aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/includes/session.php20
1 files changed, 14 insertions, 6 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 3254d44042..b000a70d07 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -244,7 +244,7 @@ class session
if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows())
{
$db->sql_return_on_error(false);
- $this->session_id = md5(uniqid($user_ip));
+ $this->session_id = md5(uniqid($this->ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_last_visit, session_start, session_time, session_ip, session_browser, session_page, session_allow_viewonline)
@@ -508,7 +508,7 @@ class user extends session
class auth
{
var $founder = false;
- var $acl = array();
+ var $acl = array('global' => '', 'local' => '');
var $option = array();
var $acl_options = array();
@@ -553,13 +553,14 @@ class auth
for($i = 0; $i < $global_chars; $i++)
{
- $this->acl['global'] .= str_pad(decbin(ord($userdata['user_permissions']{$i})), 8, 0, STR_LEFT_PAD);
+ $this->acl['global'] .= str_pad(decbin(ord($userdata['user_permissions']{$i})), 8, 0, STR_PAD_LEFT);
}
for ($i = $global_chars; $i < strlen($userdata['user_permissions']); $i += $local_chars)
{
$forum_id = (ord($userdata['user_permissions']{$i}) << 8) + ord($userdata['user_permissions']{$i + 1});
- for($j = $i + 2; $j < $i + $local_chars; $j++)
+ $this->acl['local'][$forum_id] = '';
+ for ($j = $i + 2; $j < $i + $local_chars; $j++)
{
$this->acl['local'][$forum_id] .= str_pad(decbin(ord($userdata['user_permissions']{$j})), 8, 0, STR_PAD_LEFT);
}
@@ -576,6 +577,7 @@ class auth
if (!isset($cache[$f][$opt]))
{
+ $cache[$f][$opt] = FALSE;
if (isset($this->acl_options['global'][$opt]))
{
$cache[$f][$opt] = $this->acl['global']{$this->acl_options['global'][$opt]};
@@ -646,7 +648,7 @@ class auth
while ($row = $db->sql_fetchrow($result))
{
- if ($this->acl[$row['forum_id']][$row['auth_option']] !== ACL_NO)
+ if (isset($this->acl[$row['forum_id']][$row['auth_option']]) && $this->acl[$row['forum_id']][$row['auth_option']] !== ACL_NO)
{
$this->acl[$row['forum_id']][$row['auth_option']] = $row['min_setting'];
}
@@ -661,6 +663,11 @@ class auth
foreach ($this->acl as $f => $auth_ary)
{
+ if (!is_array($auth_ary))
+ {
+ continue;
+ }
+
$holding = array();
$option_set = array();
@@ -677,6 +684,7 @@ class auth
$hold_str = 'local_hold';
}
+
foreach ($this->acl_options[$ary_key] as $opt => $id)
{
if (!empty($auth_ary[$opt]))
@@ -718,7 +726,7 @@ class auth
unset($local_hold);
$sql = "UPDATE " . USERS_TABLE . "
- SET user_permissions = '" . addslashes($userdata['user_permissions']) . "'
+ SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "'
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
}