diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acm/acm_file.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/classes/acl.php | 30 | ||||
| -rw-r--r-- | phpBB/includes/classes/session.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/classes/template_compile.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/classes/user.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 1109 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions_compress.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions_convert.php | 14 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 18 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 26 |
18 files changed, 125 insertions, 1158 deletions
diff --git a/phpBB/includes/acm/acm_file.php b/phpBB/includes/acm/acm_file.php index e0e99d4153..23183d1865 100644 --- a/phpBB/includes/acm/acm_file.php +++ b/phpBB/includes/acm/acm_file.php @@ -89,7 +89,7 @@ class acm include(PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT); } - phpbb_chmod($this->cache_dir . 'data_global.' . PHP_EXT, CHMOD_WRITE); + phpbb_chmod($this->cache_dir . 'data_global.' . PHP_EXT, phpbb::CHMOD_WRITE); } else { @@ -192,7 +192,7 @@ class acm include(PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT); } - phpbb_chmod($this->cache_dir . "data{$var_name}." . PHP_EXT, CHMOD_WRITE); + phpbb_chmod($this->cache_dir . "data{$var_name}." . PHP_EXT, phpbb::CHMOD_WRITE); } } else @@ -407,7 +407,7 @@ class acm include(PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT); } - phpbb_chmod($filename, CHMOD_WRITE); + phpbb_chmod($filename, phpbb::CHMOD_WRITE); $query_result = $query_id; } diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index d23b27a7dd..9ff10ccf7d 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -96,7 +96,7 @@ function login_apache(&$username, &$password) if ($row) { // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + if ($row['user_type'] == phpbb::USER_INACTIVE || $row['user_type'] == phpbb::USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, @@ -104,7 +104,7 @@ function login_apache(&$username, &$password) 'user_row' => $row, ); } - + // Successful login... return array( 'status' => LOGIN_SUCCESS, @@ -160,7 +160,7 @@ function autologin_apache() if ($row) { - return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row; + return ($row['user_type'] == phpbb::USER_INACTIVE || $row['user_type'] == phpbb::USER_IGNORE) ? array() : $row; } if (!function_exists('user_add')) @@ -213,7 +213,7 @@ function user_row_apache($username, $password) 'user_password' => phpbb_hash($password), 'user_email' => '', 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, + 'user_type' => phpbb::USER_NORMAL, 'user_ip' => $user->ip, ); } diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 82750936f1..670b16c4e3 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -180,7 +180,7 @@ function login_db(&$username, &$password) } // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + if ($row['user_type'] == phpbb::USER_INACTIVE || $row['user_type'] == phpbb::USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 3163153997..797d3c1cbb 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -187,7 +187,7 @@ function login_ldap(&$username, &$password) unset($ldap_result); // User inactive... - if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) + if ($row['user_type'] == phpbb::USER_INACTIVE || $row['user_type'] == phpbb::USER_IGNORE) { return array( 'status' => LOGIN_ERROR_ACTIVE, @@ -225,7 +225,7 @@ function login_ldap(&$username, &$password) 'user_password' => phpbb_hash($password), 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '', 'group_id' => (int) $row['group_id'], - 'user_type' => USER_NORMAL, + 'user_type' => phpbb::USER_NORMAL, 'user_ip' => $user->ip, ); diff --git a/phpBB/includes/classes/acl.php b/phpBB/includes/classes/acl.php index e7fa0f2674..226bb8be23 100644 --- a/phpBB/includes/classes/acl.php +++ b/phpBB/includes/classes/acl.php @@ -382,13 +382,13 @@ class auth // Key 0 in $hold_ary are global options, all others are forum_ids // If this user is founder we're going to force fill the admin options ... - if ($userdata['user_type'] == USER_FOUNDER) + if ($userdata['user_type'] == phpbb::USER_FOUNDER) { foreach ($this->acl_options['global'] as $opt => $id) { if (strpos($opt, 'a_') === 0) { - $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES; + $hold_ary[0][$this->acl_options['id'][$opt]] = phpbb::ACL_YES; } } } @@ -437,14 +437,14 @@ class auth // If one option is allowed, the global permission for this option has to be allowed too // example: if the user has the a_ permission this means he has one or more a_* permissions - if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER)) + if ($auth_ary[$this->acl_options['id'][$opt]] == phpbb::ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == phpbb::ACL_NEVER)) { - $bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES; + $bitstring[$this->acl_options[$ary_key][$option_key]] = phpbb::ACL_YES; } } else { - $bitstring[$id] = ACL_NEVER; + $bitstring[$id] = phpbb::ACL_NEVER; } } @@ -637,22 +637,22 @@ class auth $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; // @todo: use the ref technique to reduce opcode generation - if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER)) + if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != phpbb::ACL_NEVER)) { $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) - if ($row['auth_setting'] == ACL_NEVER) + if ($row['auth_setting'] == phpbb::ACL_NEVER) { $flag = substr($option, 0, strpos($option, '_') + 1); - if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES) + if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == phpbb::ACL_YES) { unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]); -/* if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']])) +/* if (in_array(phpbb::ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']])) { - $hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES; + $hold_ary[$row['user_id']][$row['forum_id']][$flag] = phpbb::ACL_YES; } */ } @@ -856,24 +856,24 @@ class auth */ private function _set_group_hold_ary(&$hold_ary, $option_id, $setting) { - if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER)) + if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != phpbb::ACL_NEVER)) { $hold_ary[$option_id] = $setting; // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) - if ($setting == ACL_NEVER) + if ($setting == phpbb::ACL_NEVER) { $flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1); $flag = (int) $this->acl_options['id'][$flag]; - if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES) + if (isset($hold_ary[$flag]) && $hold_ary[$flag] == phpbb::ACL_YES) { unset($hold_ary[$flag]); /* This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible - if (in_array(ACL_YES, $hold_ary)) + if (in_array(phpbb::ACL_YES, $hold_ary)) { - $hold_ary[$flag] = ACL_YES; + $hold_ary[$flag] = phpbb::ACL_YES; }*/ } } diff --git a/phpBB/includes/classes/session.php b/phpBB/includes/classes/session.php index 5a42fdaac2..4c953d9605 100644 --- a/phpBB/includes/classes/session.php +++ b/phpBB/includes/classes/session.php @@ -89,9 +89,9 @@ abstract class phpbb_session // Set auth to false (only valid for an user object) $this->auth = false; - // Some system/server variables, directly generated by phpbb_system methods. Used like an array. + // Some system/server variables, directly generated by phpbb_system_info methods. Used like an array. // We use the phpbb:: one, because it could've been modified and being a completely different class - $this->system = &phpbb::$instances['system']; + $this->system =& phpbb::$instances['server-vars']; } /** @@ -223,7 +223,7 @@ abstract class phpbb_session $sql = 'SELECT u.* FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND u.user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ") AND k.user_id = u.user_id AND k.key_id = '" . phpbb::$db->sql_escape(md5($this->cookie_data['k'])) . "'"; $result = phpbb::$db->sql_query($sql); @@ -240,7 +240,7 @@ abstract class phpbb_session $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $this->cookie_data['u'] . ' - AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + AND user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ')'; $result = phpbb::$db->sql_query($sql); $this->data = phpbb::$db->sql_fetchrow($result); phpbb::$db->sql_freeresult($result); @@ -351,7 +351,7 @@ abstract class phpbb_session // session exists in which case session_id will also be set // Is user banned? Are they excluded? Won't return on ban, exists within method - if ($this->data['user_type'] != USER_FOUNDER) + if ($this->data['user_type'] != phpbb::USER_FOUNDER) { if (!phpbb::$config['forwarded_for_check']) { @@ -1092,7 +1092,7 @@ abstract class phpbb_session phpbb::$db->sql_query($sql); } - $this->is_registered = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; + $this->is_registered = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == phpbb::USER_NORMAL || $this->data['user_type'] == phpbb::USER_FOUNDER)) ? true : false; $this->is_bot = (!$this->is_registered && $this->data['user_id'] != ANONYMOUS) ? true : false; $this->data['user_lang'] = basename($this->data['user_lang']); diff --git a/phpBB/includes/classes/template_compile.php b/phpBB/includes/classes/template_compile.php index 471ca5eca3..0ad6021e44 100644 --- a/phpBB/includes/classes/template_compile.php +++ b/phpBB/includes/classes/template_compile.php @@ -833,7 +833,7 @@ class template_compile @flock($destination_handle, LOCK_UN); @fclose($destination_handle); - phpbb_chmod($filename, CHMOD_WRITE); + phpbb_chmod($filename, phpbb::CHMOD_WRITE); clearstatcache(); diff --git a/phpBB/includes/classes/user.php b/phpBB/includes/classes/user.php index 067d97e8cb..af425f2299 100644 --- a/phpBB/includes/classes/user.php +++ b/phpBB/includes/classes/user.php @@ -29,7 +29,7 @@ class phpbb_user extends phpbb_session /** * @var array required phpBB objects */ - public $phpbb_required = array('config', 'acl', 'db', 'template', 'security', 'system', 'acm', 'api:user'); + public $phpbb_required = array('config', 'acl', 'db', 'template', 'security', 'server-vars', 'acm', 'api:user'); /** * @var array Optional phpBB objects diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index e4221db8bb..c62e50d481 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -42,21 +42,11 @@ define('AVATAR_UPLOAD', 1); define('AVATAR_REMOTE', 2); define('AVATAR_GALLERY', 3); -define('USER_NORMAL', 0); -define('USER_INACTIVE', 1); -define('USER_IGNORE', 2); -define('USER_FOUNDER', 3); - define('INACTIVE_REGISTER', 1); define('INACTIVE_PROFILE', 2); define('INACTIVE_MANUAL', 3); define('INACTIVE_REMIND', 4); -// ACL -define('ACL_NEVER', 0); -define('ACL_YES', 1); -define('ACL_NO', -1); - // Login error codes define('LOGIN_CONTINUE', 1); define('LOGIN_BREAK', 2); @@ -179,12 +169,6 @@ define('REFERER_VALIDATE_NONE', 0); define('REFERER_VALIDATE_HOST', 1); define('REFERER_VALIDATE_PATH', 2); -// phpbb_chmod() permissions -@define('CHMOD_ALL', 7); -@define('CHMOD_READ', 4); -@define('CHMOD_WRITE', 2); -@define('CHMOD_EXECUTE', 1); - // Additional constants define('VOTE_CONVERTED', 127); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b8ca86bc07..512c05bf4a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -19,102 +19,21 @@ if (!defined('IN_PHPBB')) // Common global functions /** -* Replacement for a superglobal (like $_GET or $_POST) which calls -* trigger_error on any operation, overloads the [] operator using SPL. -* @package phpBB3 -*/ -class deactivated_super_global implements ArrayAccess, Countable, IteratorAggregate -{ - /** - * Holds the error message - */ - private $message; - - /** - * Constructor generates an error message fitting the super global to be - * used within the other functions. - * - * @param string $name Name of the super global this is a replacement for - e.g. '_GET' - */ - public function __construct($name) - { - $this->message = 'Illegal use of $' . $name . '. You must use the request class or request_var() to access input data. Found in %s on line %d. This error message was generated'; - } - - /** - * Calls trigger_error with the file and line number the super global was used in - */ - private function error() - { - $file = ''; - $line = 0; - - $backtrace = debug_backtrace(); - if (isset($backtrace[1])) - { - $file = $backtrace[1]['file']; - $line = $backtrace[1]['line']; - } - trigger_error(sprintf($this->message, $file, $line), E_USER_ERROR); - } - - /** - * Part of the ArrayAccess implementation, will always result in a FATAL error - */ - public function offsetExists($offset) - { - $this->error(); - } - - /** - * Part of the ArrayAccess implementation, will always result in a FATAL error - */ - public function offsetGet($offset) - { - $this->error(); - } - - /** - * Part of the ArrayAccess implementation, will always result in a FATAL error - */ - public function offsetSet($offset, $value) - { - $this->error(); - } - - /** - * Part of the ArrayAccess implementation, will always result in a FATAL error - */ - public function offsetUnset($offset) - { - $this->error(); - } - - /** - * Part of the Countable implementation, will always result in a FATAL error - */ - public function count() - { - $this->error(); - } - - /** - * Part of the Traversable/IteratorAggregate implementation, will always result in a FATAL error - */ - public function getIterator() - { - $this->error(); - } -} - -/** -* Wrapper function of phpbb_request::variable which exists for backwards -* compatability. -* See {@link phpbb_request::variable phpbb_request::variable} for documentation of this -* function's use. -* @param bool $cookie This param is mapped to phpbb_request::COOKIE as the last -* param for phpbb_request::variable for backwards -* compatability reasons. +* Wrapper function of phpbb_request::variable which exists for backwards compatability. +* See {@link phpbb_request::variable phpbb_request::variable} for documentation of this function's use. +* +* @param string|array $var_name The form variable's name from which data shall be retrieved. +* If the value is an array this may be an array of indizes which will give +* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") +* then specifying array("var", 1) as the name will return "a". +* @param mixed $default A default value that is returned if the variable was not set. +* This function will always return a value of the same type as the default. +* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters +* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks +* @param bool $cookie This param is mapped to phpbb_request::COOKIE as the last param for phpbb_request::variable for backwards compatability reasons. +* +* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the +* the same as that of $default. If the variable is not set $default is returned. */ function request_var($var_name, $default, $multibyte = false, $cookie = false) { @@ -122,69 +41,39 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false) } /** -* Set config value. Creates missing config entry. +* Set config value. +* Creates missing config entry if update did not succeed and phpbb::$config for this entry empty. +* +* @param string $config_name The configuration keys name +* @param string $config_value The configuration value +* @param bool $is_dynamic True if the configuration entry is not cached */ function set_config($config_name, $config_value, $is_dynamic = false) { - global $db, $cache, $config; - $sql = 'UPDATE ' . CONFIG_TABLE . " - SET config_value = '" . $db->sql_escape($config_value) . "' - WHERE config_name = '" . $db->sql_escape($config_name) . "'"; - $db->sql_query($sql); + SET config_value = '" . phpbb::$db->sql_escape($config_value) . "' + WHERE config_name = '" . phpbb::$db->sql_escape($config_name) . "'"; + phpbb::$db->sql_query($sql); - if (!$db->sql_affectedrows() && !isset($config[$config_name])) + if (!phpbb::$db->sql_affectedrows() && !isset(phpbb::$config[$config_name])) { - $sql = 'INSERT INTO ' . CONFIG_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'config_name' => $config_name, - 'config_value' => $config_value, - 'is_dynamic' => ($is_dynamic) ? 1 : 0)); - $db->sql_query($sql); + $sql = 'INSERT INTO ' . CONFIG_TABLE . ' ' . phpbb::$db->sql_build_array('INSERT', array( + 'config_name' => (string) $config_name, + 'config_value' => (string) $config_value, + 'is_dynamic' => (int) $is_dynamic, + )); + phpbb::$db->sql_query($sql); } - $config[$config_name] = $config_value; + phpbb::$config[$config_name] = $config_value; if (!$is_dynamic) { - $cache->destroy('config'); + phpbb::$acm->destroy('#config'); } } /** -* Generates an alphanumeric random string of given length -*/ -function gen_rand_string($num_chars = 8) -{ - $rand_str = unique_id(); - $rand_str = str_replace('0', 'Z', strtoupper(base_convert($rand_str, 16, 35))); - - return substr($rand_str, 0, $num_chars); -} - -/** -* Return unique id -* @param string $extra additional entropy -*/ -function unique_id($extra = 'c') -{ - static $dss_seeded = false; - global $config; - - $val = $config['rand_seed'] . microtime(); - $val = md5($val); - $config['rand_seed'] = md5($config['rand_seed'] . $val . $extra); - - if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) - { - set_config('rand_seed', $config['rand_seed'], true); - set_config('rand_seed_last_update', time(), true); - $dss_seeded = true; - } - - return substr($val, 4, 16); -} - -/** * Return formatted string for filesizes */ function get_formatted_filesize($bytes, $add_size_lang = true) @@ -240,200 +129,6 @@ function still_on_time($extra_time = 15) } /** -* -* @version Version 0.1 / $Id$ -* -* Portable PHP password hashing framework. -* -* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in -* the public domain. -* -* There's absolutely no warranty. -* -* The homepage URL for this framework is: -* -* http://www.openwall.com/phpass/ -* -* Please be sure to update the Version line if you edit this file in any way. -* It is suggested that you leave the main version number intact, but indicate -* your project name (after the slash) and add your own revision information. -* -* Please do not change the "private" password hashing method implemented in -* here, thereby making your hashes incompatible. However, if you must, please -* change the hash type identifier (the "$P$") to something different. -* -* Obviously, since this code is in the public domain, the above are not -* requirements (there can be none), but merely suggestions. -* -* -* Hash the password -*/ -function phpbb_hash($password) -{ - $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - - $random_state = unique_id(); - $random = ''; - $count = 6; - - if (($fh = @fopen('/dev/urandom', 'rb'))) - { - $random = fread($fh, $count); - fclose($fh); - } - - if (strlen($random) < $count) - { - $random = ''; - - for ($i = 0; $i < $count; $i += 16) - { - $random_state = md5(unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); - } - $random = substr($random, 0, $count); - } - - $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); - - if (strlen($hash) == 34) - { - return $hash; - } - - return md5($password); -} - -/** -* Check for correct password -* -* @param string $password The password in plain text -* @param string $hash The stored password hash -* -* @return bool Returns true if the password is correct, false if not. -*/ -function phpbb_check_hash($password, $hash) -{ - $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - if (strlen($hash) == 34) - { - return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false; - } - - return (md5($password) === $hash) ? true : false; -} - -/** -* Generate salt for hash generation -*/ -function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6) -{ - if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) - { - $iteration_count_log2 = 8; - } - - $output = '$H$'; - $output .= $itoa64[min($iteration_count_log2 + 5, 30)]; - $output .= _hash_encode64($input, 6, $itoa64); - - return $output; -} - -/** -* Encode hash -*/ -function _hash_encode64($input, $count, &$itoa64) -{ - $output = ''; - $i = 0; - - do - { - $value = ord($input[$i++]); - $output .= $itoa64[$value & 0x3f]; - - if ($i < $count) - { - $value |= ord($input[$i]) << 8; - } - - $output .