mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 02:36:38 +02:00
Code Issues Releases Wiki Activity

Permission related updates ... is still not final but is getting there ... faster than British Rail too

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@2943 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2002-10-08 20:11:59 +00:00
parent 64aee6d171
commit 1d0e4ee436
40 changed files with 891 additions and 1213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
phpBB/admin/admin_ban.php
View File

@@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('ban') )
if ( !$auth->acl_get('a_ban') )
{
return;
}
@@ -36,9 +36,7 @@ if( !empty($setmodules) )
return;
}
//
// Load default header
//
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
@@ -46,7 +44,7 @@ require('pagestart.' . $phpEx);
//
// Do we have ban permissions?
//
if ( !$auth->get_acl_admin('ban') )
if ( !$auth->acl_get('a_ban') )
{
return;
}
@@ -54,9 +52,9 @@ if ( !$auth->get_acl_admin('ban') )
//
// Mode setting
//
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -68,21 +66,21 @@ $current_time = time();
//
// Start program
//
if ( isset($HTTP_POST_VARS['bansubmit']) )
if ( isset($_POST['bansubmit']) )
{
$ban_reason = ( isset($HTTP_POST_VARS['banreason']) ) ? $HTTP_POST_VARS['banreason'] : '';
$ban_list = array_unique(explode("\n", $HTTP_POST_VARS['ban']));
$ban_reason = ( isset($_POST['banreason']) ) ? $_POST['banreason'] : '';
$ban_list = array_unique(explode("\n", $_POST['ban']));
$ban_list_log = implode(', ', $ban_list);
if ( !empty($HTTP_POST_VARS['banlength']) )
if ( !empty($_POST['banlength']) )
{
if ( $HTTP_POST_VARS['banlength'] != -1 || empty($HTTP_POST_VARS['banlengthother']) )
if ( $_POST['banlength'] != -1 || empty($_POST['banlengthother']) )
{
$ban_end = max($current_time, $current_time + ( intval($HTTP_POST_VARS['banlength']) * 60 ));
$ban_end = max($current_time, $current_time + ( intval($_POST['banlength']) * 60 ));
}
else
{
$ban_other = explode('-', $HTTP_POST_VARS['banlengthother']);
$ban_other = explode('-', $_POST['banlengthother']);
$ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
}
}
@@ -130,9 +128,7 @@ if ( isset($HTTP_POST_VARS['bansubmit']) )
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ban_list[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
@@ -312,12 +308,12 @@ if ( isset($HTTP_POST_VARS['bansubmit']) )
message_die(MESSAGE, $message);
}
else if ( isset($HTTP_POST_VARS['unbansubmit']) )
else if ( isset($_POST['unbansubmit']) )
{
$unban_sql = '';
for($i = 0; $i < count($HTTP_POST_VARS['unban']); $i++ )
for($i = 0; $i < count($_POST['unban']); $i++ )
{
$unban_sql .= ( ( $unban_sql != '' ) ? ', ' : '' ) . intval($HTTP_POST_VARS['unban'][$i]);
$unban_sql .= ( ( $unban_sql != '' ) ? ', ' : '' ) . intval($_POST['unban'][$i]);
}
if ( $unban_sql != '' )
@@ -326,7 +322,7 @@ else if ( isset($HTTP_POST_VARS['unbansubmit']) )
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
add_admin_log('log_unban_' . $mode, sizeof($HTTP_POST_VARS['unban']));
add_admin_log('log_unban_' . $mode, sizeof($_POST['unban']));
}
message_die(MESSAGE, $lang['Ban_update_sucessful']);

36
phpBB/admin/admin_board.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -37,31 +37,29 @@ if ( !empty($setmodules) )
return;
}
//
// Let's set the root dir for phpBB
//
define('IN_PHPBB', 1);
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
if ( !$auth->get_acl_admin('general') )
// Are we authed?
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
// Get mod
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = '';
}
//
// Pull all config data
//
$sql = "SELECT *
FROM " . CONFIG_TABLE;
$result = $db->sql_query($sql);
@@ -72,9 +70,9 @@ while ( $row = $db->sql_fetchrow($result) )
$config_value = $row['config_value'];
$default_config[$config_name] = $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
$new[$config_name] = ( isset($_POST[$config_name]) ) ? $_POST[$config_name] : $default_config[$config_name];
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . str_replace("\'", "''", $new[$config_name]) . "'
@@ -83,7 +81,7 @@ while ( $row = $db->sql_fetchrow($result) )
}
}
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
add_admin_log('log_' . $mode . '_config');
message_die(MESSAGE, $lang['Config_updated']);
@@ -163,10 +161,6 @@ switch ( $mode )
<td class="row1"><?php echo $lang['Cookie_secure']; ?>: <br /><span class="gensmall"><?php echo $lang['Cookie_secure_explain']; ?></span></td>
<td class="row2"><input type="radio" name="cookie_secure" value="0"<?php echo $cookie_secure_no; ?> /><?php echo $lang['Disabled']; ?>&nbsp; &nbsp;<input type="radio" name="cookie_secure" value="1"<?php echo $cookie_secure_yes; ?> /><?php echo $lang['Enabled']; ?></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Session_length']; ?>: </td>
<td class="row2"><input type="text" maxlength="5" size="5" name="session_length" value="<?php echo $new['session_length']; ?>" /></td>
</tr>
<?php
break;
@@ -490,6 +484,10 @@ switch ( $mode )
<td class="row1"><?php echo $lang['Limit_load']; ?>: <br /><span class="gensmall"><?php echo $lang['Limit_load_explain']; ?></span></td>
<td class="row2"><input type="text" size="4" maxlength="4" name="limit_load" value="<?php echo $new['limit_load']; ?>" /></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Session_length']; ?>: </td>
<td class="row2"><input type="text" maxlength="5" size="5" name="session_length" value="<?php echo $new['session_length']; ?>" /></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Limit_sessions']; ?>: <br /><span class="gensmall"><?php echo $lang['Limit_sessions_explain']; ?></span></td>
<td class="row2"><input type="text" size="4" maxlength="4" name="active_sessions" value="<?php echo $new['active_sessions']; ?>" /></td>
@@ -512,18 +510,14 @@ switch ( $mode )
case 'auth':
?>
<?php
$auth_plugins = array();
$dp = opendir($phpbb_root_path . 'includes/auth');
while ( $file = readdir($dp) )
{
if ( preg_match('/^auth_(.*?)\.' . $phpEx . '$/', $file) )
if ( preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file) )
{
$auth_plugins[] = preg_replace('/^auth_(.*?)\.' . $phpEx . '$/', '\1', $file);
$auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file);
}
}

