Thread: [Phpbb-php5mod-cvs-checkins] phpbb-php5/includes auth.php, 1.1, 1.2 bbcode.php, 1.6, 1.7 functions.
Brought to you by:
jelly_doughnut
Menu
▾
▴
phpbb-php5mod-cvs-checkins
|
From: Josh <jel...@us...> - 2006-06-08 19:25:03
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13144/includes Modified Files: auth.php bbcode.php functions.php functions_post.php prune.php sessions.php usercp_avatar.php usercp_confirm.php usercp_register.php Log Message: 2.0.21.5 (yeah, I skipped 2.0.20.5. Shoot me.) Index: functions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** functions.php 31 Dec 2005 01:35:25 -0000 1.6 --- functions.php 8 Jun 2006 19:24:57 -0000 1.7 *************** *** 113,116 **** --- 113,148 ---- } + /** + * Our own generator of random values + * This uses a constantly changing value as the base for generating the values + * The board wide setting is updated once per page if this code is called + * With thanks to Anthrax101 for the inspiration on this one + * Added in phpBB 2.0.20 + */ + function dss_rand() + { + global $db, $board_config, $dss_seeded; + + $val = $board_config['rand_seed'] . microtime(); + $val = md5($val); + $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); + + if($dss_seeded !== true) + { + $sql = "UPDATE " . CONFIG_TABLE . " SET + config_value = '" . $board_config['rand_seed'] . "' + WHERE config_name = 'rand_seed'"; + + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); + } + + $dss_seeded = true; + } + + return substr($val, 4, 16); + } + function make_jumpbox($action, $match_forum_id = 0) { *************** *** 224,228 **** { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path; global $nav_links; --- 256,260 ---- { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path, $db; global $nav_links; *************** *** 231,235 **** if ( !empty($userdata['user_lang'])) { ! $board_config['default_lang'] = $userdata['user_lang']; } --- 263,267 ---- if ( !empty($userdata['user_lang'])) { ! $default_lang = ltrim(basename(rtrim($userdata['user_lang'])), "'"); } *************** *** 244,252 **** } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { ! $board_config['default_lang'] = 'english'; } include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); --- 276,335 ---- } } + else + { + $default_lang = ltrim(basename(rtrim($board_config['default_lang'])), "'"); + } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) { ! if ( $userdata['user_id'] != ANONYMOUS ) ! { ! // For logged in users, try the board default language next ! $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); ! } ! else ! { ! // For guests it means the default language is not present, try english ! // This is a long shot since it means serious errors in the setup to reach here, ! // but english is part of a new install so it's worth us trying ! $default_lang = 'english'; ! } ! ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not locate valid language pack'); ! } ! } ! ! // If we've had to change the value in any way then let's write it back to the database ! // before we go any further since it means there is something wrong with it ! if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang ) ! { ! $sql = 'UPDATE ' . USERS_TABLE . " ! SET user_lang = '" . $default_lang . "' ! WHERE user_lang = '" . $userdata['user_lang'] . "'"; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user language info'); ! } ! ! $board_config['default_lang'] = $default_lang; ! $userdata['user_lang'] = $default_lang; } + elseif ( $board_config['default_lang'] !== $default_lang ) + { + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $default_lang . "' + WHERE config_name = 'default_lang'"; + + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Could not update user language info'); + } + + $board_config['default_lang'] = $default_lang; + } + include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); *************** *** 308,314 **** global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = "SELECT * ! FROM " . THEMES_TABLE . " ! WHERE themes_id = $style"; if ( !($result = $db->sql_query($sql)) ) { --- 391,397 ---- global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $style; if ( !($result = $db->sql_query($sql)) ) { *************** *** 318,322 **** if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } --- 401,438 ---- if ( !($row = $db->sql_fetchrow($result)) ) { ! // We are trying to setup a style which does not exist in the database ! // Try to fallback to the board default (if the user had a custom style) ! // and then any users using this style to the default if it succeeds ! if ( $style != $board_config['default_style']) ! { ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $board_config['default_style']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not query database for theme info'); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! $db->sql_freeresult($result); ! ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_style = ' . (int) $board_config['default_style'] . " ! WHERE user_style = $style"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user theme info'); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } } *************** *** 580,584 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file); } } --- 696,700 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file); } } *************** *** 607,615 **** } ! if ( empty($template) ) ! { ! $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); ! } ! if ( empty($theme) ) { $theme = setup_style($board_config['default_style']); --- 723,727 ---- } ! if ( empty($template) || empty($theme) ) { $theme = setup_style($board_config['default_style']); Index: auth.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/auth.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** auth.php 29 Jul 2004 22:36:19 -0000 1.1 --- auth.php 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 236,239 **** --- 236,242 ---- $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); + + switch( $value ) { *************** *** 283,286 **** --- 286,290 ---- { $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; Index: usercp_register.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_register.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** usercp_register.php 31 Dec 2005 01:35:25 -0000 1.9 --- usercp_register.php 8 Jun 2006 19:24:57 -0000 1.10 *************** *** 131,135 **** } ! $signature = str_replace('<br />', "\n", $signature); // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to --- 131,136 ---- } ! $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : ''; ! $signature_bbcode_uid = ''; // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to *************** *** 294,303 **** if ($row = $db->sql_fetchrow($result)) { - // Only compare one char if the zlib-extension is not loaded - if (!@extension_loaded('zlib')) - { - $row['code'] = substr($row['code'], -1); - } - if ($row['code'] != $confirm_code) { --- 295,298 ---- *************** *** 526,529 **** --- 521,531 ---- } + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } + if ( !$user_active ) { *************** *** 767,770 **** --- 769,773 ---- $new_password = ''; $password_confirm = ''; + $cur_password = ''; $icq = stripslashes($icq); *************** *** 791,794 **** --- 794,798 ---- $new_password = ''; $password_confirm = ''; + $cur_password = ''; $icq = $userdata['user_icq']; *************** *** 979,993 **** $db->sql_freeresult($result); ! $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); ! ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! ! $max_chars = count($confirm_chars) - 1; ! $code = ''; ! for ($i = 0; $i < 6; $i++) ! { ! $code .= $confirm_chars[mt_rand(0, $max_chars)]; ! } $confirm_id = md5(uniqid($user_ip)); --- 983,990 ---- $db->sql_freeresult($result); ! // Generate the required confirmation code ! // NB 0 (zero) could get confused with O (the letter) so we make change it ! $code = dss_rand(); ! $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6); $confirm_id = md5(uniqid($user_ip)); *************** *** 1002,1006 **** unset($code); ! $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; --- 999,1003 ---- unset($code); ! $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; *************** *** 1017,1025 **** $template->assign_vars(array( ! 'USERNAME' => $username, ! 'CUR_PASSWORD' => $cur_password, ! 'NEW_PASSWORD' => $new_password, ! 'PASSWORD_CONFIRM' => $password_confirm, ! 'EMAIL' => $email, 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, --- 1014,1022 ---- $template->assign_vars(array( ! 'USERNAME' => isset($username) ? $username : '', ! 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '', ! 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', ! 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', ! 'EMAIL' => isset($email) ? $email : '', 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, Index: prune.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/prune.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** prune.php 29 Jul 2004 22:36:20 -0000 1.1 --- prune.php 8 Jun 2006 19:24:57 -0000 1.2 *************** *** 32,35 **** --- 32,50 ---- global $db, $lang; + // Before pruning, lets try to clean up the invalid topic entries + $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' + WHERE topic_last_post_id = 0'; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql); + } + + while( $row = $db->sql_fetchrow($result) ) + { + sync('topic', $row['topic_id']); + } + + $db->sql_freeresult($result); + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // *************** *** 40,45 **** WHERE t.forum_id = $forum_id $prune_all ! AND ( p.post_id = t.topic_last_post_id ! OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) { --- 55,59 ---- WHERE t.forum_id = $forum_id $prune_all ! AND p.post_id = t.topic_last_post_id"; if ( $prune_date != '' ) { Index: functions_post.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions_post.