= $itoa64[($value >> 6) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - if ($i < $count) - { - $value |= ord($input[$i]) << 16; - } - - $output .= $itoa64[($value >> 12) & 0x3f]; - - if ($i++ >= $count) - { - break; - } - - $output .= $itoa64[($value >> 18) & 0x3f]; - } - while ($i < $count); - - return $output; -} - -/** -* The crypt function/replacement -*/ -function _hash_crypt_private($password, $setting, &$itoa64) -{ - $output = '*'; - - // Check for correct hash - if (substr($setting, 0, 3) != '$H$') - { - return $output; - } - - $count_log2 = strpos($itoa64, $setting[3]); - - if ($count_log2 < 7 || $count_log2 > 30) - { - return $output; - } - - $count = 1 << $count_log2; - $salt = substr($setting, 4, 8); - - if (strlen($salt) != 8) - { - return $output; - } - - /** - * We're kind of forced to use MD5 here since it's the only - * cryptographic primitive available in all versions of PHP - * currently in use. To implement our own low-level crypto - * in PHP would result in much worse performance and - * consequently in lower iteration counts and hashes that are - * quicker to crack (by non-PHP code). - */ - $hash = md5($salt . $password, true); - do - { - $hash = md5($hash . $password, true); - } - while (--$count); - - $output = substr($setting, 0, 12); - $output .= _hash_encode64($hash, 16, $itoa64); - - return $output; -} - -/** * Global function for chmodding directories and files for internal use * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions. * The function determines owner and group from common.php file and sets the same to the provided file. Permissions are mapped to the group, user always has rw(x) permission. @@ -442,10 +137,10 @@ function _hash_crypt_private($password, $setting, &$itoa64) * * Supported constants representing bit fields are: * -* CHMOD_ALL - all permissions (7) -* CHMOD_READ - read permission (4) -* CHMOD_WRITE - write permission (2) -* CHMOD_EXECUTE - execute permission (1) +* phpbb::CHMOD_ALL - all permissions (7) +* phpbb::CHMOD_READ - read permission (4) +* phpbb::CHMOD_WRITE - write permission (2) +* phpbb::CHMOD_EXECUTE - execute permission (1) * * NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions. * @@ -455,7 +150,7 @@ function _hash_crypt_private($password, $setting, &$itoa64) * * @author faw, phpBB Group */ -function phpbb_chmod($filename, $perms = CHMOD_READ) +function phpbb_chmod($filename, $perms = phpbb::CHMOD_READ) { // Return if the file no longer exists. if (!file_exists($filename)) @@ -522,15 +217,15 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) } // Owner always has read/write permission - $owner = CHMOD_READ | CHMOD_WRITE; + $owner = phpbb::CHMOD_READ | phpbb::CHMOD_WRITE; if (is_dir($filename)) { - $owner |= CHMOD_EXECUTE; + $owner |= phpbb::CHMOD_EXECUTE; // Only add execute bit to the permission if the dir needs to be readable - if ($perms & CHMOD_READ) + if ($perms & phpbb::CHMOD_READ) { - $perms |= CHMOD_EXECUTE; + $perms |= phpbb::CHMOD_EXECUTE; } } @@ -555,7 +250,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) clearstatcache(); - if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename)))) + if (!is_null($php) || ((!($perms & phpbb::CHMOD_READ) || is_readable($filename)) && (!($perms & phpbb::CHMOD_WRITE) || is_writable($filename)))) { break; } @@ -565,7 +260,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) clearstatcache(); - if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename)))) + if (!is_null($php) || ((!($perms & phpbb::CHMOD_READ) || is_readable($filename)) && (!($perms & phpbb::CHMOD_WRITE) || is_writable($filename)))) { break; } @@ -578,211 +273,6 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) return $result; } -/* -* Checks if a path ($path) is absolute or relative -* -* @param string $path Path to check absoluteness of -* @return boolean -*/ -function is_absolute($path) -{ - return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false; -} - -/** -* @author Chris Smith <chris@project-minerva.org> -* @copyright 2006 Project Minerva Team -* @param string $path The path which we should attempt to resolve. -* @return mixed -*/ -function phpbb_own_realpath($path) -{ - // Now to perform funky shizzle - - // Switch to use UNIX slashes - $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); - $path_prefix = ''; - - // Determine what sort of path we have - if (is_absolute($path)) - { - $absolute = true; - - if ($path[0] == '/') - { - // Absolute path, *NIX style - $path_prefix = ''; - } - else - { - // Absolute path, Windows style - // Remove the drive letter and colon - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); - } - } - else - { - // Relative Path - // Prepend the current working directory - if (function_exists('getcwd')) - { - // This is the best method, hopefully it is enabled! - $path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path; - $absolute = true; - if (preg_match('#^[a-z]:#i', $path)) - { - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); - } - else - { - $path_prefix = ''; - } - } - else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME'])) - { - // Warning: If chdir() has been used this will lie! - // Warning: This has some problems sometime (CLI can create them easily) - $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; - $absolute = true; - $path_prefix = ''; - } - else - { - // We have no way of getting the absolute path, just run on using relative ones. - $absolute = false; - $path_prefix = '.'; - } - } - - // Remove any repeated slashes - $path = preg_replace('#/{2,}#', '/', $path); - - // Remove the slashes from the start and end of the path - $path = trim($path, '/'); - - // Break the string into little bits for us to nibble on - $bits = explode('/', $path); - - // Remove any . in the path, renumber array for the loop below - $bits = array_values(array_diff($bits, array('.'))); - - // Lets get looping, run over and resolve any .. (up directory) - for ($i = 0, $max = sizeof($bits); $i < $max; $i++) - { - // @todo Optimise - if ($bits[$i] == '..' ) - { - if (isset($bits[$i - 1])) - { - if ($bits[$i - 1] != '..') - { - // We found a .. and we are able to traverse upwards, lets do it! - unset($bits[$i]); - unset($bits[$i - 1]); - $i -= 2; - $max -= 2; - $bits = array_values($bits); - } - } - else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute - { - // We have an absolute path trying to descend above the root of the filesystem - // ... Error! - return false; - } - } - } - - // Prepend the path prefix - array_unshift($bits, $path_prefix); - - $resolved = ''; - - $max = sizeof($bits) - 1; - - // Check if we are able to resolve symlinks, Windows cannot. - $symlink_resolve = (function_exists('readlink')) ? true : false; - - foreach ($bits as $i => $bit) - { - if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit"))) - { - // Path Exists - if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit"))) - { - // Resolved a symlink. - $resolved = $link . (($i == $max) ? '' : '/'); - continue; - } - } - else - { - // Something doesn't exist here! - // This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic - // return false; - } - $resolved .