26
phpBB/admin/admin_database.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -50,7 +50,7 @@ include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have DB backup/restore permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -61,7 +61,7 @@ if ( !$auth->get_acl_admin('general') )
//
@set_time_limit(1200);
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : '';
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : '';
//
// Begin program proper
@@ -89,13 +89,13 @@ switch( $mode )
break;
}
$additional_tables = ( isset($HTTP_POST_VARS['tables']) ) ? $HTTP_POST_VARS['tables'] : ( ( isset($HTTP_GET_VARS['tables']) ) ? $HTTP_GET_VARS['tables'] : '' );
$backup_type = ( isset($HTTP_POST_VARS['type']) ) ? $HTTP_POST_VARS['type'] : ( ( isset($HTTP_GET_VARS['type']) ) ? $HTTP_GET_VARS['type'] : '' );
$search = ( !empty($HTTP_POST_VARS['search']) ) ? intval($HTTP_POST_VARS['search']) : ( ( !empty($HTTP_GET_VARS['search']) ) ? intval($HTTP_GET_VARS['search']) : 0 );
$store_path = ( isset($HTTP_POST_VARS['store']) ) ? $HTTP_POST_VARS['store'] : ( ( isset($HTTP_GET_VARS['store']) ) ? $HTTP_GET_VARS['store'] : '' );
$compress = ( !empty($HTTP_POST_VARS['compress']) ) ? $HTTP_POST_VARS['compress'] : ( ( !empty($HTTP_GET_VARS['compress']) ) ? $HTTP_GET_VARS['compress'] : 'none' );
$additional_tables = ( isset($_POST['tables']) ) ? $_POST['tables'] : ( ( isset($_GET['tables']) ) ? $_GET['tables'] : '' );
$backup_type = ( isset($_POST['type']) ) ? $_POST['type'] : ( ( isset($_GET['type']) ) ? $_GET['type'] : '' );
$search = ( !empty($_POST['search']) ) ? intval($_POST['search']) : ( ( !empty($_GET['search']) ) ? intval($_GET['search']) : 0 );
$store_path = ( isset($_POST['store']) ) ? $_POST['store'] : ( ( isset($_GET['store']) ) ? $_GET['store'] : '' );
$compress = ( !empty($_POST['compress']) ) ? $_POST['compress'] : ( ( !empty($_GET['compress']) ) ? $_GET['compress'] : 'none' );
if ( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']) )
if ( !isset($_POST['backupstart']) && !isset($_GET['backupstart']) )
{
page_header($lang['DB_Backup']);
@@ -166,7 +166,7 @@ switch( $mode )
break;
}
else if ( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
else if ( !isset($_POST['startdownload']) && !isset($_GET['startdownload']) )
{
$meta = "<meta http-equiv=\"refresh\" content=\"0;url=admin_database.$phpEx?mode=backup&amp;type=$backup_type&amp;tables=" . quotemeta($additional_tables) . "&amp;search=$search&amp;store=" . quotemeta($store_path) . "&amp;compress=$compress&amp;backupstart=1&amp;startdownload=1\">";
@@ -309,15 +309,15 @@ switch( $mode )
case 'restore':
if ( isset($HTTP_POST_VARS['restorestart']) )
if ( isset($_POST['restorestart']) )
{
//
// Handle the file upload ....
// If no file was uploaded report an error...
//
if ( !empty($HTTP_POST_VARS['local']) )
if ( !empty($_POST['local']) )
{
$file_tmpname = './../' . str_replace('\\\\', '/', $HTTP_POST_VARS['local']);
$file_tmpname = './../' . str_replace('\\\\', '/', $_POST['local']);
$filename = substr($file_tmpname, strrpos($file_tmpname, '/'));
}
else

12
phpBB/admin/admin_disallow.php
View File

@@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -45,16 +45,16 @@ require('pagestart.' . $phpEx);
//
// Do we have user admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
if( isset($HTTP_POST_VARS['add_name']) )
if( isset($_POST['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
$disallowed_user = ( isset($_POST['disallowed_user']) ) ? $_POST['disallowed_user'] : $_GET['disallowed_user'];
$disallowed_user = str_replace('*', '%', $disallowed_user);
if ( !validate_username($disallowed_user) )
@@ -76,9 +76,9 @@ if( isset($HTTP_POST_VARS['add_name']) )
message_die(MESSAGE, $message);
}
else if( isset($HTTP_POST_VARS['delete_name']) )
else if( isset($_POST['delete_name']) )
{
$disallowed_id = ( isset($HTTP_POST_VARS['disallowed_id']) ) ? intval( $HTTP_POST_VARS['disallowed_id'] ) : intval( $HTTP_GET_VARS['disallowed_id'] );
$disallowed_id = ( isset($_POST['disallowed_id']) ) ? intval( $_POST['disallowed_id'] ) : intval( $_GET['disallowed_id'] );
$sql = "DELETE FROM " . DISALLOW_TABLE . "
WHERE disallow_id = $disallowed_id";

12
phpBB/admin/admin_email.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have general admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -57,7 +57,7 @@ $subject = '';
//
// Do the job ...
//
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
//
// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
@@ -65,7 +65,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
//
@set_time_limit(1200);
$group_id = intval($HTTP_POST_VARS['g']);
$group_id = intval($_POST['g']);
$sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE;
$result = $db->sql_query($sql);
@@ -78,8 +78,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
//
}
$subject = stripslashes($HTTP_POST_VARS['subject']);
$message = stripslashes($HTTP_POST_VARS['message']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
//
// Error checking needs to go here ... if no subject and/or

4
phpBB/admin/admin_forums.php
View File

@@ -21,7 +21,7 @@
if (!empty($setmodules))
{
if (!$auth->get_acl_admin('forum'))
if (!$auth->acl_get('a_forum'))
{
return;
}
@@ -43,7 +43,7 @@ include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if (!$auth->get_acl_admin('forum'))
if (!$auth->acl_get('a_forum'))
{
message_die(MESSAGE, $lang['No_admin']);
}

34
phpBB/admin/admin_groups.php
View File

@@ -21,7 +21,7 @@
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('group') )
if ( !$auth->acl_get('a_group') )
{
return;
}
@@ -45,14 +45,14 @@ require('pagestart.' . $phpEx);
//
// Do we have general permissions?
//
if ( !$auth->get_acl_admin('group') )
if ( !$auth->acl_get('a_group') )
{
message_die(MESSAGE, $lang['No_admin']);
}
if( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
if( isset($_POST[POST_GROUPS_URL]) || isset($_GET[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
$group_id = ( isset($_POST[POST_GROUPS_URL]) ) ? intval($_POST[POST_GROUPS_URL]) : intval($_GET[POST_GROUPS_URL]);
}
else
{
@@ -62,16 +62,16 @@ else
//
// Mode setting
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = "";
}
if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
if( isset($_POST['edit']) || isset($_POST['new']) )
{
//
// Ok they are editing a group or creating a new group
@@ -80,7 +80,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
"body" => "admin/group_edit_body.tpl")
);
if ( isset($HTTP_POST_VARS['edit']) )
if ( isset($_POST['edit']) )
{
//
// They're editing. Grab the vars.
@@ -105,7 +105,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
$template->assign_block_vars("group_edit", array());
}
else if( isset($HTTP_POST_VARS['new']) )
else if( isset($_POST['new']) )
{
$group_info = array (
"group_name" => "",
@@ -152,7 +152,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
"GROUP_MODERATOR" => $group_moderator,
"L_GROUP_TITLE" => $lang['Group_administration'],
"L_GROUP_EDIT_DELETE" => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
"L_GROUP_EDIT_DELETE" => ( isset($_POST['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
"L_GROUP_NAME" => $lang['group_name'],
"L_GROUP_DESCRIPTION" => $lang['group_description'],
"L_GROUP_MODERATOR" => $lang['group_moderator'],
@@ -184,12 +184,12 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
$template->pparse('body');
}
else if( isset($HTTP_POST_VARS['group_update']) )
else if( isset($_POST['group_update']) )
{
//
// Ok, they are submitting a group, let's save the data based on if it's new or editing
//
if( isset($HTTP_POST_VARS['group_delete']) )
if( isset($_POST['group_delete']) )
{
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
@@ -218,11 +218,11 @@ else if( isset($HTTP_POST_VARS['group_update']) )
}
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : "";
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : "";
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : "";
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? intval($HTTP_POST_VARS['delete_old_moderator']) : "";
$group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN;
$group_name = isset($_POST['group_name']) ? trim($_POST['group_name']) : "";
$group_description = isset($_POST['group_description']) ? trim($_POST['group_description']) : "";
$group_moderator = isset($_POST['username']) ? $_POST['username'] : "";
$delete_old_moderator = isset($_POST['delete_old_moderator']) ? intval($_POST['delete_old_moderator']) : "";
if( $group_name == "" )
{

