Vergleich inc/functions_user.php - 1.8.15 - 1.8.29

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 246Zeile 246
		$password_fields = create_password($password, $user['salt'], $user);

return my_hash_equals($user['password'], $password_fields['password']);

		$password_fields = create_password($password, $user['salt'], $user);

return my_hash_equals($user['password'], $password_fields['password']);

	}
}

/**
* Performs a timing attack safe string comparison.
*
* @param string $known_string The first string to be compared.
* @param string $user_string The second, user-supplied string to be compared.
* @return bool Result of the comparison.
*/
function my_hash_equals($known_string, $user_string)
{
if(version_compare(PHP_VERSION, '5.6.0', '>='))
{
return hash_equals($known_string, $user_string);
}
else
{
$known_string_length = my_strlen($known_string);
$user_string_length = my_strlen($user_string);

if($user_string_length != $known_string_length)
{
return false;
}

$result = 0;

for($i = 0; $i < $known_string_length; $i++)
{
$result |= ord($known_string[$i]) ^ ord($user_string[$i]);
}

return $result === 0;

 
	}
}


	}
}


Zeile 367Zeile 333

$query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'");
$subscription = $db->fetch_array($query);


$query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'");
$subscription = $db->fetch_array($query);

	if(!$subscription['tid'])

	if(empty($subscription) || !$subscription['tid'])

	{
$insert_array = array(
'uid' => (int)$uid,

	{
$insert_array = array(
'uid' => (int)$uid,

Zeile 397Zeile 363
 * @return boolean True when success, false when otherwise.
*/
function remove_subscribed_thread($tid, $uid=0)

 * @return boolean True when success, false when otherwise.
*/
function remove_subscribed_thread($tid, $uid=0)

{
global $mybb, $db;

if(!$uid)
{
$uid = $mybb->user['uid'];
}

if(!$uid)
{
return false;
}
$db->delete_query("threadsubscriptions", "tid='".$tid."' AND uid='{$uid}'");


{
global $mybb, $db;

if(!$uid)
{
$uid = $mybb->user['uid'];
}

if(!$uid)
{
return false;
}
$db->delete_query("threadsubscriptions", "tid='".$tid."' AND uid='{$uid}'");


	return true;
}


	return true;
}


Zeile 441Zeile 407

$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
$fsubscription = $db->fetch_array($query);


$query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1));
$fsubscription = $db->fetch_array($query);

	if(!$fsubscription['fid'])

	if(empty($fsubscription) || !$fsubscription['fid'])

	{
$insert_array = array(
'fid' => $fid,

	{
$insert_array = array(
'fid' => $fid,

Zeile 521Zeile 487
 */
function usercp_menu_messenger()
{

 */
function usercp_menu_messenger()
{

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;





 
	$expaltext = (in_array("usercppms", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;

	$usercp_nav_messenger = $templates->get("usercp_nav_messenger");
// Hide tracking link if no permission
$tracking = '';

	$usercp_nav_messenger = $templates->get("usercp_nav_messenger");
// Hide tracking link if no permission
$tracking = '';

Zeile 537Zeile 504
	if($mybb->usergroup['cansendpms'] == 1)
{
eval("\$ucp_nav_compose = \"".$templates->get("usercp_nav_messenger_compose")."\";");

	if($mybb->usergroup['cansendpms'] == 1)
{
eval("\$ucp_nav_compose = \"".$templates->get("usercp_nav_messenger_compose")."\";");

	}


	}


	$folderlinks = $folder_id = $folder_name = '';
$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
foreach($foldersexploded as $key => $folders)

	$folderlinks = $folder_id = $folder_name = '';
$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
foreach($foldersexploded as $key => $folders)

Zeile 583Zeile 550
 */
function usercp_menu_profile()
{

 */
function usercp_menu_profile()
{

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;


$changenameop = '';
if($mybb->usergroup['canchangename'] != 0)


$changenameop = '';
if($mybb->usergroup['canchangename'] != 0)

Zeile 610Zeile 577
		$collapsed['usercpprofile_e'] = '';
}


		$collapsed['usercpprofile_e'] = '';
}


 
	$expaltext = (in_array("usercpprofile", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;

