| author | Dan |
| Sat, 05 Apr 2008 23:56:45 -0400 | |
| changeset 6 | 5e1f1e916419 |
| parent 5 | e3d7322305bf |
| child 8 | 8baccbad4a55 |
| permissions | -rwxr-xr-x |
| 1 | 1 |
<?php |
2 |
/* |
|
3 |
Plugin Name: PunBB forum integration |
|
4 |
Plugin URI: http://enanocms.org/PunBB_plugin |
|
5 |
Description: Provides a complete forum solution in PunBB, a separately maintained and very lightweight GPL forum. |
|
6 |
Author: Dan Fuhry |
|
| 6 | 7 |
Version: 1.3-beta |
| 1 | 8 |
Author URI: http://enanocms.org/ |
9 |
*/ |
|
| 0 | 10 |
|
| 1 | 11 |
/* |
12 |
* PunBB Plugin for Enano CMS |
|
| 6 | 13 |
* Version 1.3-beta |
14 |
* Copyright (C) 2006-2008 Dan Fuhry |
|
15 |
* Copyright (C) 2002-2008 Rickard Andersson |
|
| 1 | 16 |
* |
17 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
18 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
19 |
* |
|
20 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
21 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
22 |
*/ |
|
23 |
||
24 |
$plugins->attachHook('base_classes_initted', '
|
|
25 |
global $paths; |
|
26 |
||
27 |
$paths->add_page(Array( |
|
28 |
\'name\'=>\'Forum\', |
|
29 |
\'urlname\'=>\'Forum\', |
|
30 |
\'namespace\'=>\'Special\', |
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
32 |
)); |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
33 |
|
| 1 | 34 |
'); |
35 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
36 |
$plugins->attachHook('session_started', '
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
37 |
$pid = RenderMan::strToPageId($paths->get_pageid_from_url()); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
38 |
|
| 6 | 39 |
$is_style_or_script = ( strpos($_SERVER["REQUEST_URI"], "/style/") || strpos($_SERVER["REQUEST_URI"], "/include/js/") ); |
40 |
if ( getConfig("punbb_installed") == "yes" && getConfig("punbb_version") == PUNANO_VERSION && $pid[0] == "Forum" && $pid[1] == "Special" && !$is_style_or_script )
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
41 |
{
|
| 5 | 42 |
require( "punbb/include/common.php" ); |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
43 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
44 |
'); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
45 |
|
| 6 | 46 |
define('PUNANO_VERSION', '0.1.3-beta');
|
47 |
define('PUNBB_VERSION', '1.3-beta');
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
48 |
define('PUN_ROOT', ENANO_ROOT . '/punbb/');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
49 |
define('PUN', '');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
50 |
define('PUN_DISABLE_BUFFERING', '');
|
| 6 | 51 |
// define('PUN_SHOW_QUERIES', '');
|
| 1 | 52 |
|
53 |
function page_Special_Forum() |
|
54 |
{
|
|
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
55 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 1 | 56 |
if ( getConfig('punbb_installed') != 'yes' )
|
57 |
{
|
|
58 |
punano_installer(); |
|
59 |
} |
|
60 |
else if ( getConfig('punbb_version') != PUNANO_VERSION )
|
|
61 |
{
|
|
62 |
punano_upgrade(); |
|
63 |
} |
|
| 6 | 64 |
else if ( $paths->getParam(0) == 'admin' ) |
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
65 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
66 |
punano_admin_console(); |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
67 |
} |
| 6 | 68 |
else if ( $paths->getParam(0) == 'style' ) |
69 |
{
|
|
70 |
$path = $paths->getAllParams(); |
|
71 |
header('Location: ' . scriptPath . '/punbb/' . $path);
|
|
72 |
exit(); |
|
73 |
} |
|
74 |
else if ( $paths->getParam(0) == 'include' && $paths->getParam(1) == 'js' ) |
|
75 |
{
|
|
76 |
$path = $paths->getAllParams(); |
|
77 |
header('Location: ' . scriptPath . '/punbb/' . $path);
|
|
78 |
exit(); |
|
79 |
} |
|
| 1 | 80 |
else |
81 |
{
|
|
82 |
punano_main(); |
|
83 |
} |
|
84 |
} |
|
85 |
||
86 |
function punano_installer() |
|
87 |
{
|
|
88 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
89 |
// First check our permissions |
|
90 |
if ( $session->user_level < USER_LEVEL_ADMIN ) |
|
91 |
{
|
|
92 |
die_friendly('Punano initialization error', '<p>The Punano plugin doesn\'t have its database schema installed yet, and your user account doesn\'t have permission to install it. Please ask the administrator of this site to set up Punano.</p>');
|
|
93 |
} |
|
94 |
else if ( $session->auth_level < USER_LEVEL_ADMIN ) |
|
95 |
{
|
|
96 |
$url = makeUrlNS('Special', 'Login/' . $paths->page, 'level=' . USER_LEVEL_ADMIN, true);
|
|
| 6 | 97 |
pun_redirect($url, 'Permission denied', 'You need to have an active high-privilege session to set up Punano.', 4); |
| 1 | 98 |
} |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
99 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
100 |
$template->header(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
101 |
|
| 1 | 102 |
// Permissions are good |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
103 |
if ( isset($_POST['do_install']) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
104 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
105 |
$result = _punano_perform_install(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
106 |
if ( $result ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
107 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
108 |
echo '<p>PunBB installation has succeeded.</p>'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
109 |
echo '<p><b><a href="' . makeUrlNS('Special', 'Forum') . '">Take me to my forum!</a></b></p>';
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
110 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
111 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
112 |
else |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
113 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
114 |
$url = makeUrlNS('Special', 'Forum');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
115 |
?> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
116 |
<form action="<?php echo $url; ?>" method="post"> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
117 |
<p><b>Before Punano can be used, you need to install the database.</b></p> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
