aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php131
1 files changed, 96 insertions, 35 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index fff55d993e..a152d9b620 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2233,7 +2233,6 @@ function generate_board_url($without_script_path = false)
global $config, $user, $request;
$server_name = $user->host;
- $server_port = $request->server('SERVER_PORT', 0);
// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)
@@ -2248,6 +2247,13 @@ function generate_board_url($without_script_path = false)
}
else
{
+ $server_port = $request->server('SERVER_PORT', 0);
+ $forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');
+
+ if (!empty($forwarded_proto) && $forwarded_proto === 'https')
+ {
+ $server_port = 443;
+ }
// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
$cookie_secure = $request->is_secure() ? 1 : 0;
$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
@@ -2401,6 +2407,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';
echo '<head>';
echo '<meta charset="utf-8">';
+ echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
echo '<title>' . $user->lang['REDIRECT'] . '</title>';
echo '</head>';
@@ -2602,8 +2609,9 @@ function check_link_hash($token, $link_name)
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
+* @param string $template_variable_suffix A string that is appended to the name of the template variable to which the form elements are assigned
*/
-function add_form_key($form_name)
+function add_form_key($form_name, $template_variable_suffix = '')
{
global $config, $template, $user, $phpbb_dispatcher;
@@ -2620,13 +2628,15 @@ function add_form_key($form_name)
* Perform additional actions on creation of the form token
*
* @event core.add_form_key
- * @var string form_name The form name
- * @var int now Current time timestamp
- * @var string s_fields Generated hidden fields
- * @var string token Form token
- * @var string token_sid User session ID
+ * @var string form_name The form name
+ * @var int now Current time timestamp
+ * @var string s_fields Generated hidden fields
+ * @var string token Form token
+ * @var string token_sid User session ID
+ * @var string template_variable_suffix The string that is appended to template variable name
*
* @since 3.1.0-RC3
+ * @changed 3.1.11-RC1 Added template_variable_suffix
*/
$vars = array(
'form_name',
@@ -2634,12 +2644,11 @@ function add_form_key($form_name)
's_fields',
'token',
'token_sid',
+ 'template_variable_suffix',
);
extract($phpbb_dispatcher->trigger_event('core.add_form_key', compact($vars)));
- $template->assign_vars(array(
- 'S_FORM_TOKEN' => $s_fields,
- ));
+ $template->assign_var('S_FORM_TOKEN' . $template_variable_suffix, $s_fields);
}
/**
@@ -2821,6 +2830,21 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$user->setup();
}
+ /**
+ * This event allows an extension to modify the login process
+ *
+ * @event core.login_box_before
+ * @var string redirect Redirect string
+ * @var string l_explain Explain language string
+ * @var string l_success Success language string
+ * @var bool admin Is admin?
+ * @var bool s_display Display full login form?
+ * @var string err Error string
+ * @since 3.1.9-RC1
+ */
+ $vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err');
+ extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars)));
+
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_'))
{
@@ -2833,7 +2857,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN');
}
- if ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external'))
+ if (empty($err) && ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external')))
{
// Get credential
if ($admin)
@@ -2902,11 +2926,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
*
* @event core.login_box_redirect
* @var string redirect Redirect string
- * @var boolean admin Is admin?
- * @var bool return If true, do not redirect but return the sanitized URL.
+ * @var bool admin Is admin?
