Be careful when using this function with permissions a_, m_, u_ and f_ ! It may not work correctly. When a user group grants an a_* permission, e.g. a_foo, but the user's a_foo permission is set to "Never", then the user does not in fact have the a_ permission. But the user will still be listed as having the a_ permission.
PHPBB3-10252
* develop-olympus:
[ticket/9992] Clarify explanations of ip and account limits on login
[ticket/9992] Add a comma to language for IP_LOGIN_LIMIT_MAX_EXPLAIN
[ticket/9992] Use sql_fetchfield for single row and single column result
[ticket/9992] Adding a limit on login attempts per IP.
[ticket/9992] Make sql_create_table and sql_table_exists available in updater
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.
PHPBB3-9992
* develop-olympus:
[ticket/10141] Save a hash lookup when value is not in cache.
[ticket/10141] Split double-assignment into conditional and unconditional part.
[ticket/10141] Use a cache in $auth->_fill_acl() for better performance.
- Changed behaviour of group_create() function to support specifying additional group columns
- New groups option to excempt group leaders from group permissions
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9625 89ea8834-ac86-4346-8a33-228a782c2dd0
- blank style
- check for correct role assignment within auth.php (should not happen, but seems like some users are not able to persist from manually messing with the db)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8502 89ea8834-ac86-4346-8a33-228a782c2dd0
- also test the serialize/unserialize approach for cached roles
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8390 89ea8834-ac86-4346-8a33-228a782c2dd0
Should fix the bug with low max_join_size values, but may give problems for those on very low memory settings.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8384 89ea8834-ac86-4346-8a33-228a782c2dd0
- added some keys to ACL tables, great improvement of auth query performance
- we will only add new language strings to install.php language file and won't modify any, if a language file is updated before phpBB is updated, the updater will not overwrite the user's language with english if install.php was modified
git-svn-id: file:///svn/phpbb/trunk@7182 89ea8834-ac86-4346-8a33-228a782c2dd0
Closing tags converted using Oleg's script.
remove-php-end-tags.py -a .
Trailing newlines added using the following where $ext is file extension.
find . -type f -name "*.$ext" -print | xargs printf "e %s\nw\n" | ed -s;
Extensions: php, css, html, js, xml.
PHPBB3-9556
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
- a little performance improvement of the IP regular expressions
- convert post_text/subject collation to utf8_unicode_ci if a user wants to use mysql_fulltext to allow case insensitivity [Bug #6272]
- mysql_fulltext should alter all necessary columns at once to speed up the process
- validate URLs against RFC3986
- fixed some weirdness in make_clickable
I hope I didn't break any URLs with this commit, if I did then report it to the bugtracker please!
git-svn-id: file:///svn/phpbb/trunk@6774 89ea8834-ac86-4346-8a33-228a782c2dd0
- also including the first bugfix within beta4, just noticed at area51 that quicktools are not working in global announcements. :D
git-svn-id: file:///svn/phpbb/trunk@6681 89ea8834-ac86-4346-8a33-228a782c2dd0
- fixed some other tiny glitches
- if a forum category with subforums get changed to a link type forum give options of what to do with the subforums (#5334)
- other bugfixes
git-svn-id: file:///svn/phpbb/trunk@6601 89ea8834-ac86-4346-8a33-228a782c2dd0
- new method sql_multi_insert to circumvent db-specific hacks
(hopefully not introduced any parsing errors)
git-svn-id: file:///svn/phpbb/trunk@6497 89ea8834-ac86-4346-8a33-228a782c2dd0
- removed not utilized user_allow_email column from schema
- removed inactive groups (they had no use at all, since inactive users are not able to login)
The only benefit those brought are distinguish users - but this is no longer needed too due to the inactive code present. This also allows us to retain group memberships as well as default settings for users being set inactive due to profile changes.
- rewrote user_active_flip to support multiple users and a mode, as well as coping with the aforementioned changes
- implemented updated jabber class to support SRV server records and for better jabberd2 support.
- jabber errors now logged to the error log with a full transaction
- fixed user_delete calls to include usernames where possible and also update last post information correctly
- implemented additioal checks to user management to cope with common mistakes
- On installation, guess the required mysql schema as best as possible. Users now only need to decide if they want to use the mysqli extension or not (mysqli selected by default) and no longer need to know their mysql version.
- founders do not need to re-activate their account on profile changes
- remove older session if re-authentication was successful (re-authentication always assigns a new session id)
- set the cookie directly instead of using php's function
- added inactive_remind to see which users got deactivated because of reminders (or re-activation) sent out
hopefully not introduced too many bugs - those testing with CVS releases, please concentrate on user registration, activation, profile changes (email/password)...
git-svn-id: file:///svn/phpbb/trunk@6436 89ea8834-ac86-4346-8a33-228a782c2dd0
- fixed retrieving of permissions if the LIKE statement is used as well as proper supporting (needs testing on mssql)
git-svn-id: file:///svn/phpbb/trunk@6366 89ea8834-ac86-4346-8a33-228a782c2dd0
