?'preg_quote($row['ban_ip'], '#')) . '$#i'$user_ips);
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
foreach (
$user_ips as $user_ip)
	
	
	
	
	
{
	
	
	
	
	
	
if (
preg_match('#^' str_replace('\*''.*?'preg_quote($row['ban_ip'], '#')) . '$#i'$user_ip))
	
	
	
	
	
	
{
	
	
	
	
	
	
	
$ip_banned true;
	
	
	
	
	
	
	
break;
	
	
	
	
	
	
}
	
	
	
	
	
}
	
	
	
	
}
	
	
	
}

	
	
	
if ((!empty(
$row['ban_userid']) && intval($row['ban_userid']) == $user_id) ||
	
	
	
	
$ip_banned ||
	
	
	
	
(!empty(
$row['ban_email']) && preg_match('#^' str_replace('\*''.*?'preg_quote($row['ban_email'], '#')) . '$#i'$user_email)))
	
	
	
{
	
	
	
	
if (!empty(
$row['ban_exclude']))
	
	
	
	
{
	
	
	
	
	
$banned false;
	
	
	
	
	
break;
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
$banned true;
	
	
	
	
	
$ban_row $row;

	
	
	
	
	
if (!empty(
$row['ban_userid']) && intval($row['ban_userid']) == $user_id)
	
	
	
	
	
{
	
	
	
	
	
	
$ban_triggered_by 'user';
	
	
	
	
	
}
	
	
	
	
	
else if (
$ip_banned)
	
	
	
	
	
{
	
	
	
	
	
	
$ban_triggered_by 'ip';
	
	
	
	
	
}
	
	
	
	
	
else
	
	
	
	
	
{
	
	
	
	
	
	
$ban_triggered_by 'email';
	
	
	
	
	
}

	
	
	
	
	
// Don't break. Check if there is an exclude rule for this user
	
	
	
	
}
	
	
	
}
	
	
}
	
	
$db->sql_freeresult($result);

	
	
if (
$banned && !$return)
	
	
{
	
	
	
global 
$template;

	
	
	
// If the session is empty we need to create a valid one...
	
	
	
if (empty(
$this->session_id))
	
	
	
{
	
	
	
	
// This seems to be no longer needed? - #14971
//
	
	
	
	
$this->session_create(ANONYMOUS);
	
	
	
}

	
	
	
// Initiate environment ... since it won't be set at this stage
	
	
	
$this->setup();

	
	
	
// Logout the user, banned users are unable to use the normal 'logout' link
	
	
	
if (
$this->data['user_id'] != ANONYMOUS)
	
	
	
{
	
	
	
	
$this->session_kill();
	
	
	
}

	
	
	
// We show a login box here to allow founders accessing the board if banned by IP
	
	
	
if (
defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS)
	
	
	
{
	
	
	
	
global 
$phpEx;

	
	
	
	
$this->setup('ucp');
	
	
	
	
$this->data['is_registered'] = $this->data['is_bot'] = false;

	
	
	
	
// Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again.
	
	
	
	
define('IN_CHECK_BAN'1);

	
	
	
	
login_box("index.$phpEx");

	
	
	
	
// The false here is needed, else the user is able to circumvent the ban.
	
	
	
	
$this->session_kill(false);
	
	
	
}

	
	
	
// Ok, we catch the case of an empty session id for the anonymous user...
	
	
	
// This can happen if the user is logging in, banned by username and the login_box() being called "again".
	
	
	
if (empty(
$this->session_id) && defined('IN_CHECK_BAN'))
	
	
	
{
	
	
	
	
$this->session_create(ANONYMOUS);
	
	
	
}


	
	
	
// Determine which message to output
	
	
	
$till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : '';
	
	
	
$message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' 'BOARD_BAN_PERM';

	
	
	
$message sprintf($this->lang[$message], $till_date'<a href="mailto:' $config['board_contact'] . '">''</a>');
	
	
	
$message .= ($ban_row['ban_give_reason']) ? '<br /><br />' sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
	
	
	
$message .= '<br /><br /><em>' $this->lang['BAN_TRIGGERED_BY_' strtoupper($ban_triggered_by)] . '</em>';

	
	
	
// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
	
	
	
$this->session_kill(false);

	
	
	
// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
	
	
	
if (
defined('IN_CRON'))
	
	
	
{
	
	
	
	
garbage_collection();
	
	
	
	
exit_handler();
	
	
	
	
exit;
	
	
	
}

	
	
	
trigger_error($message);
	
	
}

	
	
return (
$banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
	
}

	
/**
	
* Check if ip is blacklisted
	
* This should be called only where absolutly necessary
	
*
	
* Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)
	
*
	
* @author satmd (from the php manual)
	
* @param string $mode register/post - spamcop for example is ommitted for posting
	
* @return false if ip is not blacklisted, else an array([checked server], [lookup])
	
*/
	
function 
check_dnsbl($mode$ip false)
	
{
	
	
if (
$ip === false)
	
	
{
	
	
	
$ip $this->ip;
	
	
}

	
	
$dnsbl_check = array(
	
	
	
'list.dsbl.org'
	
	
	
=> 
'http://dsbl.org/listing?',
	
	
	
'sbl-xbl.spamhaus.org'
	
=> 
'http://www.spamhaus.org/query/bl?ip=',
	
	
);

	
	
if (
$mode == 'register')
	
	
{
	
	
	
$dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?';
	
	
}

	
	
if (
$ip)
	
	
{
	
	
	
$quads explode('.'$ip);
	
	
	
$reverse_ip $quads[3] . '.' $quads[2] . '.' $quads[1] . '.' $quads[0];

	
	
	
// Need to be listed on all servers...
	
	
	
$listed true;
	
	
	
$info = array();

	
	
	
foreach (
$dnsbl_check as $dnsbl => $lookup)
	
	
	
{
	
	
	
	
if (
phpbb_checkdnsrr($reverse_ip '.' $dnsbl '.''A') === true)
	
	
	
	
{
	
	
	
	
	
$info = array($dnsbl$lookup $ip);
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
$listed false;
	
	
	
	
}
	
	
	
}

	
	
	
if (
$listed)
	
	
	
{
	
	
	
	
return 
$info;
	
	
	
}
	
	
}

	
	
return 
false;
	
}

	
/**
	
* Check if URI is blacklisted
	
* This should be called only where absolutly necessary, for example on the submitted website field
	
* This function is not in use at the moment and is only included for testing purposes, it may not work at all!
	
* This means it is untested at the moment and therefore commented out
	
*
	
* @param string $uri URI to check
	
* @return true if uri is on blacklist, else false. Only blacklist is checked (~zero FP), no grey lists
	
function check_uribl($uri)
	
{
	
	
// Normally parse_url() is not intended to parse uris
	
	
// We need to get the top-level domain name anyway... change.
	
	
$uri = parse_url($uri);

	
	
if ($uri === false || empty($uri['host']))
	
	
{
	
	
	
return false;
	
	
}

	
	
$uri = trim($uri['host']);

	
	
if ($uri)
	
	
{
	
	
	
// One problem here... the return parameter for the "windows" method is different from what
	
	
	
// we expect... this may render this check useless...
	
	
	
if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true)
	
	
	
{
	
	
	
	
return true;
	
	
	
}
	
	
}

	
	
return false;
	
}
	
*/

	
/**
	
* Set/Update a persistent login key
	
*
	
* This method creates or updates a persistent session key. When a user makes
	
* use of persistent (formerly auto-) logins a key is generated and stored in the
	
* DB. When they revisit with the same key it's automatically updated in both the
	
* DB and cookie. Multiple keys may exist for each user representing different
	
* browsers or locations. As with _any_ non-secure-socket no passphrase login this
	
* remains vulnerable to exploit.
	
