diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 19 |
2 files changed, 26 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 32bbe4e46d..df5eea46e6 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -891,9 +891,20 @@ class acp_users } } + // Posts in Queue + $sql = 'SELECT COUNT(post_id) as posts_in_queue + FROM ' . POSTS_TABLE . ' + WHERE poster_id = ' . $user_id . ' + AND post_postcount = 1 + AND post_approved = 0'; + $result = $db->sql_query($sql); + $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); + $db->sql_freeresult($result); + $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), + 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 'S_OVERVIEW' => true, @@ -905,9 +916,11 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", + 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '', + 'POSTS_IN_QUEUE' => $user_row['posts_in_queue'], 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 5fcaece0d6..e96583f75f 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2218,10 +2218,12 @@ function meta_refresh($time, $url) function generate_link_hash($link_name) { global $user; + if (!isset($user->data["hash_$link_name"])) { $user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8); } + return $user->data["hash_$link_name"]; } @@ -2244,16 +2246,18 @@ function check_link_hash($token, $link_name) function add_form_key($form_name) { global $config, $template, $user; + $now = time(); $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; $token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid); $s_fields = build_hidden_fields(array( - 'creation_time' => $now, - 'form_token' => $token, + 'creation_time' => $now, + 'form_token' => $token, )); + $template->assign_vars(array( - 'S_FORM_TOKEN' => $s_fields, + 'S_FORM_TOKEN' => $s_fields, )); } @@ -2279,23 +2283,26 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg $creation_time = abs(request_var('creation_time', 0)); $token = request_var('form_token', ''); - $diff = (time() - $creation_time); + $diff = time() - $creation_time; - if (($diff <= $timespan) || $timespan === -1) + // If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)... + if ($diff && ($diff <= $timespan || $timespan === -1)) { $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; - $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid); + if ($key === $token) { return true; } } } + if ($trigger) { trigger_error($user->lang['FORM_INVALID'] . $return_page); } + return false; } |