Menu
▾
▴
mxbb-commits — Internal Mailing List for CVS Commit Messages
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
|
Mar
(95) |
Apr
(270) |
May
(111) |
Jun
|
Jul
|
Aug
(64) |
Sep
(130) |
Oct
(319) |
Nov
(17) |
Dec
(191) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
(53) |
Feb
|
Mar
|
Apr
|
May
(6) |
Jun
(387) |
Jul
(102) |
Aug
(247) |
Sep
(120) |
Oct
(1) |
Nov
(8) |
Dec
(21) |
| 2007 |
Jan
(38) |
Feb
(36) |
Mar
|
Apr
(32) |
May
(135) |
Jun
(523) |
Jul
(192) |
Aug
(103) |
Sep
(533) |
Oct
(77) |
Nov
(23) |
Dec
(203) |
| 2008 |
Jan
(312) |
Feb
(1193) |
Mar
(404) |
Apr
(67) |
May
(62) |
Jun
(497) |
Jul
(297) |
Aug
(110) |
Sep
(335) |
Oct
(256) |
Nov
(50) |
Dec
(118) |
| 2009 |
Jan
(67) |
Feb
(10) |
Mar
(1) |
Apr
(1) |
May
|
Jun
(10) |
Jul
(61) |
Aug
|
Sep
(16) |
Oct
(45) |
Nov
(12) |
Dec
(14) |
| 2010 |
Jan
(30) |
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
|
Jul
(7) |
Aug
(7) |
Sep
(5) |
Oct
(5) |
Nov
|
Dec
|
| 2011 |
Jan
(7) |
Feb
(3) |
Mar
(89) |
Apr
(11) |
May
(5) |
Jun
|
Jul
(8) |
Aug
(1) |
Sep
(2) |
Oct
|
Nov
(2) |
Dec
(89) |
| 2012 |
Jan
(7) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
(3) |
Oct
(42) |
Nov
(1) |
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
(19) |
Apr
(90) |
May
(38) |
Jun
(235) |
Jul
(38) |
Aug
(10) |
Sep
|
Oct
(29) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
(6) |
May
(52) |
Jun
|
Jul
(7) |
Aug
|
Sep
(17) |
Oct
|
Nov
|
Dec
|
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:46:00
|
Update of /cvsroot/mxbb/mx_shotcast In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv32015 Modified Files: radioplayer.php Log Message: Index: radioplayer.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/radioplayer.php,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** radioplayer.php 29 Sep 2014 13:40:40 -0000 1.16 --- radioplayer.php 29 Sep 2014 13:45:57 -0000 1.17 *************** *** 32,37 **** $color_mode ='wmode'; $flash_wmode ='transparent'; // $flash_wmode ='opaque'; ! $shotcast_config['flash_FileName'] = !empty($shotcast_config['flash_FileName']) ? $shotcast_config['flash_FileName'] : $module_root_path ."skins/".SKIN."/bg.swf"; ! $shotcast_config['gateway_FileName']= !empty($shotcast_config['gateway_FileName']) ? $shotcast_config['gateway_FileName'] : $module_root_path ."skins/".SKIN."/index.html"; define('FLASH_FILE', $mx_root_path . $shotcast_config['flash_FileName']); define('GATEWAY_FILE', $mx_root_path . $shotcast_config['gateway_FileName']); --- 32,37 ---- $color_mode ='wmode'; $flash_wmode ='transparent'; // $flash_wmode ='opaque'; ! $shotcast_config['flash_FileName'] = !empty($shotcast_config['flash_FileName']) ? $shotcast_config['flash_FileName'] : $mx_root_path ."modules/mx_shotcast/skins/".SKIN."/bg.swf"; ! $shotcast_config['gateway_FileName']= !empty($shotcast_config['gateway_FileName']) ? $shotcast_config['gateway_FileName'] : $module_root_path ."modules/mx_shotcast/skins/".SKIN."/index.html"; define('FLASH_FILE', $mx_root_path . $shotcast_config['flash_FileName']); define('GATEWAY_FILE', $mx_root_path . $shotcast_config['gateway_FileName']); |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:40:43
|
Update of /cvsroot/mxbb/mx_shotcast In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv31752 Modified Files: radioplayer.php Log Message: Index: radioplayer.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/radioplayer.php,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** radioplayer.php 29 Sep 2014 13:31:15 -0000 1.15 --- radioplayer.php 29 Sep 2014 13:40:40 -0000 1.16 *************** *** 50,55 **** $html .= java_script($module_root_path, $phpEx, $mimetype, $clean_config, $radio_skin, $autoplay, $state, $lang, $java_debug, $update_title); $html .= " ! <object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0\" width=\"1\" height=\"287\">\"); ! <param name=\"movie\" value=\"".FLASH_FILE."\"></param> <param name=\"quality\" value=\"high\"></param> <param name=\"".COLOR_MODE."\" value=\"".WMODE."\"></param> --- 50,55 ---- $html .= java_script($module_root_path, $phpEx, $mimetype, $clean_config, $radio_skin, $autoplay, $state, $lang, $java_debug, $update_title); $html .= " ! <object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0\" width=\"1\" height=\"287\"> ! <param name=\"movie\" value=\"".FLASH_FILE."\"></param> <param name=\"quality\" value=\"high\"></param> <param name=\"".COLOR_MODE."\" value=\"".WMODE."\"></param> |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:33:28
|
Update of /cvsroot/mxbb/mx_shotcast/skins/yellow In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv31001/yellow Added Files: bg.swf Log Message: --- NEW FILE: bg.swf --- (This appears to be a binary file; contents omitted.) |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:33:27
|
Update of /cvsroot/mxbb/mx_shotcast/skins/default In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv31001/default Added Files: bg.swf Log Message: --- NEW FILE: bg.swf --- (This appears to be a binary file; contents omitted.) |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:31:36
|
Update of /cvsroot/mxbb/mx_shotcast/templates/prosilver/admin In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv30866 Modified Files: shotcast_config_body.html Log Message: some updates for new browsers Index: shotcast_config_body.html =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/templates/prosilver/admin/shotcast_config_body.html,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** shotcast_config_body.html 28 May 2013 07:14:45 -0000 1.1 --- shotcast_config_body.html 29 Sep 2014 13:31:33 -0000 1.2 *************** *** 99,102 **** --- 99,110 ---- </td> </tr> + <tr> + <td class="row1">{L_GF}<br><span class="gensmall">{L_GF_INFO}</span></td> + <td class="row2"> + <select name="gf_select" class="forminput"> + <option value="1"{S_FLASH_YES}>{L_FLASH}</option> + <option value="0"{S_GATEWAY_YES}>{L_GATEWAY}</option> + </select></td> + </tr> <tr> <td class="row1"><p><b>{L_STREAM_TYPE}:</b><br></p></td> *************** *** 107,120 **** <td class="row2">{SHOW_STATUS}</td></td> </tr> - </tr> - <tr> - <td class="row1">{L_ALLOW_GUESTS}</span></td> - <td class="row2"><input type="radio" name="allow_guests" value="1" {ALLOW_GUESTS_YES} /> {L_YES} <input type="radio" name="allow_guests" value="0" {ALLOW_GUESTS_NO} /> {L_NO}</td> - </tr> - <tr> - <td class="row1">{L_GUESTNAME}<br><span class="gensmall">{L_GUESTNAME_EXPLAIN}</span></td> - <td class="row2"><input class="post" type="text" name="guestname" value="{GUESTNAME}" size="12" maxlength="20" /></td> - </tr> <tr> <tr> <td class="catBottom" colspan="2" align="center">{S_HIDDEN_FIELDS} --- 115,126 ---- <td class="row2">{SHOW_STATUS}</td></td> </tr> <tr> + <td class="row1">{L_ALLOW_GUESTS}</span></td> + <td class="row2"><input type="radio" name="allow_guests" value="1" {ALLOW_GUESTS_YES} /> {L_YES} <input type="radio" name="allow_guests" value="0" {ALLOW_GUESTS_NO} /> {L_NO}</td> + </tr> + <tr> + <td class="row1">{L_GUESTNAME}<br><span class="gensmall">{L_GUESTNAME_EXPLAIN}</span></td> + <td class="row2"><input class="post" type="text" name="guestname" value="{GUESTNAME}" size="12" maxlength="20" /></td> + </tr> <tr> <td class="catBottom" colspan="2" align="center">{S_HIDDEN_FIELDS} |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:31:27
|
Update of /cvsroot/mxbb/mx_shotcast/templates/_core/admin In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv30855 Modified Files: shotcast_config_body.tpl Log Message: some updates for new browsers Index: shotcast_config_body.tpl =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/templates/_core/admin/shotcast_config_body.tpl,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** shotcast_config_body.tpl 29 Sep 2014 11:58:25 -0000 1.5 --- shotcast_config_body.tpl 29 Sep 2014 13:31:24 -0000 1.6 *************** *** 99,102 **** --- 99,110 ---- </td> </tr> + <tr> + <td class="row1">{L_GF}<br><span class="gensmall">{L_GF_INFO}</span></td> + <td class="row2"> + <select name="gf_select" class="forminput"> + <option value="1"{S_FLASH_YES}>{L_FLASH}</option> + <option value="0"{S_GATEWAY_YES}>{L_GATEWAY}</option> + </select></td> + </tr> <tr> <td class="row1"><p><b>{L_STREAM_TYPE}:</b><br></p></td> |
|
From: Florin C B. <ory...@us...> - 2014-09-29 13:31:17
|
Update of /cvsroot/mxbb/mx_shotcast In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv30833 Modified Files: radioplayer.php Log Message: some updates for new browsers Index: radioplayer.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/radioplayer.php,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** radioplayer.php 29 Sep 2014 11:58:24 -0000 1.14 --- radioplayer.php 29 Sep 2014 13:31:15 -0000 1.15 *************** *** 32,36 **** $color_mode ='wmode'; $flash_wmode ='transparent'; // $flash_wmode ='opaque'; ! define('FLASH_FILE', $mx_root_path . $shotcast_config['flash_FileName']); define('GATEWAY_FILE', $mx_root_path . $shotcast_config['gateway_FileName']); --- 32,37 ---- $color_mode ='wmode'; $flash_wmode ='transparent'; // $flash_wmode ='opaque'; ! $shotcast_config['flash_FileName'] = !empty($shotcast_config['flash_FileName']) ? $shotcast_config['flash_FileName'] : $module_root_path ."skins/".SKIN."/bg.swf"; ! $shotcast_config['gateway_FileName']= !empty($shotcast_config['gateway_FileName']) ? $shotcast_config['gateway_FileName'] : $module_root_path ."skins/".SKIN."/index.html"; define('FLASH_FILE', $mx_root_path . $shotcast_config['flash_FileName']); define('GATEWAY_FILE', $mx_root_path . $shotcast_config['gateway_FileName']); *************** *** 50,58 **** $html .= " <object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0\" width=\"1\" height=\"287\">\"); ! <param name=\"movie\" value=\"{FLASH_FILE}\"></param> <param name=\"quality\" value=\"high\"></param> ! <param name=\"{COLOR_MODE}\" value=\"{WMODE}\"></param> <param name=\"bgcolor\" value=\"000000\"></param> ! <embed src=\"{FLASH_FILE}\" {COLOR_MODE}=\"{WMODE}\" quality=\"high\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash\" type=\"application/x-shockwave-flash\" width=\"1\" height=\"287\"></embed></object> <script type=\"text/javascript\"><!-- loadimg = new Image(27,27); --- 51,59 ---- $html .= " <object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0\" width=\"1\" height=\"287\">\"); ! <param name=\"movie\" value=\"".FLASH_FILE."\"></param> <param name=\"quality\" value=\"high\"></param> ! <param name=\"".COLOR_MODE."\" value=\"".WMODE."\"></param> <param name=\"bgcolor\" value=\"000000\"></param> ! <embed src=\"".FLASH_FILE."\" ".COLOR_MODE."=\"".WMODE."\" quality=\"high\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash\" type=\"application/x-shockwave-flash\" width=\"1\" height=\"287\"></embed></object> <script type=\"text/javascript\"><!-- loadimg = new Image(27,27); |
|
From: Florin C B. <ory...@us...> - 2014-09-29 11:58:27
|
Update of /cvsroot/mxbb/mx_shotcast/includes In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv26240/includes Modified Files: cast_functions.php common.php getinfo_ice.php getinfo_shout.php java_script.php Log Message: some updates for new browsers Index: common.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/includes/common.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** common.php 28 May 2013 07:14:34 -0000 1.10 --- common.php 29 Sep 2014 11:58:25 -0000 1.11 *************** *** 30,40 **** die("Hacking attempt"); } if (!defined('PORTAL_BACKEND')) { ! define('MXBB_MODULE', false); } else { ! define('MXBB_MODULE', true); } --- 30,41 ---- die("Hacking attempt"); } + //@ for compatibility with non shoutcast version of radio front if (!defined('PORTAL_BACKEND')) { ! @define('MXBB_MODULE', false); } else { ! @define('MXBB_MODULE', true); } *************** *** 237,245 **** } } $radio_skin = preg_replace("/[^a-zA-Z0-9_.-@]/", "", $radio_skin); if (@file_exists($module_root_path . "skins/" . $radio_skin . "/skin_config.$phpEx") === false) { $radio_skin = $default_skin; ! //die('Requested skin and default skin configuration file couldn\'t be found.'); } @define('SKIN', $radio_skin); --- 238,247 ---- } } + $radio_skin = preg_replace("/[^a-zA-Z0-9_.-@]/", "", $radio_skin); if (@file_exists($module_root_path . "skins/" . $radio_skin . "/skin_config.$phpEx") === false) { $radio_skin = $default_skin; ! die('Requested skin and default skin configuration file couldn\'t be found.'); } @define('SKIN', $radio_skin); Index: cast_functions.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/includes/cast_functions.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** cast_functions.php 28 May 2013 07:14:34 -0000 1.1 --- cast_functions.php 29 Sep 2014 11:58:25 -0000 1.2 *************** *** 27,35 **** // OryNider (v 4.2 - 5.0-dev) ! if( !defined('IN_SHOTCAST')) { die("Hacking attempt"); } function asc2hex($temp) { --- 27,38 ---- // OryNider (v 4.2 - 5.0-dev) ! if( !defined('IN_PORTAL') ) { die("Hacking attempt"); } + if (!function_exists('obj_to_array')) + { + function asc2hex($temp) { *************** *** 80,84 **** $contents = curl_exec($c); $err = curl_error($c); ! //die("$url"); @curl_close($c); if ($contents) --- 83,87 ---- $contents = curl_exec($c); $err = curl_error($c); ! ////die("$url"); @curl_close($c); if ($contents) *************** *** 376,378 **** --- 379,384 ---- return $$getInfo; } + + } + ?> \ No newline at end of file Index: java_script.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/includes/java_script.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** java_script.php 29 May 2013 05:00:43 -0000 1.2 --- java_script.php 29 Sep 2014 11:58:25 -0000 1.3 *************** *** 20,23 **** --- 20,45 ---- // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + @ example from http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_iframe_src + <!DOCTYPE html> + <html> + <body> + + <iframe id="embedFrame" src="/default.asp"></iframe> + + <p>Click the button to return the value of the src attribute in the iframe.</p> + + <p id="eq"></p> + + <button onclick="playR()">Play</button> + + <script> + function playR() { + var frame = document.getElementById('embedFrame').src; + document.getElementById('eq').innerHTML = frame; + } + </script> + + </body> + </html> */ // History: *************** *** 181,185 **** window.attachEvent('onload',doDMarquee); } - function playR() { --- 203,206 ---- *************** *** 213,217 **** } } ! function stopR(){ document.getElementById('eq').src = '" . $module_root_path . "skins/" . SKIN . "/equalizer_stop.gif'; --- 234,273 ---- } } ! function playR_mx() ! { ! var oDivs = document.getElementsByTagName('div'); ! for( var i = 0, oDiv; i < oDivs.length; i++ ) ! { ! oDiv = oDivs[i]; ! if( oDiv.className && oDiv.className.match(/\bdmarquee\b/) ) ! { ! if( !( oDiv = oDiv.getElementsByTagName('div')[0] ) ) { continue; } ! if( !( oDiv.mchild = oDiv.getElementsByTagName('div')[0] ) ) { continue; } ! oDiv.getElementsByTagName('div')[0].innerHTML = '" . $lang['checking_title'] . "'; ! i += 2; ! } ! } ! intervalID = window.top.setInterval( 'updateInfo()', " . $update_title . " ); ! doDMarquee(); ! document.getElementById('eq').src = '" . $module_root_path . "skins/" . SKIN . "/equalizer_play.gif'; ! var embed = document.getElementById('embedchoise'); ! var frame = document.getElementById('embedFrame'); ! if(document.getElementById('embedchoise').value != \"auto\" && document.getElementById('embedchoise').value != \"wmp\") ! { ! document.getElementById('embedFrame').src = \"" . $module_root_path . "play." . $phpEx . "?config=" . $clean_config . "&embed=\" + embed.value; ! embedInfo(document.getElementById('embedchoise').value); ! } ! else if(document.getElementById('embedchoise').value == \"wmp\") ! { ! document.getElementById('embedFrame').src = \"play." . $phpEx . "?config=" . $clean_config . "&embed=\" + detectWMPEmbed(embed.value); ! embedInfo(detectWMPEmbed(document.getElementById('embedchoise').value)); ! embedFramereload(); ! } ! else ! { ! document.getElementById('embedFrame').src = \"" . $module_root_path . "play." . $phpEx . "?config=" . $clean_config . (isset($_GET['embed']) ? $_GET['embed'] : '') . "\"; ! embedInfo(detectEmbed()); ! } ! } function stopR(){ document.getElementById('eq').src = '" . $module_root_path . "skins/" . SKIN . "/equalizer_stop.gif'; Index: getinfo_shout.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/includes/getinfo_shout.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** getinfo_shout.php 28 May 2013 07:14:34 -0000 1.1 --- getinfo_shout.php 29 Sep 2014 11:58:25 -0000 1.2 *************** *** 218,222 **** if (preg_match("/Unauthorized/", $stream_genre)) { ! $servergenre = $stream_genre = $radio->genre(); } --- 218,222 ---- if (preg_match("/Unauthorized/", $stream_genre)) { ! $servergenre = $stream_genre = "genre"; } Index: getinfo_ice.php =================================================================== RCS file: /cvsroot/mxbb/mx_shotcast/includes/getinfo_ice.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** getinfo_ice.php 28 May 2013 07:14:34 -0000 1.1 --- getinfo_ice.php 29 Sep 2014 11:58:25 -0000 1.2 *************** *** 26,33 **** // DrKnas (Current maintainer v 4.0 -) ! if( !defined('IN_SHOTCAST')) { die("Hacking attempt"); } $state = ""; $currentsong = ""; --- 26,34 ---- // DrKnas (Current maintainer v 4.0 -) ! if( !defined('IN_PORTAL') ) { die("Hacking attempt"); } + $state = ""; $currentsong = ""; *************** *** 155,159 **** } #error_reporting(E_ALL ^ E_NOTICE); - function icecast_status($caster_ip, $caster_port, $icecast_mount_point) { --- 156,159 ---- *************** *** 174,178 **** //$mount_points = explode("_END_", $page); //$page_array = preg_split('/<td\s[^>]*class=\"streamdata\">(.*)<\/td>/isU' , $page, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); ! //die("$page"); //for( $i = 0; $i < $n = count($page_array); $i++ ) //{ --- 174,178 ---- //$mount_points = explode("_END_", $page); //$page_array = preg_split('/<td\s[^>]*class=\"streamdata\">(.*)<\/td>/isU' , $page, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); ! ////die("$page"); //for( $i = 0; $i < $n = count($page_array); $i++ ) //{ *************** *** 345,348 **** return $status; } - ?> \ No newline at end of file --- 345,347 ---- |
