Upgrade mod for YaBB SE version 1.5.4 -> 1.5.5 1.0 This mod will upgrade YaBB SE from version 1.5.4 to 1.5.5. Some important security issues are being fixed in this version. YaBB SE Team http://www.yabbse.org/ index.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $YaBBversion = 'YaBB SE 1.5.4'; $YaBBphpver = 'YaBB SE 1.5.4'; $YaBBversion = 'YaBB SE 1.5.5'; $YaBBphpver = 'YaBB SE 1.5.5'; Sources/Profile.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $profilephpver = 'YaBB SE 1.5.4'; $profilephpver = 'YaBB SE 1.5.5'; ' . $memberIP . ' ' . $memberIP . '
Sources/Display.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $displayphpver= 'YaBB SE 1.5.1'; $displayphpver= 'YaBB SE 1.5.5'; $ipInfo = ' ' . $mip . ''; $ipInfo = ' ' . $mip . ''; Sources/Load.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $loadphpver = 'YaBB SE 1.5.1'; /* this function is called from index.php - it loads the cookies for the board and places the critical variables into the right place $username - the username of the logged in person, or 'Guest' $password - the doubly encrypted password stored in the cookie*/ function LoadCookie() { global $password, $username, $cookiename; if (isset($_COOKIE[$cookiename])) { list($username, $password) = @unserialize(stripslashes($_COOKIE[$cookiename])); $username = ($username != '') ? $username : 'Guest'; } $loadphpver = 'YaBB SE 1.5.5'; /* this function is called from index.php - it loads the cookies for the board and places the critical variables into the right place $username - the username of the logged in person, or 'Guest' $password - the doubly encrypted password stored in the cookie*/ function LoadCookie() { global $password, $username, $cookiename, $HTTP_COOKIE_VARS; if (isset($HTTP_COOKIE_VARS[$cookiename])) { list($username, $password) = @unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename])); $username = ($username != '') ? $username : 'Guest'; } Sources/RemoveThread.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $removethreadphpver = 'YaBB SE 1.5.1'; $removethreadphpver = 'YaBB SE 1.5.5'; while ($temp = mysql_fetch_row($request2)) if ($temp[0] != '-1') $request = mysql_query("UPDATE {$db_prefix}members SET posts=posts-1 WHERE ID_MEMBER='$temp[0]';") or database_error(__FILE__, __LINE__); // Check on whether posts count in this board. $request = mysql_query(" SELECT count FROM {$db_prefix}boards WHERE ID_BOARD = $row[ID_BOARD]") or database_error(__FILE__, __LINE__); list ($pcounter) = mysql_fetch_row($request); mysql_free_result($request); // Posts *do* count here, do decrease the poster's post counts. if (empty($pcounter)) while ($temp = mysql_fetch_row($request2)) { if ($temp[0] != '-1') mysql_query("UPDATE {$db_prefix}members SET posts=posts-1 WHERE ID_MEMBER='$temp[0]';") or database_error(__FILE__, __LINE__); } Sources/Subs.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ $subsphpver = 'YaBB SE 1.5.1'; $subsphpver = 'YaBB SE 1.5.5'; for ($i = $yytemplatemain; $i < sizeof($yytemplate); $i++) { $curline = $yytemplate[$i]; if (!$yycopyin && strstr($curline,'')) // Update the copyright in a lazy-ish manner, because we don't want to touch the language files. $yycopyright = strtr($yycopyright, array('2003' => '2004')); for ($i = $yytemplatemain; $i < sizeof($yytemplate); $i++) { $curline = $yytemplate[$i]; if (!$yycopyin && strstr($curline,'')) function sendmail($to, $subject, $message, $from = null) { global $mailtype, $webmaster_email, $modSettings; $chunkSize = 50; $to_array = (is_array($to) ? $to : array($to)); if ($from == null) $from = $webmaster_email; $subject = stripslashes($subject); $subject = str_replace(array('"', ''', '&', '<', '>'), array('"', '\'', '&', '<', '>'), $subject); $message = stripslashes($message); $headers = "MIME-Version: 1.0\r\n"; $headers .= "From: <$webmaster_email>\r\n"; $headers .