* @since 3.1.0-RC5
+ * @changed 3.1.9-RC1 Removed undefined return variable
*/
- $vars = array('redirect', 'admin', 'return');
+ $vars = array('redirect', 'admin');
extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
// append/replace SID (may change during the session for AOL users)
@@ -3982,6 +4006,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
echo '<html dir="ltr">';
echo '<head>';
echo '<meta charset="utf-8">';
+ echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
echo '<title>' . $msg_title . '</title>';
echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
@@ -4264,10 +4289,14 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
if (sizeof($online_users['online_users']))
{
- $sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour
- FROM ' . USERS_TABLE . '
- WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
- ORDER BY username_clean ASC';
+ $sql_ary = array(
+ 'SELECT' => 'u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour',
+ 'FROM' => array(
+ USERS_TABLE => 'u',
+ ),
+ 'WHERE' => $db->sql_in_set('u.user_id', $online_users['online_users']),
+ 'ORDER_BY' => 'u.username_clean ASC',
+ );
/**
* Modify SQL query to obtain online users data
@@ -4279,13 +4308,14 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
* @var string item Restrict online users to a certain
* session item, e.g. forum for
* session_forum_id
- * @var string sql SQL query to obtain users online data
+ * @var array sql_ary SQL query array to obtain users online data
* @since 3.1.4-RC1
+ * @changed 3.1.7-RC1 Change sql query into array and adjust var accordingly. Allows extension authors the ability to adjust the sql_ary.
*/
- $vars = array('online_users', 'item_id', 'item', 'sql');
+ $vars = array('online_users', 'item_id', 'item', 'sql_ary');
extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_sql', compact($vars)));
- $result = $db->sql_query($sql);
+ $result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
$rowset = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
@@ -4299,13 +4329,37 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
$row['username'] = '<em>' . $row['username'] . '</em>';
}
- if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
+ if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline') || $row['user_id'] === $user->data['user_id'])
{
$user_online_link[$row['user_id']] = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
}
}
}
}
+
+ /**
+ * Modify online userlist data
+ *
+ * @event core.obtain_users_online_string_before_modify
+ * @var array online_users Array with online users data
+ * from obtain_users_online()
+ * @var int item_id Restrict online users to item id
+ * @var string item Restrict online users to a certain
+ * session item, e.g. forum for
+ * session_forum_id
+ * @var array rowset Array with online users data
+ * @var array user_online_link Array with online users items (usernames)
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'online_users',
+ 'item_id',
+ 'item',
+ 'rowset',
+ 'user_online_link',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_before_modify', compact($vars)));
+
$online_userlist = implode(', ', $user_online_link);
if (!$online_userlist)
@@ -4837,7 +4891,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
);
$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
- $driver = $phpbb_avatar_manager->get_driver($row['avatar_type'], $ignore_config);
+ $driver = $phpbb_avatar_manager->get_driver($row['avatar_type'], !$ignore_config);
$html = '';
if ($driver)
@@ -4848,7 +4902,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
return $html;
}
- $avatar_data = $driver->get_data($row, $ignore_config);
+ $avatar_data = $driver->get_data($row);
}
else
{
@@ -4904,7 +4958,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
/**
* Generate page header
*/
-function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum')
+function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum', $send_headers = true)
{
global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
global $phpbb_dispatcher, $request, $phpbb_container, $phpbb_admin_path;
@@ -4964,6 +5018,8 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
}
}
+ $user->update_session_infos();
+
// Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS)
{
@@ -5242,17 +5298,22 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'SITE_LOGO_IMG' => $user->img('site_logo'),
));
- // An array of http headers that phpbb will set. The following event may override these.
- $http_headers = array(
- // application/xhtml+xml not used because of IE
- 'Content-type' => 'text/html; charset=UTF-8',
- 'Cache-Control' => 'private, no-cache="set-cookie"',
- 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
- );
- if (!empty($user->data['is_bot']))
+ $http_headers = array();
+
+ if ($send_headers)
{
- // Let reverse proxies know we detected a bot.
- $http_headers['X-PHPBB-IS-BOT'] = 'yes';
+ // An array of http headers that phpbb will set. The following event may override these.
+ $http_headers += array(
+ // application/xhtml+xml not used because of IE
+ 'Content-type' => 'text/html; charset=UTF-8',
+ 'Cache-Control' => 'private, no-cache="set-cookie"',
+ 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
+ );
+ if (!empty($user->data['is_bot']))
+ {
+ // Let reverse proxies know we detected a bot.
+ $http_headers['X-PHPBB-IS-BOT'] = 'yes';
+ }
}
/**
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-01 07:24:56 +0000