SimpleMachines /
SMF2.1
@@ -89,7 +89,9 @@ |
||
| 89 | 89 | <li><a href="#" onclick="showSSIBlock('ssi_quickSearch'); return false;">Quick Search Box</a></li> |
| 90 | 90 | <li><a href="#" onclick="showSSIBlock('ssi_recentAttachments'); return false;">Recent Attachments</a></li> |
| 91 | 91 | </ul> |
| 92 | - <?php if ($user_info['is_admin']) { ?> |
|
| 92 | + <?php if ($user_info['is_admin']) |
|
| 93 | +{ |
|
| 94 | +?> |
|
| 93 | 95 | <h3>Advanced Functions <img class="help" title="Functions that require additional tweaking, not just copy and paste." src="<?php echo $settings['images_url']; ?>/helptopics.png" alt=""></h3> |
| 94 | 96 | <ul> |
| 95 | 97 | <li><a href="#" onclick="showSSIBlock('ssi_showPoll'); return false;">Show Single Poll</a></li> |
@@ -18,7 +18,8 @@ discard block |
||
| 18 | 18 | |
| 19 | 19 | namespace { |
| 20 | 20 | |
| 21 | - if (!defined('PASSWORD_DEFAULT')) { |
|
| 21 | + if (!defined('PASSWORD_DEFAULT')) |
|
| 22 | + { |
|
| 22 | 23 | |
| 23 | 24 | define('PASSWORD_BCRYPT', 1); |
| 24 | 25 | define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); |
@@ -34,29 +35,37 @@ discard block |
||
| 34 | 35 | * |
| 35 | 36 | * @return string|false The hashed password, or false on error. |
| 36 | 37 | */ |
| 37 | - function password_hash($password, $algo, array $options = array()) { |
|
| 38 | - if (!function_exists('crypt')) { |
|
| 38 | + function password_hash($password, $algo, array $options = array()) |
|
| 39 | + { |
|
| 40 | + if (!function_exists('crypt')) |
|
| 41 | + { |
|
| 39 | 42 | trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); |
| 40 | 43 | return null; |
| 41 | 44 | } |
| 42 | - if (!is_string($password)) { |
|
| 45 | + if (!is_string($password)) |
|
| 46 | + { |
|
| 43 | 47 | trigger_error("password_hash(): Password must be a string", E_USER_WARNING); |
| 44 | 48 | return null; |
| 45 | 49 | } |
| 46 | - if (!is_int($algo)) { |
|
| 50 | + if (!is_int($algo)) |
|
| 51 | + { |
|
| 47 | 52 | trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); |
| 48 | 53 | return null; |
| 49 | 54 | } |
| 50 | - if (PasswordCompat\binary\_strlen($password) > 72) { |
|
| 55 | + if (PasswordCompat\binary\_strlen($password) > 72) |
|
| 56 | + { |
|
| 51 | 57 | $password = PasswordCompat\binary\_substr($password, 0, 72); |
| 52 | 58 | } |
| 53 | - switch ($algo) { |
|
| 59 | + switch ($algo) |
|
| 60 | + { |
|
| 54 | 61 | case PASSWORD_BCRYPT: |
| 55 | 62 | // Note that this is a C constant, but not exposed to PHP, so we don't define it here. |
| 56 | 63 | $cost = 10; |
| 57 | - if (isset($options['cost'])) { |
|
| 64 | + if (isset($options['cost'])) |
|
| 65 | + { |
|
| 58 | 66 | $cost = $options['cost']; |
| 59 | - if ($cost < 4 || $cost > 31) { |
|
| 67 | + if ($cost < 4 || $cost > 31) |
|
| 68 | + { |
|
| 60 | 69 | trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); |
| 61 | 70 | return null; |
| 62 | 71 | } |
@@ -74,8 +83,10 @@ discard block |
||
| 74 | 83 | return null; |
| 75 | 84 | } |
| 76 | 85 | $salt_requires_encoding = false; |
| 77 | - if (isset($options['salt'])) { |
|
| 78 | - switch (gettype($options['salt'])) { |
|
| 86 | + if (isset($options['salt'])) |
|
| 87 | + { |
|
| 88 | + switch (gettype($options['salt'])) |
|
| 89 | + { |
|
| 79 | 90 | case 'NULL': |
| 80 | 91 | case 'boolean': |
| 81 | 92 | case 'integer': |
@@ -84,7 +95,8 @@ discard block |
||
| 84 | 95 | $salt = (string) $options['salt']; |
| 85 | 96 | break; |
| 86 | 97 | case 'object': |
| 87 | - if (method_exists($options['salt'], '__tostring')) { |