	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";");
}


	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";");
}


Zeile 619Zeile 587
 */
function usercp_menu_misc()
{

 */
function usercp_menu_misc()
{

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;

	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;


$draftstart = $draftend = '';
$draftcount = $lang->ucp_nav_drafts;


$draftstart = $draftend = '';
$draftcount = $lang->ucp_nav_drafts;

Zeile 648Zeile 616
	}

$profile_link = get_profile_link($mybb->user['uid']);

	}

$profile_link = get_profile_link($mybb->user['uid']);

 
	$expaltext = (in_array("usercpmisc", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;

	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";");
}


	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";");
}


Zeile 664Zeile 633
	if($mybb->user['uid'] == $uid)
{
$user = $mybb->user;

	if($mybb->user['uid'] == $uid)
{
$user = $mybb->user;

	}
else
{

	}
else
{

		$query = $db->simple_select("users", "usertitle,postnum", "uid='$uid'", array('limit' => 1));
$user = $db->fetch_array($query);
}

		$query = $db->simple_select("users", "usertitle,postnum", "uid='$uid'", array('limit' => 1));
$user = $db->fetch_array($query);
}

Zeile 674Zeile 643
	if($user['usertitle'])
{
return $user['usertitle'];

	if($user['usertitle'])
{
return $user['usertitle'];

	}

	}

	else
{
$usertitles = $mybb->cache->read('usertitles');

	else
{
$usertitles = $mybb->cache->read('usertitles');

Zeile 690Zeile 659
		return $usertitle['title'];
}
}

		return $usertitle['title'];
}
}





/**
* Updates a users private message count in the users table with the number of pms they have.
*

/**
* Updates a users private message count in the users table with the number of pms they have.
*

Zeile 706Zeile 675
	if((int)$uid == 0)
{
$uid = $mybb->user['uid'];

	if((int)$uid == 0)
{
$uid = $mybb->user['uid'];

	}


	}


	$uid = (int)$uid;
$pmcount = array();
if($uid == 0)
{
return $pmcount;

	$uid = (int)$uid;
$pmcount = array();
if($uid == 0)
{
return $pmcount;

	}


	}


	// Update total number of messages.
if($count_to_update & 1)
{

	// Update total number of messages.
if($count_to_update & 1)
{

Zeile 729Zeile 698
		$query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_unread", "uid='".$uid."' AND status='0' AND folder='1'");
$unread = $db->fetch_array($query);
$pmcount['unreadpms'] = $unread['pms_unread'];

		$query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_unread", "uid='".$uid."' AND status='0' AND folder='1'");
$unread = $db->fetch_array($query);
$pmcount['unreadpms'] = $unread['pms_unread'];

	}

	}


if(!empty($pmcount))
{
$db->update_query("users", $pmcount, "uid='".$uid."'");
}
return $pmcount;


if(!empty($pmcount))
{
$db->update_query("users", $pmcount, "uid='".$uid."'");
}
return $pmcount;

}

}


/**
* Return the language specific name for a PM folder.


/**
* Return the language specific name for a PM folder.

Zeile 744Zeile 713
 * @param int $fid The ID of the folder.
* @param string $name The folder name - can be blank, will use language default.
* @return string The name of the folder.

 * @param int $fid The ID of the folder.
* @param string $name The folder name - can be blank, will use language default.
* @return string The name of the folder.

 */

 */

function get_pm_folder_name($fid, $name="")
{
global $lang;

function get_pm_folder_name($fid, $name="")
{
global $lang;

Zeile 752Zeile 721
	if($name != '')
{
return $name;

	if($name != '')
{
return $name;

	}

	}


switch($fid)
{


switch($fid)
{

		case 1:

		case 0:

			return $lang->folder_inbox;

			return $lang->folder_inbox;

 
			break;
case 1:
return $lang->folder_unread;

			break;
case 2:
return $lang->folder_sent_items;

			break;
case 2:
return $lang->folder_sent_items;

Zeile 791Zeile 763
	{
$order_by = 'RAND()';
}

	{
$order_by = 'RAND()';
}

	



$excl_old = '';

	if($old_qid)
{
$excl_old = ' AND qid != '.(int)$old_qid;

	if($old_qid)
{
$excl_old = ' AND qid != '.(int)$old_qid;