Merge branch 'master' of github.com:vichan-devel/Tinyboard
Conflicts: js/post-hider.js
This commit is contained in:
czaks
@@ -29,6 +29,11 @@ function mkhash($username, $password, $salt = false) {
|
||||
return $hash;
|
||||
}
|
||||
|
||||
function generate_salt() {
|
||||
mt_srand(microtime(true) * 100000 + memory_get_usage(true));
|
||||
return md5(uniqid(mt_rand(), true));
|
||||
}
|
||||
|
||||
function login($username, $password, $makehash=true) {
|
||||
global $mod;
|
||||
|
||||
@@ -37,20 +42,23 @@ function login($username, $password, $makehash=true) {
|
||||
$password = sha1($password);
|
||||
}
|
||||
|
||||
$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
|
||||
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username");
|
||||
$query->bindValue(':username', $username);
|
||||
$query->bindValue(':password', $password);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if ($user = $query->fetch()) {
|
||||
return $mod = array(
|
||||
'id' => $user['id'],
|
||||
'type' => $user['type'],
|
||||
'username' => $username,
|
||||
'hash' => mkhash($username, $password),
|
||||
'boards' => explode(',', $user['boards'])
|
||||
);
|
||||
} else return false;
|
||||
if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
|
||||
if ($user['password'] === hash('sha256', $user['salt'] . $password)) {
|
||||
return $mod = array(
|
||||
'id' => $user['id'],
|
||||
'type' => $user['type'],
|
||||
'username' => $username,
|
||||
'hash' => mkhash($username, $user['password']),
|
||||
'boards' => explode(',', $user['boards'])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function setCookies() {
|
||||
@@ -75,7 +83,7 @@ function destroyCookies() {
|
||||
|
||||
function modLog($action, $_board=null) {
|
||||
global $mod, $board, $config;
|
||||
$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)");
|
||||
$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
|
||||
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
|
||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
||||
$query->bindValue(':time', time(), PDO::PARAM_INT);
|
||||
@@ -104,10 +112,10 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1");
|
||||
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
|
||||
$query->bindValue(':username', $cookie[0]);
|
||||
$query->execute() or error(db_error($query));
|
||||
$user = $query->fetch();
|
||||
$user = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
// validate password hash
|
||||
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
|
||||
@@ -135,11 +143,11 @@ function create_pm_header() {
|
||||
return $header;
|
||||
}
|
||||
|
||||
$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
|
||||
$query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1");
|
||||
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if ($pm = $query->fetch())
|
||||
if ($pm = $query->fetch(PDO::FETCH_ASSOC))
|
||||
$header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
|
||||
else
|
||||
$header = true;
|
||||
|
||||
@@ -56,11 +56,12 @@ function parse_time($str) {
|
||||
function ban($mask, $reason, $length, $board) {
|
||||
global $mod, $pdo;
|
||||
|
||||
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)");
|
||||
$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)");
|
||||
$query->bindValue(':ip', $mask);
|
||||
$query->bindValue(':mod', $mod['id']);
|
||||
$query->bindValue(':time', time());
|
||||
if ($reason !== '') {
|
||||
$reason = escape_markup_modifiers($reason);
|
||||
markup($reason);
|
||||
$query->bindValue(':reason', $reason);
|
||||
} else
|
||||
@@ -89,12 +90,12 @@ function ban($mask, $reason, $length, $board) {
|
||||
}
|
||||
|
||||
function unban($id) {
|
||||
$query = prepare("SELECT `ip` FROM `bans` WHERE `id` = :id");
|
||||
$query = prepare("SELECT `ip` FROM ``bans`` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $id);
|
||||
$query->execute() or error(db_error($query));
|
||||
$mask = $query->fetchColumn();
|
||||
|
||||
$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
|
||||
$query = prepare("DELETE FROM ``bans`` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $id);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
|
||||
@@ -1,5 +1,43 @@
|
||||
<?php
|
||||
|
||||
function permission_to_edit_config_var($varname) {
|
||||
global $config, $mod;
|
||||
|
||||
if (is_array($config['mod']['config'][DISABLED])) {
|
||||
foreach ($config['mod']['config'][DISABLED] as $disabled_var_name) {
|
||||
