makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- fixing some issues with the confirm screen - merging our (the devs) approaches (more fail-safe now)

Browse source 
- fixing some small issues...


git-svn-id: file:///svn/phpbb/trunk@4957 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2004-08-04 19:10:15 +00:00
parent 427cc1bf36
commit 5dcc0a85f8
4 changed files with 29 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
phpBB/includes/functions.php
View file

@ -371,6 +371,10 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
$display_jumpbox = false; $display_jumpbox = false;
$iteration = 0; $iteration = 0;
// Sometimes it could happen that forums will be displayed here not be displayed within the index page
// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
// If this happens, the padding could be "broken"
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id'])) if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
@ -1085,12 +1089,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
{ {
$user_id = request_var('user_id', 0); $user_id = request_var('user_id', 0);
$session_id = request_var('sess', ''); $session_id = request_var('sess', '');
$confirm_key = request_var('confirm_key', '');
// The session page is already updated, but the user array holds the data before the update took place, therefore it is working here... if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || $confirm_key != $user->data['user_last_confirm_key'])
if ($user_id != $user->data['user_id'] ||
$session_id != $user->session_id ||
substr(basename(str_replace('&', '&', $user->data['session_page'])), 0, 199) != substr(basename(str_replace('&', '&', $user->cur_page)), 0, 199) ||
!preg_match('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', str_replace('&', '&', $user->cur_page)))
{ {
return false; return false;
} }
@ -1105,7 +1106,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
$s_hidden_fields = '<input type="hidden" name="user_id" value="' . $user->data['user_id'] . '" /><input type="hidden" name="sess" value="' . $user->session_id . '" /><input type="hidden" name="sid" value="' . $SID . '" />'; $s_hidden_fields = '<input type="hidden" name="user_id" value="' . $user->data['user_id'] . '" /><input type="hidden" name="sess" value="' . $user->session_id . '" /><input type="hidden" name="sid" value="' . $SID . '" />';
// generate activation key // generate activation key
$act_key = gen_rand_string(10); $confirm_key = gen_rand_string(10);
page_header($user->lang[$title]); page_header($user->lang[$title]);
@ -1114,26 +1115,24 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
); );
// If activation key already exist, we better do not re-use the key (something very strange is going on...) // If activation key already exist, we better do not re-use the key (something very strange is going on...)
if (request_var('act_key', '')) if (request_var('confirm_key', ''))
{ {
$user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&amp;', '&', $user->cur_page)); // $user->cur_page = preg_replace('#^(.*?)[&|\?]act_key=[A-Z0-9]{10}(.*?)#', '\1\2', str_replace('&amp;', '&', $user->cur_page));
// Need to adjust...
trigger_error('Hacking attempt');
} }
$user_page = $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'act_key=' . $act_key;
$user_page = str_replace('&amp;', '&', $user_page);
$template->assign_vars(array( $template->assign_vars(array(
'MESSAGE_TITLE' => $user->lang[$title], 'MESSAGE_TITLE' => $user->lang[$title],
'MESSAGE_TEXT' => $user->lang[$title . '_CONFIRM'], 'MESSAGE_TEXT' => $user->lang[$title . '_CONFIRM'],
'YES_VALUE' => $user->lang['YES'], 'YES_VALUE' => $user->lang['YES'],
'S_CONFIRM_ACTION' => $user_page, 'S_CONFIRM_ACTION' => $user->cur_page . ((strpos($user->cur_page, '?') !== false) ? '&' : '?') . 'confirm_key=' . $confirm_key,
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields) 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields)
); );
// Here we update the lastpage of the user, only here $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'
$sql = 'UPDATE ' . SESSIONS_TABLE . " WHERE user_id = " . $user->data['user_id'];
SET session_page = '" . $db->sql_escape($user_page) . "'
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'";
$db->sql_query($sql); $db->sql_query($sql);
page_footer(); page_footer();
@ -1368,7 +1367,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
case E_WARNING: case E_WARNING:
if (defined('DEBUG_EXTRA')) if (defined('DEBUG_EXTRA'))
{ {
if (!strstr($errfile, '/cache/')) if (!strstr($errfile, '/cache/') && !strstr($errfile, 'mysql.php') && !strstr($errfile, 'template.php'))
{ {
echo "<b>PHP Notice</b>: in file <b>$errfile</b> on line <b>$errline</b>: <b>$msg_text</b><br>"; echo "<b>PHP Notice</b>: in file <b>$errfile</b> on line <b>$errline</b>: <b>$msg_text</b><br>";
} }

