Permalink
Browse files

Merge branch 'master' of git://gitorious.org/fluxbb/fluxbb

  • Loading branch information...
2 parents caf6e4d + 813ed59 commit 0b8538115ac42bde2001764230f7a572c66a4b9b @Quy Quy committed Jul 28, 2010
Showing with 62 additions and 50 deletions.
  1. +3 −5 admin_bans.php
  2. +2 −2 admin_users.php
  3. +1 −1 db_update.php
  4. +1 −1 include/common.php
  5. +1 −1 include/functions.php
  6. +14 −8 install.php
  7. +10 −2 moderate.php
  8. +1 −1 search.php
  9. +10 −2 userlist.php
  10. +19 −27 viewforum.php
View
8 admin_bans.php
@@ -28,12 +28,10 @@
// If the ID of the user to ban was provided through GET (a link from profile.php)
if (isset($_GET['add_ban']))
{
- $add_ban = intval($_GET['add_ban']);
- if ($add_ban < 2)
+ $user_id = intval($_GET['add_ban']);
+ if ($user_id < 2)
message($lang_common['Bad request']);
- $user_id = $add_ban;
-
$result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($group_id, $ban_user, $ban_email) = $db->fetch_row($result);
@@ -121,7 +119,7 @@
<tr>
<th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th>
<td>
- <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" tabindex="3" />
+ <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo $ban_email; ?>" tabindex="3" />
<span><?php echo $lang_admin_bans['E-mail help'] ?></span>
</td>
</tr>
View
4 admin_users.php
@@ -123,9 +123,9 @@
if (isset($_GET['show_users']))
{
- $ip = $_GET['show_users'];
+ $ip = trim($_GET['show_users']);
- if (!@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip) && !@preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $ip))
+ if (!@preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $ip) && !@preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $ip))
message($lang_admin_users['Bad IP message']);
// Fetch user count
View
2 db_update.php
@@ -7,7 +7,7 @@
*/
// The FluxBB version this script updates to
-define('UPDATE_TO', '1.4.0');
+define('UPDATE_TO', '1.4.1');
define('UPDATE_TO_DB_REVISION', 8);
define('UPDATE_TO_SI_REVISION', 1);
View
2 include/common.php
@@ -10,7 +10,7 @@
exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');
// Define the version and database revision that this code was written for
-define('FORUM_VERSION', '1.4.0');
+define('FORUM_VERSION', '1.4.1');
define('FORUM_DB_REVISION', 8);
define('FORUM_SI_REVISION', 1);
View
2 include/functions.php
@@ -741,7 +741,7 @@ function censor_words($text)
for ($i = 0; $i < $num_words; ++$i)
{
list($search_for[$i], $replace_with[$i]) = $db->fetch_row($result);
- $search_for[$i] = '/\b('.str_replace('\*', '\w*?', preg_quote($search_for[$i], '/')).')\b/i';
+ $search_for[$i] = '/(?<=\W)('.str_replace('\*', '\w*?', preg_quote($search_for[$i], '/')).')(?=\W)/i';
}
}
View
22 install.php
@@ -7,7 +7,7 @@
*/
// The FluxBB version this script installs
-define('FORUM_VERSION', '1.4.0');
+define('FORUM_VERSION', '1.4.1');
define('FORUM_DB_REVISION', 8);
define('FORUM_SI_REVISION', 1);
@@ -122,7 +122,7 @@ function generate_config_file()
if (substr($base_url, -1) == '/')
$base_url = substr($base_url, 0, -1);
- $db_type = $db_name = $db_username = $db_password = $db_prefix = $username = $email = $password1 = $password2 = '';
+ $db_type = $db_name = $db_username = $db_prefix = $username = $email = '';
$db_host = 'localhost';
$title = 'My FluxBB forum';
$description = '<p><span>Unfortunately no one can be told what FluxBB is - you have to see it for yourself.</span></p>';
@@ -135,7 +135,8 @@ function generate_config_file()
$db_host = pun_trim($_POST['req_db_host']);
$db_name = pun_trim($_POST['req_db_name']);
$db_username = pun_trim($_POST['db_username']);
- $db_password = pun_trim($_POST['db_password']);
+ $db_password1 = pun_trim($_POST['db_password1']);
+ $db_password2 = pun_trim($_POST['db_password2']);
$db_prefix = pun_trim($_POST['db_prefix']);
$username = pun_trim($_POST['req_username']);
$email = strtolower(pun_trim($_POST['req_email']));
@@ -152,6 +153,10 @@ function generate_config_file()
if (substr($base_url, -1) == '/')
$base_url = substr($base_url, 0, -1);
+ // Validate database password
+ if ($db_password1 != $db_password2)
+ $alerts[] = 'Database passwords do not match.';
+
// Validate username and passwords
if (pun_strlen($username) < 2)
$alerts[] = 'Usernames must be at least 2 characters long.';
@@ -348,7 +353,8 @@ function process_form(the_form)
<div class="infldset">
<p>Enter the username and password with which you connect to the database. Ignore for SQLite.</p>
