"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Upload/admin/index.php" between
mybb_1822.zip and mybb_1823.zip

About: MyBB is a multilingual, standards-compliant and free forum (discussion board) software.

[ To the main mybb source changes report ]

index.php  (mybb_1822):index.php  (mybb_1823)
skipping to change at line 540 skipping to change at line 540
$db->delete_query("adminsessions", "uid = '{$uid}'"); $db->delete_query("adminsessions", "uid = '{$uid}'");
unset($mybb->user); unset($mybb->user);
my_unsetcookie('adminsid'); my_unsetcookie('adminsid');
} }
if(!empty($mybb->user['uid'])) if(!empty($mybb->user['uid']))
{ {
$query = $db->simple_select("adminoptions", "*", "uid='".$mybb->user['uid ']."'"); $query = $db->simple_select("adminoptions", "*", "uid='".$mybb->user['uid ']."'");
$admin_options = $db->fetch_array($query); $admin_options = $db->fetch_array($query);
// Only update language / theme once fully authenticated
if(empty($admin_options['authsecret']) || $admin_session['authenticated']
== 1)
{
if(!empty($admin_options['cplanguage']) && file_exists(MYBB_ROOT.
"inc/languages/".$admin_options['cplanguage']."/admin/home_dashboard.lang.php"))
{
$cp_language = $admin_options['cplanguage'];
$lang->set_language($cp_language, "admin");
$lang->load("global"); // Reload global language vars
$lang->load("messages", true);
}
if(!empty($admin_options['cpstyle']) && file_exists(MYBB_ADMIN_DI
R."/styles/{$admin_options['cpstyle']}/main.css"))
{
$cp_style = $admin_options['cpstyle'];
}
}
// Update the session information in the DB // Update the session information in the DB
if($admin_session['sid']) if($admin_session['sid'])
{ {
$db->update_query("adminsessions", array('lastactive' => TIME_NOW , 'ip' => $db->escape_binary(my_inet_pton(get_ip()))), "sid='".$db->escape_strin g($admin_session['sid'])."'"); $db->update_query("adminsessions", array('lastactive' => TIME_NOW , 'ip' => $db->escape_binary(my_inet_pton(get_ip()))), "sid='".$db->escape_strin g($admin_session['sid'])."'");
} }
// Fetch administrator permissions // Fetch administrator permissions
$mybb->admin['permissions'] = get_admin_permissions($mybb->user['uid']); $mybb->admin['permissions'] = get_admin_permissions($mybb->user['uid']);
} }
// Include the layout generation class overrides for this style
if(file_exists(MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php"))
{
require_once MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php";
}
// Check if any of the layout generation classes we can override exist in the st
yle file
$classes = array(
"Page" => "DefaultPage",
"SidebarItem" => "DefaultSidebarItem",
"PopupMenu" => "DefaultPopupMenu",
"Table" => "DefaultTable",
"Form" => "DefaultForm",
"FormContainer" => "DefaultFormContainer"
);
foreach($classes as $style_name => $default_name)
{
// Style does not have this layout generation class, create it
if(!class_exists($style_name))
{
eval("class {$style_name} extends {$default_name} { }");
}
}
$page = new Page;
$page->style = $cp_style;
// Do not have a valid Admin user, throw back to login page. // Do not have a valid Admin user, throw back to login page.
if(!isset($mybb->user['uid']) || $logged_out == true) if(!isset($mybb->user['uid']) || $logged_out == true)
{ {
if($logged_out == true) if($logged_out == true)
{ {
$default_page->show_login($lang->success_logged_out); $page->show_login($lang->success_logged_out);
} }
elseif($fail_check == 1) elseif($fail_check == 1)
{ {
$default_page->show_login($login_lang_string, "error"); $page->show_login($login_lang_string, "error");
} }
else else
{ {
// If we have this error while retreiving it from an AJAX request , then send back a nice error // If we have this error while retreiving it from an AJAX request , then send back a nice error
if(isset($mybb->input['ajax']) && $mybb->input['ajax'] == 1) if(isset($mybb->input['ajax']) && $mybb->input['ajax'] == 1)
{ {
echo json_encode(array("errors" => array("login"))); echo json_encode(array("errors" => array("login")));
exit; exit;
} }
$default_page->show_login($login_message, "error"); $page->show_login($login_message, "error");
} }
} }
// Time to check for Two-Factor Authentication // Time to check for Two-Factor Authentication
// First: are we trying to verify a code? // First: are we trying to verify a code?
if($mybb->input['do'] == "do_2fa" && $mybb->request_method == "post") if($mybb->input['do'] == "do_2fa" && $mybb->request_method == "post")
{ {
// Test whether it's a recovery code // Test whether it's a recovery code
$recovery = false; $recovery = false;
$codes = my_unserialize($admin_options['recovery_codes']); $codes = my_unserialize($admin_options['recovery_codes']);
skipping to change at line 606 skipping to change at line 650
$test = $auth->verifyCode($admin_options['authsecret'], $mybb->get_input( 'code')); $test = $auth->verifyCode($admin_options['authsecret'], $mybb->get_input( 'code'));
// Either the code was okay or it was a recovery code // Either the code was okay or it was a recovery code
if($test === true || $recovery === true) if($test === true || $recovery === true)
{ {
// Correct code -> session authenticated // Correct code -> session authenticated
$db->update_query("adminsessions", array("authenticated" => 1), " sid='".$db->escape_string($mybb->cookies['adminsid'])."'"); $db->update_query("adminsessions", array("authenticated" => 1), " sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
$admin_session['authenticated'] = 1; $admin_session['authenticated'] = 1;
