From 458b9b50ec8d835b4c5f72823d4815a9cee6d706 Mon Sep 17 00:00:00 2001 From: Ludovic Arnaud Date: Mon, 20 Jan 2003 05:12:38 +0000 Subject: [PATCH] Un-b0rked ACL options caching, small general fixes git-svn-id: file:///svn/phpbb/trunk@3338 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/admin/admin_forums.php | 8 +++++--- phpBB/admin/pagestart.php | 12 +----------- phpBB/common.php | 16 +++++++++++++--- phpBB/db/mysql.php | 7 +++++-- phpBB/includes/acm/cache_file.php | 4 ++-- phpBB/includes/functions.php | 12 +++++------- phpBB/includes/functions_admin.php | 6 +++++- phpBB/includes/functions_display.php | 20 ++++++++++++++------ phpBB/includes/page_tail.php | 5 ++++- phpBB/includes/session.php | 22 +++++++++++++++------- phpBB/index.php | 15 +++------------ phpBB/mcp.php | 2 +- phpBB/posting.php | 9 +++++++-- phpBB/viewforum.php | 4 ++-- phpBB/viewtopic.php | 6 +++--- 15 files changed, 85 insertions(+), 63 deletions(-) diff --git a/phpBB/admin/admin_forums.php b/phpBB/admin/admin_forums.php index 66c792d1e4..8f4b13d99f 100644 --- a/phpBB/admin/admin_forums.php +++ b/phpBB/admin/admin_forums.php @@ -192,10 +192,10 @@ switch ($mode) 'parent_id' => $parent_id, 'left_id' => $left_id, 'right_id' => $right_id, - 'forum_status' => ITEM_UNLOCKED, + 'forum_status' => intval($_POST['forum_status']), 'forum_postable' => (!empty($_POST['forum_postable'])) ? 1 : 0, - 'forum_name' => sql_quote($_POST['forum_name']), - 'forum_desc' => sql_quote($_POST['forum_desc']), + 'forum_name' => $_POST['forum_name'], + 'forum_desc' => $_POST['forum_desc'], 'forum_style' => (!empty($_POST['forum_style'])) ? intval($_POST['forum_style']) : 'NULL', 'enable_post_count' => (!empty($_POST['disable_post_count'])) ? 0 : 1, 'enable_icons' => (!empty($_POST['enable_icons'])) ? 1 : 0, @@ -282,6 +282,8 @@ switch ($mode) // // wasn't this form submitted? is anyone trying to remotely delete forums // + // NOTE/TODO: this should not be possible because of session_id verification so this part can be removed + // trigger_error('Did not submit', E_USER_ERROR); } diff --git a/phpBB/admin/pagestart.php b/phpBB/admin/pagestart.php index 8b4e2aa535..9460f86582 100644 --- a/phpBB/admin/pagestart.php +++ b/phpBB/admin/pagestart.php @@ -25,6 +25,7 @@ if (!defined('IN_PHPBB')) } define('IN_ADMIN', true); +define('NEED_SID', true); include($phpbb_root_path . 'common.'.$phpEx); // Start session management @@ -33,17 +34,6 @@ $user->setup(); $auth->acl($user->data); // End session management -// -// If session_ids do not match, rewrite the URL correctly then redirect the user -// -if ($_REQUEST['sid'] != $user->data['session_id']) -{ - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $user->data['session_id']; - redirect($url); -} - // ----------------------------- // Functions function page_header($sub_title, $meta = '', $table_html = true) diff --git a/phpBB/common.php b/phpBB/common.php index 6c4da7da4a..f56569f8e1 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -80,7 +80,6 @@ define('GROUP_SPECIAL', 3); define('ITEM_UNLOCKED', 0); define('ITEM_LOCKED', 1); define('ITEM_MOVED', 2); -define('ITEM_CATEGORY', 3); // Topic types define('POST_NORMAL', 0); @@ -183,7 +182,7 @@ if ( empty($acl_options) ) } */ -if (!$config = $cache->load('config')) +if (!$config = $cache->get('config')) { $config = array(); @@ -195,7 +194,18 @@ if (!$config = $cache->load('config')) $config[$row['config_name']] = $row['config_value']; } - $cache->save('config', $config); + $cache->put('config', $config); +} + +if ($cache->exists('acl_options')) +{ + $acl_options = $cache->get('acl_options'); +} +else +{ + require_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + $auth_admin = new auth_admin(); + $acl_options = $auth_admin->acl_cache_options(); } /* diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php index 6ed2118bd8..96a8a6ea8f 100644 --- a/phpBB/db/mysql.php +++ b/phpBB/db/mysql.php @@ -397,6 +397,11 @@ class sql_db function sql_error($sql = '') { + $result = array( + 'message' => @mysql_error(), + 'code' => @mysql_errno() + ); + if ( !