--- a/punbb/include/functions.php Thu Jul 12 01:04:01 2007 -0400
+++ b/punbb/include/functions.php Thu Jul 12 15:00:35 2007 -0400
@@ -41,7 +41,7 @@
if($session->user_logged_in)
{
$result = $pun_db->query(
- 'SELECT eu.*, u.*, eu.real_name AS realname, eu.user_level AS g_id, g.*, o.logged, o.idle
+ 'SELECT eu.*, u.*, eu.real_name AS realname, g.*, eu.user_level AS g_id, o.logged, o.idle
FROM '.$pun_db->prefix.'users AS u
LEFT JOIN '.table_prefix.'users AS eu
ON eu.user_id=u.id
@@ -238,6 +238,7 @@
function generate_navlinks()
{
global $pun_config, $lang_common, $pun_user;
+ global $db, $session, $paths, $template, $plugins; // Common objects
// Index and Userlist should always be displayed
$links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>';
@@ -246,7 +247,7 @@
if ($pun_config['o_rules'] == '1')
$links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>';
- if ($pun_user['is_guest'])
+ if ( !$session->user_logged_in )
{
if ($pun_user['g_search'] == '1')
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
@@ -258,7 +259,7 @@
}
else
{
- if ($pun_user['g_id'] < PUN_MOD)
+ if ($pun_user['g_id'] < USER_LEVEL_ADMIN)
{
if ($pun_user['g_search'] == '1')
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
@@ -642,8 +643,16 @@
function confirm_referrer($script)
{
global $pun_config, $lang_common;
+
+ $script = preg_replace('/\.php$/i', '', $script);
+
+ if ( isset($_SERVER['HTTP_REFERER']) )
+ $referrer = strtolower($_SERVER['HTTP_REFERER']);
- if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
+ $regex = '#^' . preg_quote(strtolower(str_replace('www.', '', $pun_config['o_base_url'])).'/'.$script, '#') . '#i';
+ $ref_check = str_replace('www.', '', (isset($referrer) ? $referrer : ''));
+
+ if ( !preg_match($regex, $ref_check) )
message($lang_common['Bad referrer']);
}
@@ -820,6 +829,12 @@
if ($destination_url == '')
$destination_url = 'index.php';
+
+ if ( preg_match('/^admin_([a-z0-9_]+?)\.php$/i', $destination_url, $match) )
+ {
+ $module = capitalize_first_letter($match[1]);
+ $destination_url = makeUrlNS('Special', 'Forum/Admin_' . $module);
+ }
// If the delay is 0 seconds, we might as well skip the redirect all together
if ($pun_config['o_redirect_delay'] == '0')