*/
	
function 
set_login_key($user_id false$key false$user_ip false)
	
{
	
	
global 
$bb_config$db;
	
	
$config $bb_config;

	
	
$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
	
	
$user_ip = ($user_ip === false) ? $this->ip $user_ip;
	
	
$key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key;

	
	
$key_id unique_id(hexdec(substr($this->session_id08)));

	
	
$sql_ary = array(
	
	
	
'key_id'
	
	
=> (string) 
md5($key_id),
	
	
	
'last_ip'
	
	
=> (string) 
$this->ip,
	
	
	
'last_login'
	
=> (int) 
time()
	
	
);

	
	
if (!
$key)
	
	
{
	
	
	
$sql_ary += array(
	
	
	
	
'user_id'
	
=> (int) 
$user_id
	
	
	
);
	
	
}

	
	
if (
$key)
	
	
{
	
	
	
$sql 'UPDATE ' SESSIONS_KEYS_TABLE '
	
	
	
	
SET ' 
$db->sql_build_array('UPDATE'$sql_ary) . '
	
	
	
	
WHERE user_id = ' 
. (int) $user_id "
	
	
	
	
	
AND key_id = '" 
$db->sql_escape(md5($key)) . "'";
	
	
}
	
	
else
	
	
{
	
	
	
$sql 'INSERT INTO ' SESSIONS_KEYS_TABLE ' ' $db->sql_build_array('INSERT'$sql_ary);
	
	
}
	
	
$db->sql_query($sql);

	
	
$this->cookie_data['k'] = $key_id;

	
	
return 
false;
	
}

	
/**
	
* Reset all login keys for the specified user
	
*
	
* This method removes all current login keys for a specified (or the current)
	
* user. It will be called on password change to render old keys unusable
	
*/
	
function 
reset_login_keys($user_id false)
	
{
	
	
global 
$bb_config$db;
	
	
$config $bb_config;
	
	

	
	
$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;

	
	
$sql 'DELETE FROM ' SESSIONS_KEYS_TABLE '
	
	
	
WHERE user_id = ' 
. (int) $user_id;
	
	
$db->sql_query($sql);

	
	
// Let's also clear any current sessions for the specified user_id
	
	
// If it's the current user then we'll leave this session intact
	
	
$sql_where 'session_user_id = ' . (int) $user_id;
	
	
$sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" $db->sql_escape($this->session_id) . "'" '';

	
	
$sql 'DELETE FROM ' SESSIONS_TABLE "
	
	
	
WHERE 
$sql_where";
	
	
$db->sql_query($sql);

	
	
// We're changing the password of the current user and they have a key
	
	
// Lets regenerate it to be safe
	
	
if (
$user_id === $this->data['user_id'] && $this->cookie_data['k'])
	
	
{
	
	
	
$this->set_login_key($user_id);
	
	
}
	
}


	
/**
	
* Check if the request originated from the same page.
	
* @param bool $check_script_path If true, the path will be checked as well
	
*/
	
function 
validate_referer($check_script_path false)
	
{
	
	
// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
	
	
if (empty(
$this->referer) || empty($this->host) )
	
	
{
	
	
	
return 
true;
	
	
}

	
	
$host htmlspecialchars($this->host);
	
	
$ref substr($this->refererstrpos($this->referer'://') + 3);

	
	
if (!(
stripos($ref $host) === 0))
	
	
{
	
	
	
return 
false;
	
	
}
	
	
else if (
$check_script_path && rtrim($this->page['root_script_path'], '/') !== '')
	
	
{
	
	
	
$ref substr($refstrlen($host));
	
	
	
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');

	
	
	
if (
$server_port !== 80 && $server_port !== 443 && stripos($ref":$server_port") === 0)
	
	
	
{
	
	
	
	
$ref substr($refstrlen(":$server_port"));
	
	
	
}

	
	
	
if (!(
stripos(rtrim($ref'/'), rtrim($this->page['root_script_path'], '/')) === 0))
	
	
	
{
	
	
	
	
return 
false;
	
	
	
}
	
	
}

	
	
return 
true;
	
}


	
function 
unset_admin()
	
{
	
	
global 
$db;
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE '
	
	
	
SET session_admin = 0
	
	
	
WHERE session_id = \'' 
$db->sql_escape($this->session_id) . '\'';
	
	
$db->sql_query($sql);
	
}
}


/**
* Base user class
*
* This is the overarching class which contains (through session extend)
* all methods utilised for user functionality during a session.
*
* @package phpBB3
*/
class user extends session2
{
	
var 
$lang = array();
	
var 
$help = array();
	
var 
$theme = array();
	
var 
$date_format;
	
var 
$timezone;
	
var 
$dst;

	
var 
$lang_name;
	
var 
$lang_id false;
	
var 
$lang_path;
	
var 
$img_lang;
	
var 
$img_array = array();

	
// Able to add new option (id 7)
	
var 
$keyoptions = array('viewimg' => 0'viewflash' => 1'viewsmilies' => 2'viewsigs' => 3'viewavatars' => 4'viewcensors' => 5'attachsig' => 6'bbcode' => 8'smilies' => 9'popuppm' => 10);
	
var 
$keyvalues = array();

	
/**
	
* Setup basic user-specific items (style, language, ...)
	
*/
	
function 
setup($lang_set false$style false)
	
{
	
	
global 
$db$template$bb_config$auth$phpEx$phpbb_root_path$cache;
	
	
$config $bb_config;

	
	
if (
$this->data['user_id'] != ANONYMOUS)
	
	
{
	
	
	
$this->lang_name = (file_exists($phpbb_root_path 'language/' $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
	
	
	
$this->lang_path $phpbb_root_path 'language/' $this->lang_name '/';

	
	
	
$this->date_format $this->data['user_dateformat'];
	
	
	
$this->timezone $this->data['user_timezone'] * 3600;
	
	
	
$this->dst $this->data['user_dst'] * 3600;
	
	
}
	
	
else
	
	
{
	
	
	
$this->lang_name basename($config['default_lang']);
	
	
	
$this->lang_path $phpbb_root_path 'language/' $this->lang_name '/';
	
	
	
$this->date_format $config['default_dateformat'];
	
	
	
$this->timezone $config['board_timezone'] * 3600;
	
	
	
$this->dst $config['board_dst'] * 3600;

	
	
	
/**
	
	
	
* If a guest user is surfing, we try to guess his/her language first by obtaining the browser language
	
	
	
* If re-enabled we need to make sure only those languages installed are checked
	
	
	
* Commented out so we do not loose the code.

	
	
	
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
	
	
	
{
	
	
	
	
$accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);

	
	
	
	
foreach ($accept_lang_ary as $accept_lang)
	
	
	
	
{
	
	
	
	
	
// Set correct format ... guess full xx_YY form
	
	
	
	
	
$accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2));
	
	
	
	
	
$accept_lang = basename($accept_lang);

	
	
	
	
	
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
	
	
	
	
	
{
	
	
	
	
	
	
$this->lang_name = $config['default_lang'] = $accept_lang;
	
	
	
	
	
	
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
	
	
	
	
	
	
break;
	
	
	
	
	
}
	
	
	
	
	
else
	
	
	
	
	
{
	
	
	
	
	
	
// No match on xx_YY so try xx
	
	
	
	
	
	
$accept_lang = substr($accept_lang, 0, 2);
	
	
	
	
	
	
$accept_lang = basename($accept_lang);

	
	
	
	
	
	
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
	
	
	
	
	
	
{
	
	
	
	
	
	
	
$this->lang_name = $config['default_lang'] = $accept_lang;
	
	
	
	
	
	
	
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
	
	
	
	
	
	
	
break;
	
	
	
	
	
	
}
	
	
	
	
	
}
	
	
	
	
}
	
	
	
}
	
	
	
*/
	
	
}

	
	
// We include common language file here to not load it every time a custom language file is included
	
	
$lang = &$this->lang;

	
	
if ((@include 
$this->lang_path "common.$phpEx") === false)
	
	
{
	
	
	
die(
'Language file ' $this->lang_name "/common.$phpEx" couldn't be opened.");
	
	
}

	
	
$this->add_lang($lang_set);
	
	
unset(
$lang_set);

	
	
if (!empty(
$_GET['style']) && $auth->acl_get('a_styles'))
	
	
{
	
	
	
global 
$SID$_EXTRA_URL;

	
	
	
$style request_var('style'0);
	
	
	
$SID .= '&amp;style=' $style;
	
	
	
$_EXTRA_URL = array('style=' $style);
	
	
}
	
	
else
	
	
{
	
	
	
// Set up style
	
	
	
$style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']);
	
	
}

	
	
$sql 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
	
	
	
FROM ' 
STYLES_TABLE ' s, ' STYLES_TEMPLATE_TABLE ' t, ' STYLES_THEME_TABLE ' c, ' STYLES_IMAGESET_TABLE " i
	
	
	
