774 lines
28 KiB
PHP
774 lines
28 KiB
PHP
<?php
|
|
/******************************************************************************
|
|
* Security.php *
|
|
*******************************************************************************
|
|
* SMF: Simple Machines Forum *
|
|
* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) *
|
|
* =========================================================================== *
|
|
* Software Version: SMF 1.0.2 *
|
|
* Software by: Simple Machines (http://www.simplemachines.org) *
|
|
* Copyright 2001-2005 by: Lewis Media (http://www.lewismedia.com) *
|
|
* Support, News, Updates at: http://www.simplemachines.org *
|
|
*******************************************************************************
|
|
* This program is free software; you may redistribute it and/or modify it *
|
|
* under the terms of the provided license as published by Lewis Media. *
|
|
* *
|
|
* This program is distributed in the hope that it is and will be useful, *
|
|
* but WITHOUT ANY WARRANTIES; without even any implied warranty of *
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
|
* *
|
|
* See the "license.txt" file for details of the Simple Machines license. *
|
|
* The latest version can always be found at http://www.simplemachines.org. *
|
|
******************************************************************************/
|
|
if (!defined('SMF'))
|
|
die('Hacking attempt...');
|
|
|
|
/* This file has the very important job of insuring forum security. This
|
|
task includes banning and permissions, namely. It does this by providing
|
|
the following functions:
|
|
|
|
void is_admin()
|
|
- checks if the current user is an administrator. If he or she is
|
|
not, it immediately ends execution with an error message.
|
|
- takes care of verifying the administrator's password.
|
|
- should be used to restrict access, not to check access.
|
|
|
|
void validateSession()
|
|
- makes sure the user is who they claim to be by requiring a
|
|
password to be typed in every hour.
|
|
- is turned on and off by the securityDisable setting.
|
|
- uses the adminLogin() function of Subs-Auth.php if they need to
|
|
login, which saves all request (post and get) data.
|
|
|
|
void is_not_guest(string message = '')
|
|
- checks if the user is currently a guest, and if so asks them to
|
|
login with a message telling them why.
|
|
- message is what to tell them when asking them to login.
|
|
|
|
void is_not_banned()
|
|
- checks if the user is banned, and if so dies with an error.
|
|
- caches this information for optimization purposes.
|
|
|
|
void banPermissions()
|
|
- applies any states of banning by removing permissions the user
|
|
cannot have.
|
|
|
|
bool isReservedName(string name, int ID_MEMBER = 0, bool is_name = true)
|
|
- checks if name is a reserved name or username.
|
|
- if is_name is false, the name is assumed to be a username.
|
|
- the ID_MEMBER variable is used to ignore duplicate matches with the
|
|
current member.
|
|
|
|
string checkSession(string type = 'post', string from_action = none,
|
|
is_fatal = true)
|
|
- checks the current session, verifying that the person is who he or
|
|
she should be.
|
|
- also checks the referrer to make sure they didn't get sent here.
|
|
- depends on the disableCheckUA setting, which is usually missing.
|
|
- will check GET, POST, or REQUEST depending on the passed type.
|
|
- also optionally checks the referring action if passed. (note that
|
|
the referring action must be by GET.)
|
|
- returns the error message if is_fatal is false.
|
|
|
|
bool checkSubmitOnce(string action, bool is_fatal = true)
|
|
- registers a sequence number for a form.
|
|
- checks whether a submitted sequence number is registered in the
|
|
current session.
|
|
- depending on the value of is_fatal shows an error or returns true or
|
|
false.
|
|
- frees a sequence number from the stack after it's been checked.
|
|
- frees a sequence number without checking if action == 'free'.
|
|
|
|
void setBit(string &string, int position, int value)
|
|
- store a bit in a string at the given position fo string.
|
|
|
|
bool getBit(string &string, int position)
|
|
- read the bit stored in the string at a given position.
|
|
- return true/false depending on the value of the bit.
|
|
|
|
bool allowedTo(string permission, array boards = current)
|
|
- checks whether the user is allowed to do permission. (ie. post_new.)
|
|
- if boards is specified, checks those boards instead of the current.
|
|
- always returns true if the user is an administrator.
|
|
- returns true if he or she can do it, false otherwise.
|
|
|
|
void isAllowedTo(string permission, array boards = current)
|
|
- uses allowedTo() to check if the user is allowed to do permission.
|
|
- checks the passed boards or current board for the permission.