$this->return_on_error ) { if ( $this->transaction ) @@ -411,8 +416,6 @@ class sql_db trigger_error($message, E_USER_ERROR); } - $result['message'] = @mysql_error(); - $result['code'] = @mysql_errno(); return $result; } diff --git a/phpBB/includes/acm/cache_file.php b/phpBB/includes/acm/cache_file.php index e4fc4e85a6..14cc160d84 100644 --- a/phpBB/includes/acm/cache_file.php +++ b/phpBB/includes/acm/cache_file.php @@ -67,7 +67,7 @@ class acm } } - function save($varname, $var) + function put($varname, $var) { $this->vars[$varname] = $var; $this->vars_ts[$varname] = time(); @@ -84,7 +84,7 @@ class acm } } - function load($varname, $expire_time = 0) + function get($varname, $expire_time = 0) { return ($this->exists($varname, $expire_time)) ? $this->vars[$varname] : null; } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index aa1af28270..496e327e87 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -50,7 +50,7 @@ function set_config($config_name, $config_value) } $config[$config_name] = $config_value; - $cache->save('config', $config); + $cache->put('config', $config); } @@ -214,9 +214,7 @@ function make_jumpbox($action, $forum_id = false) $sql = 'SELECT forum_id, forum_name, forum_postable, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; - - // Cache the forums list for 60 seconds - $result = $db->sql_query($sql, 60); + $result = $db->sql_query($sql); $right = $cat_right = 0; $padding = $forum_list = $holding = ''; @@ -265,7 +263,7 @@ function make_jumpbox($action, $forum_id = false) } $nav_links['chapter forum'][$row['forum_id']] = array ( - 'url' => ($row['forum_status'] == ITEM_CATEGORY) ? "index.$phpEx$SIDc=" : "viewforum.$phpEx$SID&f=" . $row['forum_id'], + 'url' => "viewforum.$phpEx$SID&f=" . $row['forum_id'], 'title' => $row['forum_name'] ); } @@ -676,7 +674,7 @@ function obtain_word_list(&$orig_word, &$replacement_word) global $db, $cache; if ($cache->exists('word_censors')) { - $words = $cache->load('word_censors'); + $words = $cache->get('word_censors'); $orig_word = $words['orig']; $replacement_word = $words['replacement']; } @@ -693,7 +691,7 @@ function obtain_word_list(&$orig_word, &$replacement_word) } $words = array('orig' => $orig_word, 'replacement' => $replacement_word); - $cache->save('word_censors', $words); + $cache->put('word_censors', $words); } return true; diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c2136d4671..e6b84cc67c 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -807,7 +807,7 @@ class auth_admin extends auth function acl_cache_options($options = false) { - global $db; + global $db, $cache; $options = array(); @@ -833,6 +833,7 @@ class auth_admin extends auth $db->sql_freeresult($result); } +/* // Re-cache options $cache_str = "\$acl_options = array(\n"; foreach ($options as $type => $options_ary) @@ -848,6 +849,9 @@ class auth_admin extends auth config_cache_write('\$acl_options = array\(.*?\);', $cache_str); $this->acl_clear_prefetch(); +*/ + $cache->put('acl_options', $options); + $this->acl_clear_prefetch(); return $options; } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 297c52b95e..0f8e1ef4f4 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -19,13 +19,21 @@ * ***************************************************************************/ -function display_forums($root_data=array(), $display_moderators=TRUE) +function display_forums($root_data = '', $display_moderators = TRUE) { global $db, $template, $auth, $user, $phpEx, $SID, $forum_moderators; - $where_sql = ($root_data['forum_id']) ? ' WHERE left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'] : ''; + if (!$root_data) + { + $root_data = array('forum_id' => 0); + $where_sql = ''; + } + else + { + $where_sql = ' WHERE left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id']; + } - if($user->data['user_id'] != ANONYMOUS) + if ($user->data['user_id'] != ANONYMOUS) { $lastread_select = ", lr.lastread_time"; $lastread_sql = " @@ -34,8 +42,8 @@ function display_forums($root_data=array(), $display_moderators=TRUE) AND (f.forum_id = lr.forum_id OR f.forum_id = -lr.forum_id) AND lr.lastread_time >= f.forum_last_post_time)"; - // Temp fix - $where_sql .