makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Random bugfixes, (hopefully) improved admin panel security.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2954 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Ludovic Arnaud 2002-10-17 02:50:50 +00:00
parent fafd167dde
commit 80864fa7ee
6 changed files with 40 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
phpBB/admin/pagestart.php
View file

@ -37,6 +37,17 @@ $user = new user($userdata);
// End session management // End session management
// //
//
// If session_ids do not match, rewrite the URL correctly then redirect the user
//
if ($_REQUEST['sid'] != $userdata['session_id'])
{
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
redirect($url);
}
// ----------------------------- // -----------------------------
// Functions // Functions
function page_header($sub_title, $meta = '', $table_html = true) function page_header($sub_title, $meta = '', $table_html = true)
@ -106,6 +117,8 @@ function page_footer($copyright_html = true)
{ {
global $board_config, $db, $lang, $phpEx; global $board_config, $db, $lang, $phpEx;
// Close our DB connection.
$db->sql_close();
?> ?>
</td> </td>
@ -128,9 +141,6 @@ function page_footer($copyright_html = true)
} }
// Close our DB connection.
$db->sql_close();
exit; exit;
} }

5
phpBB/common.php
View file

@ -24,7 +24,8 @@ if ( !defined('IN_PHPBB') )
die('Hacking attempt'); die('Hacking attempt');
} }
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables error_reporting(E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
//error_reporting(E_ALL);
set_magic_quotes_runtime(0); set_magic_quotes_runtime(0);
require($phpbb_root_path . 'config.'.$phpEx); require($phpbb_root_path . 'config.'.$phpEx);
@ -149,7 +150,7 @@ $template = new Template();
$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false); $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
// Obtain users IP // Obtain users IP
if ( $_SERVER['HTTP_X_FORWARDED_FOR'] != '' || $_ENV['HTTP_X_FORWARDED_FOR'] != '' ) if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_ENV['HTTP_X_FORWARDED_FOR']))
{ {
$user_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR ); $user_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
$x_ip = ( !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_ENV['HTTP_X_FORWARDED_FOR']; $x_ip = ( !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_ENV['HTTP_X_FORWARDED_FOR'];

19
phpBB/db/mysql.php
View file

@ -196,19 +196,12 @@ class sql_db
$query .= ' LIMIT ' . ( ( !empty($offset) ) ? $offset . ', ' . $total : $total ); $query .= ' LIMIT ' . ( ( !empty($offset) ) ? $offset . ', ' . $total : $total );
} }
if ( !($this->query_result = @mysql_query($query, $this->db_connect_id)) ) return $this->sql_query($query);
{
$this->sql_error($query);
}
$this->open_queries[] = $this->query_result;
} }
else else
{ {
return false; return false;
} }
return ( $this->query_result) ? $this->query_result : ( ( $transaction == END_TRANSACTION ) ? true : false );
} }
// Idea for this from Ikonboard // Idea for this from Ikonboard
@ -296,7 +289,7 @@ class sql_db
$query_id = $this->query_result; $query_id = $this->query_result;
} }
return ( $query_id ) ? @mysql_fetch_array($query_id) : false; return ( $query_id ) ? @mysql_fetch_assoc($query_id) : false;
} }
function sql_fetchrowset($query_id = 0) function sql_fetchrowset($query_id = 0)
@ -309,7 +302,7 @@ class sql_db
{ {
unset($this->rowset[$query_id]); unset($this->rowset[$query_id]);
unset($this->row[$query_id]); unset($this->row[$query_id]);
while($this->rowset[$query_id] = @mysql_fetch_array($query_id)) while($this->rowset[$query_id] = @mysql_fetch_assoc($query_id))
{ {
$result[] = $this->rowset[$query_id]; $result[] = $this->rowset[$query_id];
} }
@ -389,7 +382,7 @@ class sql_db
function sql_error($sql = '') function sql_error($sql = '')
{ {
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; global $_SERVER, $_ENV;
if ( !$this->return_on_error ) if ( !$this->return_on_error )
{ {
@ -398,8 +391,8 @@ class sql_db
$this->sql_transaction(ROLLBACK); $this->sql_transaction(ROLLBACK);
} }
$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; $this_page = ( !empty($_SERVER['PHP_SELF']) ) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
$this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); $this_page .= '&' . ( ( !empty($_SERVER['QUERY_STRING']) ) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING'] );
$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>PAGE</u><br /><br />' . $this_page . ( ( $sql != '' ) ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '' ) . '<br />'; $message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>PAGE</u><br /><br />' . $this_page . ( ( $sql != '' ) ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '' ) . '<br />';
message_die(ERROR, $message); message_die(ERROR, $message);