|
|
- if they are not, it loads the Errors language file and shows an
|
|
error using $txt['cannot_' . $permission].
|
|
- if they are a guest and cannot do it, this calls is_not_guest().
|
|
|
|
array boardsAllowedTo(string permission)
|
|
- returns a list of boards on which the user is allowed to do the
|
|
specified permission.
|
|
- returns an array with only a 0 in it if the user has permission
|
|
to do this on every board.
|
|
- returns an empty array if he or she cannot do this on any board.
|
|
*/
|
|
|
|
// Make sure the user is an administrator, otherwise quit.
|
|
function is_admin()
|
|
{
|
|
global $user_info;
|
|
|
|
// Check if this user is an administrator.
|
|
if (!$user_info['is_admin'])
|
|
{
|
|
// Make it so people won't worry about their online logs ;).
|
|
$_GET['action'] = '';
|
|
writeLog(true);
|
|
|
|
fatal_lang_error(1);
|
|
}
|
|
|
|
// Make sure the administrator has a valid session.
|
|
validateSession();
|
|
}
|
|
|
|
// Check if the user is who he/she sais he is
|
|
function validateSession()
|
|
{
|
|
global $modSettings, $sourcedir, $user_info;
|
|
|
|
// We don't care if the option is off, because Guests should NEVER get past here.
|
|
is_not_guest();
|
|
|
|
// Is the security option off? Or are they already logged in?
|
|
if (!empty($modSettings['securityDisable']) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + 3600 >= time()))
|
|
return;
|
|
|
|
require_once($sourcedir . '/Subs-Auth.php');
|
|
|
|
// Posting the password... check it.
|
|
if (isset($_POST['admin_pass']))
|
|
{
|
|
checkSession();
|
|
|
|
// Password correct?
|
|
if (md5_hmac($_POST['admin_pass'], strtolower($user_info['username'])) == $user_info['passwd'])
|
|
$_SESSION['admin_time'] = time();
|
|
// That password is wrong, sonny.
|
|
else
|
|
adminLogin();
|
|
}
|
|
// Need to type in a password for that, man.
|
|
else
|
|
adminLogin();
|
|
}
|
|
|
|
// Require a user who is logged in. (not a guest.)
|
|
function is_not_guest($message = '')
|
|
{
|
|
global $user_info, $sourcedir, $txt, $context;
|
|
|
|
// Luckily, this person isn't a guest.
|
|
if (!$user_info['is_guest'])
|
|
return;
|
|
|
|
// People always worry when they see people doing things they aren't actually doing...
|
|
$_GET['action'] = '';
|
|
writeLog(true);
|
|
|
|
$_SESSION['login_url'] = $_SERVER['REQUEST_URI'];
|
|
|
|
// Load the Login template and language file.
|
|
loadTemplate('Login');
|
|
loadLanguage('Login');
|
|
|
|
// Use the kick_guest sub template...
|
|
$context['kick_message'] = $message;
|
|
$context['sub_template'] = 'kick_guest';
|
|
$context['page_title'] = $txt[34];
|
|
|
|
obExit();
|
|
}
|
|
|
|
function autoWarn()
|
|
{
|
|
global $txt, $db_prefix, $modSettings, $sourcedir;
|
|
|
|
loadLanguage('InstantMessage');
|
|
|
|
// Only check warning levels once every blue moon
|
|
updateSettings(array('autoWarningTime' => time() + 600));
|
|
$request = db_query("
|
|
SELECT ID, memberID, timeToWarn, time, level
|
|
FROM {$db_prefix}vwarnings WHERE level < 3 AND level > 0", __FILE__, __LINE__);
|
|
include_once($sourcedir . '/Subs-Post.php');
|
|
while ($row = mysql_fetch_assoc($request)){
|
|
$IM=0;
|
|
if($row['timeToWarn'] == -1){
|
|
// Check if time is expired
|
|
if ($row['level'] == 1)
|
|
$timeinc = $modSettings['warningAutoTime']*86400;
|
|
else
|
|
$timeinc = $modSettings['muteAutoTime']*86400;
|
|
}
|
|