= $bit . (($i == $max) ? '' : '/'); - } - - // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it - // because we must be inside that basedir, the question is where... - // @internal The slash in is_dir() gets around an open_basedir restriction - if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved))) - { - return false; - } - - // Put the slashes back to the native operating systems slashes - $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); - - // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($resolved, -1) == DIRECTORY_SEPARATOR) - { - return substr($resolved, 0, -1); - } - - return $resolved; // We got here, in the end! -} - -if (!function_exists('realpath')) -{ - /** - * A wrapper for realpath - * @ignore - */ - function phpbb_realpath($path) - { - return phpbb_own_realpath($path); - } -} -else -{ - /** - * A wrapper for realpath - */ - function phpbb_realpath($path) - { - $realpath = realpath($path); - - // Strangely there are provider not disabling realpath but returning strange values. :o - // We at least try to cope with them. - if ($realpath === $path || $realpath === false) - { - return phpbb_own_realpath($path); - } - - // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($realpath, -1) == DIRECTORY_SEPARATOR) - { - $realpath = substr($realpath, 0, -1); - } - - return $realpath; - } -} - // functions used for building option fields /** @@ -1668,498 +1158,10 @@ function on_page($num_items, $per_page, $start) return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1)); } -// Server functions (building urls, redirecting...) - -/** -* Append session id to url. -* This function supports hooks. -* -* @param string $url The url the session id needs to be appended to (can have params) -* @param mixed $params String or array of additional url parameters -* @param bool $is_amp Is url using & (true) or & (false) -* @param string $session_id Possibility to use a custom session id instead of the global one -* -* Examples: -* <code> -* append_sid(PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT . '?t=1&f=2'); -* append_sid(PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT, 't=1&f=2'); -* append_sid('viewtopic', 't=1&f=2'); // short notation of the above example -* append_sid('viewtopic', 't=1&f=2', false); -* append_sid('viewtopic', array('t' => 1, 'f' => 2)); -* </code> -* -*/ -function append_sid($url, $params = false, $is_amp = true, $session_id = false) -{ - global $_SID, $_EXTRA_URL, $phpbb_hook; - static $parsed_urls = array(); - - // The following code is used to make sure such calls like append_sid('viewtopic') (ommitting phpbb_root_path and php_ext) work as intended - if (isset($parsed_urls[$url])) - { - // Set an url like 'viewtopic' to PHPBB_ROOT_PATH . 'viewtopic.' . PHP_EXT - $url = $parsed_urls[$url]; - } - else - { - // If we detect an url without root path and extension, and also not a relative or absolute path, we add it and put it to the parsed urls - if (strpos($url, '.' . PHP_EXT) === false && $url[0] != '.' && $url[0] != '/') - { - $parsed_urls[$url] = $url = PHPBB_ROOT_PATH . $url . '.' . PHP_EXT; - } - } - - if (empty($params)) - { - $params = false; - } - - // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly. - // They could mimick most of what is within this function - if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) - { - if ($phpbb_hook->hook_return(__FUNCTION__)) - { - return $phpbb_hook->hook_return_result(__FUNCTION__); - } - } - - $params_is_array = is_array($params); - - // Get anchor - $anchor = ''; - if (strpos($url, '#') !== false) - { - list($url, $anchor) = explode('#', $url, 2); - $anchor = '#' . $anchor; - } - else if (!$params_is_array && strpos($params, '#') !== false) - { - list($params, $anchor) = explode('#', $params, 2); - $anchor = '#' . $anchor; - } - - // Handle really simple cases quickly - if ($_SID == '' && $session_id === false && empty($_EXTRA_URL) && !$params_is_array && !$anchor) - { - if ($params === false) - { - return $url; - } - - $url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&' : '&'); - return $url . ($params !== false ? $url_delim. $params : ''); - } - - // Assign sid if session id is not specified - if ($session_id === false) - { - $session_id = $_SID; - } - - $amp_delim = ($is_amp) ? '&' : '&'; - $url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim; - - // Appending custom url parameter? - $append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : ''; - - // Use the short variant if possible ;) - if ($params === false) - { - // Append session id - if (!$session_id) - { - return $url . (($append_url) ? $url_delim . $append_url : '') . $anchor; - } - else - { - return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id . $anchor; - } - } - - // Build string if parameters are specified as array - if (is_array($params)) - { - $output = array(); - - foreach ($params as $key => $item) - { - if ($item === NULL) - { - continue; - } - - if ($key == '#') - { - $anchor = '#' . $item; - continue; - } - - $output[] = $key . '=' . $item; - } - - $params = implode($amp_delim, $output); - } - - // Append session id and parameters (even if they are empty) - // If parameters are empty, the developer can still append his/her parameters without caring about the delimiter - return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id) . $anchor; -} - -/** -* Generate board url (example: http://www.example.com/phpBB) -* @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com) -*/ -function generate_board_url($without_script_path = false) -{ - global $config, $user; - - $server_name = $user->host; - $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - - // Forcing server vars is the only way to specify/override the protocol - if ($config['force_server_vars'] || !$server_name) - { - $server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://'); - $server_name = $config['server_name']; - $server_port = (int) $config['server_port']; - $script_path = $config['script_path']; - - $url = $server_protocol . $server_name; - $cookie_secure = $config['cookie_secure']; - } - else - { - // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection - $cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; - $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; - - $script_path = $user->page['root_script_path']; - } - - if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80))) - { - // HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true) - if (strpos($server_name, ':') === false) - { - $url .