93
phpBB/admin/admin_permissions.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('auth') )
if ( !$auth->acl_get('a_auth') )
{
return;
}
@@ -42,21 +42,18 @@ define('IN_PHPBB', 1);
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('auth') )
if ( !$auth->acl_get('a_auth') )
{
message_die(MESSAGE, $lang['No_admin']);
}
//
// Define some vars
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : intval($HTTP_GET_VARS['f']);
$forum_id = ( isset($_POST['f']) ) ? intval($_POST['f']) : intval($_GET['f']);
$forum_sql = " WHERE forum_id = $forum_id";
}
else
@@ -65,9 +62,9 @@ else
$forum_sql = '';
}
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -108,45 +105,49 @@ switch ( $mode )
// to all other options, e.g. Moderator and Forums across the board.
// This is done via the acl class
//
if ( isset($HTTP_POST_VARS['update']) )
if ( isset($_POST['update']) )
{
switch ( $HTTP_POST_VARS['type'] )
$auth_admin = new auth_admin();
switch ( $_POST['type'] )
{
case 'user':
$set = 'set_acl_user';
$set = 'acl_set_user';
break;
case 'group':
$set = 'set_acl_group';
$set = 'acl_set_group';
break;
}
foreach ( $HTTP_POST_VARS['entries'] as $id )
foreach ( $_POST['entries'] as $id )
{
$auth->$set($forum_id, $id, $HTTP_POST_VARS['option']);
$auth_admin->$set($forum_id, $id, $_POST['option']);
}
message_die(MESSAGE, 'Permissions updated successfully');
}
else if ( isset($HTTP_POST_VARS['delete']) )
else if ( isset($_POST['delete']) )
{
switch ( $HTTP_POST_VARS['type'] )
$auth_admin = new auth_admin();
switch ( $_POST['type'] )
{
case 'user':
$set = 'delete_acl_user';
$set = 'acl_delete_user';
break;
case 'group':
$set = 'delete_acl_group';
$set = 'acl_delete_group';
break;
}
$option_ids = false;
if ( !empty($HTTP_POST_VARS['option']) )
if ( !empty($_POST['option']) )
{
$sql = "SELECT auth_option_id
FROM " . ACL_OPTIONS_TABLE . "
WHERE auth_value LIKE '" . $HTTP_POST_VARS['option'] . "_%'";
WHERE auth_value LIKE '" . $_POST['option'] . "_%'";
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
@@ -161,9 +162,9 @@ else if ( isset($HTTP_POST_VARS['delete']) )
$db->sql_freeresult($result);
}
foreach ( $HTTP_POST_VARS['entries'] as $id )
foreach ( $_POST['entries'] as $id )
{
$auth->$set($forum_id, $id, $option_ids);
$auth_admin->$set($forum_id, $id, $option_ids);
}
message_die(MESSAGE, 'Permissions updated successfully');
@@ -209,22 +210,22 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
switch ( $mode )
{
case 'forums':
$type_sql = 'forum';
$type_sql = 'f';
$forum_sql = "AND a.forum_id = $forum_id";
break;
case 'moderators':
$type_sql = 'mod';
$type_sql = 'm';
$forum_sql = "AND a.forum_id = $forum_id";
break;
case 'supermoderators':
$type_sql = 'mod';
$type_sql = 'm';
$forum_sql = '';
break;
case 'administrators':
$type_sql = 'admin';
$type_sql = 'a';
$forum_sql = '';
break;
}
@@ -241,7 +242,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
$db->sql_freeresult($result);
if ( empty($HTTP_POST_VARS['advanced']) || empty($HTTP_POST_VARS['entries']) )
if ( empty($_POST['advanced']) || empty($_POST['entries']) )
{
?>
@@ -351,15 +352,14 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
else
{
//
// Founder only operations ... these operations can
// only be altered by someone with founder status
//
$founder_sql = ( !$userdata['user_founder'] ) ? ' AND founder_only <> 1' : '';
$sql = "SELECT auth_option_id, auth_value
FROM " . ACL_OPTIONS_TABLE . "
WHERE auth_value LIKE '" . $type_sql . "_%'
AND auth_value <> '" . $type_sql . "_'
$founder_sql";
$result = $db->sql_query($sql);
@@ -370,29 +370,29 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
$db->sql_freeresult($result);
if ( $HTTP_POST_VARS['type'] == 'user' && !empty($HTTP_POST_VARS['new']) )
if ( $_POST['type'] == 'user' && !empty($_POST['new']) )
{
$HTTP_POST_VARS['entries'] = explode("\n", $HTTP_POST_VARS['entries']);
$_POST['entries'] = explode("\n", $_POST['entries']);
}
$where_sql = '';
foreach ( $HTTP_POST_VARS['entries'] as $value )
foreach ( $_POST['entries'] as $value )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . ( ( $HTTP_POST_VARS['type'] == 'user' && !empty($HTTP_POST_VARS['new']) ) ? '\'' . $value . '\'' : intval($value) );
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . ( ( $_POST['type'] == 'user' && !empty($_POST['new']) ) ? '\'' . $value . '\'' : intval($value) );
}
switch ( $HTTP_POST_VARS['type'] )
switch ( $_POST['type'] )
{
case 'group':
$l_type = 'Group';
$sql = ( empty($HTTP_POST_VARS['new']) ) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
$sql = ( empty($_POST['new']) ) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
break;
case 'user':
$l_type = 'User';
$sql = ( empty($HTTP_POST_VARS['new']) ) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
$sql = ( empty($_POST['new']) ) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
break;
}
@@ -460,7 +460,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<td class="row1" colspan="5" align="center"><textarea cols="40" rows="3"><?php echo trim($ug); ?></textarea></td>
</tr>
<tr>
<td class="cat" colspan="5" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="cancel" value="<?php echo $lang['Cancel']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $HTTP_POST_VARS['type']; ?>" /><?php echo $ug_hidden; ?></td>
<td class="cat" colspan="5" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="cancel" value="<?php echo $lang['Cancel']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $_POST['type']; ?>" /><?php echo $ug_hidden; ?></td>
</tr>
</table></form>
@@ -471,19 +471,8 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
else
{
$sql = "SELECT left_id, right_id, forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY forum_id ASC";
$result = $db->sql_query($sql);
$select_list = '';
$sub_forum = '';
while ( $row = $db->sql_fetchrow($result) )
{
$select_list .= '<option value="' . $row['forum_id'] . '">' . $sub_forum . $row['forum_name'] . '</option>';
$sub_forum .= ( $row['right_id'] - $row['left_id'] > 1 ) ? '&nbsp;&nbsp;' : '';
}
$db->sql_freeresult($result);
$select_list = make_forum_select('f');
page_header($l_title);
@@ -498,7 +487,7 @@ else
<th align="center"><?php echo $lang['Select_a_Forum']; ?></th>
</tr>
<tr>
<td class="row1" align="center">&nbsp;<select name="f"><?php echo $select_list; ?></select> &nbsp;<input type="submit" value="<?php echo $lang['Look_up_Forum']; ?>" class="mainoption" />&nbsp;</td>
<td class="row1" align="center">&nbsp;<?php echo $select_list; ?> &nbsp;<input type="submit" value="<?php echo $lang['Look_up_Forum']; ?>" class="mainoption" />&nbsp;</td>
</tr>
</table></form>

44
phpBB/admin/admin_prune.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('forum') )
if ( !$auth->acl_get('a_forum') )
{
return;
}
@@ -41,10 +41,8 @@ require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('forum') )
if ( !$auth->acl_get('a_forum') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -52,9 +50,9 @@ if ( !$auth->get_acl_admin('forum') )
//
// Get the forum ID for pruning
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : intval($HTTP_GET_VARS['f']);
$forum_id = ( isset($_POST['f']) ) ? intval($_POST['f']) : intval($_GET['f']);
$forum_sql = ( $forum_id == -1 ) ? '' : "AND forum_id = $forum_id";
}
else
@@ -65,11 +63,9 @@ else
//
// Get a list of forum's or the data for the forum that we are pruning.
//
$sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id
$forum_sql
ORDER BY c.cat_order ASC, f.forum_order ASC";
$sql = "SELECT forum_id, forum_name, left_id, right_id
FROM " . FORUMS_TABLE . "
ORDER BY left_id ASC";
$result = $db->sql_query($sql);
$forum_rows = array();
@@ -77,13 +73,14 @@ while( $row = $db->sql_fetchrow($result) )
{
$forum_rows[] = $row;
}
$db->sql_freeresult($result);
//
// Check for submit to be equal to Prune. If so then proceed with the pruning.
//
if ( isset($HTTP_POST_VARS['doprune']) )
if ( isset($_POST['doprune']) )
{
$prunedays = ( isset($HTTP_POST_VARS['prunedays']) ) ? intval($HTTP_POST_VARS['prunedays']) : 0;
$prunedays = ( isset($_POST['prunedays']) ) ? intval($_POST['prunedays']) : 0;
// Convert days to seconds for timestamp functions...
$prunedate = time() - ( $prunedays * 86400 );
@@ -133,10 +130,25 @@ else
//
// Output a selection table if no forum id has been specified.
//
$select_list .= '<option value="-1">' . $lang['All_Forums'] . '</option>';
for($i = 0; $i < count($forum_rows); $i++)
$select_list = '<option value="-1">' . $lang['All_Forums'] . '</option>';
$right = 0;
$subforum = '';
$forum_list = '';
foreach ( $forum_rows as $row )
{
$select_list .= '<option value="' . $forum_rows[$i]['forum_id'] . '">' . $forum_rows[$i]['forum_name'] . '</option>';
if ( $row['left_id'] < $right )
{
$subforum .= '&nbsp;&nbsp;&nbsp;';
}
else if ( $row['left_id'] > $right + 1 )
{
$subforum = substr($subforum, 0, -18 * ( $row['left_id'] - $right + 1 ));
}
$select_list .= '<option value="' . $row['forum_id'] . '">' . $subforum . $row['forum_name'] . '</option>';
$right = $row['right_id'];
}
?>