else
|
|
$timeinc = $row['timeToWarn']*86400;
|
|
|
|
if(time() >= $row['time'] + $timeinc) {
|
|
db_query("
|
|
UPDATE {$db_prefix}vwarnings
|
|
SET level = level - 1, time = time + " . $timeinc . ",
|
|
timeToWarn = -1
|
|
WHERE ID=$row[ID]", __FILE__, __LINE__);
|
|
db_query("
|
|
UPDATE {$db_prefix}members
|
|
SET warning=warning - 1
|
|
WHERE ID_MEMBER=$row[memberID]",__FILE__, __LINE__);
|
|
$IM=1;
|
|
}
|
|
if ($IM==1){
|
|
$result = db_query("
|
|
SELECT memberName, ID_MEMBER, emailAddress
|
|
FROM {$db_prefix}members
|
|
WHERE ID_MEMBER=$row[memberID]", __FILE__, __LINE__);
|
|
list($nameTo, $toID, $emailTo) = mysql_fetch_row($result);
|
|
$result = db_query("
|
|
SELECT ID_MEMBER, realName, memberName FROM {$db_prefix}members
|
|
WHERE ID_GROUP=1 LIMIT 1", __FILE__, __LINE__);
|
|
$fromInfo = mysql_fetch_row($result);
|
|
$from = array(
|
|
'id' => $fromInfo[0],
|
|
'name' => $fromInfo[1],
|
|
'username' => $fromInfo[2],
|
|
);
|
|
$immessage = $nameTo . "\n\n" . $txt['visual_warning_reduced'];
|
|
sendpm($toID, null, $txt['visual_reduced'], $immessage, $from);
|
|
}
|
|
}
|
|
}
|
|
// Do banning related stuff. (ie. disallow access....)
|
|
function is_not_banned()
|
|
{
|
|
global $txt, $db_prefix, $ID_MEMBER, $modSettings, $context, $user_info;
|
|
|
|
// You cannot be banned if you are an admin - doesn't help if you log out.
|
|
if ($user_info['is_admin'])
|
|
return;
|
|
|
|
// Only check the ban every so often. (to reduce load.)
|
|
if (!isset($_SESSION['ban']['last_checked']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || !isset($_SESSION['ban']['ID_MEMBER']) || $_SESSION['ban']['ID_MEMBER'] != $ID_MEMBER || !isset($_SESSION['ban']['ip']) || $_SESSION['ban']['ip'] != $user_info['ip'])
|
|
{
|
|
// Innocent until proven guilty. (but we know you are! :P)
|
|
$_SESSION['ban'] = array(
|
|
'full_ban' => array('is_banned' => false),
|
|
'cannot_register' => array('is_banned' => false),
|
|
'cannot_post' => array('is_banned' => false),
|
|
'last_checked' => time(),
|
|
'ID_MEMBER' => $ID_MEMBER,
|
|
'ip' => $user_info['ip'],
|
|
);
|
|
|
|
$ban_query = array();
|
|
|
|
// Check if we have a valid IP address.
|
|
if (preg_match('/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $user_info['ip'], $ip_parts) == 1)
|
|
{
|
|
$ban_query[] = "(ban_type = 'ip_ban'
|
|
AND ($ip_parts[1] BETWEEN ip_low1 AND ip_high1)
|
|
AND ($ip_parts[2] BETWEEN ip_low2 AND ip_high2)
|
|
AND ($ip_parts[3] BETWEEN ip_low3 AND ip_high3)
|
|
AND ($ip_parts[4] BETWEEN ip_low4 AND ip_high4))";
|
|
|
|
// IP was valid, maybe there's also a hostname...
|
|
if (empty($modSettings['disableHostnameLookup']))
|
|
{
|
|
$hostname = @gethostbyaddr($user_info['ip']);
|
|
if (strlen($hostname) > 0)
|
|
$ban_query[] = "(ban_type = 'hostname_ban' AND ('$hostname' LIKE hostname))";
|
|
}
|
|
}
|
|
// We use '255.255.255.255' for 'unknown' since it's not valid anyway.
|
|
elseif ($user_info['ip'] == 'unknown')
|
|
$ban_query[] = "(ban_type = 'ip_ban'
|
|
AND ip_low1 = 255 AND ip_high1 = 255
|
|
AND ip_low2 = 255 AND ip_high2 = 255
|
|
AND ip_low3 = 255 AND ip_high3 = 255
|
|
AND ip_low4 = 255 AND ip_high4 = 255)";
|
|
|
|
// Is their email address banned?
|
|
if (strlen($user_info['email']) != 0)
|
|
$ban_query[] = "(ban_type = 'email_ban' AND ('" . addslashes($user_info['email']) . "' LIKE email_address))";
|
|
|
|
// How about this user?
