Zeile 42 | Zeile 42 |
---|
/** * Redirects the current user to a specified URL. *
|
/** * Redirects the current user to a specified URL. *
|
* @param string The URL to redirect to
| * @param string $url The URL to redirect to
|
*/ function admin_redirect($url) {
| */ function admin_redirect($url) {
|
Zeile 61 | Zeile 61 |
---|
/** * Updates an administration session data array. *
|
/** * Updates an administration session data array. *
|
* @param string The name of the item in the data session to update * @param mixed The value
| * @param string $name The name of the item in the data session to update * @param mixed $value The value
|
*/ function update_admin_session($name, $value) {
| */ function update_admin_session($name, $value) {
|
Zeile 78 | Zeile 78 |
---|
/** * Saves a "flash message" for the current user to be shown on their next page visit. *
|
/** * Saves a "flash message" for the current user to be shown on their next page visit. *
|
* @param string The message to show * @param string The type of message to be shown (success|error)
| * @param string $message The message to show * @param string $type The type of message to be shown (success|error)
|
*/ function flash_message($message, $type='') {
| */ function flash_message($message, $type='') {
|
Zeile 90 | Zeile 90 |
---|
/** * Draw pagination for pages in the Admin CP. *
|
/** * Draw pagination for pages in the Admin CP. *
|
* @param int The current page we're on * @param int The number of items per page * @param int The total number of items in this collection * @param string The URL for pagination of this collection
| * @param int $page The current page we're on * @param int $per_page The number of items per page * @param int $total_items The total number of items in this collection * @param string $url The URL for pagination of this collection
|
* @return string The built pagination */ function draw_admin_pagination($page, $per_page, $total_items, $url)
| * @return string The built pagination */ function draw_admin_pagination($page, $per_page, $total_items, $url)
|
Zeile 102 | Zeile 102 |
---|
if($total_items <= $per_page) {
|
if($total_items <= $per_page) {
|
return;
| return '';
|
}
$pages = ceil($total_items / $per_page);
| }
$pages = ceil($total_items / $per_page);
|
Zeile 186 | Zeile 186 |
---|
/** * Builds a CSV parent list for a particular forum. *
|
/** * Builds a CSV parent list for a particular forum. *
|
* @param int The forum ID * @param string Optional separator - defaults to comma for CSV list
| * @param int $fid The forum ID * @param string $navsep Optional separator - defaults to comma for CSV list
|
* @return string The built parent list */ function make_parent_list($fid, $navsep=",")
| * @return string The built parent list */ function make_parent_list($fid, $navsep=",")
|
Zeile 205 | Zeile 205 |
---|
reset($pforumcache); reset($pforumcache[$fid]);
|
reset($pforumcache); reset($pforumcache[$fid]);
|
| $navigation = '';
|
foreach($pforumcache[$fid] as $key => $forum) { if($fid == $forum['fid']) {
|
foreach($pforumcache[$fid] as $key => $forum) { if($fid == $forum['fid']) {
|
if($pforumcache[$forum['pid']])
| if(!empty($pforumcache[$forum['pid']]))
|
{ $navigation = make_parent_list($forum['pid'], $navsep).$navigation;
|
{ $navigation = make_parent_list($forum['pid'], $navsep).$navigation;
|
}
| }
|
if($navigation) { $navigation .= $navsep;
| if($navigation) { $navigation .= $navsep;
|
Zeile 225 | Zeile 227 |
---|
return $navigation; }
|
return $navigation; }
|
| /** * @param int $fid */
|
function save_quick_perms($fid) { global $db, $inherit, $canview, $canpostthreads, $canpostreplies, $canpostpolls, $canpostattachments, $cache;
$permission_fields = array();
|
function save_quick_perms($fid) { global $db, $inherit, $canview, $canpostthreads, $canpostreplies, $canpostpolls, $canpostattachments, $cache;
$permission_fields = array();
|
|
|
$field_list = $db->show_fields_from("forumpermissions"); foreach($field_list as $field) {
| $field_list = $db->show_fields_from("forumpermissions"); foreach($field_list as $field) {
|
Zeile 261 | Zeile 266 |
---|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
if($inherit[$usergroup['gid']] != 1)
| if(empty($inherit[$usergroup['gid']]))
|
{
|
{
|
if($canview[$usergroup['gid']] == 1) {
| if(!empty($canview[$usergroup['gid']])) {
|
$pview = 1;
|
$pview = 1;
|
}
| }
|
else
|
else
|
{
| {
|
$pview = 0; }
|
$pview = 0; }
|
