Menu
▾
▴
[mxbb-commits] core common.php, 1.67, 1.68 index.php, 1.70, 1.71 login.php, 1.23, 1.24
|
From: Jon O. <jon...@us...> - 2007-09-09 16:48:22
|
Update of /cvsroot/mxbb/core In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv8466 Modified Files: common.php index.php login.php Log Message: Ok, massive update for 2.9.x. Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/login.php,v retrieving revision 1.23 retrieving revision 1.24 diff -C2 -d -r1.23 -r1.24 *** login.php 5 May 2007 20:12:57 -0000 1.23 --- login.php 9 Sep 2007 16:48:16 -0000 1.24 *************** *** 22,25 **** --- 22,30 ---- // + // Page selector + // + $page_id = $mx_request_vars->request('page', MX_TYPE_INT, 1); + + // // Start session, user and style (template + theme) management // - populate $userdata, $lang, $theme, $images and initiate $template. *************** *** 27,30 **** --- 32,40 ---- $mx_user->init($user_ip, PAGE_LOGIN); + // + // Load and instatiate CORE (page) and block classes + // + $mx_page->init( $page_id ); + // session id check if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) *************** *** 39,176 **** if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { - if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) ) - { - $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; - $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; - - $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try - FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\\'", "''", $username) . "'"; - if ( !($result = $db->sql_query($sql) ) ) - { - mx_message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); - } - - if( $row = $db->sql_fetchrow($result) ) - { - if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) - { - mx_redirect(append_sid("index.$phpEx", true)); - } - else - { - - // If the last login is more than x minutes ago, then reset the login tries/time - if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) - { - $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); - $row['user_last_login_try'] = $row['user_login_tries'] = 0; - } - - // Check to see if user is allowed to login again... if his tries are exceeded - if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && - $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) - { - mx_message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); - } - - if( md5($password) == $row['user_password'] && $row['user_active'] ) - { - $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; - - $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; - $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); - - // Reset login tries - $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); - - if( $session_id ) - { - $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; - mx_redirect(append_sid($url, true)); - } - else - { - mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); - } - } - // Only store a failed login attempt for an active user - inactive users can't login even with a correct password - elseif( $row['user_active'] ) - { - - // Save login tries and last login - if ($row['user_id'] != ANONYMOUS) - { - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' - WHERE user_id = ' . $row['user_id']; - $db->sql_query($sql); - } ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) ! { ! mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); ! } ! ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! ! mx_message_die(GENERAL_MESSAGE, $message); ! } ! } ! } ! else ! { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; ! $redirect = str_replace("?", "&", $redirect); ! ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) ! { ! mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); ! } ! ! $template->assign_vars(array( ! 