118 |
<p>This process will create several new tables in your database, and then fill them in with a default configuration for PunBB. |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
119 |
You should only continue if you have CREATE TABLE and CREATE INDEX privileges on your database.</p> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
120 |
<p><input type="submit" style="font-weight: bold;" name="do_install" value="Install PunBB" /></p> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
121 |
</form> |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
122 |
<?php |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
123 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
124 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
125 |
$template->footer(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
126 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
127 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
128 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
129 |
function _punano_perform_install() |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
130 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
131 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 6 | 132 |
global $dbdriver; |
133 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
134 |
$db_prefix = table_prefix . 'pun_'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
135 |
$admin_email = getConfig('contact_email');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
136 |
$pun_version = PUNBB_VERSION; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
137 |
|
| 6 | 138 |
$schema = file_get_contents( ENANO_ROOT . "/punbb/install-$dbdriver.sql" ); |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
139 |
if ( empty($schema) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
140 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
141 |
echo 'ERROR: cannot load schema file!'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
142 |
return false; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
143 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
144 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
145 |
$replace = array( |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
146 |
'{{TABLE_PREFIX}}' => $db_prefix,
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
147 |
'{{ENANO_ADMIN_EMAIL}}' => $admin_email,
|
| 6 | 148 |
'{{PUN_VERSION}}' => $pun_version,
|
149 |
'{{NOW}}' => strval(time())
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
150 |
); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
151 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
152 |
$schema = strtr($schema, $replace); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
153 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
154 |
// Build an array of queries (from Enano's install.php) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
155 |
$schema = explode("\n", $schema);
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
156 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
157 |
foreach ( $schema as $i => $sql ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
158 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
159 |
$query =& $schema[$i]; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
160 |
$t = trim($query); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
161 |
if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
162 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
163 |
unset($schema[$i]); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
164 |
unset($query); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
165 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
166 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
167 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
168 |
$schema = array_values($schema); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
169 |
$schema = implode("\n", $schema);
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
170 |
$schema = explode(";\n", $schema);
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
171 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
172 |
foreach ( $schema as $i => $sql ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
173 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
174 |
$query =& $schema[$i]; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
175 |
if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
176 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
177 |
$query .= ';'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
178 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
179 |
if ( !$db->check_query($query) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
180 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
181 |
echo 'ERROR: Query safety check failed.<pre>' . $query . '</pre>'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
182 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
183 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
184 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
185 |
foreach ( $schema as $query ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
186 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
187 |
if ( !$db->sql_query($query) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
188 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
189 |
echo $db->get_error(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
190 |
return false; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
191 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
192 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
193 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
194 |
// Insert users |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
195 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 1;');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
196 |
if ( !$q ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
197 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
198 |
echo $db->get_error(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
199 |
return false; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
