Vergleich admin/index.php - 1.8.23 - 1.8.33

if(!isset($cp_language))
{

if(!isset($cp_language))
{

	$lang->set_language($mybb->settings['cplanguage'], "admin");
}

	$lang->set_language($mybb->settings['cplanguage'], "admin");
}

		// Session found: redirect to index
		if($admin_session)

		// Session found: redirect to index
		if($admin_session)

			admin_redirect("index.php");

			admin_redirect("index.php");

	require_once MYBB_ROOT."inc/datahandlers/login.php";
	$loginhandler = new LoginDataHandler("get");

	require_once MYBB_ROOT."inc/datahandlers/login.php";
	$loginhandler = new LoginDataHandler("get");

	// Determine login method
	$login_lang_string = $lang->error_invalid_username_password;
	switch($mybb->settings['username_method'])

	// Determine login method
	$login_lang_string = $lang->error_invalid_username_password;
	switch($mybb->settings['username_method'])

		case 0: // Username only
			$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username);
			break;

		case 0: // Username only
			$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username);
			break;

			$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username_and_password);
			break;
	}

			$login_lang_string = $lang->sprintf($login_lang_string, $lang->login_username_and_password);
			break;
	}

	// Validate PIN first
	if(!empty($config['secret_pin']) && (empty($mybb->input['pin']) || $mybb->input['pin'] != $config['secret_pin']))
	{

	// Validate PIN first
	if(!empty($config['secret_pin']) && (empty($mybb->input['pin']) || $mybb->input['pin'] != $config['secret_pin']))
	{

		$plugins->run_hooks("admin_login_incorrect_pin");

		if($login_user['uid'] > 0)

		$plugins->run_hooks("admin_login_incorrect_pin");

		if($login_user['uid'] > 0)

				$message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->input['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']);
				my_mail($login_user['email'], $subject, $message);
			}

				$message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->input['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']);
				my_mail($login_user['email'], $subject, $message);
			}

		$mybb->user = get_user($loginhandler->login_data['uid']);
	}

		$mybb->user = get_user($loginhandler->login_data['uid']);
	}

	{
		if(login_attempt_check_acp($mybb->user['uid']) == true)
		{

	{
		if(login_attempt_check_acp($mybb->user['uid']) == true)
		{

			"lastactive" => TIME_NOW,
			"data" => my_serialize(array()),
			"useragent" => $db->escape_string($useragent),

			"lastactive" => TIME_NOW,
			"data" => my_serialize(array()),
			"useragent" => $db->escape_string($useragent),

		);
		$db->insert_query("adminsessions", $admin_session);
		$admin_session['data'] = array();

		);
		$db->insert_query("adminsessions", $admin_session);
		$admin_session['data'] = array();

			$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'");
		}

			$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'");
		}

		my_setcookie('acploginattempts', 0);
		$post_verify = false;

		my_setcookie('acploginattempts', 0);
		$post_verify = false;

				{
					$params = explode("=", $param);

				{
					$params = explode("=", $param);

				}
			}

			admin_redirect("index.php".$query_string);

				}
			}

			admin_redirect("index.php".$query_string);

		$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

		$login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

		$plugins->run_hooks("admin_login_fail");

		$plugins->run_hooks("admin_login_fail");

		{
			$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='".(int)$login_user['uid']."'", '', true);

		{
			$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='".(int)$login_user['uid']."'", '', true);

		// Have we attempted too many times?

		// Have we attempted too many times?

		{
			// Have we set an expiry yet?
			if($loginattempts['loginlockoutexpiry'] == 0)

		{
			// Have we set an expiry yet?
			if($loginattempts['loginlockoutexpiry'] == 0)

	if(!isset($mybb->cookies['adminsid']))
	{
		$login_message = "";

	if(!isset($mybb->cookies['adminsid']))
	{
		$login_message = "";

	// Otherwise, check admin session
	else
	{

	// Otherwise, check admin session
	else
	{

		$admin_session = $db->fetch_array($query);

		// No matching admin session found - show message on login screen

		$admin_session = $db->fetch_array($query);

