コード例 #1
0
ファイル: index.php プロジェクト: styv300/ToRepublic2.5
    $current_module = explode("/", $mybb->input['module'], 2);
} else {
    $current_module = explode("-", $mybb->input['module'], 2);
}
if (!isset($current_module[1])) {
    $current_module[1] = 'home';
}
if ($mybb->input['module'] && isset($modules[$current_module[0]])) {
    $run_module = $current_module[0];
} else {
    $run_module = "home";
}
$action_handler = $run_module . "_action_handler";
$action_file = $action_handler($current_module[1]);
// Set our POST validation code here
$mybb->post_code = generate_post_check();
if ($run_module != "home") {
    check_admin_permissions(array('module' => $page->active_module, 'action' => $page->active_action));
}
// Only POST actions with a valid post code can modify information. Here we check if the incoming request is a POST and if that key is valid.
$post_check_ignores = array("example/page" => array("action"));
// An array of modules/actions to ignore POST checks for.
if ($mybb->request_method == "post") {
    if (in_array($mybb->input['module'], $post_check_ignores)) {
        $k = array_search($mybb->input['module'], $post_check_ignores);
        if (in_array($mybb->input['action'], $post_check_ignores[$k])) {
            $post_verify = false;
        }
    }
    if ($post_verify == true) {
        // If the post key does not match we switch the action to GET and set a message to show the user
コード例 #2
0
ファイル: functions.php プロジェクト: khanfusiion/mybb
/**
 * Verifies a POST check code is valid, if not shows an error (silently returns false on silent parameter)
 *
 * @param string The incoming POST check code
 * @param boolean Silent mode or not (silent mode will not show the error to the user but returns false)
 */
function verify_post_check($code, $silent = false)
{
    global $lang;
    if (generate_post_check() != $code) {
        if ($silent == true) {
            return false;
        } else {
            if (defined("IN_ADMINCP")) {
                return false;
            } else {
                error($lang->invalid_post_code);
            }
        }
    } else {
        return true;
    }
}
コード例 #3
0
            // Redirect
            header("Location: member.php?action=profile&uid=" . $user['uid']);
        } else {
            if (isset($_GET['feedback'])) {
                // Decode parameters
                $params = json_decode($_GET['feedback']);
                // Create a submit form and submit
                begin_page();
                end_header();
                ?>
	<form id="newthread_form" method="post" action="newthread.php?fid=<?php 
                echo FORUM_FEEDBACK;
                ?>
&amp;processed=1">
		<input type="hidden" name="my_post_key" value="<?php 
                echo generate_post_check();
                ?>
" />
		<input type="hidden" name="subject" value="" />
		<input type="hidden" name="icon" value="-1" />
		<input type="hidden" name="action" value="do_newthread" />
		<input type="hidden" name="posthash" value="<?php 
                md5($mybb_user['uid'] . random_str());
                ?>
" />
		<input type="hidden" name="tid" value="0" />
		<input type="hidden" name="previewpost" value="Preview Post" />
		<textarea name="message" style="visibility:hidden;"><?php 
                echo "... Write your feedback here ...\n";
                echo "\n";
                echo "-----------------\n";
コード例 #4
0
/**
 * Show banned users
 */
function showBanned()
{
    global $mybb, $db, $templates, $headerinclude, $header, $lang, $modcp_nav;
    $lang->load('dvz_reports');
    add_breadcrumb($lang->home, "modcp.php");
    add_breadcrumb($lang->shoutbox_banned, "modcp.php?action=shoutbox_ban");
    if (isset($mybb->input['search'])) {
        if (isset($mybb->input['querystring'])) {
            $string = trim($mybb->input['querystring']);
            if (!empty($string)) {
                $string = $db->escape_string($string);
                $query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid WHERE users.username LIKE '%" . $string . "%';");
            } else {
                $query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
            }
        } else {
            $query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
        }
    } else {
        $query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
    }
    if ($query->num_rows >= 1) {
        $token = generate_post_check();
        $bannedList = '';
        while ($data = $query->fetch_array()) {
            // vreemd..
