| Zeile 33 | Zeile 33 |
|---|
"dateline" => TIME_NOW,
"module" => $db->escape_string($mybb->get_input('module')),
"action" => $db->escape_string($mybb->get_input('action')),
|
"dateline" => TIME_NOW,
"module" => $db->escape_string($mybb->get_input('module')),
"action" => $db->escape_string($mybb->get_input('action')),
|
"data" => $db->escape_string(@serialize($data))
| "data" => $db->escape_string(@my_serialize($data))
|
);
$db->insert_query("adminlog", $log_entry);
| );
$db->insert_query("adminlog", $log_entry);
|
| Zeile 42 | Zeile 42 |
|---|
/**
* Redirects the current user to a specified URL.
*
|
/**
* Redirects the current user to a specified URL.
*
|
* @param string The URL to redirect to
| * @param string $url The URL to redirect to
|
*/
function admin_redirect($url)
{
| */
function admin_redirect($url)
{
|
| Zeile 61 | Zeile 61 |
|---|
/**
* Updates an administration session data array.
*
|
/**
* Updates an administration session data array.
*
|
* @param string The name of the item in the data session to update
* @param mixed The value
| * @param string $name The name of the item in the data session to update
* @param mixed $value The value
|
*/
function update_admin_session($name, $value)
{
| */
function update_admin_session($name, $value)
{
|
| Zeile 70 | Zeile 70 |
|---|
$admin_session['data'][$name] = $value;
$updated_session = array(
|
$admin_session['data'][$name] = $value;
$updated_session = array(
|
"data" => $db->escape_string(@serialize($admin_session['data']))
| "data" => $db->escape_string(@my_serialize($admin_session['data']))
|
);
$db->update_query("adminsessions", $updated_session, "sid='{$admin_session['sid']}'");
}
| );
$db->update_query("adminsessions", $updated_session, "sid='{$admin_session['sid']}'");
}
|
| Zeile 78 | Zeile 78 |
|---|
/**
* Saves a "flash message" for the current user to be shown on their next page visit.
*
|
/**
* Saves a "flash message" for the current user to be shown on their next page visit.
*
|
* @param string The message to show
* @param string The type of message to be shown (success|error)
| * @param string $message The message to show
* @param string $type The type of message to be shown (success|error)
|
*/
function flash_message($message, $type='')
{
| */
function flash_message($message, $type='')
{
|
| Zeile 90 | Zeile 90 |
|---|
/**
* Draw pagination for pages in the Admin CP.
*
|
/**
* Draw pagination for pages in the Admin CP.
*
|
* @param int The current page we're on
* @param int The number of items per page
* @param int The total number of items in this collection
* @param string The URL for pagination of this collection
| * @param int $page The current page we're on
* @param int $per_page The number of items per page
* @param int $total_items The total number of items in this collection
* @param string $url The URL for pagination of this collection
|
* @return string The built pagination
*/
function draw_admin_pagination($page, $per_page, $total_items, $url)
| * @return string The built pagination
*/
function draw_admin_pagination($page, $per_page, $total_items, $url)
|
| Zeile 102 | Zeile 102 |
|---|
if($total_items <= $per_page)
{
|
if($total_items <= $per_page)
{
|
return;
| return '';
|
}
$pages = ceil($total_items / $per_page);
| }
$pages = ceil($total_items / $per_page);
|
| Zeile 186 | Zeile 186 |
|---|
/**
* Builds a CSV parent list for a particular forum.
*
|
/**
* Builds a CSV parent list for a particular forum.
