makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More updates, append sid to admin browsing

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3101 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-11-26 11:42:12 +00:00
parent d996f4e3f9
commit b21463b2ab
7 changed files with 34 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/admin/admin_disallow.php
View file

@ -41,8 +41,12 @@ if( isset($HTTP_POST_VARS['add_name']) )
{ {
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user']; $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
if ($disallowed_user == '')
{
message_die(MESSAGE, $lang['Fields_empty']);
}
if( !validate_username($disallowed_user) ) if( !validate_username($disallowed_user) )
{ {
$message = $lang['Disallowed_already']; $message = $lang['Disallowed_already'];

22
phpBB/admin/pagestart.php
View file

@ -20,13 +20,13 @@
* *
***************************************************************************/ ***************************************************************************/
if ( !defined('IN_PHPBB') ) if (!defined('IN_PHPBB'))
{ {
die("Hacking attempt"); die("Hacking attempt");
} }
define('IN_ADMIN', true); define('IN_ADMIN', true);
// Include files
include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'common.'.$phpEx);
// //
@ -37,18 +37,30 @@ init_userprefs($userdata);
// //
// End session management // End session management
// //
if( !$userdata['session_logged_in'] )
if (!$userdata['session_logged_in'])
{ {
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/")); header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/"));
exit; exit;
} }
else if( $userdata['user_level'] != ADMIN ) else if ($userdata['user_level'] != ADMIN)
{ {
message_die(GENERAL_MESSAGE, $lang['Not_admin']); message_die(GENERAL_MESSAGE, $lang['Not_admin']);
} }
if ( empty($no_page_header) ) if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . $url);
exit;
}
if (empty($no_page_header))
{ {
// Not including the pageheader can be neccesarry if META tags are // Not including the pageheader can be neccesarry if META tags are
// needed in the calling script. // needed in the calling script.

2
phpBB/db/oracle.php
View file

@ -296,7 +296,7 @@ class sql_db
{ {
$rows = @OCIFetchStatement($query_id, $results); $rows = @OCIFetchStatement($query_id, $results);
@OCIExecute($query_id, OCI_DEFAULT); @OCIExecute($query_id, OCI_DEFAULT);
for($i = 0; $i <= $rows; $i++) for($i = 0; $i < $rows; $i++)
{ {
@OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS);

4
phpBB/docs/CHANGELOG.html
View file

@ -91,7 +91,9 @@ h3 {font-size:12pt;color:blue}
<li>Changed field size of timezone to decimal(5,2) where applicable</li> <li>Changed field size of timezone to decimal(5,2) where applicable</li>
<li>Fixed missing sid append to URL when redirecting to newest reply</li> <li>Fixed missing sid append to URL when redirecting to newest reply</li>
<li>Fixed missing slashes in private IP preg check</li> <li>Fixed missing slashes in private IP preg check</li>
<li></li> <li>Fixed session not setting userdata['user_id'] to ANON as appropriate</li>
<li>Added check for non-empty name in disallow admin</li>
<li>Fixed validation of SSL website addresses in profile</li>
<li></li> <li></li>
<li></li> <li></li>
</ul> </ul>

4
phpBB/includes/functions_validate.php
View file

@ -164,12 +164,12 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
// contains at least one dot. // contains at least one dot.
if ( $website != "" ) if ( $website != "" )
{ {
if ( !preg_match('#^http:\/\/#i', $website) ) if ( !preg_match('#^http[s]?:\/\/#i', $website) )
{ {
$website = 'http://' . $website; $website = 'http://' . $website;
} }
if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) )
{ {
$website = ''; $website = '';
} }

2
phpBB/includes/page_tail.php
View file

@ -28,7 +28,7 @@ if ( !defined('IN_PHPBB') )
// //
// Show the overall footer. // Show the overall footer.
// //
$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="' . append_sid("admin/index.$phpEx") . '">' . $lang['Admin_panel'] . '</a><br /><br />' : ''; $admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="admin/index.' . $phpEx . '?sid=' . $userdata['session_id'] . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
$template->set_filenames(array( $template->set_filenames(array(
'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl')

10
phpBB/includes/sessions.php
View file

@ -84,7 +84,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
// No match; don't login, set as anonymous user // No match; don't login, set as anonymous user
$login = 0; $login = 0;
$enable_autologin = 0; $enable_autologin = 0;
$user_id = ANONYMOUS; $user_id = $userdata['user_id'] = ANONYMOUS;
} }
} }
else else
@ -92,7 +92,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
// Autologin is not set. Don't login, set as anonymous user // Autologin is not set. Don't login, set as anonymous user
$login = 0; $login = 0;
$enable_autologin = 0; $enable_autologin = 0;
$user_id = ANONYMOUS; $user_id = $userdata['user_id'] = ANONYMOUS;
} }
} }
else else
@ -182,7 +182,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
return $userdata; return $userdata;
} }
@ -250,9 +250,9 @@ function session_pagestart($user_ip, $thispage_id)
$ip_check_s = substr($userdata['session_ip'], 0, 6); $ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6); $ip_check_u = substr($user_ip, 0, 6);
if ( $ip_check_s == $ip_check_u ) if ($ip_check_s == $ip_check_u)
{ {
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';
// //
// Only update session DB a minute or so after last update // Only update session DB a minute or so after last update