if($canpostthreads[$usergroup['gid']] == 1) { $pthreads = 1; }
| if(!empty($canpostthreads[$usergroup['gid']])) { $pthreads = 1; }
|
else { $pthreads = 0; }
|
else { $pthreads = 0; }
|
if($canpostreplies[$usergroup['gid']] == 1)
| if(!empty($canpostreplies[$usergroup['gid']]))
|
{ $preplies = 1;
|
{ $preplies = 1;
|
} else
| } else
|
{ $preplies = 0; }
|
{ $preplies = 0; }
|
if($canpostpolls[$usergroup['gid']] == 1)
| if(!empty($canpostpolls[$usergroup['gid']]))
|
{ $ppolls = 1; }
| { $ppolls = 1; }
|
Zeile 306 | Zeile 311 |
---|
else { $ppost = 1;
|
else { $ppost = 1;
|
}
| }
|
$insertquery = array( "fid" => (int)$fid, "gid" => (int)$usergroup['gid'],
| $insertquery = array( "fid" => (int)$fid, "gid" => (int)$usergroup['gid'],
|
Zeile 324 | Zeile 329 |
---|
continue; }
|
continue; }
|
$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];
| $insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;
|
}
$db->insert_query("forumpermissions", $insertquery);
| }
$db->insert_query("forumpermissions", $insertquery);
|
Zeile 336 | Zeile 341 |
---|
/** * Checks if a particular user has the necessary permissions to access a particular page. *
|
/** * Checks if a particular user has the necessary permissions to access a particular page. *
|
* @param array Array containing module and action to check for
| * @param array $action Array containing module and action to check for * @param bool $error * @return bool
|
*/ function check_admin_permissions($action, $error = true) {
| */ function check_admin_permissions($action, $error = true) {
|
Zeile 352 | Zeile 359 |
---|
{ $func = $action['module']."_admin_permissions"; $permissions = $func();
|
{ $func = $action['module']."_admin_permissions"; $permissions = $func();
|
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
| if( !empty($permissions['permissions'][$action['action']]) && empty($mybb->admin['permissions'][$action['module']][$action['action']]) )
|
{ if($error) {
| { if($error) {
|
Zeile 361 | Zeile 371 |
---|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
|
}
| }
|
else { return false; } } }
|
else { return false; } } }
|
|
|
return true;
|
return true;
|
}
| }
|
/** * Fetches the list of administrator permissions for a particular user or group *
|
/** * Fetches the list of administrator permissions for a particular user or group *
|
* @param int The user ID to fetch permissions for * @param int The (optional) group ID to fetch permissions for
| * @param int $get_uid The user ID to fetch permissions for * @param int $get_gid The (optional) group ID to fetch permissions for
|
* @return array Array of permissions for specified user or group */
|
* @return array Array of permissions for specified user or group */
|
function get_admin_permissions($get_uid="", $get_gid="")
| function get_admin_permissions($get_uid=0, $get_gid=0)
|
{ global $db, $mybb;
| { global $db, $mybb;
|
Zeile 389 | Zeile 399 |
---|
$gid_array = array();
|
$gid_array = array();
|
if($uid === "")
| if($uid === 0)
|
{ $uid = $mybb->user['uid']; }
if(!$gid)
|
{ $uid = $mybb->user['uid']; }
if(!$gid)
|
{
| {
|
// Prepare user's groups since the group isn't specified $gid_array[] = (-1) * (int)$mybb->user['usergroup'];
| // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * (int)$mybb->user['usergroup'];
|
Zeile 424 | Zeile 434 |
---|
if($get_gid && !$get_uid) { // A group only
|
if($get_gid && !$get_uid) { // A group only
|
$options = array( "order_by" => "uid",
| $options = array( "order_by" => "uid",
|
"order_dir" => "ASC", "limit" => "1" );
| "order_dir" => "ASC", "limit" => "1" );
|
Zeile 436 | Zeile 446 |
---|
else { // A user and/or group
|
else { // A user and/or group
|
|
|
$options = array( "order_by" => "uid", "order_dir" => "DESC" );
|
$options = array( "order_by" => "uid", "order_dir" => "DESC" );
|
|
|
// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid) { $group_sql .= " OR uid='{$gid}'";
|
// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid) { $group_sql .= " OR uid='{$gid}'";
|
}
| }
|
$perms_group = array(); $query = $db->simple_select("adminoptions", "permissions, uid", "(uid='{$uid}'{$group_sql}) AND permissions != ''", $options); while($perm = $db->fetch_array($query))
| $perms_group = array(); $query = $db->simple_select("adminoptions", "permissions, uid", "(uid='{$uid}'{$group_sql}) AND permissions != ''", $options); while($perm = $db->fetch_array($query))
|
Zeile 468 | Zeile 478 |
---|
else { $perms_def = $perm['permissions'];