*
|
* @param int The forum ID
* @param string Optional separator - defaults to comma for CSV list
| * @param int $fid The forum ID
* @param string $navsep Optional separator - defaults to comma for CSV list
|
* @return string The built parent list
*/
function make_parent_list($fid, $navsep=",")
| * @return string The built parent list
*/
function make_parent_list($fid, $navsep=",")
|
| Zeile 205 | Zeile 205 |
|---|
reset($pforumcache);
reset($pforumcache[$fid]);
|
reset($pforumcache);
reset($pforumcache[$fid]);
|
| |
$navigation = '';
|
foreach($pforumcache[$fid] as $key => $forum)
{
if($fid == $forum['fid'])
{
|
foreach($pforumcache[$fid] as $key => $forum)
{
if($fid == $forum['fid'])
{
|
if($pforumcache[$forum['pid']])
{
| if(!empty($pforumcache[$forum['pid']]))
{
|
$navigation = make_parent_list($forum['pid'], $navsep).$navigation;
|
$navigation = make_parent_list($forum['pid'], $navsep).$navigation;
|
}
| }
|
if($navigation)
{
|
if($navigation)
{
|
| Zeile 225 | Zeile 227 |
|---|
return $navigation;
}
|
return $navigation;
}
|
| | /**
* @param int $fid
*/
|
function save_quick_perms($fid)
{
global $db, $inherit, $canview, $canpostthreads, $canpostreplies, $canpostpolls, $canpostattachments, $cache;
| function save_quick_perms($fid)
{
global $db, $inherit, $canview, $canpostthreads, $canpostreplies, $canpostpolls, $canpostattachments, $cache;
|
| Zeile 234 | Zeile 239 |
|---|
$field_list = $db->show_fields_from("forumpermissions");
foreach($field_list as $field)
{
|
$field_list = $db->show_fields_from("forumpermissions");
foreach($field_list as $field)
{
|
if(strpos($field['Field'], 'can') !== false)
| if(strpos($field['Field'], 'can') !== false || strpos($field['Field'], 'mod') !== false)
|
{
$permission_fields[$field['Field']] = 1;
}
| {
$permission_fields[$field['Field']] = 1;
}
|
| Zeile 261 | Zeile 266 |
|---|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
if($inherit[$usergroup['gid']] != 1)
| if(empty($inherit[$usergroup['gid']]))
|
{
|
{
|
if($canview[$usergroup['gid']] == 1)
| if(!empty($canview[$usergroup['gid']]))
|
{
$pview = 1;
}
| {
$pview = 1;
}
|
| Zeile 272 | Zeile 277 |
|---|
$pview = 0;
}
|
$pview = 0;
}
|
if($canpostthreads[$usergroup['gid']] == 1)
| if(!empty($canpostthreads[$usergroup['gid']]))
|
{
$pthreads = 1;
}
| {
$pthreads = 1;
}
|
| Zeile 281 | Zeile 286 |
|---|
$pthreads = 0;
}
|
$pthreads = 0;
}
|
if($canpostreplies[$usergroup['gid']] == 1)
| if(!empty($canpostreplies[$usergroup['gid']]))
|
{
$preplies = 1;
}
| {
$preplies = 1;
}
|
| Zeile 290 | Zeile 295 |
|---|
$preplies = 0;
}
|
$preplies = 0;
}
|
if($canpostpolls[$usergroup['gid']] == 1)
| if(!empty($canpostpolls[$usergroup['gid']]))
|
{
$ppolls = 1;
}
| {
$ppolls = 1;
}
|
| Zeile 324 | Zeile 329 |
|---|
continue;
}
|
continue;
}
|
$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];
| $insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;
|
}
$db->insert_query("forumpermissions", $insertquery);
| }
$db->insert_query("forumpermissions", $insertquery);
|
| Zeile 336 | Zeile 341 |
|---|
/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
|
/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
|
* @param array Array containing module and action to check for
| * @param array $action Array containing module and action to check for
* @param bool $error
* @return bool
|
*/
function check_admin_permissions($action, $error = true)
{
| */
function check_admin_permissions($action, $error = true)
{
|
| Zeile 352 | Zeile 359 |
|---|
{
$func = $action['module']."_admin_permissions";
$permissions = $func();
|
{
$func = $action['module']."_admin_permissions";
$permissions = $func();
|
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
| if(
!empty($permissions['permissions'][$action['action']]) &&
empty($mybb->admin['permissions'][$action['module']][$action['action']])
)
|
{
if($error)
{
| {
if($error)
{
|
| Zeile 361 | Zeile 371 |
|---|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
|
}
else
| }
else
|
{
return false;
}
| {
return false;
}
|
| Zeile 375 | Zeile 385 |
|---|
/**
* Fetches the list of administrator permissions for a particular user or group
*
|
/**
* Fetches the list of administrator permissions for a particular user or group
*
|
* @param int The user ID to fetch permissions for
* @param int The (optional) group ID to fetch permissions for
| * @param int $get_uid The user ID to fetch permissions for
* @param int $get_gid The (optional) group ID to fetch permissions for
|
* @return array Array of permissions for specified user or group
*/
|
* @return array Array of permissions for specified user or group
*/
|
function get_admin_permissions($get_uid="", $get_gid="")
| function get_admin_permissions($get_uid=0, $get_gid=0)
|
{
global $db, $mybb;
// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;
|
{
global $db, $mybb;
// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;
|
|
|
$gid_array = array();
|
$gid_array = array();
|
if($uid === "")
| if($uid === 0)
|
{
$uid = $mybb->user['uid'];
}
| {
$uid = $mybb->user['uid'];
}
|
| Zeile 418 | Zeile 428 |
|---|
// Group is specified
// Make sure gid is negative
$gid_array[] = (-1) * abs($gid);
|
// Group is specified
// Make sure gid is negative
$gid_array[] = (-1) * abs($gid);
|
}
| }
|
// What are we trying to find?
if($get_gid && !$get_uid)
|
// What are we trying to find?