|
From: Florin C B. <ory...@us...> - 2014-09-29 11:42:33
|
Update of /cvsroot/mxbb/core/includes/sessions/internal In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv25230 Modified Files: session.php Log Message: temp fix for lost sessions Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/internal/session.php,v retrieving revision 1.21 retrieving revision 1.22 diff -C2 -d -r1.21 -r1.22 *** session.php 16 May 2014 18:02:23 -0000 1.21 --- session.php 29 Sep 2014 11:42:31 -0000 1.22 *************** *** 362,370 **** if ( !($result = $db->sql_query($sql)) ) { ! mx_message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); ! } ! ! $userdata = $db->sql_fetchrow($result); // // Did the session exist in the DB? --- 362,376 ---- if ( !($result = $db->sql_query($sql)) ) { ! $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; + if ( !($userdata = $this->session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) + { + mx_message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); + } + } + else + { + $userdata = $db->sql_fetchrow($result); + } // // Did the session exist in the DB? |
|
From: Florin C B. <ory...@us...> - 2014-09-29 11:35:57
|
Update of /cvsroot/mxbb/mx_radio/language/lang_english In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv24547/language/lang_english Modified Files: lang_admin.php Log Message: many features updated for new browsers Index: lang_admin.php =================================================================== RCS file: /cvsroot/mxbb/mx_radio/language/lang_english/lang_admin.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** lang_admin.php 6 Jun 2007 23:33:47 -0000 1.1 --- lang_admin.php 29 Sep 2014 11:35:54 -0000 1.2 *************** *** 1,3 **** --- 1,11 ---- <?php + /** + * + * @package MXP CMS Module - mx_radio + * @version $Id$ + * @copyright (c) 2006 [ory...@rd..., OryNider] mxBB Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 + * + */ $lang['radio_Settings'] = "Radio Settings"; *************** *** 9,15 **** --- 17,36 ---- $lang['Station_stream'] = "Station stream"; + $lang['allow_autoplay'] = "Allow automatic play at load"; + $lang['allow_autoplay_explain'] = "If Stream should start automatic when player is loaded"; + + $lang['caster'] = "Caster type: <b>shout</b> or <b>ice</b>"; + $lang['logo_config'] = "Logo config parameters"; + $lang['logo_config_explain'] = "Logo should be put in: \"templates/current_style/images/\" (standallone in the root of \"/logos\"). You can use any format tha works on the web (jpeg, gif, png...)"; + + $lang['allow_curl'] = "Allow CURL to get CD cover data (yes/no)"; + $lang['allow_curl_explain'] = "Use Curl PHP Class to get CD cover data from last.fm, and amazone's API"; + $lang['Check_period'] = "Check period (seconds)"; $lang['Check_period_explain'] = "For exemple : Check who is on the radio from the web player."; + $lang['show_listen'] = "Show Allways Listen"; + $lang['show_listen_info'] = "Select Yes if you whant the listen option to be displayed allways or No if you whant to hide the listen option when allready listening."; + $lang['Flash_file'] = "File to display if flash mode"; $lang['Gateway_file'] = "File to display if gateway mode"; *************** *** 21,24 **** --- 42,49 ---- $lang['Gateway_mode'] = "gateway"; + $lang['Allow_guests'] = "Allow guest(anonymous) users to listen?"; + $lang['guestname'] = "Guest Name"; + $lang['guestname_explain'] = "Definition of guests names - do NOT start the name with numbers, and no use of special chars!"; + $lang['Reset'] = "Reset"; $lang['Submit'] = "Submit"; *************** *** 27,31 **** $lang['Show_stations'] = "Show Stations List Button"; ! // // That's all Folks! --- 52,57 ---- $lang['Show_stations'] = "Show Stations List Button"; ! $lang['Show_status'] = "Show status"; ! $lang['Stream_type'] = "Stream Type"; // // That's all Folks! |
|
From: Florin C B. <ory...@us...> - 2014-09-29 11:35:56
|
Update of /cvsroot/mxbb/mx_radio/admin In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv24547/admin Modified Files: admin_radio.php Log Message: many features updated for new browsers Index: admin_radio.php =================================================================== RCS file: /cvsroot/mxbb/mx_radio/admin/admin_radio.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** admin_radio.php 3 Jul 2013 04:30:02 -0000 1.6 --- admin_radio.php 29 Sep 2014 11:35:54 -0000 1.7 *************** *** 86,109 **** } //Show status? ! if ($new['show_status']=="true") { ! $show_status="<select name=\"show_status\" size=1><option value=\"true\" selected>on<option value=\"false\">off</select>"; } else { ! $show_status="<select name=\"show_status\" size=1><option value=\"true\">on<option value=\"false\" selected>off</select>"; } //Show stationslist? ! if ($new['show_stations']=="true") { ! $show_stations="<select name=\"show_stations\" size=1><option value=\"true\" selected>on<option value=\"false\">off</select>"; } else { ! $show_stations="<select name=\"show_stations\" size=1><option value=\"true\">on<option value=\"false\" selected>off</select>"; } --- 86,222 ---- } + // CD-cover, equliazer, logo (cover, eq, logo) + if ($new['picture_type'] == 'cover') + { + $picture_type = " + <select name=\"picture_type\" size=\"1\"> + <option value=\"cover\" selected> + cover + </option> + <option value=\"eq\"> + eq + </option> + <option value=\"logo\"> + logo + </option> + </select>"; + } + elseif ($new['picture_type'] == 'eq') + { + $picture_type = " + <select name=\"picture_type\" size=\"1\"> + <option value=\"cover\"> + cover + </option> + <option value=\"eq\" selected> + eq + </option> + <option value=\"logo\"> + logo + </option> + </select>"; + } + elseif ($new['picture_type'] == 'logo') + { + $picture_type = " + <select name=\"picture_type\" size=\"1\"> + <option value=\"cover\"> + cover + </option> + <option value=\"eq\"> + eq + </option> + <option value=\"logo\" selected> + logo + </option> + </select>"; + } + else + { + $picture_type = " + <select name=\"picture_type\" size=\"1\"> + <option value=\"cover\"> + cover + </option> + <option value=\"eq\"> + eq + </option> + <option value=\"logo\"> + logo + </option> + </select>"; + } + + // Fallback if no cover is found (eq/logo) + if ($new['fallback'] == 'eq') + { + $fallback_to = " + <select name=\"fallback\" size=1> + <option value=\"eq\" selected> + eq + </option> + <option value=\"logo\"> + logo + </option> + </select>"; + } + else + { + $fallback_to = " + <select name=\"fallback\" size=1> + <option value=\"eq\"> + eq + </option> + <option value=\"logo\" selected> + logo + </option> + </select>"; + } + + //stream_type + if ($new['stream_type'] == 'mp3') + { + $stream_type = " + <select name=\"stream_type\" size=1> + <option value=\"mp3\" selected> + mp3 + </option> + <option value=\"icy\"> + icy + </option> + </select>"; + } + else + { + $stream_type = " + <select name=\"stream_type\" size=1> + <option value=\"mp3\"> + mp3 + </option> + <option value=\"icy\" selected> + icy + </option> + </select>"; + } //Show status? ! if ($new['show_status'] == "true") { ! $show_status="<select name=\"show_status\" size=1><option value=\"true\" selected>on<option value=\"false\">off</select>"; } else { ! $show_status="<select name=\"show_status\" size=1><option value=\"true\">on<option value=\"false\" selected>off</select>"; } //Show stationslist? ! if ($new['show_stations'] == "true") { ! $show_stations="<select name=\"show_stations\" size=1><option value=\"true\" selected>on<option value=\"false\">off</select>"; } else { ! $show_stations="<select name=\"show_stations\" size=1><option value=\"true\">on<option value=\"false\" selected>off</select>"; } *************** *** 111,114 **** --- 224,242 ---- $gf_select_no = ( !$new['gf_select'] ) ? ' selected' : ''; + // ALLOW STREAM START AUTOMATIC WHEN PLAYER IS LOADED ? + $allow_autoplay_yes = ($new['allow_autoplay'] == 1) ? 'checked="checked"' : ''; + $allow_autoplay_no = ($new['allow_autoplay'] == 0) ? 'checked="checked"' : ''; + + // ALLOW CURL? + $allow_curl_yes = ($new['allow_curl'] == 1) ? 'checked="checked"' : ''; + $allow_curl_no = ($new['allow_curl'] == 0) ? 'checked="checked"' : ''; + + // ALLOW GUESTS? + $allow_guests_yes = ($new['allow_guests'] == 1) ? 'checked="checked"' : ''; + $allow_guests_no = ($new['allow_guests'] == 0) ? 'checked="checked"' : ''; + + $show_listen_select_yes = ( $new['show_listen_select'] ) ? ' selected' : ''; + $show_listen_select_no = ( !$new['show_listen_select'] ) ? ' selected' : ''; + $template->set_filenames(array( "body" => "admin/radio_config_body.tpl") *************** *** 116,136 **** $template->assign_vars(array( ! 'S_ACTION' => mx_append_sid("admin_radio.$phpEx"), 'L_RADIO_SETTINGS' => $lang['radio_Settings'], ! 'L_RADIO_SETTINGS_EXPLAIN' => $lang['radio_Settings_explain'], ! 'L_RADIO' => $lang['Radio_name'], ! 'L_STREAM' => $lang['Station_stream'], ! 'L_FLASH' => $lang['Flash_file'], ! 'L_GATEWAY' => $lang['Gateway_file'], 'L_SHOW_STATUS' => $lang['Show_status'], 'L_SHOW_STATIONS' => $lang['Show_stations'], ! 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! 'L_GF' => $lang['flash_gateway'], 'L_GF_INFO' => $lang['flash_gateway_info'], ! 'L_FLASH' => $lang['Flash_mode'], ! 'L_GATEWAY' => $lang['Gateway_mode'], 'L_CHECK_PERIOD' => $lang['Check_period'], ! 'L_CHECK_PERIOD_EXPLAIN' => $lang['Check_period_explain'], 'RADIO_NAME' => $new['radio_name'], --- 244,278 ---- $template->assign_vars(array( ! 'S_ACTION' => mx_append_sid("admin_radio.$phpEx"), 'L_RADIO_SETTINGS' => $lang['radio_Settings'], ! 'L_RADIO_SETTINGS_EXPLAIN' => $lang['radio_Settings_explain'], ! 'L_RADIO' => $lang['Radio_name'], ! 'L_STREAM' => $lang['Station_stream'], ! 'L_FLASH' => $lang['Flash_file'], ! 'L_GATEWAY' => $lang['Gateway_file'], 'L_SHOW_STATUS' => $lang['Show_status'], 'L_SHOW_STATIONS' => $lang['Show_stations'], ! 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! 'L_GF' => $lang['flash_gateway'], 'L_GF_INFO' => $lang['flash_gateway_info'], ! 'L_FLASH' => $lang['Flash_mode'], ! 'L_GATEWAY' => $lang['Gateway_mode'], 'L_CHECK_PERIOD' => $lang['Check_period'], ! 'L_CHECK_PERIOD_EXPLAIN' => $lang['Check_period_explain'], ! ! 'L_SHOW_STATUS' => $lang['Show_status'], ! 'L_STREAM_TYPE' => $lang['Stream_type'], ! ! 'L_CASTER' => $lang['caster'], ! 'L_ALLOW_AUTOPLAY' => $lang['allow_autoplay'], ! 'L_ALLOW_AUTOPLAY_EXPMAIN' => $lang['allow_autoplay_explain'], ! ! 'L_ALLOW_GUESTS' => $lang['Allow_guests'], ! 'L_GUESTNAME' => $lang['guestname'], ! 'L_GUESTNAME_EXPLAIN' => $lang['guestname_explain'], ! ! "L_NO" => $lang['No'], ! "L_YES" => $lang['Yes'], 'RADIO_NAME' => $new['radio_name'], *************** *** 138,148 **** 'FLASH_FILE_URL' => $new['flash_FileName'], 'GATEWAY_FILE_URL' => $new['gateway_FileName'], ! 'CHECK_PERIOD' => $new['check_period'], ! //GUI_SETTING 'USER_STATE_BUTTON' => $user_state_button, 'SHOW_STATIONS' => $show_stations, 'S_FLASH_YES' => $gf_select_yes, 'S_GATEWAY_YES' => $gf_select_no, 'SHOW_STATUS' => $show_status) ); --- 280,330 ---- 'FLASH_FILE_URL' => $new['flash_FileName'], 'GATEWAY_FILE_URL' => $new['gateway_FileName'], ! ! 'PLAY_LIST' => $new['play_list'], ! 'PLAY_ASX' => $new['play_asx'], ! 'PLAY_HOST' => $new['play_host'], ! 'PLAY_PORT' => $new['play_port'], ! 'PLAY_MOUNT' => $new['play_mount'], ! 'S_CASTER' => $new['caster'], ! ! 'ALLOW_AUTOPLAY_YES' => $allow_autoplay_yes, ! 'ALLOW_AUTOPLAY_NO' => $allow_autoplay_no, ! ! 'PICTURE_TYPE' => $picture_type, ! 'FALLBACK_TO' => $fallback_to, ! 'DISPLAY_LOGO' => $new['logo'], ! ! 'ALLOW_CURL_YES' => $allow_curl_yes, ! 'ALLOW_CURL_NO' => $allow_curl_no, ! ! 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! 'L_CHECK_PERIOD' => $lang['Check_period'], ! 'L_CHECK_PERIOD_EXPLAIN' => $lang['Check_period_explain'], ! 'L_SHOW_LISTEN' => $lang['show_listen'], ! 'L_SHOW_LISTEN_INFO' => $lang['show_listen_info'], ! ! 'L_FORCE_ONLINE' => !empty($lang['Force_Online']) ? $lang['Force_Online'] : 'Force Online', ! ! 'CHECK_PERIOD' => $new['check_period'], ! ! //GUI_SETTING ! 'L_BUTTON_SETTINGS' => 'USER_STATE_BUTTON', 'USER_STATE_BUTTON' => $user_state_button, + 'S_LISTEN_YES' => $show_listen_select_yes, + 'S_LISTEN_NO' => $show_listen_select_no, + + 'ALLOW_GUESTS_YES' => $allow_guests_yes, + 'ALLOW_GUESTS_NO' => $allow_guests_no, + 'GUESTNAME' => $new['guestname'], + 'SHOW_STATIONS' => $show_stations, 'S_FLASH_YES' => $gf_select_yes, 'S_GATEWAY_YES' => $gf_select_no, + + 'FORCE_ON_ENABLED' => ($new['force_online'] == 1) ? 'checked="checked"' : '', + 'FORCE_ON_DISABLED' => ($new['force_online'] == 0) ? 'checked="checked"' : '', + 'STREAM_TYPE' => $stream_type, 'SHOW_STATUS' => $show_status) ); |
|
From: Florin C B. <ory...@us...> - 2014-09-25 06:05:55
|
Update of /cvsroot/mxbb/mx_radiocast/includes In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv15887 Modified Files: radiocast_player.php Log Message: temp fix for pafiledb Index: radiocast_player.php =================================================================== RCS file: /cvsroot/mxbb/mx_radiocast/includes/radiocast_player.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** radiocast_player.php 22 Jul 2013 18:12:15 -0000 1.9 --- radiocast_player.php 25 Sep 2014 06:05:52 -0000 1.10 *************** *** 192,201 **** } $thisstation = $db->sql_fetchrow($result); - $cat_id = $thisstation['station_cat_id']; $user_id = $thisstation['station_user_id']; ! ! ! if( empty($thisstation['station_url']) && !file_exists(RADIOCAST_UPLOAD_PATH . $thisstation['station_filename']) ) { mx_message_die(GENERAL_ERROR, $lang['Station_not_exist']); --- 192,206 ---- } $thisstation = $db->sql_fetchrow($result); $cat_id = $thisstation['station_cat_id']; $user_id = $thisstation['station_user_id']; ! /* Uncomment here for future implemantation ! * We need here an allowed URL filter ! * ! if(isset($HTTP_GET_VARS['station_url'])) ! { ! $thisstation['station_url'] = $HTTP_GET_VARS['station_url']; ! } ! /* */ ! if(empty($thisstation['station_url']) && !file_exists(RADIOCAST_UPLOAD_PATH . $thisstation['station_filename'])) { mx_message_die(GENERAL_ERROR, $lang['Station_not_exist']); |
|
From: Florin C B. <ory...@us...> - 2014-09-24 05:51:49
|
