phpBB

Code Changes

File: includes/functions_compatibility.php

  Unmodified   Added   Modified   Removed
Line 672Line 672
function phpbb_email_hash($email)
{
return sprintf('%u', crc32(strtolower($email))) . strlen($email);

function phpbb_email_hash($email)
{
return sprintf('%u', crc32(strtolower($email))) . strlen($email);

 
}

/**
* Load the autoloaders added by the extensions.
*
* @param string $phpbb_root_path Path to the phpbb root directory.
*/
function phpbb_load_extensions_autoloaders($phpbb_root_path)
{
$iterator = new \RecursiveIteratorIterator(
new \phpbb\recursive_dot_prefix_filter_iterator(
new \RecursiveDirectoryIterator(
$phpbb_root_path . 'ext/',
\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
)
),
\RecursiveIteratorIterator::SELF_FIRST
);
$iterator->setMaxDepth(2);

foreach ($iterator as $file_info)
{
if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
{
$filename = $file_info->getRealPath() . '/autoload.php';
if (file_exists($filename))
{
require $filename;
}
}
}
}

/**
* Login using http authenticate.
*
* @param array $param Parameter array, see $param_defaults array.
*
* @return null
*
* @deprecated 3.2.10 (To be removed 4.0.0)
*/
function phpbb_http_login($param)
{
global $auth, $user, $request;
global $config;

$param_defaults = array(
'auth_message' => '',

'autologin' => false,
'viewonline' => true,
'admin' => false,
);

// Overwrite default values with passed values
$param = array_merge($param_defaults, $param);

// User is already logged in
// We will not overwrite his session
if (!empty($user->data['is_registered']))
{
return;
}

// $_SERVER keys to check
$username_keys = array(
'PHP_AUTH_USER',
'Authorization',
'REMOTE_USER', 'REDIRECT_REMOTE_USER',
'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
'AUTH_USER',
);

$password_keys = array(
'PHP_AUTH_PW',
'REMOTE_PASSWORD',
'AUTH_PASSWORD',
);

$username = null;
foreach ($username_keys as $k)
{
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
{
$username = htmlspecialchars_decode($request->server($k));
break;
}
}

$password = null;
foreach ($password_keys as $k)
{
if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
{
$password = htmlspecialchars_decode($request->server($k));
break;
}
}

// Decode encoded information (IIS, CGI, FastCGI etc.)
if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
{
list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
}

if (!is_null($username) && !is_null($password))
{
set_var($username, $username, 'string', true);
set_var($password, $password, 'string', true);

$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);

if ($auth_result['status'] == LOGIN_SUCCESS)
{
return;
}
else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
{
send_status_line(401, 'Unauthorized');

trigger_error('NOT_AUTHORISED');
}
}

// Prepend sitename to auth_message
$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];

// We should probably filter out non-ASCII characters - RFC2616
$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);

header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
send_status_line(401, 'Unauthorized');

trigger_error('NOT_AUTHORISED');
}

/**
* Converts query string (GET) parameters in request into hidden fields.
*
* Useful for forwarding GET parameters when submitting forms with GET method.
*
* It is possible to omit some of the GET parameters, which is useful if
* they are specified in the form being submitted.
*
* sid is always omitted.
*
* @param \phpbb\request\request $request Request object
* @param array $exclude A list of variable names that should not be forwarded
* @return string HTML with hidden fields
*
* @deprecated 3.2.10 (To be removed 4.0.0)
*/
function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
{
$names = $request->variable_names(\phpbb\request\request_interface::GET);
$hidden = '';
foreach ($names as $name)
{
// Sessions are dealt with elsewhere, omit sid always
if ($name == 'sid')
{
continue;
}

// Omit any additional parameters requested
if (!empty($exclude) && in_array($name, $exclude))
{
continue;
}

$escaped_name = phpbb_quoteattr($name);

// Note: we might retrieve the variable from POST or cookies
// here. To avoid exposing cookies, skip variables that are
// overwritten somewhere other than GET entirely.
$value = $request->variable($name, '', true);
$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
if ($value === $get_value)
{
$escaped_value = phpbb_quoteattr($value);
$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
}
}
return $hidden;
}

/**
* Delete all PM(s) for a given user and delete the ones without references
*
* @param int $user_id ID of the user whose private messages we want to delete
*
* @return boolean False if there were no pms found, true otherwise.
*
* @deprecated 3.2.10 (To be removed 4.0.0)
*/
function phpbb_delete_user_pms($user_id)
{
$user_id = (int) $user_id;

if (!$user_id)
{
return false;
}

return phpbb_delete_users_pms(array($user_id));

}


}