Zeile 6 | Zeile 6 |
---|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $
| * $Id: functions.php 5829 2012-05-22 10:48:03Z Tomm $
|
*/
/**
| */
/**
|
Zeile 153 | Zeile 153 |
---|
if($from > 2) { $first = fetch_page_url($url, 1);
|
if($from > 2) { $first = fetch_page_url($url, 1);
|
$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";
| $pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";
|
}
for($i = $from; $i <= $to; ++$i)
| }
for($i = $from; $i <= $to; ++$i)
|
Zeile 298 | Zeile 298 |
---|
else { $ppolls = 0;
|
else { $ppolls = 0;
|
} if($canpostattachments[$usergroup['gid']] == 1) { $pattachments = 1; } else { $pattachments = 0;
| |
} if(!$preplies && !$pthreads) { $ppost = 0;
|
} if(!$preplies && !$pthreads) { $ppost = 0;
|
}
| }
|
else { $ppost = 1;
|
else { $ppost = 1;
|
}
| }
|
$insertquery = array( "fid" => intval($fid),
| $insertquery = array( "fid" => intval($fid),
|
Zeile 324 | Zeile 315 |
---|
"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),
|
"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),
|
"canpostattachments" => intval($pattachments),
| |
"canpostpolls" => intval($ppolls), );
| "canpostpolls" => intval($ppolls), );
|
Zeile 342 | Zeile 332 |
---|
} } $cache->update_forumpermissions();
|
} } $cache->update_forumpermissions();
|
}
/**
| }
/**
|
* Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for
|
* Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for
|
*/ function check_admin_permissions($action) {
| */ function check_admin_permissions($action, $error = true) {
|
global $mybb, $page, $lang, $modules_dir; if(is_super_admin($mybb->user['uid']))
| global $mybb, $page, $lang, $modules_dir; if(is_super_admin($mybb->user['uid']))
|
Zeile 365 | Zeile 355 |
---|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
| if($error) { $page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit; } else { return false; }
|
} }
| } }
|
Zeile 390 | Zeile 387 |
---|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
|
|
$gid_array = array(); if($uid === "")
|
$gid_array = array(); if($uid === "")
|
{
| {
|
$uid = $mybb->user['uid']; } if(!$gid)
|
$uid = $mybb->user['uid']; } if(!$gid)
|
{
| {
|
// Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
| // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
Zeile 418 | Zeile 415 |
---|
} } else
|
} } else
|
{
| {
|
// Group is specified // Make sure gid is negative $gid_array[] = (-1) * abs($gid);
| // Group is specified // Make sure gid is negative $gid_array[] = (-1) * abs($gid);
|
Zeile 428 | Zeile 425 |
---|
if($get_gid && !$get_uid) { // A group only
|
if($get_gid && !$get_uid) { // A group only
|
$options = array( "order_by" => "uid",
| $options = array( "order_by" => "uid",
|
"order_dir" => "ASC", "limit" => "1" );
| "order_dir" => "ASC", "limit" => "1" );
|
Zeile 440 | Zeile 437 |
---|
else { // A user and/or group
|
else { // A user and/or group
|
|
|
$options = array( "order_by" => "uid", "order_dir" => "DESC" );
|
$options = array( "order_by" => "uid", "order_dir" => "DESC" );
|
|
|
// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)
| // Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)
|
Zeile 468 | Zeile 465 |
---|
elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];
|
elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];
|
} else {
| } else {
|
$perms_def = $perm['permissions']; } }
| $perms_def = $perm['permissions']; } }
|
Zeile 500 | Zeile 497 |
---|
if(isset($final_group_perms)) { return $final_group_perms;
|
if(isset($final_group_perms)) { return $final_group_perms;
|
}
| }
|
else { return $perms_def;
| else { return $perms_def;
|
Zeile 510 | Zeile 507 |
---|
/** * Fetch the iconv/mb encoding for a particular MySQL encoding
|
/** * Fetch the iconv/mb encoding for a particular MySQL encoding
|
*
| *
|
* @param string The MySQL encoding * @return string The iconv/mb encoding */
| * @param string The MySQL encoding * @return string The iconv/mb encoding */
|
Zeile 610 | Zeile 607 |
---|
{ return false; }
|
{ return false; }
|
if($attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) {
| if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) {
|
// Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
// Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
|
{
| {
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
|
}
| }
|
// Are we returning the # of login attempts? if($return_num == true) { return $attempts;
|
// Are we returning the # of login attempts? if($return_num == true) { return $attempts;
|
}
| }
|
// Otherwise are we still locked out? else if($attempts['loginlockoutexpiry'] > TIME_NOW) {
| // Otherwise are we still locked out? else if($attempts['loginlockoutexpiry'] > TIME_NOW) {
|
Zeile 632 | Zeile 628 |
---|
} }
|
} }
|
| return false; }
/** * Checks whether there are any 'security' issues in templates via complex syntax * * @param string The template to be scanned * @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see if our database password is in the template if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template)) { return true; }
// System calls via backtick if(preg_match('#\$\s*\{#', $template)) { return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template))) { return true; }
|
return false; }
| return false; }
|