Update of /cvsroot/mxbb/core/includes In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv18313 Modified Files: mx_functions_tools.php Log Message: temp fix for pafiledb Index: mx_functions_tools.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_tools.php,v retrieving revision 1.68 retrieving revision 1.69 diff -C2 -d -r1.68 -r1.69 *** mx_functions_tools.php 24 Sep 2014 03:10:17 -0000 1.68 --- mx_functions_tools.php 24 Sep 2014 05:51:47 -0000 1.69 *************** *** 1712,1716 **** /* * Includes ! /* if(!function_exists('prepare_message')) { --- 1712,1716 ---- /* * Includes ! */ if(!function_exists('prepare_message')) { *************** *** 1724,1728 **** mx_cache::load_file('functions_search', 'phpbb2'); } ! */ /** --- 1724,1728 ---- mx_cache::load_file('functions_search', 'phpbb2'); } ! /*/ /** |
|
From: Florin C B. <ory...@us...> - 2014-09-24 03:36:36
|
Update of /cvsroot/mxbb/mx_pafiledb/templates/_core In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv11967 Modified Files: pa_file_add.tpl Log Message: open tr backend in fildset Index: pa_file_add.tpl =================================================================== RCS file: /cvsroot/mxbb/mx_pafiledb/templates/_core/pa_file_add.tpl,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** pa_file_add.tpl 27 Apr 2008 18:48:49 -0000 1.2 --- pa_file_add.tpl 24 Sep 2014 03:36:34 -0000 1.3 *************** *** 67,71 **** <tr> <th colspan="2" class="thHead">{L_FILE_TITLE}</th> ! </tr> <tr> <td width="50%" class="row1"><span class="genmed">{L_FILE_NAME}</span><br><span class="gensmall">{L_FILE_NAME_INFO}</span></td> --- 67,71 ---- <tr> <th colspan="2" class="thHead">{L_FILE_TITLE}</th> ! <fieldset> <tr> <td width="50%" class="row1"><span class="genmed">{L_FILE_NAME}</span><br><span class="gensmall">{L_FILE_NAME_INFO}</span></td> *************** *** 179,187 **** </tr> <!-- ENDIF --> - <!-- INCLUDE pa_custom_field.tpl --> <tr> <td align="center" class="cat" colspan="2">{S_HIDDEN_FIELDS}<input class="mainoption" type="submit" value="{L_FILE_TITLE}" name="submit"></td> </tr> </table> </form> --- 179,188 ---- </tr> <!-- ENDIF --> <!-- INCLUDE pa_custom_field.tpl --> <tr> <td align="center" class="cat" colspan="2">{S_HIDDEN_FIELDS}<input class="mainoption" type="submit" value="{L_FILE_TITLE}" name="submit"></td> </tr> + </fieldset> + </tr> </table> </form> |
|
From: Florin C B. <ory...@us...> - 2014-09-24 03:10:20
|
Update of /cvsroot/mxbb/core/includes In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv10563 Modified Files: mx_functions_tools.php Log Message: Index: mx_functions_tools.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_tools.php,v retrieving revision 1.67 retrieving revision 1.68 diff -C2 -d -r1.67 -r1.68 *** mx_functions_tools.php 9 May 2014 07:51:42 -0000 1.67 --- mx_functions_tools.php 24 Sep 2014 03:10:17 -0000 1.68 *************** *** 1947,1961 **** } ! if ( !empty($this->message) ) { ! if ( !$error ) { ! if ( $this->bbcode_on ) { $bbcode_uid = $mx_bbcode->make_bbcode_uid(); } ! ! $privmsg_message = $this->prepare_message(addslashes($this->message), $this->html_on, $this->bbcode_on, $this->smilies_on, $bbcode_uid); ! $privmsg_message = str_replace('\\\n', '\n', $privmsg_message); } } --- 1947,1964 ---- } ! if (!empty($this->message)) { ! if (!$error) { ! if ($this->bbcode_on) { $bbcode_uid = $mx_bbcode->make_bbcode_uid(); } ! ! if (method_exists($this, 'lookup')) ! { ! $privmsg_message = $this->prepare_message(addslashes($this->message), $this->html_on, $this->bbcode_on, $this->smilies_on, $bbcode_uid); ! $privmsg_message = str_replace('\\\n', '\n', $privmsg_message); ! } } } |
|
From: Florin C B. <ory...@us...> - 2014-09-16 06:25:33
|
Update of /cvsroot/mxbb/core/admin In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv30817 Modified Files: pagestart.php Log Message: Index: pagestart.php =================================================================== RCS file: /cvsroot/mxbb/core/admin/pagestart.php,v retrieving revision 1.45 retrieving revision 1.46 diff -C2 -d -r1.45 -r1.46 *** pagestart.php 7 Jul 2014 20:01:12 -0000 1.45 --- pagestart.php 16 Sep 2014 06:25:30 -0000 1.46 *************** *** 59,63 **** $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $mx_user->session_id; ! //mx_redirect($url); } --- 59,63 ---- $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $mx_user->session_id; ! mx_redirect($url); } |
Update of /cvsroot/mxbb/core/includes/sessions/ascraeus In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv5316 Added Files: auth.php bbcode.php constants.php core.php functions.php index.htm login.php session.php Log Message: --- NEW FILE: login.php --- <?php /** * * @package MX-Publisher Core * @version $Id: login.php,v 1.1 2014/09/15 21:14:57 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } if($mx_request_vars->is_request('login') && ($userdata['user_id'] == ANONYMOUS || $mx_request_vars->is_post('admin')) ) { $username = utf8_clean_string($mx_request_vars->post('username', MX_TYPE_NO_TAGS, '')); $password = $mx_request_vars->post('password', MX_TYPE_NO_TAGS); $viewonline = $mx_request_vars->post('viewonline', MX_TYPE_INT, 0); $sql = "SELECT * FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "' OR username_clean = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql) ) ) { mx_message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { //$user_type = $row['user_level']; // phpBB2 $user_type = $row['user_type']; // phpBB3 if( $user_type != ADMIN && $board_config['board_disable'] ) { mx_redirect(mx3_append_sid("index.$phpEx", false)); } else { $user_login_attempts = $row['user_login_attempts']; if ( $user_login_attempts && $board_config['login_reset_time'] ) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); $row['user_last_login_try'] = $row['user_login_tries'] = 0; } // Check to see if user is allowed to login again... if his tries are exceeded if ($user_login_attempt && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $user_login_attempts >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) { mx_message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? $_REQUEST['password'] : $password; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { global $mx_root_path, $phpEx; include_once($mx_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']) { $hash = phpBB3::phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); mx_message_die(GENERAL_MESSAGE, 'We are sorry but password convertion failed, please login direct in forums or rewuest a new activation link.'); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row, ); } } } else { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? $_REQUEST['password'] : $password; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); if ($password_new_format == $password_old_format) { if (!function_exists('utf8_to_cp1252')) { global $mx_root_path, $phpEx; include_once($mx_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding if (md5($password_old_format) == $row['user_password'] || md5($password) == $row['user_password'] || phpBB3::phpbb_check_hash($password, $row['user_password'])) { $autologin = $mx_request_vars->is_post('autologin'); $admin = $mx_request_vars->is_post('admin'); $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 if( $session_id ) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } else { mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = ' UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace('?', '&', $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . mx3_append_sid("index.$phpEx") . '">', '</a>'); mx_message_die(GENERAL_MESSAGE, $message); } } // Check password ... if (!$row['user_pass_convert'] && phpBB3::phpbb_check_hash($password, $row['user_password'])) { if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { mx_message_die(GENERAL_MESSAGE, 'Inactive User'); } // Successful login... set user_login_attempts to zero... if( $session_id ) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } else { mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } } } } else { $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace("?", "&", $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . mx3_append_sid("index.$phpEx") . '">', '</a>'); mx_message_die(GENERAL_MESSAGE, $message); } } else if ($mx_request_vars->is_request('logout') && $userdata['session_logged_in'] ) { // session id check if ($sid == '' || $sid != $userdata['session_id']) { mx_message_die(GENERAL_ERROR, 'Invalid_session' . $userdata['session_id']); } if( $userdata['session_logged_in'] ) { $mx_user->session_kill(); } if (!$mx_request_vars->is_empty_request('redirect')) { $url = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); $url = str_replace('&', '&', $url); mx_redirect(mx3_append_sid($url, false)); } else { mx_redirect(mx3_append_sid("index.$phpEx", false)); } } else { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ?> --- NEW FILE: functions.php --- <?php /** * * @package Auth * @version $Id: functions.php,v 1.1 2014/09/15 21:14:57 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /** * Ascraeus Parse cfg file */ function mx_parse_cfg_file($filename, $lines = false) { $parsed_items = array(); if ($lines === false) { $lines = file($filename); } foreach ($lines as $line) { $line = trim($line); if (!$line || $line[0] == '#' || ($delim_pos = strpos($line, '=')) === false) { continue; } // Determine first occurrence, since in values the equal sign is allowed $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) { $value = false; } else if (in_array($value, array('on', 'true', '1'))) { $value = true; } else if (!trim($value)) { $value = ''; } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } else { $value = htmlspecialchars($value); } $parsed_items[$key] = $value; } if (isset($parsed_items['parent']) && isset($parsed_items['name']) && $parsed_items['parent'] == $parsed_items['name']) { unset($parsed_items['parent']); } return $parsed_items; } /** * Add log event */ function mx_add_log() { global $db, $mx_user; $args = func_get_args(); $mode = array_shift($args); $reportee_id = ($mode == 'user') ? intval(array_shift($args)) : ''; $forum_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $topic_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $action = array_shift($args); $data = (!sizeof($args)) ? '' : serialize($args); $sql_ary = array( 'user_id' => (empty($mx_user->data)) ? ANONYMOUS : $mx_user->data['user_id'], 'log_ip' => $mx_user->ip, 'log_time' => time(), 'log_operation' => $action, 'log_data' => $data, ); switch ($mode) { case 'admin': $sql_ary['log_type'] = LOG_ADMIN; break; case 'mod': $sql_ary += array( 'log_type' => LOG_MOD, 'forum_id' => $forum_id, 'topic_id' => $topic_id ); break; case 'user': $sql_ary += array( 'log_type' => LOG_USERS, 'reportee_id' => $reportee_id ); break; case 'critical': $sql_ary['log_type'] = LOG_CRITICAL; break; default: return false; } $db->sql_query('INSERT INTO ' . LOG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); return $db->sql_nextid(); } /** * Generate sort selection fields */ function mx_gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param) { global $mx_user; $sort_dir_text = array('a' => $mx_user->lang['ASCENDING'], 'd' => $mx_user->lang['DESCENDING']); // Check if the key is selectable. If not, we reset to the first key found. // This ensures the values are always valid. if (!isset($limit_days[$sort_days])) { @reset($limit_days); $sort_days = key($limit_days); } if (!isset($sort_by_text[$sort_key])) { @reset($sort_by_text); $sort_key = key($sort_by_text); } if (!isset($sort_dir_text[$sort_dir])) { @reset($sort_dir_text); $sort_dir = key($sort_dir_text); } $s_limit_days = '<select name="st">'; foreach ($limit_days as $day => $text) { $selected = ($sort_days == $day) ? ' selected="selected"' : ''; $s_limit_days .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } $s_limit_days .= '</select>'; $s_sort_key = '<select name="sk">'; foreach ($sort_by_text as $key => $text) { $selected = ($sort_key == $key) ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } $s_sort_key .= '</select>'; $s_sort_dir = '<select name="sd">'; foreach ($sort_dir_text as $key => $value) { $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $s_sort_dir .= '</select>'; $u_sort_param = "st=$sort_days&sk=$sort_key&sd=$sort_dir"; return; } /** * Get username details for placing into templates. * * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour) or full (for obtaining a html string representing a coloured link to the users profile). * @param int $user_id The users id * @param string $username The users name * @param string $username_colour The users colour * @param string $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then. * @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id} * * @return string A string consisting of what is wanted based on $mode. */ function mx_get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false) { global $phpbb_root_path, $phpEx, $mx_user, $phpbb_auth; $profile_url = ''; $username_colour = ($username_colour) ? '#' . $username_colour : ''; if ($guest_username === false) { $username = ($username) ? $username : $mx_user->lang['GUEST']; } else { $username = ($user_id && $user_id != ANONYMOUS) ? $username : ((!empty($guest_username)) ? $guest_username : $mx_user->lang['GUEST']); } // Only show the link if not anonymous if ($user_id && $user_id != ANONYMOUS) { // Do not show the link if the user is already logged in but do not have u_viewprofile permissions (relevant for bots mostly). // For all others the link leads to a login page or the profile. if ($mx_user->data['user_id'] != ANONYMOUS && !$phpbb_auth->acl_get('u_viewprofile')) { $profile_url = ''; } else { $profile_url = ($custom_profile_url !== false) ? $custom_profile_url : mx3_append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile'); $profile_url .= '&u=' . (int) $user_id; } } else { $profile_url = ''; } switch ($mode) { case 'profile': return $profile_url; break; case 'username': return $username; break; case 'colour': return $username_colour; break; case 'full': default: $tpl = ''; if (!$profile_url && !$username_colour) { $tpl = '{USERNAME}'; } else if (!$profile_url && $username_colour) { $tpl = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>'; } else if ($profile_url && !$username_colour) { $tpl = '<a href="{PROFILE_URL}">{USERNAME}</a>'; } else if ($profile_url && $username_colour) { $tpl = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>'; } return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), $tpl); break; } } ?> --- NEW FILE: core.php --- <?php /** * * @package Auth * @version $Id: core.php,v 1.1 2014/09/15 21:14:56 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } // // First off, include common vanilla phpBB functions, from our shared dir // Note: These functions will later be accessible wrapped as phpBBX::orig_functionname() [...1519 lines suppressed...] $phpbb_version_info = '<p style="color:red">' . sprintf($lang['Connect_socket_error'], $errstr) . '</p>'; } else { $phpbb_version_info = '<p>' . $lang['Socket_functions_disabled'] . '</p>'; } } $phpbb_version_info .= '<p>' . $lang['Mailing_list_subscribe_reminder'] . '</p>'; return $phpbb_version_info; } } // // Now load some bbcodes, to be extended for this backend (see below) // include_once($mx_root_path . 'includes/sessions/ascraeus/bbcode.' . $phpEx); // BBCode associated functions ?