|
| 98 | + if (method_exists($options['salt'], '__tostring')) |
|
| 99 | + { |
|
| 88 | 100 | $salt = (string) $options['salt']; |
| 89 | 101 | break; |
| 90 | 102 | } |
@@ -94,51 +106,70 @@ discard block |
||
| 94 | 106 | trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); |
| 95 | 107 | return null; |
| 96 | 108 | } |
| 97 | - if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { |
|
| 109 | + if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) |
|
| 110 | + { |
|
| 98 | 111 | trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); |
| 99 | 112 | return null; |
| 100 | - } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { |
|
| 113 | + } |
|
| 114 | + elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) |
|
| 115 | + { |
|
| 101 | 116 | $salt_requires_encoding = true; |
| 102 | 117 | } |
| 103 | - } else { |
|
| 118 | + } |
|
| 119 | + else |
|
| 120 | + { |
|
| 104 | 121 | $buffer = ''; |
| 105 | 122 | $buffer_valid = false; |
| 106 | - if (function_exists('random_bytes')) { |
|
| 123 | + if (function_exists('random_bytes')) |
|
| 124 | + { |
|
| 107 | 125 | $buffer = random_bytes($raw_salt_len); |
| 108 | - if ($buffer) { |
|
| 126 | + if ($buffer) |
|
| 127 | + { |
|
| 109 | 128 | $buffer_valid = true; |
| 110 | 129 | } |
| 111 | 130 | } |
| 112 | - if (!$buffer_valid && function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { |
|
| 131 | + if (!$buffer_valid && function_exists('mcrypt_create_iv') && !defined('PHALANGER')) |
|
| 132 | + { |
|
| 113 | 133 | $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); |
| 114 | - if ($buffer) { |
|
| 134 | + if ($buffer) |
|
| 135 | + { |
|
| 115 | 136 | $buffer_valid = true; |
| 116 | 137 | } |
| 117 | 138 | } |
| 118 | - if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { |
|
| 139 | + if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) |
|
| 140 | + { |
|
| 119 | 141 | $buffer = openssl_random_pseudo_bytes($raw_salt_len); |
| 120 | - if ($buffer) { |
|
| 142 | + if ($buffer) |
|
| 143 | + { |
|
| 121 | 144 | $buffer_valid = true; |
| 122 | 145 | } |
| 123 | 146 | } |
| 124 | - if (!$buffer_valid && @is_readable('/dev/urandom')) { |
|
| 147 | + if (!$buffer_valid && @is_readable('/dev/urandom')) |
|
| 148 | + { |
|
| 125 | 149 | $f = fopen('/dev/urandom', 'r'); |
| 126 | 150 | $read = PasswordCompat\binary\_strlen($buffer); |
| 127 | - while ($read < $raw_salt_len) { |
|
| 151 | + while ($read < $raw_salt_len) |
|
| 152 | + { |
|
| 128 | 153 | $buffer .= fread($f, $raw_salt_len - $read); |
| 129 | 154 | $read = PasswordCompat\binary\_strlen($buffer); |
| 130 | 155 | } |
| 131 | 156 | fclose($f); |
| 132 | - if ($read >= $raw_salt_len) { |
|
| 157 | + if ($read >= $raw_salt_len) |
|
| 158 | + { |
|
| 133 | 159 | $buffer_valid = true; |
| 134 | 160 | } |
| 135 | 161 | } |
| 136 | - if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { |
|
| 162 | + if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) |
|
| 163 | + { |
|
| 137 | 164 | $bl = PasswordCompat\binary\_strlen($buffer); |
| 138 | - for ($i = 0; $i < $raw_salt_len; $i++) { |
|
| 139 | - if ($i < $bl) { |
|
| 165 | + for ($i = 0; $i < $raw_salt_len; $i++) |
|
| 166 | + { |
|
| 167 | + if ($i < $bl) |
|
| 168 | + { |
|
| 140 | 169 | $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); |
| 141 | - } else { |
|
| 170 | + } |
|
| 171 | + else |
|
| 172 | + { |
|
| 142 | 173 | $buffer .= chr(mt_rand(0, 255)); |
| 143 | 174 | } |
| 144 | 175 | } |
@@ -146,7 +177,8 @@ discard block |
