Phpbb Security 1.0.2'den 1.0.3'e Güncelleştirme

phpBB güvenliği.

Phpbb Security 1.0.2'den 1.0.3'e Güncelleştirme

İleti webci 25.08.2006, 10:31

Burada en aşağıdaki kısmı güzel bir şekilde Türkçe açıklayabilir misiniz?

Kod: Tümünü seç
-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

common.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.2 =========================================================== |
#====               
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
   if ($ps_check)
      phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====               
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
   if ($ps_check)
      phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
phpBBSecurity_Guests();
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

modcp.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
   message_die(GENERAL_ERROR, 'Invalid_session');
}

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
   if ( ($mode == 'delete') && ($confirm) )
      {
   $pass_one = isset($HTTP_POST_VARS['phpBBSecurity_verify']) ? $HTTP_POST_VARS['phpBBSecurity_verify'] : '';
   $pass_two = $userdata['user_password'];
      if (md5($pass_one) != $pass_two)
         message_die(GENERAL_ERROR, $lang['PS_modcp_verify_fail']);
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |      

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

            'MESSAGE_TEXT' => $lang['Confirm_delete_topic'],

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====               
            'L_VERIFY'   => '<br><br><span class="genmed">'. $lang['PS_modcp_verify'] .' <input type="password" class="post" name="phpBBSecurity_verify" value=""></span>',
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_ug_auth.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====               
$owner = '2';

   if (isset($HTTP_POST_VARS['submit']))
      {   
      if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
         message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_users.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('&lt;', '&gt;');

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====               
$owner = '2';

   if (isset($HTTP_POST_VARS['submit']))
      {
   $user_id = intval($HTTP_POST_VARS['id']);
   
      if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
         message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/index.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

   $template->set_filenames(array(
      "body" => "admin/index_body.tpl")
   );

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====      
   $secfile = @file('http://phpbb-tweaks.com/secver.txt');
   $msg = '';
   $msg .= '<table align="top" class="forumline" width="100%">';
   $msg .= '   <tr>';
   $msg .= '      <th align="center" valign="middle" class="thTop" width="100%">';
   $msg .= '         phpBB Security Status';
   $msg .= '      </th>';
   $msg .= '   </tr>';
   $msg .= '   <tr>';
   $msg .= '      <td align="left" width="100%" class="row2">';
   $msg .= '         <span class="genmed">';
   if (!$secfile)
      $msg .= 'Sorry, I was unable to get version data at this time. Please try later.';
   
   if ($secfile)
      {
   $newest_ver = $secfile[0];
   $this_ver    = $board_config['phpBBSecurity_version'];
   
      if ($newest_ver == $this_ver)
         $msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is
         <b>'. $this_ver .'</b>. So I would have to say you are up to date!';
      else
         $msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is
         <b>'. $this_ver .'</b>. So I would have to say you need to upgrade ASAP!';
      }
      
   $msg .= '         </span>';
   $msg .= '      </td>';
   $msg .= '   </tr>';
   $msg .= '   <tr>';
   $msg .= '      <th align="center" valign="middle" class="thTop" width="100%">&nbsp;</th>';
   $msg .= '   </tr>';
   $msg .= '</table>';
   echo $msg;
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/page_header.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.2 =========================================================== |
#====

   phpBBSecurity_Cookies();
   phpBBSecurity_FinalSet();
   phpBBSecurity_DBBackup();
                  
   # Only allow them to login & view profile to update it
   if ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
      $is_valid = TRUE;
   elseif ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
      $is_valid = TRUE;
   else
      $is_valid = '';
      
   if ( (!$is_valid) && (!$gen_simple_header) )
      {
      # Make sure they are not a guest
      if ($userdata['user_id'] != ANONYMOUS)
         {
         # Do the check
         if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
            phpBBSecurity_Force();
         }
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
   phpBBSecurity_FinalSet();
   phpBBSecurity_DBBackup();
      
   # Only allow them to login & view profile to update it
   if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
      $is_valid = TRUE;
   elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
      $is_valid = TRUE;
   else
      $is_valid = '';
      
   if ( (!$is_valid) && (!$gen_simple_header) )
      {
      # Make sure they are not a guest
      if ($userdata['user_id'] != ANONYMOUS)
         {
         # Do the check
         if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
            phpBBSecurity_Force();
            
         if ($userdata['phpBBSecurity_force_pw_update'] != 1)
            message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&amp;infrom=phpBBSecurity&amp;sid='. $userdata['session_id'] .'">', '</a>'));
         }
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/usercp_register.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$in_from = (isset($HTTP_GET_VARS['infrom'])) ? $HTTP_GET_VARS['infrom'] : $HTTP_POST_VARS['infrom'];
   