> --- NEW FILE: constants.php --- <?php /** * * @package Style * @version $Id: constants.php,v 1.1 2014/09/15 21:14:56 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ /** * Modifications: * define -> @define * to supress any notices since in mx_constants.php some are allready @@defined */ // User related @define('ANONYMOUS', 1); @define('USER_ACTIVATION_NONE', 0); @define('USER_ACTIVATION_SELF', 1); @define('USER_ACTIVATION_ADMIN', 2); @define('USER_ACTIVATION_DISABLE', 3); @define('AVATAR_UPLOAD', 1); @define('AVATAR_REMOTE', 2); @define('AVATAR_GALLERY', 3); @define('USER_NORMAL', 0); @define('USER_INACTIVE', 1); @define('USER_IGNORE', 2); @define('USER_FOUNDER', 3); @define('INACTIVE_REGISTER', 1); @define('INACTIVE_PROFILE', 2); @define('INACTIVE_MANUAL', 3); @define('INACTIVE_REMIND', 4); // ACL @define('ACL_NEVER', 0); @define('ACL_YES', 1); @define('ACL_NO', -1); // Login error codes @define('LOGIN_CONTINUE', 1); @define('LOGIN_BREAK', 2); @define('LOGIN_SUCCESS', 3); @define('LOGIN_SUCCESS_CREATE_PROFILE', 20); @define('LOGIN_ERROR_USERNAME', 10); @define('LOGIN_ERROR_PASSWORD', 11); @define('LOGIN_ERROR_ACTIVE', 12); @define('LOGIN_ERROR_ATTEMPTS', 13); @define('LOGIN_ERROR_EXTERNAL_AUTH', 14); @define('LOGIN_ERROR_PASSWORD_CONVERT', 15); // SQL codes phpBB2 @define('BEGIN_TRANSACTION', 1); @define('END_TRANSACTION', 2); // Error codes (from phpbb2) @define('GENERAL_MESSAGE', 200); @define('GENERAL_ERROR', 202); @define('CRITICAL_MESSAGE', 203); @define('CRITICAL_ERROR', 204); // Group settings @define('GROUP_OPEN', 0); @define('GROUP_CLOSED', 1); @define('GROUP_HIDDEN', 2); @define('GROUP_SPECIAL', 3); @define('GROUP_FREE', 4); // Forum/Topic states @define('FORUM_CAT', 0); @define('FORUM_POST', 1); @define('FORUM_LINK', 2); @define('ITEM_UNLOCKED', 0); @define('ITEM_LOCKED', 1); @define('ITEM_MOVED', 2); // Forum Flags @define('FORUM_FLAG_LINK_TRACK', 1); @define('FORUM_FLAG_PRUNE_POLL', 2); @define('FORUM_FLAG_PRUNE_ANNOUNCE', 4); @define('FORUM_FLAG_PRUNE_STICKY', 8); @define('FORUM_FLAG_ACTIVE_TOPICS', 16); @define('FORUM_FLAG_POST_REVIEW', 32); // Optional text flags @define('OPTION_FLAG_BBCODE', 1); @define('OPTION_FLAG_SMILIES', 2); @define('OPTION_FLAG_LINKS', 4); // Topic types @define('POST_NORMAL', 0); @define('POST_STICKY', 1); @define('POST_ANNOUNCE', 2); @define('POST_GLOBAL', 3); // Lastread types @define('TRACK_NORMAL', 0); @define('TRACK_POSTED', 1); // Notify methods @define('NOTIFY_EMAIL', 0); @define('NOTIFY_IM', 1); @define('NOTIFY_BOTH', 2); // Email Priority Settings @define('MAIL_LOW_PRIORITY', 4); @define('MAIL_NORMAL_PRIORITY', 3); @define('MAIL_HIGH_PRIORITY', 2); // Log types @define('LOG_ADMIN', 0); @define('LOG_MOD', 1); @define('LOG_CRITICAL', 2); @define('LOG_USERS', 3); // Private messaging - Do NOT change these values @define('PRIVMSGS_HOLD_BOX', -4); @define('PRIVMSGS_NO_BOX', -3); @define('PRIVMSGS_OUTBOX', -2); @define('PRIVMSGS_SENTBOX', -1); @define('PRIVMSGS_INBOX', 0); // Full Folder Actions @define('FULL_FOLDER_NONE', -3); @define('FULL_FOLDER_DELETE', -2); @define('FULL_FOLDER_HOLD', -1); // Download Modes - Attachments @define('INLINE_LINK', 1); // This mode is only used internally to allow modders extending the attachment functionality @define('PHYSICAL_LINK', 2); // Confirm types @define('CONFIRM_REG', 1); @define('CONFIRM_LOGIN', 2); @define('CONFIRM_POST', 3); // Categories - Attachments @define('ATTACHMENT_CATEGORY_NONE', 0); @define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images @define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming @define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming @define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts @define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files @define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files // BBCode UID length @define('BBCODE_UID_LEN', 5); // Number of core BBCodes @define('NUM_CORE_BBCODES', 12); // Magic url types @define('MAGIC_URL_EMAIL', 1); @define('MAGIC_URL_FULL', 2); @define('MAGIC_URL_LOCAL', 3); @define('MAGIC_URL_WWW', 4); // Profile Field Types @define('FIELD_INT', 1); @define('FIELD_STRING', 2); @define('FIELD_TEXT', 3); @define('FIELD_BOOL', 4); @define('FIELD_DROPDOWN', 5); @define('FIELD_DATE', 6); // referer validation define('REFERER_VALIDATE_NONE', 0); define('REFERER_VALIDATE_HOST', 1); define('REFERER_VALIDATE_PATH', 2); // phpbb_chmod() permissions @define('CHMOD_ALL', 7); @define('CHMOD_READ', 4); @define('CHMOD_WRITE', 2); @define('CHMOD_EXECUTE', 1); // Captcha code length define('CAPTCHA_MIN_CHARS', 4); define('CAPTCHA_MAX_CHARS', 7); // Additional constants define('VOTE_CONVERTED', 127); // Additional constants @define('RANKS_PATH', 'images/ranks/'); // Table names @define('ACL_GROUPS_TABLE', $table_prefix . 'acl_groups'); @define('ACL_OPTIONS_TABLE', $table_prefix . 'acl_options'); @define('ACL_ROLES_DATA_TABLE', $table_prefix . 'acl_roles_data'); @define('ACL_ROLES_TABLE', $table_prefix . 'acl_roles'); @define('ACL_USERS_TABLE', $table_prefix . 'acl_users'); @define('ATTACHMENTS_TABLE', $table_prefix . 'attachments'); @define('BANLIST_TABLE', $table_prefix . 'banlist'); @define('BBCODES_TABLE', $table_prefix . 'bbcodes'); @define('BOOKMARKS_TABLE', $table_prefix . 'bookmarks'); @define('BOTS_TABLE', $table_prefix . 'bots'); @define('CONFIG_TABLE', $table_prefix . 'config'); @define('CONFIRM_TABLE', $table_prefix . 'confirm'); @define('DISALLOW_TABLE', $table_prefix . 'disallow'); @define('DRAFTS_TABLE', $table_prefix . 'drafts'); @define('EXTENSIONS_TABLE', $table_prefix . 'extensions'); @define('EXTENSION_GROUPS_TABLE', $table_prefix . 'extension_groups'); @define('FORUMS_TABLE', $table_prefix . 'forums'); @define('FORUMS_ACCESS_TABLE', $table_prefix . 'forums_access'); @define('FORUMS_TRACK_TABLE', $table_prefix . 'forums_track'); @define('FORUMS_WATCH_TABLE', $table_prefix . 'forums_watch'); @define('GROUPS_TABLE', $table_prefix . 'groups'); @define('ICONS_TABLE', $table_prefix . 'icons'); @define('LANG_TABLE', $table_prefix . 'lang'); @define('LOG_TABLE', $table_prefix . 'log'); @define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache'); @define('MODULES_TABLE', $table_prefix . 'modules'); @define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options'); @define('POLL_VOTES_TABLE', $table_prefix . 'poll_votes'); @define('POSTS_TABLE', $table_prefix . 'posts'); @define('PRIVMSGS_TABLE', $table_prefix . 'privmsgs'); @define('PRIVMSGS_FOLDER_TABLE', $table_prefix . 'privmsgs_folder'); @define('PRIVMSGS_RULES_TABLE', $table_prefix . 'privmsgs_rules'); @define('PRIVMSGS_TO_TABLE', $table_prefix . 'privmsgs_to'); @define('PROFILE_FIELDS_TABLE', $table_prefix . 'profile_fields'); @define('PROFILE_FIELDS_DATA_TABLE', $table_prefix . 'profile_fields_data'); @define('PROFILE_FIELDS_LANG_TABLE', $table_prefix . 'profile_fields_lang'); @define('PROFILE_LANG_TABLE', $table_prefix . 'profile_lang'); @define('RANKS_TABLE', $table_prefix . 'ranks'); @define('REPORTS_TABLE', $table_prefix . 'reports'); @define('REPORTS_REASONS_TABLE', $table_prefix . 'reports_reasons'); @define('SEARCH_RESULTS_TABLE', $table_prefix . 'search_results'); @define('SEARCH_WORDLIST_TABLE', $table_prefix . 'search_wordlist'); @define('SEARCH_WORDMATCH_TABLE', $table_prefix . 'search_wordmatch'); @define('SESSIONS_TABLE', $table_prefix . 'sessions'); @define('SESSIONS_KEYS_TABLE', $table_prefix . 'sessions_keys'); @define('SITELIST_TABLE', $table_prefix . 'sitelist'); @define('SMILIES_TABLE', $table_prefix . 'smilies'); @define('STYLES_TABLE', $table_prefix . 'styles'); @define('STYLES_TEMPLATE_TABLE', $table_prefix . 'styles_template'); @define('STYLES_TEMPLATE_DATA_TABLE',$table_prefix . 'styles_template_data'); @define('STYLES_THEME_TABLE', $table_prefix . 'styles_theme'); @define('STYLES_IMAGESET_TABLE', $table_prefix . 'styles_imageset'); @define('STYLES_IMAGESET_DATA_TABLE',$table_prefix . 'styles_imageset_data'); @define('TOPICS_TABLE', $table_prefix . 'topics'); @define('TOPICS_POSTED_TABLE', $table_prefix . 'topics_posted'); @define('TOPICS_TRACK_TABLE', $table_prefix . 'topics_track'); @define('TOPICS_WATCH_TABLE', $table_prefix . 'topics_watch'); @define('USER_GROUP_TABLE', $table_prefix . 'user_group'); @define('USERS_TABLE', $table_prefix . 'users'); @define('WARNINGS_TABLE', $table_prefix . 'warnings'); @define('WORDS_TABLE', $table_prefix . 'words'); @define('ZEBRA_TABLE', $table_prefix . 'zebra'); // Additional tables // Additional constants @define('INHERIT_LANG_NONE', 0); @define('INHERIT_LANG_EN', 1); @define('INHERIT_LANG_DEFAULT', 2); ?> --- NEW FILE: bbcode.php --- <?php /** * * @package Functions_phpBB * @version $Id: bbcode.php,v 1.1 2014/09/15 21:14:56 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if (!defined('IN_PORTAL')) { exit; } /* * Here comes a mxp version of phpbb2 bbcode.php ported to phpbb3 backend * Last in file are the mxp wrapper functions [...2040 lines suppressed...] 'U_MORE_SMILIES' => mx3_append_sid(PHPBB_URL . "posting.$phpEx", "mode=smilies")) ); } $template->assign_vars(array( 'L_EMOTICONS' => $lang['Emoticons'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_SMILIES_COLSPAN' => $s_colspan) ); } } if ($mode == 'window') { $template->pparse('smiliesbody'); include($mx_root_path . 'includes/page_tail.'.$phpEx); } } } ?> --- NEW FILE: session.php --- <?php /** * * @package Style * @version $Id: session.php,v 1.1 2014/09/15 21:14:57 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team & (C) 2005 The phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } /** * Modifications: * - replaced $config -> $board_config - by Jon [...3761 lines suppressed...] case 'zh': $lang_name = 'chinese'; break; case 'zh_cmn_hans': $lang_name = 'chinese_simplified'; break; case 'zh_cmn_hant': $lang_name = 'chinese_traditional'; break; case 'zu': $lang_name = 'zulu'; break; default: $lang_name = $lang; break; } return $lang_name; } } ?> --- NEW FILE: auth.php --- <?php /** * * @package Auth * @version $Id: auth.php,v 1.1 2014/09/15 21:14:56 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * namespace phpbb\phpbb_auth; */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /** * Permission/Auth class for phpBB3 forums * @package MX-Publisher */ class phpbb_auth_base { var $acl = array(); var $cache = array(); var $acl_options = array(); var $acl_forum_ids = false; /** * Init permissions */ function acl(&$userdata) { global $db, $mx_cache; $this->acl = $this->cache = $this->acl_options = array(); $this->acl_forum_ids = false; if (($this->acl_options = $mx_cache->get('_acl_options')) === false) { $sql = 'SELECT auth_option_id, auth_option, is_global, is_local FROM ' . ACL_OPTIONS_TABLE . ' ORDER BY auth_option_id'; $result = $db->sql_query($sql); $global = $local = 0; $this->acl_options = array(); while ($row = $db->sql_fetchrow($result)) { if ($row['is_global']) { $this->acl_options['global'][$row['auth_option']] = $global++; } if ($row['is_local']) { $this->acl_options['local'][$row['auth_option']] = $local++; } $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id']; $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option']; } $db->sql_freeresult($result); $mx_cache->put('_acl_options', $this->acl_options); $this->acl_cache($userdata); } else if (!trim($userdata['user_permissions'])) { $this->acl_cache($userdata); } $user_permissions = explode("\n", $userdata['user_permissions']); foreach ($user_permissions as $f => $seq) { if ($seq) { $i = 0; if (!isset($this->acl[$f])) { $this->acl[$f] = ''; } while ($subseq = substr($seq, $i, 6)) { // We put the original bitstring into the acl array $this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); $i += 6; } } } return; } /** * Look up an option * if the option is prefixed with !, then the result becomes negated * * If a forum id is specified the local option will be combined with a global option if one exist. * If a forum id is not specified, only the global option will be checked. */ function acl_get($opt, $f = 0) { $negate = false; if (strpos($opt, '!') === 0) { $negate = true; $opt = substr($opt, 1); } if (!isset($this->cache[$f][$opt])) { // We combine the global/local option with an OR because some options are global and local. // If the user has the global permission the local one is true too and vice versa $this->cache[$f][$opt] = false; // Is this option a global permission setting? if (isset($this->acl_options['global'][$opt])) { if (isset($this->acl[0])) { $this->cache[$f][$opt] = $this->acl[0][$this->acl_options['global'][$opt]]; } } // Is this option a local permission setting? // But if we check for a global option only, we won't combine the options... if ($f != 0 && isset($this->acl_options['local'][$opt])) { if (isset($this->acl[$f]) && isset($this->acl[$f][$this->acl_options['local'][$opt]])) { $this->cache[$f][$opt] |= $this->acl[$f][$this->acl_options['local'][$opt]]; } } } // Founder always has all global options set to true... return ($negate) ? !$this->cache[$f][$opt] : $this->cache[$f][$opt]; } /** * Get forums with the specified permission setting * if the option is prefixed with !, then the result becomes nagated * * @param bool $clean set to true if only values needs to be returned which are set/unset */ function acl_getf($opt, $clean = false) { $acl_f = array(); $negate = false; if (strpos($opt, '!') === 0) { $negate = true; $opt = substr($opt, 1); } // If we retrieve a list of forums not having permissions in, we need to get every forum_id if ($negate) { if ($this->acl_forum_ids === false) { global $db; $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE; if (sizeof($this->acl)) { $sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true); } $result = $db->sql_query($sql); $this->acl_forum_ids = array(); while ($row = $db->sql_fetchrow($result)) { $this->acl_forum_ids[] = $row['forum_id']; } $db->sql_freeresult($result); } } if (isset($this->acl_options['local'][$opt])) { foreach ($this->acl as $f => $bitstring) { // Skip global settings if (!$f) { continue; } $allowed = (!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt]; if (!$clean) { $acl_f[$f][$opt] = ($negate) ? !$allowed : $allowed; } else { if (($negate && !$allowed) || (!$negate && $allowed)) { $acl_f[$f][$opt] = 1; } } } } // If we get forum_ids not having this permission, we need to fill the remaining parts if ($negate && sizeof($this->acl_forum_ids)) { foreach ($this->acl_forum_ids as $f) { $acl_f[$f][$opt] = 1; } } return $acl_f; } /** * Get local permission state for any forum. * * Returns true if user has the permission in one or more forums, false if in no forum. * If global option is checked it returns the global state (same as acl_get($opt)) * Local option has precedence... */ function acl_getf_global($opt) { if (is_array($opt)) { // evaluates to true as soon as acl_getf_global is true for one option foreach ($opt as $check_option) { if ($this->acl_getf_global($check_option)) { return true; } } return false; } if (isset($this->acl_options['local'][$opt])) { foreach ($this->acl as $f => $bitstring) { // Skip global settings if (!$f) { continue; } // as soon as the user has any permission we're done so return true if ((!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt]) { return true; } } } else if (isset($this->acl_options['global'][$opt])) { return $this->acl_get($opt); } return false; } /** * Get permission settings (more than one) */ function acl_gets() { $args = func_get_args(); $f = array_pop($args); if (!is_numeric($f)) { $args[] = $f; $f = 0; } // alternate syntax: acl_gets(array('m_', 'a_'), $forum_id) if (is_array($args[0])) { $args = $args[0]; } $acl = 0; foreach ($args as $opt) { $acl |= $this->acl_get($opt, $f); } return $acl; } /** * Get permission listing based on user_id/options/forum_ids */ function acl_get_list($user_id = false, $opts = false, $forum_id = false) { if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false) { $hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id)); } else { $hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id); } $auth_ary = array(); foreach ($hold_ary as $user_id => $forum_ary) { foreach ($forum_ary as $forum_id => $auth_option_ary) { foreach ($auth_option_ary as $auth_option => $auth_setting) { if ($auth_setting) { $auth_ary[$forum_id][$auth_option][] = $user_id; } } } } return $auth_ary; } /** * Cache data to user_permissions row */ function acl_cache(&$userdata) { global $db; // Empty user_permissions $userdata['user_permissions'] = ''; $hold_ary = $this->acl_raw_data_single_user($userdata['user_id']); // Key 0 in $hold_ary are global options, all others are forum_ids // If this user is founder we're going to force fill the admin options ... if ($userdata['user_type'] == USER_FOUNDER) { foreach ($this->acl_options['global'] as $opt => $id) { if (strpos($opt, 'a_') === 0) { $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES; } } } $hold_str = $this->build_bitstring($hold_ary); if ($hold_str) { $userdata['user_permissions'] = $hold_str; $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "', user_perm_from = 0 WHERE user_id = " . $userdata['user_id']; $db->sql_query($sql); } return; } /** * Build bitstring from permission set */ function build_bitstring(&$hold_ary) { $hold_str = ''; if (sizeof($hold_ary)) { ksort($hold_ary); $last_f = 0; foreach ($hold_ary as $f => $auth_ary) { $ary_key = (!