if($get_gid && !$get_uid)
|
| Zeile 447 | Zeile 457 |
|---|
foreach($gid_array as $gid)
{
$group_sql .= " OR uid='{$gid}'";
|
foreach($gid_array as $gid)
{
$group_sql .= " OR uid='{$gid}'";
|
}
| }
|
$perms_group = array();
$query = $db->simple_select("adminoptions", "permissions, uid", "(uid='{$uid}'{$group_sql}) AND permissions != ''", $options);
while($perm = $db->fetch_array($query))
| $perms_group = array();
$query = $db->simple_select("adminoptions", "permissions, uid", "(uid='{$uid}'{$group_sql}) AND permissions != ''", $options);
while($perm = $db->fetch_array($query))
|
| Zeile 468 | Zeile 478 |
|---|
else
{
$perms_def = $perm['permissions'];
|
else
{
$perms_def = $perm['permissions'];
|
}
}
| }
}
|
// Figure out group permissions...ugh.
foreach($perms_group as $gperms)
|
// Figure out group permissions...ugh.
foreach($perms_group as $gperms)
|
| Zeile 479 | Zeile 489 |
|---|
// Use this group as the base for admin group permissions
$final_group_perms = $gperms;
continue;
|
// Use this group as the base for admin group permissions
$final_group_perms = $gperms;
continue;
|
}
| }
|
// Loop through each specific permission to find the highest permission
foreach($gperms as $perm_name => $perm_value)
{
| // Loop through each specific permission to find the highest permission
foreach($gperms as $perm_name => $perm_value)
{
|
| Zeile 489 | Zeile 499 |
|---|
$final_group_perms[$perm_name] = '1';
}
}
|
$final_group_perms[$perm_name] = '1';
}
}
|
}
| }
|
// Send specific user, or group permissions before default.
// If user's permission are explicitly set, they've already been returned above.
if(isset($final_group_perms))
{
return $final_group_perms;
}
|
// Send specific user, or group permissions before default.
// If user's permission are explicitly set, they've already been returned above.
if(isset($final_group_perms))
{
return $final_group_perms;
}
|
else
| elseif(isset($perms_def))
|
{
return $perms_def;
}
|
{
return $perms_def;
}
|
| |
return array();
|
}
}
/**
* Fetch the iconv/mb encoding for a particular MySQL encoding
*
|
}
}
/**
* Fetch the iconv/mb encoding for a particular MySQL encoding
*
|
* @param string The MySQL encoding
| * @param string $mysql_encoding The MySQL encoding
|
* @return string The iconv/mb encoding
*/
function fetch_iconv_encoding($mysql_encoding)
| * @return string The iconv/mb encoding
*/
function fetch_iconv_encoding($mysql_encoding)
|
| Zeile 529 | Zeile 541 |
|---|
/**
* Adds/Updates a Page/Tab to the permissions array in the adminoptions table
*
|
/**
* Adds/Updates a Page/Tab to the permissions array in the adminoptions table
*
|
* @param string The name of the tab that is being affected
* @param string The name of the page being affected (optional - if not specified, will affect everything under the specified tab)
* @param integer Default permissions for the page (1 for allowed - 0 for disallowed - -1 to remove)
| * @param string $tab The name of the tab that is being affected
* @param string $page The name of the page being affected (optional - if not specified, will affect everything under the specified tab)
* @param integer $default Default permissions for the page (1 for allowed - 0 for disallowed - -1 to remove)
|
*/
function change_admin_permission($tab, $page="", $default=1)
|
*/
function change_admin_permission($tab, $page="", $default=1)
|
{
global $db;
| {
global $db;
|
$query = $db->simple_select("adminoptions", "uid, permissions", "permissions != ''");
while($adminoption = $db->fetch_array($query))
{
$adminoption['permissions'] = my_unserialize($adminoption['permissions']);
if($default == -1)
|
$query = $db->simple_select("adminoptions", "uid, permissions", "permissions != ''");
while($adminoption = $db->fetch_array($query))
{
$adminoption['permissions'] = my_unserialize($adminoption['permissions']);
if($default == -1)
|
{
| {
|
if(!empty($page))
|
if(!empty($page))
|
{
| {
|
unset($adminoption['permissions'][$tab][$page]);
}
else
{
unset($adminoption['permissions'][$tab]);
|
unset($adminoption['permissions'][$tab][$page]);
}
else
{
unset($adminoption['permissions'][$tab]);
|
}
| }
|
}
else
{
if(!empty($page))
|
}
else
{
if(!empty($page))
|
{
if($adminoption['uid'] == 0)
{
| {
if($adminoption['uid'] == 0)
{
|
$adminoption['permissions'][$tab][$page] = 0;
}
else
| $adminoption['permissions'][$tab][$page] = 0;
}
else
|
| Zeile 579 | Zeile 591 |
|---|
}
}
|
}
}
|
$db->update_query("adminoptions", array('permissions' => $db->escape_string(serialize($adminoption['permissions']))), "uid='{$adminoption['uid']}'");
| $db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($adminoption['permissions']))), "uid='{$adminoption['uid']}'");
|
}
}
|
}
}
|
|
|
/**
* Checks if we have had too many attempts at logging into the ACP
*
|
/**
* Checks if we have had too many attempts at logging into the ACP
*
|
* @param integer The uid of the admin to check
* @param boolean Return an array of the number of attempts and expiry time? (default false)
| * @param integer $uid The uid of the admin to check
* @param boolean $return_num Return an array of the number of attempts and expiry time? (default false)
|
* @return mixed Return an array if the second parameter is true, boolean otherwise.