|
|
if (!$user_info['is_guest'])
|
|
$ban_query[] = "(ban_type = 'user_ban' AND ID_MEMBER = $ID_MEMBER)";
|
|
|
|
// Check the ban, if there's information.
|
|
if (!empty($ban_query))
|
|
{
|
|
$request = db_query("
|
|
SELECT ban_type, restriction_type, reason
|
|
FROM {$db_prefix}banned
|
|
WHERE (expire_time IS NULL OR expire_time > " . time() . ")
|
|
AND (" . implode(' OR ', $ban_query) . ')', __FILE__, __LINE__);
|
|
// Store every type of ban that applies to you in your session.
|
|
while ($row = mysql_fetch_assoc($request))
|
|
$_SESSION['ban'][$row['restriction_type']] = array(
|
|
'is_banned' => true,
|
|
'reason' => empty($row['reason']) ? '' : '<br /><br /><b>' . $txt['ban_reason'] . ':</b> ' . $row['reason'],
|
|
'type' => $row['ban_type']
|
|
);
|
|
}
|
|
}
|
|
|
|
# check Tor: disallow registration
|
|
$res = db_query(
|
|
"select * from tor_nodes where ip='${user_info['ip']}'",
|
|
__FILE__, __LINE__
|
|
);
|
|
if (mysql_num_rows($res) > 0) {
|
|
$_SESSION['ban']['cannot_register']['is_banned'] = true;
|
|
}
|
|
|
|
// If you're fully banned, it's end of the story for you.
|
|
if ($_SESSION['ban']['full_ban']['is_banned'])
|
|
{
|
|
db_query("
|
|
INSERT INTO {$db_prefix}log_banned
|
|
(ID_MEMBER, ip, email, logTime)
|
|
VALUES ($ID_MEMBER, '$user_info[ip]', " . (!$user_info['is_guest'] ? "'$user_info[email]'" : 'NULL') . ', ' . time() . ')', __FILE__, __LINE__);
|
|
|
|
// 'Log' the user out. Can't have any funny business... (save the name!)
|
|
$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt[28];
|
|
$user_info['name'] = '';
|
|
$user_info['username'] = '';
|
|
$user_info['is_guest'] = true;
|
|
$user_info['is_admin'] = false;
|
|
$user_info['permissions'] = array();
|
|
$ID_MEMBER = 0;
|
|
$context['user'] = array(
|
|
'id' => 0,
|
|
'username' => '',
|
|
'name' => $txt[28],
|
|
'is_guest' => true,
|
|
'is_logged' => false,
|
|
'is_admin' => false,
|
|
'is_mod' => false,
|
|
'language' => $user_info['language']
|
|
);
|
|
|
|
// You banned, sucka!
|
|
fatal_error(sprintf($txt[430], $old_name) . $_SESSION['ban']['full_ban']['reason']);
|
|
}
|
|
|
|
// Fix up the banning permissions.
|
|
if (isset($user_info['permissions']))
|
|
banPermissions();
|
|
}
|
|
|
|
// Fix permissions according to ban status.
|
|
function banPermissions()
|
|
{
|
|
global $user_info;
|
|
|
|
// Somehow they got here, at least take away all permissions...
|
|
if (isset($_SESSION['ban']) && $_SESSION['ban']['full_ban']['is_banned'])
|
|
$user_info['permissions'] = array();
|
|
// Okay, well, you can watch, but don't touch a thing.
|
|
elseif (isset($_SESSION['ban']) && $_SESSION['ban']['cannot_post']['is_banned'])
|
|
{
|
|
$user_info['permissions'] = array_diff(
|
|
$user_info['permissions'],
|
|
array(
|
|
'pm_send',
|
|
'calendar_post', 'calendar_edit_own', 'calendar_edit_any',
|
|
'poll_post',
|
|
'poll_add_own', 'poll_add_any',
|
|
'poll_edit_own', 'poll_edit_any',
|
|
'poll_lock_own', 'poll_lock_any',
|
|
'poll_remove_own', 'poll_remove_any',
|
|
'manage_attachments', 'manage_smileys', 'manage_boards', 'admin_forum', 'manage_permissions',
|
|
'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news',
|
|
'profile_identity_any', 'profile_extra_any', 'profile_title_any',
|
|
'post_new', 'post_reply_own', 'post_reply_any',
|
|
'remove_own', 'remove_any', 'remove_replies',
|
|
'make_sticky',
|
|
'merge_any', 'split_any',
|
|
'modify_own', 'modify_any', 'modify_replies',
|
|
'move_any',
|
|
'send_topic',
|
|
'lock_own', 'lock_any',
|
|
'delete_own', 'delete_any',
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
// Check if a name is in the reserved words list. (name, current member id, name/username?.)
