aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/admin
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/admin')
-rw-r--r--phpBB/admin/admin_db_utilities.php6
-rw-r--r--phpBB/admin/admin_forumauth.php22
-rw-r--r--phpBB/admin/admin_groupauth.php52
-rw-r--r--phpBB/admin/admin_userauth.php35
-rw-r--r--phpBB/admin/pagestart.inc2
5 files changed, 78 insertions, 39 deletions
diff --git a/phpBB/admin/admin_db_utilities.php b/phpBB/admin/admin_db_utilities.php
index f512b6622a..656233c259 100644
--- a/phpBB/admin/admin_db_utilities.php
+++ b/phpBB/admin/admin_db_utilities.php
@@ -782,7 +782,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
break;
}
- $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'session', 'smilies', 'themes', 'themes_name', 'topics', 'user_group', 'users', 'words');
+ $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'session', 'smilies', 'themes', 'themes_name', 'topics', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
@@ -846,7 +846,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
);
$template->assign_vars(array(
- "META" => "<meta http-equiv=\"refresh\" content=\"0;url=admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&backupstart=1&gzipcompress=$gzipcompress&startdownload=1\">",
+ "META" => "<meta http-equiv=\"refresh\" content=\"0;url=admin_db_utilities.$phpEx?perform=backup&amp;additional_tables=" . quotemeta($additional_tables) . "&amp;backup_type=$backup_type&amp;drop=1&amp;backupstart=1&amp;gzipcompress=$gzipcompress&amp;startdownload=1\">",
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"MESSAGE_TEXT" => $lang['Backup_download'])
@@ -863,7 +863,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
//
// Build the sql script file...
//
- $backup_sql = "#\n";
+ $backup_sql = "#\n";
$backup_sql .= "# phpBB Backup Script\n";
$backup_sql .= "# Dump of tables for $dbname\n";
$backup_sql .= "#\n# DATE : " . gmdate("d-m-Y H:i:s", time()) . " GMT\n";
diff --git a/phpBB/admin/admin_forumauth.php b/phpBB/admin/admin_forumauth.php
index d976074e7e..350f0031e4 100644
--- a/phpBB/admin/admin_forumauth.php
+++ b/phpBB/admin/admin_forumauth.php
@@ -37,18 +37,18 @@ require('pagestart.inc');
// Start program - define vars
//
$simple_auth_ary = array(
- 0 => array(0, 0, 0, 0, 1, 1, 1, 3),
- 1 => array(0, 0, 1, 1, 1, 1, 1, 3),
- 2 => array(1, 1, 1, 1, 1, 1, 1, 3),
- 3 => array(0, 2, 2, 2, 2, 2, 2, 3),
- 4 => array(2, 2, 2, 2, 2, 2, 2, 3),
- 5 => array(0, 3, 3, 3, 3, 3, 3, 3),
- 6 => array(3, 3, 3, 3, 3, 3, 3, 3),
+ 0 => array(0, 0, 0, 0, 1, 1, 1, 3, 1, 1),
+ 1 => array(0, 0, 1, 1, 1, 1, 1, 3, 1, 1),
+ 2 => array(1, 1, 1, 1, 1, 1, 1, 3, 1, 1),
+ 3 => array(0, 2, 2, 2, 2, 2, 2, 3, 2, 2),
+ 4 => array(2, 2, 2, 2, 2, 2, 2, 3, 2, 2),
+ 5 => array(0, 3, 3, 3, 3, 3, 3, 3, 3, 3),
+ 6 => array(3, 3, 3, 3, 3, 3, 3, 3, 3, 3),
);
$simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . " [" . $lang['Hidden'] . "]", $lang['Private'], $lang['Private'] . " [" . $lang['Hidden'] . "]", $lang['Moderators'], $lang['Moderators'] . " [" . $lang['Hidden'] . "]");
-$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");
+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate");
$field_names = array(
"auth_view" => $lang['View'],
@@ -58,9 +58,11 @@ $field_names = array(
"auth_edit" => $lang['Edit'],
"auth_delete" => $lang['Delete'],
"auth_sticky" => $lang['Sticky'],
- "auth_announce" => $lang['Announce']);
+ "auth_announce" => $lang['Announce'],
+ "auth_vote" => $lang['Vote'],
+ "auth_pollcreate" => $lang['Pollcreate']);
-$forum_auth_levels = array("ALL", "REG", "ACL", "MOD", "ADMIN");
+$forum_auth_levels = array("ALL", "REG", "PRIVATE", "MOD", "ADMIN");
$forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN);
if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]))
diff --git a/phpBB/admin/admin_groupauth.php b/phpBB/admin/admin_groupauth.php
index e3fe8d3a4c..4a36bbf932 100644
--- a/phpBB/admin/admin_groupauth.php
+++ b/phpBB/admin/admin_groupauth.php
@@ -28,15 +28,35 @@ if($setmodules == 1)
return;
}
+$phpbb_root_path = "./../";
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+
+//
+// Start session management
//
-// Include required files, get $phpEx and check permissions
+$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
+init_userprefs($userdata);
+//
+// End session management
//
-require('pagestart.inc');
+
+//
+// Is user logged in? If yes are they an admin?