= ' GROUP BY f.forum_id'; + // Temp fix for index + //$where_sql .= ' GROUP BY f.forum_id'; } else { @@ -230,4 +238,4 @@ function display_forums($root_data=array(), $display_moderators=TRUE) )); } } -?> +?> \ No newline at end of file diff --git a/phpBB/includes/page_tail.php b/phpBB/includes/page_tail.php index 9c7f03a330..e0591dfa76 100644 --- a/phpBB/includes/page_tail.php +++ b/phpBB/includes/page_tail.php @@ -52,7 +52,10 @@ $template->assign_vars(array( )); -$cache->save_cache(); +if (!empty($cache)) +{ + $cache->save_cache(); +} $template->display('body'); exit; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d642b79bd0..b6390e122b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -42,8 +42,7 @@ class session { $sessiondata = ( isset($_COOKIE[$config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : ''; $this->session_id = ( isset($_COOKIE[$config['cookie_name'] . '_sid']) ) ? $_COOKIE[$config['cookie_name'] . '_sid'] : ''; - $SID = (defined('IN_ADMIN')) ? '?sid=' . $this->session_id : '?sid='; -// $SID = (defined('ADD_SID')) ? '?sid=' . $this->session_id : '?sid='; + $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; } else { @@ -79,7 +78,8 @@ class session } // session_id exists so go ahead and attempt to grab all data in preparation - if (!empty($this->session_id)) + // Added session check + if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id == $_GET['sid'])) { $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u @@ -113,6 +113,14 @@ class session } } + // Session check failed, redirect the user to the index page + // TODO: we could delay it until we grab user's data and display a localised error message + if (defined('NEED_SID')) + { + // NOTE: disabled until we decide how to deal with this + //redirect("index.$phpEx$SID"); + } + // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. $autologin = (isset($sessiondata['autologinid'])) ? $sessiondata['autologinid'] : ''; @@ -309,7 +317,7 @@ class session $db->sql_query($sql); } - $del_user_id .= (($del_user_id != '') ? ', ' : '') . ' \'' . $row['session_user_id'] . '\''; + $del_user_id .= (($del_user_id != '') ? ', ' : '') . " '" . $row['session_user_id'] . "'"; $del_sessions++; } @@ -440,12 +448,11 @@ class user extends session AND c.theme_id = s.style_id AND i.imageset_id = s.imageset_id"; - // Cache this query for 60 seconds - $result = $db->sql_query($sql, 60); + $result = $db->sql_query($sql); if (!($this->theme = $db->sql_fetchrow($result))) { - message_die(ERROR, 'Could not get style data'); + trigger_error('Could not get style data'); } $template->set_template($this->theme['template_path']); @@ -701,6 +708,7 @@ class auth $method = trim($config['auth_method']); + // NOTE: don't we need $phpbb_root_path here? if (file_exists('includes/auth/auth_' . $method . '.' . $phpEx)) { include_once('includes/auth/auth_' . $method . '.' . $phpEx); diff --git a/phpBB/index.php b/phpBB/index.php index c6f0f8de8b..78039a52f2 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -25,16 +25,7 @@ include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); // Get posted/get info -$cat_id = (!empty($_GET['c'])) ? intval($_GET['c']) : 0; - -if (isset($_GET['mark']) || isset($_POST['mark'])) -{ - $mark_read = (isset($_POST['mark'])) ? $_POST['mark'] : $_GET['mark']; -} -else -{ - $mark_read = ''; -} +$mark_read = (isset($_REQUEST['mark'])) ? $_REQUEST['mark'] : ''; // Start session management $user->start(); @@ -55,7 +46,7 @@ if ($mark_read == 'forums') ); $message = $user->lang['Forums_marked_read'] . '