42
phpBB/admin/admin_prune_users.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -51,9 +51,9 @@ if ( !$auth->get_acl_admin('user') )
//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
if( isset( $_POST['mode'] ) || isset( $_GET['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset( $_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -63,9 +63,9 @@ else
//
//
//
if ( isset($HTTP_POST_VARS['prune']) )
if ( isset($_POST['prune']) )
{
if ( empty($HTTP_POST_VARS['confirm']) )
if ( empty($_POST['confirm']) )
{
$values = array('prune', 'deactivate', 'delete', 'users', 'username', 'email', 'joined_select', 'active_select', 'count_select', 'joined', 'active', 'count', 'deleteposts');
@@ -73,7 +73,7 @@ if ( isset($HTTP_POST_VARS['prune']) )
foreach ( $values as $field )
{
$l_message .= ( !empty($HTTP_POST_VARS[$field]) ) ? '<input type="hidden" name="' . $field . '" value="' . urlencode($HTTP_POST_VARS[$field]) . '" />' : '';
$l_message .= ( !empty($_POST[$field]) ) ? '<input type="hidden" name="' . $field . '" value="' . urlencode($_POST[$field]) . '" />' : '';
}
$l_message .= '</form>';
@@ -92,11 +92,11 @@ if ( isset($HTTP_POST_VARS['prune']) )
page_footer();
}
else if ( isset($HTTP_POST_VARS['confirm']) )
else if ( isset($_POST['confirm']) )
{
if ( !empty($HTTP_POST_VARS['users']) )
if ( !empty($_POST['users']) )
{
$users = explode("\n", urldecode($HTTP_POST_VARS['users']));
$users = explode("\n", urldecode($_POST['users']));
$where_sql = '';
foreach ( $users as $username )
@@ -107,15 +107,15 @@ if ( isset($HTTP_POST_VARS['prune']) )
}
else
{
$username = ( !empty($HTTP_POST_VARS['username']) ) ? urldecode($HTTP_POST_VARS['username']) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? urldecode($HTTP_POST_VARS['email']) : '';
$username = ( !empty($_POST['username']) ) ? urldecode($_POST['username']) : '';
$email = ( !empty($_POST['email']) ) ? urldecode($_POST['email']) : '';
$joined_select = ( !empty($HTTP_POST_VARS['joined_select']) ) ? $HTTP_POST_VARS['joined_select'] : 'lt';
$active_select = ( !empty($HTTP_POST_VARS['active_select']) ) ? $HTTP_POST_VARS['active_select'] :'lt';
$count_select = ( !empty($HTTP_POST_VARS['count_select']) ) ? $HTTP_POST_VARS['count_select'] : 'eq';
$joined = ( !empty($HTTP_POST_VARS['joined']) ) ? explode('-', $HTTP_POST_VARS['joined']) : array();
$active = ( !empty($HTTP_POST_VARS['active']) ) ? explode('-', $HTTP_POST_VARS['active']) :array();
$count = ( !empty($HTTP_POST_VARS['count']) ) ? intval($HTTP_POST_VARS['count']) : '';
$joined_select = ( !empty($_POST['joined_select']) ) ? $_POST['joined_select'] : 'lt';
$active_select = ( !empty($_POST['active_select']) ) ? $_POST['active_select'] :'lt';
$count_select = ( !empty($_POST['count_select']) ) ? $_POST['count_select'] : 'eq';
$joined = ( !empty($_POST['joined']) ) ? explode('-', $_POST['joined']) : array();
$active = ( !empty($_POST['active']) ) ? explode('-', $_POST['active']) :array();
$count = ( !empty($_POST['count']) ) ? intval($_POST['count']) : '';
$key_match = array('lt' => '<', 'gt' => '>', 'eq' => '=');
$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
@@ -153,9 +153,9 @@ if ( isset($HTTP_POST_VARS['prune']) )
if ( $where_sql != '' )
{
$sql = '';
if ( !empty($HTTP_POST_VARS['delete']) )
if ( !empty($_POST['delete']) )
{
if ( !empty($HTTP_POST_VARS['deleteposts']) )
if ( !empty($_POST['deleteposts']) )
{
$l_admin_log = 'log_prune_user_del_del';
@@ -178,7 +178,7 @@ if ( isset($HTTP_POST_VARS['prune']) )
$sql = "DELETE FROM " . USERS_TABLE;
}
else if ( !empty($HTTP_POST_VARS['deactivate']) )
else if ( !empty($_POST['deactivate']) )
{
$l_admin_log = 'log_prune_user_deac';

28
phpBB/admin/admin_ranks.php
View File

@@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
//
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -51,20 +51,20 @@ if ( !$auth->get_acl_admin('user') )
//
//
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
//
// These could be entered via a form button
//
if ( isset($HTTP_POST_VARS['add']) )
if ( isset($_POST['add']) )
{
$mode = 'add';
}
else if ( isset($HTTP_POST_VARS['save']) )
else if ( isset($_POST['save']) )
{
$mode = 'save';
}
@@ -84,7 +84,7 @@ if ( $mode != '' )
//
// They want to add a new rank, show the form.
//
$rank_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$rank_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;
$s_hidden_fields = '<input type="hidden" name="mode" value="save" />';
@@ -152,11 +152,11 @@ if ( $mode != '' )
// Ok, they sent us our info, let's update it.
//
$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$rank_title = ( isset($HTTP_POST_VARS['title']) ) ? trim($HTTP_POST_VARS['title']) : '';
$special_rank = ( $HTTP_POST_VARS['special_rank'] == 1 ) ? TRUE : 0;
$min_posts = ( isset($HTTP_POST_VARS['min_posts']) ) ? intval($HTTP_POST_VARS['min_posts']) : -1;
$rank_image = ( (isset($HTTP_POST_VARS['rank_image'])) ) ? trim($HTTP_POST_VARS['rank_image']) : '';
$rank_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : 0;
$rank_title = ( isset($_POST['title']) ) ? trim($_POST['title']) : '';
$special_rank = ( $_POST['special_rank'] == 1 ) ? TRUE : 0;
$min_posts = ( isset($_POST['min_posts']) ) ? intval($_POST['min_posts']) : -1;
$rank_image = ( (isset($_POST['rank_image'])) ) ? trim($_POST['rank_image']) : '';
if ( $rank_title == '' )
{
@@ -208,9 +208,9 @@ if ( $mode != '' )
// Ok, they want to delete their rank
//
if ( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
if ( isset($_POST['id']) || isset($_GET['id']) )
{
$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']);
$rank_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : intval($_GET['id']);
}
else
{

14
phpBB/admin/admin_search.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -44,7 +44,7 @@ include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -52,11 +52,11 @@ if ( !$auth->get_acl_admin('general') )
//
// Start indexing
//
if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
if ( isset($_POST['start']) || isset($_GET['batchstart']) )
{
$batchsize = 200; // Process this many posts per batch
$batchstart = ( !isset($HTTP_GET_VARS['batchstart']) ) ? $row['min_post_id'] : $HTTP_GET_VARS['batchstart'];
$batchcount = ( !isset($HTTP_GET_VARS['batchcount']) ) ? 1 : $HTTP_GET_VARS['batchcount'];
$batchstart = ( !isset($_GET['batchstart']) ) ? $row['min_post_id'] : $_GET['batchstart'];
$batchcount = ( !isset($_GET['batchcount']) ) ? 1 : $_GET['batchcount'];
$loopcount = 0;
$batchend = $batchstart + $batchsize;
@@ -108,7 +108,7 @@ if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
closedir($dir);
if ( !isset($HTTP_GET_VARS['batchstart']) )
if ( !isset($_GET['batchstart']) )
{
//
// Take board offline
@@ -312,7 +312,7 @@ if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
exit;
}
else if ( isset($HTTP_POST_VARS['cancel']) )
else if ( isset($_POST['cancel']) )
{
$sql = "UPDATE " . CONFIG_TABLE . "
SET config_value = '0'