|
|
function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true)
|
|
{
|
|
global $user_info, $modSettings, $db_prefix;
|
|
|
|
$checkName = strtolower($name);
|
|
|
|
// Administrators are never restricted ;).
|
|
if (!allowedTo('moderate_forum') && ((!empty($modSettings['reserveName']) && $is_name) || !empty($modSettings['reserveUser']) && !$is_name))
|
|
{
|
|
$reservedNames = explode("\n", $modSettings['reserveNames']);
|
|
// Case sensitive check?
|
|
$checkName = empty($modSettings['reserveCase']) ? strtolower($checkName) : $checkName;
|
|
|
|
// Check each name in the list...
|
|
foreach ($reservedNames as $reserved)
|
|
{
|
|
if ($reserved == '')
|
|
continue;
|
|
|
|
// Case sensitive name?
|
|
$reservedCheck = empty($modSettings['reserveCase']) ? strtolower($reserved) : $reserved;
|
|
// If it's not just entire word, check for it in there somewhere...
|
|
if ($checkName == $reservedCheck || (strpos($checkName, $reservedCheck) !== false && empty($modSettings['reserveWord'])))
|
|
fatal_lang_error(244, true, array($reserved));
|
|
}
|
|
}
|
|
|
|
// Get rid of any SQL parts of the reserved name and make it lowercase.
|
|
$checkName = strtr($name, array('_' => '\\_', '%' => '\\%'));
|
|
|
|
// Make sure they don't want someone else's name.
|
|
$request = db_query("
|
|
SELECT ID_MEMBER
|
|
FROM {$db_prefix}members
|
|
WHERE " . (empty($current_ID_MEMBER) ? '' : "ID_MEMBER != $current_ID_MEMBER
|
|
AND ") . "(realName LIKE '$checkName' OR memberName LIKE '$checkName')
|
|
LIMIT 1", __FILE__, __LINE__);
|
|
if (mysql_num_rows($request) > 0)
|
|
return true;
|
|
mysql_free_result($request);
|
|
|
|
// Does name case insensitive match a member group name?
|
|
$request = db_query("
|
|
SELECT ID_GROUP
|
|
FROM {$db_prefix}membergroups
|
|
WHERE groupName LIKE '$checkName'
|
|
LIMIT 1", __FILE__, __LINE__);
|
|
if (mysql_num_rows($request) > 0)
|
|
return true;
|
|
mysql_free_result($request);
|
|
|
|
// Okay, they passed.
|
|
return false;
|
|
}
|
|
|
|
// Make sure the user's correct session was passed, and they came from here. (type can be post, get, or request.)
|
|
function checkSession($type = 'post', $from_action = '', $is_fatal = true)
|
|
{
|
|
global $sc, $modSettings, $boardurl;
|
|
|
|
// Is it in as $_POST['sc']?
|
|
if ($type == 'post' && (!isset($_POST['sc']) || $_POST['sc'] != $sc))
|
|
$error = 'smf304';
|
|
// How about $_GET['sesc']?
|
|
elseif ($type == 'get' && (!isset($_GET['sesc']) || $_GET['sesc'] != $sc))
|
|
$error = 'smf305';
|
|
// Or can it be in either?
|
|
elseif ($type == 'request' && (!isset($_GET['sesc']) || $_GET['sesc'] != $sc) && (!isset($_POST['sc']) || $_POST['sc'] != $sc))
|
|
$error = 'smf305';
|
|
|
|
// Verify that they aren't changing user agents on us - that could be bad.
|
|
if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
|
|
$error = 'smf305';
|
|
|
|
// Check the referring site - it should be the same server at least!
|
|
$referrer = isset($_SERVER['HTTP_REFERER']) ? parse_url($_SERVER['HTTP_REFERER']) : array();
|
|
if (!empty($referrer['host']))
|
|
{
|
|
if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
|
|
$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
|
|
else
|
|
$real_host = $_SERVER['HTTP_HOST'];
|
|
|
|
$parsed_url = parse_url($boardurl);
|
|
|
|
// Are global cookies on? If so, let's check them ;).