200 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
201 |
$uid_list = array(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
202 |
while ( $row = $db->fetchrow_num() ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
203 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
204 |
$uid_list[] = $row[0]; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
205 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
206 |
$query = 'INSERT INTO '.table_prefix.'pun_users(id) VALUES(' . implode('),(', $uid_list) . ');';
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
207 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
208 |
if ( !$db->sql_query($query) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
209 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
210 |
echo $db->get_error(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
211 |
return false; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
212 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
213 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
214 |
setConfig('punbb_installed', 'yes');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
215 |
setConfig('punbb_version', PUNANO_VERSION);
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
216 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
217 |
return true; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
218 |
|
| 1 | 219 |
} |
220 |
||
221 |
function punano_upgrade() |
|
222 |
{
|
|
223 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
| 5 | 224 |
|
| 1 | 225 |
} |
226 |
||
227 |
function punano_main() |
|
228 |
{
|
|
229 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
230 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
231 |
// At this point, the PunBB API is already loaded |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
232 |
// So we'll include one of the Pun frontend files |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
233 |
|
| 6 | 234 |
/* |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
235 |
$valid = array('delete', 'edit', 'extern', 'help', 'index', 'misc', 'moderate', 'post', 'profile', 'search', 'userlist', 'viewforum', 'viewtopic');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
236 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
237 |
$file = 'index'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
238 |
if ( $x = $paths->getParam(0) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
239 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
240 |
$x = preg_replace('/\.php$/', '', $x);
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
241 |
if ( in_array(strtolower($x), $valid) ) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
242 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
243 |
$file = strtolower($x); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
244 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
245 |
} |
| 6 | 246 |
*/ |
247 |
$file = 'rewrite'; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
248 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
1
diff
changeset
|
249 |
// Don't worry. This is sanitized. |
| 6 | 250 |
$file = PUN_ROOT . $file . '.php'; |
251 |
require $file; |
|
| 1 | 252 |
} |
253 |
||
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
254 |
function punano_admin_console() |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
255 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
256 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
257 |
|
| 6 | 258 |
$valid = array('bans', 'categories', 'censoring', 'extensions', 'forums', 'groups', 'index', 'options', 'prune', 'ranks', 'reindex', 'reports', 'users');
|
259 |
$mod = array(); |
|
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
260 |
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
261 |
$file = 'index'; |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
262 |
|
| 6 | 263 |
if ( $x = $paths->getParam(1) ) |
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
264 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
265 |
$x = preg_replace('/\.php$/', '', $x);
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
266 |
$x = preg_replace('/^admin_/i', '', $x);
|
| 6 | 267 |
if ( in_array(strtolower($x), $valid) || in_array(strtolower($x), $mod) ) |
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
268 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
269 |
$file = strtolower($x); |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
270 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
271 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
272 |
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
273 |
if ( in_array($file, $mod) ) |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
274 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
275 |
$need_level = USER_LEVEL_MOD; |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
276 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
277 |
else |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
278 |
{
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
279 |
$need_level = USER_LEVEL_ADMIN; |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
280 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
281 |
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
282 |
if ( $session->auth_level < $need_level ) |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
283 |
{
|
| 5 | 284 |
redirect( makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, false), 'Permission denied', 'You need to have permission level ' . $session->userlevel_to_string($need_level) . ' to use the PunBB administration console.', 2);
|
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
285 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
286 |
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
287 |
// Don't worry. This is sanitized. |
| 6 | 288 |
require PUN_ROOT . 'admin/' . $file . '.php'; |
|
3
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
289 |
|
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
290 |
} |
|
c0c445d4a13e
Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents:
2
diff
changeset
|
291 |
|
| 1 | 292 |
?> |