<label class="conl">Database username<br /><input type="text" name="db_username" value="<?php echo pun_htmlspecialchars($db_username) ?>" size="30" maxlength="50" /><br /></label>
- <label class="conl">Database password<br /><input type="password" name="db_password" value="<?php echo pun_htmlspecialchars($db_password) ?>" size="30" maxlength="50" /><br /></label>
+ <label class="conl">Database password<br /><input type="password" name="db_password1" size="30" maxlength="50" /><br /></label>
+ <label class="conl">Confirm database password<br /><input type="password" name="db_password2" size="30" maxlength="50" /><br /></label>
<div class="clearer"></div>
</div>
</fieldset>
@@ -380,8 +386,8 @@ function process_form(the_form)
<legend>Enter and confirm Administrator's password</legend>
<div class="infldset">
<p>Passwords must be at least 4 characters long. Passwords are case sensitive.</p>
- <label class="conl required"><strong>Password <span>(Required)</span></strong><br /><input id="req_password1" type="password" name="req_password1" value="<?php echo pun_htmlspecialchars($password1) ?>" size="16" /><br /></label>
- <label class="conl required"><strong>Confirm password <span>(Required)</span></strong><br /><input type="password" name="req_password2" value="<?php echo pun_htmlspecialchars($password2) ?>" size="16" /><br /></label>
+ <label class="conl required"><strong>Password <span>(Required)</span></strong><br /><input id="req_password1" type="password" name="req_password1" size="16" /><br /></label>
+ <label class="conl required"><strong>Confirm password <span>(Required)</span></strong><br /><input type="password" name="req_password2" size="16" /><br /></label>
<div class="clearer"></div>
</div>
</fieldset>
@@ -521,7 +527,7 @@ function process_form(the_form)
}
// Create the database object (and connect/select db)
- $db = new DBLayer($db_host, $db_username, $db_password, $db_name, $db_prefix, false);
+ $db = new DBLayer($db_host, $db_username, $db_password1, $db_name, $db_prefix, false);
// Validate prefix
if (strlen($db_prefix) > 0 && (!preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', $db_prefix) || strlen($db_prefix) > 40))
@@ -1695,7 +1701,7 @@ function process_form(the_form)
<input type="hidden" name="db_host" value="<?php echo $db_host; ?>" />
<input type="hidden" name="db_name" value="<?php echo pun_htmlspecialchars($db_name); ?>" />
<input type="hidden" name="db_username" value="<?php echo pun_htmlspecialchars($db_username); ?>" />
- <input type="hidden" name="db_password" value="<?php echo pun_htmlspecialchars($db_password); ?>" />
+ <input type="hidden" name="db_password" value="<?php echo pun_htmlspecialchars($db_password1); ?>" />
<input type="hidden" name="db_prefix" value="<?php echo pun_htmlspecialchars($db_prefix); ?>" />
<input type="hidden" name="cookie_name" value="<?php echo pun_htmlspecialchars($cookie_name); ?>" />
<input type="hidden" name="cookie_seed" value="<?php echo pun_htmlspecialchars($cookie_seed); ?>" />
View
12 moderate.php
@@ -790,12 +790,20 @@
<tbody>
<?php
-// Select topics
-$result = $db->query('SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE forum_id='.$fid.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']) or error('Unable to fetch topic list for forum', __FILE__, __LINE__, $db->error());
+
+// Retrieve a list of topic IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
+$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$fid.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC, id DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']) or error('Unable to fetch topic IDs', __FILE__, __LINE__, $db->error());
// If there are topics in this forum
if ($db->num_rows($result))
{
+ $topic_ids = array();
+ for ($i = 0;$cur_topic_id = $db->result($result, $i);$i++)
+ $topic_ids[] = $cur_topic_id;
+
+ // Select topics
+ $result = $db->query('SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topic_ids).') ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC, id DESC') or error('Unable to fetch topic list for forum', __FILE__, __LINE__, $db->error());
+
$button_status = '';
$topic_count = 0;
while ($cur_topic = $db->fetch_assoc($result))
View
2 search.php
@@ -519,7 +519,7 @@
?>
<div class="blockpost<?php echo ($post_count % 2 == 0) ? ' roweven' : ' rowodd' ?><?php if ($cur_search['pid'] == $cur_search['first_post_id']) echo ' firstpost' ?><?php if ($post_count == 1) echo ' blockpost1' ?><?php if ($item_status != '') echo ' '.$item_status ?>">
