| Zeile 6 | Zeile 6 |
|---|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $
| * $Id: functions.php 5544 2011-08-08 15:41:40Z Tomm $
|
*/
/**
| */
/**
|
| Zeile 349 | Zeile 349 |
|---|
*
* @param array Array containing module and action to check for
*/
|
*
* @param array Array containing module and action to check for
*/
|
function check_admin_permissions($action)
| function check_admin_permissions($action, $error = true)
|
{
global $mybb, $page, $lang, $modules_dir;
| {
global $mybb, $page, $lang, $modules_dir;
|
| Zeile 365 | Zeile 365 |
|---|
$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{
|
$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{
|
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
| if($error)
{
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
}
else
{
return false;
}
|
}
}
| }
}
|
| Zeile 386 | Zeile 393 |
|---|
function get_admin_permissions($get_uid="", $get_gid="")
{
global $db, $mybb;
|
function get_admin_permissions($get_uid="", $get_gid="")
{
global $db, $mybb;
|
|
|
// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;
|
// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;
|
|
|
$gid_array = array();
if($uid === "")
|
$gid_array = array();
if($uid === "")
|
{
| {
|
$uid = $mybb->user['uid'];
}
| $uid = $mybb->user['uid'];
}
|
| Zeile 402 | Zeile 409 |
|---|
{
// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
{
// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
|
|
if($mybb->user['additionalgroups'])
{
$additional_groups = explode(',', $mybb->user['additionalgroups']);
| if($mybb->user['additionalgroups'])
{
$additional_groups = explode(',', $mybb->user['additionalgroups']);
|
| Zeile 500 | Zeile 507 |
|---|
if(isset($final_group_perms))
{
return $final_group_perms;
|
if(isset($final_group_perms))
{
return $final_group_perms;
|
}
| }
|
else
{
return $perms_def;
| else
{
return $perms_def;
|
| Zeile 564 | Zeile 571 |
|---|
if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;
|
}
else
| }
else
|
{
$adminoption['permissions'][$tab][$page] = $default;
}
| {
$adminoption['permissions'][$tab][$page] = $default;
}
|
| Zeile 610 | Zeile 617 |
|---|
{
return false;
}
|
{
return false;
}
|
if($attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{
|
if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{
|
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
{
| {
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
}
| }
|
// Are we returning the # of login attempts?
if($return_num == true)
{
return $attempts;
|
// Are we returning the # of login attempts?
if($return_num == true)
{
return $attempts;
|
}
| }
|
// Otherwise are we still locked out?
else if($attempts['loginlockoutexpiry'] > TIME_NOW)
{
| // Otherwise are we still locked out?
else if($attempts['loginlockoutexpiry'] > TIME_NOW)
{
|
| Zeile 632 | Zeile 638 |
|---|
}
}
|
}
}
|
| | return false;
}
/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
* @param string The template to be scanned
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
{
return true;
}
|
return false;
}
| return false;
}
|