$f) ? 'global' : 'local'; $bitstring = array(); foreach ($this->acl_options[$ary_key] as $opt => $id) { if (isset($auth_ary[$this->acl_options['id'][$opt]])) { $bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]]; $option_key = substr($opt, 0, strpos($opt, '_') + 1); // If one option is allowed, the global permission for this option has to be allowed too // example: if the user has the a_ permission this means he has one or more a_* permissions if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER)) { $bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES; } } else { $bitstring[$id] = ACL_NEVER; } } // Now this bitstring defines the permission setting for the current forum $f (or global setting) $bitstring = implode('', $bitstring); // The line number indicates the id, therefore we have to add empty lines for those ids not present $hold_str .= str_repeat("\n", $f - $last_f); // Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31) { $hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT); } $last_f = $f; } unset($bitstring); $hold_str = rtrim($hold_str); } return $hold_str; } /** * Clear one or all users cached permission settings */ function acl_clear_prefetch($user_id = false) { global $db, $mx_cache; // Rebuild options cache $mx_cache->destroy('_role_cache'); $sql = 'SELECT * FROM ' . ACL_ROLES_DATA_TABLE . ' ORDER BY role_id ASC'; $result = $db->sql_query($sql); $this->role_cache = array(); while ($row = $db->sql_fetchrow($result)) { $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; } $db->sql_freeresult($result); foreach ($this->role_cache as $role_id => $role_options) { $this->role_cache[$role_id] = serialize($role_options); } $mx_cache->put('_role_cache', $this->role_cache); // Now empty user permissions $where_sql = ''; if ($user_id !== false) { $user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id); $where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id); } $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = '', user_perm_from = 0 $where_sql"; $db->sql_query($sql); return; } /** * Get assigned roles */ function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false) { global $db; $roles = array(); $sql_id = ($user_type == 'user') ? 'user_id' : 'group_id'; $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; // Grab assigned roles... $sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id FROM ' . (($user_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE) . ' a, ' . ACL_ROLES_TABLE . " r WHERE a.auth_role_id = r.role_id AND r.role_type = '" . $db->sql_escape($role_type) . "' $sql_ug $sql_forum ORDER BY r.role_order ASC"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $roles[$row[$sql_id]][$row['forum_id']] = $row['auth_role_id']; } $db->sql_freeresult($result); return $roles; } /** * Get raw acl data based on user/option/forum */ function acl_raw_data($user_id = false, $opts = false, $forum_id = false) { global $db; $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = $sql_opts_select = $sql_opts_from = ''; $hold_ary = array(); if ($opts !== false) { $sql_opts_select = ', ao.auth_option'; $sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao'; $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } $sql_ary = array(); // Grab non-role settings - user-specific $sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . ' FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . ' WHERE a.auth_role_id = 0 ' . (($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . (($sql_user) ? 'AND a.' . $sql_user : '') . " $sql_forum $sql_opts"; // Now the role settings - user-specific $sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . ' FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . ' WHERE a.auth_role_id = r.role_id ' . (($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . (($sql_user) ? 'AND a.' . $sql_user : '') . " $sql_forum $sql_opts"; foreach ($sql_ary as $sql) { $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; } $db->sql_freeresult($result); } $sql_ary = array(); // Now grab group settings - non-role specific... $sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . ' FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . ' WHERE a.auth_role_id = 0 ' . (($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . ' AND a.group_id = ug.group_id AND ug.user_pending = 0 ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " $sql_forum $sql_opts"; // Now grab group settings - role specific... $sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . ' FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . ' WHERE a.auth_role_id = r.role_id ' . (($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . ' AND a.group_id = ug.group_id AND ug.user_pending = 0 ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " $sql_forum $sql_opts"; foreach ($sql_ary as $sql) { $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER)) { $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) if ($row['auth_setting'] == ACL_NEVER) { $flag = substr($option, 0, strpos($option, '_') + 1); if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES) { unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]); /* if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']])) { $hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES; } */ } } } } $db->sql_freeresult($result); } return $hold_ary; } /** * Get raw user based permission settings */ function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false) { global $db; $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); if ($opts !== false) { $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } // Grab user settings - non-role specific... $sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao WHERE a.auth_role_id = 0 AND a.auth_option_id = ao.auth_option_id ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " $sql_forum $sql_opts ORDER BY a.forum_id, ao.auth_option"; // Now the role settings - user-specific $sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao WHERE a.auth_role_id = r.role_id AND r.auth_option_id = ao.auth_option_id ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " $sql_forum $sql_opts ORDER BY a.forum_id, ao.auth_option"; foreach ($sql_ary as $sql) { $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; } $db->sql_freeresult($result); } return $hold_ary; } /** * Get raw group based permission settings */ function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false) { global $db; $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); if ($opts !== false) { $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } // Grab group settings - non-role specific... $sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao WHERE a.auth_role_id = 0 AND a.auth_option_id = ao.auth_option_id ' . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum $sql_opts ORDER BY a.forum_id, ao.auth_option"; // Now grab group settings - role specific... $sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao WHERE a.auth_role_id = r.role_id AND r.auth_option_id = ao.auth_option_id ' . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum $sql_opts ORDER BY a.forum_id, ao.auth_option"; foreach ($sql_ary as $sql) { $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; } $db->sql_freeresult($result); } return $hold_ary; } /** * Get raw acl data based on user for caching user_permissions * This function returns the same data as acl_raw_data(), but without the user id as the first key within the array. */ function acl_raw_data_single_user($user_id) { global $db, $mx_cache; // Check if the role-cache is there if (($this->role_cache = $mx_cache->get('_role_cache')) === false) { $this->role_cache = array(); // We pre-fetch roles $sql = 'SELECT * FROM ' . ACL_ROLES_DATA_TABLE . ' ORDER BY role_id ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; } $db->sql_freeresult($result); foreach ($this->role_cache as $role_id => $role_options) { $this->role_cache[$role_id] = serialize($role_options); } $mx_cache->put('_role_cache', $this->role_cache); } $hold_ary = array(); // Grab user-specific permission settings $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { // If a role is assigned, assign all options included within this role. Else, only set this one option. if ($row['auth_role_id']) { $hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]); } else { $hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting']; } } $db->sql_freeresult($result); // Now grab group-specific permission settings $sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug WHERE a.group_id = ug.group_id AND ug.user_pending = 0 AND ug.user_id = ' . $user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!$row['auth_role_id']) { $this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']); } else { foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting) { $this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting); } } } $db->sql_freeresult($result); return $hold_ary; } /** * Private function snippet for setting a specific piece of the hold_ary */ function _set_group_hold_ary(&$hold_ary, $option_id, $setting) { if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER)) { $hold_ary[$option_id] = $setting; // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) if ($setting == ACL_NEVER) { $flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1); $flag = (int) $this->acl_options['id'][$flag]; if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES) { unset($hold_ary[$flag]); /* This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible if (in_array(ACL_YES, $hold_ary)) { $hold_ary[$flag] = ACL_YES; }*/ } } } } /** * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { global $board_config, $db, $mx_user, $phpbb_root_path, $phpEx; $method = trim(basename($board_config['auth_method'])); include_once($mx_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); //$provider = $phpbb_container->get('auth.provider.' . $method); $method = 'login_' . $method; if (function_exists($method)) { $login = $method($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) { // we are going to use the user_add function so include functions_user.php if it wasn't defined yet if (!function_exists('user_add')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false); $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'AUTH_NO_PROFILE_CREATED', 'user_row' => array('user_id' => ANONYMOUS), ); } $login = array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row, ); } // If login succeeded, we will log the user in... else we pass the login array through... if ($login['status'] == LOGIN_SUCCESS) { $old_session_id = $mx_user->session_id; if ($admin) { global $SID, $_SID; $cookie_expire = time() - 31536000; $mx_user->set_cookie('u', '', $cookie_expire); $mx_user->set_cookie('sid', '', $cookie_expire); unset($cookie_expire); $SID = '?sid='; $mx_user->session_id = $_SID = ''; } $result = $mx_user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline); // Successful session creation if ($result === true) { // If admin re-authentication we remove the old session entry because a new one has been created... if ($admin) { // the login array is used because the user ids do not differ for re-authentication $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($old_session_id) . "' AND session_user_id = {$login['user_row']['user_id']}"; $db->sql_query($sql); } return array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $login['user_row'], ); } return array( 'status' => LOGIN_BREAK, 'error_msg' => $result, 'user_row' => $login['user_row'], ); } return $login; } trigger_error('Authentication method not found', E_USER_ERROR); } /** * Fill auth_option statement for later querying based on the supplied options */ function build_auth_option_statement($key, $auth_options, &$sql_opts) { global $db; if (!is_array($auth_options)) { if (strpos($auth_options, '%') !== false) { $sql_opts = "AND $key " . $db->sql_like_expression(str_replace('%', $db->any_char, $auth_options)); } else { $sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'"; } } else { $is_like_expression = false; foreach ($auth_options as $option) { if (strpos($option, '%') !== false) { $is_like_expression = true; } } if (!$is_like_expression) { $sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options); } else { $sql = array(); foreach ($auth_options as $option) { if (strpos($option, '%') !== false) { $sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->any_char, $option)); } else { $sql[] = $key . " = '" . $db->sql_escape($option) . "'"; } } $sql_opts = 'AND (' . implode(' OR ', $sql) . ')'; } } } } ?> --- NEW FILE: index.htm --- <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> </body> </html> |
|
From: Florin C B. <ory...@us...> - 2014-07-10 01:04:54
|
Update of /cvsroot/mxbb/core/includes In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv12279 Modified Files: mx_functions_style.php Log Message: Index: mx_functions_style.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_style.php,v retrieving revision 1.143 retrieving revision 1.144 diff -C2 -d -r1.143 -r1.144 *** mx_functions_style.php 7 Jul 2014 20:36:52 -0000 1.143 --- mx_functions_style.php 10 Jul 2014 01:04:52 -0000 1.144 *************** *** 870,874 **** * Init Portal style */ ! if (defined('IN_ADMIN')) { $init_style = $portal_config['default_admin_style']; --- 870,874 ---- * Init Portal style */ ! if ( defined('IN_ADMIN') ) { $init_style = $portal_config['default_admin_style']; *************** *** 896,900 **** if ( $theme = $this->_setup_style($style) ) { ! setcookie('style', $style, (time() + 21600), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } --- 896,900 ---- if ( $theme = $this->_setup_style($style) ) { ! setcookie('style', $style, (time()+21600), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } *************** *** 908,914 **** { $style = isset($_GET['demo_theme']) ? intval($_GET['demo_theme']) : intval($_COOKIE['demo_theme']); ! if ($theme = $this->_setup_style($style)) { ! setcookie('demo_theme', $style, (time() + 21600), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } --- 908,914 ---- { $style = isset($_GET['demo_theme']) ? intval($_GET['demo_theme']) : intval($_COOKIE['demo_theme']); ! if ( $theme = $this->_setup_style($style) ) { ! setcookie('demo_theme', $style, (time()+21600), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } *************** *** 917,921 **** { $init_style = !$mx_request_vars->is_empty_request('demostyle') ? phpBB3::request_var('demostyle', '') : phpBB3::request_var('style', ''); - if (intval($init_style) == 0) { --- 917,920 ---- *************** *** 1009,1018 **** $init_override = 1; } ! // Setup MXP Style $user_style = false; if (!$init_override) { ! if ($this->data['user_id'] != ANONYMOUS && $this->data['user_style'] > 0) { $user_style = $mx_request_vars->post('user_style', MX_TYPE_INT, $this->data['user_style']); --- 1008,1018 ---- $init_override = 1; } ! // // Setup MXP Style + // $user_style = false; if (!$init_override) { ! if ( $this->data['user_id'] != ANONYMOUS && $this->data['user_style'] > 0 ) { $user_style = $mx_request_vars->post('user_style', MX_TYPE_INT, $this->data['user_style']); *************** *** 1020,1024 **** } $init_style = $mx_request_vars->post('default_style', MX_TYPE_INT, $init_style); ! $theme = $this->_setup_style($init_style, $user_style); } --- 1020,1024 ---- } $init_style = $mx_request_vars->post('default_style', MX_TYPE_INT, $init_style); ! $theme = $this->_setup_style($init_style, $user_style); } *************** *** 1080,1084 **** break; } - if ( !