בעיה במוד אבטחה בהתחברות עם האפשרות "זכור אותי"

פורום התמיכה במודים לגרסה phpBB2. שימו לב - פורום זה הינו פורום ארכיון. התמיכה במערכת phpBB2 הופסקה.

מנהל: צוות האתר

fl0at
משתמש חדש
משתמש חדש
הודעות: 5
הצטרף: 27/04/2007 ב-17:09:30

בעיה במוד אבטחה בהתחברות עם האפשרות "זכור אותי"

הודעה שלא נקראהעל ידי fl0at » 23/11/2007 ב-02:15:40

יש לי בעיה במוד אבטחה " phpbb security"
זה הלינק: http://planet.nana.co.il/cosmosforum/phpbb_security.rar
ברגע שמשתמש (כל משתמש) מנסה להתחבר לפורום אז אם הוא מסמן את האפשרות "זכור אותי" זה עושה לו את הבעיה הבאה:

קוד: בחר הכל

Warning: Cannot modify header information - headers already sent by (output started at /home/user/domains/***.info/public_html/includes/template.php(127) : eval()'d code:1) in /home/user/domains/***.info/public_html/includes/phpbb_security.php on line 1209
phpBB Security© Thinks You Should Go Away.

ישנה עוגייה שאינה מתאימה לחשבון שלך. אנא הסר את העוגיות שלך והתחבר שנית.
אם אתה חושב שהגעת לעמוד זה בטעות בגלל האתר, צור קשר עם מנהל העל %בדואר אלקטרוני%.


אם לא מסמנים את האפשרות זכור אותי אז אין בעיה..



הנה תוכן הקובץ הבעייתי (לפי מה שהבנתי) אם צריך עוד משהו רק תגידו ^_^
תודה רבה לכל מי שינסה לעזור ולעוזרים כמובן


phpbb_security.php


[code]<?php
/***************************************************************************
* phpbb_security.php
* --------------------
* Version : 1.0.2
* Email : austin@phpbb-amod.com
* Site : http://phpbb-amod.com
* Copyright : aUsTiN-Inc 2003/4
*
***************************************************************************/

#==== Added Per Techie-Micheal's Suggestion. Thanks!
if (!defined('IN_PHPBB'))
die('phpBB Security© Thinks You Should Go Away.');

global $table_prefix, $board_config, $phpbb_root_path, $phpEx;
define('PHPBB_SECURITY', $table_prefix .'phpBBSecurity');
include_once($phpbb_root_path .'language/lang_'. $board_config['default_lang'] .'/lang_phpbb_security.'. $phpEx);

function phpBBSecurity_Error($reason, $add_count)
{
global $board_config, $db, $phpEx, $phpbb_root_path;
include($phpbb_root_path .'language/lang_'. $board_config['default_lang'] .'/lang_phpbb_security.'. $phpEx);

$lang_key = 'PS_die_msg_'. $reason;
$message = '';
$message .= 'phpBB Security© Thinks You Should Go Away.';
$message .= '<br><br>';
$message .= $lang[$lang_key];
$message .= '<br>';
$message .= str_replace('%email%', $board_config['board_email'], $lang['PS_die_msg_email']);

if ($add_count)
{
$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = config_value + 1
WHERE config_name = 'phpBBSecurity_total_attempts'";
$db->sql_query($q);
}

die($message);
exit();
}

function phpBBSecurity_AdminConfigName() { return 'admins_alw'; }
function phpBBSecurity_ModConfigName() { return 'mods_alw'; }
function phpBBSecurity_UseSpecial() { return 'block_unwntd'; }

function phpBBSecurity_Validate($q, $a, $user, $mode, $location)
{
global $userdata, $db, $board_config;

if ( ($mode == 'register') && ($location == 'pre') )
{
if (empty($q) || empty($a))
return phpBBSecurity_MD('1');
}

if ( ($mode == 'editprofile') && (!$userdata['phpBBSecurity_question']) && (!$userdata['phpBBSecurity_answer']) )
{
if (empty($q) || empty($a))
return phpBBSecurity_MD('1');

if (trim($q) != $userdata['phpBBSecurity_question'])
$new_q = trim($q);

if ($a != $userdata['phpBBSecurity_answer'])
$new_a = md5($a);

if ($new_a)
{
$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_answer = '". $new_a ."'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}

if ($new_q)
{
$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_question = '". str_replace("\'", "''", $new_q) ."'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}
}

if ( ($mode == 'editprofile') && ($userdata['phpBBSecurity_question']) && ($userdata['phpBBSecurity_answer']) )
{
if ($board_config['phpBBSecurity_Allow_Change'])
{
if (empty($q) || empty($a))
return phpBBSecurity_MD('1');

if (trim($q) != $userdata['phpBBSecurity_question'])
$new_q = trim($q);

if ($a != $userdata['phpBBSecurity_answer'])
$new_a = md5($a);

if ($new_a)
{
$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_answer = '". $new_a ."'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}

if ($new_q)
{
$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_question = '". str_replace("\'", "''", $new_q) ."'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}
}
}

if ( ($mode == 'register') && ($location == 'post') )
{
if ($user != ANONYMOUS)
{
if (empty($q) || empty($a))
return phpBBSecurity_MD('1');

$new_q = trim($q);
$new_a = md5($a);

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_question = '". str_replace("\'", "''", $new_q) ."', phpBBSecurity_answer = '". $new_a ."'
WHERE user_id = '". $user ."'";
$db->sql_query($q);

