aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php85
1 files changed, 64 insertions, 21 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 270d513a26..3fec88a354 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -66,33 +66,48 @@ function set_var(&$result, $var, $type, $multibyte = false)
/**
* Generates an alphanumeric random string of given length
*
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
*
* @return string
*/
function gen_rand_string($num_chars = 8)
{
- // [a, z] + [0, 9] = 36
- return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars);
+ $range = array_merge(range('A', 'Z'), range(0, 9));
+ $size = count($range);
+
+ $output = '';
+ for ($i = 0; $i < $num_chars; $i++)
+ {
+ $rand = random_int(0, $size-1);
+ $output .= $range[$rand];
+ }
+
+ return $output;
}
/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.
*
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{
- $rand_str = bin2hex(random_bytes($num_chars));
+ $range = array_merge(range('A', 'N'), range('P', 'Z'), range(1, 9));
+ $size = count($range);
- // Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
- // [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
- $rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
+ $output = '';
+ for ($i = 0; $i < $num_chars; $i++)
+ {
+ $rand = random_int(0, $size-1);
+ $output .= $range[$rand];
+ }
- return substr($rand_str, 0, $num_chars);
+ return $output;
}
/**
@@ -100,7 +115,7 @@ function gen_rand_string_friendly($num_chars = 8)
*/
function unique_id()
{
- return bin2hex(random_bytes(8));
+ return gen_rand_string(32);
}
/**
@@ -1729,14 +1744,14 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false)
{
// Malformed url
- trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
+ trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{
- trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
+ trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
}
else if ($url[0] == '/')
@@ -1776,13 +1791,13 @@ function redirect($url, $return = false, $disable_cd_check = false)
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
- trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
+ trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{
- trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
+ trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Now, also check the protocol and for a valid url the last time...
@@ -1791,7 +1806,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{
- trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
+ trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
/**
@@ -2348,10 +2363,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?
+ * @var array result Result from auth provider
* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable
+ * @changed 3.2.4-RC1 Added result
*/
- $vars = array('redirect', 'admin');
+ $vars = array('redirect', 'admin', 'result');
extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
// append/replace SID (may change during the session for AOL users)
@@ -2467,7 +2484,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
- $template->assign_vars(array(
+ $login_box_template_data = array(
'LOGIN_ERROR' => $err,
'LOGIN_EXPLAIN' => $l_explain,
@@ -2475,6 +2492,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'U_RESEND_ACTIVATION' => ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
+ 'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),
'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
@@ -2484,7 +2502,29 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'USERNAME_CREDENTIAL' => 'username',
'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',
- ));
+ );
+
+ /**
+ * Event to add/modify login box template data
+ *
+ * @event core.login_box_modify_template_data
+ * @var int admin Flag whether user is admin
+ * @var string username User name
+ * @var int autologin Flag whether autologin is enabled
+ * @var string redirect Redirect URL
+ * @var array login_box_template_data Array with the login box template data
+ * @since 3.2.3-RC2
+ */
+ $vars = array(
+ 'admin',
+ 'username',
+ 'autologin',
+ 'redirect',
+ 'login_box_template_data',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.login_box_modify_template_data', compact($vars)));
+
+ $template->assign_vars($login_box_template_data);
page_header($user->lang['LOGIN']);
@@ -2501,7 +2541,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
*/
function login_forum_box($forum_data)
{
- global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher;
+ global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher, $phpbb_root_path, $phpEx;
$password = $request->variable('password', '', true);
@@ -2586,6 +2626,8 @@ function login_forum_box($forum_data)
'body' => 'login_forum.html')
);
+ make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"), $forum_data['forum_id']);
+
page_footer();
}
@@ -4405,9 +4447,10 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
- 'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
+ 'U_TEAM' => (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
+ 'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),
'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'U_FEED' => $controller_helper->route('phpbb_feed_index'),
@@ -4467,7 +4510,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'S_COOKIE_NOTICE' => !empty($config['cookie_notice']),
'T_THEME_NAME' => rawurlencode($user->style['style_path']),
- 'T_THEME_LANG_NAME' => $user->data['user_lang'],
+ 'T_THEME_LANG_NAME' => $user->lang_name,
'T_TEMPLATE_NAME' => $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-20 10:50:17 +0000