($result = $db->sql_query_limit($sql, 1)) ) { --- 1080,1083 ---- *************** *** 1089,1096 **** { mx_message_die(CRITICAL_ERROR, "Could not get MX-Publisher style data for themes_id [$init_style]"); ! } $db->sql_freeresult($result); } ! /* * Init class settings --- 1088,1096 ---- { mx_message_die(CRITICAL_ERROR, "Could not get MX-Publisher style data for themes_id [$init_style]"); ! } ! $db->sql_freeresult($result); } ! /* * Init class settings *************** *** 1133,1137 **** */ $template_config_row = $this->_load_template_config(); ! $row['template_copy'] = $template_config_row['template_copy']; $row['cloned_template_name'] = $template_config_row['cloned_template']; --- 1133,1137 ---- */ $template_config_row = $this->_load_template_config(); ! $row['template_copy'] = $template_config_row['template_copy']; $row['cloned_template_name'] = $template_config_row['cloned_template']; *************** *** 1145,1149 **** $this->cloned_current_template_path = !empty($this->cloned_template_name) ? $this->template_path . $this->cloned_template_name : ''; $this->cloned_style_phpbb_path = !empty($this->cloned_template_name) ? $this->style_path . $this->cloned_template_name : ''; //new ! switch (PORTAL_BACKEND) { --- 1145,1150 ---- $this->cloned_current_template_path = !empty($this->cloned_template_name) ? $this->template_path . $this->cloned_template_name : ''; $this->cloned_style_phpbb_path = !empty($this->cloned_template_name) ? $this->style_path . $this->cloned_template_name : ''; //new ! ! switch (PORTAL_BACKEND) { *************** *** 1173,1177 **** } } - /* * Load images for example for --- 1174,1177 ---- *************** *** 1183,1188 **** $this->_load_phpbb_images(); $this->_load_mxbb_images(); ! break; ! case 'internal': case 'smf2': --- 1183,1187 ---- $this->_load_phpbb_images(); $this->_load_mxbb_images(); ! break; case 'internal': case 'smf2': *************** *** 1193,1199 **** case 'rhea': $this->_load_mxbb_images(); ! break; ! } ! // Load backend specific style defs. $this->setup_style(); --- 1192,1197 ---- case 'rhea': $this->_load_mxbb_images(); ! break; ! } // Load backend specific style defs. $this->setup_style(); *************** *** 1450,1455 **** @define('TEMPLATE_CONFIG', true); } ! /** ! * Since we have no current Template Config file, try the cloned template instead /**/ else if (@file_exists($phpbb_root_path . $this->style_path . $this->cloned_template_name . "/imageset" )) --- 1448,1453 ---- @define('TEMPLATE_CONFIG', true); } ! // ! // Since we have no current Template Config file, try the cloned template instead /**/ else if (@file_exists($phpbb_root_path . $this->style_path . $this->cloned_template_name . "/imageset" )) *************** *** 1466,1476 **** @define('TEMPLATE_CONFIG', file_exists($phpbb_root_path . $current_template_phpbb_images . '/imageset.cfg') ? $phpbb_root_path . $current_template_phpbb_images . '/imageset.cfg' : false); } - /** - * Last attempt, use default template intead /**/ ! else if (@file_exists($phpbb_root_path . $this->style_path . $this->default_style_name . "/imageset")) { ! $cfg_data_imageset_data = phpBB3::parse_cfg_file("{$phpbb_root_path}styles/{$this->default_style_name}/imageset/{$this->img_lang}/imageset.cfg"); ! $template_name = $this->default_template_name; $default_style_name = $this->default_style_name; --- 1464,1474 ---- @define('TEMPLATE_CONFIG', file_exists($phpbb_root_path . $current_template_phpbb_images . '/imageset.cfg') ? $phpbb_root_path . $current_template_phpbb_images . '/imageset.cfg' : false); } /**/ ! // Last attempt, use default template intead ! /**/ ! else if (@file_exists($phpbb_root_path . $this->style_path . $this->default_style_name . "/imageset" )) { ! $cfg_data_imageset_data = phpBB3::parse_cfg_file("{$phpbb_root_path}styles/{$this->default_template_name}/imageset/{$this->img_lang}/imageset.cfg"); ! $template_name = $this->default_template_name; $default_style_name = $this->default_style_name; *************** *** 1483,1487 **** } - /**/ foreach ($cfg_data_imageset_data as $image_name => $value) { --- 1481,1484 ---- *************** *** 1507,1520 **** { $image_name = substr($image_name, 4); ! ! //$image_ary[] = array( ! // 'image_name' => (string) $image_name, ! // 'image_filename' => (string) $image_filename, ! // 'image_height' => (int) $image_height, ! // 'image_width' => (int) $image_width, ! // 'imageset_id' => (int) $this->theme['imageset_id'], ! // 'image_lang' => (string) $this->img_lang, ! //); ! //Here we overwrite phpBB3 images names from the template configuration file with images file names from database //$phpbb_images[$image_name] = $image_filename; --- 1504,1517 ---- { $image_name = substr($image_name, 4); ! /* ! $image_ary[] = array( ! 'image_name' => (string) $image_name, ! 'image_filename' => (string) $image_filename, ! 'image_height' => (int) $image_height, ! 'image_width' => (int) $image_width, ! 'imageset_id' => (int) $this->theme['imageset_id'], ! 'image_lang' => (string) $this->img_lang, ! ); ! */ //Here we overwrite phpBB3 images names from the template configuration file with images file names from database //$phpbb_images[$image_name] = $image_filename; *************** *** 1522,1528 **** //$images = is_array($images) ? array_merge($phpbb_images, $images) : $phpbb_images; } ! } ! /**/ //Here we overwrite phpBB images from the template configuration file with images from database $images['icon_quote'] = $this->images('img_icon_post_quote'); --- 1519,1525 ---- //$images = is_array($images) ? array_merge($phpbb_images, $images) : $phpbb_images; } ! } + /**/ //Here we overwrite phpBB images from the template configuration file with images from database $images['icon_quote'] = $this->images('img_icon_post_quote'); *************** *** 1741,1745 **** foreach( $value as $key2 => $val2 ) { ! $images[$key][$key2] = str_replace(PHPBB_URL . PHPBB_URL, PHPBB_URL, PHPBB_URL . $val2); } } --- 1738,1742 ---- foreach( $value as $key2 => $val2 ) { ! $images[$key][$key2] = str_replace(PORTAL_URL . PHPBB_URL, PHPBB_URL, $val2); } } *************** *** 1747,1751 **** { $images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value); ! $images[$key] = str_replace(PHPBB_URL . PHPBB_URL, PHPBB_URL, PHPBB_URL . $images[$key]); } } --- 1744,1748 ---- { $images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value); ! $images[$key] = str_replace(PORTAL_URL . PHPBB_URL, PHPBB_URL, $images[$key]); } } *************** *** 1858,1865 **** } ! // ! // Load MX-Publisher Template configuration data ! // - First try current template ! // $current_template_path = $current_template_path_d = $module_root_path . $this->current_template_path; $cloned_template_path = $cloned_template_path_d = $module_root_path . $this->cloned_current_template_path; --- 1855,1862 ---- } ! /* ! * Load MX-Publisher Template configuration data ! * - First try current template ! */ $current_template_path = $current_template_path_d = $module_root_path . $this->current_template_path; $cloned_template_path = $cloned_template_path_d = $module_root_path . $this->cloned_current_template_path; *************** *** 1952,1956 **** --- 1949,1955 ---- } + // // What template is the module using? + // $module_key = !empty($module_root_path) ? $module_root_path : '_core'; $this->template_names[$module_key] = $template_name; *************** *** 2177,2182 **** $this->_load_module_style(); } ! // Reset custom module default style, once used. if (!empty($this->default_module_style)) { --- 2176,2183 ---- $this->_load_module_style(); } ! ! // // Reset custom module default style, once used. + // if (!empty($this->default_module_style)) { |
|
From: Florin C B. <ory...@us...> - 2014-07-07 23:32:21
|
Update of /cvsroot/mxbb/core/modules/mx_phpbb3blocks/templates/_core In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv8423 Modified Files: mx_forum.html Log Message: Index: mx_forum.html =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_phpbb3blocks/templates/_core/mx_forum.html,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** mx_forum.html 12 Sep 2012 22:10:37 -0000 1.3 --- mx_forum.html 7 Jul 2014 23:32:18 -0000 1.4 *************** *** 24,28 **** <th> {L_LAST_POST} </th> </tr> - <!-- BEGIN forumrow --> <!-- IF forumrow.S_IS_CAT --> <tr> --- 24,27 ---- |
|
From: Florin C B. <ory...@us...> - 2014-07-07 22:06:53
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv2516 Modified Files: session.php Log Message: Some fixes for phpbb3 Backend Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/session.php,v retrieving revision 1.62 retrieving revision 1.63 diff -C2 -d -r1.62 -r1.63 *** session.php 7 Jul 2014 21:31:17 -0000 1.62 --- session.php 7 Jul 2014 22:06:50 -0000 1.63 *************** *** 309,313 **** { // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly ! if (!empty($ip) && !preg_match(phpBB3::get_preg_expression('ipv4'), $ip) && !preg_match(phpBB3::get_preg_expression('ipv6'), $ip)) { // Just break --- 309,313 ---- { // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly ! if (!empty($ip) && !preg_match(phpBB3::get_preg_expression('ipv4'), $ip) && !@preg_match(phpBB3::get_preg_expression('ipv6'), $ip)) { // Just break |
|
From: Florin C B. <ory...@us...> - 2014-07-07 21:31:21
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv32394 Modified Files: login.php session.php Log Message: Some fixes for phpbb3 Backend Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/login.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** login.php 28 Jun 2013 15:33:47 -0000 1.12 --- login.php 7 Jul 2014 21:31:16 -0000 1.13 *************** *** 132,142 **** $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; ! ! // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 ! if( $session_id ) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; --- 132,141 ---- $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; ! // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 ! if(!empty($session_id)) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; *************** *** 194,206 **** // Successful login... set user_login_attempts to zero... ! if( $session_id ) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ! else { ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } } --- 193,211 ---- // Successful login... set user_login_attempts to zero... ! if(!empty($session_id)) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ! else if(!empty($mx_user->session_id)) { ! $session_id = $mx_user->session_id; ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; ! mx_redirect(mx3_append_sid($url, false)); } + else + { + mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); + } } } Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/session.php,v retrieving revision 1.61 retrieving revision 1.62 diff -C2 -d -r1.61 -r1.62 *** session.php 16 May 2014 18:02:23 -0000 1.61 --- session.php 7 Jul 2014 21:31:17 -0000 1.62 *************** *** 293,299 **** $SID = 'sid=' . $this->session_id; } ! $_EXTRA_URL = array(); - // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. --- 293,298 ---- $SID = 'sid=' . $this->session_id; } ! $session_id = $this->session_id; $_EXTRA_URL = array(); // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. *************** *** 358,362 **** $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); ! // Did the session exist in the DB? if (isset($this->data['user_id'])) --- 357,361 ---- $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); ! // Did the session exist in the DB? if (isset($this->data['user_id'])) |
Update of /cvsroot/mxbb/core/includes/sessions/olympus In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv28031 Added Files: auth.php bbcode.php constants.php core.php functions.php index.htm login.php session.php Log Message: --- NEW FILE: login.php --- <?php /** * * @package MX-Publisher Core * @version $Id: login.php,v 1.1 2014/07/07 20:38:12 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } if($mx_request_vars->is_request('login') && ($userdata['user_id'] == ANONYMOUS || $mx_request_vars->is_post('admin')) ) { $username = utf8_clean_string($mx_request_vars->post('username', MX_TYPE_NO_TAGS, '')); $password = $mx_request_vars->post('password', MX_TYPE_NO_TAGS); $viewonline = $mx_request_vars->post('viewonline', MX_TYPE_INT, 0); $sql = "SELECT * FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "' OR username_clean = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql) ) ) { mx_message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { //$user_type = $row['user_level']; // phpBB2 $user_type = $row['user_type']; // phpBB3 if( $user_type != ADMIN && $board_config['board_disable'] ) { mx_redirect(mx3_append_sid("index.$phpEx", false)); } else { $user_login_attempts = $row['user_login_attempts']; if ( $user_login_attempts && $board_config['login_reset_time'] ) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); $row['user_last_login_try'] = $row['user_login_tries'] = 0; } // Check to see if user is allowed to login again... if his tries are exceeded if ($user_login_attempt && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $user_login_attempts >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) { mx_message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? $_REQUEST['password'] : $password; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { global $mx_root_path, $phpEx; include_once($mx_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']) { $hash = phpBB3::phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); mx_message_die(GENERAL_MESSAGE, 'We are sorry but password convertion failed, please login direct in forums or rewuest a new activation link.'); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row, ); } } } else { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? $_REQUEST['password'] : $password; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); if ($password_new_format == $password_old_format) { if (!function_exists('utf8_to_cp1252')) { global $mx_root_path, $phpEx; include_once($mx_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding if (md5($password_old_format) == $row['user_password'] || md5($password) == $row['user_password'] || phpBB3::phpbb_check_hash($password, $row['user_password'])) { $autologin = $mx_request_vars->is_post('autologin'); $admin = $mx_request_vars->is_post('admin'); $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; // Reset login tries //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 if( $session_id ) { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } else { mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = ' UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace('?', '&', $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . mx3_append_sid("index.$phpEx") . '">', '</a>'); mx_message_die(GENERAL_MESSAGE, $message); } } // Check password ... if (!$row['user_pass_convert'] && phpBB3::phpbb_check_hash($password, $row['user_password'])) { if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { mx_message_die(GENERAL_MESSAGE, 'Inactive User'); } // Successful login... set user_login_attempts to zero... if( $session_id ) { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } else { mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } } } } else { $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace("?", "&", $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . mx3_append_sid("index.$phpEx") . '">', '</a>'); mx_message_die(GENERAL_MESSAGE, $message); } } else if ($mx_request_vars->is_request('logout') && $userdata['session_logged_in'] ) { // session id check if ($sid == '' || $sid != $userdata['session_id']) { mx_message_die(GENERAL_ERROR, 'Invalid_session' . $userdata['session_id']); } if( $userdata['session_logged_in'] ) { $mx_user->session_kill(); } if (!$mx_request_vars->is_empty_request('redirect')) { $url = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); $url = str_replace('&', '&', $url); mx_redirect(mx3_append_sid($url, false)); } else { mx_redirect(mx3_append_sid("index.$phpEx", false)); } } else { $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } ?> --- NEW FILE: functions.php --- <?php /** * * @package Auth * @version $Id: functions.php,v 1.1 2014/07/07 20:38:12 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /** * Olympus Parse cfg file */ function mx_parse_cfg_file($filename, $lines = false) { $parsed_items = array(); if ($lines === false) { $lines = file($filename); } foreach ($lines as $line) { $line = trim($line); if (!