|
else { $perms_def = $perm['permissions'];
|
} }
| } }
|
// Figure out group permissions...ugh. foreach($perms_group as $gperms)
| // Figure out group permissions...ugh. foreach($perms_group as $gperms)
|
Zeile 479 | Zeile 489 |
---|
// Use this group as the base for admin group permissions $final_group_perms = $gperms; continue;
|
// Use this group as the base for admin group permissions $final_group_perms = $gperms; continue;
|
}
| }
|
// Loop through each specific permission to find the highest permission foreach($gperms as $perm_name => $perm_value) {
| // Loop through each specific permission to find the highest permission foreach($gperms as $perm_name => $perm_value) {
|
Zeile 489 | Zeile 499 |
---|
$final_group_perms[$perm_name] = '1'; } }
|
$final_group_perms[$perm_name] = '1'; } }
|
}
| }
|
// Send specific user, or group permissions before default. // If user's permission are explicitly set, they've already been returned above. if(isset($final_group_perms)) { return $final_group_perms; }
|
// Send specific user, or group permissions before default. // If user's permission are explicitly set, they've already been returned above. if(isset($final_group_perms)) { return $final_group_perms; }
|
else
| elseif(isset($perms_def))
|
{ return $perms_def; }
|
{ return $perms_def; }
|
| return array();
|
} }
/** * Fetch the iconv/mb encoding for a particular MySQL encoding *
|
} }
/** * Fetch the iconv/mb encoding for a particular MySQL encoding *
|
* @param string The MySQL encoding
| * @param string $mysql_encoding The MySQL encoding
|
* @return string The iconv/mb encoding */ function fetch_iconv_encoding($mysql_encoding)
| * @return string The iconv/mb encoding */ function fetch_iconv_encoding($mysql_encoding)
|
Zeile 529 | Zeile 541 |
---|
/** * Adds/Updates a Page/Tab to the permissions array in the adminoptions table *
|
/** * Adds/Updates a Page/Tab to the permissions array in the adminoptions table *
|
* @param string The name of the tab that is being affected * @param string The name of the page being affected (optional - if not specified, will affect everything under the specified tab) * @param integer Default permissions for the page (1 for allowed - 0 for disallowed - -1 to remove)
| * @param string $tab The name of the tab that is being affected * @param string $page The name of the page being affected (optional - if not specified, will affect everything under the specified tab) * @param integer $default Default permissions for the page (1 for allowed - 0 for disallowed - -1 to remove)
|
*/ function change_admin_permission($tab, $page="", $default=1)
|
*/ function change_admin_permission($tab, $page="", $default=1)
|
{ global $db;
| { global $db;
|
$query = $db->simple_select("adminoptions", "uid, permissions", "permissions != ''"); while($adminoption = $db->fetch_array($query)) { $adminoption['permissions'] = my_unserialize($adminoption['permissions']);
if($default == -1)
|
$query = $db->simple_select("adminoptions", "uid, permissions", "permissions != ''"); while($adminoption = $db->fetch_array($query)) { $adminoption['permissions'] = my_unserialize($adminoption['permissions']);
if($default == -1)
|
{
| {
|
if(!empty($page))
|
if(!empty($page))
|
{
| {
|
unset($adminoption['permissions'][$tab][$page]); } else { unset($adminoption['permissions'][$tab]);
|
unset($adminoption['permissions'][$tab][$page]); } else { unset($adminoption['permissions'][$tab]);
|
}
| }
|
} else {
| } else {
|
Zeile 582 | Zeile 594 |
---|
$db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($adminoption['permissions']))), "uid='{$adminoption['uid']}'"); } }
|
$db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($adminoption['permissions']))), "uid='{$adminoption['uid']}'"); } }
|
|
|
/** * Checks if we have had too many attempts at logging into the ACP *
|
/** * Checks if we have had too many attempts at logging into the ACP *
|
* @param integer The uid of the admin to check * @param boolean Return an array of the number of attempts and expiry time? (default false)
| * @param integer $uid The uid of the admin to check * @param boolean $return_num Return an array of the number of attempts and expiry time? (default false)
|
* @return mixed Return an array if the second parameter is true, boolean otherwise. */ function login_attempt_check_acp($uid=0, $return_num=false)
| * @return mixed Return an array if the second parameter is true, boolean otherwise. */ function login_attempt_check_acp($uid=0, $return_num=false)