||
| 146 | 177 | $salt = $buffer; |
| 147 | 178 | $salt_requires_encoding = true; |
| 148 | 179 | } |
| 149 | - if ($salt_requires_encoding) { |
|
| 180 | + if ($salt_requires_encoding) |
|
| 181 | + { |
|
| 150 | 182 | // encode string with the Base64 variant used by crypt |
| 151 | 183 | $base64_digits = |
| 152 | 184 | 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; |
@@ -162,7 +194,8 @@ discard block |
||
| 162 | 194 | |
| 163 | 195 | $ret = crypt($password, $hash); |
| 164 | 196 | |
| 165 | - if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) { |
|
| 197 | + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) |
|
| 198 | + { |
|
| 166 | 199 | return false; |
| 167 | 200 | } |
| 168 | 201 | |
@@ -185,13 +218,15 @@ discard block |
||
| 185 | 218 | * |
| 186 | 219 | * @return array The array of information about the hash. |
| 187 | 220 | */ |
| 188 | - function password_get_info($hash) { |
|
| 221 | + function password_get_info($hash) |
|
| 222 | + { |
|
| 189 | 223 | $return = array( |
| 190 | 224 | 'algo' => 0, |
| 191 | 225 | 'algoName' => 'unknown', |
| 192 | 226 | 'options' => array(), |
| 193 | 227 | ); |
| 194 | - if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { |
|
| 228 | + if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) |
|
| 229 | + { |
|
| 195 | 230 | $return['algo'] = PASSWORD_BCRYPT; |
| 196 | 231 | $return['algoName'] = 'bcrypt'; |
| 197 | 232 | list($cost) = sscanf($hash, "$2y$%d$"); |
@@ -211,15 +246,19 @@ discard block |
||
| 211 | 246 | * |
| 212 | 247 | * @return boolean True if the password needs to be rehashed. |
| 213 | 248 | */ |
| 214 | - function password_needs_rehash($hash, $algo, array $options = array()) { |
|
| 249 | + function password_needs_rehash($hash, $algo, array $options = array()) |
|
| 250 | + { |
|
| 215 | 251 | $info = password_get_info($hash); |
| 216 | - if ($info['algo'] != $algo) { |
|
| 252 | + if ($info['algo'] != $algo) |
|
| 253 | + { |
|
| 217 | 254 | return true; |
| 218 | 255 | } |
| 219 | - switch ($algo) { |
|
| 256 | + switch ($algo) |
|
| 257 | + { |
|
| 220 | 258 | case PASSWORD_BCRYPT: |
| 221 | 259 | $cost = isset($options['cost']) ? $options['cost'] : 10; |
| 222 | - if ($cost != $info['options']['cost']) { |
|
| 260 | + if ($cost != $info['options']['cost']) |
|
| 261 | + { |
|
| 223 | 262 | return true; |
| 224 | 263 | } |
| 225 | 264 | break; |
@@ -235,21 +274,26 @@ discard block |
||
| 235 | 274 | * |
| 236 | 275 | * @return boolean If the password matches the hash |
| 237 | 276 | */ |
| 238 | - function password_verify($password, $hash) { |
|
| 239 | - if (!function_exists('crypt')) { |
|
| 277 | + function password_verify($password, $hash) |
|
| 278 | + { |
|
| 279 | + if (!function_exists('crypt')) |
|
| 280 | + { |
|
| 240 | 281 | trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); |
| 241 | 282 | return false; |
| 242 | 283 | } |
| 243 | - if (PasswordCompat\binary\_strlen($password) > 72) { |
|
| 284 | + if (PasswordCompat\binary\_strlen($password) > 72) |
|
| 285 | + { |
|
| 244 | 286 | $password = PasswordCompat\binary\_substr($password, 0, 72); |
| 245 | 287 | } |
| 246 | 288 | $ret = crypt($password, $hash); |
| 247 | - if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) { |
|
| 289 | + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) |
|
| 290 | + { |
|
| 248 | 291 | return false; |
| 249 | 292 | } |
| 250 | 293 | |
| 251 | 294 | $status = 0; |
| 252 | - for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { |
|