}
}
}

function phpBBSecurity_MD($val)
{
global $lang;
if ($val == '1')
message_die(GENERAL_ERROR, $lang['PS_security_one'], $lang['PS_security_error']);

if ($val == '2')
message_die(GENERAL_ERROR, $lang['PS_security_locked'], $lang['PS_security_error']);

if ($val == '3')
message_die(GENERAL_MESSAGE, $lang['PS_security_force'], $lang['PS_security_info']);

if ($val == '4')
message_die(GENERAL_ERROR, $lang['PS_admin_err_one'], $lang['PS_security_error']);

if ($val == '5')
message_die(GENERAL_ERROR, $lang['PS_admin_error_five'], $lang['PS_security_error']);

if ($val == '6')
message_die(GENERAL_ERROR, $lang['PS_admin_error_three'], $lang['PS_security_error']);

if ($val == '7')
message_die(GENERAL_ERROR, $lang['PS_admin_error_four'], $lang['PS_security_error']);

if ($val == '8')
message_die(GENERAL_ERROR, $lang['PS_admin_error_two'], $lang['PS_security_error']);

if ($val == '9')
message_die(GENERAL_ERROR, $lang['PS_login_step_failed'], $lang['PS_security_error']);

if ($val == '10')
message_die(GENERAL_MESSAGE, $lang['PS_login_validated'], $lang['PS_security_info']);

if ($val == '11')
message_die(GENERAL_MESSAGE, $lang['PS_forgot_exp'], $lang['PS_security_info']);
}

function phpBBSecurity_InvalidLogin($user)
{
global $db;

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_login_tries = phpBBSecurity_login_tries + 1
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}

function phpBBSecurity_ResetTries($user)
{
global $db;

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_login_tries = '0', phpBBSecurity_pm_sent = '0'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}

function phpBBSecurity_SetPM($user)
{
global $db;

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_pm_sent = '1'
WHERE user_id = '". $user ."'";
$db->sql_query($q);
}

function phpBBSecurity_CheckTries($user)
{
global $db, $board_config;

$q = "SELECT phpBBSecurity_login_tries, username, phpBBSecurity_pm_sent
FROM ". USERS_TABLE ."
WHERE user_id = '". $user ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);

$tries = intval($row['phpBBSecurity_login_tries']);

if ( (!$row['phpBBSecurity_pm_sent']) && ($board_config['phpBBSecurity_notify_admin']) && ($tries >= intval($board_config['phpBBSecurity_login_limit'])) )
phpBBSecurity_PM($board_config['phpBBSecurity_notify_admin_id'], ANONYMOUS, $row['username']);

if ($tries >= intval($board_config['phpBBSecurity_login_limit']))
return phpBBSecurity_MD('2');
}

function phpBBSecurity_Force()
{
return phpBBSecurity_MD('3');
}

function phpBBSecurity_UpdateConfig($ps_a, $ps_i, $ps_l, $ps_b, $ps_s, $ps_c, $ps_p, $ps_e)
{
global $db, $board_config;
$limit = intval($ps_l);
$a_id = intval($ps_i);
$use = $ps_a;
$sess = intval($ps_s);
$ban_on = $ps_b;
$change = (intval($ps_c) > 0) ? 1 : 0;
$email = (intval($ps_e) > 0) ? 1 : 0;
$prvmsg = (intval($ps_p) > 0) ? 1 : 0;

if (!is_numeric($limit))
return phpBBSecurity_MD('5');

if ($limit < '1')
return phpBBSecurity_MD('4');

if ( ($use) && (!$board_config['phpBBSecurity_notify_admin_id']) && (!$a_id || !is_numeric($a_id)))
return phpBBSecurity_MD('8');

if ( (!is_numeric($a_id)) && (!$board_config['phpBBSecurity_notify_admin_id']) )
return phpBBSecurity_MD('7');

if ( ($a_id < '1') && (!$board_config['phpBBSecurity_notify_admin_id']) )
return phpBBSecurity_MD('6');

if ($a_id)
{
$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$a_id'
WHERE config_name = 'phpBBSecurity_notify_admin_id'";
$db->sql_query($q);
}

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$limit'
WHERE config_name = 'phpBBSecurity_login_limit'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$use'
WHERE config_name = 'phpBBSecurity_notify_admin'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$ban_on'
WHERE config_name = 'phpBBSecurity_auto_ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$sess'
WHERE config_name = 'phpBBSecurity_allowed_sessions'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$change'
WHERE config_name = 'phpBBSecurity_Allow_Change'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$email'
WHERE config_name = 'phpBBSecurity_notify_admin_em'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '$prvmsg'
WHERE config_name = 'phpBBSecurity_notify_admin_pm'";
$db->sql_query($q);
}

function phpBBSecurity_GetName($id)
{
global $db;

$q = "SELECT username
FROM ". USERS_TABLE ."
WHERE user_id = '". $id ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);
$name = $row['username'];
return $name;
}

function phpBBSecurity_ValidateStepOne($ps_username, $ps_email)
{
global $db;

$q = "SELECT user_email
FROM ". USERS_TABLE ."
WHERE username = '". str_replace("\'", "''", $ps_username) ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);
$real_email = $row['user_email'];

if ($real_email != $ps_email)
return phpBBSecurity_MD('9');
}

function phpBBSecurity_ValidateGetQ($ps_username, $ps_email)
{
global $db;