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** functions_post.php 31 Dec 2005 01:35:25 -0000 1.4 --- functions_post.php 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 47,101 **** if ($html_on) { ! $allowed_html_tags = split(',', $board_config['allow_html_tags']); ! ! $end_html = 0; ! $start_html = 1; ! $tmp_message = ''; ! $message = ' ' . $message . ' '; ! ! while ($start_html = strpos($message, '<', $start_html)) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! ! if ($end_html = strpos($message, '>', $start_html)) ! { ! $length = $end_html - $start_html + 1; ! $hold_string = substr($message, $start_html, $length); ! ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); ! $hold_string = substr($hold_string, $unclosed_open - 1); ! } ! ! $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) ! { ! $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) ! { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; ! } ! } ! ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; ! $start_html += $length; ! } ! else ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); ! $start_html = strlen($message); ! $end_html = $start_html; ! } ! } ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else --- 47,70 ---- if ($html_on) { ! // If HTML is on, we try to make it safe ! // This approach is quite agressive and anything that does not look like a valid tag ! // is going to get converted to HTML entities ! $message = stripslashes($message); ! $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; ! $matches = array(); ! $message_split = preg_split($html_match, $message); ! preg_match_all($html_match, $message, $matches); ! $message = ''; ! foreach ($message_split as $part) { ! $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); ! $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); } ! $message = addslashes($message); ! $message = str_replace('"', '\"', $message); } else *************** *** 188,192 **** if (!empty($option_text)) { ! $temp_option_text[$option_id] = htmlspecialchars($option_text); } } --- 157,161 ---- if (!empty($option_text)) { ! $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } *************** *** 214,218 **** // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, $post_data, &$message, &$meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, $poll_options, $poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; --- 183,187 ---- // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, $post_data, &$message, &$meta, $forum_id, &$topic_id, &$post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, $poll_options, $poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; *************** *** 445,454 **** } ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 414,426 ---- } ! if ($mode != 'poll_delete') { ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); ! } } *************** *** 851,853 **** --- 823,888 ---- } + /** + * Called from within prepare_message to clean included HTML tags if HTML is + * turned on for that post + * @param array $tag Matching text from the message to parse + */ + function clean_html($tag) + { + global $board_config; + + if (empty($tag[0])) + { + return ''; + } + + $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); + $disallowed_attributes = '/^(?:style|on)/i'; + + // Check if this is an end tag + preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); + if (sizeof($matches)) + { + if (in_array(strtolower($matches[1]), $allowed_html_tags)) + { + return '</' . $matches[1] . '>'; + } + else + { + return htmlspecialchars('</' . $matches[1] . '>'); + } + } + + // Check if this is an allowed tag + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + $attributes = ''; + if (!empty($tag[2])) + { + preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); + for ($i = 0; $i < sizeof($test[0]); $i++) + { + if (preg_match($disallowed_attributes, $test[1][$i])) + { + continue; + } + $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; + } + } + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + return '<' . $tag[1] . $attributes . '>'; + } + else + { + return htmlspecialchars('<' . $tag[1] . $attributes . '>'); + } + } + // Finally, this is not an allowed tag so strip all the attibutes and escape it + else + { + return htmlspecialchars('<' . $tag[1] . '>'); + } + } + ?> \ No newline at end of file Index: usercp_avatar.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_avatar.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** usercp_avatar.php 31 Dec 2005 01:35:25 -0000 1.7 --- usercp_avatar.php 8 Jun 2006 19:24:57 -0000 1.8 *************** *** 97,100 **** --- 97,101 ---- global $lang; + if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { *************** *** 102,105 **** --- 103,108 ---- } + $avatar_filename = substr($avatar_filename, 0, 100); + if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { *************** *** 122,126 **** $type = ''; ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) --- 125,129 ---- $type = ''; ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) Index: sessions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/sessions.