+//
+if( !$userdata['session_logged_in'] )
+{
+ header("Location: ../login.$phpEx?forward_page=admin/");
+}
+else if( $userdata['user_level'] != ADMIN )
+{
+ message_die(GENERAL_MESSAGE, $lang['Not_admin']);
+}
//
// Start program - define vars
//
-$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");
+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate");
$auth_field_match = array(
"auth_view" => AUTH_VIEW,
@@ -46,7 +66,9 @@ $auth_field_match = array(
"auth_edit" => AUTH_EDIT,
"auth_delete" => AUTH_DELETE,
"auth_sticky" => AUTH_STICKY,
- "auth_announce" => AUTH_ANNOUNCE);
+ "auth_announce" => AUTH_ANNOUNCE,
+ "auth_vote" => AUTH_VOTE,
+ "auth_pollcreate" => AUTH_POLLCREATE);
$field_names = array(
"auth_view" => $lang['View'],
@@ -56,7 +78,9 @@ $field_names = array(
"auth_edit" => $lang['Edit'],
"auth_delete" => $lang['Delete'],
"auth_sticky" => $lang['Sticky'],
- "auth_announce" => $lang['Announce']);
+ "auth_announce" => $lang['Announce'],
+ "auth_vote" => $lang['Vote'],
+ "auth_pollcreate" => $lang['Pollcreate']);
// ---------------
@@ -458,7 +482,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
{
if(!empty($valid_auth_mod_sql[$forum_id]))
{
- $warning_list .= "<b><a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i] . "\">" . $warning_mod_username[$forum_id][$i] . "</a></b> " . $lang['has_moderator_status'] . " <b>" . $warning_mod_frmname[$forum_id][$i] . "</b><br />";
+ $warning_list .= "<b><a href=\"" . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i]) . "\">" . $warning_mod_username[$forum_id][$i] . "</a></b> " . $lang['has_moderator_status'] . " <b>" . $warning_mod_frmname[$forum_id][$i] . "</b><br />";
}
}
}
@@ -469,14 +493,16 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
{
if(!empty($valid_auth_prv_sql[$forum_id]))
{
- $warning_list .= "<b><a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i] . "\">" . $warning_prv_username[$forum_id][$i] . "</a></b> " . $lang['has_access_status'] . " <b>" . $warning_prv_frmname[$forum_id][$i] . "</b><br />";
+ $warning_list .= "<b><a href=\"" . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i]) . "\">" . $warning_prv_username[$forum_id][$i] . "</a></b> " . $lang['has_access_status'] . " <b>" . $warning_prv_frmname[$forum_id][$i] . "</b><br />";
}
}
}
if($warning_list != "")
{
- $warning_list = "<br />" . $lang['Conflict_message_groupauth'] . "<br/><br/>" . $warning_list . "<br />" . $lang['Click'] ." <a href=\"admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id\">" . $lang['HERE'] . "</a> " . $lang['return_group_auth_admin'] . "<br />";
+ $warning_list = "<br />" . $lang['Conflict_message_groupauth'] . "<br/><br/>" . $warning_list . "<br />" . $lang['Click'] ." <a href=\"" . append_sid("admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id") . "\">" . $lang['HERE'] . "</a> " . $lang['return_group_auth_admin'] . "<br />";
+
+ include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
@@ -489,7 +515,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
}
else
{
- header("Location: admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id");
