Vergleich admin/index.php - 1.8.8 - 1.8.12

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 22Zeile 22
send_page_headers();

header('X-Frame-Options: SAMEORIGIN');

send_page_headers();

header('X-Frame-Options: SAMEORIGIN');

 
header('Referrer-Policy: no-referrer');


if(!isset($config['admin_dir']) || !file_exists(MYBB_ROOT.$config['admin_dir']."/inc/class_page.php"))
{


if(!isset($config['admin_dir']) || !file_exists(MYBB_ROOT.$config['admin_dir']."/inc/class_page.php"))
{

Zeile 104Zeile 105
{
$user = array();
$error = '';

{
$user = array();
$error = '';

 

$plugins->run_hooks("admin_unlock_start");


	if($mybb->input['username'])
{
$user = get_user_by_username($mybb->input['username'], array('fields' => '*'));

	if($mybb->input['username'])
{
$user = get_user_by_username($mybb->input['username'], array('fields' => '*'));

Zeile 111Zeile 115
		if(!$user['uid'])
{
$error = $lang->error_invalid_username;

		if(!$user['uid'])
{
$error = $lang->error_invalid_username;

		}

		}

	}
else if($mybb->input['uid'])
{

	}
else if($mybb->input['uid'])
{

Zeile 126Zeile 130
	if($mybb->input['token'] && $user['uid'])
{
$query = $db->simple_select("awaitingactivation", "COUNT(aid) AS num", "uid='".(int)$user['uid']."' AND code='".$db->escape_string($mybb->input['token'])."' AND type='l'");

	if($mybb->input['token'] && $user['uid'])
{
$query = $db->simple_select("awaitingactivation", "COUNT(aid) AS num", "uid='".(int)$user['uid']."' AND code='".$db->escape_string($mybb->input['token'])."' AND type='l'");

 

$plugins->run_hooks("admin_unlock_end");


// If we're good to go
if($db->fetch_field($query, "num") > 0)
{
$db->delete_query("awaitingactivation", "uid='".(int)$user['uid']."' AND code='".$db->escape_string($mybb->input['token'])."' AND type='l'");
$db->update_query("adminoptions", array('loginlockoutexpiry' => 0, 'loginattempts' => 0), "uid='".(int)$user['uid']."'");


// If we're good to go
if($db->fetch_field($query, "num") > 0)
{
$db->delete_query("awaitingactivation", "uid='".(int)$user['uid']."' AND code='".$db->escape_string($mybb->input['token'])."' AND type='l'");
$db->update_query("adminoptions", array('loginlockoutexpiry' => 0, 'loginattempts' => 0), "uid='".(int)$user['uid']."'");





			admin_redirect("index.php");

			admin_redirect("index.php");

		}

		}

		else
{
$error = $lang->error_invalid_token;

		else
{
$error = $lang->error_invalid_token;

		}
}


		}
}


	$default_page->show_lockout_unlock($error, 'error');
}
elseif($mybb->input['do'] == "login")
{

	$default_page->show_lockout_unlock($error, 'error');
}
elseif($mybb->input['do'] == "login")
{

 
	$plugins->run_hooks("admin_login");


	// We have an adminsid cookie?
if(isset($mybb->cookies['adminsid']))
{

	// We have an adminsid cookie?
if(isset($mybb->cookies['adminsid']))
{

Zeile 161Zeile 169

require_once MYBB_ROOT."inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");


require_once MYBB_ROOT."inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");




















// Determine login method
$login_lang_string = $lang->error_invalid_username_password;
switch($mybb->settings['username_method'])
{
case 0: // Username only
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username);
break;
case 1: // Email only
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_email);
break;
case 2: // Username and email
default:
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username_and_password);
break;
}


	// Validate PIN first
if(!empty($config['secret_pin']) && (empty($mybb->input['pin']) || $mybb->input['pin'] != $config['secret_pin']))
{
$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

	// Validate PIN first
if(!empty($config['secret_pin']) && (empty($mybb->input['pin']) || $mybb->input['pin'] != $config['secret_pin']))
{
$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

 

$plugins->run_hooks("admin_login_incorrect_pin");


if($login_user['uid'] > 0)
{


if($login_user['uid'] > 0)
{

Zeile 211Zeile 237
		}
else
{

		}
else
{

			$default_page->show_login($lang->error_invalid_secret_pin, "error");

			$default_page->show_login($login_lang_string, "error");

		}
}


		}
}


Zeile 238Zeile 264

$default_page->show_lockedout();
}


$default_page->show_lockedout();
}

 

$plugins->run_hooks("admin_login_success");


$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");



$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");


Zeile 314Zeile 342
	else
{
$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

	else
{
$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

 

$plugins->run_hooks("admin_login_fail");


if($login_user['uid'] > 0)


if($login_user['uid'] > 0)

		{

		{

			$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='".(int)$login_user['uid']."'", '', true);
}


			$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='".(int)$login_user['uid']."'", '', true);
}


Zeile 330Zeile 360
			{
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+((int)$mybb->settings['loginattemptstimeout']*60)), "uid='".(int)$login_user['uid']."'");
}

			{
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+((int)$mybb->settings['loginattemptstimeout']*60)), "uid='".(int)$login_user['uid']."'");
}

 

$plugins->run_hooks("admin_login_lockout");


// Did we hit lockout for the first time? Send the unlock email to the administrator
if($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts'])


// Did we hit lockout for the first time? Send the unlock email to the administrator
if($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts'])

Zeile 450Zeile 482
							$valid_ip = true;
break;
}

							$valid_ip = true;
break;
}

					}

					}


// IP doesn't match properly - show message on logon screen
if(!$valid_ip)


// IP doesn't match properly - show message on logon screen
if(!$valid_ip)

Zeile 466Zeile 498

if($mybb->input['action'] == "logout" && $mybb->user)
{


if($mybb->input['action'] == "logout" && $mybb->user)
{

 
	$plugins->run_hooks("admin_logout");


	if(verify_post_check($mybb->input['my_post_key']))
{
$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");

	if(verify_post_check($mybb->input['my_post_key']))
{
$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");

Zeile 562Zeile 596
	}
elseif($fail_check == 1)
{

	}
elseif($fail_check == 1)
{

		$login_lang_string = $lang->error_invalid_username_password;

switch($mybb->settings['username_method'])
{
case 0: // Username only
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username);
break;
case 1: // Email only
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_email);
break;
case 2: // Username and email
default:
$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username_and_password);
break;
}


 
		$page->show_login($login_lang_string, "error");
}
else

		$page->show_login($login_lang_string, "error");
}
else