$q = "SELECT phpBBSecurity_question
FROM ". USERS_TABLE ."
WHERE username = '". str_replace("\'", "''", $ps_username) ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);
$q = $row['phpBBSecurity_question'];

return $q;
}

function phpBBSecurity_ValidateStepTwo($ps_username, $ps_answer)
{
global $db;

$q = "SELECT phpBBSecurity_answer, user_id
FROM ". USERS_TABLE ."
WHERE username = '". str_replace("\'", "''", $ps_username) ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);
$answer = $row['phpBBSecurity_answer'];

if (md5($ps_answer) != $answer)
return phpBBSecurity_MD('9');

phpBBSecurity_Validated($row['user_id']);
}

function phpBBSecurity_Validated($user_id)
{
global $db;

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_login_tries = '0'
WHERE user_id = '$user_id'";
$db->sql_query($q);
return phpBBSecurity_MD('10');
}

function phpBBSecurity_Forgot()
{
return phpBBSecurity_MD('11');
}

function phpBBSecurity_QueryString()
{
if (isset($_SERVER['QUERY_STRING']))
return eregi_replace('%09', '%20', $_SERVER['QUERY_STRING']);
elseif (isset($HTTP_SERVER_VARS['QUERY_STRING']))
return eregi_replace('%09', '%20', $HTTP_SERVER_VARS['QUERY_STRING']);
elseif (getenv('QUERY_STRING'))
return eregi_replace('%09', '%20', getenv('QUERY_STRING'));
else
return 'unknown';
}

function phpBBSecurity_IP()
{
if (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown'))
return getenv('REMOTE_ADDR');
elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown'))
return $_SERVER['REMOTE_ADDR'];
else
return 'unknown';
}

function phpBBSecurity_RequestMethod()
{
if (isset($_SERVER['REQUEST_METHOD']))
return $_SERVER['REQUEST_METHOD'];
elseif (isset($HTTP_SERVER_VARS['REQUEST_METHOD']))
return $HTTP_SERVER_VARS['REQUEST_METHOD'];
elseif (getenv('REQUEST_METHOD'))
return getenv('REQUEST_METHOD');
else
return 'unknown';
}

function phpBBSecurity_ServerName()
{
if (isset($_SERVER['SERVER_NAME']))
return $_SERVER['SERVER_NAME'];
elseif (isset($HTTP_SERVER_VARS['SERVER_NAME']))
return $HTTP_SERVER_VARS['SERVER_NAME'];
elseif (getenv('SERVER_NAME'))
return getenv('SERVER_NAME');
else
return 'unknown';
}

function phpBBSecurity_ServerPort()
{
if (intval($_SERVER['SERVER_PORT']))
return $_SERVER['SERVER_PORT'];
elseif (intval($HTTP_SERVER_VARS['SERVER_PORT']))
return $HTTP_SERVER_VARS['SERVER_PORT'];
elseif (getenv('SERVER_PORT'))
return getenv('SERVER_PORT');
else
return 'unknown';
}

function phpBBSecurity_UserAgent()
{
if (isset($_SERVER['HTTP_USER_AGENT']))
return $_SERVER['HTTP_USER_AGENT'];
elseif (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT']))
return $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
elseif (getenv('HTTP_USER_AGENT'))
return getenv('HTTP_USER_AGENT');
else
return '';
}

function phpBBSecurity_Referer()
{
if (isset($_SERVER['HTTP_REFERER']))
return $_SERVER['HTTP_REFERER'];
elseif (isset($HTTP_SERVER_VARS['HTTP_REFERER']))
return $HTTP_SERVER_VARS['HTTP_REFERER'];
elseif (getenv('HTTP_REFERER'))
return getenv('HTTP_REFERER');
else
return '';
}

function phpBBSecurity_ScriptName()
{
if (isset($_SERVER['SCRIPT_NAME']))
return $_SERVER['SCRIPT_NAME'];
elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME']))
return $HTTP_SERVER_VARS['SCRIPT_NAME'];
elseif (getenv('SCRIPT_NAME'))
return getenv('SCRIPT_NAME');
else
return '';
}

function phpBBSecurity_Blocks()
{
#==== Added urldecode to checks, something i forgot to do, pointed out by Techie-Micheal.
global $board_config, $db;
$error = '';
$trick = '';

#==== Referer Check
$disallowed_referers = '';
$disallowed_referers = explode(',', $board_config['phpBBSecurity_disallowed_referers']);
for ($x = 0; $x < count($disallowed_referers); $x++)
{
if (!$disallowed_referers[$x])
break;

if (stristr(phpBBSecurity_Referer(), $disallowed_referers[$x]))
phpBBSecurity_Error('referer', 0);
}

#==== Agent Check
$disallowed_agents = '';
$disallowed_agents = explode(',', $board_config['phpBBSecurity_disallowed_agents']);
for ($x = 0; $x < count($disallowed_agents); $x++)
{
if (!$disallowed_agents[$x])
break;

if (stristr(phpBBSecurity_UserAgent(), $disallowed_agents[$x]))
phpBBSecurity_Error('agent', 0);
}

#==== Ban Check
#-> We have found, quite a few of us, that phpBB's ban system is weak. Instant bans are not always
#-> instant, sometimes they can roam the site for a bit before getting the ban message, etc..
#-> So lets fix that.
$q = "SELECT *
FROM ". BANLIST_TABLE ."
WHERE ban_ip = '". encode_ip(phpBBSecurity_IP()) ."'";
$r = $db->sql_query($q);
$match = $db->sql_fetchrow($r);
if ($match['ban_ip'])
return phpBBSecurity_Error('banned', 0);