= ':' . $server_port; - } - } - - if (!$without_script_path) - { - $url .= $script_path; - } - - // Strip / from the end - if (substr($url, -1, 1) == '/') - { - $url = substr($url, 0, -1); - } - - return $url; -} - -/** -* Redirects the user to another page then exits the script nicely -* This function is intended for urls within the board. It's not meant to redirect to cross-domains. -* -* @param string $url The url to redirect to -* @param bool $return If true, do not redirect but return the sanitized URL. Default is no return. -* @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false. -*/ -function redirect($url, $return = false, $disable_cd_check = false) -{ - global $db, $cache, $config, $user; - - if (empty($user->lang)) - { - $user->add_lang('common'); - } - - if (!$return) - { - garbage_collection(); - } - - // Make sure no &'s are in, this will break the redirect - $url = str_replace('&', '&', $url); - - // Determine which type of redirect we need to handle... - $url_parts = parse_url($url); - - if ($url_parts === false) - { - // Malformed url, redirect to current page... - $url = generate_board_url() . '/' . $user->page['page']; - } - else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) - { - // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) - if (!$disable_cd_check && $url_parts['host'] !== $user->host) - { - $url = generate_board_url(); - } - } - else if ($url[0] == '/') - { - // Absolute uri, prepend direct url... - $url = generate_board_url(true) . $url; - } - else - { - // Relative uri - $pathinfo = pathinfo($url); - - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') - { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } - - if ($user->page['page_dir']) - { - $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; - } - else - { - $url = generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but PHPBB_ROOT_PATH is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath(PHPBB_ROOT_PATH))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); - - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); - - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } - - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } - - $url = str_replace($pathinfo['dirname'] . '/', '', $url); - - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } - - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; - } - } - - // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 - if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) - { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); - } - - // Now, also check the protocol and for a valid url the last time... - $allowed_protocols = array('http', 'https', 'ftp', 'ftps'); - $url_parts = parse_url($url); - - if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) - { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); - } - - if ($return) - { - return $url; - } - - // Redirect via an HTML form for PITA webservers - if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'; - echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '" xml:lang="' . $user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . $user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - - // Behave as per HTTP/1.1 spec for others - header('Location: ' . $url); - exit; -} - -/** -* Re-Apply session id after page reloads -*/ -function reapply_sid($url) -{ - if ($url === 'index.' . PHP_EXT) - { - return append_sid('index.' . PHP_EXT); - } - else if ($url === PHPBB_ROOT_PATH . 'index.' . PHP_EXT) - { - return append_sid('index'); - } - - // Remove previously added sid - if (strpos($url, '?sid=') !== false) - { - $url = preg_replace('/(\?)sid=[a-z0-9]+(&|&)?/', '\1', $url); - } - else if (strpos($url, '&sid=') !== false) - { - $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); - } - else if (strpos($url, '&sid=') !== false) - { - $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); - } - - return append_sid($url); -} - -/** -* Returns url from the session/current page with an re-appended SID with optionally stripping vars from the url -*/ -function build_url($strip_vars = false) -{ - global $user; - - // Append SID - $redirect = append_sid($user->page['page'], false, false); - - // Add delimiter if not there... - if (strpos($redirect, '?') === false) - { - $redirect .= '?'; - } - - // Strip vars... - if ($strip_vars !== false && strpos($redirect, '?') !== false) - { - if (!is_array($strip_vars)) - { - $strip_vars = array($strip_vars); - } - - $query = $_query = array(); - - $args = substr($redirect, strpos($redirect, '?') + 1); - $args = ($args) ? explode('&', $args) : array(); - $redirect = substr($redirect, 0, strpos($redirect, '?')); - - foreach ($args as $argument) - { - $arguments = explode('=', $argument); - $key = $arguments[0]; - unset($arguments[0]); - - $query[$key] = implode('=', $arguments); - } - - // Strip the vars off - foreach ($strip_vars as $strip) - { - if (isset($query[$strip])) - { - unset($query[$strip]); - } - } - - // Glue the remaining parts together... already urlencoded - foreach ($query as $key => $value) - { - $_query[] = $key . '=' . $value; - } - $query = implode('&', $_query); - - $redirect .= ($query) ? '?' . $query : ''; - } - - return PHPBB_ROOT_PATH . str_replace('&', '&', $redirect); -} - -/** -* Meta refresh assignment -* Adds META template variable with meta http tag. -* -* @param int $time Time in seconds for meta refresh tag -* @param string $url URL to redirect to. The url will go through redirect() first before the template variable is assigned -* @param bool $disable_cd_check If true, meta_refresh() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false. -*/ -function meta_refresh($time, $url, $disable_cd_check = false) -{ - global $template; - - $url = redirect($url, true, $disable_cd_check); - $url = str_replace('&', '&', $url); - - // For XHTML compatibility we change back & to & - $template->assign_vars(array( - 'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />') - ); - - return $url; -} //Form validation -/** -* Add a secret hash for use in links/GET requests -* @param string $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply -* @return string the hash - -*/ -function generate_link_hash($link_name) -{ - global $user; - - if (!isset($user->data["hash_$link_name"])) - { - $user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8); - } - - return $user->data["hash_$link_name"]; -} - - -/** -* checks a link hash - for GET requests -* @param string $token the submitted token -* @param string $link_name The name of the link -* @return boolean true if all is fine -*/ -function check_link_hash($token, $link_name) -{ - return $token === generate_link_hash($link_name); -} /** * Add a secret token to the form (requires the S_FORM_TOKEN template variable) @@ -2446,7 +1448,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login - if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) + if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != phpbb::USER_FOUNDER) { return; } @@ -3341,7 +2343,7 @@ function page_header($page_title = '', $display_online_list = true) if (($row['session_viewonline']) || $auth->acl_get('u_viewonline')) { - $user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']); + $user_online_link = get_username_string(($row['user_type'] <> phpbb::USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']); $online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link; } } @@ -3716,23 +2718,4 @@ function exit_handler() exit; } -/** -* Handler for init calls in phpBB. This function is called in user::setup(); -* This function supports hooks. -*/ -function phpbb_user_session_handler() -{ - global $phpbb_hook; - - if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__)) - { - if ($phpbb_hook->hook_return(__FUNCTION__)) - { - return $phpbb_hook->hook_return_result(__FUNCTION__); - } - } - - return; -} - ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index ec018a4cf1..89c6a21468 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2163,8 +2163,8 @@ function cache_moderators() ), 'WHERE' => '(o.auth_option_id = a.auth_option_id OR o.auth_option_id = r.auth_option_id) - AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL) - OR r.auth_setting = ' . ACL_NEVER . ') + AND ((a.auth_setting = ' . phpbb::ACL_NEVER . ' AND r.auth_setting IS NULL) + OR r.auth_setting = ' . phpbb::ACL_NEVER . ') AND a.group_id = ug.group_id AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . " AND ug.user_pending = 0 @@ -2256,7 +2256,7 @@ function cache_moderators() foreach ($auth_ary as $auth_option => $setting) { // Make sure at least one ACL_YES option is set... - if ($setting == ACL_YES) + if ($setting == phpbb::ACL_YES) { $flag = true; break; @@ -2633,7 +2633,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li $sql = 'SELECT COUNT(user_id) AS user_count FROM ' . USERS_TABLE . ' - WHERE user_type = ' . USER_INACTIVE . + WHERE user_type = ' . phpbb::USER_INACTIVE . (($limit_days) ? " AND user_inactive_time >= $limit_days" : ''); $result = $db->sql_query($sql); $user_count = (int) $db->sql_fetchfield('user_count'); @@ -2646,7 +2646,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li $sql = 'SELECT user_id, username, user_regdate, user_lastvisit, user_inactive_time, user_inactive_reason FROM ' . USERS_TABLE . ' - WHERE user_type = ' . USER_INACTIVE . + WHERE user_type = ' . phpbb::USER_INACTIVE . (($limit_days) ? " AND user_inactive_time >= $limit_days" : '') . " ORDER BY $sort_by"; $result = $db->sql_query_limit($sql, $limit, $offset); diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index eb25270738..dd3ea9bbf0 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -226,7 +226,7 @@ class compress_zip extends compress { trigger_error("Could not create directory $folder"); } - phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE); + phpbb_chmod($str, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); } } } @@ -255,7 +255,7 @@ class compress_zip extends compress { trigger_error("Could not create directory $folder"); } - phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE); + phpbb_chmod($str, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); } } } @@ -540,7 +540,7 @@ class compress_tar extends compress { trigger_error("Could not create directory $folder"); } - phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE); + phpbb_chmod($str, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); } } } @@ -567,7 +567,7 @@ class compress_tar extends compress { trigger_error("Could not create directory $folder"); } - phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE); + phpbb_chmod($str, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); } } @@ -576,7 +576,7 @@ class compress_tar extends compress { trigger_error("Couldn't create file $filename"); } - phpbb_chmod($target_filename, CHMOD_READ); + phpbb_chmod($target_filename, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); // Grab the file contents fwrite($fp, ($filesize) ? $fzread($this->fp, ($filesize + 511) &~ 511) : '', $filesize); diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 181a32fab2..66875f0e69 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -157,7 +157,7 @@ function auto_id($pad = 0) */ function set_user_type($user_active) { - return ($user_active) ? USER_NORMAL : USER_INACTIVE; + return ($user_active) ? phpbb::USER_NORMAL : phpbb::USER_INACTIVE; } /** @@ -1461,7 +1461,7 @@ function compare_table($tables, $tablename, &$prefixes) * @param mixed $forum_id forum ids (array|int|0) -> 0 == all forums * @param mixed $ug_id [int] user_id|group_id : [string] usergroup name * @param mixed $acl_list [string] acl entry : [array] acl entries : [string] role entry -* @param int $setting ACL_YES|ACL_NO|ACL_NEVER +* @param int $setting phpbb::ACL_YES|ACL_NO|ACL_NEVER */ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO) { @@ -1850,7 +1850,7 @@ function add_bots() foreach ($bots as $bot_name => $bot_ary) { $user_row = array( - 'user_type' => USER_IGNORE, + 'user_type' => phpbb::USER_IGNORE, 'group_id' => $group_id, 'username' => $bot_name, 'user_regdate' => time(), @@ -1890,7 +1890,7 @@ function update_dynamic_config() // Get latest username $sql = 'SELECT user_id, username, user_colour FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + WHERE user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ')'; if (!empty($config['increment_user_id'])) { @@ -1934,7 +1934,7 @@ function update_dynamic_config() $sql = 'SELECT COUNT(user_id) AS stat FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ',' . USER_FOUNDER . ')'; + WHERE user_type IN (' . phpbb::USER_NORMAL . ',' . phpbb::USER_FOUNDER . ')'; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -2056,11 +2056,11 @@ function fix_empty_primary_groups() // Set group ids for users not already having it $sql = 'UPDATE ' . USERS_TABLE . ' SET group_id = ' . get_group_id('registered') . ' - WHERE group_id = 0 AND user_type = ' . USER_INACTIVE; + WHERE group_id = 0 AND user_type = ' . phpbb::USER_INACTIVE; $db->sql_query($sql); $sql = 'UPDATE ' . USERS_TABLE . ' SET group_id = ' . get_group_id('registered') . ' - WHERE group_id = 0 AND user_type = ' . USER_NORMAL; + WHERE group_id = 0 AND user_type = ' . phpbb::USER_NORMAL; $db->sql_query($sql); $db->sql_query('UPDATE ' . USERS_TABLE . ' SET group_id = ' . get_group_id('guests') . ' WHERE user_id = ' . ANONYMOUS); diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 95d293c04d..ed9f25744b 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -706,7 +706,7 @@ class queue @flock($fp, LOCK_UN); fclose($fp); - phpbb_chmod($this->cache_file, CHMOD_WRITE); + phpbb_chmod($this->cache_file, phpbb::CHMOD_WRITE); } } @@ -747,7 +747,7 @@ class queue @flock($fp, LOCK_UN); fclose($fp); - phpbb_chmod($this->cache_file, CHMOD_WRITE); + phpbb_chmod($this->cache_file, phpbb::CHMOD_WRITE); } } } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c7749539ae..40d075a52c 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -731,7 +731,7 @@ function create_thumbnail($source, $destination, $mimetype) return false; } - phpbb_chmod($destination, CHMOD_READ | CHMOD_WRITE); + phpbb_chmod($destination, phpbb::CHMOD_READ | phpbb::CHMOD_WRITE); return true; } @@ -1142,7 +1142,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . " AND w.user_id NOT IN ($sql_ignore_users) AND w.notify_status = 0 - AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ') + AND u.user_type IN (" . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ') AND u.user_id = w.user_id'; $result = $db->sql_query($sql); @@ -1175,7 +1175,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id WHERE fw.forum_id = $forum_id AND fw.user_id NOT IN ($sql_ignore_users) AND fw.notify_status = 0 - AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ') + AND u.user_type IN (" . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ') AND u.user_id = fw.user_id'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index c67266e9c5..ad77981ead 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1144,7 +1144,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) $sql = 'SELECT user_id, username, user_colour FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $u) . ' - AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + AND user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ')'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1348,7 +1348,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' . + AND u.user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ')' . $sql_allow_pm; $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index c79c0808af..dc2f399dcd 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -121,9 +121,9 @@ class filespec case 'avatar': $this->extension = strtolower($this->extension); $this->realname = $prefix . $user_id . '.' . $this->extension; - + break; - + case 'unique_ext': default: $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; @@ -228,8 +228,8 @@ class filespec { return @filesize($filename); } - - + + /** * Check the first 256 bytes for forbidden content */ @@ -239,7 +239,7 @@ class filespec { return true; } - + $fp = @fopen($this->filename, 'rb'); if ($fp !== false) @@ -276,7 +276,7 @@ class filespec return false; } - $chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod; + $chmod = ($chmod === false) ? phpbb::CHMOD_READ | phpbb::CHMOD_WRITE : $chmod; // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = PHPBB_ROOT_PATH . $destination; @@ -419,7 +419,7 @@ class filespec { $size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] ); $max_filesize = get_formatted_filesize($this->upload->max_filesize, false); - + $this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); return false; @@ -531,7 +531,7 @@ class fileupload $this->max_filesize = (int) $max_filesize; } } - + /** * Set disallowed strings */ @@ -875,7 +875,7 @@ class fileupload { $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); } - + // MIME Sniffing if (!$this->valid_content($file)) { diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 8a72e775c5..c9eafc3d90 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -91,7 +91,7 @@ function update_last_username() // Get latest username $sql = 'SELECT user_id, username, user_colour FROM ' . USERS_TABLE . ' - WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') + WHERE user_type IN (' . phpbb::USER_NORMAL . ', ' . phpbb::USER_FOUNDER . ') ORDER BY user_id DESC'; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); @@ -276,7 +276,7 @@ function user_add($user_row, $cp_data = false) group_set_user_default($user_row['group_id'], array($user_id), false); // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent - if ($user_row['user_type'] == USER_NORMAL) + if ($user_row['user_type'] == phpbb::USER_NORMAL) { set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true); @@ -390,7 +390,7 @@ function user_delete($mode, $user_id, $post_username = false) } // If the user is inactive and newly registered we assume no posts from this user being there... - if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts']) + if ($user_row['user_type'] == phpbb::USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts']) { } else @@ -566,7 +566,7 @@ function user_delete($mode, $user_id, $post_username = false) } // Decrement number of users if this user is active - if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE) + if ($user_row['user_type'] != phpbb::USER_INACTIVE && $user_row['user_type'] != phpbb::USER_IGNORE) { set_config('num_users', $config['num_users'] - 1, true); } @@ -605,14 +605,14 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL) { $sql_ary = array(); - if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER || - ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) || - ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE)) + if ($row['user_type'] == phpbb::USER_IGNORE || $row['user_type'] == phpbb::USER_FOUNDER || + ($mode == 'activate' && $row['user_type'] != phpbb::USER_INACTIVE) || + ($mode == 'deactivate' && $row['user_type'] == phpbb::USER_INACTIVE)) { continue; } - if ($row['user_type'] == USER_INACTIVE) + if ($row['user_type'] == phpbb::USER_INACTIVE) { $activated++; } @@ -625,9 +625,9 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL) } $sql_ary += array( - 'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL, - 'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0, - 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0, + 'user_type' => ($row['user_type'] == phpbb::USER_NORMAL) ? phpbb::USER_INACTIVE : phpbb::USER_NORMAL, + 'user_inactive_time' => ($row['user_type'] == phpbb::USER_NORMAL) ? time() : 0, + 'user_inactive_reason' => ($row['user_type'] == phpbb::USER_NORMAL) ? $reason : 0, ); $sql_statements[$row['user_id']] = $sql_ary; @@ -720,7 +720,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // Create a list of founder... $sql = 'SELECT user_id, user_email, username_clean FROM ' . USERS_TABLE . ' - WHERE user_type = ' . USER_FOUNDER; + WHERE user_type = ' . phpbb::USER_FOUNDER; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -3244,7 +3244,7 @@ function group_update_listings($group_id) break 3; } - if ($setting != ACL_YES) + if ($setting != phpbb::ACL_YES) { continue; } |