Zeile 6 | Zeile 6 |
---|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* $Id: functions.php 5380 2011-02-21 12:04:43Z Tomm $
| * $Id$
|
*/
/**
| */
/**
|
Zeile 153 | Zeile 153 |
---|
if($from > 2) { $first = fetch_page_url($url, 1);
|
if($from > 2) { $first = fetch_page_url($url, 1);
|
$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";
| $pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";
|
}
for($i = $from; $i <= $to; ++$i)
| }
for($i = $from; $i <= $to; ++$i)
|
Zeile 298 | Zeile 298 |
---|
else { $ppolls = 0;
|
else { $ppolls = 0;
|
} if($canpostattachments[$usergroup['gid']] == 1) { $pattachments = 1; } else { $pattachments = 0;
| |
} if(!$preplies && !$pthreads) { $ppost = 0;
|
} if(!$preplies && !$pthreads) { $ppost = 0;
|
}
| }
|
else { $ppost = 1;
|
else { $ppost = 1;
|
}
| }
|
$insertquery = array( "fid" => intval($fid),
| $insertquery = array( "fid" => intval($fid),
|
Zeile 324 | Zeile 315 |
---|
"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),
|
"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),
|
"canpostattachments" => intval($pattachments),
| |
"canpostpolls" => intval($ppolls), );
| "canpostpolls" => intval($ppolls), );
|
Zeile 342 | Zeile 332 |
---|
} } $cache->update_forumpermissions();
|
} } $cache->update_forumpermissions();
|
}
| }
|
/** * Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for */
|
/** * Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for */
|
function check_admin_permissions($action)
| function check_admin_permissions($action, $error = true)
|
{ global $mybb, $page, $lang, $modules_dir;
|
{ global $mybb, $page, $lang, $modules_dir;
|
|
|
if(is_super_admin($mybb->user['uid'])) { return true;
| if(is_super_admin($mybb->user['uid'])) { return true;
|
Zeile 365 | Zeile 355 |
---|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
| if($error) { $page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit; } else { return false; }
|
} }
| } }
|
Zeile 428 | Zeile 425 |
---|
if($get_gid && !$get_uid) { // A group only
|
if($get_gid && !$get_uid) { // A group only
|
$options = array(
| $options = array(
|
"order_by" => "uid", "order_dir" => "ASC", "limit" => "1"
| "order_by" => "uid", "order_dir" => "ASC", "limit" => "1"
|
Zeile 449 | Zeile 446 |
---|
// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)
|
// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)
|
{
| {
|
$group_sql .= " OR uid='{$gid}'"; }
| $group_sql .= " OR uid='{$gid}'"; }
|
Zeile 468 | Zeile 465 |
---|
elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];
|
elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];
|
} else
| } else
|
{ $perms_def = $perm['permissions']; }
| { $perms_def = $perm['permissions']; }
|
Zeile 547 | Zeile 544 |
---|
$adminoption['permissions'] = unserialize($adminoption['permissions']); if($default == -1)
|
$adminoption['permissions'] = unserialize($adminoption['permissions']); if($default == -1)
|
{ if(!empty($page)) {
| { if(!empty($page)) {
|
unset($adminoption['permissions'][$tab][$page]); } else
| unset($adminoption['permissions'][$tab][$page]); } else
|
Zeile 564 | Zeile 561 |
---|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
}
| }
|
else { $adminoption['permissions'][$tab][$page] = $default;
|
else { $adminoption['permissions'][$tab][$page] = $default;
|
} }
| } }
|
else { if($adminoption['uid'] == 0)
| else { if($adminoption['uid'] == 0)
|
Zeile 589 | Zeile 586 |
---|
/** * Checks if we have had too many attempts at logging into the ACP
|
/** * Checks if we have had too many attempts at logging into the ACP
|
*
| *
|
* @param integer The uid of the admin to check * @param boolean Return an array of the number of attempts and expiry time? (default false) * @return mixed Return an array if the second parameter is true, boolean otherwise.
| * @param integer The uid of the admin to check * @param boolean Return an array of the number of attempts and expiry time? (default false) * @return mixed Return an array if the second parameter is true, boolean otherwise.
|
Zeile 599 | Zeile 596 |
---|
global $db, $mybb; $attempts['loginattempts'] = 0;
|
global $db, $mybb; $attempts['loginattempts'] = 0;
|
|
|
if($uid > 0) { $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1); $attempts = $db->fetch_array($query);
|
if($uid > 0) { $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1); $attempts = $db->fetch_array($query);
|
}
| }
|
if($attempts['loginattempts'] <= 0) { return false;
|
if($attempts['loginattempts'] <= 0) { return false;
|
}
| }
|
if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) { // Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false) {
|
if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts']) { // Has the expiry dateline been set yet? if($attempts['loginlockoutexpiry'] == 0 && $return_num == false) {
|
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);
| $db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'");
|
} // Are we returning the # of login attempts?
| } // Are we returning the # of login attempts?
|
Zeile 631 | Zeile 628 |
---|
} }
|
} }
|
| return false; }
/** * Checks whether there are any 'security' issues in templates via complex syntax * * @param string The template to be scanned * @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see if our database password is in the template if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template)) { return true; }
// System calls via backtick if(preg_match('#\$\s*\{#', $template)) { return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template))) { return true; }
|
return false; }
| return false; }
|