$db->update_query("adminoptions", array("loginattempts" => 0, "lo ginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); $db->update_query("adminoptions", array("loginattempts" => 0, "lo ginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'");
my_setcookie('acploginattempts', 0); my_setcookie('acploginattempts', 0);
// post would result in an authorization code mismatch error admin_redirect("index.php");
$mybb->request_method = "get";
} }
else else
{ {
// Wrong code -> close session (aka logout) // Wrong code -> close session (aka logout)
$db->delete_query("adminsessions", "sid='".$db->escape_string($my bb->cookies['adminsid'])."'"); $db->delete_query("adminsessions", "sid='".$db->escape_string($my bb->cookies['adminsid'])."'");
my_unsetcookie('adminsid'); my_unsetcookie('adminsid');
// Now test whether we need to lock this guy completly // Now test whether we need to lock this guy completly
$db->update_query("adminoptions", array("loginattempts" => "login attempts+1"), "uid='{$mybb->user['uid']}'", '', true); $db->update_query("adminoptions", array("loginattempts" => "login attempts+1"), "uid='{$mybb->user['uid']}'", '', true);
skipping to change at line 653 skipping to change at line 696
my_mail($mybb->user['email'], $subject, $message) ; my_mail($mybb->user['email'], $subject, $message) ;
} }
log_admin_action(array( log_admin_action(array(
'type' => 'admin_locked_out', 'type' => 'admin_locked_out',
'uid' => $mybb->user['uid'], 'uid' => $mybb->user['uid'],
'username' => $mybb->user['username'], 'username' => $mybb->user['username'],
) )
); );
$default_page->show_lockedout(); $page->show_lockedout();
} }
// Still here? Show a custom login page // Still here? Show a custom login page
$default_page->show_login($lang->my2fa_failed, "error"); $page->show_login($lang->my2fa_failed, "error");
} }
} }
// Show our 2FA page // Show our 2FA page
if(!empty($admin_options['authsecret']) && $admin_session['authenticated'] != 1) if(!empty($admin_options['authsecret']) && $admin_session['authenticated'] != 1)
{ {
$default_page->show_2fa(); $page->show_2fa();
} }
// Now the user is fully authenticated setup their personal options
if(!empty($admin_options['cplanguage']) && file_exists(MYBB_ROOT."inc/languages/
".$admin_options['cplanguage']."/admin/home_dashboard.lang.php"))
{
$cp_language = $admin_options['cplanguage'];
$lang->set_language($cp_language, "admin");
$lang->load("global"); // Reload global language vars
$lang->load("messages", true);
}
if(!empty($admin_options['cpstyle']) && file_exists(MYBB_ADMIN_DIR."/styles/{$ad
min_options['cpstyle']}/main.css"))
{
$cp_style = $admin_options['cpstyle'];
}
// Include the layout generation class overrides for this style
if(file_exists(MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php"))
{
require_once MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php";
}
// Check if any of the layout generation classes we can override exist in the st
yle file
$classes = array(
"Page" => "DefaultPage",
"SidebarItem" => "DefaultSidebarItem",
"PopupMenu" => "DefaultPopupMenu",
"Table" => "DefaultTable",
"Form" => "DefaultForm",
"FormContainer" => "DefaultFormContainer"
);
foreach($classes as $style_name => $default_name)
{
// Style does not have this layout generation class, create it
if(!class_exists($style_name))
{
eval("class {$style_name} extends {$default_name} { }");
}
}
$page = new Page;
$page->style = $cp_style;
$page->add_breadcrumb_item($lang->home, "index.php"); $page->add_breadcrumb_item($lang->home, "index.php");
// Begin dealing with the modules // Begin dealing with the modules
$modules_dir = MYBB_ADMIN_DIR."modules"; $modules_dir = MYBB_ADMIN_DIR."modules";
$dir = opendir($modules_dir); $dir = opendir($modules_dir);
while(($module = readdir($dir)) !== false) while(($module = readdir($dir)) !== false)
{ {
if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", ".." )) && file_exists($modules_dir."/".$module."/module_meta.php")) if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", ".." )) && file_exists($modules_dir."/".$module."/module_meta.php"))
{ {
require_once $modules_dir."/".$module."/module_meta.php"; require_once $modules_dir."/".$module."/module_meta.php";
skipping to change at line 809 skipping to change at line 812
$k = array_search($mybb->input['module'], $post_check_ignores); $k = array_search($mybb->input['module'], $post_check_ignores);
if(in_array($mybb->input['action'], $post_check_ignores[$k])) if(in_array($mybb->input['action'], $post_check_ignores[$k]))
{ {
$post_verify = false; $post_verify = false;
} }
} }
if($post_verify == true) if($post_verify == true)
{ {
// If the post key does not match we switch the action to GET and set a message to show the user // If the post key does not match we switch the action to GET and set a message to show the user
if(!isset($mybb->input['my_post_key']) || $mybb->post_code !== $m ybb->input['my_post_key']) if(!verify_post_check($mybb->input['my_post_key'], true))
{ {
$mybb->request_method = "get"; $mybb->request_method = "get";
$page->show_post_verify_error = true; $page->show_post_verify_error = true;
} }
} }
} }
$lang->load("{$run_module}_{$page->active_action}", false, true); $lang->load("{$run_module}_{$page->active_action}", false, true);
$plugins->run_hooks("admin_load"); $plugins->run_hooks("admin_load");
 End of changes. 11 change blocks. 
52 lines changed or deleted 56 lines changed or added
To the PHP Programs section of the mybb source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)