# HG changeset patch # User Dan # Date 1184266835 14400 # Node ID c0c445d4a13ee1b68f63400d8a59853f557c8cb0 # Parent a8a21e1c7afa71495f9c202365a4568b92794b65 Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace) diff -r a8a21e1c7afa -r c0c445d4a13e plugins/PunBB.php --- a/plugins/PunBB.php Thu Jul 12 01:04:01 2007 -0400 +++ b/plugins/PunBB.php Thu Jul 12 15:00:35 2007 -0400 @@ -50,6 +50,7 @@ function page_Special_Forum() { + global $db, $session, $paths, $template, $plugins; // Common objects if ( getConfig('punbb_installed') != 'yes' ) { punano_installer(); @@ -58,6 +59,10 @@ { punano_upgrade(); } + else if ( preg_match('/^admin_/i', $paths->getParam(0)) ) + { + punano_admin_console(); + } else { punano_main(); @@ -226,4 +231,42 @@ } +function punano_admin_console() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + $valid = array('categories', 'censoring', 'forums', 'groups', 'index', 'loader', 'maintenance', 'options', 'permissions', 'prune', 'ranks', 'reports', 'users'); + $mod = array('bans', 'censoring', 'index', 'loader', 'reports', 'users'); + + $file = 'index'; + + if ( $x = $paths->getParam(0) ) + { + $x = preg_replace('/\.php$/', '', $x); + $x = preg_replace('/^admin_/i', '', $x); + if ( in_array(strtolower($x), $valid) ) + { + $file = strtolower($x); + } + } + + if ( in_array($file, $mod) ) + { + $need_level = USER_LEVEL_MOD; + } + else + { + $need_level = USER_LEVEL_ADMIN; + } + + if ( $session->auth_level < $need_level ) + { + redirect( makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $need_level, false), 'Permission denied', 'You need to have permission level ' . $session->userlevel_to_string($need_level) . ' to use the PunBB administration console.', 2); + } + + // Don't worry. This is sanitized. + require PUN_ROOT . 'admin_' . $file . '.php'; + +} + ?> diff -r a8a21e1c7afa -r c0c445d4a13e punbb/admin_bans.php --- a/punbb/admin_bans.php Thu Jul 12 01:04:01 2007 -0400 +++ b/punbb/admin_bans.php Thu Jul 12 15:00:35 2007 -0400 @@ -288,7 +288,7 @@