#==== DDoS Prevention Help
#==== Since i once made a DDoS attacker, and made prevention help for it, it helps here.
#==== Max Protection
if ($board_config['phpBBSecurity_DDoS_level'] == 1)
{
if ( phpBBSecurity_ServerPort() == 'unknown' || !is_numeric(phpBBSecurity_ServerPort()) || phpBBSecurity_ServerPort() == '' ||
phpBBSecurity_ServerName() == 'unknown' || phpBBSecurity_ServerName() == '' ||
phpBBSecurity_ScriptName() == '' || phpBBSecurity_UserAgent() == '' || phpBBSecurity_UserAgent() == '-'
&& ( phpBBSecurity_RequestMethod() == 'GET' || phpBBSecurity_RequestMethod() == 'POST') )
$trick = 4;
}
#==== Medium Protection
if ($board_config['phpBBSecurity_DDoS_level'] == 2)
{
if (phpBBSecurity_ScriptName() == '' || phpBBSecurity_UserAgent() == '' || phpBBSecurity_UserAgent() == '-'
&& ( phpBBSecurity_RequestMethod() == 'GET' || phpBBSecurity_RequestMethod() == 'POST') )
$trick = 4;
}
#==== Low Protection
if ($board_config['phpBBSecurity_DDoS_level'] == 2)
{
if (phpBBSecurity_UserAgent() == '' || phpBBSecurity_UserAgent() == '-'
&& ( phpBBSecurity_RequestMethod() == 'GET' || phpBBSecurity_RequestMethod() == 'POST') )
$trick = 4;
}

#==== Encoded Characters Prvention
if (stristr(phpBBSecurity_QueryString(),')%252echr('))
$trick = 7;

#==== UNION Prevention Help
if (stristr(phpBBSecurity_QueryString(),'%20union%20') ||
stristr(phpBBSecurity_QueryString(),'*/union/*') ||
stristr(phpBBSecurity_QueryString(),' union ') ||
stristr(urldecode(phpBBSecurity_QueryString()),'%20union%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),'*/union/*') ||
stristr(urldecode(phpBBSecurity_QueryString()),' union ') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'%20union%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'*/union/*') ||
stristr(base64_decode(phpBBSecurity_QueryString()),' union '))
$trick = 2;

#==== Clike Prevention Help
if (stristr(phpBBSecurity_QueryString(),'/*') ||
stristr(urldecode(phpBBSecurity_QueryString()),'/*') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'/*'))
$trick = 1;

#==== SQL Injection Prevention Help
if (phpBBSecurity_RequestMethod() == 'GET')
{
if (stristr(phpBBSecurity_QueryString(),'mysql_query(') ||
stristr(urldecode(phpBBSecurity_QueryString()),'mysql_query(') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'mysql_query('))
$trick = 3;
}

#==== File Writing Prevention Help
if (stristr(phpBBSecurity_QueryString(),'fwrite(') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'fwrite(') ||
stristr(urldecode(phpBBSecurity_QueryString()),'fwrite(') ||
stristr(phpBBSecurity_QueryString(),'fopen(') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'fopen(') ||
stristr(urldecode(phpBBSecurity_QueryString()),'fopen('))
$trick = 5;

#==== Perl Execution Prevention Help
if (stristr(phpBBSecurity_QueryString(),'system(') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'system(') ||
stristr(urldecode(phpBBSecurity_QueryString()),'system('))
$trick = 6;

#==== CBACK Worm Prevention Help
if (stristr(phpBBSecurity_QueryString(),'rush=echo%20_START_') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'rush=echo%20_START_') ||
stristr(urldecode(phpBBSecurity_QueryString()),'rush=echo%20_START_') ||
stristr(phpBBSecurity_QueryString(),'%20cd%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'%20cd%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),'%20cd%20') ||
stristr(phpBBSecurity_QueryString(),'%20/tmp;wget%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'%20/tmp;wget%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),'%20/tmp;wget%20') ||
stristr(phpBBSecurity_QueryString(),'/tmp;wget%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'/tmp;wget%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),'/tmp;wget%20') ||
stristr(phpBBSecurity_QueryString(),'/tmp;wget') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'/tmp;wget') ||
stristr(urldecode(phpBBSecurity_QueryString()),'/tmp;wget') ||
stristr(phpBBSecurity_QueryString(),'%20/tmp;wget') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'%20/tmp;wget') ||
stristr(urldecode(phpBBSecurity_QueryString()),'%20/tmp;wget') ||
stristr(phpBBSecurity_QueryString(),';perl%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),';perl%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),';perl%20') ||
stristr(phpBBSecurity_QueryString(),';wget%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),';wget%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),';wget%20') ||
stristr(phpBBSecurity_QueryString(),'wget%20') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'wget%20') ||
stristr(urldecode(phpBBSecurity_QueryString()),'wget%20') ||
stristr(phpBBSecurity_QueryString(),'%20echo%20_END_') ||
stristr(base64_decode(phpBBSecurity_QueryString()),'%20echo%20_END_') ||
stristr(urldecode(phpBBSecurity_QueryString()),'%20echo%20_END_'))
$trick = 8;

if ($trick)
return $trick;
}

function phpBBSecurity_Admin($user_id, $locked_status, $reset_status)
{
global $db, $board_config;

