diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index 7dc8e4b13d..d27f56f28b 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -41,6 +41,7 @@ if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
// check specific permissions but this is a catchall
if (!$auth->acl_get('a_'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_ADMIN');
}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 6bd3e71c2e..305296d013 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -223,6 +223,7 @@ class acp_groups
}
else if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL)
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -235,6 +236,7 @@ class acp_groups
case 'delete':
if (!$auth->acl_get('a_groupdel'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -313,6 +315,7 @@ class acp_groups
if ($action == 'add' && !$auth->acl_get('a_groupadd'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php
index 7ec43f45cc..ec256e93ef 100644
--- a/phpBB/includes/acp/acp_inactive.php
+++ b/phpBB/includes/acp/acp_inactive.php
@@ -164,6 +164,7 @@ class acp_inactive
{
if (!$auth->acl_get('a_userdel'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index f44bbbc88d..8697504c77 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -118,6 +118,7 @@ class acp_main
case 'online':
if (!$auth->acl_get('a_board'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -134,6 +135,7 @@ class acp_main
case 'stats':
if (!$auth->acl_get('a_board'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -189,6 +191,7 @@ class acp_main
case 'user':
if (!$auth->acl_get('a_board'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -256,6 +259,7 @@ class acp_main
case 'date':
if (!$auth->acl_get('a_board'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -372,6 +376,7 @@ class acp_main
case 'purge_sessions':
if ((int) $user->data['user_type'] !== USER_FOUNDER)
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index fdac7c4d00..df3e238bcc 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -315,6 +315,7 @@ class acp_permissions
case 'apply_permissions':
if (!isset($_POST['setting']))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name))
@@ -328,6 +329,7 @@ class acp_permissions
case 'apply_all_permissions':
if (!isset($_POST['setting']))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!check_form_key($form_name))
@@ -687,6 +689,7 @@ class acp_permissions
// Check the permission setting again
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -772,6 +775,7 @@ class acp_permissions
// Check the permission setting again
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -884,6 +888,7 @@ class acp_permissions
// Check the permission setting again
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 5091fcae7e..a37396a713 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -205,6 +205,7 @@ class acp_users
{
if (!$auth->acl_get('a_userdel'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 588a717f0e..465964913c 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2264,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
{
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
}
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_ADMIN');
}
@@ -2280,6 +2281,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
{
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
}
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_ADMIN');
}
@@ -2301,6 +2303,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
{
// We log the attempt to use a different username...
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL');
+
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index d92934e59e..69c3dad9e6 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -801,6 +801,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
if (!$row)
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
@@ -965,6 +966,7 @@ function handle_mark_actions($user_id, $mark_action)
if (!$auth->acl_get('u_pm_delete'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_DELETE_MESSAGE');
}
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php
index fca0412321..c34c915a40 100644
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@@ -83,6 +83,7 @@ class mcp_logs
if (!in_array($forum_id, $forum_list))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
@@ -101,6 +102,7 @@ class mcp_logs
if (!in_array($forum_id, $forum_list))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php
index 1ccced7a2f..9060cc1098 100644
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -622,6 +622,7 @@ class mcp_queue
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
@@ -877,6 +878,7 @@ class mcp_queue
if (!phpbb_check_ids($topic_id_list, TOPICS_TABLE, 'topic_id', array('m_approve')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
@@ -1074,6 +1076,7 @@ class mcp_queue
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php
index 3809ea2616..1462acf110 100644
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@@ -542,6 +542,7 @@ function close_report($report_id_list, $mode, $action, $pm = false)
{
if (!$auth->acl_getf_global('m_report'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
}
@@ -549,6 +550,7 @@ function close_report($report_id_list, $mode, $action, $pm = false)
{
if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
}
diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php
index 00044340df..1e54c18dc1 100644
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@@ -67,6 +67,7 @@ class ucp_activate
{
login_box('', $user->lang['NO_AUTH_OPERATION']);
}
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_OPERATION');
}
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index faffbe5bdc..352b7d1ec3 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -87,6 +87,7 @@ class ucp_groups
if (!$auth->acl_get('u_chggrp'))
{
+ send_status_line(403, 'Forbidden');
trigger_error($user->lang['NOT_AUTHORISED'] . $return_page);
}
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 33dff97fe6..d145d66f59 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -166,6 +166,7 @@ class ucp_pm
if (!$auth->acl_get('u_readpm'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_READ_MESSAGE');
}
