Zeile 6 | Zeile 6 |
---|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $
| * $Id: functions.php 5511 2011-07-25 07:53:32Z Tomm $
|
*/
/**
| */
/**
|
Zeile 349 | Zeile 349 |
---|
* * @param array Array containing module and action to check for */
|
* * @param array Array containing module and action to check for */
|
function check_admin_permissions($action)
| function check_admin_permissions($action, $error = true)
|
{ global $mybb, $page, $lang, $modules_dir;
| { global $mybb, $page, $lang, $modules_dir;
|
Zeile 365 | Zeile 365 |
---|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
| if($error) { $page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit; } else { return false; }
|
} }
| } }
|
Zeile 386 | Zeile 393 |
---|
function get_admin_permissions($get_uid="", $get_gid="") { global $db, $mybb;
|
function get_admin_permissions($get_uid="", $get_gid="") { global $db, $mybb;
|
|
|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
|
|
$gid_array = array(); if($uid === "")
|
$gid_array = array(); if($uid === "")
|
{
| {
|
$uid = $mybb->user['uid']; }
| $uid = $mybb->user['uid']; }
|
Zeile 402 | Zeile 409 |
---|
{ // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
{ // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
|
|
if($mybb->user['additionalgroups']) { $additional_groups = explode(',', $mybb->user['additionalgroups']);
| if($mybb->user['additionalgroups']) { $additional_groups = explode(',', $mybb->user['additionalgroups']);
|
Zeile 500 | Zeile 507 |
---|
if(isset($final_group_perms)) { return $final_group_perms;
|
if(isset($final_group_perms)) { return $final_group_perms;
|
}
| }
|
else { return $perms_def;
| else { return $perms_def;
|
Zeile 564 | Zeile 571 |
---|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
} else
| } else
|
{ $adminoption['permissions'][$tab][$page] = $default; }
| { $adminoption['permissions'][$tab][$page] = $default; }
|
Zeile 610 | Zeile 617 |
---|
{ return false; }
|
{ return false; }
|
if($attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) {
| if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) {
|
// Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
// Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
{
| {
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
}
| }
|
// Are we returning the # of login attempts? if($return_num == true) { return $attempts;
|
// Are we returning the # of login attempts? if($return_num == true) { return $attempts;
|
}
| }
|
// Otherwise are we still locked out? else if($attempts['loginlockoutexpiry'] > TIME_NOW) {
| // Otherwise are we still locked out? else if($attempts['loginlockoutexpiry'] > TIME_NOW) {
|
Zeile 632 | Zeile 638 |
---|
} }
|
} }
|
| return false; }
/** * Checks whether there are any 'security' issues in templates via complex syntax * * @param string The template to be scanned * @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see of $config is in the template if(preg_match("#\\\$(GLOBALS\\s*\\[\\s*'(GLOBALS|config)'\\s*\\]|(config|(GLOBALS\\s*\\[\\s*'mybb'\\s*\\]|mybb)\\s*->\\s*config)(?![A-Za-z0-9_]))#", $template)) { return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template))) { return true; }
|
return false; }
| return false; }
|