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ! ); ! $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! mx_message_die(GENERAL_MESSAGE, $message); ! } ! } ! else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) ! { ! // session id check ! if ($sid == '' || $sid != $userdata['session_id']) ! { ! mx_message_die(GENERAL_ERROR, 'Invalid_session'); ! } ! if( $userdata['session_logged_in'] ) ! { ! session_end($userdata['session_id'], $userdata['user_id']); ! } ! if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) ! { ! $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); ! $url = str_replace('&', '&', $url); ! mx_redirect(append_sid($url, true)); ! } ! else ! { ! mx_redirect(append_sid("index.$phpEx", true)); ! } ! } ! else ! { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; ! mx_redirect(append_sid($url, true)); } } --- 49,66 ---- if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! switch (PORTAL_BACKEND) ! { ! case 'internal': ! case 'phpbb2': ! include($mx_root_path . 'includes/sessions/'.PORTAL_BACKEND.'/login.'.$phpEx); ! break; ! case 'phpbb3': ! include($mx_root_path . 'includes/sessions/'.PORTAL_BACKEND.'/login.'.$phpEx); ! break; } } *************** *** 228,232 **** $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : ''; ! make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx); $layouttemplate->assign_vars(array( --- 118,122 ---- $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : ''; ! //mx_make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx); $layouttemplate->assign_vars(array( *************** *** 236,240 **** 'L_SEND_PASSWORD' => $lang['Forgotten_password'], ! 'U_SEND_PASSWORD' => append_sid($phpbb_root_path . "profile.$phpEx?mode=sendpassword"), 'S_HIDDEN_FIELDS' => $s_hidden_fields) --- 126,130 ---- 'L_SEND_PASSWORD' => $lang['Forgotten_password'], ! 'U_SEND_PASSWORD' => mx_append_sid($phpbb_root_path . "profile.$phpEx", "mode=sendpassword"), 'S_HIDDEN_FIELDS' => $s_hidden_fields) *************** *** 253,260 **** else { ! mx_redirect(append_sid("index.$phpEx", true)); } - } - ?> \ No newline at end of file --- 143,148 ---- else { ! mx_redirect(mx_append_sid("index.$phpEx", false)); } } ?> \ No newline at end of file Index: common.php =================================================================== RCS file: /cvsroot/mxbb/core/common.php,v retrieving revision 1.67 retrieving revision 1.68 diff -C2 -d -r1.67 -r1.68 *** common.php 5 Aug 2007 22:07:26 -0000 1.67 --- common.php 9 Sep 2007 16:48:16 -0000 1.68 *************** *** 16,19 **** --- 16,20 ---- define('IN_PHPBB', 1); + define('PHPBB_INSTALLED', true); $mx_starttime = explode(' ', microtime()); *************** *** 197,224 **** } - str_replace("//", "/", $phpbb_root_path); - // ! // mxBB Includes // include_once($mx_root_path . 'includes/mx_constants.' . $phpEx); // Also includes phpBB constants - include_once($mx_root_path . 'includes/mx_functions_style.' . $phpEx); // Extends the phpBB template class - - // - // phpBB Includes - // - include_once($phpbb_root_path . 'includes/functions.' . $phpEx); - - // - // More mxBB Includes - // include_once($mx_root_path . 'includes/db/' . $dbms . '.' . $phpEx); // Load dbal and initiate class - include_once($mx_root_path . 'includes/mx_functions.' . $phpEx); // CORE Functions - include_once($mx_root_path . 'includes/mx_functions_phpbb.' . $phpEx); // phpBB associated functions include_once($mx_root_path . 'includes/mx_functions_core.' . $phpEx); // CORE class - // We do not need this any longer, unset for safety purposes - unset($dbpasswd); - // // Instatiate the mx_cache class --- 198,208 ---- } // ! // mxBB CORE Includes // include_once($mx_root_path . 'includes/mx_constants.' . $phpEx); // Also includes phpBB constants include_once($mx_root_path . 'includes/db/' . $dbms . '.' . $phpEx); // Load dbal and initiate class include_once($mx_root_path . 