$q = "SELECT phpBBSecurity_login_tries
FROM ". USERS_TABLE ."
WHERE user_id = '$user_id'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);
$count = $row['phpBBSecurity_login_tries'];
$max = $board_config['phpBBSecurity_login_limit'];

if ($locked_status)
{
if ($count >= $max)
{
$new_count = '0';
$pm_sent = '0';
}
else
{
$new_count = $max;
$pm_sent = '1';
}

$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_login_tries = '$new_count', phpBBSecurity_pm_sent = '$pm_sent'
WHERE user_id = '$user_id'";
$db->sql_query($q);
}

if ($reset_status)
{
$q = "UPDATE ". USERS_TABLE ."
SET phpBBSecurity_answer = '', phpBBSecurity_question = ''
WHERE user_id = '$user_id'";
$db->sql_query($q);
}
}

function phpBBSecurity_PM($to, $from, $locked_id)
{
global $db, $phpbb_root_path, $phpEx, $lang, $user_ip, $board_config, $userdata;
if ($board_config['phpBBSecurity_notify_admin_pm'])
{
$dest_user = intval($to);
$msg_time = time();
$from_id = intval($from);
$subject = $lang['PS_pm_subject'];
$subject2 = 'phpBB Security Alert';
$msg_pass = str_replace('%U%', $locked_id, $lang['PS_pm_message']);
$message = str_replace('%I%', phpBBSecurity_IP(), $msg_pass);
$html_on = 1;
$bbcode_on = 1;
$smilies_on = 1;

include_once($phpbb_root_path .'includes/functions_post.'. $phpEx);
include_once($phpbb_root_path .'includes/bbcode.'. $phpEx);

$privmsg_subject = trim(strip_tags($subject));
$bbcode_uid = make_bbcode_uid();
$privmsg_message = trim(strip_tags($message));

if ( defined('PRIVMSGA_TABLE'))
{
include_once($phpbb_root_path . 'includes/functions_messages.'.$phpEx);
send_pm( 0 , '' , $dest_user , $privmsg_subject, $privmsg_message, '' );
}
else
{
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active
FROM ". USERS_TABLE ."
WHERE user_id = '". $dest_user ."'";
if (!($result = $db->sql_query($sql)))
{
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
$to_userdata = $db->sql_fetchrow($result);

$sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time
FROM ". PRIVMSGS_TABLE ."
WHERE ( privmsgs_type = ". PRIVMSGS_NEW_MAIL ."
OR privmsgs_type = ". PRIVMSGS_READ_MAIL ."
OR privmsgs_type = ". PRIVMSGS_UNREAD_MAIL ." )
AND privmsgs_to_userid = '". $dest_user ."'";
if (!($result = $db->sql_query($sql)))
message_die(GENERAL_MESSAGE, $lang['No_such_user']);

$sql_priority = (SQL_LAYER == 'mysql') ? 'LOW_PRIORITY' : '';

if($inbox_info = $db->sql_fetchrow($result))
{
if ($inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'])
{
$sql = "SELECT privmsgs_id
FROM ". PRIVMSGS_TABLE ."
WHERE ( privmsgs_type = ". PRIVMSGS_NEW_MAIL ."
OR privmsgs_type = ". PRIVMSGS_READ_MAIL ."
OR privmsgs_type = ". PRIVMSGS_UNREAD_MAIL ." )
AND privmsgs_date = ". $inbox_info['oldest_post_time'] . "
AND privmsgs_to_userid = '". $dest_user ."'";
if (!$result = $db->sql_query($sql))
message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (inbox)', '', __LINE__, __FILE__, $sql);

$old_privmsgs_id = $db->sql_fetchrow($result);
$old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];

$sql = "DELETE $sql_priority
FROM ". PRIVMSGS_TABLE ."
WHERE privmsgs_id = '". $old_privmsgs_id ."'";
if (!$db->sql_query($sql))
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (inbox)'.$sql, '', __LINE__, __FILE__, $sql);

$sql = "DELETE $sql_priority
FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id = '". $old_privmsgs_id ."'";
if (!$db->sql_query($sql))
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql);
}
}

$sql_info = "INSERT INTO ". PRIVMSGS_TABLE ."
(privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies)
VALUES ( 1 , '". str_replace("\'", "''", addslashes($privmsg_subject)) ."' , '". $from_id ."', '". $to_userdata['user_id'] ."', $msg_time, '$user_ip' , $html_on, $bbcode_on, $smilies_on)";
if (!$db->sql_query($sql_info))
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql_info);

$privmsg_sent_id = $db->sql_nextid();

$sql = "INSERT INTO ". PRIVMSGS_TEXT_TABLE ." (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", addslashes($privmsg_message)) . "')";
if (!$db->sql_query($sql, END_TRANSACTION))
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);

$sql = "UPDATE ". USERS_TABLE ."
SET user_new_privmsg = user_new_privmsg + 1, user_last_privmsg = " . time() . "
WHERE user_id = '". $to_userdata['user_id'] ."'";
if (!$status = $db->sql_query($sql))
message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
}
phpBBSecurity_SetPM($dest_user);
}

if ($board_config['phpBBSecurity_notify_admin_em'])
{
$dest_user = intval($to);

$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active
FROM ". USERS_TABLE ."
WHERE user_id = '". $dest_user ."'";
if (!($result = $db->sql_query($sql)))
message_die(GENERAL_MESSAGE, $lang['No_such_user']);

