Vergleich admin/global.php - 1.2.0 - 1.2.7

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 3Zeile 3
 * MyBB 1.2
* Copyright � 2006 MyBB Group, All Rights Reserved
*

 * MyBB 1.2
* Copyright � 2006 MyBB Group, All Rights Reserved
*

 * Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/eula.html

 *

 *

 * $Id: global.php 2175 2006-08-31 04:27:16Z Tikitiki $

 * $Id: global.php 2932 2007-03-10 05:48:55Z chris $

 */

// Lets pretend we're a level higher

 */

// Lets pretend we're a level higher

Zeile 20Zeile 20
	$config['admin_dir'] = "admin";
}


	$config['admin_dir'] = "admin";
}


require_once dirname(dirname(__FILE__))."/inc/init.php";

require_once "../inc/init.php";


define('MYBB_ADMIN_DIR', MYBB_ROOT.$config['admin_dir'].'/');



define('MYBB_ADMIN_DIR', MYBB_ROOT.$config['admin_dir'].'/');


Zeile 73Zeile 73

if($user['uid'])
{


if($user['uid'])
{

 
		$sid = md5(uniqid(microtime()));


		// Create a new admin session for this user
$admin_session = array(

		// Create a new admin session for this user
$admin_session = array(

			"sid" => md5(uniqid(microtime())),

			"sid" => $sid,

			"uid" => $user['uid'],
"loginkey" => $user['loginkey'],
"ip" => $db->escape_string(get_ip()),

			"uid" => $user['uid'],
"loginkey" => $user['loginkey'],
"ip" => $db->escape_string(get_ip()),

Zeile 83Zeile 85
			"lastactive" => time()
);
$db->insert_query(TABLE_PREFIX."adminsessions", $admin_session);

			"lastactive" => time()
);
$db->insert_query(TABLE_PREFIX."adminsessions", $admin_session);

 
		$url = "index.php?adminsid=$sid";
if($mybb->input['goto'])
{
$url .= "&goto=".urlencode($mybb->input['goto']);
}
header("Location: $url");

	}
}
else if($mybb->input['action'] == "logout")

	}
}
else if($mybb->input['action'] == "logout")

Zeile 100Zeile 108
	}
// Otherwise, check admin session
else

	}
// Otherwise, check admin session
else

	{

	{

		$query = $db->simple_select(TABLE_PREFIX."adminsessions", "*", "sid='".$db->escape_string($mybb->input['adminsid'])."'");
$admin_session = $db->fetch_array($query);

		$query = $db->simple_select(TABLE_PREFIX."adminsessions", "*", "sid='".$db->escape_string($mybb->input['adminsid'])."'");
$admin_session = $db->fetch_array($query);





		// No matching admin session found - show message on login screen
if(!$admin_session['sid'])
{

		// No matching admin session found - show message on login screen
if(!$admin_session['sid'])
{

Zeile 117Zeile 125

// Login key has changed - force logout
if(!$user['uid'] && $user['loginkey'] != $admin_session['loginkey'])


// Login key has changed - force logout
if(!$user['uid'] && $user['loginkey'] != $admin_session['loginkey'])

			{

			{

				unset($user);
}
else

				unset($user);
}
else

Zeile 169Zeile 177

$groupscache = $cache->read("usergroups");
$admingroup = usergroup_permissions($mybbgroups);


$groupscache = $cache->read("usergroups");
$admingroup = usergroup_permissions($mybbgroups);





if($admingroup['cancp'] != "yes" || !$user['uid'])
{
unset($user);
}

if($admingroup['cancp'] != "yes" || !$user['uid'])
{
unset($user);
}





if($user['uid'])
{
$mybbadmin = $mybb->user = $user;

if($user['uid'])
{
$mybbadmin = $mybb->user = $user;

Zeile 185Zeile 193
	if($adminoptions['cpstyle'] && file_exists(MYBB_ADMIN_DIR."styles/{$adminoptions['cpstyle']}/stylesheet.css"))
{
$style = "./styles/{$adminoptions['cpstyle']}/stylesheet.css";

	if($adminoptions['cpstyle'] && file_exists(MYBB_ADMIN_DIR."styles/{$adminoptions['cpstyle']}/stylesheet.css"))
{
$style = "./styles/{$adminoptions['cpstyle']}/stylesheet.css";

	}


	}


	// Update the session information in the DB
if($admin_session['sid'])
{

	// Update the session information in the DB
if($admin_session['sid'])
{

Zeile 221Zeile 229
		if(!empty($_SERVER['QUERY_STRING']))
{
$goto .= '?'.$_SERVER['QUERY_STRING'];

		if(!empty($_SERVER['QUERY_STRING']))
{
$goto .= '?'.$_SERVER['QUERY_STRING'];

			$goto = preg_replace('#(&?|&?|\??)adminsid=([a-zA-Z0-9]{1,32})#i', '', $goto);








			if(strpos($goto, '&') !== false)
{
$goto = preg_replace('#(&?|&?|\??)adminsid=([a-zA-Z0-9]{1,32})(&?|&?)#i', '\\1', $goto);
}
else
{
$goto = preg_replace('#\?adminsid=([a-zA-Z0-9]{1,32})#i', '', $goto);
}

		}
}
else

		}
}
else