73
phpBB/admin/admin_smilies.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have general permissions?
//
if (!$auth->get_acl_admin('general'))
if (!$auth->acl_get('a_general'))
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -51,9 +51,9 @@ if (!$auth->get_acl_admin('general'))
//
// Check to see what mode we should operate in.
//
if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']))
if (isset($_POST['mode']) || isset($_GET['mode']))
{
$mode = (!empty($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = (!empty($_POST['mode'])) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -62,10 +62,8 @@ else
$delimiter = '=+:';
$smilies_images = $smilies_paks = array();
$click_return = '<br /><br />' . sprintf($lang['Click_return_smileadmin'], '<a href="admin_smilies.' . $phpEx . $SID . '">', '</a>');
$click_return .= '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="index.' . $phpEx . $SID . '&amp;pane=right">', '</a>');
if ($mode == 'edit' || !empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['import_pak']))
if ($mode == 'edit' || !empty($_POST['add']) || !empty($_POST['import_pak']))
{
$dir = @opendir($phpbb_root_path . $board_config['smilies_path']);
while ($file = @readdir($dir))
@@ -90,15 +88,15 @@ if ($mode == 'edit' || !empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS[
//
// Select main mode
//
if (isset($HTTP_POST_VARS['import_pak']))
if (isset($_POST['import_pak']))
{
if (!empty($HTTP_POST_VARS['smilies_pak']))
if (!empty($_POST['smilies_pak']))
{
$smile_order = 0;
//
// The user has already selected a smilies_pak file.. Import it.
//
if (!empty($HTTP_POST_VARS['clear_current']))
if (!empty($_POST['clear_current']))
{
$db->sql_query('DELETE FROM ' . SMILIES_TABLE);
}
@@ -118,7 +116,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
if (empty($fcontents))
{
message_die(ERROR, 'Could not read smiley pak file' . $click_return);
message_die(ERROR, 'Could not read smiley pak file');
}
foreach ($fcontents as $line)
@@ -147,7 +145,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
if (!empty($smilies[$code]))
{
if (!empty($HTTP_POST_VARS['replace_existing']))
if (!empty($_POST['replace_existing']))
{
$code_sql = str_replace("'", "''", str_replace('\\', '\\\\', $code));
$sql = array(
@@ -175,7 +173,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
}
}
message_die(MESSAGE, $lang['Smilies_import_success'] . $click_return);
message_die(MESSAGE, $lang['Smilies_import_success']);
}
else
{
@@ -202,7 +200,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
<form method="post" action="admin_smilies.<?php echo $phpEx . $SID ?>"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<th class="thHead" colspan="2"><?php echo $lang['Smilies_import'] ?></th>
<th colspan="2"><?php echo $lang['Smilies_import'] ?></th>
</tr>
<tr>
<td class="row2"><?php echo $lang['Select_package'] ?></td>
@@ -228,7 +226,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
page_footer();
}
}
elseif (isset($HTTP_GET_VARS['export_pak']))
elseif (isset($_GET['export_pak']))
{
$smilies_pak = '';
@@ -250,12 +248,12 @@ elseif (isset($HTTP_GET_VARS['export_pak']))
exit;
}
elseif (isset($HTTP_POST_VARS['export_pak']))
elseif (isset($_POST['export_pak']))
{
page_header($lang['Export_smilies']);
message_die(MESSAGE, sprintf($lang['Export_smilies_explain'], '<a href="admin_smilies.' . $phpEx . $SID . '&amp;export_pak=send">', '</a>') . $click_return);
message_die(MESSAGE, sprintf($lang['Export_smilies_explain'], '<a href="admin_smilies.' . $phpEx . $SID . '&amp;export_pak=send">', '</a>'));
}
elseif (isset($HTTP_POST_VARS['add']))
elseif (isset($_POST['add']))
{
$filename_list = '';
foreach ($smilies_images as $smile_url)
@@ -290,7 +288,7 @@ function update_smile_dimensions()
<form method="post" action="admin_smilies.<?php echo $phpEx . $SID ?>&amp;mode=create"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<th class="thHead" colspan="2"><?php echo $lang['smile_config'] ?></th>
<th colspan="2"><?php echo $lang['smile_config'] ?></th>
</tr>
<tr>
<td class="row2"><?php echo $lang['Smile_code'] ?></td>
@@ -324,20 +322,13 @@ function update_smile_dimensions()
switch ($mode)
{
case 'delete':
$db->sql_query('DELETE FROM ' . SMILIES_TABLE . ' WHERE smilies_id = ' . intval($HTTP_GET_VARS['smile_id']));
message_die(MESSAGE, $lang['Smile_deleted'] . $click_return);
$db->sql_query('DELETE FROM ' . SMILIES_TABLE . ' WHERE smilies_id = ' . intval($_GET['smile_id']));
message_die(MESSAGE, $lang['Smile_deleted']);
break;
case 'edit':
$smile_id = intval($HTTP_GET_VARS['smile_id']);
$smile_id = intval($_GET['smile_id']);
/*
$sql = 'SELECT *
FROM ' . SMILIES_TABLE . "
WHERE smilies_id = $smile_id";
$result = $db->sql_query($sql);
$smile_data = $db->sql_fetchrow($result);
*/
$order_list = '';
$result = $db->sql_query('SELECT * FROM ' . SMILIES_TABLE . ' ORDER BY smile_order DESC');
while ($row = $db->sql_fetchrow($result))
@@ -441,26 +432,26 @@ function update_smile_dimensions()
case 'create':
case 'modify':
$smile_width = intval($HTTP_POST_VARS['smile_width']);
$smile_height = intval($HTTP_POST_VARS['smile_height']);
$smile_width = intval($_POST['smile_width']);
$smile_height = intval($_POST['smile_height']);
if ($smile_width == 0 || $smile_height == 0)
{
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . stripslashes($HTTP_POST_VARS['smile_url']));
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . stripslashes($_POST['smile_url']));
$smile_width = $img_size[0];
$smile_height = $img_size[1];
}
$sql = array(
'code' => htmlspecialchars(stripslashes($HTTP_POST_VARS['smile_code'])),
'smile_url' => stripslashes($HTTP_POST_VARS['smile_url']),
'code' => htmlspecialchars(stripslashes($_POST['smile_code'])),
'smile_url' => stripslashes($_POST['smile_url']),
'smile_width' => $smile_width,
'smile_height' => $smile_height,
'smile_order' => $smile_order,
'emoticon' => stripslashes($HTTP_POST_VARS['smile_emotion']),
'smile_on_posting' => (!empty($HTTP_POST_VARS['smile_on_posting'])) ? 1 : 0
'emoticon' => stripslashes($_POST['smile_emotion']),
'smile_on_posting' => (!empty($_POST['smile_on_posting'])) ? 1 : 0
);
$smile_id = $HTTP_POST_VARS['smile_id'];
$smile_order = $HTTP_POST_VARS['smile_order'];
$smile_id = $_POST['smile_id'];
$smile_order = $_POST['smile_order'];
if ($mode == 'modify')
{
@@ -500,18 +491,18 @@ function update_smile_dimensions()
if ($mode == 'modify')
{
$db->sql_query_array('UPDATE ' . SMILIES_TABLE . " SET WHERE smilies_id = $smile_id", $sql);
message_die(MESSAGE, $lang['Smile_edited'] . $click_return);
message_die(MESSAGE, $lang['Smile_edited']);
}
else
{
$db->sql_query_array('INSERT INTO ' . SMILIES_TABLE, $sql);
message_die(MESSAGE, $lang['Smile_added'] . $click_return);
message_die(MESSAGE, $lang['Smile_added']);
}
break;
case 'move_up':
case 'move_down':
$smile_order = intval($HTTP_GET_VARS['smile_order']);
$smile_order = intval($_GET['smile_order']);
$order_total = $smile_order * 2 + (($mode == 'move_up') ? -1 : 1);
$sql = 'UPDATE ' . SMILIES_TABLE . "