= "Return-Path: $webmaster_email"; if ($modSettings['mail_type'] == 'sendmail') foreach ($to_array as $to) $mail_result = mail($to, $subject, $message, $headers); else smtp_mail($to_array, $subject, $message, $headers); return $mail_result; } function smtp_mail($mail_to_array, $subject, $message, $headers) { global $modSettings, $webmaster_email; if (!$socket = fsockopen($modSettings['smtp_host'], 25, $errno, $errstr, 20)) fatal_error("Could not connect to smtp host : $errno : $errstr"); server_parse($socket, '220'); if ($modSettings['smtp_username'] != '' && $modSettings['smtp_password'] != '') { fputs($socket, "EHLO $modSettings[smtp_host]\r\n"); server_parse($socket, '250'); fputs($socket, "AUTH LOGIN\r\n"); server_parse($socket, '334'); fputs($socket, base64_encode($modSettings['smtp_username']) . "\r\n"); server_parse($socket, '334'); fputs($socket, base64_encode($modSettings['smtp_password']) . "\r\n"); server_parse($socket, '235'); } else { fputs($socket, 'HELO ' . $modSettings['smtp_host'] . "\r\n"); server_parse($socket, '250'); } foreach($mail_to_array as $mail_to) { fputs($socket, "MAIL FROM: <$webmaster_email>\r\n"); server_parse($socket, '250'); $to_header = "To: <$mail_to>"; fputs($socket, "RCPT TO: <$mail_to>\r\n"); server_parse($socket, '250'); fputs($socket, "DATA\r\n"); server_parse($socket, '354'); fputs($socket, "Subject: $subject\r\n"); if (strlen($mail_to)) fputs($socket, "$to_header\r\n"); fputs($socket, "$headers\r\n\r\n"); fputs($socket, "$message\r\n"); fputs($socket, ".\r\n"); server_parse($socket, '250'); fputs($socket, "RSET\r\n"); server_parse($socket, '250'); } fputs($socket, "QUIT\r\n"); fclose($socket); } function server_parse($socket, $response) { while (substr($server_response, 3, 1) != ' ') if (!($server_response = fgets($socket, 256))) fatal_error('Couldn\'t get mail server response codes'); if (!(substr($server_response, 0, 3) == $response)) fatal_error("Ran into problems sending Mail. Error: $server_response"); } // Send off an email. function sendmail($to, $subject, $message, $from = null) { global $webmaster_email, $mbname, $modSettings; // If the recipient list isn't an array, make it one. $to_array = is_array($to) ? $to : array($to); // Get rid of slashes and entities. $subject = un_html_entities(stripslashes($subject)); // Make the message use \r\n's only. $message = str_replace(array("\r", "\n"), array('', "\r\n"), stripslashes($message)); // Construct the mail headers... $headers = 'From: "' . addcslashes($from !== null ? $from : $mbname, '<>[]()\'\\"') . '" <' . $webmaster_email . ">\r\n"; $headers .= $from !== null ? 'Reply-To: <' . $from . ">\r\n" : ''; $headers .= 'Return-Path: ' . $webmaster_email . "\r\n"; $headers .= 'Date: ' . gmdate('D, d M Y H:i:s') . ' +0000'; // SMTP or sendmail? if ($modSettings['mail_type'] == 'sendmail') foreach ($to_array as $to) $mail_result = mail(str_replace(array("\r", "\n"), array('', ' '), $to), str_replace(array("\r", "\n"), array('', ' '), $subject), $message, $headers); else $mail_result = smtp_mail($to_array, $subject, $message, "MIME-Version: 1.0\r\n" . $headers); // Everything go smoothly? return $mail_result; } // Send an email via SMTP. function smtp_mail($mail_to_array, $subject, $message, $headers) { global $modSettings, $webmaster_email; if (!$socket = fsockopen($modSettings['smtp_host'], 25, $errno, $errstr, 20)) fatal_error("Could not connect to smtp host : $errno : $errstr"); if (!server_parse($socket, '220')) return false; if ($modSettings['smtp_username'] != '' && $modSettings['smtp_password'] != '') { fputs($socket, 'EHLO ' . $modSettings['smtp_host'] . "\r\n"); if (!server_parse($socket, '250')) return false; fputs($socket, "AUTH LOGIN\r\n"); if (!server_parse($socket, '334')) return false; fputs($socket, base64_encode($modSettings['smtp_username']) . "\r\n"); if (!server_parse($socket, '334')) return false; fputs($socket, base64_encode($modSettings['smtp_password']) . "\r\n"); if (!server_parse($socket, '235')) return false; } else { fputs($socket, 'HELO ' . $modSettings['smtp_host'] . "\r\n"); if (!server_parse($socket, '250')) return false; } foreach ($mail_to_array as $mail_to) { fputs($socket, 'MAIL FROM: <' . $webmaster_email . ">\r\n"); if (!server_parse($socket, '250')) return false; fputs($socket, 'RCPT TO: <' . $mail_to . ">\r\n"); if (!server_parse($socket, '250')) return false; fputs($socket, "DATA\r\n"); if (!server_parse($socket, '354')) return false; fputs($socket, 'Subject: ' . $subject . "\r\n"); if (strlen($mail_to)) fputs($socket, 'To: <' . $mail_to . ">\r\n"); fputs($socket, $headers . "\r\n\r\n"); fputs($socket, $message . "\r\n"); fputs($socket, ".\r\n"); if (!server_parse($socket, '250')) return false; fputs($socket, "RSET\r\n"); if (!server_parse($socket, '250')) return false; } fputs($socket, "QUIT\r\n"); fclose($socket); return true; } // Parse a message to the SMTP server. function server_parse($socket, $response) { // No response yet. $server_response = ''; while (substr($server_response, 3, 1) != ' ') if (!($server_response = fgets($socket, 256))) fatal_error('Couldn\'t get mail server response codes'); if (substr($server_response, 0, 3) != $response) fatal_error("Ran into problems sending Mail. Error: $server_response"); return true; } SSI.php /* Software Version: YaBB SE 1.5.1 */ /* Software Version: YaBB SE 1.5.5 */ /* Show a list of topics, the most recent first */ function recentTopics () { /* Show a list of topics, the most recent first */ function recentTopics () { global $settings, $scripturl, $txt, $censored, $db_prefix, $num_recentTopics, $username, $img, $ID_MEMBER, $cgi; //Limit recent topics to 24 hours. Uncomment the following line for more speed //$timeLimit = 24 * 60 * 60; $request = mysql_query(" SELECT t.ID_LAST_MSG FROM {$db_prefix}topics AS t, {$db_prefix}boards AS b, {$db_prefix}categories AS c WHERE b.ID_BOARD = t.ID_BOARD AND c.ID_CAT = b.ID_CAT AND (FIND_IN_SET('$settings[7]', c.memberGroups) != 0 OR c.memberGroups = '' OR '$settings[7]' = 'Administrator' OR '$settings[7]' = 'Global Moderator') " . ($timeLimit > 0 ? 'AND m.posterTime>' . (time() - $timeLimit) : '') . " ORDER BY t.ID_LAST_MSG DESC LIMIT $num_recentTopics") or database_error(__FILE__, __LINE__); $messages = array(); while ($row = mysql_fetch_array($request)) $messages[] = $row['ID_LAST_MSG']; if (count($messages)) { $request = mysql_query(" SELECT m.posterTime, m.subject, m.ID_TOPIC, m.posterName, m.ID_MEMBER, IFNULL(mem.realName, m.posterName) AS posterDisplayName, t.numReplies, t.ID_BOARD, t.ID_FIRST_MSG, b.name AS bName, IFNULL(lt.logTime, 0) AS isRead, IFNULL(lmr.logTime, 0) AS isMarkedRead FROM {$db_prefix}messages AS m, {$db_prefix}topics AS t, {$db_prefix}boards as b LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER=m.ID_MEMBER) LEFT JOIN {$db_prefix}log_topics AS lt ON (lt.ID_TOPIC=t.ID_TOPIC AND lt.ID_MEMBER=$ID_MEMBER) LEFT JOIN {$db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD=t.ID_BOARD AND lmr.ID_MEMBER=$ID_MEMBER) WHERE m.ID_MSG IN (" . implode(',', $messages) . ") AND t.ID_TOPIC=m.ID_TOPIC AND b.ID_BOARD=t.ID_BOARD ORDER BY m.posterTime DESC;") or database_error(__FILE__, __LINE__); if (mysql_num_rows($request) > 0) { $post = ''; while ($row = mysql_fetch_array($request)) { $new = ($row['isRead'] >= $row['posterTime'] || $row['isMarkedRead'] >= $row['posterTime'] ? false : true); if (!$new || $username == 'Guest') $new = ''; else $new = '' . $img['new'] . ''; $post .= ''; if ($row['ID_MEMBER'] != -1) { $euser = urlencode($row['posterName']); $dummy = "$row[posterDisplayName]"; } else $dummy = $row['posterName']; $post .= ' '; } $post .= '
[' . $row['bName'] . '] ' . $row['subject'] . ' ' . $txt[525] . ' ' . $dummy . ' ' . $new . ' ' . timeformat($row['posterTime']) . '