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** sessions.php 31 Oct 2005 03:18:41 -0000 1.9 --- sessions.php 8 Jun 2006 19:24:57 -0000 1.10 *************** *** 178,184 **** if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " --- 178,182 ---- if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(dss_rand()); $sql = "INSERT INTO " . SESSIONS_TABLE . " *************** *** 212,218 **** if ($enable_autologin) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); ! $auto_login_key = uniqid(mt_rand(), true); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') --- 210,214 ---- if ($enable_autologin) { ! $auto_login_key = dss_rand() . dss_rand(); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') *************** *** 370,373 **** --- 366,375 ---- } + // Add the session_key to the userdata array if it is set + if ( isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '' ) + { + $userdata['session_key'] = $sessiondata['autologinid']; + } + return $userdata; } *************** *** 494,497 **** --- 496,558 ---- } + /** + * Reset all login keys for the specified user + * Called on password changes + */ + function session_reset_keys($user_id, $user_ip) + { + global $db, $userdata, $board_config; + + $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; + + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + $key_sql"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); + } + + $where_sql = 'session_user_id = ' . (int) $user_id; + $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE $where_sql"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); + } + + if ( !empty($key_sql) ) + { + $auto_login_key = dss_rand() . dss_rand(); + + $current_time = time(); + + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " + SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time + WHERE key_id = '" . md5($userdata['session_key']) . "'"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); + } + + // And now rebuild the cookie + $sessiondata['userid'] = $user_id; + $sessiondata['autologinid'] = $auto_login_key; + $cookiename = $board_config['cookie_name']; + $cookiepath = $board_config['cookie_path']; + $cookiedomain = $board_config['cookie_domain']; + $cookiesecure = $board_config['cookie_secure']; + + setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); + + $userdata['session_key'] = $auto_login_key; + unset($sessiondata); + unset($auto_login_key); + } + } + // Index: usercp_confirm.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_confirm.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** usercp_confirm.php 31 Dec 2005 01:35:25 -0000 1.4 --- usercp_confirm.php 8 Jun 2006 19:24:57 -0000 1.5 *************** *** 67,170 **** } ! // If we can we will generate a single filtered png else we will have to simply ! // output six seperate original pngs ... first way is preferable! ! if (@extension_loaded('zlib')) ! { ! $_png = define_filtered_pngs(); ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) { ! $image .= chr(0); ! if ($i > $offset_y && $i < $offset_y + $img_height) { ! $j = 0; ! ! for ($k = 0; $k < $offset_x; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } ! ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) ! { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); ! } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; ! } ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } ! ! $l++; } ! else { ! for ($k = 0; $k < $total_width; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } } } - unset($hold); - - $image = create_png(gzcompress($image), $total_width, $total_height); - - // Output image - header('Content-Type: image/png'); - header('Cache-control: no-cache, no-store'); - echo $image; - - unset($image); - unset($_png); - exit; } ! else ! { ! $_png = define_raw_pngs(); ! $char = substr($code, -1); ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo base64_decode($_png[$char]); ! unset($_png); ! exit; ! } exit; // This is designed to randomise the pixels of the image data within // certain limits so as to keep it readable. It also varies the image --- 67,153 ---- } ! // We can we will generate a single filtered png ! // Thanks to DavidMJ for emulating zlib within the code :) ! $_png = define_filtered_pngs(); ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) ! { ! $image .= chr(0); ! ! if ($i > $offset_y && $i < $offset_y + $img_height) { ! $j = 0; ! for ($k = 0; $k < $offset_x; $k++) { ! $image .= chr(mt_rand(140, 255)); ! } ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; } ! ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } } } ! unset($hold); ! $image = create_png($image, $total_width, $total_height); ! // Output image ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo $image; + unset($image); + unset($_png); exit; + // This is designed to randomise the pixels of the image data within // certain limits so a... [truncated message content] |
Thanks for helping keep SourceForge clean.
X