phpBB

Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.

ok… i hope i haven’t messed too much with the code and everything is still working.
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid(‘memberlist’)) – in this case the root path and extension get added automatically. The hook is called after these are added.

Go away evil carriage returns\!

oh boy…
- Migrate code base to PHP 5.1+

space, where art thou?

do not consider permissions the admin is not able to change, track or see.

new wrapper for LIKE expressions to streamline the fixes. We actually need to adjust them for different DBMS as well as SQLite2 not supporting escaping characters in LIKE statements (which is a reason why we think about dropping sqlite support completely).

erm… um… NOBODY SAW THIS :P

some tiny changes

changed the cache files to save some memory (all global ones are hold in memory, doubling it).

- improvements to search indexing performance, espacially tidy() by adding a word_count column, the database update from b5 to next version will take quite a while on bigger databases, I also lowered the default common word threshold from 20 to 5 percent, big boards might want to use 3 or 2 percent, 20 was way too high
- added some keys to ACL tables, great improvement of auth query performance
- we will only add new language strings to install.php language file and won’t modify any, if a language file is updated before phpBB is updated, the updater will not overwrite the user’s language with english if install.php was modified

show dropdown box for choosing the forum in user management screen -> permissions

- the same procedure as every… oh. this is taken.
- also including the first bugfix within beta4, just noticed at area51 that quicktools are not working in global announcements. :D

- now username changes should work as desired
- removed some extract() calls

- introducing clean usernames, needs to be tested more, I’m not sure I didn’t miss anything
- homograph list should probably be extended

- extend config checking to include check for writeable path
- removed not utilized user_allow_email column from schema
- removed inactive groups (they had no use at all, since inactive users are not able to login)
The only benefit those brought are distinguish users – but this is no longer needed too due to the inactive code present. This also allows us to retain group memberships as well as default settings for users being set inactive due to profile changes.
- rewrote user_active_flip to support multiple users and a mode, as well as coping with the aforementioned changes
- implemented updated jabber class to support SRV server records and for better jabberd2 support.
- jabber errors now logged to the error log with a full transaction
- fixed user_delete calls to include usernames where possible and also update last post information correctly
- implemented additioal checks to user management to cope with common mistakes
- On installation, guess the required mysql schema as best as possible. Users now only need to decide if they want to use the mysqli extension or not (mysqli selected by default) and no longer need to know their mysql version.
- founders do not need to re-activate their account on profile changes
- remove older session if re-authentication was successful (re-authentication always assigns a new session id)
- set the cookie directly instead of using php’s function
- added inactive_remind to see which users got deactivated because of reminders (or re-activation) sent out

hopefully not introduced too many bugs – those testing with CVS releases, please concentrate on user registration, activation, profile changes (email/password)...

sql_in_set changes

- display age in user profile and make it available on viewtopic
- various tiny bugfixes including [Bug #2351] [Bug #2549] [Bug #2681] [Bug #3015]
- strip first, then change newlines [Bug #2403]
- added support for creating user profiles to the login function (makes use of user_add), triggered by LOGIN_SUCCESS_CREATE_PROFILE constant
- moved newest user updating from ucp_register to user_add function
- renamed the admin_ auth module function to acp_
- added initialisation code to auth_apache which checks whether it will work
- added user_add support to both auth_ldap and auth_apache
- some auth_ldap tweaks, should work with users deeper in the organisation structure too now
- adjusted global topics in mcp_report to work like mcp_queue

fix bugs #2271 and #2273

make sure custom profile fields are created correctly on registration (#2225)

hopefully fixing bug #2022 with this

- david: copy&paste error? ;)

- removed group settings from roles
- added forum icon in front of forums in permissions acp
- added trace permissions in permission masks (thanks naderman for writing the first code and for the idea… :))
- some bugfixes
- PHP6 fix

ok, this will fix various permission discrepances. :) What happened is that the static permission cache and the static acl forum ids were used… globally (of course). But this led to users inheriting permissions from previously called user permission setups resulting in users seeing private forums in profiles as well as other areas i could imagine being “wrong”. Thanks to Yawner for letting me login with his username. :D

implementing permission roles

- copy permissions (adding groups)
- copy permissions (adding forums)
- checking proper groupadd/del settings
- added intro page to permissions (to give an overview and quick links)
- able to select forums + subforums, single forum, all groups, all users (permission screens)
- able to reset permissions (only reset input field)
- fix forum deletion bug

- new acl method -> acl_getf_global()
usage example: acl_getf_global(‘m_approve’); returns true if user has m_approve permission in one or more forums, else false

- moved add_log out of functions_admin (this file should only be included in admin/admin-related pages)
- fixed cookie based topic tracking
- added missing config variables
- other minor things

move around – better not call create_function in a loop

- sperate permissions from sessions
- added some comments to the auth class for better understanding
- revised some permission functions
- added option to negate permission check by prefixing option with a ! (for example checking for !f_read returns true if user is not able to read forum)
- used the new option for testing in ucp front