42
phpBB/admin/admin_styles.php
View File

@@ -2,7 +2,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('styles') )
if ( !$auth->acl_get('a_styles') )
{
return;
}
@@ -27,7 +27,7 @@ require('pagestart.' . $phpEx);
//
// Do we have styles admin permissions?
//
if ( !$auth->get_acl_admin('styles') )
if ( !$auth->acl_get('a_styles') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -48,26 +48,26 @@ closedir($dp);
//
//
//
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : $_POST['mode'];
switch ( $mode )
{
case 'editimageset':
$imgroot = ( isset($HTTP_POST_VARS['imgroot']) ) ? $HTTP_POST_VARS['imgroot'] : 'subSilver';
$imgroot = ( isset($_POST['imgroot']) ) ? $_POST['imgroot'] : 'subSilver';
if ( isset($HTTP_POST_VARS['img_root']) )
if ( isset($_POST['img_root']) )
{
$sql = "SELECT *
FROM " . STYLES_IMAGE_TABLE . "
WHERE imageset_path LIKE '" . $HTTP_POST_VARS['imgroot'] . "'";
WHERE imageset_path LIKE '" . $_POST['imgroot'] . "'";
$result = $db->sql_query($sql);
$images = $db->sql_fetchrow($result);
}
if ( isset($HTTP_POST_VARS['img_addconfig']) )
if ( isset($_POST['img_addconfig']) )
{
}
else if ( isset($HTTP_POST_VARS['img_addlocal']) )
else if ( isset($_POST['img_addlocal']) )
{
}
@@ -142,15 +142,15 @@ switch ( $mode )
case 'edittemplate':
$tplcols = ( isset($HTTP_POST_VARS['tplcols']) ) ? max(60, intval($HTTP_POST_VARS['tplcols'])) : 90;
$tplrows = ( isset($HTTP_POST_VARS['tplrows']) ) ? max(4, intval($HTTP_POST_VARS['tplrows'])) : 30;
$tplname = ( isset($HTTP_POST_VARS['tplname']) ) ? $HTTP_POST_VARS['tplname'] : '';
$tplroot = ( isset($HTTP_POST_VARS['tplroot']) ) ? $HTTP_POST_VARS['tplroot'] : 'subSilver';
$tplcols = ( isset($_POST['tplcols']) ) ? max(60, intval($_POST['tplcols'])) : 90;
$tplrows = ( isset($_POST['tplrows']) ) ? max(4, intval($_POST['tplrows'])) : 30;
$tplname = ( isset($_POST['tplname']) ) ? $_POST['tplname'] : '';
$tplroot = ( isset($_POST['tplroot']) ) ? $_POST['tplroot'] : 'subSilver';
$str = '';
if ( isset($HTTP_POST_VARS['tpl_compile']) && !empty($HTTP_POST_VARS['decompile']) )
if ( isset($_POST['tpl_compile']) && !empty($_POST['decompile']) )
{
$str = "<?php\n" . $template->compile(stripslashes($HTTP_POST_VARS['decompile'])) . "\n?".">";
$str = "<?php\n" . $template->compile(stripslashes($_POST['decompile'])) . "\n?".">";
$fp = fopen($phpbb_root_path . 'templates/cache/' . $tplroot . '/' . $tplname . '.html.' . $phpEx, 'w+');
fwrite ($fp, $str);
@@ -162,7 +162,7 @@ switch ( $mode )
exit;
}
else if ( !empty($tplname) && isset($HTTP_POST_VARS['tpl_name']) )
else if ( !empty($tplname) && isset($_POST['tpl_name']) )
{
$fp = fopen($phpbb_root_path . 'templates/cache/' . $tplroot . '/' . $tplname . '.html.' . $phpEx, 'r');
while ( !feof($fp) )
@@ -175,10 +175,10 @@ switch ( $mode )
}
else
{
$str = ( !empty($HTTP_POST_VARS['decompile']) ) ? stripslashes($HTTP_POST_VARS['decompile']) : '';
$str = ( !empty($_POST['decompile']) ) ? stripslashes($_POST['decompile']) : '';
}
if ( isset($HTTP_POST_VARS['tpl_download']) )
if ( isset($_POST['tpl_download']) )
{
header("Content-Type: text/html; name=\"" . $tplname . ".html\"");
header("Content-disposition: attachment; filename=" . $tplname . ".html");
@@ -242,9 +242,9 @@ switch ( $mode )
case 'edittheme':
$theme_id = ( isset($HTTP_POST_VARS['themeroot']) ) ? $HTTP_POST_VARS['themeroot'] : '';
$theme_id = ( isset($_POST['themeroot']) ) ? $_POST['themeroot'] : '';
if ( isset($HTTP_POST_VARS['update']) )
if ( isset($_POST['update']) )
{
$sql = "SELECT theme_id, theme_name
FROM " . STYLES_CSS_TABLE . "
@@ -255,8 +255,8 @@ switch ( $mode )
{
$theme_name = $row['theme_name'];
$css_data = ( !empty($HTTP_POST_VARS['css_data']) ) ? htmlentities($HTTP_POST_VARS['css_data']) : '';
$css_external = ( !empty($HTTP_POST_VARS['css_data']) ) ? $HTTP_POST_VARS['css_data'] : '';
$css_data = ( !empty($_POST['css_data']) ) ? htmlentities($_POST['css_data']) : '';
$css_external = ( !empty($_POST['css_data']) ) ? $_POST['css_data'] : '';
$sql = "UPDATE " > STYLES_CSS_TABLE . "
SET css_data = '$css_data', css_external = '$css_external'

