From a43449878d807fb797148263ba5b1b538b3d0f97 Mon Sep 17 00:00:00 2001 From: Anthony Parsons Date: Wed, 25 Jan 2006 20:49:51 +0000 Subject: [PATCH] =?utf8?q?Er.=20Stuff;=20Dumped=20PHP=205.0=20support=20fo?= =?utf8?q?r=205.1[.1],=20Fixed=20small=20sql=20error=20in=20detail.php,=20?= =?utf8?q?Made=20Points=20Cool=E2=84=A2:=20they=20have=20a=20thinger=20now?= =?utf8?q?=20(=C2=B6)=20like=20MA=20did,=20Fixed=20stupid=20error=20that?= =?utf8?q?=20meant=20admins=20couldn't=20post=20on=20admin-post-only=20stu?= =?utf8?q?ff?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- README.xml | 2 +- conf.php | 95 ++++++++++++++------------------------------------ detail.php | 2 +- lib/class.authuser.php | 6 ++-- 4 files changed, 32 insertions(+), 73 deletions(-) diff --git a/README.xml b/README.xml index 56d1e14..c26c197 100644 --- a/README.xml +++ b/README.xml @@ -20,7 +20,7 @@ That isn't the case here.

Requirements

-

You need PHP 5, MySQL 5 installed. In PHP, make sure the MySQLi, SPL and libxml extensions are enabled.

+

You need PHP 5.1 and MySQL 5 installed. In PHP, make sure the MySQLi, SPL and libxml extensions are enabled.

Installation

The DB files are in res/. Setup is the same as GFH except for a few things:

