Zeile 3 | Zeile 3 |
---|
* MyBB 1.2 * Copyright � 2006 MyBB Group, All Rights Reserved *
|
* MyBB 1.2 * Copyright � 2006 MyBB Group, All Rights Reserved *
|
* Website: http://www.mybboard.com * License: http://www.mybboard.com/eula.html
| * Website: http://www.mybboard.net * License: http://www.mybboard.net/eula.html
|
*
|
*
|
* $Id: global.php 2175 2006-08-31 04:27:16Z Tikitiki $
| * $Id: global.php 2932 2007-03-10 05:48:55Z chris $
|
*/
// Lets pretend we're a level higher
| */
// Lets pretend we're a level higher
|
Zeile 20 | Zeile 20 |
---|
$config['admin_dir'] = "admin"; }
|
$config['admin_dir'] = "admin"; }
|
require_once dirname(dirname(__FILE__))."/inc/init.php";
| require_once "../inc/init.php";
|
define('MYBB_ADMIN_DIR', MYBB_ROOT.$config['admin_dir'].'/');
| define('MYBB_ADMIN_DIR', MYBB_ROOT.$config['admin_dir'].'/');
|
Zeile 73 | Zeile 73 |
---|
if($user['uid']) {
|
if($user['uid']) {
|
| $sid = md5(uniqid(microtime()));
|
// Create a new admin session for this user $admin_session = array(
|
// Create a new admin session for this user $admin_session = array(
|
"sid" => md5(uniqid(microtime())),
| "sid" => $sid,
|
"uid" => $user['uid'], "loginkey" => $user['loginkey'], "ip" => $db->escape_string(get_ip()),
| "uid" => $user['uid'], "loginkey" => $user['loginkey'], "ip" => $db->escape_string(get_ip()),
|
Zeile 83 | Zeile 85 |
---|
"lastactive" => time() ); $db->insert_query(TABLE_PREFIX."adminsessions", $admin_session);
|
"lastactive" => time() ); $db->insert_query(TABLE_PREFIX."adminsessions", $admin_session);
|
| $url = "index.php?adminsid=$sid"; if($mybb->input['goto']) { $url .= "&goto=".urlencode($mybb->input['goto']); } header("Location: $url");
|
} } else if($mybb->input['action'] == "logout")
| } } else if($mybb->input['action'] == "logout")
|
Zeile 100 | Zeile 108 |
---|
} // Otherwise, check admin session else
|
} // Otherwise, check admin session else
|
{
| {
|
$query = $db->simple_select(TABLE_PREFIX."adminsessions", "*", "sid='".$db->escape_string($mybb->input['adminsid'])."'"); $admin_session = $db->fetch_array($query);
|
$query = $db->simple_select(TABLE_PREFIX."adminsessions", "*", "sid='".$db->escape_string($mybb->input['adminsid'])."'"); $admin_session = $db->fetch_array($query);
|
|
|
// No matching admin session found - show message on login screen if(!$admin_session['sid']) {
| // No matching admin session found - show message on login screen if(!$admin_session['sid']) {
|
Zeile 117 | Zeile 125 |
---|
// Login key has changed - force logout if(!$user['uid'] && $user['loginkey'] != $admin_session['loginkey'])
|
// Login key has changed - force logout if(!$user['uid'] && $user['loginkey'] != $admin_session['loginkey'])
|
{
| {
|
unset($user); } else
| unset($user); } else
|
Zeile 169 | Zeile 177 |
---|
$groupscache = $cache->read("usergroups"); $admingroup = usergroup_permissions($mybbgroups);
|
$groupscache = $cache->read("usergroups"); $admingroup = usergroup_permissions($mybbgroups);
|
|
|
if($admingroup['cancp'] != "yes" || !$user['uid']) { unset($user); }
|
if($admingroup['cancp'] != "yes" || !$user['uid']) { unset($user); }
|
|
|
if($user['uid']) { $mybbadmin = $mybb->user = $user;
| if($user['uid']) { $mybbadmin = $mybb->user = $user;
|
Zeile 185 | Zeile 193 |
---|
if($adminoptions['cpstyle'] && file_exists(MYBB_ADMIN_DIR."styles/{$adminoptions['cpstyle']}/stylesheet.css")) { $style = "./styles/{$adminoptions['cpstyle']}/stylesheet.css";
|
if($adminoptions['cpstyle'] && file_exists(MYBB_ADMIN_DIR."styles/{$adminoptions['cpstyle']}/stylesheet.css")) { $style = "./styles/{$adminoptions['cpstyle']}/stylesheet.css";
|
}
| }
|
// Update the session information in the DB if($admin_session['sid']) {
| // Update the session information in the DB if($admin_session['sid']) {
|
Zeile 221 | Zeile 229 |
---|
if(!empty($_SERVER['QUERY_STRING'])) { $goto .= '?'.$_SERVER['QUERY_STRING'];
|
if(!empty($_SERVER['QUERY_STRING'])) { $goto .= '?'.$_SERVER['QUERY_STRING'];
|
$goto = preg_replace('#(&?|&?|\??)adminsid=([a-zA-Z0-9]{1,32})#i', '', $goto);
| if(strpos($goto, '&') !== false) { $goto = preg_replace('#(&?|&?|\??)adminsid=([a-zA-Z0-9]{1,32})(&?|&?)#i', '\\1', $goto); } else { $goto = preg_replace('#\?adminsid=([a-zA-Z0-9]{1,32})#i', '', $goto); }
|
} } else
| } } else
|