110
phpBB/admin/admin_users.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -46,7 +46,7 @@ require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@@ -54,9 +54,9 @@ if ( !$auth->get_acl_admin('user') )
//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
if( isset( $_POST['mode'] ) || isset( $_GET['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset( $_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -66,14 +66,14 @@ else
//
// Begin program
//
if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS['u']) || isset( $HTTP_POST_VARS['u']) ) )
if ( $mode == 'edit' || $mode == 'save' && ( isset($_POST['username']) || isset($_GET['u']) || isset( $_POST['u']) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
if( ( $mode == 'save' && isset( $_POST['submit'] ) ) || isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
{
$user_id = intval( $HTTP_POST_VARS['id'] );
$user_id = intval( $_POST['id'] );
$this_userdata = get_userdata($user_id);
if( !$this_userdata )
@@ -81,46 +81,46 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
message_die(MESSAGE, $lang['No_user_id_specified'] );
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$username = ( !empty($_POST['username']) ) ? trim(strip_tags( $_POST['username'] ) ) : '';
$email = ( !empty($_POST['email']) ) ? trim(strip_tags(htmlspecialchars( $_POST['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
$password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : '';
$password = ( !empty($_POST['password']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password'] ) )) : '';
$password_confirm = ( !empty($_POST['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password_confirm'] ) )) : '';
$icq = ( !empty($HTTP_POST_VARS['icq']) ) ? trim(strip_tags( $HTTP_POST_VARS['icq'] ) ) : '';
$aim = ( !empty($HTTP_POST_VARS['aim']) ) ? trim(strip_tags( $HTTP_POST_VARS['aim'] ) ) : '';
$msn = ( !empty($HTTP_POST_VARS['msn']) ) ? trim(strip_tags( $HTTP_POST_VARS['msn'] ) ) : '';
$yim = ( !empty($HTTP_POST_VARS['yim']) ) ? trim(strip_tags( $HTTP_POST_VARS['yim'] ) ) : '';
$icq = ( !empty($_POST['icq']) ) ? trim(strip_tags( $_POST['icq'] ) ) : '';
$aim = ( !empty($_POST['aim']) ) ? trim(strip_tags( $_POST['aim'] ) ) : '';
$msn = ( !empty($_POST['msn']) ) ? trim(strip_tags( $_POST['msn'] ) ) : '';
$yim = ( !empty($_POST['yim']) ) ? trim(strip_tags( $_POST['yim'] ) ) : '';
$website = ( !empty($HTTP_POST_VARS['website']) ) ? trim(strip_tags( $HTTP_POST_VARS['website'] ) ) : '';
$location = ( !empty($HTTP_POST_VARS['location']) ) ? trim(strip_tags( $HTTP_POST_VARS['location'] ) ) : '';
$occupation = ( !empty($HTTP_POST_VARS['occupation']) ) ? trim(strip_tags( $HTTP_POST_VARS['occupation'] ) ) : '';
$interests = ( !empty($HTTP_POST_VARS['interests']) ) ? trim(strip_tags( $HTTP_POST_VARS['interests'] ) ) : '';
$signature = ( !empty($HTTP_POST_VARS['signature']) ) ? trim(str_replace('<br />', "\n", $HTTP_POST_VARS['signature'] ) ) : '';
$website = ( !empty($_POST['website']) ) ? trim(strip_tags( $_POST['website'] ) ) : '';
$location = ( !empty($_POST['location']) ) ? trim(strip_tags( $_POST['location'] ) ) : '';
$occupation = ( !empty($_POST['occupation']) ) ? trim(strip_tags( $_POST['occupation'] ) ) : '';
$interests = ( !empty($_POST['interests']) ) ? trim(strip_tags( $_POST['interests'] ) ) : '';
$signature = ( !empty($_POST['signature']) ) ? trim(str_replace('<br />', "\n", $_POST['signature'] ) ) : '';
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
$viewemail = ( isset( $HTTP_POST_VARS['viewemail']) ) ? ( ( $HTTP_POST_VARS['viewemail'] ) ? TRUE : 0 ) : 0;
$allowviewonline = ( isset( $HTTP_POST_VARS['hideonline']) ) ? ( ( $HTTP_POST_VARS['hideonline'] ) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset( $HTTP_POST_VARS['notifyreply']) ) ? ( ( $HTTP_POST_VARS['notifyreply'] ) ? TRUE : 0 ) : 0;
$notifypm = ( isset( $HTTP_POST_VARS['notifypm']) ) ? ( ( $HTTP_POST_VARS['notifypm'] ) ? TRUE : 0 ) : TRUE;
$popuppm = ( isset( $HTTP_POST_VARS['popup_pm']) ) ? ( ( $HTTP_POST_VARS['popup_pm'] ) ? TRUE : 0 ) : TRUE;
$attachsig = ( isset( $HTTP_POST_VARS['attachsig']) ) ? ( ( $HTTP_POST_VARS['attachsig'] ) ? TRUE : 0 ) : 0;
$viewemail = ( isset( $_POST['viewemail']) ) ? ( ( $_POST['viewemail'] ) ? TRUE : 0 ) : 0;
$allowviewonline = ( isset( $_POST['hideonline']) ) ? ( ( $_POST['hideonline'] ) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset( $_POST['notifyreply']) ) ? ( ( $_POST['notifyreply'] ) ? TRUE : 0 ) : 0;
$notifypm = ( isset( $_POST['notifypm']) ) ? ( ( $_POST['notifypm'] ) ? TRUE : 0 ) : TRUE;
$popuppm = ( isset( $_POST['popup_pm']) ) ? ( ( $_POST['popup_pm'] ) ? TRUE : 0 ) : TRUE;
$attachsig = ( isset( $_POST['attachsig']) ) ? ( ( $_POST['attachsig'] ) ? TRUE : 0 ) : 0;
$allowhtml = ( isset( $HTTP_POST_VARS['allowhtml']) ) ? intval( $HTTP_POST_VARS['allowhtml'] ) : $board_config['allow_html'];
$allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];
$allowhtml = ( isset( $_POST['allowhtml']) ) ? intval( $_POST['allowhtml'] ) : $board_config['allow_html'];
$allowbbcode = ( isset( $_POST['allowbbcode']) ) ? intval( $_POST['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $_POST['allowsmilies']) ) ? intval( $_POST['allowsmilies'] ) : $board_config['allow_smilies'];
$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
$user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];
$user_style = ( $_POST['style'] ) ? intval( $_POST['style'] ) : $board_config['default_style'];
$user_lang = ( $_POST['language'] ) ? $_POST['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $_POST['timezone']) ) ? doubleval( $_POST['timezone'] ) : $board_config['board_timezone'];
$user_template = ( $_POST['template'] ) ? $_POST['template'] : $board_config['board_template'];
$user_dateformat = ( $_POST['dateformat'] ) ? trim( $_POST['dateformat'] ) : $board_config['default_dateformat'];
$user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_local = ( isset( $_POST['avatarselect'] ) && !empty($_POST['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $_POST['avatarselect'] : ( ( isset( $_POST['avatarlocal'] ) ) ? $_POST['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : '';
$user_avatar_remoteurl = ( !empty($_POST['avatarremoteurl']) ) ? trim( $_POST['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($_POST['avatarurl']) ) ? trim( $_POST['avatarurl'] ) : '';
$user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@@ -129,12 +129,12 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_avatar = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar'] : '';
$user_avatar_type = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar_type'] : '';
$user_status = ( !empty($HTTP_POST_VARS['user_status']) ) ? intval( $HTTP_POST_VARS['user_status'] ) : 0;
$user_allowpm = ( !empty($HTTP_POST_VARS['user_allowpm']) ) ? intval( $HTTP_POST_VARS['user_allowpm'] ) : 0;
$user_rank = ( !empty($HTTP_POST_VARS['user_rank']) ) ? intval( $HTTP_POST_VARS['user_rank'] ) : 0;
$user_allowavatar = ( !empty($HTTP_POST_VARS['user_allowavatar']) ) ? intval( $HTTP_POST_VARS['user_allowavatar'] ) : 0;
$user_status = ( !empty($_POST['user_status']) ) ? intval( $_POST['user_status'] ) : 0;
$user_allowpm = ( !empty($_POST['user_allowpm']) ) ? intval( $_POST['user_allowpm'] ) : 0;
$user_rank = ( !empty($_POST['user_rank']) ) ? intval( $_POST['user_rank'] ) : 0;
$user_allowavatar = ( !empty($_POST['user_allowavatar']) ) ? intval( $_POST['user_allowavatar'] ) : 0;
if( isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
if( isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
{
$username = stripslashes($username);
$email = stripslashes($email);
@@ -155,7 +155,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
if ( !isset($_POST['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
@@ -163,7 +163,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
}
if( isset( $HTTP_POST_VARS['submit'] ) )
if( isset( $_POST['submit'] ) )
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
@@ -250,7 +250,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
// Avatar stuff
//
$avatar_sql = '';
if( isset($HTTP_POST_VARS['avatardel']) )
if( isset($_POST['avatardel']) )
{
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
@@ -518,7 +518,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
//
if( !$error )
{
if( $HTTP_POST_VARS['deleteuser'] )
if( $_POST['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
@@ -621,11 +621,11 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_dateformat = stripslashes($user_dateformat);
}
}
else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) )
else if( !isset( $_POST['submit'] ) && $mode != 'save' && !isset( $_POST['avatargallery'] ) && !isset( $_POST['submitavatar'] ) && !isset( $_POST['cancelavatar'] ) )
{
if( isset( $HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) )
if( isset( $_GET[POST_USERS_URL]) || isset( $_POST[POST_USERS_URL]) )
{
$user_id = ( isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ? intval( $HTTP_POST_VARS[POST_USERS_URL]) : intval( $HTTP_GET_VARS[POST_USERS_URL]);
$user_id = ( isset( $_POST[POST_USERS_URL]) ) ? intval( $_POST[POST_USERS_URL]) : intval( $_GET[POST_USERS_URL]);
$this_userdata = get_userdata($user_id);
if( !$this_userdata )
{
@@ -634,7 +634,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
else
{
$this_userdata = get_userdata( $HTTP_POST_VARS['username'] );
$this_userdata = get_userdata( $_POST['username'] );
if( !$this_userdata )
{
message_die(MESSAGE, $lang['No_user_id_specified'] );
@@ -689,11 +689,11 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$smilies_status = ($this_userdata['user_allowsmile'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
}
if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
if( isset($_POST['avatargallery']) && !$error )
{
if( !$error )
{
$user_id = intval($HTTP_POST_VARS['id']);
$user_id = intval($_POST['id']);
$template->set_filenames(array(
"body" => "admin/user_avatar_gallery.tpl")
@@ -730,9 +730,9 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
@closedir($dir);
if( isset($HTTP_POST_VARS['avatarcategory']) )
if( isset($_POST['avatarcategory']) )
{
$category = $HTTP_POST_VARS['avatarcategory'];
$category = $_POST['avatarcategory'];
}
else
{
@@ -769,7 +769,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
}
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;
$coppa = ( ( !$_POST['coppa'] && !$_GET['coppa'] ) || $mode == "register") ? 0 : TRUE;
$s_hidden_fields = '<input type="hidden" name="mode" value="edit" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
$s_hidden_fields .= '<input type="hidden" name="id" value="' . $user_id . '" />';