'includes/mx_functions_core.' . $phpEx); // CORE class // // Instatiate the mx_cache class *************** *** 232,240 **** // ! // Define some general Defs // ! define('PHPBB_URL', $portal_config['portal_phpbb_url']); ! define('PORTAL_URL', $portal_config['portal_url']); ! define('PORTAL_VERSION', $portal_config['portal_version']); // --- 216,272 ---- // ! // Define Users/Group/Sessions backend, and validate // ! $table_prefix = ''; ! switch ($portal_config['portal_backend']) ! { ! case 'internal': ! $phpbb_root_path = $mx_root_path . 'includes/shared/phpbb2/'; ! str_replace("//", "/", $phpbb_root_path); ! $portal_backend_valid_file = true; ! $table_prefix = 'phpBB_'; ! $tplEx = 'tpl'; ! break; ! case 'phpbb2': ! $phpbb_root_path = $mx_root_path . $portal_config['portal_backend_path']; ! str_replace("//", "/", $phpbb_root_path); ! $portal_backend_valid_file = @file_exists($phpbb_root_path . "modcp.$phpEx"); ! @include_once($phpbb_root_path . 'config.' . $phpEx); ! $tplEx = 'tpl'; ! break; ! case 'phpbb3': ! $phpbb_root_path = $mx_root_path . $portal_config['portal_backend_path']; ! str_replace("//", "/", $phpbb_root_path); ! $portal_backend_valid_file = @file_exists($phpbb_root_path . "mcp.$phpEx"); ! @include_once($phpbb_root_path . 'config.' . $phpEx); ! $tplEx = 'html'; ! break; ! } ! ! if (!$portal_backend_valid_file || empty($table_prefix)) ! { ! // ! // If phpBB setup is bad, revert to standalone. Thus we can access the adminCP ;) ! // ! define('PORTAL_BACKEND', 'internal'); ! $phpbb_root_path = $mx_root_path . 'includes/shared/phpbb2/'; ! str_replace("//", "/", $phpbb_root_path); ! $tplEx = 'tpl'; ! } ! else ! { ! define('PORTAL_BACKEND', $portal_config['portal_backend']); ! } ! ! // ! // mxBB Includes - doing the rest ! // ! @include_once($mx_root_path . 'includes/sessions/'.PORTAL_BACKEND.'/constants.' . $phpEx); ! include_once($mx_root_path . 'includes/mx_functions_style.' . $phpEx); // Styling and sessions ! include_once($mx_root_path . 'includes/mx_functions.' . $phpEx); // CORE Functions ! include_once($mx_root_path . 'includes/mx_functions_phpbb.' . $phpEx); // phpBB associated functions ! ! // We do not need this any longer, unset for safety purposes ! unset($dbpasswd); // *************** *** 282,286 **** // $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); ! $user_ip = encode_ip($client_ip); // --- 314,331 ---- // $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); ! $user_ip = phpBB2::encode_ip($client_ip); ! ! // ! // Define some general Defs ! // ! $script_name = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($portal_config['script_path'])); ! $server_name = trim($portal_config['server_name']); ! $server_protocol = ( $portal_config['cookie_secure'] ) ? 'https://' : 'http://'; ! $server_port = ( $portal_config['server_port'] <> 80 ) ? ':' . trim($portal_config['server_port']) . '/' : '/'; ! ! $server_url = $server_protocol . $server_name . $server_port . $script_name; ! ! define('PORTAL_URL', $server_url); ! define('PORTAL_VERSION', $portal_config['portal_version']); // *************** *** 289,305 **** // basic forum information is not available // ! if( @file_exists($phpbb_root_path . 'includes/class_config.' . $phpEx) && @file_exists($phpbb_root_path . 'includes/class_groups.' . $phpEx) ) ! { ! include($mx_root_path . 'includes/mx_functions_ch.'.$phpEx); ! } ! else { ! // ! // Grab phpBB global variables, re-cache if necessary ! // - optional parameter to enable/disable cache for config data. If enabled, remember to refresh the mxBB cache whenever updating phpBB config settings ! // - true: enable cache, false: disable cache ! $board_config = $mx_cache->obtain_phpbb_config(false); } // // Is phpBB File Attachment MOD present? --- 334,375 ---- // basic forum information is not available // ! switch (PORTAL_BACKEND) { ! case 'internal': ! $board_config = array(); ! $script_name_phpbb = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim('includes/shared/phpbb2/')) . '/'; ! break; ! ! case 'phpbb2': ! if( @file_exists($phpbb_root_path . 