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index ad9a99204f..b61a9fab9f 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -171,6 +171,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
case 'post':
if (!$auth->acl_get('u_sendpm'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_SEND_MESSAGE');
}
break;
@@ -186,6 +187,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if (!$auth->acl_get('u_sendpm'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_SEND_MESSAGE');
}
@@ -226,6 +228,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
case 'delete':
if (!$auth->acl_get('u_pm_delete'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_DELETE_MESSAGE');
}
@@ -251,11 +254,13 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_FORWARD_MESSAGE');
}
if ($action == 'edit' && !$auth->acl_get('u_pm_edit'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_EDIT_MESSAGE');
}
@@ -321,6 +326,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
{
if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
@@ -456,6 +462,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_GROUP_MESSAGE');
}
diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php
index 2457ea9a2e..48d14a133c 100644
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -41,6 +41,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
$message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE'];
$message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
+ send_status_line(403, 'Forbidden');
trigger_error($message);
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index a9f8e10eef..a86c4f2672 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -279,6 +279,7 @@ class ucp_profile
// Do not display profile information panel if not authed to do so
if (!$auth->acl_get('u_chgprofileinfo'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_PROFILEINFO');
}
@@ -464,6 +465,7 @@ class ucp_profile
if (!$auth->acl_get('u_sig'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_SIGNATURE');
}
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php
index 0a46674fb1..a44f077693 100644
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@@ -79,6 +79,7 @@ class ucp_remind
if (!$auth2->acl_get('u_chgpasswd'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
diff --git a/phpBB/mcp.php b/phpBB/mcp.php
index a5fa09ba2b..a5464f4a73 100644
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@@ -127,6 +127,7 @@ if (!$auth->acl_getf_global('m_'))
if (!$allow_user)
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
}
@@ -134,6 +135,7 @@ if (!$auth->acl_getf_global('m_'))
// if the user cannot read the forum he tries to access then we won't allow mcp access either
if ($forum_id && !$auth->acl_get('f_read', $forum_id))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index bfa28d8d11..e816e06488 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -75,6 +75,7 @@ switch ($mode)
{
if ($user->data['user_id'] != ANONYMOUS)
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_VIEW_USERS');
}
@@ -372,6 +373,7 @@ switch ($mode)
if (!$auth->acl_get('u_sendim'))
{
+ send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
diff --git a/phpBB/phpbb/feed/forum.php b/phpBB/phpbb/feed/forum.php
index 6701c4d9e7..f522e91169 100644
--- a/phpBB/phpbb/feed/forum.php
+++ b/phpBB/phpbb/feed/forum.php
@@ -74,6 +74,14 @@ class forum extends post_base
// Make sure we can read this forum
if (!$this->auth->acl_get('f_read', $this->forum_id))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
throw new unauthorized_forum_exception($this->forum_id);
}
@@ -84,6 +92,14 @@ class forum extends post_base
if (isset($forum_ids_passworded[$this->forum_id]))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
throw new unauthorized_forum_exception($this->forum_id);
}
diff --git a/phpBB/phpbb/feed/topic.php b/phpBB/phpbb/feed/topic.php
index f029c2b00e..e5f2c41468 100644
--- a/phpBB/phpbb/feed/topic.php
+++ b/phpBB/phpbb/feed/topic.php
@@ -66,6 +66,14 @@ class topic extends post_base
// Make sure topic is either approved or user authed
if ($this->topic_data['topic_visibility'] != ITEM_APPROVED && !$this->auth->acl_get('m_approve', $this->forum_id))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
throw new unauthorized_topic_exception($this->topic_id);
}
@@ -78,6 +86,14 @@ class topic extends post_base
// Make sure we can read this forum
if (!$this->auth->acl_get('f_read', $this->forum_id))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
throw new unauthorized_forum_exception($this->forum_id);
}
@@ -88,6 +104,14 @@ class topic extends post_base
if (isset($forum_ids_passworded[$this->forum_id]))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
throw new unauthorized_forum_exception($this->forum_id);
}
diff --git a/phpBB/phpbb/message/topic_form.php b/phpBB/phpbb/message/topic_form.php
index 174643bb81..dbb883c142 100644
--- a/phpBB/phpbb/message/topic_form.php
+++ b/phpBB/phpbb/message/topic_form.php
@@ -71,6 +71,14 @@ class topic_form extends form
if (!$this->auth->acl_get('f_read', $this->topic_row['forum_id']))
{
+ if ($this->user->data['user_id'] != ANONYMOUS)
+ {
+ send_status_line(403, 'Forbidden');
+ }
+ else
+ {
+ send_status_line(401, 'Unauthorized');
+ }
return 'SORRY_AUTH_READ';
}
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 812df396fa..cdffe69155 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -91,6 +91,7 @@ if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || ($forum_data['forum_type'
{
if ($user->data['user_id'] != ANONYMOUS)
{
+ send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_READ');
}
diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php
index e8698d9916..3f35ac541e 100644
--- a/phpBB/viewonline.php
+++ b/phpBB/viewonline.php
@@ -37,6 +37,7 @@ if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
{
if ($user->data['user_id'] != ANONYMOUS)
{
+ send_status_line(403, 'Forbidden');
trigger_error('NO_VIEW_USERS');
}
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index ded0f9aacc..4325fafb43 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -376,6 +376,7 @@ if (!$overrides_f_read_check && !$auth->acl_get('f_read', $forum_id))
{
if ($user->data['user_id'] != ANONYMOUS)
{
+ send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_READ');
}