- <h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?></span> <span><?php if ($cur_search['pid'] != $cur_search['first_post_id']) echo $lang_topic['Re'].' ' ?><?php echo $forum ?></span> <span&#160;<a href="viewtopic.php?id=<?php echo $cur_search['tid'] ?>"><?php echo $cur_search['subject'] ?></a></span> <span&#160;<a href="viewtopic.php?pid=<?php echo $cur_search['pid'].'#p'.$cur_search['pid'] ?>"><?php echo format_time($cur_search['pposted']) ?></a></span></span></h2>
+ <h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?></span> <span><?php if ($cur_search['pid'] != $cur_search['first_post_id']) echo $lang_topic['Re'].' ' ?><?php echo $forum ?></span> <span&#160;<a href="viewtopic.php?id=<?php echo $cur_search['tid'] ?>"><?php echo pun_htmlspecialchars($cur_search['subject']) ?></a></span> <span&#160;<a href="viewtopic.php?pid=<?php echo $cur_search['pid'].'#p'.$cur_search['pid'] ?>"><?php echo format_time($cur_search['pposted']) ?></a></span></span></h2>
<div class="box">
<div class="inbox">
<div class="postbody">
View
12 userlist.php
@@ -132,10 +132,18 @@
<tbody>
<?php
-// Grab the users
-$result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND u.group_id!='.PUN_UNVERIFIED.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.', u.id ASC LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());
+// Retrieve a list of user IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
+$result = $db->query('SELECT u.id FROM '.$db->prefix.'users AS u WHERE u.id>1 AND u.group_id!='.PUN_UNVERIFIED.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.', u.id ASC LIMIT '.$start_from.', 50') or error('Unable to fetch user IDs', __FILE__, __LINE__, $db->error());
+
if ($db->num_rows($result))
{
+ $user_ids = array();
+ for ($i = 0;$cur_user_id = $db->result($result, $i);$i++)
+ $user_ids[] = $cur_user_id;
+
+ // Grab the users
+ $result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id IN('.implode(',', $user_ids).') ORDER BY '.$sort_by.' '.$sort_dir.', u.id ASC') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error());
+
while ($user_data = $db->fetch_assoc($result))
{
$user_title_field = get_title($user_data);
View
46 viewforum.php
@@ -101,38 +101,30 @@
<tbody>
<?php
-// Fetch list of topics to display on this page
-if ($pun_user['is_guest'] || $pun_config['o_show_dot'] == '0')
-{
- // Without "the dot"
- $sql = 'SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
-}
-else
-{
- // With "the dot"
- switch ($db_type)
- {
- case 'mysql':
- case 'mysqli':
- $sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
- break;
-
- case 'sqlite':
- $sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.id IN(SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'].') GROUP BY t.id ORDER BY t.sticky DESC, t.last_post DESC';
- break;
+// Retrieve a list of topic IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
+$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC, id DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']) or error('Unable to fetch topic IDs', __FILE__, __LINE__, $db->error());
- default:
- $sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, p.poster_id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
- break;
+// If there are topics in this forum
+if ($db->num_rows($result))
+{
+ $topic_ids = array();
+ for ($i = 0;$cur_topic_id = $db->result($result, $i);$i++)
+ $topic_ids[] = $cur_topic_id;
+ // Fetch list of topics to display on this page
+ if ($pun_user['is_guest'] || $pun_config['o_show_dot'] == '0')
+ {
+ // Without "the dot"
+ $sql = 'SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topic_ids).') ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC, id DESC';
+ }
+ else
+ {
+ // With "the dot"
+ $sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.id IN('.implode(',', $topic_ids).') GROUP BY t.id'.($db_type == 'pgsql' ? ', t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, p.poster_id' : '').' ORDER BY t.sticky DESC, t.'.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC, t.id DESC';
}
-}
-$result = $db->query($sql) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
+ $result = $db->query($sql) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
-// If there are topics in this forum
-if ($db->num_rows($result))
-{
$topic_count = 0;
while ($cur_topic = $db->fetch_assoc($result))
{

0 comments on commit 0b85381

Please sign in to comment.