Vergleich admin/inc/functions.php - 1.6.2 - 1.6.15

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $

 * $Id$

 */

/**

 */

/**

Zeile 153Zeile 153
	if($from > 2)
{
$first = fetch_page_url($url, 1);

	if($from > 2)
{
$first = fetch_page_url($url, 1);

		$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";

		$pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";

	}

for($i = $from; $i <= $to; ++$i)

	}

for($i = $from; $i <= $to; ++$i)

Zeile 298Zeile 298
			else
{
$ppolls = 0;

			else
{
$ppolls = 0;

			}

if($canpostattachments[$usergroup['gid']] == 1)
{
$pattachments = 1;
}
else
{
$pattachments = 0;

 
			}

if(!$preplies && !$pthreads)
{
$ppost = 0;

			}

if(!$preplies && !$pthreads)
{
$ppost = 0;

			}

			}

			else
{
$ppost = 1;

			else
{
$ppost = 1;

			}

			}

			
$insertquery = array(
"fid" => intval($fid),

			
$insertquery = array(
"fid" => intval($fid),

Zeile 324Zeile 315
				"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),

				"canview" => intval($pview),
"canpostthreads" => intval($pthreads),
"canpostreplys" => intval($preplies),

				"canpostattachments" => intval($pattachments),

 
				"canpostpolls" => intval($ppolls),
);


				"canpostpolls" => intval($ppolls),
);


Zeile 342Zeile 332
		}
}
$cache->update_forumpermissions();

		}
}
$cache->update_forumpermissions();

}


}


/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for
*/

/**
* Checks if a particular user has the necessary permissions to access a particular page.
*
* @param array Array containing module and action to check for
*/

function check_admin_permissions($action)

function check_admin_permissions($action, $error = true)

{
global $mybb, $page, $lang, $modules_dir;

{
global $mybb, $page, $lang, $modules_dir;

	

	

	if(is_super_admin($mybb->user['uid']))
{
return true;

	if(is_super_admin($mybb->user['uid']))
{
return true;

Zeile 365Zeile 355
		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

			$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;








			if($error)
{
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
}
else
{
return false;
}

		}
}


		}
}


Zeile 428Zeile 425
	if($get_gid && !$get_uid)
{
// A group only

	if($get_gid && !$get_uid)
{
// A group only

		
$options = array(

		
$options = array(

			"order_by" => "uid",
"order_dir" => "ASC",
"limit" => "1"

			"order_by" => "uid",
"order_dir" => "ASC",
"limit" => "1"

Zeile 449Zeile 446
		// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)

		// Prepare user's groups into SQL format
$group_sql = '';
foreach($gid_array as $gid)

		{

		{

			$group_sql .= " OR uid='{$gid}'";
}


			$group_sql .= " OR uid='{$gid}'";
}


Zeile 468Zeile 465
			elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];

			elseif($perm['uid'] < 0)
{
$perms_group[] = $perm['permissions'];

			}
else

			}
else

			{
$perms_def = $perm['permissions'];
}

			{
$perms_def = $perm['permissions'];
}

Zeile 547Zeile 544
		$adminoption['permissions'] = unserialize($adminoption['permissions']);

if($default == -1)

		$adminoption['permissions'] = unserialize($adminoption['permissions']);

if($default == -1)

		{
if(!empty($page))
{

		{
if(!empty($page))
{

				unset($adminoption['permissions'][$tab][$page]);
}
else

				unset($adminoption['permissions'][$tab][$page]);
}
else

Zeile 564Zeile 561
				if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;

				if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;

				}

				}

				else
{
$adminoption['permissions'][$tab][$page] = $default;

				else
{
$adminoption['permissions'][$tab][$page] = $default;

				}
}

				}
}

			else
{
if($adminoption['uid'] == 0)

			else
{
if($adminoption['uid'] == 0)

Zeile 589Zeile 586

/**
* Checks if we have had too many attempts at logging into the ACP


/**
* Checks if we have had too many attempts at logging into the ACP

 *

 *

 * @param integer The uid of the admin to check
* @param boolean Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.

 * @param integer The uid of the admin to check
* @param boolean Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.

Zeile 599Zeile 596
	global $db, $mybb;

$attempts['loginattempts'] = 0;

	global $db, $mybb;

$attempts['loginattempts'] = 0;

	

	

	if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1);
$attempts = $db->fetch_array($query);

	if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".intval($uid)."'", 1);
$attempts = $db->fetch_array($query);

	}

	}

	
if($attempts['loginattempts'] <= 0)
{
return false;

	
if($attempts['loginattempts'] <= 0)
{
return false;

	}

	}


if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
{


if($mybb->settings['maxloginattempts'] > 0 && $attempts['loginattempts'] >= $mybb->settings['maxloginattempts'])
{
// Has the expiry dateline been set yet?
if($attempts['loginlockoutexpiry'] == 0 && $return_num == false)
{

			$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'", 1);

			$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW+(intval($mybb->settings['loginattemptstimeout'])*60)), "uid='".intval($uid)."'");

		}

// Are we returning the # of login attempts?

		}

// Are we returning the # of login attempts?

Zeile 631Zeile 628
		}
}


		}
}


 
	return false;
}

/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
* @param string The template to be scanned
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see if our database password is in the template
if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
{
return true;
}

// System calls via backtick
if(preg_match('#\$\s*\{#', $template))
{
return true;
}

// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
{
return true;
}


	return false;
}


	return false;
}