            $data['banned_by'] = get_user($data['banned_by']);
            $data['banned_by'] = htmlspecialchars_uni($data['banned_by']['username']);
            $data['username'] = htmlspecialchars_uni($data['username']);
            $data['reason'] = htmlspecialchars_uni($data['reason']);
            $data['unbantime'] = date('d-M-Y H:i:s', $data['unbantime']);
            eval("\$bannedList .= \"" . $templates->get("dvz_reports_banned") . "\";");
        }
    } else {
        // Show error: No users found
        eval("\$bannedList .= \"" . $templates->get("dvz_reports_banned") . "\";");
        $bannedList = "<div style=\"background: #D16464; color: #ffffff; border: 1px solid #B50909;padding: 5px;margin: 2px;\">" . $lang->nothing_found . " '<i>" . htmlspecialchars_uni($string) . "</i>'</div>";
    }
    eval("\$reports_banned_list = \"" . $templates->get("dvz_reports_banned_list") . "\";");
    output_page($reports_banned_list);
}
コード例 #5
0
ファイル: as_functions.php プロジェクト: ambsalinas/anima
/**
 * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
 * Function is called by ajax request and sends the new users post key.
 *
 */
function accountswitcher_switch()
{
    global $db, $mybb, $lang, $charset, $cache, $templates;
    if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
        require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
        $eas = new AccountSwitcher($mybb, $db, $cache, $templates);
        // Get permissions for this user
        $userPermission = user_permissions($mybb->user['uid']);
        // Get permissions for the master. First get the master
        $master = get_user((int) $mybb->user['as_uid']);
        // Get his permissions
        $masterPermission = user_permissions($master['uid']);
        // If one of both has the permission allow to switch
        if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
            if (!isset($lang->as_invaliduser)) {
                $lang->load("accountswitcher");
            }
            verify_post_check($mybb->get_input('my_post_key'));
            // Get user info
            $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
            // Check if user exists
            if (!$user) {
                error($lang->as_invaliduser);
            }
            // Can the new account be shared?
            if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
                // Account already used by another user?
                if ($user['as_shareuid'] != 0) {
                    log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                    return;
                }
                // Account only shared by buddies?
                if ($user['as_buddyshare'] != 0) {
                    // No buddy - no switch
                    if ($user['buddylist'] != '') {
                        $buddylist = explode(",", $user['buddylist']);
                    }
                    if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
                        log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                        return;
                    }
                }
                // Shared account is free - set share uid
                if ($user['as_shareuid'] == 0) {
                    $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
                    $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
                    $eas->update_accountswitcher_cache();
                    $user['as_shareuid'] = (int) $mybb->user['uid'];
                }
            }
            // Make sure you can switch to an attached account only
            if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
                // Is the current account shared?
                if ($mybb->user['as_share'] != 0) {
                    // Account used by another user?
                    if ($mybb->user['as_shareuid'] == 0) {
                        log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                        return;
                    }
                    // Reset share uid
                    if ($mybb->user['as_shareuid'] != 0) {
                        $updated_shareuid = array("as_shareuid" => 0);
                        $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
                        $eas->update_accountswitcher_cache();
                    }
                }
                // Log the old user out
                my_unsetcookie("mybbuser");
                my_unsetcookie("sid");
                if ($mybb->user['uid']) {
                    $time = TIME_NOW;
                    // Run this after the shutdown query from session system
                    $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
                    $db->delete_query("sessions", "sid = '{$session->sid}'");
                }
                // Now let the login datahandler do the work
                require_once MYBB_ROOT . "inc/datahandlers/login.php";
                $loginhandler = new LoginDataHandler("get");
                $mybb->input['remember'] = "yes";
                $loginhandler->set_data($user);
                $validated = $loginhandler->validate_login();
                $loginhandler->complete_login();
                // Create session for this user
                require_once MYBB_ROOT . "inc/class_session.php";
                $session = new session();
                $session->init();
                $mybb->session =& $session;
                $mybb->post_code = generate_post_check();
                // Send new users post code
                header("Content-type: text/plain; charset={$charset}");
                echo $mybb->post_code;
                exit;
            } else {
                log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
                error($lang->as_notattacheduser);
            }
        }
    }
}