37
phpBB/includes/functions_admin.php
View file

@ -1481,30 +1481,7 @@ function remove_comments(&$output)
// remove_remarks will strip the sql comment lines out of an uploaded sql file // remove_remarks will strip the sql comment lines out of an uploaded sql file
function remove_remarks($sql) function remove_remarks($sql)
{ {
// NOTE: isn't this function actually doing return preg_replace('/(\n){2,}/', "\n", preg_replace('/^#.*/m', "\n", $sql));
// return preg_replace('/(\n){2,}/', "\n", preg_replace('/^#.*/m', "\n", $sql));
// ?
$lines = explode("\n", $sql);
// try to keep mem. use down
$sql = '';
$linecount = count($lines);
$output = '';
for ($i = 0; $i < $linecount; $i++)
{
if ($i != $linecount - 1 || strlen($lines[$i]) > 0)
{
$output .= ($lines[$i]{0} != '#') ? $lines[$i] . "\n" : "\n";
// Trading a bit of speed for lower mem. use here.
$lines[$i] = '';
}
}
return $output;
} }
// split_sql_file will split an uploaded sql file into single sql statements. // split_sql_file will split an uploaded sql file into single sql statements.
@ -2044,6 +2021,7 @@ if (class_exists('auth'))
$this->acl_clear_prefetch(); $this->acl_clear_prefetch();
} }
// NOTE: this function is not in use atm
// Add a new option to the list ... $options is a hash of form -> // Add a new option to the list ... $options is a hash of form ->
// $options = array( // $options = array(
// 'local' => array('option1', 'option2', ...), // 'local' => array('option1', 'option2', ...),
@ -2051,9 +2029,9 @@ if (class_exists('auth'))
//); //);
function acl_add_option($options) function acl_add_option($options)
{ {
global $db; global $db, $cache;
if (!is_array($new_options)) if (!is_array($options))
{ {
trigger_error('Incorrect parameter for acl_add_option', E_USER_ERROR); trigger_error('Incorrect parameter for acl_add_option', E_USER_ERROR);
} }
@ -2079,15 +2057,10 @@ if (class_exists('auth'))
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
if (!is_array($options))
{
trigger_error('Incorrect parameter for acl_add_option', E_USER_ERROR);
}
// Here we need to insert new options ... this requires discovering whether // Here we need to insert new options ... this requires discovering whether
// an options is global, local or both and whether we need to add an option // an options is global, local or both and whether we need to add an option
// type flag (x_) // type flag (x_)
$new_options = array(); $new_options = array('local' => array(), 'global' => array());
foreach ($options as $type => $option_ary) foreach ($options as $type => $option_ary)
{ {
$option_ary = array_unique($option_ary); $option_ary = array_unique($option_ary);

9
phpBB/includes/session.php
View file

@ -34,6 +34,12 @@ class session
$split_page = array(); $split_page = array();
preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER); preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER);
// Take care of SID
if (!isset($split_page[0][1]))
{
$split_page[0][1] = substr(strrchr($this->page, '/'), 1);
}
// Page for session_page value // Page for session_page value
$this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : ''); $this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : '');
$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : ''; $this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
@ -784,7 +790,8 @@ class user extends session
function img($img, $alt = '', $width = false, $suffix = '') function img($img, $alt = '', $width = false, $suffix = '')
{ {
static $imgs, $phpbb_root_path; static $imgs;
global $phpbb_root_path;
if (empty($imgs[$img . $suffix]) || $width) if (empty($imgs[$img . $suffix]) || $width)
{ {

1
phpBB/install/schemas/mysql_schema.sql
View file

@ -854,6 +854,7 @@ CREATE TABLE phpbb_users (
user_lastvisit int(11) DEFAULT '0' NOT NULL, user_lastvisit int(11) DEFAULT '0' NOT NULL,
user_lastpost_time int(11) DEFAULT '0' NOT NULL, user_lastpost_time int(11) DEFAULT '0' NOT NULL,
user_lastpage varchar(100) DEFAULT '' NOT NULL, user_lastpage varchar(100) DEFAULT '' NOT NULL,
user_last_confirm_key varchar(10) DEFAULT '' NOT NULL,
user_warnings tinyint(4) DEFAULT '0' NOT NULL, user_warnings tinyint(4) DEFAULT '0' NOT NULL,
user_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, user_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
user_lang varchar(30) DEFAULT '' NOT NULL, user_lang varchar(30) DEFAULT '' NOT NULL,