aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php65
1 files changed, 52 insertions, 13 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 270d513a26..1457888c9f 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -66,33 +66,48 @@ function set_var(&$result, $var, $type, $multibyte = false)
/**
* Generates an alphanumeric random string of given length
*
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
*
* @return string
*/
function gen_rand_string($num_chars = 8)
{
- // [a, z] + [0, 9] = 36
- return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars);
+ $range = array_merge(range('A', 'Z'), range(0, 9));
+ $size = count($range);
+
+ $output = '';
+ for ($i = 0; $i < $num_chars; $i++)
+ {
+ $rand = random_int(0, $size-1);
+ $output .= $range[$rand];
+ }
+
+ return $output;
}
/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.
*
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{
- $rand_str = bin2hex(random_bytes($num_chars));
+ $range = array_merge(range('A', 'N'), range('P', 'Z'), range(1, 9));
+ $size = count($range);
- // Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
- // [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
- $rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
+ $output = '';
+ for ($i = 0; $i < $num_chars; $i++)
+ {
+ $rand = random_int(0, $size-1);
+ $output .= $range[$rand];
+ }
- return substr($rand_str, 0, $num_chars);
+ return $output;
}
/**
@@ -100,7 +115,7 @@ function gen_rand_string_friendly($num_chars = 8)
*/
function unique_id()
{
- return bin2hex(random_bytes(8));
+ return gen_rand_string(32);
}
/**
@@ -2467,7 +2482,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
- $template->assign_vars(array(
+ $login_box_template_data = array(
'LOGIN_ERROR' => $err,
'LOGIN_EXPLAIN' => $l_explain,
@@ -2475,6 +2490,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'U_RESEND_ACTIVATION' => ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
+ 'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),
'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
@@ -2484,7 +2500,29 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'USERNAME_CREDENTIAL' => 'username',
'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',
- ));
+ );
+
+ /**
+ * Event to add/modify login box template data
+ *
+ * @event core.login_box_modify_template_data
+ * @var int admin Flag whether user is admin
+ * @var string username User name
+ * @var int autologin Flag whether autologin is enabled
+ * @var string redirect Redirect URL
+ * @var array login_box_template_data Array with the login box template data
+ * @since 3.2.3-RC2
+ */
+ $vars = array(
+ 'admin',
+ 'username',
+ 'autologin',
+ 'redirect',
+ 'login_box_template_data',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.login_box_modify_template_data', compact($vars)));
+
+ $template->assign_vars($login_box_template_data);
page_header($user->lang['LOGIN']);
@@ -4405,9 +4443,10 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
- 'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
+ 'U_TEAM' => (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
+ 'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),
'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'U_FEED' => $controller_helper->route('phpbb_feed_index'),
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-17 23:42:44 +0000