$disabled_var_name = explode('>', $disabled_var_name);
|
||||
if (count($disabled_var_name) == 1)
|
||||
$disabled_var_name = $disabled_var_name[0];
|
||||
if ($varname == $disabled_var_name)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$allow_only = false;
|
||||
// for ($perm = (int)$mod['type']; $perm >= JANITOR; $perm --) {
|
||||
for ($perm = JANITOR; $perm <= (int)$mod['type']; $perm ++) {
|
||||
$allow_only = false;
|
||||
if (is_array($config['mod']['config'][$perm])) {
|
||||
foreach ($config['mod']['config'][$perm] as $perm_var_name) {
|
||||
if ($perm_var_name == '!') {
|
||||
$allow_only = true;
|
||||
continue;
|
||||
}
|
||||
$perm_var_name = explode('>', $perm_var_name);
|
||||
if ((count($perm_var_name) == 1 && $varname == $perm_var_name[0]) ||
|
||||
(is_array($varname) && array_slice($varname, 0, count($perm_var_name)) == $perm_var_name)) {
|
||||
if ($allow_only)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return !$allow_only;
|
||||
}
|
||||
|
||||
function config_vars() {
|
||||
global $config;
|
||||
|
||||
@@ -13,13 +51,14 @@ function config_vars() {
|
||||
'default_temp' => false
|
||||
);
|
||||
$temp_comment = false;
|
||||
$line_no = 0;
|
||||
foreach ($config_file as $line) {
|
||||
if ($temp_comment) {
|
||||
$var['comment'][] = $temp_comment;
|
||||
$temp_comment = false;
|
||||
}
|
||||
|
||||
if (preg_match('!^\s*// (.*)$!', $line, $matches)) {
|
||||
if (preg_match('!^\s*// ([^$].*)$!', $line, $matches)) {
|
||||
if ($var['default'] !== false) {
|
||||
$line = '';
|
||||
$temp_comment = $matches[1];
|
||||
@@ -28,7 +67,10 @@ function config_vars() {
|
||||
}
|
||||
} else if ($var['default_temp'] !== false) {
|
||||
$var['default_temp'] .= "\n" . $line;
|
||||
} elseif (preg_match('!^\s*\$config\[(.+?)\] = (.+?)(;( //.+)?)?$!', $line, $matches)) {
|
||||
} elseif (preg_match('!^[\s/]*\$config\[(.+?)\] = (.+?)(;( //.+)?)?$!', $line, $matches)) {
|
||||
if (preg_match('!^\s*//\s*!', $line)) {
|
||||
$var['commented'] = true;
|
||||
}
|
||||
$var['name'] = explode('][', $matches[1]);
|
||||
if (count($var['name']) == 1) {
|
||||
$var['name'] = preg_replace('/^\'(.*)\'$/', '$1', end($var['name']));
|
||||
@@ -43,21 +85,38 @@ function config_vars() {
|
||||
$var['default_temp'] = $matches[2];
|
||||
}
|
||||
|
||||
if (trim($line) === '') {
|
||||
if ($var['name'] !== false) {
|
||||
if ($var['default_temp'])
|
||||
$var['default'] = $var['default_temp'];
|
||||
|
||||
$temp = eval('return ' . $var['default'] . ';');
|
||||
if (!isset($temp))
|
||||
if ($var['name'] !== false) {
|
||||
if ($var['default_temp'])
|
||||
$var['default'] = $var['default_temp'];
|
||||
if ($var['default'][0] == '&')
|
||||
continue; // This is just an alias.
|
||||
if (!preg_match('/^array|\[\]|function/', $var['default']) && !preg_match('/^Example: /', trim(implode(' ', $var['comment'])))) {
|
||||
$syntax_error = true;
|
||||
$temp = eval('$syntax_error = false;return ' . $var['default'] . ';');
|
||||
if ($syntax_error && $temp === false) {
|
||||
error('Error parsing config.php (line ' . $line_no . ')!', null, $var);
|
||||
} elseif (!isset($temp)) {
|
||||
$var['type'] = 'unknown';
|
||||
else
|
||||
} else {
|
||||
$var['type'] = gettype($temp);
|
||||
}
|
||||
|
||||
if ($var['type'] == 'integer' && $var['name'][0] == 'mod' &&
|
||||
(in_array($var['default'], array('JANITOR', 'MOD', 'ADMIN', 'DISABLED')) || mb_strpos($var['default'], "\$config['mod']") === 0)) {
|
||||
// Permissions variable
|
||||
$var['permissions'] = true;
|
||||
}
|
||||
|
||||
unset($var['default_temp']);
|
||||
|
||||
if (!is_array($var['name']) || (end($var['name']) != '' && !in_array(reset($var['name']), array('stylesheets')))) {
|
||||
$conf[] = $var;
|
||||
$already_exists = false;
|
||||
foreach ($conf as $_var) {
|
||||
if ($var['name'] == $_var['name'])
|
||||
$already_exists = true;
|
||||
|
||||
}
|
||||
if (!$already_exists && permission_to_edit_config_var($var['name']))
|
||||
$conf[] = $var;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,9 +124,17 @@ function config_vars() {
|
||||
'name' => false,
|
||||
'comment' => array(),
|
||||
'default' => false,
|
||||
'default_temp' => false
|
||||
'default_temp' => false,
|
||||
'commented' => false,
|
||||
'permissions' => false,
|
||||
);
|
||||
}
|
||||
|
||||
if (trim($line) === '') {
|
||||
$var['comment'] = array();
|
||||
}
|
||||
|
||||
$line_no++;
|
||||
}
|
||||
|
||||
return $conf;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user