From 5dcc0a85f845a214712d015199b11ebddff14437 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 4 Aug 2004 19:10:15 +0000 Subject: [PATCH] - fixing some issues with the confirm screen - merging our (the devs) approaches (more fail-safe now) - fixing some small issues... git-svn-id: file:///svn/phpbb/trunk@4957 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 31 +++++++++++---------- phpBB/includes/functions_admin.php | 37 ++++---------------------- phpBB/includes/session.php | 9 ++++++- phpBB/install/schemas/mysql_schema.sql | 1 + 4 files changed, 29 insertions(+), 49 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 30a1f20aca..78068b8021 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -371,6 +371,10 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list $display_jumpbox = false; $iteration = 0; + // Sometimes it could happen that forums will be displayed here not be displayed within the index page + // This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions. + // If this happens, the padding could be "broken" + while ($row = $db->sql_fetchrow($result)) { if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id'])) @@ -1085,12 +1089,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo { $user_id = request_var('user_id', 0); $session_id = request_var('sess', ''); + $confirm_key = request_var('confirm_key', ''); - // The session page is already updated, but the user array holds the data before the update took place, therefore it is working here... - if ($user_id != $user->data['user_id'] || - $session_id != $user->session_id || - substr(basename(str_replace('&', '&', $user->data['session_page'])), 0, 199) != substr(basename(str_replace('&', '&', $user->cur_page)), 0, 199) || - !preg_match('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', str_replace('&', '&', $user->cur_page))) + if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || $confirm_key != $user->data['user_last_confirm_key']) { return false; } @@ -1105,7 +1106,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo $s_hidden_fields = ''; // generate activation key - $act_key = gen_rand_string(10); + $confirm_key = gen_rand_string(10); page_header($user->lang[$title]); @@ -1114,26 +1115,24 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo ); // If activation key already exist, we better do not re-use the key (something very strange is going on...) - if (request_var('act_key', '')) + if (request_var('confirm_key', '')) { - $user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&', '&', $user->cur_page)); +// $user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&', '&', $user->cur_page)); + // Need to adjust... + trigger_error('Hacking attempt'); } - $user_page = $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'act_key=' . $act_key; - $user_page = str_replace('&', '&', $user_page); $template->assign_vars(array( 'MESSAGE_TITLE' => $user->lang[$title], 'MESSAGE_TEXT' => $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], - 'S_CONFIRM_ACTION' => $user_page, + 'S_CONFIRM_ACTION' => $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'confirm_key=' . $confirm_key, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields) ); - // Here we update the lastpage of the user, only here - $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_page = '" . $db->sql_escape($user_page) . "' - WHERE session_id = '" . $db->sql_escape($user->session_id) . "'"; + $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "' + WHERE user_id = " . $user->data['user_id']; $db->sql_query($sql); page_footer(); @@ -1368,7 +1367,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) case E_WARNING: if (defined('DEBUG_EXTRA')) { - if (!strstr($errfile, '/cache/')) + if (!strstr($errfile, '/cache/') && !strstr($errfile, 'mysql.php') && !strstr($errfile, 'template.php')) { echo "PHP Notice: in file $errfile on line $errline: $msg_text
"; } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 0507d68c40..097a7769fc 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -1481,30 +1481,7 @@ function remove_comments(&$output) // remove_remarks will strip the sql comment lines out of an uploaded sql file function remove_remarks($sql) { - // NOTE: isn't this function actually doing -// return preg_replace('/(\n){2,}/', "\n", preg_replace('/^#.*/m', "\n", $sql)); - // ? - - $lines = explode("\n", $sql); - - // try to keep mem. use down - $sql = ''; - - $linecount = count($lines); - $output = ''; - - for ($i = 0; $i < $linecount; $i++) - { - if ($i != $linecount - 1 || strlen($lines[$i]) > 0) - { - $output .= ($lines[$i]{0} != '#') ? $lines[$i] . "\n" : "\n"; - // Trading a bit of speed for lower mem. use here. - $lines[$i] = ''; - } - } - - return $output; - + return preg_replace('/(\n){2,}/', "\n", preg_replace('/^#.*/m', "\n", $sql)); } // split_sql_file will split an uploaded sql file into single sql statements. @@ -2044,6 +2021,7 @@ if (class_exists('auth')) $this->acl_clear_prefetch(); } + // NOTE: this function is not in use atm // Add a new option to the list ... $options is a hash of form -> // $options = array( // 'local' => array('option1', 'option2', ...), @@ -2051,9 +2029,9 @@ if (class_exists('auth')) //); function acl_add_option($options) { - global $db; + global $db, $cache; - if (!is_array($new_options)) + if (!is_array($options)) { trigger_error('Incorrect parameter for acl_add_option', E_USER_ERROR); } @@ -2079,15 +2057,10 @@ if (class_exists('auth')) } $db->sql_freeresult($result); - if (!is_array($options)) - { - trigger_error('Incorrect parameter for acl_add_option', E_USER_ERROR); - } - // Here we need to insert new options ... this requires discovering whether // an options is global, local or both and whether we need to add an option // type flag (x_) - $new_options = array(); + $new_options = array('local' => array(), 'global' => array()); foreach ($options as $type => $option_ary) { $option_ary = array_unique($option_ary); diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8b511c6e17..2fbfa153c3 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -34,6 +34,12 @@ class session $split_page = array(); preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER); + // Take care of SID + if (!isset($split_page[0][1])) + { + $split_page[0][1] = substr(strrchr($this->page, '/'), 1); + } + // Page for session_page value $this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : ''); $this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : ''; @@ -784,7 +790,8 @@ class user extends session function img($img, $alt = '', $width = false, $suffix = '') { - static $imgs, $phpbb_root_path; + static $imgs; + global $phpbb_root_path; if (empty($imgs[$img . $suffix]) || $width) { diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index e86edf8b6b..9e4b96d1c4 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -854,6 +854,7 @@ CREATE TABLE phpbb_users ( user_lastvisit int(11) DEFAULT '0' NOT NULL, user_lastpost_time int(11) DEFAULT '0' NOT NULL, user_lastpage varchar(100) DEFAULT '' NOT NULL, + user_last_confirm_key varchar(10) DEFAULT '' NOT NULL, user_warnings tinyint(4) DEFAULT '0' NOT NULL, user_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, user_lang varchar(30) DEFAULT '' NOT NULL,