' . sprintf($user->lang['Click_return_index'], '', ' '); - message_die(MESSAGE, $message); + trigger_error($message); } // Set some stats, get posts count from forums data if we... hum... retrieve all forums data @@ -79,7 +70,7 @@ else } include($phpbb_root_path . 'includes/functions_display.' . $phpEx); -display_forums(array('forum_id' => 0)); +display_forums(); if ($total_posts == 0) { diff --git a/phpBB/mcp.php b/phpBB/mcp.php index 7639386bca..39002632ff 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -45,7 +45,7 @@ // * Limit read/post/reply/etc. permissions define('IN_PHPBB', true); -define('ADD_SID', true); +define('NEED_SID', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); diff --git a/phpBB/posting.php b/phpBB/posting.php index 9bc5888781..d4579b3a92 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -37,6 +37,11 @@ import_request_variables('GP', 's_'); define('IN_PHPBB', true); +if (count($_POST)) +{ + define('NEED_SID', true); +} + $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); @@ -633,8 +638,8 @@ $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; $sig_checked = (isset($attach_sig)) ? $attach_sig : (($config['allow_sigs']) ? $user->data['user_atachsig'] : 0); $notify_checked = (isset($notify_set)) ? $notify_set : (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_notify'] : 0); -// Page title & action URL -$s_action = "posting.$phpEx$SID&mode=$s_mode&f=" . intval($forum_id); +// Page title & action URL, include session_id for security purpose +$s_action = "posting.$phpEx?sid=" . $user->session_id . "&mode=$s_mode&f=" . intval($forum_id); switch ($s_mode) { case 'post': diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 9663db6a14..2a208ce320 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -271,7 +271,7 @@ if ($forum_data['forum_postable']) 'POST_IMG' => (intval($forum_data['forum_status']) == ITEM_LOCKED) ? $user->img('post_locked', $post_alt) : $user->img('post_new', $post_alt), 'PAGINATION' => generate_pagination("viewforum.$phpEx$SID&f=$forum_id&topicdays=$topic_days", $topics_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => sprintf($user->lang['Page_of'], (floor( $start / $config['topics_per_page'] ) + 1), ceil( $topics_count / $config['topics_per_page'] )), - 'MOD_CP' => ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '', '') : '', + 'MOD_CP' => ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '', '') : '', 'MODERATORS' => (sizeof($forum_moderators[$forum_id])) ? implode(', ', $forum_moderators[$forum_id]) : $user->lang['None'], 'FOLDER_IMG' => $user->img('folder', 'No_new_posts'), @@ -291,7 +291,7 @@ if ($forum_data['forum_postable']) 'L_POSTED' => $user->lang['Posted'], 'L_JOINED' => $user->lang['Joined'], 'L_AUTHOR' => $user->lang['Author'], - 'L_NO_TOPICS' => ( $forum_data['forum_status'] == FORUM_LOCKED ) ? $user->lang['Forum_locked'] : $user->lang['No_topics_post_one'], + 'L_NO_TOPICS' => ( $forum_data['forum_status'] == ITEM_LOCKED ) ? $user->lang['Forum_locked'] : $user->lang['No_topics_post_one'], 'L_GOTO_PAGE' => $user->lang['Goto_page'], 'S_SELECT_SORT_DIR' => $select_sort_dir, diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 454cceb2a5..9f278a47b0 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -387,7 +387,7 @@ $template->assign_vars(array( 'TOPIC_TITLE' => $topic_title, 'PAGINATION' => $pagination, 'PAGE_NUMBER' => on_page($topic_replies, $config['posts_per_page'], $start), - 'MCP' => ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '', '') : '', + 'MCP' => ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '', '') : '', 'MODERATORS' => (sizeof($forum_moderators[$forum_id])) ? implode(', ', $forum_moderators[$forum_id]) : $user->lang['None'], 'POST_IMG' => $post_img, @@ -401,7 +401,7 @@ $template->assign_vars(array( 'S_TOPIC_ACTION' => "viewtopic.$phpEx$SID&t=" . $topic_id . "&start=$start", 'S_AUTH_LIST' => $s_forum_rules, 'S_TOPIC_MOD' => ( $topic_mod != '' ) ? '' : '', - 'S_MOD_ACTION' => "mcp.$phpEx$SID&t=$topic_id", + 'S_MOD_ACTION' => "mcp.$phpEx?sid=" . $user->session_id . "&t=$topic_id", 'S_WATCH_TOPIC' => $s_watching_topic, 'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=$highlight", @@ -710,7 +710,7 @@ if ($row = $db->sql_fetchrow($result)) if ($auth->acl_gets('m_ip', 'a_', $forum_id)) { - $temp_url = "mcp.$phpEx$SID&mode=ip&p=" . $row['post_id'] . "&t=" . $topic_id; + $temp_url = "mcp.$phpEx?sid=" . $user->session_id . "&mode=ip&p=" . $row['post_id'] . "&t=" . $topic_id; $ip_img = '' . $user->img('icon_ip', $user->lang['VIEW_IP']) . ''; $ip = '' . $user->lang['VIEW_IP'] . ''; }