Vergleich admin/index.php - 1.8.27 - 1.8.38

Zeile 108	Zeile 108
{ $user = get_user_by_username($mybb->input['username'], array('fields' => '*'));	{ $user = get_user_by_username($mybb->input['username'], array('fields' => '*'));
if(!$user['uid'])	if(!$user)
{ $error = $lang->error_invalid_username; }	{ $error = $lang->error_invalid_username; }
Zeile 116	Zeile 116
else if($mybb->input['uid']) { $user = get_user($mybb->input['uid']);	else if($mybb->input['uid']) { $user = get_user($mybb->input['uid']);
if(!$user['uid'])	if(!$user)
{ $error = $lang->error_invalid_uid; }	{ $error = $lang->error_invalid_uid; }
Zeile 296	Zeile 296
$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); }	$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); }
my_setcookie("adminsid", $sid, '', true, "lax");	my_setcookie("adminsid", $sid, '', true, "strict");
my_setcookie('acploginattempts', 0); $post_verify = false;	my_setcookie('acploginattempts', 0); $post_verify = false;
Zeile 329	Zeile 329
{ $params = explode("=", $param);	{ $params = explode("=", $param);
$query_string .= '&'.htmlspecialchars_uni($params[0])."=".htmlspecialchars_uni($params[1]);	$query_string .= '&'.htmlspecialchars_uni($params[0]); if(isset($params[1])) { $query_string .= "=".htmlspecialchars_uni($params[1]); }
} }	} }
Zeile 339	Zeile 344
else { $login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));	else { $login_user = get_user_by_username($mybb->input['username'], array('fields' => array('email', 'username')));

$plugins->run_hooks("admin_login_fail"); $loginattempts = false;	$plugins->run_hooks("admin_login_fail"); $loginattempts = false;
Zeile 354	Zeile 359
{ // Have we set an expiry yet? if($loginattempts['loginlockoutexpiry'] == 0)	{ // Have we set an expiry yet? if($loginattempts['loginlockoutexpiry'] == 0)
{	{
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+((int)$mybb->settings['loginattemptstimeout']*60)), "uid='".(int)$login_user['uid']."'"); }	$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+((int)$mybb->settings['loginattemptstimeout']*60)), "uid='".(int)$login_user['uid']."'"); }
Zeile 443	Zeile 448
++$matches; } if($matches == ADMIN_IP_SEGMENTS)	++$matches; } if($matches == ADMIN_IP_SEGMENTS)
{ $valid_ip = true; break; } } // IP doesn't match properly - show message on logon screen if(!$valid_ip) { $login_message = $lang->error_invalid_ip; unset($mybb->user); }	{ $valid_ip = true; break; } } // IP doesn't match properly - show message on logon screen if(!$valid_ip) { $login_message = $lang->error_invalid_ip; unset($mybb->user); }
} else if(ADMIN_IPV6_SEGMENTS > 0 && strpos($ip_address, ':') !== false) {	} else if(ADMIN_IPV6_SEGMENTS > 0 && strpos($ip_address, ':') !== false) {
Zeile 473	Zeile 478
if($exploded_ip[$i] == $exploded_admin_ip[$i]) { ++$matches;	if($exploded_ip[$i] == $exploded_admin_ip[$i]) { ++$matches;
}	}
if($matches == ADMIN_IPV6_SEGMENTS) { $valid_ip = true; break; }	if($matches == ADMIN_IPV6_SEGMENTS) { $valid_ip = true; break; }
}	}
// IP doesn't match properly - show message on logon screen if(!$valid_ip)	// IP doesn't match properly - show message on logon screen if(!$valid_ip)
Zeile 497	Zeile 502
{ $plugins->run_hooks("admin_logout");	{ $plugins->run_hooks("admin_logout");
if(verify_post_check($mybb->input['my_post_key']))	if(verify_post_check($mybb->get_input('my_post_key')))
{ $db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'"); my_unsetcookie('adminsid');	{ $db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'"); my_unsetcookie('adminsid');
Zeile 521	Zeile 526
$is_super_admin = is_super_admin($mybb->user['uid']); }	$is_super_admin = is_super_admin($mybb->user['uid']); }
if($mybb->usergroup['cancp'] != 1 && !$is_super_admin \|\| !$mybb->user['uid'])	if(empty($mybb->usergroup['cancp']) && !$is_super_admin \|\| !$mybb->user['uid'])
{ $uid = 0; if(isset($mybb->user['uid']))	{ $uid = 0; if(isset($mybb->user['uid']))
Zeile 531	Zeile 536
$db->delete_query("adminsessions", "uid = '{$uid}'"); unset($mybb->user); my_unsetcookie('adminsid');	$db->delete_query("adminsessions", "uid = '{$uid}'"); unset($mybb->user); my_unsetcookie('adminsid');
	if($mybb->get_input('do') == 'login') { $login_message = $lang->error_mybb_not_admin_account; }
} if(!empty($mybb->user['uid']))	} if(!empty($mybb->user['uid']))
Zeile 810	Zeile 819
if($post_verify == true) { // If the post key does not match we switch the action to GET and set a message to show the user	if($post_verify == true) { // If the post key does not match we switch the action to GET and set a message to show the user
if(!verify_post_check($mybb->input['my_post_key'], true))	if(!verify_post_check($mybb->get_input('my_post_key'), true))
{ $mybb->request_method = "get"; $page->show_post_verify_error = true;	{ $mybb->request_method = "get"; $page->show_post_verify_error = true;