|
|
if (!empty($modSettings['globalCookies']))
|
|
{
|
|
if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
|
|
$parsed_url['host'] = $parts[1];
|
|
|
|
if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
|
|
$referrer['host'] = $parts[1];
|
|
|
|
if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
|
|
$real_host = $parts[1];
|
|
}
|
|
|
|
// Okay: referrer must either match parsed_url or real_host.
|
|
if (strtolower($referrer['host']) != strtolower($parsed_url['host']) && strtolower($referrer['host']) != strtolower($real_host))
|
|
{
|
|
$error = 'smf306';
|
|
$log_error = true;
|
|
}
|
|
}
|
|
|
|
// Well, first of all, if a from_action is specified you'd better have an old_url.
|
|
if (!empty($from_action) && (!isset($_SESSION['old_url']) || preg_match('~[?;&]action=' . $from_action . '([;&]|$)~', $_SESSION['old_url']) == 0))
|
|
{
|
|
$error = 'smf306';
|
|
$log_error = true;
|
|
}
|
|
|
|
// Everything is ok, return an empty string.
|
|
if (!isset($error))
|
|
return '';
|
|
// A session error occurred, show the error.
|
|
elseif ($is_fatal)
|
|
fatal_lang_error($error, isset($log_error));
|
|
// A session error occurred, return the error to the calling function.
|
|
else
|
|
return $error;
|
|
}
|
|
|
|
// Check whether a form has been submitted twice.
|
|
function checkSubmitOnce($action, $is_fatal = true)
|
|
{
|
|
global $context;
|
|
|
|
// Register a form number and store it in the session stack. (use this on the page that has the form.)
|
|
if ($action == 'register')
|
|
{
|
|
// The stack hasn't been created yet. Start it off with a single bit in it and move the pointer to 0.
|
|
if (!isset($_SESSION['form_stack']) || !isset($_SESSION['form_stack_pointer']))
|
|
{
|
|
$_SESSION['form_stack'] = chr(1);
|
|
$_SESSION['form_stack_pointer'] = 0;
|
|
}
|
|
// We've already got one, so set the next bit in it.
|
|
else
|
|
setBit($_SESSION['form_stack'], $_SESSION['form_stack_pointer'], 1);
|
|
|
|
// Get the current value, and then increment the pointer.
|
|
$context['form_sequence_number'] = $_SESSION['form_stack_pointer']++;
|
|
}
|
|
// Check whether the submitted number can be found in the session.
|
|
elseif ($action == 'check')
|
|
{
|
|
// If the variable is indeed set, we have a stack, AND the bit isn't set on the stack....
|
|
if (isset($_REQUEST['seqnum']) && isset($_SESSION['form_stack']) && !getBit($_SESSION['form_stack'], $_REQUEST['seqnum']))
|
|
{
|
|
// You've already submitted.
|
|
if ($is_fatal)
|
|
fatal_lang_error('error_form_already_submitted', false);
|
|
else
|
|
return false;
|
|
}
|
|
// Otherwise, let's set the seqnum stack.
|
|
elseif (!isset($_REQUEST['seqnum']))
|
|
$_REQUEST['seqnum'] = 0;
|
|
|
|
// Release the number, never to be used again during this session.
|
|
setBit($_SESSION['form_stack'], $_REQUEST['seqnum'], 0);
|
|
|
|
return true;
|
|
}
|
|
// Don't check, just free the stack number.
|
|
elseif ($action == 'free' && !empty($_REQUEST['seqnum']) && getBit($_SESSION['form_stack'], $_REQUEST['seqnum']))
|
|
setBit($_SESSION['form_stack'], $_REQUEST['seqnum'], 0);
|
|
}
|
|
|
|
// Store a bit in a string at the given position (used by checkSubmitOnce).
|
|
function setBit(&$string, $position, $value)
|
|
{
|
|
// Get the character position of the character carying the bit.
|
|
$charPos = (int) floor($position / 8);
|
|
|
|
// Get the bit number of the character.
|
|
$bitPos = $position % 8;
|
|
|
|
// Enhance the string if its length is not sufficient.
|
|
if (strlen($string) < $charPos + 1)
|
|
$string .= str_repeat(chr(0), $charPos + 1 - strlen($string));
|
|
|
|
// Set or unset the bit depending on $value.
|
|
if (empty($value))
|
|
$string{$charPos} = chr(ord($string{$charPos}) & ~pow(2, $bitPos));
|
|
else
|
|
$string{$charPos} = chr(ord($string{$charPos}) | pow(2, $bitPos));
|
|
}
|
|
|
|
// Check whether a bit at the given position is set (used by checkSubmitOnce).