+ header("Location: " . append_sid("admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id"));
}
}
@@ -514,6 +540,8 @@ else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
}
$select_list .= "</select>";
+ include('page_header_admin.'.$phpEx);
+
$template->set_filenames(array(
"body" => "admin/auth_select_body.tpl")
);
@@ -544,6 +572,8 @@ else
$adv = FALSE;
}
+ include('page_header_admin.'.$phpEx);
+
$template->set_filenames(array(
"body" => "admin/auth_ug_body.tpl")
);
@@ -812,7 +842,7 @@ else
$t_usergroup_list = "";
for($i = 0; $i < count($username); $i++)
{
- $t_usergroup_list .= "<a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id[$i] . "\">" . $username[$i] . "</a>";
+ $t_usergroup_list .= "<a href=\"" . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id[$i]) . "\">" . $username[$i] . "</a>";
if($i < count($username) - 1)
{
$t_usergroup_list .= ", ";
@@ -850,7 +880,7 @@ else
$switch_mode = "admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id . "&adv=";
$switch_mode .= ( !$adv ) ? "1" : "0";
$switch_mode_text = ( !$adv ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
- $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
+ $u_switch_mode = '<a href="' . append_sid($switch_mode) . '">' . $switch_mode_text . '</a>';
$template->assign_vars(array(
"USERNAME" => $t_groupname,
diff --git a/phpBB/admin/admin_userauth.php b/phpBB/admin/admin_userauth.php
index caae189210..f34676ec6a 100644
--- a/phpBB/admin/admin_userauth.php
+++ b/phpBB/admin/admin_userauth.php
@@ -40,6 +40,10 @@ init_userprefs($userdata);
//
// End session management
//
+
+//
+// Is user logged in? If yes are they an admin?
+//
if( !$userdata['session_logged_in'] )
{
header("Location: ../login.$phpEx?forward_page=admin/");
@@ -52,7 +56,7 @@ else if( $userdata['user_level'] != ADMIN )
//
// Start program - define vars
//
-$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");
+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate");
$auth_field_match = array(
"auth_view" => AUTH_VIEW,
@@ -62,7 +66,9 @@ $auth_field_match = array(
"auth_edit" => AUTH_EDIT,
"auth_delete" => AUTH_DELETE,
"auth_sticky" => AUTH_STICKY,
- "auth_announce" => AUTH_ANNOUNCE);
+ "auth_announce" => AUTH_ANNOUNCE,
+ "auth_vote" => AUTH_VOTE,
+ "auth_pollcreate" => AUTH_POLLCREATE);
$field_names = array(
"auth_view" => $lang['View'],
@@ -72,7 +78,9 @@ $field_names = array(
"auth_edit" => $lang['Edit'],
"auth_delete" => $lang['Delete'],
"auth_sticky" => $lang['Sticky'],
- "auth_announce" => $lang['Announce']);
+ "auth_announce" => $lang['Announce'],
+ "auth_vote" => $lang['Vote'],
+ "auth_pollcreate" => $lang['Pollcreate']);
// ---------------
// Start Functions
@@ -177,7 +185,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
}
}
- header("Location: admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id");
+ header("Location: " . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id"));
}
else if( $HTTP_POST_VARS['userlevel'] == "admin" && $ug_info['user_level'] != ADMIN )
@@ -214,7 +222,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
// Error ...