|
Zeile 600 | Zeile 612 |
---|
{ $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1); $attempts = $db->fetch_array($query);
|
{ $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1); $attempts = $db->fetch_array($query);
|
| if(!$attempts) { return false; }
|
}
if($attempts['loginattempts'] <= 0)
| }
if($attempts['loginattempts'] <= 0)
|
Zeile 633 | Zeile 650 |
---|
/** * Checks whether the administrator is on a mobile device *
|
/** * Checks whether the administrator is on a mobile device *
|
* @param string The useragent to be checked
| * @param string $useragent The useragent to be checked
|
* @return boolean A true/false depending on if the administrator is on a mobile */ function is_mobile($useragent)
| * @return boolean A true/false depending on if the administrator is on a mobile */ function is_mobile($useragent)
|
Zeile 644 | Zeile 661 |
---|
/** * Checks whether there are any 'security' issues in templates via complex syntax *
|
/** * Checks whether there are any 'security' issues in templates via complex syntax *
|
* @param string The template to be scanned
| * @param string $template The template to be scanned
|
* @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see if our database password is in the template
|
* @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see if our database password is in the template
|
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
| if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
|
{ return true; }
// System calls via backtick
|
{ return true; }
// System calls via backtick
|
if(preg_match('#\$\s*\{#', $template))
| if(preg_match('#\$\s*\{#', $template) !== 0)
|
{ return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA
|
{ return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA
|
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
| $allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template); if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
|
{ return true; }
| { return true; }
|
Zeile 674 | Zeile 692 |
---|
/** * Provides a function to entirely delete a user's posts, and find the threads attached to them *
|
/** * Provides a function to entirely delete a user's posts, and find the threads attached to them *
|
* @param integer The uid of the user * @param int A UNIX timestamp to delete posts that are older
| * @param integer $uid The uid of the user * @param int $date A UNIX timestamp to delete posts that are older
|
* @return array An array of threads to delete, threads/forums to recount */ function delete_user_posts($uid, $date)
| * @return array An array of threads to delete, threads/forums to recount */ function delete_user_posts($uid, $date)
|
Zeile 719 | Zeile 737 |
---|
{ while($post = $db->fetch_array($query)) {
|
{ while($post = $db->fetch_array($query)) {
|
if($post['usepostcounts'] != 0 && $post['visible'] != 0)
| if($post['usepostcounts'] != 0 && $post['visible'] == 1)
|
{ ++$post_count; }
| { ++$post_count; }
|
Zeile 795 | Zeile 813 |
---|
} } </script>";
|
} } </script>";
|
| }
if(!function_exists('array_column')) { function array_column($input, $column_key) { $values = array();
if(!is_array($input)) { $input = array($input); }
foreach($input as $val) { if(is_array($val) && isset($val[$column_key])) { $values[] = $val[$column_key]; } elseif(is_object($val) && isset($val->$column_key)) { $values[] = $val->$column_key; } }
return $values; } }
/** * Output the auto redirect block. * * @param \Form $form An existing form instance to wrap the redirect within. * @param string $prompt The prompt to show. */ function output_auto_redirect($form, $prompt) { global $lang;
echo <<<HTML <div class="confirm_action"> <p>{$prompt}</p> <br /> <script type="text/javascript"> $(function() { var button = $("#proceed_button"); if (button.length > 0) { // create a temporary div element to render the text within, un-escaping HTML entities var textElement = $('<div/>').html('{$lang->automatically_redirecting}'); button.val(textElement.text()); button.attr("disabled", true); button.css("color", "#aaa"); button.css("borderColor", "#aaa"); var parent_form = button.closest('form');
if (parent_form.length > 0) { parent_form.submit(); } } }); </script> <p class="buttons"> {$form->generate_submit_button($lang->proceed, array('class' => 'button_yes', 'id' => 'proceed_button'))} </p> </div> HTML;
|
}
| }
|