WHERE s.style_id = 
$style
	
	
	
	
AND t.template_id = s.template_id
	
	
	
	
AND c.theme_id = s.theme_id
	
	
	
	
AND i.imageset_id = s.imageset_id"
;
	
	
$result $db->sql_query($sql3600);
	
	
$this->theme $db->sql_fetchrow($result);
	
	
$db->sql_freeresult($result);

	
	
// User has wrong style
	
	
if (!
$this->theme && $style == $this->data['user_style'])
	
	
{
	
	
	
$style $this->data['user_style'] = $config['default_style'];

	
	
	
$sql 'UPDATE ' PHPBB_USERS_TABLE "
	
	
	
	
SET user_style = 
$style
	
	
	
	
WHERE user_id = 
{$this->data['user_id']}";
	
	
	
$db->sql_query($sql);

	
	
	
$sql 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
	
	
	
	
FROM ' 
STYLES_TABLE ' s, ' STYLES_TEMPLATE_TABLE ' t, ' STYLES_THEME_TABLE ' c, ' STYLES_IMAGESET_TABLE " i
	
	
	
	
WHERE s.style_id = 
$style
	
	
	
	
	
AND t.template_id = s.template_id
	
	
	
	
	
AND c.theme_id = s.theme_id
	
	
	
	
	
AND i.imageset_id = s.imageset_id"
;
	
	
	
$result $db->sql_query($sql3600);
	
	
	
$this->theme $db->sql_fetchrow($result);
	
	
	
$db->sql_freeresult($result);
	
	
}

	
	
if (!
$this->theme)
	
	
{
	
	
	
trigger_error('Could not get style data'E_USER_ERROR);
	
	
}

	
	
// Now parse the cfg file and cache it
	
	
$parsed_items $cache->obtain_cfg_items($this->theme);

	
	
// We are only interested in the theme configuration for now
	
	
$parsed_items $parsed_items['theme'];

	
	
$check_for = array(
	
	
	
'parse_css_file'
	
=> (int) 
0,
	
	
	
'pagination_sep'
	
=> (string) 
', '
	
	
);

	
	
foreach (
$check_for as $key => $default_value)
	
	
{
	
	
	
$this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value;
	
	
	
settype($this->theme[$key], gettype($default_value));

	
	
	
if (
is_string($default_value))
	
	
	
{
	
	
	
	
$this->theme[$key] = htmlspecialchars($this->theme[$key]);
	
	
	
}
	
	
}

	
	
// If the style author specified the theme needs to be cached
	
	
// (because of the used paths and variables) than make sure it is the case.
	
	
// For example, if the theme uses language-specific images it needs to be stored in db.
	
	
if (!
$this->theme['theme_storedb'] && $this->theme['parse_css_file'])
	
	
{
	
	
	
$this->theme['theme_storedb'] = 1;

	
	
	
$stylesheet file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
	
	
	
// Match CSS imports
	
	
	
$matches = array();
	
	
	
preg_match_all('/@import url\(["\'](.*)["\']\);/i'$stylesheet$matches);

	
	
	
if (
sizeof($matches))
	
	
	
{
	
	
	
	
$content '';
	
	
	
	
foreach (
$matches[0] as $idx => $match)
	
	
	
	
{
	
	
	
	
	
if (
$content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" $matches[1][$idx]))
	
	
	
	
	
{
	
	
	
	
	
	
$content trim($content);
	
	
	
	
	
}
	
	
	
	
	
else
	
	
	
	
	
{
	
	
	
	
	
	
$content '';
	
	
	
	
	
}
	
	
	
	
	
$stylesheet str_replace($match$content$stylesheet);
	
	
	
	
}
	
	
	
	
unset(
$content);
	
	
	
}

	
	
	
$stylesheet str_replace('./''styles/' $this->theme['theme_path'] . '/theme/'$stylesheet);

	
	
	
$sql_ary = array(
	
	
	
	
'theme_data'
	
=> 
$stylesheet,
	
	
	
	
'theme_mtime'
	
=> 
time(),
	
	
	
	
'theme_storedb'
	
=> 
1
	
	
	
);

	
	
	
$sql 'UPDATE ' STYLES_THEME_TABLE '
	
	
	
	
SET ' 
$db->sql_build_array('UPDATE'$sql_ary) . '
	
	
	
	
WHERE theme_id = ' 
$this->theme['theme_id'];
	
	
	
$db->sql_query($sql);

	
	
	
unset(
$sql_ary);
	
	
}

	
	
$template->set_template();

	
	
$this->img_lang = (file_exists($phpbb_root_path 'styles/' $this->theme['imageset_path'] . '/imageset/' $this->lang_name)) ? $this->lang_name $config['default_lang'];

	
	
$sql 'SELECT image_name, image_filename, image_lang, image_height, image_width
	
	
	
FROM ' 
STYLES_IMAGESET_DATA_TABLE '
	
	
	
WHERE imageset_id = ' 
$this->theme['imageset_id'] . "
	
	
	
AND image_filename <> ''
	
	
	
AND image_lang IN ('" 
$db->sql_escape($this->img_lang) . "', '')";
	
	
$result $db->sql_query($sql3600);

	
	
$localised_images false;
	
	
while (
$row $db->sql_fetchrow($result))
	
	
{
	
	
	
if (
$row['image_lang'])
	
	
	
{
	
	
	
	
$localised_images true;
	
	
	
}

	
	
	
$row['image_filename'] = rawurlencode($row['image_filename']);
	
	
	
$this->img_array[$row['image_name']] = $row;
	
	
}
	
	
$db->sql_freeresult($result);

	
	
// there were no localised images, try to refresh the localised imageset for the user's language
	
	
if (!
$localised_images)
	
	
{
	
	
	
// Attention: this code ignores the image definition list from acp_styles and just takes everything
	
	
	
// that the config file contains
	
	
	
$sql_ary = array();

	
	
	
$db->sql_transaction('begin');

	
	
	
$sql 'DELETE FROM ' STYLES_IMAGESET_DATA_TABLE '
	
	
	
	
WHERE imageset_id = ' 
$this->theme['imageset_id'] . '
	
	
	
	
	
AND image_lang = \'' 
$db->sql_escape($this->img_lang) . '\'';
	
	
	
$result $db->sql_query($sql);

	
	
	
if (@
file_exists("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg"))
	
	
	
{
	
	
	
	
$cfg_data_imageset_data parse_cfg_file("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg");
	
	
	
	
foreach (
$cfg_data_imageset_data as $image_name => $value)
	
	
	
	
{
	
	
	
	
	
if (
strpos($value'*') !== false)
	
	
	
	
	
{
	
	
	
	
	
	
if (
substr($value, -11) === '*')
	
	
	
	
	
	
{
	
	
	
	
	
	
	
list(
$image_filename$image_height) = explode('*'$value);
	
	
	
	
	
	
	
$image_width 0;
	
	
	
	
	
	
}
	
	
	
	
	
	
else
	
	
	
	
	
	
{
	
	
	
	
	
	
	
list(
$image_filename$image_height$image_width) = explode('*'$value);
	
	
	
	
	
	
}
	
	
	
	
	
}
	
	
	
	
	
else
	
	
	
	
	
{
	
	
	
	
	
	
$image_filename $value;
	
	
	
	
	
	
$image_height $image_width 0;
	
	
	
	
	
}

	
	
	
	
	
if (
strpos($image_name'img_') === && $image_filename)
	
	
	
	
	
{
	
	
	
	
	
	
$image_name substr($image_name4);
	
	
	
	
	
	
$sql_ary[] = array(
	
	
	
	
	
	
	
'image_name'
	
	
=> (string) 
$image_name,
	
	
	
	
	
	
	
'image_filename'
	
=> (string) 
$image_filename,
	
	
	
	
	
	
	
'image_height'
	
	
=> (int) 
$image_height,
	
	
	
	
	
	
	
'image_width'
	
	
=> (int) 
$image_width,
	
	
	
	
	
	
	
'imageset_id'
	
	
=> (int) 
$this->theme['imageset_id'],
	
	
	
	
	
	
	
'image_lang'
	
	
=> (string) 
$this->img_lang,
	
	
	
	
	
	
);
	
	
	
	
	
}
	
	
	
	
}
	
	
	
}

	
	
	
if (
sizeof($sql_ary))
	
	
	
{
	
	
	
	
$db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE$sql_ary);
	
	
	
	
$db->sql_transaction('commit');
	
	
	
	
$cache->destroy('sql'STYLES_IMAGESET_DATA_TABLE);

	
	
	
	
add_log('admin''LOG_IMAGESET_LANG_REFRESHED'$this->theme['imageset_name'], $this->img_lang);
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
$db->sql_transaction('commit');
	
	
	
	
add_log('admin''LOG_IMAGESET_LANG_MISSING'$this->theme['imageset_name'], $this->img_lang);
	
	
	
}
	
	
}

	
	
// Call phpbb_user_session_handler() in case external application want to "bend" some variables or replace classes...
	
