Vergleich admin/inc/functions.php - 1.6.0 - 1.6.11

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $

 * $Id: functions.php 5829 2012-05-22 10:48:03Z Tomm $

 */

/**

 */

/**

Zeile 153Zeile 153
	if($from > 2)
{
$first = fetch_page_url($url, 1);

	if($from > 2)
{
$first = fetch_page_url($url, 1);

		$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";

		$pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";

	}

for($i = $from; $i <= $to; ++$i)

	}

for($i = $from; $i <= $to; ++$i)

Zeile 298Zeile 298
			else
{
$ppolls = 0;

			else
{
$ppolls = 0;

			}

if($canpostattachments[$usergroup['gid']] == 1)
{
$pattachments = 1;
}
else
{
$pattachments = 0;

 
			}

if(!$preplies && !$pthreads)
{
$ppost = 0;

			}

if(!$preplies && !$pthreads)
{
$ppost = 0;

			}

			}

			else
{
$ppost = 1;

			else
{
$ppost = 1;

			}

			}

			
$insertquery = array(
"fid" => intval($fid),

			
$insertquery = array(
"fid" => intval($fid),

Zeile 324Zeile 315
				"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),

				"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),

				"canpostattachments" => intval($pattachments),

 
				"canpostpolls" => intval($ppolls),
);


				"canpostpolls" => intval($ppolls),
);


Zeile 342Zeile 332
		}
}
$cache->update_forumpermissions();

		}
}
$cache->update_forumpermissions();

}

/**

}

/**

 * Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for

 * Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for

 */
function check_admin_permissions($action)
{

 */
function check_admin_permissions($action, $error = true)
{

	global $mybb, $page, $lang, $modules_dir;

if(is_super_admin($mybb->user['uid']))

	global $mybb, $page, $lang, $modules_dir;

if(is_super_admin($mybb->user['uid']))

Zeile 365Zeile 355
		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

			$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;








			if($error)
{
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
}
else
{
return false;
}

		}
}


		}
}


Zeile 390Zeile 387
	// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;

	// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;

	

	

	$gid_array = array();

if($uid === "")

	$gid_array = array();

if($uid === "")

	{

	{

		$uid = $mybb->user['uid'];
}

if(!$gid)

		$uid = $mybb->user['uid'];
}

if(!$gid)

	{

	{

		// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);


		// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);


Zeile 418Zeile 415
		}
}
else

		}
}
else

	{

	{

		// Group is specified
// Make sure gid is negative
$gid_array[] = (-1) * abs($gid);

		// Group is specified
// Make sure gid is negative
$gid_array[] = (-1) * abs($gid);

Zeile 428Zeile 425
	if($get_gid && !$get_uid)
{
// A group only

	if($get_gid && !$get_uid)
{
// A group only

		
$options = array(
"order_by" => "uid",

		
$options = array(
"order_by" => "uid",

			"order_dir" => "ASC",
"limit" => "1"
);

			"order_dir" => "ASC",
"limit" => "1"
);

Zeile 440Zeile 437
	else
{
// A user and/or group

	else
{
// A user and/or group

		

		

		$options = array(
"order_by" => "uid",
"order_dir" => "DESC"
);

		$options = array(
"order_by" => "uid",
"order_dir" => "DESC"
);

		

		

		// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)

		// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)

Zeile 468Zeile 465
			elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];

			elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];

			}
else
{

			}
else
{

				$perms_def = $perm['permissions'];
}
}

				$perms_def = $perm['permissions'];
}
}

Zeile 500Zeile 497
		if(isset($final_group_perms))
{
return $final_group_perms;

		if(isset($final_group_perms))
{
return $final_group_perms;

		}

		}

		else
{
return $perms_def;

		else
{
return $perms_def;

Zeile 510Zeile 507

/**
* Fetch the iconv/mb encoding for a particular MySQL encoding


/**
* Fetch the iconv/mb encoding for a particular MySQL encoding

 *

 *

 * @param string The MySQL encoding
* @return string The iconv/mb encoding
*/

 * @param string The MySQL encoding
* @return string The iconv/mb encoding
*/

Zeile 610Zeile 607
	{
return false;
}

	{
return false;
}

	

if($attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{


if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{


		// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)

		// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)

		{

		{

			$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);

			$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);

		}

		}

		
// Are we returning the # of login attempts?
if($return_num == true)
{
return $attempts;

		
// Are we returning the # of login attempts?
if($return_num == true)
{
return $attempts;

		}

		}

		// Otherwise are we still locked out?
else if($attempts['loginlockoutexpiry'] > TIME_NOW)
{

		// Otherwise are we still locked out?
else if($attempts['loginlockoutexpiry'] > TIME_NOW)
{

Zeile 632Zeile 628
		}
}


		}
}


 
	return false;
}

/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
* @param string The template to be scanned
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
{
return true;
}

// System calls via backtick
if(preg_match('#\$\s*\{#', $template))
{
return true;
}

// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
{
return true;
}


	return false;
}


	return false;
}