57
phpBB/admin/admin_viewlogs.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -44,7 +44,7 @@ require('pagestart.' . $phpEx);
//
// Do we have styles admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@@ -52,11 +52,11 @@ if ( !$auth->get_acl_admin('general') )
//
// Set some variables
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@@ -73,12 +73,12 @@ $l_title_explain = ( $mode == 'admin' ) ? $lang['Admin_logs_explain'] : $lang['M
//
// Delete entries if requested and able
//
if ( ( isset($HTTP_POST_VARS['delmarked']) || isset($HTTP_POST_VARS['delall']) ) && $auth->get_acl_admin('clearlogs'))
if ( ( isset($_POST['delmarked']) || isset($_POST['delall']) ) && $auth->acl_get('a_clearlogs'))
{
$where_sql = '';
if ( isset($HTTP_POST_VARS['delmarked']) && isset($HTTP_POST_VARS['mark']) )
if ( isset($_POST['delmarked']) && isset($_POST['mark']) )
{
foreach ( $HTTP_POST_VARS['mark'] as $marked )
foreach ( $_POST['mark'] as $marked )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($marked);
}
@@ -95,11 +95,11 @@ if ( ( isset($HTTP_POST_VARS['delmarked']) || isset($HTTP_POST_VARS['delall']) )
//
// Sorting ... this could become a function
//
if ( isset($HTTP_POST_VARS['sort']) || $start )
if ( isset($_POST['sort']) || $start )
{
if ( !empty($HTTP_POST_VARS['sort_days']) || !empty($HTTP_GET_VARS['sort_days']) )
if ( !empty($_POST['sort_days']) || !empty($_GET['sort_days']) )
{
$sort_days = ( !empty($HTTP_POST_VARS['sort_days']) ) ? intval($HTTP_POST_VARS['sort_days']) : intval($HTTP_GET_VARS['sort_days']);
$sort_days = ( !empty($_POST['sort_days']) ) ? intval($_POST['sort_days']) : intval($_GET['sort_days']);
$where_sql = time() - ( $sort_days * 86400 );
}
else
@@ -107,8 +107,8 @@ if ( isset($HTTP_POST_VARS['sort']) || $start )
$where_sql = 0;
}
$sort_key = ( isset($HTTP_POST_VARS['sort_key']) ) ? $HTTP_POST_VARS['sort_key'] : $HTTP_GET_VARS['sort_key'];
$sort_dir = ( isset($HTTP_POST_VARS['sort_dir']) ) ? $HTTP_POST_VARS['sort_dir'] : $HTTP_GET_VARS['sort_dir'];
$sort_key = ( isset($_POST['sort_key']) ) ? $_POST['sort_key'] : $_GET['sort_key'];
$sort_dir = ( isset($_POST['sort_dir']) ) ? $_POST['sort_dir'] : $_GET['sort_dir'];
}
else
{
@@ -144,30 +144,11 @@ $sort_sql = $sort_by[$sort_key] . ' ' . ( ( $sort_dir == 'd' ) ? 'DESC' : 'ASC'
//
// Define forum list if we're looking @ mod logs
//
$forum_options = '';
$forum_box = '';
if ( $mode == 'mod' )
{
$sql = "SELECT forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY cat_id, forum_order";
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : $row['forum_id'];
do
{
$selected = ( $row['forum_id'] == $forum_id ) ? ' selected="selected"' : '';
$forum_options .= '<option value="' . $row['forum_id'] . '"' . $selected . '>' . $row['forum_name'] . '</option>';
}
while ( $row = $db->sql_fetchrow($result) );
}
else
{
$forum_id = 0;
$forum_options = '<option>' . $lang['No_forums'] . '</option>';
}
include($phpbb_root_path . '/includes/functions_admin.'.$phpEx);
$forum_box = make_forum_select('f');
}
//
@@ -190,7 +171,7 @@ if ( $mode == 'mod' )
?>
<table width="100%" cellpadding="1" cellspacing="1" border="0">
<tr>
<td align="right"><?php echo $lang['Select_forum']; ?>: <select name="f" onchange="this.form.submit()"><?php echo $forum_options; ?></select> <input class="liteoption" type="submit" value="<?php echo $lang['Go']; ?>" /></td>
<td align="right"><?php echo $lang['Select_forum']; ?>: <?php echo $forum_box; ?> <input class="liteoption" type="submit" value="<?php echo $lang['Go']; ?>" /></td>
</tr>
</table>
<?php
@@ -237,7 +218,7 @@ if ( $log_count )
}
if ( $auth->get_acl_admin('clearlogs') )
if ( $auth->acl_get('a_clearlogs') )
{
?>
@@ -266,7 +247,7 @@ else
<td align="left" valign="top">&nbsp;<span class="nav"><?php echo on_page($log_count, $board_config['topics_per_page'], $start); ?></span></td>
<td align="right" valign="top" nowrap="nowrap"><?php
if ( $auth->get_acl_admin('clearlogs') )
if ( $auth->acl_get('a_clearlogs') )
{

24
phpBB/admin/admin_words.php
View File

@@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -42,7 +42,7 @@ require('pagestart.' . $phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@@ -50,20 +50,20 @@ if ( !$auth->get_acl_admin('general') )
//
//
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : $_POST['mode'];
}
else
{
//
// These could be entered via a form button
//
if ( isset($HTTP_POST_VARS['add']) )
if ( isset($_POST['add']) )
{
$mode = 'add';
}
else if ( isset($HTTP_POST_VARS['save']) )
else if ( isset($_POST['save']) )
{
$mode = 'save';
}
@@ -79,7 +79,7 @@ if( $mode != '' )
{
case 'edit':
case 'add':
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$word_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;
$s_hidden_fields = '';
if ( $mode == 'edit' )
@@ -128,9 +128,9 @@ if( $mode != '' )
break;
case 'save':
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : '';
$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : '';
$word_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : 0;
$word = ( isset($_POST['word']) ) ? trim($_POST['word']) : '';
$replacement = ( isset($_POST['replacement']) ) ? trim($_POST['replacement']) : '';
if ( $word == '' || $replacement == '' )
{
@@ -149,9 +149,9 @@ if( $mode != '' )
case 'delete':
if ( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
if ( isset($_POST['id']) || isset($_GET['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']);
$word_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : intval($_GET['id']);
}
else
{

2
phpBB/admin/index.php
View File

@@ -37,7 +37,7 @@ require('pagestart.' . $phpEx);
//
// Do we have any admin permissions at all?
//
if ( !$auth->get_acl_admin() )
if ( !$auth->acl_get('a_') )
{
message_die(MESSAGE, 'No_admin', '', true);
}

67
phpBB/admin/pagestart.php
View File

@@ -31,55 +31,26 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management
//
$userdata = $session->start($update);
$auth->acl($userdata);
$auth->acl($userdata, false, 'a_');
$user = new user($userdata);
//
// End session management
//
//
// Configure style, language, etc.
//
//$session->configure($userdata);
// -----------------------------
// Functions
//
function page_header($sub_title, $meta = '', $table_html = true)
{
global $board_config, $db, $lang, $phpEx, $gzip_compress;
global $HTTP_SERVER_VARS;
global $board_config, $db, $lang, $phpEx;
define('HEADER_INC', true);
//
// gzip_compression
//
$gzip_compress = false;
if ( $board_config['gzip_compress'] )
{
$phpver = phpversion();
if ( $phpver >= '4.0.4pl1' && strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'], 'compatible') )
if ( extension_loaded('zlib') && strstr($HTTP_USER_AGENT,'compatible') && !headers_sent() )
{
if ( extension_loaded('zlib') )
{
ob_start('ob_gzhandler');
}
}
else if ( $phpver > '4.0' )
{
if ( strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') )
{
if ( extension_loaded('zlib') )
{
$gzip_compress = true;
ob_start();
ob_implicit_flush(0);
header("Content-Encoding: gzip");
}
}
ob_start('ob_gzhandler');
}
}
@@ -133,7 +104,7 @@ td.cat { background-image: url('images/cellpic1.gif') }
function page_footer($copyright_html = true)
{
global $board_config, $db, $lang, $phpEx, $gzip_compress;
global $board_config, $db, $lang, $phpEx;
?>
@@ -157,37 +128,10 @@ function page_footer($copyright_html = true)
}
//
// Close our DB connection.
//
$db->sql_close();
//
// Compress buffered output if required
// and send to browser
//
if ( $gzip_compress )
{
//
// Borrowed from php.net!
//
$gzip_contents = ob_get_contents();
ob_end_clean();
$gzip_size = strlen($gzip_contents);
$gzip_crc = crc32($gzip_contents);
$gzip_contents = gzcompress($gzip_contents, 9);
$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
echo $gzip_contents;
echo pack("V", $gzip_crc);
echo pack("V", $gzip_size);
}
exit;
}
function page_message($title, $message, $show_header = false)
@@ -305,7 +249,6 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
return;
}
//
// End Functions
// -----------------------------