	
// After calling it we continue script execution...
	
	
phpbb_user_session_handler();

	
	
// If this function got called from the error handler we are finished here.
	
	
if (
defined('IN_ERROR_HANDLER'))
	
	
{
	
	
	
return;
	
	
}

	
	
// Disable board if the install/ directory is still present
	
	
// For the brave development army we do not care about this, else we need to comment out this everytime we develop locally
	
	
if (!
defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path 'install'))
	
	
{
	
	
	
// Adjust the message slightly according to the permissions
	
	
	
if (
$auth->acl_gets('a_''m_') || $auth->acl_getf_global('m_'))
	
	
	
{
	
	
	
	
$message 'REMOVE_INSTALL';
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
	
	
	
}
	
	
	
trigger_error($message);
	
	
}

	
	
// Is board disabled and user not an admin or moderator?
	
	
if (
$config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_''m_') && !$auth->acl_getf_global('m_'))
	
	
{
	
	
	
header('HTTP/1.1 503 Service Unavailable');

	
	
	
$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
	
	
	
trigger_error($message);
	
	
}

	
	
// Is load exceeded?
	
	
if (
$config['limit_load'] && $this->load !== false)
	
	
{
	
	
	
if (
$this->load floatval($config['limit_load']) && !defined('IN_LOGIN'))
	
	
	
{
	
	
	
	
// Set board disabled to true to let the admins/mods get the proper notification
	
	
	
	
$config['board_disable'] = '1';

	
	
	
	
if (!
$auth->acl_gets('a_''m_') && !$auth->acl_getf_global('m_'))
	
	
	
	
{
	
	
	
	
	
header('HTTP/1.1 503 Service Unavailable');
	
	
	
	
	
trigger_error('BOARD_UNAVAILABLE');
	
	
	
	
}
	
	
	
}
	
	
}

	
	
if (isset(
$this->data['session_viewonline']))
	
	
{
	
	
	
// Make sure the user is able to hide his session
	
	
	
if (!
$this->data['session_viewonline'])
	
	
	
{
	
	
	
	
// Reset online status if not allowed to hide the session...
	
	
	
	
if (!
$auth->acl_get('u_hideonline'))
	
	
	
	
{
	
	
	
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE '
	
	
	
	
	
	
SET session_viewonline = 1
	
	
	
	
	
	
WHERE session_user_id = ' 
$this->data['user_id'];
	
	
	
	
	
$db->sql_query($sql);
	
	
	
	
	
$this->data['session_viewonline'] = 1;
	
	
	
	
}
	
	
	
}
	
	
	
else if (!
$this->data['user_allow_viewonline'])
	
	
	
{
	
	
	
	
// the user wants to hide and is allowed to  -> cloaking device on.
	
	
	
	
if (
$auth->acl_get('u_hideonline'))
	
	
	
	
{
	
	
	
	
	
$sql 'UPDATE ' PHPBB_SESSIONS_TABLE '
	
	
	
	
	
	
SET session_viewonline = 0
	
	
	
	
	
	
WHERE session_user_id = ' 
$this->data['user_id'];
	
	
	
	
	
$db->sql_query($sql);
	
	
	
	
	
$this->data['session_viewonline'] = 0;
	
	
	
	
}
	
	
	
}
	
	
}


	
	
// Does the user need to change their password? If so, redirect to the
	
	
// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
	
	
if (!
defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && $this->data['is_registered'] && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
	
	
{
	
	
	
if (
strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
	
	
	
{
	
	
	
	
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx"'i=profile&amp;mode=reg_details'));
	
	
	
}
	
	
}

	
	
return;
	
}

	
/**
	
* Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)
	
*
	
* @param mixed $lang_set specifies the language entries to include
	
* @param bool $use_db internal variable for recursion, do not use
	
* @param bool $use_help internal variable for recursion, do not use
	
*
	
* Examples:
	
* <code>
	
* $lang_set = array('posting', 'help' => 'faq');
	
* $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
	
* $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
	
* $lang_set = 'posting'
	
* $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))
	
* </code>
	
*/
	
function 
add_lang($lang_set$use_db false$use_help false)
	
{
	
	
global 
$phpEx;

	
	
if (
is_array($lang_set))
	
	
{
	
	
	
foreach (
$lang_set as $key => $lang_file)
	
	
	
{
	
	
	
	
// Please do not delete this line.
	
	
	
	
// We have to force the type here, else [array] language inclusion will not work
	
	
	
	
$key = (string) $key;

	
	
	
	
if (
$key == 'db')
	
	
	
	
{
	
	
	
	
	
$this->add_lang($lang_filetrue$use_help);
	
	
	
	
}
	
	
	
	
else if (
$key == 'help')
	
	
	
	
{
	
	
	
	
	
$this->add_lang($lang_file$use_dbtrue);
	
	
	
	
}
	
	
	
	
else if (!
is_array($lang_file))
	
	
	
	
{
	
	
	
	
	
$this->set_lang($this->lang$this->help$lang_file$use_db$use_help);
	
	
	
	
}
	
	
	
	
else
	
	
	
	
{
	
	
	
	
	
$this->add_lang($lang_file$use_db$use_help);
	
	
	
	
}
	
	
	
}
	
	
	
unset(
$lang_set);
	
	
}
	
	
else if (
$lang_set)
	
	
{
	
	
	
$this->set_lang($this->lang$this->help$lang_set$use_db$use_help);
	
	
}
	
}

	
/**
	
* Set language entry (called by add_lang)
	
* @access private
	
*/
	
function 
set_lang(&$lang, &$help$lang_file$use_db false$use_help false)
	
{
	
	
global 
$phpEx;

	
	
// Make sure the language path is set (if the user setup did not happen it is not set)
	
	
if (!
$this->lang_path)
	
	
{
	
	
	
global 
$phpbb_root_path$config;

	
	
	
$this->lang_path $phpbb_root_path 'language/' basename($config['default_lang']) . '/';
	
	
}

	
	
// $lang == $this->lang
	
	
// $help == $this->help
	
	
// - add appropriate variables here, name them as they are used within the language file...
	
	
if (!
$use_db)
	
	
{
	
	
	
if (
$use_help && strpos($lang_file'/') !== false)
	
	
	
{
	
	
	
	
$language_filename $this->lang_path substr($lang_file0stripos($lang_file'/') + 1) . 'help_' substr($lang_filestripos($lang_file'/') + 1) . '.' $phpEx;
	
	
	
}
	
	
	
else
	
	
	
{
	
	
	
	
$language_filename $this->lang_path . (($use_help) ? 'help_' '') . $lang_file '.' $phpEx;
	
	
	
}

	
	
	
if ((@include 
$language_filename) === false)
	
	
	
{
	
	
	
	
trigger_error('Language file ' basename($language_filename) . ' couldn\'t be opened.'E_USER_ERROR);
	
	
	
}
	
	
}
	
	
else if (
$use_db)
	
	
{
	
	
	
// Get Database Language Strings
	
	
	
// Put them into $lang if nothing is prefixed, put them into $help if help: is prefixed
	
	
	
// For example: help:faq, posting
	
	
}
	
}

	
/**
	
* Format user date
	
*/
	
function 
format_date($gmepoch$format false$forcedate false)
	
{
	
	
static 
$midnight;

	
	
$lang_dates $this->lang['datetime'];
	
	
$format = (!$format) ? $this->date_format $format;

	
	
// Short representation of month in format
	
	
if ((
strpos($format'\M') === false && strpos($format'M') !== false) || (strpos($format'\r') === false && strpos($format'r') !== false))
	