diff --git a/conf.php b/conf.php index 66fb368..17032f3 100644 --- a/conf.php +++ b/conf.php @@ -11,77 +11,47 @@ * @version $Id$ */ -/** - * Source revision displayed in the page footer. - * AFAIK there's no way to get the overall value both accurately and quickly, - * so the revision for just this file will have to do. - */ +// Numbers that go in the footer define('SO2VER', '$Rev$'); +define('CLOCK', microtime(1)); -// SO2 won't run on anything less than PHP 5, unless you're masochistic. -if ( version_compare(PHP_VERSION, '5.0', '<') ) { - header('HTTP/1.1 500 Internal Server Error'); - die('Server configuration error: PHP 5.0 or higher is _required_.'); -} - - -// Use verbose errors. They won't be shown to the general public anyway. +// Line noise error_reporting(E_ALL|E_STRICT); -/** - * Start that timer at the bottom of each page. - */ -define('CLOCK', microtime(1)); +// SO2 won't run on anything less than PHP 5.1 +if ( version_compare(PHP_VERSION, '5.1', '<') ) { + header('HTTP/1.1 500 Internal Server Error'); + die('Server configuration error: PHP 5.1 or higher not found.'); +} -/* Empty exception classes. - These allow for more specific catch{} blocks. */ +// Classes +require 'lib/class.page.php'; +require 'lib/class.so2mysqli.php'; +require 'lib/class.anonuser.php'; class InvalidInputException extends Exception {} class DatabaseException extends Exception {} class RateLimitException extends Exception {} - - -/* SPL exception classes: - These classes are defined in the Standard PHP Library in PHP 5.1 and above. - If you only run the code on a 5.0 server, you can delete the "if...{" and "}" lines. - If you only run it on a 5.1 server, you can delete the lines inbetween too. */ -if ( version_compare(PHP_VERSION, '5.1', '<') ) { - class OutOfBoundsException extends Exception {} - class RuntimeException extends Exception {} - class LengthException extends Exception {} -} - - -/** - * Class autoloader - */ function __autoload($classname) { require 'lib/class.'.$classname.'.php'; } -// While we're doing that, these are always used -require 'lib/class.page.php'; -require 'lib/class.so2mysqli.php'; -require 'lib/class.anonuser.php'; -// Debug settings + +// Turn Dev mode on if ( $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] ) { - /** - * If the "DEVELOPER" constant is defined a bunch of stuff works differently. - */ define('DEVELOPER', 1); } -// Create page object. The earlier this is done the better, because it contains the error handler stuff. + +// Create page object, contains the error handler stuff. $page = new page; // Set up exception handler and database connection here if ( defined('DEVELOPER') ) { - /* Using the output buffer lets us switch off XHTML mode later if something buggers up. - Fixing PHP errors is a lot less stressful when they're not hidden behind XML ones. */ ob_start(); function e_handler($exception) @@ -114,53 +84,42 @@ require 'mysql.php'; define('PHPMYADMAN_SRCURL', 'HTTP://LOCALHOST/PPHMYADM/index.php'); // src url 4 pnphmyadim 2 load db wif FUNCTION_EXISTS(MYSQLI_USE_RESULT. 'LOCALHOST'. 'specialops'. '2q4#da'. PHPMYADMAN_SRCURL); // conect 2 dbb pw!!1 - SECRAT PASWOD -// Check for a DB connection error. Shit happens. +// This probably isn't needed if ( mysqli_connect_errno() ) { header('HTTP/1.1 500 Internal Server Error'); die('Server error: No database connection'); } -// Check MySQL server version. See the comment about PHP versions at the top of the file. -if ( version_compare($DB->server_info, '5.0', '<') ) { - header('HTTP/1.1 500 Internal Server Error'); - die('Server error: MySQL 5 not found'); -} - - -// Login cookie setting hack +// On-Login cookie setting hack if ( isset($_POST['login'], $_POST['u'], $_POST['p']) ) { list($_COOKIE['u'], $_COOKIE['p']) = array($_POST['u'], $_POST['p']); } - -// The rest of the file is stuff to decide whether you're logged in or not: +// Destroy user cookie details on logout if ( isset($_POST['logout']) ) { - setcookie('u', null, 1, '/'); setcookie('p', null, 1, '/'); unset($_COOKIE); - $user = new anonuser; - -} elseif ( isset($_COOKIE['u'], $_COOKIE['p']) ) { - - /* Try to get the user ID from the DB. - Also tells the DB to remember your user ID, saves fucking around with PHP globals all the time. */ +} + +// Auth bit +if ( isset($_COOKIE['u'], $_COOKIE['p']) ) { + /* Try to get the user ID from the DB, and shove it into a MySQL var. */ $q = $DB->query('SELECT @userid := `userid` FROM `users` WHERE `alias` = '.$DB->string($_COOKIE['u']).' AND (`password` = AES_ENCRYPT('.$DB->string($_COOKIE['p']).', `reg_ip`) OR `password` IS NULL)'); - // If there's a matching row in the DB then they're authenticated + // orly if ( 1 === $q->num_rows ) { - // Keep people logged in for 24 hours after their last page view + // Keep login cookie valid setcookie('u', $_COOKIE['u'], time()+86400, '/'); setcookie('p', $_COOKIE['p'], time()+86400, '/'); $user = new authuser(isset($prefetch) ? $prefetch : null); } else { - /* This block of code gets executed if they fail a login attempt. - The relevant insults are in lib/class.page.php */ + // Wipe cookies if bad login setcookie('u', null, 1, '/'); setcookie('p', null, 1, '/'); diff --git a/detail.php b/detail.php index de3dc14..166a8cf 100644 --- a/detail.php +++ b/detail.php @@ -53,7 +53,7 @@ $page->nav['Message List: '.$topic['topic_title']] = 'messagelist?'.$topic['topi $query = 'SELECT `messages`.`userid`, `alias`, `mtime`, `mtext`, `replyto`, - `score`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip` + `score`, `marks`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip` FROM `message-data` NATURAL LEFT JOIN `messages` NATURAL LEFT JOIN `users` diff --git a/lib/class.authuser.php b/lib/class.authuser.php index 62cfd79..469344f 100644 --- a/lib/class.authuser.php +++ b/lib/class.authuser.php @@ -31,7 +31,7 @@ class authuser extends reguser $this->userlinks = array( /* Username link*/ - sprintf('%s (%d)', $this->attrcache['alias'], $this->attrcache['points']) + sprintf('%s (%d¶)', $this->attrcache['alias'], $this->attrcache['points']) => 'user', /* Online Users link */ vsprintf('Online Users: %d', $DB->query('SELECT COUNT(*) AS `c` FROM `users` @@ -199,9 +199,9 @@ class authuser extends reguser return (defined('DEVELOPER') || $this->admin); case 'viewboard': case 'postmessage': - return (func_get_arg(1) != 'admin'); + return ($this->admin || func_get_arg(1) != 'admin'); case 'posttopic': - return (func_get_arg(1) == 'none'); + return ($this->admin || func_get_arg(1) == 'none'); default: throw New UnexpectedValueException($name); } -- 2.11.4.GIT