*/
function login_attempt_check_acp($uid=0, $return_num=false)
| * @return mixed Return an array if the second parameter is true, boolean otherwise.
*/
function login_attempt_check_acp($uid=0, $return_num=false)
|
| Zeile 600 | Zeile 612 |
|---|
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1);
$attempts = $db->fetch_array($query);
|
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1);
$attempts = $db->fetch_array($query);
|
| |
if(!$attempts)
{
return false;
}
|
}
if($attempts['loginattempts'] <= 0)
| }
if($attempts['loginattempts'] <= 0)
|
| Zeile 633 | Zeile 650 |
|---|
/**
* Checks whether the administrator is on a mobile device
*
|
/**
* Checks whether the administrator is on a mobile device
*
|
* @param string The useragent to be checked
| * @param string $useragent The useragent to be checked
|
* @return boolean A true/false depending on if the administrator is on a mobile
*/
function is_mobile($useragent)
| * @return boolean A true/false depending on if the administrator is on a mobile
*/
function is_mobile($useragent)
|
| Zeile 644 | Zeile 661 |
|---|
/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
|
/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
|
* @param string The template to be scanned
| * @param string $template The template to be scanned
|
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
|
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
|
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
| if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
|
{
return true;
}
// System calls via backtick
|
{
return true;
}
// System calls via backtick
|
if(preg_match('#\$\s*\{#', $template))
| if(preg_match('#\$\s*\{#', $template) !== 0)
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
| $allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
|
{
return true;
}
| {
return true;
}
|
| Zeile 674 | Zeile 692 |
|---|
/**
* Provides a function to entirely delete a user's posts, and find the threads attached to them
*
|
/**
* Provides a function to entirely delete a user's posts, and find the threads attached to them
*
|
* @param integer The uid of the user
* @param int A UNIX timestamp to delete posts that are older
| * @param integer $uid The uid of the user
* @param int $date A UNIX timestamp to delete posts that are older
|
* @return array An array of threads to delete, threads/forums to recount
*/
function delete_user_posts($uid, $date)
| * @return array An array of threads to delete, threads/forums to recount
*/
function delete_user_posts($uid, $date)
|
| Zeile 719 | Zeile 737 |
|---|
{
while($post = $db->fetch_array($query))
{
|
{
while($post = $db->fetch_array($query))
{
|
if($post['usepostcounts'] != 0 && $post['visible'] != 0)
| if($post['usepostcounts'] != 0 && $post['visible'] == 1)
|
{
++$post_count;
}
| {
++$post_count;
}
|
| Zeile 795 | Zeile 813 |
|---|
}
}
</script>";
|
}
}
</script>";
|
| | }
if(!function_exists('array_column'))
{
function array_column($input, $column_key)
{
$values = array();
if(!is_array($input))
{
$input = array($input);
}
foreach($input as $val)
{
if(is_array($val) && isset($val[$column_key]))
{
$values[] = $val[$column_key];
}
elseif(is_object($val) && isset($val->$column_key))
{
$values[] = $val->$column_key;
}
}
return $values;
}
}
/**
* Output the auto redirect block.
*
* @param \Form $form An existing form instance to wrap the redirect within.
* @param string $prompt The prompt to show.
*/
function output_auto_redirect($form, $prompt)
{
global $lang;
echo <<<HTML
<div class="confirm_action">
<p>{$prompt}</p>
<br />
<script type="text/javascript">
$(function() {
var button = $("#proceed_button");
if (button.length > 0) {
// create a temporary div element to render the text within, un-escaping HTML entities
var textElement = $('<div/>').html('{$lang->automatically_redirecting}');
button.val(textElement.text());
button.attr("disabled", true);
button.css("color", "#aaa");
button.css("borderColor", "#aaa");
var parent_form = button.closest('form');
if (parent_form.length > 0) {
parent_form.submit();
}
}
});
</script>
<p class="buttons">
{$form->generate_submit_button($lang->proceed, array('class' => 'button_yes', 'id' => 'proceed_button'))}
</p>
</div>
HTML;
|
}
| }
|