| Zeile 6 | Zeile 6 |
|---|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $
| * $Id$
|
*/
/**
| */
/**
|
| Zeile 153 | Zeile 153 |
|---|
if($from > 2)
{
$first = fetch_page_url($url, 1);
|
if($from > 2)
{
$first = fetch_page_url($url, 1);
|
$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";
| $pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";
|
}
for($i = $from; $i <= $to; ++$i)
| }
for($i = $from; $i <= $to; ++$i)
|
| Zeile 298 | Zeile 298 |
|---|
else
{
$ppolls = 0;
|
else
{
$ppolls = 0;
|
}
if($canpostattachments[$usergroup['gid']] == 1)
{
$pattachments = 1;
}
else
{
$pattachments = 0;
| |
}
if(!$preplies && !$pthreads)
{
$ppost = 0;
|
}
if(!$preplies && !$pthreads)
{
$ppost = 0;
|
}
| }
|
else
{
$ppost = 1;
|
else
{
$ppost = 1;
|
}
| }
|
$insertquery = array(
"fid" => intval($fid),
|
$insertquery = array(
"fid" => intval($fid),
|
| Zeile 324 | Zeile 315 |
|---|
"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),
|
"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),
|
"canpostattachments" => intval($pattachments),
| |
"canpostpolls" => intval($ppolls),
);
| "canpostpolls" => intval($ppolls),
);
|
| Zeile 342 | Zeile 332 |
|---|
}
}
$cache->update_forumpermissions();
|
}
}
$cache->update_forumpermissions();
|
}
| }
|
/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for
*/
|
/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for
*/
|
function check_admin_permissions($action)
| function check_admin_permissions($action, $error = true)
|
{
global $mybb, $page, $lang, $modules_dir;
|
{
global $mybb, $page, $lang, $modules_dir;
|
|
|
if(is_super_admin($mybb->user['uid']))
{
return true;
| if(is_super_admin($mybb->user['uid']))
{
return true;
|
| Zeile 365 | Zeile 355 |
|---|
$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{
|
$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{
|
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
| if($error)
{
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
}
else
{
return false;
}
|
}
}
| }
}
|
| Zeile 428 | Zeile 425 |
|---|
if($get_gid && !$get_uid)
{
// A group only
|
if($get_gid && !$get_uid)
{
// A group only
|
$options = array(
|
$options = array(
|
"order_by" => "uid",
"order_dir" => "ASC",
"limit" => "1"
| "order_by" => "uid",
"order_dir" => "ASC",
"limit" => "1"
|
| Zeile 449 | Zeile 446 |
|---|
// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)
|
// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)
|
{
| {
|
$group_sql .= " OR uid='{$gid}'";
}
| $group_sql .= " OR uid='{$gid}'";
}
|
| Zeile 468 | Zeile 465 |
|---|
elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];
|
elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];
|
}
else
| }
else
|
{
$perms_def = $perm['permissions'];
}
| {
$perms_def = $perm['permissions'];
}
|
| Zeile 547 | Zeile 544 |
|---|
$adminoption['permissions'] = unserialize($adminoption['permissions']);
if($default == -1)
|
$adminoption['permissions'] = unserialize($adminoption['permissions']);
if($default == -1)
|
{
if(!empty($page))
{
| {
if(!empty($page))
{
|
unset($adminoption['permissions'][$tab][$page]);
}
else
| unset($adminoption['permissions'][$tab][$page]);
}
else
|
| Zeile 564 | Zeile 561 |
|---|
if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;
|
}
| }
|
else
{
$adminoption['permissions'][$tab][$page] = $default;
|
else
{
$adminoption['permissions'][$tab][$page] = $default;
|
}
}
| }
}
|
else
{
if($adminoption['uid'] == 0)
| else
{
if($adminoption['uid'] == 0)
|
| Zeile 589 | Zeile 586 |
|---|
/**
* Checks if we have had too many attempts at logging into the ACP
|
/**
* Checks if we have had too many attempts at logging into the ACP
|
*
| *
|
* @param integer The uid of the admin to check
* @param boolean Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.
| * @param integer The uid of the admin to check
* @param boolean Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.
|
| Zeile 599 | Zeile 596 |
|---|
global $db, $mybb;
$attempts['loginattempts'] = 0;
|
global $db, $mybb;
$attempts['loginattempts'] = 0;
|
|
|
if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1);
$attempts = $db->fetch_array($query);
|
if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1);
$attempts = $db->fetch_array($query);
|
}
| }
|
if($attempts['loginattempts'] <= 0)
{
return false;
|
if($attempts['loginattempts'] <= 0)
{
return false;
|
}
if($attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
| }
if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
|
{
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
{
|
{
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
{
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
| $db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'");
|
}
// Are we returning the # of login attempts?
| }
// Are we returning the # of login attempts?
|
| Zeile 632 | Zeile 628 |
|---|
}
}
|
}
}
|
| | return false;
}
/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
* @param string The template to be scanned
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
{
return true;
}
// System calls via backtick
if(preg_match('#\$\s*\{#', $template))
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
{
return true;
}
|
return false;
}
| return false;
}
|