|
|
function getBit(&$string, $position)
|
|
{
|
|
// Get the position of the character this bit is in.
|
|
$charPos = (int) floor($position / 8);
|
|
|
|
// If the string isn't even that long, obviously it's 0/false.
|
|
if (strlen($string) < $charPos + 1)
|
|
return false;
|
|
|
|
// If the character's bits coincide with 2 ^ position, we got it! (assuming position is the size of the character, 8.)
|
|
return (ord($string{$charPos}) & pow(2, $position % 8)) > 0;
|
|
}
|
|
|
|
// Check the user's permissions.
|
|
function allowedTo($permission, $boards = null)
|
|
{
|
|
global $user_info, $db_prefix, $ID_MEMBER;
|
|
|
|
// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
|
|
if (empty($permission))
|
|
return true;
|
|
|
|
// You're never allowed to do something if your data hasn't been loaded yet!
|
|
if (empty($user_info) || !isset($user_info['permissions']))
|
|
return false;
|
|
|
|
// Administrators are supermen :P.
|
|
if ($user_info['is_admin'])
|
|
return true;
|
|
|
|
// no more than 3 polls in 24 hours. moderators excluded
|
|
if (! isset($user_info['is_mod'])) $user_info['is_mod'] = false;
|
|
if (! $user_info['is_mod'] && in_array($permission, array ('poll_post', 'poll_add_own'))) {
|
|
$request = db_query("
|
|
SELECT COUNT(*) as recent_polls
|
|
FROM {$db_prefix}polls
|
|
WHERE ID_MEMBER='{$ID_MEMBER}'
|
|
AND ts >= NOW() - INTERVAL 1 DAY", __FILE__, __LINE__);
|
|
list($c) = mysql_fetch_row($request);
|
|
if ($c >= 3 ) return false;
|
|
}
|
|
|
|
// Are we checking the _current_ board, or some other boards?
|
|
if ($boards === null)
|
|
{
|
|
// Check if they can do it.
|
|
if (!is_array($permission) && in_array($permission, $user_info['permissions']))
|
|
return true;
|
|
// Search for any of a list of permissions.
|
|
elseif (is_array($permission) && count(array_intersect($permission, $user_info['permissions'])) != 0)
|
|
return true;
|
|
// You aren't allowed, by default.
|
|
else
|
|
return false;
|
|
}
|
|
elseif (!is_array($boards))
|
|
$boards = array($boards);
|
|
|
|
$request = db_query("
|
|
SELECT MIN(bp.addDeny) AS addDeny
|
|
FROM {$db_prefix}boards AS b, {$db_prefix}board_permissions AS bp
|
|
WHERE b.ID_BOARD IN (" . implode(', ', $boards) . ")
|
|
AND bp.ID_BOARD = IF(b.use_local_permissions = 1, b.ID_BOARD, 0)
|
|
AND bp.ID_GROUP IN (" . implode(', ', array_diff($user_info['groups'], array(3))) . ")
|
|
AND bp.permission " . (is_array($permission) ? "IN (" . implode("', '", $permission) . ")" : " = '$permission'") . "
|
|
GROUP BY b.ID_BOARD", __FILE__, __LINE__);
|
|
|
|
// Make sure they can do it on all of the boards.
|
|
if (mysql_num_rows($request) != count($boards))
|
|
return false;
|
|
|
|
$result = true;
|
|
while ($row = mysql_fetch_assoc($request))
|
|
$result &= !empty($row['addDeny']);
|
|
mysql_free_result($request);
|
|
|
|
// If the query returned 1, they can do it... otherwise, they can't.
|
|
return $result;
|
|
}
|
|
|
|
// Fatal error if they cannot...
|
|
function isAllowedTo($permission, $boards = null)
|
|
{
|
|
global $user_info, $txt;
|
|
|
|
static $heavy_permissions = array(
|
|
'admin_forum',
|
|
'manage_attachments',
|
|
'manage_smileys',
|
|
'manage_boards',
|
|
'edit_news',
|
|
'moderate_forum',
|
|
'manage_bans',
|
|
'manage_membergroups',
|
|
'manage_permissions',
|
|
);
|
|
|
|
// Make it an array, even if a string was passed.
|
|
$permission = is_array($permission) ? $permission : array($permission);
|
|
|
|
// Check the permission and return an error...