$to_userdata = $db->sql_fetchrow($result);
$script_name = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/privmsg.'.$phpEx : 'privmsg.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';

include_once($phpbb_root_path . './includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n\n\n$message\n\n";
$emailer->extra_headers($email_headers);
$emailer->email_address($to_userdata['user_email']);
$emailer->set_subject($subject2);

$emailer->assign_vars(array(
'USERNAME' => $to_userdata['username'],
'SITENAME' => $board_config['sitename'],
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox')
);

$emailer->send();
$emailer->reset();
phpBBSecurity_SetPM($dest_user);
}
}

function phpBBSecurity_Ban($ip, $on, $reason)
{
global $db, $board_config;

$auto_ban = '';
$ignored = '';
$just_block = '';

#==== Make sure what they did is not being ignored by the script
if ( ($reason == 1) && ($board_config['phpBBSecurity_Clike_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 2) && ($board_config['phpBBSecurity_Union_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 3) && ($board_config['phpBBSecurity_SQL_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 4) && ($board_config['phpBBSecurity_DDoS_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 5) && ($board_config['phpBBSecurity_File_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 6) && ($board_config['phpBBSecurity_Perl_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 7) && ($board_config['phpBBSecurity_Encoded_Ban'] == 0) )
$ignored = TRUE;
if ( ($reason == 8) && ($board_config['phpBBSecurity_Cback_Ban'] == 0) )
$ignored = TRUE;

#==== If the script is set to just block it, then we can do that here.
if ( ($reason == 1) && ($board_config['phpBBSecurity_Clike_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 2) && ($board_config['phpBBSecurity_Union_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 3) && ($board_config['phpBBSecurity_SQL_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 4) && ($board_config['phpBBSecurity_DDoS_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 5) && ($board_config['phpBBSecurity_File_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 6) && ($board_config['phpBBSecurity_Perl_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 7) && ($board_config['phpBBSecurity_Encoded_Ban'] == 2) )
$just_block = TRUE;
if ( ($reason == 8) && ($board_config['phpBBSecurity_Cback_Ban'] == 2) )
$just_block = TRUE;

#==== Make sure they have auto-ban on before sending the ban SQL
if ( ($reason == 1) && ($board_config['phpBBSecurity_Clike_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 2) && ($board_config['phpBBSecurity_Union_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 3) && ($board_config['phpBBSecurity_SQL_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 4) && ($board_config['phpBBSecurity_DDoS_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 5) && ($board_config['phpBBSecurity_File_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 6) && ($board_config['phpBBSecurity_Perl_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 7) && ($board_config['phpBBSecurity_Encoded_Ban'] == 1) )
$auto_ban = TRUE;
if ( ($reason == 8) && ($board_config['phpBBSecurity_Cback_Ban'] == 1) )
$auto_ban = TRUE;

#==== If Ignoring It, End The Function
if ($ignored)
return;

#==== If Just Blocking It, Process It
if ($just_block)
{
if ($reason == 1)
phpBBSecurity_Error('clike', 1);
if ($reason == 2)
phpBBSecurity_Error('union', 1);
if ($reason == 3)
phpBBSecurity_Error('sql', 1);
if ($reason == 4)
phpBBSecurity_Error('ddos', 1);
if ($reason == 5)
phpBBSecurity_Error('fwrite', 1);
if ($reason == 6)
phpBBSecurity_Error('perl', 1);
if ($reason == 7)
phpBBSecurity_Error('encoded', 1);
if ($reason == 8)
phpBBSecurity_Error('cback', 1);
}

#==== If We Got This Far, We Are Banning Someone :>
$q = "SELECT ban_id
FROM ". BANLIST_TABLE ."
WHERE ban_ip = '". encode_ip($ip) ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);

if ( ($on || $auto_ban) && (!$ignored) && (!$just_block) )
{
if (!$row['ban_id'])
{
if ($ip != 'unknown')
{
$q = "INSERT INTO ". BANLIST_TABLE ."
(ban_ip) VALUES ('". encode_ip($ip) ."')";
$db->sql_query($q);

$q = "DELETE FROM ". SESSIONS_TABLE ."
WHERE session_ip = '". encode_ip($ip) ."'";
$db->sql_query($q);
}
}
phpBBSecurity_BanTwo($ip, $reason);
}
}

function phpBBSecurity_BanTwo($ip, $reason)
{
global $db, $phpbb_root_path, $board_config, $phpEx, $lang;
$trick = '';

if ($reason == '1')
$trick = $lang['PS_clike'];
if ($reason == '2')
$trick = $lang['PS_union'];
if ($reason == '3')
$trick = $lang['PS_sql'];
if ($reason == '4')
$trick = $lang['PS_ddos'];
if ($reason == '5')
$trick = $lang['PS_fopen_fwrite'];
if ($reason == '6')
$trick = $lang['PS_system'];
if ($reason == '7')
$trick = $lang['PS_chr'];
if ($reason == '8')
$trick = $lang['PS_cback'];