$line || $line[0] == '#' || ($delim_pos = strpos($line, '=')) === false) { continue; } // Determine first occurrence, since in values the equal sign is allowed $key = strtolower(trim(substr($line, 0, $delim_pos))); $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) { $value = false; } else if (in_array($value, array('on', 'true', '1'))) { $value = true; } else if (!trim($value)) { $value = ''; } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { $value = substr($value, 1, sizeof($value)-2); } $parsed_items[$key] = $value; } return $parsed_items; } /** * Add log event */ function mx_add_log() { global $db, $mx_user; $args = func_get_args(); $mode = array_shift($args); $reportee_id = ($mode == 'user') ? intval(array_shift($args)) : ''; $forum_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $topic_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $action = array_shift($args); $data = (!sizeof($args)) ? '' : serialize($args); $sql_ary = array( 'user_id' => (empty($mx_user->data)) ? ANONYMOUS : $mx_user->data['user_id'], 'log_ip' => $mx_user->ip, 'log_time' => time(), 'log_operation' => $action, 'log_data' => $data, ); switch ($mode) { case 'admin': $sql_ary['log_type'] = LOG_ADMIN; break; case 'mod': $sql_ary += array( 'log_type' => LOG_MOD, 'forum_id' => $forum_id, 'topic_id' => $topic_id ); break; case 'user': $sql_ary += array( 'log_type' => LOG_USERS, 'reportee_id' => $reportee_id ); break; case 'critical': $sql_ary['log_type'] = LOG_CRITICAL; break; default: return false; } $db->sql_query('INSERT INTO ' . LOG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); return $db->sql_nextid(); } /** * Generate sort selection fields */ function mx_gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param) { global $mx_user; $sort_dir_text = array('a' => $mx_user->lang['ASCENDING'], 'd' => $mx_user->lang['DESCENDING']); // Check if the key is selectable. If not, we reset to the first key found. // This ensures the values are always valid. if (!isset($limit_days[$sort_days])) { @reset($limit_days); $sort_days = key($limit_days); } if (!isset($sort_by_text[$sort_key])) { @reset($sort_by_text); $sort_key = key($sort_by_text); } if (!isset($sort_dir_text[$sort_dir])) { @reset($sort_dir_text); $sort_dir = key($sort_dir_text); } $s_limit_days = '<select name="st">'; foreach ($limit_days as $day => $text) { $selected = ($sort_days == $day) ? ' selected="selected"' : ''; $s_limit_days .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>'; } $s_limit_days .= '</select>'; $s_sort_key = '<select name="sk">'; foreach ($sort_by_text as $key => $text) { $selected = ($sort_key == $key) ? ' selected="selected"' : ''; $s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>'; } $s_sort_key .= '</select>'; $s_sort_dir = '<select name="sd">'; foreach ($sort_dir_text as $key => $value) { $selected = ($sort_dir == $key) ? ' selected="selected"' : ''; $s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>'; } $s_sort_dir .= '</select>'; $u_sort_param = "st=$sort_days&sk=$sort_key&sd=$sort_dir"; return; } /** * Get username details for placing into templates. * * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour) or full (for obtaining a html string representing a coloured link to the users profile). * @param int $user_id The users id * @param string $username The users name * @param string $username_colour The users colour * @param string $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then. * @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id} * * @return string A string consisting of what is wanted based on $mode. */ function mx_get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false) { global $phpbb_root_path, $phpEx, $mx_user, $phpbb_auth; $profile_url = ''; $username_colour = ($username_colour) ? '#' . $username_colour : ''; if ($guest_username === false) { $username = ($username) ? $username : $mx_user->lang['GUEST']; } else { $username = ($user_id && $user_id != ANONYMOUS) ? $username : ((!empty($guest_username)) ? $guest_username : $mx_user->lang['GUEST']); } // Only show the link if not anonymous if ($user_id && $user_id != ANONYMOUS) { // Do not show the link if the user is already logged in but do not have u_viewprofile permissions (relevant for bots mostly). // For all others the link leads to a login page or the profile. if ($mx_user->data['user_id'] != ANONYMOUS && !$phpbb_auth->acl_get('u_viewprofile')) { $profile_url = ''; } else { $profile_url = ($custom_profile_url !== false) ? $custom_profile_url : mx3_append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile'); $profile_url .= '&u=' . (int) $user_id; } } else { $profile_url = ''; } switch ($mode) { case 'profile': return $profile_url; break; case 'username': return $username; break; case 'colour': return $username_colour; break; case 'full': default: $tpl = ''; if (!$profile_url && !$username_colour) { $tpl = '{USERNAME}'; } else if (!$profile_url && $username_colour) { $tpl = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>'; } else if ($profile_url && !$username_colour) { $tpl = '<a href="{PROFILE_URL}">{USERNAME}</a>'; } else if ($profile_url && $username_colour) { $tpl = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>'; } return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), $tpl); break; } } ?> --- NEW FILE: core.php --- <?php /** * * @package Auth * @version $Id: core.php,v 1.1 2014/07/07 20:38:12 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } // // First off, include common vanilla phpBB functions, from our shared dir // Note: These functions will later be accessible wrapped as phpBBX::orig_functionname() [...1519 lines suppressed...] $phpbb_version_info = '<p style="color:red">' . sprintf($lang['Connect_socket_error'], $errstr) . '</p>'; } else { $phpbb_version_info = '<p>' . $lang['Socket_functions_disabled'] . '</p>'; } } $phpbb_version_info .= '<p>' . $lang['Mailing_list_subscribe_reminder'] . '</p>'; return $phpbb_version_info; } } // // Now load some bbcodes, to be extended for this backend (see below) // include_once($mx_root_path . 'includes/sessions/olympus/bbcode.' . $phpEx); // BBCode associated functions ?> --- NEW FILE: constants.php --- <?php /** * * @package Style * @version $Id: constants.php,v 1.1 2014/07/07 20:38:12 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ /** * Modifications: * define -> @define * to supress any notices since in mx_constants.php some are allready @@defined */ // User related @define('ANONYMOUS', 1); @define('USER_ACTIVATION_NONE', 0); @define('USER_ACTIVATION_SELF', 1); @define('USER_ACTIVATION_ADMIN', 2); @define('USER_ACTIVATION_DISABLE', 3); @define('AVATAR_UPLOAD', 1); @define('AVATAR_REMOTE', 2); @define('AVATAR_GALLERY', 3); @define('USER_NORMAL', 0); @define('USER_INACTIVE', 1); @define('USER_IGNORE', 2); @define('USER_FOUNDER', 3); @define('INACTIVE_REGISTER', 1); @define('INACTIVE_PROFILE', 2); @define('INACTIVE_MANUAL', 3); @define('INACTIVE_REMIND', 4); // ACL @define('ACL_NEVER', 0); @define('ACL_YES', 1); @define('ACL_NO', -1); // Login error codes @define('LOGIN_CONTINUE', 1); @define('LOGIN_BREAK', 2); @define('LOGIN_SUCCESS', 3); @define('LOGIN_SUCCESS_CREATE_PROFILE', 20); @define('LOGIN_ERROR_USERNAME', 10); @define('LOGIN_ERROR_PASSWORD', 11); @define('LOGIN_ERROR_ACTIVE', 12); @define('LOGIN_ERROR_ATTEMPTS', 13); @define('LOGIN_ERROR_EXTERNAL_AUTH', 14); @define('LOGIN_ERROR_PASSWORD_CONVERT', 15); // SQL codes phpBB2 @define('BEGIN_TRANSACTION', 1); @define('END_TRANSACTION', 2); // Error codes (from phpbb2) @define('GENERAL_MESSAGE', 200); @define('GENERAL_ERROR', 202); @define('CRITICAL_MESSAGE', 203); @define('CRITICAL_ERROR', 204); // Group settings @define('GROUP_OPEN', 0); @define('GROUP_CLOSED', 1); @define('GROUP_HIDDEN', 2); @define('GROUP_SPECIAL', 3); @define('GROUP_FREE', 4); // Forum/Topic states @define('FORUM_CAT', 0); @define('FORUM_POST', 1); @define('FORUM_LINK', 2); @define('ITEM_UNLOCKED', 0); @define('ITEM_LOCKED', 1); @define('ITEM_MOVED', 2); // Forum Flags @define('FORUM_FLAG_LINK_TRACK', 1); @define('FORUM_FLAG_PRUNE_POLL', 2); @define('FORUM_FLAG_PRUNE_ANNOUNCE', 4); @define('FORUM_FLAG_PRUNE_STICKY', 8); @define('FORUM_FLAG_ACTIVE_TOPICS', 16); @define('FORUM_FLAG_POST_REVIEW', 32); // Optional text flags @define('OPTION_FLAG_BBCODE', 1); @define('OPTION_FLAG_SMILIES', 2); @define('OPTION_FLAG_LINKS', 4); // Topic types @define('POST_NORMAL', 0); @define('POST_STICKY', 1); @define('POST_ANNOUNCE', 2); @define('POST_GLOBAL', 3); // Lastread types @define('TRACK_NORMAL', 0); @define('TRACK_POSTED', 1); // Notify methods @define('NOTIFY_EMAIL', 0); @define('NOTIFY_IM', 1); @define('NOTIFY_BOTH', 2); // Email Priority Settings @define('MAIL_LOW_PRIORITY', 4); @define('MAIL_NORMAL_PRIORITY', 3); @define('MAIL_HIGH_PRIORITY', 2); // Log types @define('LOG_ADMIN', 0); @define('LOG_MOD', 1); @define('LOG_CRITICAL', 2); @define('LOG_USERS', 3); // Private messaging - Do NOT change these values @define('PRIVMSGS_HOLD_BOX', -4); @define('PRIVMSGS_NO_BOX', -3); @define('PRIVMSGS_OUTBOX', -2); @define('PRIVMSGS_SENTBOX', -1); @define('PRIVMSGS_INBOX', 0); // Full Folder Actions @define('FULL_FOLDER_NONE', -3); @define('FULL_FOLDER_DELETE', -2); @define('FULL_FOLDER_HOLD', -1); // Download Modes - Attachments @define('INLINE_LINK', 1); // This mode is only used internally to allow modders extending the attachment functionality @define('PHYSICAL_LINK', 2); // Confirm types @define('CONFIRM_REG', 1); @define('CONFIRM_LOGIN', 2); @define('CONFIRM_POST', 3); // Categories - Attachments @define('ATTACHMENT_CATEGORY_NONE', 0); @define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images @define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming @define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming @define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts @define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files @define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files // BBCode UID length @define('BBCODE_UID_LEN', 5); // Number of core BBCodes @define('NUM_CORE_BBCODES', 12); // Magic url types @define('MAGIC_URL_EMAIL', 1); @define('MAGIC_URL_FULL', 2); @define('MAGIC_URL_LOCAL', 3); @define('MAGIC_URL_WWW', 4); // Profile Field Types @define('FIELD_INT', 1); @define('FIELD_STRING', 2); @define('FIELD_TEXT', 3); @define('FIELD_BOOL', 4); @define('FIELD_DROPDOWN', 5); @define('FIELD_DATE', 6); // referer validation define('REFERER_VALIDATE_NONE', 0); define('REFERER_VALIDATE_HOST', 1); define('REFERER_VALIDATE_PATH', 2); // phpbb_chmod() permissions @define('CHMOD_ALL', 7); @define('CHMOD_READ', 4); @define('CHMOD_WRITE', 2); @define('CHMOD_EXECUTE', 1); // Captcha code length define('CAPTCHA_MIN_CHARS', 4); define('CAPTCHA_MAX_CHARS', 7); // Additional constants define('VOTE_CONVERTED', 127); // Additional constants @define('RANKS_PATH', 'images/ranks/'); // Table names @define('ACL_GROUPS_TABLE', $table_prefix . 'acl_groups'); @define('ACL_OPTIONS_TABLE', $table_prefix . 'acl_options'); @define('ACL_ROLES_DATA_TABLE', $table_prefix . 'acl_roles_data'); @define('ACL_ROLES_TABLE', $table_prefix . 'acl_roles'); @define('ACL_USERS_TABLE', $table_prefix . 'acl_users'); @define('ATTACHMENTS_TABLE', $table_prefix . 'attachments'); @define('BANLIST_TABLE', $table_prefix . 'banlist'); @define('BBCODES_TABLE', $table_prefix . 'bbcodes'); @define('BOOKMARKS_TABLE', $table_prefix . 'bookmarks'); @define('BOTS_TABLE', $table_prefix . 'bots'); @define('CONFIG_TABLE', $table_prefix . 'config'); @define('CONFIRM_TABLE', $table_prefix . 'confirm'); @define('DISALLOW_TABLE', $table_prefix . 'disallow'); @define('DRAFTS_TABLE', $table_prefix . 'drafts'); @define('EXTENSIONS_TABLE', $table_prefix . 'extensions'); @define('EXTENSION_GROUPS_TABLE', $table_prefix . 'extension_groups'); @define('FORUMS_TABLE', $table_prefix . 'forums'); @define('FORUMS_ACCESS_TABLE', $table_prefix . 'forums_access'); @define('FORUMS_TRACK_TABLE', $table_prefix . 'forums_track'); @define('FORUMS_WATCH_TABLE', $table_prefix . 'forums_watch'); @define('GROUPS_TABLE', $table_prefix . 'groups'); @define('ICONS_TABLE', $table_prefix . 'icons'); @define('LANG_TABLE', $table_prefix . 'lang'); @define('LOG_TABLE', $table_prefix . 'log'); @define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache'); @define('MODULES_TABLE', $table_prefix . 'modules'); @define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options'); @define('POLL_VOTES_TABLE', $table_prefix . 'poll_votes'); @define('POSTS_TABLE', $table_prefix . 'posts'); @define('PRIVMSGS_TABLE', $table_prefix . 'privmsgs'); @define('PRIVMSGS_FOLDER_TABLE', $table_prefix . 'privmsgs_folder'); @define('PRIVMSGS_RULES_TABLE', $table_prefix . 'privmsgs_rules'); @define('PRIVMSGS_TO_TABLE', $table_prefix . 'privmsgs_to'); @define('PROFILE_FIELDS_TABLE', $table_prefix . 'profile_fields'); @define('PROFILE_FIELDS_DATA_TABLE', $table_prefix . 'profile_fields_data'); @define('PROFILE_FIELDS_LANG_TABLE', $table_prefix . 'profile_fields_lang'); @define('PROFILE_LANG_TABLE', $table_prefix . 'profile_lang'); @define('RANKS_TABLE', $table_prefix . 'ranks'); @define('REPORTS_TABLE', $table_prefix . 'reports'); @define('REPORTS_REASONS_TABLE', $table_prefix . 'reports_reasons'); @define('SEARCH_RESULTS_TABLE', $table_prefix . 'search_results'); @define('SEARCH_WORDLIST_TABLE', $table_prefix . 'search_wordlist'); @define('SEARCH_WORDMATCH_TABLE', $table_prefix . 'search_wordmatch'); @define('SESSIONS_TABLE', $table_prefix . 'sessions'); @define('SESSIONS_KEYS_TABLE', $table_prefix . 'sessions_keys'); @define('SITELIST_TABLE', $table_prefix . 'sitelist'); @define('SMILIES_TABLE', $table_prefix . 'smilies'); @define('STYLES_TABLE', $table_prefix . 'styles'); @define('STYLES_TEMPLATE_TABLE', $table_prefix . 'styles_template'); @define('STYLES_TEMPLATE_DATA_TABLE',$table_prefix . 'styles_template_data'); @define('STYLES_THEME_TABLE', $table_prefix . 'styles_theme'); @define('STYLES_IMAGESET_TABLE', $table_prefix . 'styles_imageset'); @define('STYLES_IMAGESET_DATA_TABLE',$table_prefix . 'styles_imageset_data'); @define('TOPICS_TABLE', $table_prefix . 'topics'); @define('TOPICS_POSTED_TABLE', $table_prefix . 'topics_posted'); @define('TOPICS_TRACK_TABLE', $table_prefix . 'topics_track'); @define('TOPICS_WATCH_TABLE', $table_prefix . 'topics_watch'); @define('USER_GROUP_TABLE', $table_prefix . 'user_group'); @define('USERS_TABLE', $table_prefix . 'users'); @define('WARNINGS_TABLE', $table_prefix . 'warnings'); @define('WORDS_TABLE', $table_prefix . 'words'); @define('ZEBRA_TABLE', $table_prefix . 'zebra'); // Additional tables // Additional constants @define('INHERIT_LANG_NONE', 0); @define('INHERIT_LANG_EN', 1); @define('INHERIT_LANG_DEFAULT', 2); ?> --- NEW FILE: bbcode.php --- <?php /** * * @package Functions_phpBB * @version $Id: bbcode.php,v 1.1 2014/07/07 20:38:12 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if (!defined('IN_PORTAL')) { exit; } /* * Here comes a mxp version of phpbb2 bbcode.php ported to phpbb3 backend * Last in file are the mxp wrapper functions [...2040 lines suppressed...] 'U_MORE_SMILIES' => mx3_append_sid(PHPBB_URL . "posting.$phpEx", "mode=smilies")) ); } $template->assign_vars(array( 'L_EMOTICONS' => $lang['Emoticons'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_SMILIES_COLSPAN' => $s_colspan) ); } } if ($mode == 'window') { $template->pparse('smiliesbody'); include($mx_root_path . 'includes/page_tail.'.$phpEx); } } } ?> --- NEW FILE: session.php --- <?php /** * * @package Style * @version $Id: session.php,v 1.1 2014/07/07 20:38:17 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team & (C) 2005 The phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } /** * Modifications: * - replaced $config -> $board_config - by Jon [...3750 lines suppressed...] case 'zh': $lang_name = 'chinese'; break; case 'zh_cmn_hans': $lang_name = 'chinese_simplified'; break; case 'zh_cmn_hant': $lang_name = 'chinese_traditional'; break; case 'zu': $lang_name = 'zulu'; break; default: $lang_name = $lang; break; } return $lang_name; } } ?> --- NEW FILE: auth.php --- <?php /** * * @package Auth * @version $Id: auth.php,v 1.1 2014/07/07 20:38:11 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://mxpcms.sourceforge.net/ * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /** * Permission/Auth class for phpBB3 forums [...961 lines suppressed...] $sql = array(); foreach ($auth_options as $option) { if (strpos($option, '%') !== false) { $sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->any_char, $option)); } else { $sql[] = $key . " = '" . $db->sql_escape($option) . "'"; } } $sql_opts = 'AND (' . implode(' OR ', $sql) . ')'; } } } } ?> --- NEW FILE: index.htm --- <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> </body> </html> |
