mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 08:47:45 +02:00
session_ids to forms and other items
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3167 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
@@ -105,6 +105,16 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
// session id check
|
||||
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
|
||||
{
|
||||
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$sid = '';
|
||||
}
|
||||
|
||||
//
|
||||
// Obtain relevant data
|
||||
//
|
||||
@@ -152,6 +162,12 @@ init_userprefs($userdata);
|
||||
// End session management
|
||||
//
|
||||
|
||||
// session id check
|
||||
if ($sid == '' || $sid != $userdata['session_id'])
|
||||
{
|
||||
message_die(ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
//
|
||||
// Check if user did or did not confirm
|
||||
// If they did not, forward them to the last page they were on
|
||||
@@ -344,12 +360,12 @@ switch( $mode )
|
||||
|
||||
if ( !empty($topic_id) )
|
||||
{
|
||||
$redirect_page = append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id");
|
||||
$redirect_page = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
|
||||
$l_redirect = sprintf($lang['Click_return_forum'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id");
|
||||
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
|
||||
$l_redirect = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
|
||||
@@ -367,7 +383,7 @@ switch( $mode )
|
||||
message_die(GENERAL_MESSAGE, $lang['None_selected']);
|
||||
}
|
||||
|
||||
$hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
|
||||
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
|
||||
|
||||
if ( isset($HTTP_POST_VARS['topic_id_list']) )
|
||||
{
|
||||
@@ -488,16 +504,16 @@ switch( $mode )
|
||||
|
||||
if ( !empty($topic_id) )
|
||||
{
|
||||
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
|
||||
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
|
||||
$message .= sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id");
|
||||
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
|
||||
$message .= sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$old_forum_id") . '">', '</a>');
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$old_forum_id&sid=" . $userdata['session_id'] . '">', '</a>');
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
|
||||
@@ -512,7 +528,7 @@ switch( $mode )
|
||||
message_die(GENERAL_MESSAGE, $lang['None_selected']);
|
||||
}
|
||||
|
||||
$hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
|
||||
$hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
|
||||
|
||||
if ( isset($HTTP_POST_VARS['topic_id_list']) )
|
||||
{
|
||||
@@ -580,16 +596,16 @@ switch( $mode )
|
||||
|
||||
if ( !empty($topic_id) )
|
||||
{
|
||||
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
|
||||
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
|
||||
$message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id");
|
||||
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
|
||||
$message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'] . '">', '</a>');
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
|
||||
@@ -624,16 +640,16 @@ switch( $mode )
|
||||
|
||||
if ( !empty($topic_id) )
|
||||
{
|
||||
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
|
||||
$redirect_page = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
|
||||
$message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id");
|
||||
$redirect_page = "modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'];
|
||||
$message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
|
||||
}
|
||||
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
|
||||
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id&sid=" . $userdata['session_id'] . '">', '</a>');
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
|
||||
@@ -713,10 +729,10 @@ switch( $mode )
|
||||
sync('forum', $forum_id);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">')
|
||||
'META' => '<meta http-equiv="refresh" content="3;url=' . "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'] . '">')
|
||||
);
|
||||
|
||||
$message = $lang['Topic_split'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
|
||||
$message = $lang['Topic_split'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'] . '">', '</a>');
|
||||
message_die(GENERAL_MESSAGE, $message);
|
||||
}
|
||||
else
|
||||
@@ -739,7 +755,7 @@ switch( $mode )
|
||||
message_die(GENERAL_ERROR, 'Could not get topic/post information', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" /><input type="hidden" name="mode" value="split" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" /><input type="hidden" name="mode" value="split" />';
|
||||
|
||||
if( ( $total_posts = $db->sql_numrows($result) ) > 0 )
|
||||
{
|
||||
@@ -894,7 +910,7 @@ switch( $mode )
|
||||
|
||||
'IP' => $ip_this_post,
|
||||
|
||||
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $ip_this_post))
|
||||
'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=$ip_this_post&sid=" . $userdata['session_id'])
|
||||
);
|
||||
|
||||
//
|
||||
@@ -935,7 +951,7 @@ switch( $mode )
|
||||
'IP' => $ip,
|
||||
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
|
||||
|
||||
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $row['poster_ip']))
|
||||
'U_LOOKUP_IP' => "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=$post_id&" . POST_TOPIC_URL . "=$topic_id&rdns=" . $row['poster_ip'] . "&sid=" . $userdata['session_id'])
|
||||
);
|
||||
|
||||
$i++;
|
||||
@@ -1008,7 +1024,7 @@ switch( $mode )
|
||||
'L_SELECT' => $lang['Select'],
|
||||
|
||||
'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">',
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">',
|
||||
'S_MODCP_ACTION' => append_sid("modcp.$phpEx"))
|
||||
);
|
||||
|
||||
@@ -1096,7 +1112,7 @@ switch( $mode )
|
||||
$topic_title = preg_replace($orig_word, $replacement_word, $topic_title);
|
||||
}
|
||||
|
||||
$u_view_topic = append_sid("modcp.$phpEx?mode=split&" . POST_TOPIC_URL . "=$topic_id");
|
||||
$u_view_topic = "modcp.$phpEx?mode=split&" . POST_TOPIC_URL . "=$topic_id&sid=" . $userdata['session_id'];
|
||||
$topic_replies = $row['topic_replies'];
|
||||
|
||||
$last_post_time = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']);
|
||||
|
||||
Reference in New Issue
Block a user