| 295 | + for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) |
|
| 296 | + { |
|
| 253 | 297 | $status |= (ord($ret[$i]) ^ ord($hash[$i])); |
| 254 | 298 | } |
| 255 | 299 | |
@@ -271,8 +315,10 @@ discard block |
||
| 271 | 315 | * @internal |
| 272 | 316 | * @return int The number of bytes |
| 273 | 317 | */ |
| 274 | - function _strlen($binary_string) { |
|
| 275 | - if (function_exists('mb_strlen')) { |
|
| 318 | + function _strlen($binary_string) |
|
| 319 | + { |
|
| 320 | + if (function_exists('mb_strlen')) |
|
| 321 | + { |
|
| 276 | 322 | return mb_strlen($binary_string, '8bit'); |
| 277 | 323 | } |
| 278 | 324 | return strlen($binary_string); |
@@ -290,8 +336,10 @@ discard block |
||
| 290 | 336 | * @internal |
| 291 | 337 | * @return string The substring |
| 292 | 338 | */ |
| 293 | - function _substr($binary_string, $start, $length) { |
|
| 294 | - if (function_exists('mb_substr')) { |
|
| 339 | + function _substr($binary_string, $start, $length) |
|
| 340 | + { |
|
| 341 | + if (function_exists('mb_substr')) |
|
| 342 | + { |
|
| 295 | 343 | return mb_substr($binary_string, $start, $length, '8bit'); |
| 296 | 344 | } |
| 297 | 345 | return substr($binary_string, $start, $length); |
@@ -1364,7 +1364,6 @@ |
||
| 1364 | 1364 | // return all the info. |
| 1365 | 1365 | return $context['to_install']; |
| 1366 | 1366 | } |
| 1367 | - |
|
| 1368 | 1367 | else |
| 1369 | 1368 | fatal_lang_error('theme_install_error_title', false); |
| 1370 | 1369 | } |
@@ -419,7 +419,7 @@ |
||
| 419 | 419 | $board['last_post']['last_post_message'] = sprintf($txt['last_post_message'], $board['last_post']['member']['link'], $board['last_post']['link'], $board['last_post']['time'] > 0 ? timeformat($board['last_post']['time']) : $txt['not_applicable']); |
| 420 | 420 | } |
| 421 | 421 | } |
| 422 | - else |
|
| 422 | + else |
|
| 423 | 423 | foreach ($this_category as &$board ) |
| 424 | 424 | { |
| 425 | 425 | if (!empty($moderators[$board['id']])) |
@@ -23,7 +23,7 @@ |
||
| 23 | 23 | * @return bool Always returns true |
| 24 | 24 | */ |
| 25 | 25 | public function execute() |
| 26 | - { |
|
| 26 | + { |
|
| 27 | 27 | global $txt, $smcFunc, $txtBirthdayEmails, $modSettings, $sourcedir; |
| 28 | 28 | |
| 29 | 29 | $greeting = isset($modSettings['birthday_email']) ? $modSettings['birthday_email'] : 'happy_birthday'; |
@@ -24,7 +24,7 @@ |
||
| 24 | 24 | * @return bool Always returns true. |
| 25 | 25 | */ |
| 26 | 26 | public function execute() |
| 27 | - { |
|
| 27 | + { |
|
| 28 | 28 | global $sourcedir, $smcFunc, $language, $modSettings, $scripturl; |
| 29 | 29 | |
| 30 | 30 | // Do we have any group moderators? |
@@ -23,7 +23,7 @@ |
||
| 23 | 23 | * @return bool Always returns true |
| 24 | 24 | */ |
| 25 | 25 | public function execute() |
| 26 | - { |
|
| 26 | + { |
|
| 27 | 27 | global $sourcedir; |
| 28 | 28 | |
| 29 | 29 | require_once($sourcedir . '/Subs.php'); |
@@ -24,7 +24,7 @@ |
||
| 24 | 24 | * @return bool Always returns true |
| 25 | 25 | */ |
| 26 | 26 | public function execute() |
| 27 | - { |
|
| 27 | + { |
|
| 28 | 28 | global $sourcedir, $smcFunc, $user_profile; |
| 29 | 29 | |
| 30 | 30 | // Get everyone who could be notified - those are the people who can see the calendar. |
@@ -23,7 +23,7 @@ |
||
| 23 | 23 | * @return bool Always returns true |
| 24 | 24 | */ |
| 25 | 25 | public function execute() |
| 26 | - { |
|
| 26 | + { |
|
| 27 | 27 | global $smcFunc, $sourcedir; |
| 28 | 28 | |
| 29 | 29 | // Figure out if the user wants to be notified. |