	
{
	
	
	
$lang_dates['May'] = $lang_dates['May_short'];
	
	
}

	
	
unset(
$lang_dates['May_short']);

	
	
if (!
$midnight)
	
	
{
	
	
	
list(
$d$m$y) = explode(' 'gmdate('j n Y'time() + $this->timezone $this->dst));
	
	
	
$midnight gmmktime(000$m$d$y) - $this->timezone $this->dst;
	
	
}

	
	
if (
strpos($format'|') === false || ($gmepoch $midnight 86400 && !$forcedate) || ($gmepoch $midnight 172800 && !$forcedate))
	
	
{
	
	
	
return 
strtr(@gmdate(str_replace('|'''$format), $gmepoch $this->timezone $this->dst), $lang_dates);
	
	
}

	
	
if (
$gmepoch $midnight 86400 && !$forcedate)
	
	
{
	
	
	
$format substr($format0strpos($format'|')) . '||' substr(strrchr($format'|'), 1);
	
	
	
return 
str_replace('||'$this->lang['datetime']['TOMORROW'], strtr(@gmdate($format$gmepoch $this->timezone $this->dst), $lang_dates));
	
	
}
	
	
else if (
$gmepoch $midnight && !$forcedate)
	
	
{
	
	
	
$format substr($format0strpos($format'|')) . '||' substr(strrchr($format'|'), 1);
	
	
	
return 
str_replace('||'$this->lang['datetime']['TODAY'], strtr(@gmdate($format$gmepoch $this->timezone $this->dst), $lang_dates));
	
	
}
	
	
else if (
$gmepoch $midnight 86400 && !$forcedate)
	
	
{
	
	
	
$format substr($format0strpos($format'|')) . '||' substr(strrchr($format'|'), 1);
	
	
	
return 
str_replace('||'$this->lang['datetime']['YESTERDAY'], strtr(@gmdate($format$gmepoch $this->timezone $this->dst), $lang_dates));
	
	
}

	
	
return 
strtr(@gmdate(str_replace('|'''$format), $gmepoch $this->timezone $this->dst), $lang_dates);
	
}

	
/**
	
* Get language id currently used by the user
	
*/
	
function 
get_iso_lang_id()
	
{
	
	
global 
$config$db;

	
	
if (!empty(
$this->lang_id))
	
	
{
	
	
	
return 
$this->lang_id;
	
	
}

	
	
if (!
$this->lang_name)
	
	
{
	
	
	
$this->lang_name $config['default_lang'];
	
	
}

	
	
$sql 'SELECT lang_id
	
	
	
FROM ' 
LANG_TABLE "
	
	
	
WHERE lang_iso = '" 
$db->sql_escape($this->lang_name) . "'";
	
	
$result $db->sql_query($sql);
	
	
$this->lang_id = (int) $db->sql_fetchfield('lang_id');
	
	
$db->sql_freeresult($result);

	
	
return 
$this->lang_id;
	
}

	
/**
	
* Get users profile fields
	
*/
	
function 
get_profile_fields($user_id)
	
{
	
	
global 
$db;

	
	
if (isset(
$this->profile_fields))
	
	
{
	
	
	
return;
	
	
}

	
	
$sql 'SELECT *
	
	
	
FROM ' 
PROFILE_FIELDS_DATA_TABLE "
	
	
	
WHERE user_id = 
$user_id";
	
	
$result $db->sql_query_limit($sql1);
	
	
$this->profile_fields = (!($row $db->sql_fetchrow($result))) ? array() : $row;
	
	
$db->sql_freeresult($result);
	
}

	
/**
	
* Specify/Get image
	
*/
	
function 
img($img$alt ''$width false$suffix ''$type 'full_tag')
	
{
	
	
static 
$imgs;
	
	
global 
$phpbb_root_path;

	
	
$img_data = &$imgs[$img];

	
	
if (empty(
$img_data))
	
	
{
	
	
	
if (!isset(
$this->img_array[$img]))
	
	
	
{
	
	
	
	
// Do not fill the image to let designers decide what to do if the image is empty
	
	
	
	
$img_data '';
	
	
	
	
return 
$img_data;
	
	
	
}

	
	
	
$img_data['src'] = $phpbb_root_path 'styles/' $this->theme['imageset_path'] . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' '') . $this->img_array[$img]['image_filename'];
	
	
	
$img_data['width'] = $this->img_array[$img]['image_width'];
	
	
	
$img_data['height'] = $this->img_array[$img]['image_height'];
	
	
}

	
	
$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;

	
	
switch (
$type)
	
	
{
	
	
	
case 
'src':
	
	
	
	
return 
$img_data['src'];
	
	
	
break;

	
	
	
case 
'width':
	
	
	
	
return (
$width === false) ? $img_data['width'] : $width;
	
	
	
break;

	
	
	
case 
'height':
	
	
	
	
return 
$img_data['height'];
	
	
	
break;

	
	
	
default:
	
	
	
	
$use_width = ($width === false) ? $img_data['width'] : $width;

	
	
	
	
return 
'<img src="' $img_data['src'] . '"' . (($use_width) ? ' width="' $use_width '"' '') . (($img_data['height']) ? ' height="' $img_data['height'] . '"' '') . ' alt="' $alt '" title="' $alt '" />';
	
	
	
break;
	
	
}
	
}

	
/**
	
* Get option bit field from user options
	
*/
	
function 
optionget($key$data false)
	
{
	
	
if (!isset(
$this->keyvalues[$key]))
	
	
{
	
	
	
$var = ($data) ? $data $this->data['user_options'];
	
	
	
$this->keyvalues[$key] = ($var << $this->keyoptions[$key]) ? true false;
	
	
}

	
	
return 
$this->keyvalues[$key];
	
}

	
/**
	
* Set option bit field for user options
	
*/
	
function 
optionset($key$value$data false)
	
{
	
	
$var = ($data) ? $data $this->data['user_options'];

	
	
if (
$value && !($var << $this->keyoptions[$key]))
	
	
{
	
	
	
$var += << $this->keyoptions[$key];
	
	
}
	
	
else if (!
$value && ($var << $this->keyoptions[$key]))
	
	
{
	
	
	
$var -= << $this->keyoptions[$key];
	
	
}
	
	
else
	
	
{
	
	
	
return (
$data) ? $var false;
	
	
}

	
	
if (!
$data)
	
	
{
	
	
	
$this->data['user_options'] = $var;
	
	
	
return 
true;
	
	
}
	
	
else
	
	
{
	
	
	
return 
$var;
	
	
}
	
}
}



« Last Edit: October 17, 2008, 10:58:32 AM by kai »

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #1 on: September 05, 2008, 03:33:58 AM »
need to be over 2 posts to many chars lol sorry
CONTINUEING IN includes/session.php


Find
Code: [Select]
define('COOKIE_SECURE', '0');

add after on a new line

Code: [Select]
$user = new user();
$user->session_begin();

find

Code: [Select]
$user_info = $site_sess->return_user_info();

add on a new line after

Code: [Select]
$sql = "SELECT * FROM ".LIGHTBOXES_TABLE." WHERE user_id = ". $user->data['user_id'] ."";

$result = $site_db->query($sql);
$lightbox = $site_db->fetch_array($result);
$site_db->free_result($result);

if($lightbox['lightbox_lastaction'] == '') {

$lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id");
          $sql = "INSERT INTO ".LIGHTBOXES_TABLE."
                  (lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
                  VALUES
                  ('".$lightbox_id."', ".$user->data['user_id'].", ".time().", '')";
  echo $sql;
          $site_db->query($sql);
          $user->data['lightbox_lastaction'] = time();
          $user->data['lightbox_image_ids'] = "";

} else {

$user->data['lightbox_lastaction'] = $lightbox['lightbox_lastaction'];
$user->data['lightbox_image_ids'] = $lightbox['lightbox_image_ids'];
}