$q = "SELECT *
FROM ". PHPBB_SECURITY ."
WHERE ban_ip = '". encode_ip($ip) ."'";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);

if ($row['ban_id'])
{
$q = "UPDATE ". PHPBB_SECURITY ."
SET ban_attempts = ban_attempts + 1
WHERE ban_id = '". $row['ban_id'] ."'";
$db->sql_query($q);
}
else
{
$q = "INSERT INTO ". PHPBB_SECURITY ."
VALUES ('', '". encode_ip($ip) ."', '". $trick ."', '". time() ."', '0', '". $_SERVER['PHP_SELF'] . '?' . phpBBSecurity_QueryString() ."')";
$db->sql_query($q);
}

if ($reason == 1)
phpBBSecurity_Error('clike', 1);
if ($reason == 2)
phpBBSecurity_Error('union', 1);
if ($reason == 3)
phpBBSecurity_Error('sql', 1);
if ($reason == 4)
phpBBSecurity_Error('ddos', 1);
if ($reason == 5)
phpBBSecurity_Error('fwrite', 1);
if ($reason == 6)
phpBBSecurity_Error('perl', 1);
if ($reason == 7)
phpBBSecurity_Error('encoded', 1);
if ($reason == 8)
phpBBSecurity_Error('cback', 1);
}

function phpBBSecurity_MaxSessions($count)
{
global $db;

$q = "SELECT session_id
FROM ". SESSIONS_TABLE ."
WHERE session_user_id <> '". ANONYMOUS ."'";
$r = $db->sql_query($q);
$amount = $db->sql_numrows($r);

#==== We are deleting user sessions because of mods such as users
#==== of the day, if guests get deleted, these mods wont work right
#==== & new users cant register!
if ($amount >= $count)
{
$q = "DELETE FROM ". SESSIONS_TABLE ."
WHERE session_user_id <> '". ANONYMOUS ."'";
$db->sql_query($q);
}
}

function phpBBSecurity_Caught($start, $stop)
{
global $db;
$start = (intval($start) > 0) ? intval($start) : 0;

$q = "SELECT *
FROM ". PHPBB_SECURITY ."
LIMIT $start, $stop";
$r = $db->sql_query($q);
$caught_info = $db->sql_fetchrowset($r);

return $caught_info;
}

function phpBBSecurity_Total()
{
global $db;

$q = "SELECT *
FROM ". PHPBB_SECURITY ."";
$r = $db->sql_query($q);
$caught_count = $db->sql_numrows($r);

return $caught_count;
}

function phpBBSecurity_OldestAdmin()
{
global $db;

$q = "SELECT user_id
FROM ". USERS_TABLE ."
WHERE user_level = ". ADMIN ."
AND user_id > '0'
ORDER BY user_id ASC
LIMIT 1";
$r = $db->sql_query($q);
$row = $db->sql_fetchrow($r);

return $row['user_id'];
}

function phpBBSecurity_Elimination($max_admins, $max_mods, $id)
{
global $db, $board_config;

if ($board_config[phpBBSecurity_UseSpecial()])
{
$q = "SELECT *
FROM ". USERS_TABLE ."
WHERE user_level = '". ADMIN ."'
ORDER BY user_id ASC";
$r = $db->sql_query($q);
$row = $db->sql_fetchrowset($r);

for ($a = 0; $a < count($row); $a++)
{
if ($row[$a]['user_id'] <= '0')
{
return phpBBSecurity_Error('staff', 1);
break;
}

if ( ($row[$a]['user_level'] == ADMIN) && ($a >= $max_admins) && ($row[$a]['user_id'] == $id) )
{
return phpBBSecurity_Error('staff', 1);
break;
}
}

$q = "SELECT *
FROM ". USERS_TABLE ."
WHERE user_level = '". MOD ."'
ORDER BY user_id ASC";
$r = $db->sql_query($q);
$row = $db->sql_fetchrowset($r);

for ($a = 0; $a < count($row); $a++)
{
if ($row[$a]['user_id'] <= '0')
{
return phpBBSecurity_Error('staff', 1);
break;
}

if ( ($row[$a]['user_level'] == MOD) && ($a >= $max_mods) && ($row[$a]['user_id'] == $id) )
{
return phpBBSecurity_Error('staff', 1);
break;
}
}
}
}

function phpBBSecurity_SpecialCount()
{
global $db;

$q = "SELECT user_id
FROM ". USERS_TABLE ."
WHERE user_level = '". MOD ."'";
$r = $db->sql_query($q);
$mod = $db->sql_numrows($r);

$q = "SELECT user_id
FROM ". USERS_TABLE ."
WHERE user_level = '". ADMIN ."'";
$r = $db->sql_query($q);
$admin = $db->sql_numrows($r);

return ($admin .'%SPLIT%'. $mod);
}

function phpBBSecurity_UpdateSpecial($admins, $mods, $enable, $ddos, $clike, $cback, $chr, $sql_inj, $perl, $union, $file)
{
global $db;

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $ddos ."'
WHERE config_name = 'phpBBSecurity_DDoS_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $clike ."'
WHERE config_name = 'phpBBSecurity_Clike_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $cback ."'
WHERE config_name = 'phpBBSecurity_Cback_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $chr ."'
WHERE config_name = 'phpBBSecurity_Encoded_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $sql_inj ."'
WHERE config_name = 'phpBBSecurity_SQL_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $perl ."'
WHERE config_name = 'phpBBSecurity_Perl_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $union ."'
WHERE config_name = 'phpBBSecurity_Union_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $file ."'
WHERE config_name = 'phpBBSecurity_File_Ban'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $enable ."'
WHERE config_name = '". phpBBSecurity_UseSpecial() ."'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $admins ."'
WHERE config_name = '". phpBBSecurity_AdminConfigName() ."'";
$db->sql_query($q);