   if ( (isset($HTTP_POST_VARS['submit'])) && ($HTTP_POST_VARS['mode'] == 'editprofile') && ($HTTP_POST_VARS['infrom'] == 'phpBBSecurity') )
      {
      if ( (empty($HTTP_POST_VARS['cur_password'])) || (empty($HTTP_POST_VARS['new_password'])) || (empty($HTTP_POST_VARS['password_confirm'])) )
         message_die(GENERAL_ERROR, $lang['PS_pass_force_error']);
      elseif ( ($userdata['user_password'] == md5($HTTP_POST_VARS['cur_password'])) && (isset($HTTP_POST_VARS['new_password'])) )
         {
      $q = "UPDATE ". USERS_TABLE ."
           SET phpBBSecurity_force_pw_update = '1'
           WHERE user_id = '". $userdata['user_id'] ."'";
      $db->sql_query($q);
         }
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )
{
   include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
   if ($mode == 'editprofile' || $mode == 'register')
      {
      if ( ($username == $password_confirm) && (isset($board_config['phpBBSecurity_use_password_match'])) )
         {
      $error = TRUE;
      $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_match_error'];
         }
         
      if ( (strlen($password_confirm) < $baord_config['phpBBSecurity_password_min_length']) && (isset($board_config['phpBBSecurity_use_password_length'])) )
         {
      $error = TRUE;
      $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_length_error'];         
         }      
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

   if ( !$error )
   {

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
   if ($userdata['user_password'] != $pass_check)
      {
   $sessiondata             = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : array();
   $sessiondata['autologinid'] = ($sessiondata['autologinid'] == $userdata['user_password']) ? $pass_check : '';
   $sessiondata['userid']       = $userdata['user_id'];
   $sessionmethod             = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? SESSION_METHOD_COOKIE : SESSION_METHOD_GET;
                  
   setcookie($board_config['cookie_name'] .'_data', serialize($sessiondata), (time() + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
   setcookie($board_config['cookie_name'] .'_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);      
      }
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
      $s_hidden_fields .= ($in_from == 'phpBBSecurity') ? '<input type="hidden" name="infrom" value="phpBBSecurity">' : '';
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |   
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/confirm_body.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

</form>

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

{L_VERIFY}

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/overall_footer.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#
# If you dont want to show the people who get caught:

Protected by phpBB Security © <a href="http://phpbb-amod.com" class="copyright" target="_blank">phpBB-Amod</a><br />{BLOCKED}<br />

#
# If you want to show the poeple who get caught:

<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security © <a href="http://phpbb-amod.com" class="copyright" target="_blank">phpBB-Amod</a><br>{BLOCKED}<br>

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#
# If you dont want to show the people who get caught:

Protected by phpBB Security © <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br />{BLOCKED}<br />

#
# If you want to show the poeple who get caught:

<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security © <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br>{BLOCKED}<br>


-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

#==== End of file changes

BEFORE YOU OVERWRITE phpbb_security.php, make sure you change

   function phpBBSecurity_AdminConfigName()
      {
      return 'phpBBSecurity_max_admins';
      }
      
   function phpBBSecurity_ModConfigName()
      {
      return 'phpBBSecurity_max_mods';
      }
      
   function phpBBSecurity_UseSpecial()
      {
      return 'phpBBSecurity_use_max';
      }

to the correct names. These 3 need to be changed to what you currently have in your phpbb_security
file. If you dont change these in the new phpbb_security file before you overwrite it, you could
have problems saving some of the fields in the ACP.

#==== UPLOAD & OVERWRITE IF NEEDED

login_security.php         =>   Root/
admin/admin_security.php      =>   Root/admin/
includes/phpbb_security.php      =>   Root/includes/
language/lang_*/lang_phpbb_security.php   =>   Root/language/lang_*/
templates/subSilver/*         =>   Root/templates/*/
templates/subSilver/admin/*      =>   Root/templates/*/admin/

#==== UPGRADE FILES

Upload ps_upgrade.php to your root folder & execute it via browser.
   IE: http://your-site.com/ps_upgrade.php

Delete ps_upgrade.php from your root folder!


#====
EoM
webci
Üye
Üye
 
İleti: 274
Kayıt: 10.11.2005, 15:33

İleti

ALEXIS
25.08.2006, 11:37

Açıklanacak bir şey yok bunda, bul değiştir, onların da anlamları yazıyor makale bölümünde!

MOD Türkçeleştirme ile İlgili Bilgiler
http://www.canver.net/mod-turkcelestirm ... kba39.html

Modlari Anlamak - Yüklemesini Kolaylasitir
http://www.canver.net/makale-modlari-an ... kba65.html
Kullanıcı avatarı
ALEXIS
Site Yöneticisi
Site Yöneticisi
 
İleti: 2563
Kayıt: 30.06.2005, 09:08

Cvp: Phpbb Security 1.0.2'den 1.0.3'e Güncelleştirme

İleti webci 25.08.2006, 18:38

==== UPLOAD & OVERWRITE IF NEEDED

login_security.php => Root/
admin/admin_security.php => Root/admin/
includes/phpbb_security.php => Root/includes/
language/lang_*/lang_phpbb_security.php => Root/language/lang_*/
templates/subSilver/* => Root/templates/*/
templates/subSilver/admin/* => Root/templates/*/admin/

ben bu kısımları da yaptım.Acaba değiştirmem gerçekten de gerekli miydi?
webci
Üye
Üye
 
İleti: 274
Kayıt: 10.11.2005, 15:33


Güvenlik



Kimler çevrimiçi

Bu forumu görüntüleyenler: Kayıtlı kullanıcı yok ve 0 misafir

cron