$user_info[0] = $user_info['user_id'] = $user->data['user_id'];
$user_info[1] = $user_info['user_level'] = $user->data['user_type'];
$user_info[2] = $user_info['user_name'] = $user->data['username'];
$user_info[4] = $user_info['user_email'] = $user->data['user_email'];
$user_info[5] = $user_info['user_showemail'] = $user->data['user_allow_viewemail'];
$user_info['lightbox_lastaction'] = $user->data['lightbox_lastaction'];
$user_info['lightbox_image_ids'] = $user->data['lightbox_image_ids'];


find

Code: [Select]
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) {
  $time_out = time() - 300;
  $sql = "SELECT s.session_user_id, s.session_lastaction, s.session_ip".get_user_table_field(", u.", "user_id").get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_invisible")."
      FROM ".SESSIONS_TABLE." s
      LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = s.session_user_id)
      WHERE s.session_lastaction >= $time_out
      ORDER BY ".get_user_table_field("u.", "user_id")." ASC, s.session_ip ASC";
  $result = $site_db->query($sql);
  while ($row = $site_db->fetch_array($result)) {
    if ($row['session_user_id'] != GUEST && (isset($row[$user_table_fields['user_id']]) && $row[$user_table_fields['user_id']] != GUEST)) {
      if (!isset($prev_user_ids[$row['session_user_id']])) {
        $is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 1) ? 1 : 0;
        $invisibleuser = ($is_invisible) ? "*" : "";
        $username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>", $row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
        if (!$is_invisible || $user_info['user_level'] == ADMIN) {
          $user_online_list .= ($user_online_list != "") ? ", " : "";
          $user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$row['session_user_id'];
          $user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".$username."</a>".$invisibleuser;
        }
        (!$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
        $num_registered_online++;
      }
      $prev_user_ids[$row['session_user_id']] = 1;
    }
    else {
      if (!isset($prev_session_ips[$row['session_ip']])) {
        $num_guests_online++;
      }
    }
    $prev_session_ips[$row['session_ip']] = 1;
  }
  $num_total_online = $num_registered_online + $num_guests_online;
  //$num_invisible_online = $num_registered_online - $num_visible_online;

  $site_template->register_vars(array(
    "num_total_online" => $num_total_online,
    "num_invisible_online" => $num_invisible_online,
    "num_registered_online" => $num_registered_online,
    "num_guests_online" => $num_guests_online,
    "user_online_list" => $user_online_list,
    "lang_user_online" => str_replace('{num_total_online}', $num_total_online, $lang['user_online']),
    "lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
  ));
  $whos_online = $site_template->parse_template("whos_online");
  $site_template->register_vars("whos_online", $whos_online);
  unset($whos_online);
  unset($prev_user_ids);
  unset($prev_session_ips);
}

REPLACE WITH

Code: [Select]
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) {

$onlineinfo = getUsersOnline();

  $site_template->register_vars(array(
    "num_total_online" => $onlineinfo['total'],
    "num_invisible_online" => $onlineinfo['hidden'],
    "num_registered_online" => $onlineinfo['users'],
    "num_guests_online" => $onlineinfo['guests'],
    "user_online_list" => $onlineinfo['user_list'],
    "lang_user_online" => str_replace('{num_total_online}', $onlineinfo['total'], $lang['user_online']),
    "lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($onlineinfo['users'],$onlineinfo['hidden'],$onlineinfo['guests']), $lang['user_online_detail']),
  ));
  $whos_online = $site_template->parse_template("whos_online");
  $site_template->register_vars("whos_online", $whos_online);
  unset($whos_online);
  unset($prev_user_ids);
  unset($prev_session_ips);
}

OK nOW WERE DONE WITH THE SESSIONS

OPEN: gallery/includes/constants.php

Code: [Select]
define('WORDMATCH_TABLE', $table_prefix.'wordmatch');

after on a new line add:

Code: [Select]
//////////////////////////////////////
// phpBB3 Integration
//////////////////////////////////////

define('IN_PHPBB', true);
define('STRIP', false);
define('ANONYMOUS', 1);
define('USER_NORMAL', 0);
define('USER_INACTIVE', 1);
define('USER_IGNORE', 2);
define('USER_FOUNDER', 3);

define('PHPBB_USERS_TABLE', 'phpbb_users');
define('PHPBB_SESSIONS_TABLE', 'phpbb_sessions');
define('SESSIONS_KEYS_TABLE', 'phpbb_sessions_keys');
define('PHPBB_CONFIG_TABLE', 'phpbb_config');
define('BANLIST_TABLE', 'phpbb_banlist');
define('STYLES_TABLE', 'phpbb_styles');
define('STYLES_TEMPLATE_TABLE', 'phpbb_styles_template');
define('STYLES_TEMPLATE_DATA_TABLE','phpbb_styles_template_data');
define('STYLES_THEME_TABLE', 'phpbb_styles_theme');
define('STYLES_IMAGESET_TABLE', 'phpbb_styles_imageset');
define('STYLES_IMAGESET_DATA_TABLE','phpbb_styles_imageset_data');

define('REFERER_VALIDATE_NONE', 0);
define('REFERER_VALIDATE_HOST', 1);
define('REFERER_VALIDATE_PATH', 2);

find

Code: [Select]
define('GUEST', -1);
define('USER_AWAITING', 1);
define('USER', 2);
define('ADMIN', 9);


// Permission levels
define('AUTH_ALL', 0);
define('AUTH_USER', 2);
define('AUTH_ACL', 3);
define('AUTH_ADMIN', 9);

replace with

Code: [Select]
define('GUEST', 2);
define('USER_AWAITING', 5);
define('USER', 0);
define('ADMIN', 3);


// Permission levels
define('AUTH_ALL', 0);
define('AUTH_USER', 2);
define('AUTH_ACL', 3);
define('AUTH_ADMIN', 3);


OPEN: gallery/includes/page_header.php

find
Code: [Select]
  "url_register" => (!empty($url_register)) ? $site_sess->url($url_register) : $site_sess->url(ROOT_PATH."register.php"),

replace with
Code: [Select]
  "url_register" => (!empty($url_register)) ? $site_sess->url($url_register) : $site_sess->url(PHPBB_DIRECTORY."ucp.php?mode=register"),

find
Code: [Select]
  "url_control_panel" => (!empty($url_control_panel)) ? $site_sess->url($url_control_panel) : $site_sess->url(ROOT_PATH."member.php?action=editprofile"),

replace
Code: [Select]
  "url_control_panel" => (!empty($url_control_panel)) ? $site_sess->url($url_control_panel) : $site_sess->url(PHPBB_DIRECTORY."ucp.php"),


find
Code: [Select]
  "url_logout" => (!empty($url_logout)) ? $site_sess->url($url_logout) : $site_sess->url(ROOT_PATH."logout.php"),

replace
Code: [Select]
  "url_logout" => (!empty($url_logout)) ? $site_sess->url($url_logout) : $site_sess->url(PHPBB_DIRECTORY."ucp.php?mode=logout&sid=".$user->data['session_id']),


find
Code: [Select]
if ($user_info['user_level'] >= USER) {

replace
Code: [Select]
if ($user_info['user_level'] == USER || $user_info['user_level'] == ADMIN ) {


OPEN: gallery/templates/<YOUR TEMPLATE DIRECTORY>/user_loginform.html

REPLACE ALL THE CONTENTS WITH
Code: [Select]
<table width="100%" border="0" cellpadding="4" cellspacing="0">
  <tr>
    <td valign="top" align="left">
     <form action="<?php echo PHPBB_DIRECTORY?>ucp.php" method="post">
<input type="hidden" name="mode" value="login" />
User Name:<input type="text"  name="username" />
Password:<input type="password" name="password" />
Hidden:<input type="checkbox" class="radio" name="viewonline" />
<input type="hidden" name="autologin" value="1" />
<input type="submit" value="Submit" name="login" />
</form>
  </tr>
</table>


OPEN: catagories.php

find
Code: [Select]
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id = $cat_id AND c.cat_id = i.cat_id
        ORDER BY ".$config['image_order']." ".$config['image_sort'].", i.image_id ".$config['image_sort']."
        LIMIT $offset, $perpage";
$result = $site_db->query($sql);
$num_rows = $site_db->get_numrows($result);

replace with
Code: [Select]
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name, u.username_clean as user_name
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON ( u.user_id = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id = $cat_id AND c.cat_id = i.cat_id
        ORDER BY ".$config['image_order']." ".$config['image_sort'].", i.image_id ".$config['image_sort']."
        LIMIT $offset, $perpage";
$result = $site_db->query($sql);
$num_rows = $site_db->get_numrows($result);