|
From: Florin C B. <ory...@us...> - 2014-07-07 20:36:55
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv27897/sessions/phpbb3 Modified Files: core.php Log Message: Index: core.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/core.php,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** core.php 16 May 2014 18:02:23 -0000 1.28 --- core.php 7 Jul 2014 20:36:53 -0000 1.29 *************** *** 378,385 **** { global $mx_root_path, $phpbb_root_path, $phpEx; ! if ($force_shared) { ! $backend = in_array($force_shared, array('internal', 'phpbb2', 'phpbb3')) ? $force_shared : PORTAL_BACKEND; switch ($backend) { --- 378,385 ---- { global $mx_root_path, $phpbb_root_path, $phpEx; ! if ($force_shared) { ! $backend = in_array($force_shared, array('internal', 'phpbb2', 'smf2', 'mybb', 'phpbb3', 'olympus', 'ascraeus', 'rhea')) ? $force_shared : PORTAL_BACKEND; switch ($backend) { |
|
From: Florin C B. <ory...@us...> - 2014-07-07 20:01:16
|
Update of /cvsroot/mxbb/core/admin In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv25013 Modified Files: pagestart.php Log Message: fixing some missing varables and indexes in AdminCP Index: pagestart.php =================================================================== RCS file: /cvsroot/mxbb/core/admin/pagestart.php,v retrieving revision 1.44 retrieving revision 1.45 diff -C2 -d -r1.44 -r1.45 *** pagestart.php 9 May 2014 07:51:42 -0000 1.44 --- pagestart.php 7 Jul 2014 20:01:12 -0000 1.45 *************** *** 41,50 **** if ( !$userdata['session_logged_in'] ) { ! //mx_redirect(mx_append_sid("login.php?redirect=admin/index.$phpEx", true)); } if ( !($userdata['user_level'] == ADMIN) ) { ! //mx_message_die(GENERAL_MESSAGE, $lang['Not_admin']); } --- 41,50 ---- if ( !$userdata['session_logged_in'] ) { ! mx_redirect(mx_append_sid("login.php?redirect=admin/index.$phpEx", true)); } if ( !($userdata['user_level'] == ADMIN) ) { ! mx_message_die(GENERAL_MESSAGE, $lang['Not_admin']); } *************** *** 64,68 **** if (!$userdata['session_admin']) { ! //mx_redirect(mx_append_sid("login.php?redirect=admin/index.$phpEx&admin=1", true)); } --- 64,68 ---- if (!$userdata['session_admin']) { ! mx_redirect(mx_append_sid("login.php?redirect=admin/index.$phpEx&admin=1", true)); } |
|
From: Florin C B. <ory...@us...> - 2014-05-19 18:18:17
|
Update of /cvsroot/mxbb/core/includes/shared/phpbb3/includes/auth In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv384 Added Files: auth_apache.php auth_db.php auth_ldap.php index.htm Log Message: added for olympus and ascareus bakends --- NEW FILE: auth_ldap.php --- <?php /** * * LDAP auth plug-in for phpBB3 * * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. * * @package login * @version $Id: auth_ldap.php,v 1.1 2014/05/19 18:18:15 orynider Exp $ * @copyright (c) 2005 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ /** * @ignore */ if (!defined('IN_PHPBB')) { exit; } /** * Connect to ldap server * Only allow changing authentication to ldap if we can connect to the ldap server * Called in acp_board while setting authentication plugins */ function init_ldap() { global $config, $user; if (!@extension_loaded('ldap')) { return $user->lang['LDAP_NO_LDAP_EXTENSION']; } $config['ldap_port'] = (int) $config['ldap_port']; if ($config['ldap_port']) { $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); } else { $ldap = @ldap_connect($config['ldap_server']); } if (!$ldap) { return $user->lang['LDAP_NO_SERVER_CONNECTION']; } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if ($config['ldap_user'] || $config['ldap_password']) { if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) { return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; } } // ldap_connect only checks whether the specified server is valid, so the connection might still fail $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), ldap_user_filter($user->data['username']), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), 0, 1 ); if ($search === false) { return $user->lang['LDAP_SEARCH_FAILED']; } $result = @ldap_get_entries($ldap, $search); @ldap_close($ldap); if (!is_array($result) || sizeof($result) < 2) { return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); } if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])])) { return $user->lang['LDAP_NO_EMAIL']; } return false; } /** * Login function */ function login_ldap(&$username, &$password) { global $db, $config, $user; // do not allow empty password if (!$password) { return array( 'status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS), ); } if (!$username) { return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } if (!@extension_loaded('ldap')) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', 'user_row' => array('user_id' => ANONYMOUS), ); } $config['ldap_port'] = (int) $config['ldap_port']; if ($config['ldap_port']) { $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); } else { $ldap = @ldap_connect($config['ldap_server']); } if (!$ldap) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 'user_row' => array('user_id' => ANONYMOUS), ); } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if ($config['ldap_user'] || $config['ldap_password']) { if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 'user_row' => array('user_id' => ANONYMOUS), ); } } $search = @ldap_search( $ldap, htmlspecialchars_decode($config['ldap_base_dn']), ldap_user_filter($username), (empty($config['ldap_email'])) ? array(htmlspecialchars_decode($config['ldap_uid'])) : array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])), 0, 1 ); $ldap_result = @ldap_get_entries($ldap, $search); if (is_array($ldap_result) && sizeof($ldap_result) > 1) { if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) { @ldap_close($ldap); $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { unset($ldap_result); // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row, ); } // Successful login... set user_login_attempts to zero... return array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row, ); } else { // retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } // generate user account data $ldap_user_row = array( 'username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip, 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, ); unset($ldap_result); // this is the user's first login so create an empty profile return array( 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, 'user_row' => $ldap_user_row, ); } } else { unset($ldap_result); @ldap_close($ldap); // Give status about wrong password... return array( 'status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => array('user_id' => ANONYMOUS), ); } } @ldap_close($ldap); return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } /** * Generates a filter string for ldap_search to find a user * * @param $username string Username identifying the searched user * * @return string A filter string for ldap_search */ function ldap_user_filter($username) { global $config; $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; if ($config['ldap_user_filter']) { $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; $filter = "(&{$filter}{$_filter})"; } return $filter; } /** * Escapes an LDAP AttributeValue */ function ldap_escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } /** * This function is used to output any required fields in the authentication * admin panel. It also defines any required configuration table fields. */ function acp_ldap(&$new) { global $user; $tpl = ' <dl> <dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd> </dl> <dl> <dt><label for="ldap_port">' . $user->lang['LDAP_PORT'] . ':</label><br /><span>' . $user->lang['LDAP_PORT_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_port" size="40" name="config[ldap_port]" value="' . $new['ldap_port'] . '" /></dd> </dl> <dl> <dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd> </dl> <dl> <dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> </dl> <dl> <dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd> </dl> <dl> <dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> </dl> <dl> <dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt> <dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd> </dl> <dl> <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd> </dl> '; // These are fields required in the config table return array( 'tpl' => $tpl, 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') ); } ?> --- NEW FILE: auth_db.php --- <?php /** * Database auth plug-in for phpBB3 * * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. * * This is for authentication via the integrated user table * * @package login * @version $Id: auth_db.php,v 1.1 2014/05/19 18:18:15 orynider Exp $ * @copyright (c) 2005 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ /** * @ignore */ if (!defined('IN_PHPBB')) { exit; } /** * Login function * * @param string $username * @param string $password * @param string $ip IP address the login is taking place from. Used to * limit the number of login attempts per IP address. * @param string $browser The user agent used to login * @param string $forwarded_for X_FORWARDED_FOR header sent with login request * @return array A associative array of the format * array( * 'status' => status constant * 'error_msg' => string * 'user_row' => array * ) */ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '') { global $db, $config; // do not allow empty password if (!$password) { return array( 'status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS), ); } if (!$username) { return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } $username_clean = utf8_clean_string($username); $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (($ip && !$config['ip_login_limit_use_forwarded']) || ($forwarded_for && $config['ip_login_limit_use_forwarded'])) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) { $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; } else { $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; } $result = $db->sql_query($sql); $attempts = (int) $db->sql_fetchfield('attempts'); $db->sql_freeresult($result); $attempt_data = array( 'attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean, ); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); $result = $db->sql_query($sql); } else { $attempts = 0; } if (!$row) { if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => array('user_id' => ANONYMOUS), ); } return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... if ($show_captcha) { // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory')) { global $phpbb_root_path, $phpEx; include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); } $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate($row); if ($vc_response) { return array( 'status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row, ); } else { $captcha->reset(); } } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; set_var($password_new_format, stripslashes($password_old_format), 'string', true); if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // plain md5 support left in for conversions from other systems. if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) { $hash = phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); return array( 'status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row, ); } } } // Check password ... if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) { // Check for old password hash... if (strlen($row['user_password']) == 32) { $hash = phpbb_hash($password); // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . " SET user_password = '" . $db->sql_escape($hash) . "', user_pass_convert = 0 WHERE user_id = {$row['user_id']}"; $db->sql_query($sql); $row['user_password'] = $hash; } $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row, ); } // Successful login... set user_login_attempts to zero... return array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row, ); } // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); // Give status about wrong password... return array( 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row, ); } ?> --- NEW FILE: auth_apache.php --- <?php /** * Apache auth plug-in for phpBB3 * * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. * * @package login * @version $Id: auth_apache.php,v 1.1 2014/05/19 18:18:15 orynider Exp $ * @copyright (c) 2005 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ /** * @ignore */ if (!defined('IN_PHPBB')) { exit; } /** * Checks whether the user is identified to apache * Only allow changing authentication to apache if the user is identified * Called in acp_board while setting authentication plugins * * @return boolean|string false if the user is identified and else an error message */ function init_apache() { global $user; if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER']) { return $user->lang['APACHE_SETUP_BEFORE_USE']; } return false; } /** * Login function */ function login_apache(&$username, &$password) { global $db; // do not allow empty password if (!$password) { return array( 'status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS), ); } if (!$username) { return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } if (!isset($_SERVER['PHP_AUTH_USER'])) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 'user_row' => array('user_id' => ANONYMOUS), ); } $php_auth_user = $_SERVER['PHP_AUTH_USER']; $php_auth_pw = $_SERVER['PHP_AUTH_PW']; if (!empty($php_auth_user) && !empty($php_auth_pw)) { if ($php_auth_user !== $username) { return array( 'status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS), ); } $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row, ); } // Successful login... return array( 'status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row, ); } // this is the user's first login so create an empty profile return array( 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), ); } // Not logged into apache return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE', 'user_row' => array('user_id' => ANONYMOUS), ); } /** * Autologin function * * @return array containing the user row or empty if no auto login should take place */ function autologin_apache() { global $db; if (!isset($_SERVER['PHP_AUTH_USER'])) { return array(); } $php_auth_user = $_SERVER['PHP_AUTH_USER']; $php_auth_pw = $_SERVER['PHP_AUTH_PW']; if (!empty($php_auth_user) && !empty($php_auth_pw)) { set_var($php_auth_user, $php_auth_user, 'string', true); set_var($php_auth_pw, $php_auth_pw, 'string', true); $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; } if (!function_exists('user_add')) { global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } // create the user if he does not exist yet user_add(user_row_apache($php_auth_user, $php_auth_pw)); $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { return $row; } } return array(); } /** * This function generates an array which can be passed to the user_add function in order to create a user */ function user_row_apache($username, $password) { global $db, $config, $user; // first retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = '" . $db->sql_escape('REGISTERED') . "' AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } // generate user account data return array( 'username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip, 'user_new' => ($config['new_member_post_limit']) ? 1 : 0, ); } /** * The session validation function checks whether the user is still logged in * * @return boolean true if the given user is authenticated or false if the session should be closed */ function validate_session_apache(&$user) { // Check if PHP_AUTH_USER is set and handle this case if (isset($_SERVER['PHP_AUTH_USER'])) { $php_auth_user = ''; set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); return ($php_auth_user === $user['username']) ? true : false; } // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) if ($user['user_type'] == USER_IGNORE) { return true; } return false; } ?> --- NEW FILE: index.htm --- <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> </body> </html> |
2 messages has been excluded from this view by a project administrator.