}
- header("Location: admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id");
+ header("Location: " . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id"));
}
else
@@ -223,7 +231,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
// Pull all the auth/group
// for this user
//
- $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_sticky, aa.auth_announce, aa.auth_mod, g.group_single_user, g.group_id, g.group_name
+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_sticky, aa.auth_announce, aa.auth_vote, aa.auth_pollcreate, aa.auth_mod, g.group_single_user, g.group_id, g.group_name
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
@@ -235,7 +243,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
$u_access = $db->sql_fetchrowset($au_result);
}
- $sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce
+ $sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_vote, f.auth_pollcreate
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id
ORDER BY c.cat_order ASC, f.forum_order ASC";
@@ -352,7 +360,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
if($new_mod_status)
{
$valid_auth_mod_sql[$this_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . "
- SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_announce = 0, auth_sticky = 0, auth_mod = $new_mod_status
+ SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0, auth_vote = 0, auth_pollcreate = 0, auth_mod = $new_mod_status
WHERE forum_id = $this_forum_id
AND group_id = " . $ug_info['group_id'];
}
@@ -538,7 +546,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
{
if(!empty($valid_auth_mod_sql[$forum_id]))
{
- $warning_list .= "<b><a href=\"admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_ary[$i] . "\">" . $warning_mod_grpname[$forum_id][$i] . "</a></b> " . $lang['grants_moderator_status'] . " <b>" . $warning_mod_frmname[$forum_id][$i] . "</b> " . $lang['for_this_user'] . "<br />";
+ $warning_list .= "<b><a href=\"" . append_sid("admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_ary[$i]) . "\">" . $warning_mod_grpname[$forum_id][$i] . "</a></b> " . $lang['grants_moderator_status'] . " <b>" . $warning_mod_frmname[$forum_id][$i] . "</b> " . $lang['for_this_user'] . "<br />";
}
}
}
@@ -549,14 +557,14 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
{
if(!empty($valid_auth_prv_sql[$forum_id]))
{
- $warning_list .= "<b><a href=\"admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_ary[$i] . "\">" . $warning_prv_grpname[$forum_id][$i] . "</a></b> " . $lang['grants_access_status'] . " <b>" . $warning_prv_frmname[$forum_id][$i] . "</b> " . $lang['for_this_user'] . "<br />";
+ $warning_list .= "<b><a href=\"" . append_sid("admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_ary[$i]) . "\">" . $warning_prv_grpname[$forum_id][$i] . "</a></b> " . $lang['grants_access_status'] . " <b>" . $warning_prv_frmname[$forum_id][$i] . "</b> " . $lang['for_this_user'] . "<br />";
}
}
}
if($warning_list != "")
{
- $warning_list = "<br />" . $lang['Conflict_message_userauth'] . "<br/><br/>" . $warning_list . "<br />" . $lang['Click'] . " <a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id\">" . $lang['HERE'] . "</a> ". $lang['return_user_auth_admin'] . "<br />";
+ $warning_list = "<br />" . $lang['Conflict_message_userauth'] . "<br/><br/>" . $warning_list . "<br />" . $lang['Click'] . " <a href=\"" . append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id") . "\">" . $lang['HERE'] . "</a> ". $lang['return_user_auth_admin'] . "<br />";
include('page_header_admin.'.$phpEx);
@@ -628,7 +636,6 @@ else
$adv = FALSE;
}
- $template_header = "admin/page_header.tpl";
include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
@@ -905,7 +912,7 @@ else
$t_usergroup_list = "";
for($i = 0; $i < count($userinf); $i++)
{
- $t_usergroup_list .= "<a href=\"admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id[$i] . "\">" . $group_name[$i] . "</a>";
+ $t_usergroup_list .= "<a href=\"" . append_sid("admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id[$i]) . "\">" . $group_name[$i] . "</a>";
if($i < count($group_name) - 1)
{
$t_usergroup_list .= ", ";
@@ -941,7 +948,7 @@ else
}
}
- $switch_mode = "admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id . "&adv=";
+ $switch_mode = append_sid("admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id . "&adv=");
$switch_mode .= ( empty($adv) ) ? "1" : "0";
$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
diff --git a/phpBB/admin/pagestart.inc b/phpBB/admin/pagestart.inc
index dd56651f8f..4cf241444b 100644
--- a/phpBB/admin/pagestart.inc
+++ b/phpBB/admin/pagestart.inc
@@ -34,7 +34,7 @@ init_userprefs($userdata);
//
if( !$userdata['session_logged_in'] )
{
- header("Location: ../login.$phpEx?forward_page=admin/");
+ header("Location: " . append_sid("../login.$phpEx?forward_page=admin/"));
}
else if( $userdata['user_level'] != ADMIN )
{
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-17 19:52:16 +0000