OPEN: includes/functions.php

find
Code: [Select]
if (isset($image_row[$user_table_fields['user_name']]) && $image_row['user_id'] != GUEST) {
    $user_name = format_text($image_row[$user_table_fields['user_name']], 2);

    $user_profile_link = (!empty($url_show_profile)) ? str_replace("{user_id}", $image_row['user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$image_row['user_id'];
    $user_name_link = "<a href=\"".$site_sess->url($user_profile_link)."\">".$user_name."</a>";
  }
  else {
    $user_name = format_text($lang['userlevel_guest'], 2);
    $user_name_link = $user_name;
  }

replace with
Code: [Select]
  $user_name = format_text($image_row[$user_table_fields['user_name']], 2);

if($image_row['user_id'] != 1) {
    $user_profile_link = (!empty($url_show_profile)) ? str_replace("{user_id}", $image_row['user_id'], $url_show_profile) : PHPBB_DIRECTORY."memberlist.php?mode=viewprofile&u=".$image_row['user_id'];

    $user_name_link = "<a href=\"".$site_sess->url($user_profile_link)."\">".$user_name."</a>";
} else {
$user_name_link = $user_name;
}

find
Code: [Select]
function get_random_image_cache() {
  global $site_db, $cat_cache, $total_images;

  $random_image_cache = array();
  $cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN");

  if (SHOW_RANDOM_CAT_IMAGE) {
    $sql = "SELECT DISTINCT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name".get_user_table_field(", u.", "user_name")."
            FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
            WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND c.cat_id = i.cat_id
            ORDER BY RAND()";
    $result = $site_db->query($sql);
    while ($row = $site_db->fetch_array($result)) {
      $random_image_cache[$row['cat_id']] = $row;
    }
  }
  else {
    if (empty($total_images)) {
      $sql = "SELECT COUNT(*) as total_images
              FROM ".IMAGES_TABLE."
              WHERE image_active = 1 AND cat_id NOT IN ($cat_id_sql)";
      $row = $site_db->query_firstrow($sql);
      $total_images = $row['total_images'];
    }
    if (empty($total_images)) {
      return $random_image_cache;
    }
    mt_srand((double)microtime() * 1000000);
    $number = ($total_images > 1) ? mt_rand(0, $total_images - 1) : 0;

    $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name".get_user_table_field(", u.", "user_name")."
            FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
            WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND c.cat_id = i.cat_id
            LIMIT $number, 1";
    $random_image_cache[0] = $site_db->query_firstrow($sql);
  }
  return $random_image_cache;
}

replace with
Code: [Select]
function get_random_image_cache() {
  global $site_db, $cat_cache, $total_images;

  $random_image_cache = array();
  $cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN");

  if (SHOW_RANDOM_CAT_IMAGE) {
    $sql = "SELECT DISTINCT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name, u.username_clean AS user_name
            FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
            LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
            WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND c.cat_id = i.cat_id
            ORDER BY RAND()";
    $result = $site_db->query($sql);
    while ($row = $site_db->fetch_array($result)) {
      $random_image_cache[$row['cat_id']] = $row;
    }
  }
  else {
    if (empty($total_images)) {
      $sql = "SELECT COUNT(*) as total_images
              FROM ".IMAGES_TABLE."
              WHERE image_active = 1 AND cat_id NOT IN ($cat_id_sql)";
      $row = $site_db->query_firstrow($sql);
      $total_images = $row['total_images'];
    }
    if (empty($total_images)) {
      return $random_image_cache;
    }
    mt_srand((double)microtime() * 1000000);
    $number = ($total_images > 1) ? mt_rand(0, $total_images - 1) : 0;

    $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name, u.username_clean AS user_name
            FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
            LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
            WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND c.cat_id = i.cat_id
            LIMIT $number, 1";
    $random_image_cache[0] = $site_db->query_firstrow($sql);
  }
  return $random_image_cache;
}


OPEN: details.php

find
Code: [Select]
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email")."
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_id = $image_id AND i.image_active = 1 AND c.cat_id = i.cat_id";
$image_row = $site_db->query_firstrow($sql);
$cat_id = (isset($image_row['cat_id'])) ? $image_row['cat_id'] : 0;
$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;


replace with
Code: [Select]
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name, u.username_clean AS user_name, u.user_email
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_id = $image_id AND i.image_active = 1 AND c.cat_id = i.cat_id";
$image_row = $site_db->query_firstrow($sql);
$cat_id = (isset($image_row['cat_id'])) ? $image_row['cat_id'] : 0;
$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;




find
Code: [Select]
      if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {


replace with
Code: [Select]
      if ($site_db->not_empty("SELECT username_clean FROM ".PHPBB_USERS_TABLE." WHERE username_clean = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {




find
Code: [Select]
$sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq")."
          FROM ".COMMENTS_TABLE." c
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.image_id = $image_id
          ORDER BY c.comment_date ASC";
  $result = $site_db->query($sql);

replace with
Code: [Select]
  $sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date, u.user_type AS user_level, u.username_clean AS user_name ".get_user_table_field(", u.", "user_email").", u.user_allow_viewemail AS user_showemail, u.user_allow_viewonline AS user_invisible, u.user_regdate AS user_joindate, u.user_lastvisit AS user_lastaction, u.user_posts AS user_comments, u.user_website AS user_homepage".get_user_table_field(", u.", "user_icq")."
          FROM ".COMMENTS_TABLE." c
          LEFT JOIN ".PHPBB_USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.image_id = $image_id
          ORDER BY c.comment_date ASC";
  $result = $site_db->query($sql);


find
Code: [Select]
if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
        $comment_user_name = format_text($comment_row[$i][$user_table_fields['user_name']], 2);

        $comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$comment_user_id);
        $comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";

        $comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";

        $comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
        if (!empty($comment_user_homepage)) {
          $comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
        }

        $comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? format_text($comment_row[$i][$user_table_fields['user_icq']]) : "";
        if (!empty($comment_user_icq)) {
          $comment_user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://status.icq.com/online.gif?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
        }

        if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
          $comment_user_email = format_text($comment_row[$i][$user_table_fields['user_email']]);
          $comment_user_email_save = format_text(str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]));
          if (!empty($url_mailform)) {
            $comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
          }
          else {
            $comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&amp;".URL_USER_ID."=".$comment_user_id);
          }
          $comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
        }


replace with
Code: [Select]
    if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != 1) {
        $comment_user_name = format_text($comment_row[$i][$user_table_fields['user_name']], 2);

        $comment_user_profile_link = (!empty($url_show_profile)) ? str_replace("{user_id}", $comment_user_id, $url_show_profile) : PHPBB_DIRECTORY."memberlist.php?mode=viewprofile&u=".$comment_user_id;
        $comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";

        $comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";

        $comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
        if (!empty($comment_user_homepage)) {
          $comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
        }

        $comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? format_text($comment_row[$i][$user_table_fields['user_icq']]) : "";
        if (!empty($comment_user_icq)) {
          $comment_user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://status.icq.com/online.gif?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
        }



OPEN: index.php

find
Code: [Select]
$num_new_images = $config['image_cells'];
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND c.cat_id = i.cat_id AND i.cat_id NOT IN (".get_auth_cat_sql("auth_viewcat", "NOTIN").")
        ORDER BY i.image_date DESC
        LIMIT $num_new_images";
$result = $site_db->query($sql);
$num_rows = $site_db->get_numrows($result);

replace with
Code: [Select]
$num_new_images = $config['image_cells'];
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name, u.username_clean AS user_name
        FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_active = 1 AND c.cat_id = i.cat_id AND i.cat_id NOT IN (".get_auth_cat_sql("auth_viewcat", "NOTIN").")
        ORDER BY i.image_date DESC
        LIMIT $num_new_images";
$result = $site_db->query($sql);
$num_rows = $site_db->get_numrows($result);