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". $mods ."'
WHERE config_name = '". phpBBSecurity_ModConfigName() ."'";
$db->sql_query($q);
}

function phpBBSecurity_FinalSet()
{
global $userdata;
#==== Make sure everything stays as it should no matter what
if ($userdata['user_id'] == ANONYMOUS)
$userdata['user_id'] = ANONYMOUS;
if ($userdata['user_level'] == USER)
$userdata['user_level'] = USER;
if ($userdata['user_level'] == MOD)
$userdata['user_level'] = MOD;
if ($userdata['user_level'] == ADMIN)
$userdata['user_level'] = ADMIN;
}

function phpBBSecurity_Cookies()
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $userdata;

$cookie = $board_config['cookie_name'];

if (isset($HTTP_COOKIE_VARS[$cookie .'_sid']) || isset($HTTP_COOKIE_VARS[$cookie .'_data']))
$data = isset($HTTP_COOKIE_VARS[$cookie .'_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie .'_data'])) : array();

if ($data['autologinid'] != '')
$cookie_users_pass = $data['autologinid'];

$cookie_users_id = $data['userid'];
$viewing_users_pass = $userdata['user_password'];
$viewing_users_id = $userdata['user_id'];

#==== They have auto login on, see if we have a pw match, if not, error out!
if ( ($cookie_users_pass) && ($cookie_users_id) )
{
#==== Id match, nexttttt
if ($viewing_users_id == $cookie_users_id )
{
#==== Password Mismatch
if ($viewing_users_pass != $cookie_users_pass)
{
#==== Empty the cookie since its not right anyways
setcookie($cookie .'_data', '', time(), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#==== Error Out
phpBBSecurity_Error('cookies', 1);
}
}
}
}


function phpBBSecurity_DBBackup()
{
global $board_config, $phpbb_root_path, $phpEx;
global $db, $lang, $user_ip, $userdata;
global $dbuser, $dbpasswd, $dbhost, $dbname;

$today = date('d');
$last_backup = $board_config['phpBBSecurity_last_backup_date'];
$backup_time = $board_config['phpBBSecurity_backup_time'];
$use_backup = $board_config['phpBBSecurity_backup_on'];
$backup_folder = $board_config['phpBBSecurity_backup_folder'];
$backup_file = $board_config['phpBBSecurity_backup_filename'];

if ($use_backup)
{
if ( ($last_backup != $today) && (date('H') >= $backup_time) )
{
system("/usr/bin/mysqldump -u". $dbuser ." -p". $dbpasswd ." -h ". $dbhost ." ". $dbname ." > ". (($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : $HTTP_SERVER_VARS['DOCUMENT_ROOT']) . $board_config['script_path'] . $backup_folder ."/". $backup_file ."-". time() .".sql", $fp);

if ($fp == 0)
$msg = 'Your Daily Database Backup Was Completed.';
else
$msg = 'Your Daily Database Backup Failed.';

$q = "UPDATE ". CONFIG_TABLE ."
SET config_value = '". date('d') ."'
WHERE config_name = 'phpBBSecurity_last_backup_date'";
$db->sql_query($q);

$dest_user = intval(phpBBSecurity_OldestAdmin());
$msg_time = time();
$from_id = intval(phpBBSecurity_OldestAdmin());
$subject = 'phpBB Security Update';
$message = $msg;
$html_on = 1;
$bbcode_on = 1;
$smilies_on = 1;

include_once($phpbb_root_path .'includes/functions_post.'. $phpEx);
include_once($phpbb_root_path .'includes/bbcode.'. $phpEx);

$privmsg_subject = trim(strip_tags($subject));
$bbcode_uid = make_bbcode_uid();
$privmsg_message = trim(strip_tags($message));

if ( defined('PRIVMSGA_TABLE'))
{
include_once($phpbb_root_path . 'includes/functions_messages.'.$phpEx);
send_pm( 0 , '' , $dest_user , $privmsg_subject, $privmsg_message, '' );
}
else
{
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active
FROM ". USERS_TABLE ."
WHERE user_id = '". $dest_user ."'";
$result = $db->sql_query($sql);
$to_userdata = $db->sql_fetchrow($result);

$sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time
FROM ". PRIVMSGS_TABLE ."
WHERE ( privmsgs_type = ". PRIVMSGS_NEW_MAIL ."
OR privmsgs_type = ". PRIVMSGS_READ_MAIL ."
OR privmsgs_type = ". PRIVMSGS_UNREAD_MAIL ." )
AND privmsgs_to_userid = '". $dest_user ."'";
$result = $db->sql_query($sql);

$sql_priority = (SQL_LAYER == 'mysql') ? 'LOW_PRIORITY' : '';

if($inbox_info = $db->sql_fetchrow($result))
{
if ($inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'])
{
$sql = "SELECT privmsgs_id
FROM ". PRIVMSGS_TABLE ."
WHERE ( privmsgs_type = ". PRIVMSGS_NEW_MAIL ."
OR privmsgs_type = ". PRIVMSGS_READ_MAIL ."
OR privmsgs_type = ". PRIVMSGS_UNREAD_MAIL ." )
AND privmsgs_date = ". $inbox_info['oldest_post_time'] . "
AND privmsgs_to_userid = '". $dest_user ."'";
if (!$

חזור אל “תמיכה במודים - ארכיון”

מי מחובר

משתמשים הגולשים בפורום זה: אין משתמשים רשומים ו־ 3 אורחים