4
phpBB/includes/page_header.php
View file

@ -264,8 +264,8 @@ else
// //
// Generate HTML required for Mozilla Navigation bar // Generate HTML required for Mozilla Navigation bar
// //
/*
$nav_links_html = ''; $nav_links_html = '';
/*
$nav_link_proto = '<link rel="%s" href="%s" title="%s" />' . "\n"; $nav_link_proto = '<link rel="%s" href="%s" title="%s" />' . "\n";
foreach ( $nav_links as $nav_item => $nav_array ) foreach ( $nav_links as $nav_item => $nav_array )
{ {
@ -295,7 +295,7 @@ $template->assign_vars(array(
'CURRENT_TIME' => sprintf($lang['Current_time'], $user->format_date(time())), 'CURRENT_TIME' => sprintf($lang['Current_time'], $user->format_date(time())),
'TOTAL_USERS_ONLINE' => $l_online_users, 'TOTAL_USERS_ONLINE' => $l_online_users,
'LOGGED_IN_USER_LIST' => $online_userlist, 'LOGGED_IN_USER_LIST' => $online_userlist,
'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], $user->format_date($$board_config['record_online_date'])), 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], $user->format_date($board_config['record_online_date'])),
'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text,
'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread,
'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new,

2
phpBB/includes/page_tail.php
View file

@ -51,7 +51,7 @@ if (defined('DEBUG'))
$template->assign_vars(array( $template->assign_vars(array(
'PHPBB_VERSION' => $board_config['version'], 'PHPBB_VERSION' => $board_config['version'],
'ADMIN_LINK' => ( $auth->acl_get('a_') ) ? '<a href="' . "admin/index.$phpEx$SID" . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '', 'ADMIN_LINK' => ( $auth->acl_get('a_') ) ? '<a href="' . "admin/index.$phpEx?sid=" . $userdata['session_id'] . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '',
'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '' 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : ''
)); ));

7
phpBB/includes/session.php
View file

@ -40,7 +40,7 @@ class session {
{ {
$sessiondata = ( isset($_COOKIE[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$board_config['cookie_name'] . '_data'])) : ''; $sessiondata = ( isset($_COOKIE[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$board_config['cookie_name'] . '_data'])) : '';
$this->session_id = ( isset($_COOKIE[$board_config['cookie_name'] . '_sid']) ) ? $_COOKIE[$board_config['cookie_name'] . '_sid'] : ''; $this->session_id = ( isset($_COOKIE[$board_config['cookie_name'] . '_sid']) ) ? $_COOKIE[$board_config['cookie_name'] . '_sid'] : '';
$SID = '?sid='; $SID = (defined('IN_ADMIN')) ? '?sid=' . $this->session_id : '?sid=';
} }
else else
{ {
@ -114,6 +114,8 @@ class session {
$sessiondata = array(); $sessiondata = array();
$current_time = time(); $current_time = time();
if ( intval($board_config['active_sessions']) )
{
// Limit sessions in 1 minute period // Limit sessions in 1 minute period
$sql = "SELECT COUNT(*) AS sessions $sql = "SELECT COUNT(*) AS sessions
FROM " . SESSIONS_TABLE . " FROM " . SESSIONS_TABLE . "
@ -123,10 +125,11 @@ class session {
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$db->sql_freeresult($result); $db->sql_freeresult($result);
if ( intval($board_config['active_sessions']) && intval($row['sessions']) > intval($board_config['active_sessions']) ) if ( intval($row['sessions']) > intval($board_config['active_sessions']) )
{ {
message_die(MESSAGE, 'Board_unavailable'); message_die(MESSAGE, 'Board_unavailable');
} }
}
// Garbage collection ... remove old sessions updating user information // Garbage collection ... remove old sessions updating user information
// if necessary. It means (potentially) 22 queries but only infrequently // if necessary. It means (potentially) 22 queries but only infrequently