		// No matching admin session found - show message on login screen

		{
			$login_message = $lang->error_invalid_admin_session;
		}

		{
			$login_message = $lang->error_invalid_admin_session;
		}

			// Fetch the user from the admin session
			$mybb->user = get_user($admin_session['uid']);

			// Fetch the user from the admin session
			$mybb->user = get_user($admin_session['uid']);

			// Login key has changed - force logout
			if(!$mybb->user['uid'] || $mybb->user['loginkey'] !== $admin_session['loginkey'])
			{

			// Login key has changed - force logout
			if(!$mybb->user['uid'] || $mybb->user['loginkey'] !== $admin_session['loginkey'])
			{

					$matches = 0;
					$valid_ip = false;
					for($i = 0; $i < ADMIN_IP_SEGMENTS; ++$i)

					$matches = 0;
					$valid_ip = false;
					for($i = 0; $i < ADMIN_IP_SEGMENTS; ++$i)

						if($exploded_ip[$i] == $exploded_admin_ip[$i])

						if($exploded_ip[$i] == $exploded_admin_ip[$i])

							++$matches;

							++$matches;

						if($matches == ADMIN_IP_SEGMENTS)

						if($matches == ADMIN_IP_SEGMENTS)

				else if(ADMIN_IPV6_SEGMENTS > 0 && strpos($ip_address, ':') !== false)
				{
					// Expand IPv6 addresses

				else if(ADMIN_IPV6_SEGMENTS > 0 && strpos($ip_address, ':') !== false)
				{
					// Expand IPv6 addresses

					$expanded_ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex['hex']), 0, -1);
					$hex_admin = unpack("H*hex", $admin_session['ip']);
					$expanded_admin_ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex_admin['hex']), 0, -1);

					$expanded_ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex['hex']), 0, -1);
					$hex_admin = unpack("H*hex", $admin_session['ip']);
					$expanded_admin_ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex_admin['hex']), 0, -1);

					$exploded_ip = explode(":", $expanded_ip);
					$exploded_admin_ip = explode(":", $expanded_admin_ip);
					$matches = 0;

					$exploded_ip = explode(":", $expanded_ip);
					$exploded_admin_ip = explode(":", $expanded_admin_ip);
					$matches = 0;

				}
			}
		}

				}
			}
		}

if($mybb->input['action'] == "logout" && $mybb->user)
{
	$plugins->run_hooks("admin_logout");

if($mybb->input['action'] == "logout" && $mybb->user)
{
	$plugins->run_hooks("admin_logout");

	{
		$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
		my_unsetcookie('adminsid');

	{
		$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
		my_unsetcookie('adminsid');

}
$mybb->usergroup = usergroup_permissions($mybbgroups);

}
$mybb->usergroup = usergroup_permissions($mybbgroups);

if($mybb->usergroup['cancp'] != 1 && !$is_super_admin || !$mybb->user['uid'])
{

if($mybb->usergroup['cancp'] != 1 && !$is_super_admin || !$mybb->user['uid'])
{

	// Only update language / theme once fully authenticated
	if(empty($admin_options['authsecret']) || $admin_session['authenticated'] == 1)
	{

	// Only update language / theme once fully authenticated
	if(empty($admin_options['authsecret']) || $admin_session['authenticated'] == 1)
	{

		{
			$cp_language = $admin_options['cplanguage'];
			$lang->set_language($cp_language, "admin");

		{
			$cp_language = $admin_options['cplanguage'];
			$lang->set_language($cp_language, "admin");

		$loginattempts = login_attempt_check_acp($mybb->user['uid'], true);

		// Have we attempted too many times?

		$loginattempts = login_attempt_check_acp($mybb->user['uid'], true);

		// Have we attempted too many times?

		{
			// Have we set an expiry yet?
			if($loginattempts['loginlockoutexpiry'] == 0)

		{
			// Have we set an expiry yet?
			if($loginattempts['loginlockoutexpiry'] == 0)

	if($post_verify == true)
	{
		// If the post key does not match we switch the action to GET and set a message to show the user

	if($post_verify == true)
	{
		// If the post key does not match we switch the action to GET and set a message to show the user

		{
			$mybb->request_method = "get";
			$page->show_post_verify_error = true;

		{
			$mybb->request_method = "get";
			$page->show_post_verify_error = true;