'includes/class_config.' . $phpEx) && @file_exists($phpbb_root_path . 'includes/class_groups.' . $phpEx) ) ! { ! include($mx_root_path . 'includes/mx_functions_ch.'.$phpEx); ! } ! else ! { ! // ! // Grab phpBB global variables, re-cache if necessary ! // - optional parameter to enable/disable cache for config data. If enabled, remember to refresh the mxBB cache whenever updating phpBB config settings ! // - true: enable cache, false: disable cache ! $board_config = $mx_cache->obtain_phpbb_config(false); ! } ! $script_name_phpbb = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path'])) . '/'; ! break; ! ! case 'phpbb3': ! // ! // Grab phpBB global variables, re-cache if necessary ! // - optional parameter to enable/disable cache for config data. If enabled, remember to refresh the mxBB cache whenever updating phpBB config settings ! // - true: enable cache, false: disable cache ! $board_config = $mx_cache->obtain_phpbb_config(false); ! $script_name_phpbb = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path'])) . '/'; ! break; } + $server_url_phpbb = $server_protocol . $server_name . $server_port . $script_name_phpbb; + define('PHPBB_URL', $server_url_phpbb); + + mx_page::sync_configs(); + // // Is phpBB File Attachment MOD present? Index: index.php =================================================================== RCS file: /cvsroot/mxbb/core/index.php,v retrieving revision 1.70 retrieving revision 1.71 diff -C2 -d -r1.70 -r1.71 *** index.php 22 Jul 2007 20:59:56 -0000 1.70 --- index.php 9 Sep 2007 16:48:16 -0000 1.71 *************** *** 45,49 **** // /* ! if( !($userdata['user_level'] == ADMIN && $userdata['session_logged_in']) ) { mx_message_die(GENERAL_MESSAGE, 'We are currenty upgrading this site with latest mxBB software. Hopefully everything will run smoothly again later tonight (GMT). /Jon', 'Information'); --- 45,49 ---- // /* ! if( !($mx_user->data['user_level'] == ADMIN && $mx_user->data['session_logged_in']) ) { mx_message_die(GENERAL_MESSAGE, 'We are currenty upgrading this site with latest mxBB software. Hopefully everything will run smoothly again later tonight (GMT). /Jon', 'Information'); *************** *** 54,58 **** // Site under reconstruction // ! if( !$portal_config['portal_status'] && !($userdata['user_level'] == ADMIN && $userdata['session_logged_in']) ) { mx_message_die(GENERAL_MESSAGE, $portal_config['disabled_message'], 'Information'); --- 54,58 ---- // Site under reconstruction // ! if( !$portal_config['portal_status'] && !($mx_user->data['user_level'] == ADMIN && $mx_user->data['session_logged_in']) ) { mx_message_die(GENERAL_MESSAGE, $portal_config['disabled_message'], 'Information'); *************** *** 70,81 **** // Page Auth and IP filter // ! if ( !$mx_page->auth_view && $userdata['session_logged_in'] ) { $message = empty( $lang['Page_Not_Authorised'] ) ? "Sorry, but you don't have privilege to access this page." : $lang['Page_Not_Authorised']; mx_message_die(GENERAL_MESSAGE, $message, '', __LINE__, __FILE__, ''); } ! elseif ( !$mx_page->auth_view && !$userdata['session_logged_in'] ) { ! mx_redirect( append_sid( "login.$phpEx?redirect=" . 'index.php?page=' . $page_id, true ) ); } elseif ( !$mx_page->auth_ip ) --- 70,81 ---- // Page Auth and IP filter // ! if ( !($mx_page->auth_view || $mx_page->auth_mod) && $mx_user->data['session_logged_in'] ) { $message = empty( $lang['Page_Not_Authorised'] ) ? "Sorry, but you don't have privilege to access this page." : $lang['Page_Not_Authorised']; mx_message_die(GENERAL_MESSAGE, $message, '', __LINE__, __FILE__, ''); } ! elseif ( !($mx_page->auth_view || $mx_page->auth_mod) && !$mx_user->data['session_logged_in'] ) { ! mx_redirect( mx3_append_sid( "login.$phpEx?redirect=index.$phpEx", 'page=' . $page_id, true ) ); } elseif ( !$mx_page->auth_ip ) |