OPEN: top.php


find
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_rating, i.image_votes, c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_rating DESC, i.image_name ASC
        LIMIT 10";
$result = $site_db->query($sql);

replace with
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_rating, i.image_votes, c.cat_name, u.username_clean AS user_name
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_rating DESC, i.image_name ASC
        LIMIT 10";
$result = $site_db->query($sql);

find
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_rating, i.image_votes, c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_votes DESC, i.image_name ASC
        LIMIT 10";

replace with
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_rating, i.image_votes, c.cat_name, u.username_clean AS user_name
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_votes DESC, i.image_name ASC
        LIMIT 10";



find
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_hits, c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_hits DESC, i.image_name ASC
        LIMIT 10";

replace with
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_hits, c.cat_name, u.username_clean AS user_name
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_hits DESC, i.image_name ASC
        LIMIT 10";





find
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_downloads, c.cat_name".get_user_table_field(", u.", "user_name")."
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_downloads DESC, i.image_name ASC
        LIMIT 10";

replace with
Code: [Select]
$sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_hits, c.cat_name, u.username_clean AS user_name
        FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
        LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
        WHERE i.image_active = 1 AND i.cat_id NOT IN ($cat_id_sql) AND i.cat_id = c.cat_id
        $cat_match_sql
        ORDER BY i.image_hits DESC, i.image_name ASC
        LIMIT 10";



OPEN: search.php

find
Code: [Select]
  $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")."
          FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
          WHERE i.image_active = 1
          $sql_where_query
          AND c.cat_id = i.cat_id $cat_id_sql
          ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort']."
          LIMIT $offset, $perpage";


replace with
Code: [Select]
  $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name, u.username_clean AS user_name
          FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
          LEFT JOIN ".PHPBB_USERS_TABLE." u ON (u.user_id = i.user_id)
          WHERE i.image_active = 1
          $sql_where_query
          AND c.cat_id = i.cat_id $cat_id_sql
          ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort']."
          LIMIT $offset, $perpage";


Extract the attached file put the php file in the includes directory of your 4images folder.

AND FINALY at the top of your new sessions.php
find a line
Code: [Select]
define('PHPBB_DIRECTORY', 'http://'.$_SERVER['SERVER_NAME'].'/forums/');
at the end where it says /forums/ <--- your should change that to the directory that your forums are in.
DO THE SAME FOR LINE DIRECTLY BELOW THAT




IF THE MAIN ADMIN UPLOADED MOST OF THE IMAGES IN THE GALLERY YOU CAN RUN THE FOLLOWING SQL IN PHPMYADMIN
Code: [Select]
UPDATE 4images_images SET user_id = 2;


This took alot of time and effort and if you would like to put a link in the footer of your site too http://www.liveanime.org i would really apreciate it :P
You dont have to but would be nice ^^ cheeper than money haha :P

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #2 on: September 06, 2008, 07:00:03 AM »
hello friend ,
         
        i am getting HTTP 500 error friend ... i have tried three times but i couldnt intergrate .......i am using phpbb3
help me ..........

give full details abt intergrate ...........i think u changed now

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #3 on: September 06, 2008, 05:23:37 PM »
A HTTP 500 error is caused by asp, and all of this script is in php as is phpbb and 4images, there must be something else causing the error.

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19080 <---

view that page to see if you can solve your problem.

what database type do you use with phpbb, and 4images

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #4 on: September 07, 2008, 04:33:47 AM »
hi Helium ....
     
   thanks for replying ......i am using same database table for both phpbb3 and 4images ......Is this latest Integration version .....plz give me complete intergration mod information (install)  ..i am little bit confusing


Quote
define('PHPBB_DIRECTORY', 'http://'.$_SERVER['SERVER_NAME'].'/forums/');
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : $_SERVER['DOCUMENT_ROOT'].'/forums/';

i think i have to change root path forums into forum ........

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #5 on: September 08, 2008, 11:43:46 AM »
yeah thats fine, and if your phpbb directory is "forum" then thats what you should change it too, also go to
http://www.communitymx.com/content/article.cfm?cid=A66B8
and tell me what the error is your getting

yes this is the latest version, this is everything that should be done, on a fresh install

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #6 on: September 08, 2008, 01:37:42 PM »
hi helium ...
   
   i am not that much programmer ......i know just basic knowledge only....
   
   I just tried ur mod in free hosting provider called 0fees.net ..where they giving free mysql database..........

   If u want to check it.......i will give the password and username ..or u itself can register that .....


  I tried ..but again its getting HTTP 500 eror ......i checked three times the modification u gave .....

  I think this is a great work by u .........

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #7 on: September 08, 2008, 01:46:12 PM »
  I tried ..but again its getting HTTP 500 eror ......i checked three times the modification u gave .....
Just to be clear, do both 4images and phpBB3 work without this integration?
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #8 on: September 08, 2008, 01:58:16 PM »
yea i both 4images and phpbb checked before this intergration ...........Its works good .........


http://tamizhansaro.0fees.net/gallery/

http://tamizhansaro.0fees.net/forum/

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #9 on: September 08, 2008, 02:36:43 PM »
@helium:

4images by default does support integration with other software. It doesn't need change any mysql queries for that.
All you need to change is session handle, some constants in constants.php and change if needed $user_table_fields array in sessions.php
That should be enough without all these complicated changes in other files as per your mod. ;)

Maybe looking at vBuletin integration mod you'll see what I mean ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #10 on: September 08, 2008, 10:38:09 PM »
In my first attempts, i did try using the simpler method, of just portingthe phpbb2 integration mod but couldn't work it out.

This method works, it may not be the best, and if someone can write a better one then thats cool but this is the best solution i could come up with.

I think the problem may lie within the fact that in phpbb3 the user class is an extension of the sessions class rather than jsut within it??

@sathishIPL: you dont need to be a programmer just follow the steps in the link and tell me the error your getting.................

EDIT /////////////////////////////
ok i may have a solution in the sessions.php
find
Code: (php) [Select]
require($phpbb_root_path.'/includes/db/mysqli.php');

and replace with
Code: (php) [Select]
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
« Last Edit: September 09, 2008, 01:16:58 AM by helium »

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #11 on: September 10, 2008, 06:59:01 AM »
hi helium ...
   
  I am going to start a website next month....i will tested in that and i will tell u whats the error causing to me  .........

Offline matteo260

  • Pre-Newbie
  • Posts: 6
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #12 on: September 13, 2008, 04:56:29 PM »
Hi Helium,

I get the error:

Fatal error: Call to undefined function: stripos() in ..../forums/includes/sessions.php on line 1357

when I want to send a comment.

Offline helium

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Live Anime
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #13 on: September 14, 2008, 12:02:24 AM »
ah sorry my bad, i think this is because your using a verision of php less than 5, but here the solution, i think :P

at the end of the phpbb_functions.php that i attached add this code on a new line previous to the ?>

Code: [Select]
if (!function_exists('stripos'))
{
/**
* A wrapper for the PHP5 function stripos
* Find position of first occurrence of a case-insensitive string
*
* @param string $haystack is the string to search in
* @param string $needle is the string to search for
*
* @return mixed Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive.
* Note that the needle may be a string of one or more characters.
* If needle is not found, stripos() will return boolean FALSE.
*/
function stripos($haystack, $needle)
{
if (preg_match('#' . preg_quote($needle, '#') . '#i', $haystack, $m))
{
return strpos($haystack, $m[0]);
}

return false;
}
}

Let me know if that works ^^

Offline matteo260

  • Pre-Newbie
  • Posts: 6
    • View Profile
Re: [MOD] PHPBB3 Integration v0.9 helium
« Reply #14 on: September 15, 2008, 12:39:45 PM »
Thanks Helium,

but it did not help out.

The respective line of the sessions.php

if (!(stripos($ref , $host) === 0))

I am working on a php 4.4.8

May be it is connected with an other error:

Under the names and comments of the pictures I can not get the German umlaut (vowel mutation): means no "a","u","o" with the doublepoints on it. In the categories description however the spelling is in correct German.

With your former integration mod for phpbb3 there were no problems regarding the language. The error must be in the sessions.php as I get no writing error when I use your former sessions.php



Besides: In my opinion there must be an error in your first part of the sessions.php above:


 /**
         * If a guest user is surfing, we try to guess his/her language first by obtaining the browser language
         * If re-enabled we need to make sure only those languages installed are checked
         * Commented out so we do not loose the code.

         if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
         {
            $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);

            ..............................................................            }
         }
         */
      }

      // We include common language file here to not load it every time a custom language file is included




The red part should move below the other asteriscs on top.
« Last Edit: September 16, 2008, 11:54:02 AM by matteo260 »