'; } else $post = '---'; } else $post = '---'; CensorTxt($post); echo $post; foreach ($censored as $tmpa => $tmpb) $thepost = str_replace($tmpa,$tmpb,$thepost ); echo $thepost; } /* Show a list of posts, the most recent first */ function recentPosts () { $function(); // Execute Function exit; ob_end_clean(); $function(); // Execute Function exit; //Let's say the headers are always done on any call to SSI functions. $yyheaderdone = 1; $yycopyin = 1; $types_to_register = array('GET', 'POST', 'COOKIE', 'SESSION', 'SERVER'); foreach ($types_to_register as $type) { $arr = @${'HTTP_' . $type . '_VARS'}; if (@count($arr) > 0) extract($arr, EXTR_OVERWRITE); } //Let's say the headers are always done on any call to SSI functions. $yyheaderdone = 1; $yycopyin = 1; $ssiphpver = 'YaBB SE 1.5.1'; /******************************* Settings ********************************/ $ssiphpver = 'YaBB SE 1.5.5'; $types_to_register = array('GET', 'POST', 'COOKIE', 'SESSION', 'SERVER'); foreach ($types_to_register as $type) { $arr = @${'HTTP_' . $type . '_VARS'}; if (@count($arr) > 0) extract($arr, EXTR_OVERWRITE); } /******************************* Settings ********************************/ /*****************************************************************************/ include_once ($full_yabbse_path . '/Settings.php'); /*****************************************************************************/ if (!file_exists($full_yabbse_path . '/Settings.php')) $full_yabbse_path = dirname(__FILE__); include_once ($full_yabbse_path . '/Settings.php'); global $db_prefix,$scripturl; ob_end_clean(); $request = mysql_query("SELECT memberName,realName FROM {$db_prefix}members ORDER BY posts DESC LIMIT 1") or database_error(__FILE__, __LINE__); global $db_prefix,$scripturl; $request = mysql_query("SELECT memberName,realName FROM {$db_prefix}members ORDER BY posts DESC LIMIT 1") or database_error(__FILE__, __LINE__); global $db_prefix,$txt,$scripturl, $num_topBoards; ob_end_clean(); $request = mysql_query("SELECT name, numTopics, numPosts, ID_BOARD FROM {$db_prefix}boards ORDER BY numPosts DESC LIMIT $num_topBoards") or database_error(__FILE__, __LINE__); global $db_prefix,$txt,$scripturl, $num_topBoards; $request = mysql_query("SELECT name, numTopics, numPosts, ID_BOARD FROM {$db_prefix}boards ORDER BY numPosts DESC LIMIT $num_topBoards") or database_error(__FILE__, __LINE__); function topTopicsViews() { global $db_prefix, $txt, $scripturl, $num_topicsViews, $cgi; ob_end_clean(); $request = mysql_query(" function topTopicsViews() { global $db_prefix, $txt, $scripturl, $num_topicsViews, $cgi; $request = mysql_query(" function topTopicsReplies() { global $db_prefix, $txt, $scripturl, $num_topicsReplies, $cgi; ob_end_clean(); $request = mysql_query(" function topTopicsReplies() { global $db_prefix, $txt, $scripturl, $num_topicsReplies, $cgi; $request = mysql_query(" global $db_prefix, $txt, $scripturl, $modSettings; ob_end_clean(); $euser = urlencode($modSettings['latestMember']); global $db_prefix, $txt, $scripturl, $modSettings; $euser = urlencode($modSettings['latestMember']); global $db_prefix, $txt, $scripturl, $modSettings; ob_end_clean(); $latestmember = $modSettings['latestMember']; global $db_prefix, $txt, $scripturl, $modSettings; $latestmember = $modSettings['latestMember']; if ($logOnlinePresence) WriteLog(); ob_end_clean(); $guests = 0; if ($logOnlinePresence) WriteLog(); $guests = 0; ob_end_clean(); print ' echo '
ssi_examples.php << :: YaBB SE SSI.php 1.5.1 :: >> << :: YaBB SE SSI.php 1.5.5 :: >> Current Version 1.5.1

 Current Version 1.5.5

Recent Topic Function: <? recentTopics(); ?>

Recent Topic Function: <? recentTopics(); ?>

Recent Posts Function: <? recentPosts(); ?>
ssi_examples.shtml << :: YaBB SE SSI.php 1.5.1 :: >> << :: YaBB SE SSI.php 1.5.5 :: >> Current Version 1.5.1
 Current Version 1.5.5
 <!--#include virtual="SSI.php?function=recentTopics" -->
<!--#include virtual="SSI.php?function=recentTopics" -->
<!--#include virtual="SSI.php?function=recentPosts" -->