|
|
if (!allowedTo($permission, $boards))
|
|
{
|
|
// Pick the last array entry as the permission shown as the error.
|
|
$error_permission = array_pop($permission);
|
|
|
|
// If they are a guest, show a login. (because the error might be gone if they do!)
|
|
if ($user_info['is_guest'])
|
|
{
|
|
loadLanguage('Errors');
|
|
is_not_guest($txt['cannot_' . $error_permission]);
|
|
}
|
|
|
|
// Clear the action because they aren't really doing that!
|
|
$_GET['action'] = '';
|
|
writeLog(true);
|
|
|
|
fatal_lang_error('cannot_' . $error_permission, false);
|
|
}
|
|
|
|
// If you're doing something on behalf of some "heavy" permissions, validate your session.
|
|
// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
|
|
if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
|
|
validateSession();
|
|
}
|
|
|
|
// Return the boards a user has a certain (board) permission on. (array(0) if all.)
|
|
function boardsAllowedTo($permission)
|
|
{
|
|
global $db_prefix, $ID_MEMBER, $user_info;
|
|
|
|
// Administrators are all powerful, sorry.
|
|
if ($user_info['is_admin'])
|
|
return array(0);
|
|
$boards = array();
|
|
$deny_boards = array();
|
|
|
|
// All groups the user is in except 'moderator'.
|
|
$groups = array_diff($user_info['groups'], array(3));
|
|
|
|
// Fetch boards that have the permission globally.
|
|
$request = db_query("
|
|
SELECT b.ID_BOARD, IFNULL(bp.addDeny, mod_bp.addDeny) AS addDeny
|
|
FROM {$db_prefix}boards AS b
|
|
LEFT JOIN {$db_prefix}board_permissions AS bp ON (bp.ID_BOARD = 0 AND bp.ID_GROUP IN (" . implode(', ', $groups) . ") AND bp.permission = '$permission')
|
|
LEFT JOIN {$db_prefix}moderators AS mods ON (mods.ID_MEMBER = $ID_MEMBER AND mods.ID_BOARD = b.ID_BOARD)
|
|
LEFT JOIN {$db_prefix}board_permissions AS mod_bp ON (mod_bp.ID_BOARD = 0 AND mod_bp.ID_GROUP = 3 AND mod_bp.permission = '$permission')
|
|
WHERE b.use_local_permissions = 0
|
|
AND (!ISNULL(bp.ID_BOARD) OR (!ISNULL(mod_bp.ID_BOARD) AND !ISNULL(mods.ID_MEMBER)))", __FILE__, __LINE__);
|
|
while ($row = mysql_fetch_assoc($request))
|
|
{
|
|
if (empty($row['addDeny']))
|
|
$deny_boards[] = $row['ID_BOARD'];
|
|
else
|
|
$boards[] = $row['ID_BOARD'];
|
|
}
|
|
mysql_free_result($request);
|
|
|
|
// Fetch boards that have the permission locally.
|
|
$request = db_query("
|
|
SELECT b.ID_BOARD, IFNULL(bp.addDeny, mod_bp.addDeny) AS addDeny
|
|
FROM {$db_prefix}boards AS b
|
|
LEFT JOIN {$db_prefix}board_permissions AS bp ON (bp.ID_BOARD = b.ID_BOARD AND bp.ID_GROUP IN (" . implode(', ', $groups) . ") AND bp.permission = '$permission')
|
|
LEFT JOIN {$db_prefix}moderators AS mods ON (mods.ID_MEMBER = $ID_MEMBER AND mods.ID_BOARD = b.ID_BOARD)
|
|
LEFT JOIN {$db_prefix}board_permissions AS mod_bp ON (mod_bp.ID_BOARD = mods.ID_BOARD AND mod_bp.ID_GROUP = 3 AND mod_bp.permission = '$permission')
|
|
WHERE b.use_local_permissions = 1
|
|
AND (!ISNULL(bp.ID_BOARD) OR !ISNULL(mod_bp.ID_BOARD))", __FILE__, __LINE__);
|
|
while ($row = mysql_fetch_assoc($request))
|
|
{
|
|
if (empty($row['addDeny']))
|
|
$deny_boards[] = $row['ID_BOARD'];
|
|
else
|
|
$boards[] = $row['ID_BOARD'];
|
|
}
|
|
mysql_free_result($request);
|
|
|
|
return array_values(array_diff($boards, $deny_boards));
|
|
}
|
|
|
|
?>
|