aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_users.php8
-rw-r--r--phpBB/includes/session.php11
2 files changed, 17 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 363c900edc..70e08f79f2 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1009,6 +1009,13 @@ class acp_users
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
$db->sql_freeresult($result);
+ $sql = 'SELECT post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE poster_id = '. $user_id;
+ $result = $db->sql_query_limit($sql, 1);
+ $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
+ $db->sql_freeresult($result);
+
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
@@ -1036,6 +1043,7 @@ class acp_users
'USER_EMAIL' => $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],
+ 'USER_HAS_POSTS' => $user_row['user_has_posts'],
'USER_INACTIVE_REASON' => $inactive_reason,
));
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index a894242a39..496c12a0d1 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -322,8 +322,15 @@ class session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
+ // if no session id is set, redirect to index.php
+ if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid']))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-30 19:02:01 +0000