mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-11 11:13:59 +02:00
Code Issues Releases Wiki Activity

More updates, append sid to admin browsing

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3101 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2002-11-26 11:42:12 +00:00
parent d996f4e3f9
commit b21463b2ab
7 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/admin/admin_disallow.php
View File

@@ -41,8 +41,12 @@ if( isset($HTTP_POST_VARS['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
if ($disallowed_user == '')
{
message_die(MESSAGE, $lang['Fields_empty']);
}
if( !validate_username($disallowed_user) )
{
$message = $lang['Disallowed_already'];

22
phpBB/admin/pagestart.php
View File

@@ -20,13 +20,13 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
if (!defined('IN_PHPBB'))
{
die("Hacking attempt");
}
define('IN_ADMIN', true);
// Include files
include($phpbb_root_path . 'common.'.$phpEx);
//
@@ -37,18 +37,30 @@ init_userprefs($userdata);
//
// End session management
//
if( !$userdata['session_logged_in'] )
if (!$userdata['session_logged_in'])
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/"));
exit;
}
else if( $userdata['user_level'] != ADMIN )
else if ($userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, $lang['Not_admin']);
}
if ( empty($no_page_header) )
if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . $url);
exit;
}
if (empty($no_page_header))
{
// Not including the pageheader can be neccesarry if META tags are
// needed in the calling script.