Admin login fixes

diff --git a/inc/functions.php b/inc/functions.php
index 3cdabf7e3e09ff0c32816a90d0a133e6ad209b27..df26e508c0730adf8d2c8e126598453a39ce78e5 100644 (file)
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1800,8 +1800,8 @@ function generateHash($plainText, $salt = "") {
 
        // Is the required extension "sql_patches" there?
        if ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
-               // Extension sql_patches is missing/outdated so we return the plain text
-               return $plainText;
+               // Extension sql_patches is missing/outdated so we return only the regular SHA1 hash
+               return sha1($plainText);
        }
 
        // When the salt is empty build a new one, else use the first x configured characters as the salt
@@ -2051,6 +2051,7 @@ function DISPLAY_PARSING_TIME_FOOTER() {
 // Unset/set session variables
 function set_session ($var, $value) {
        global $CSS;
+
        // Abort in CSS mode here
        if ($CSS == 1) return true;
 
@@ -2079,7 +2080,9 @@ function set_session ($var, $value) {
 // Taken from user comments in PHP documentation for function constant()
 function isBooleanConstantAndTrue($constname) { // : Boolean
        $res = false;
-       if (defined($constname)) $res = (constant($constname) === true);
+       if (defined($constname)) {
+               $res = (constant($constname) === true);
+       }
        return($res);
 }
 

diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index c364ae283a72072f29916304994b0c6fae4a2d21..35985114737c4740c63e0e09eda0c4b77b9c7d01 100644 (file)
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -67,7 +67,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                switch ($ret)
                {
                case "done":
-                       admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
+                       admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0);
                        if (!_FATAL) {
                                // Registering is done
                                LOAD_URL(URL."/modules.php?module=admin&action=login&register=done");
@@ -91,7 +91,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        }
                        if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Write to config that registration is done
-                               admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
+                               admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0);
 
                                // Load URL for login
                                $URL = URL."/modules.php?module=admin&action=login";
@@ -161,6 +161,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        // Try to register the session variables
                        if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) {
                                // Construct URL and redirect
+                               die("OK");
                                $URL = URL."/modules.php?module=admin&";
 
                                // Rewrite overview module
@@ -276,7 +277,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        }
 } else {
        // Maybe an Admin want's to login?
-       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));
+       $ret = CHECK_ADMIN_COOKIES('admin_login', 'admin_md5');
        switch ($ret) {
        case "done":
                // Cookie-Data accepted

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 6aba44b39868759a95758024e8c5e40a381b0600..ae5db92b5b7706f61a24a76be471bd80073c6475 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -129,6 +129,11 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 // Only be executed on cookie checking
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        global $cacheArray, $_CONFIG;
+
+       // Get login and password hash
+       $admin_login = SQL_ESCAPE(get_session($admin_login));
+       $password = SQL_ESCAPE(get_session($password));
+
        $ret = "404"; $pass = "";
        if (!empty($cacheArray['admins']['aid'][$admin_login])) {
                // Get password from cache
@@ -199,17 +204,17 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0)
                                // Copy back tmp file and delete tmp :-)
                                @copy($tmp, $file);
                                @unlink($tmp);
-                               define('_FATAL', false);
+                               define ('_FATAL', false);
                        }
                         elseif (!$found)
                        {
                                OUTPUT_HTML("<STRONG>CHANGE:</STRONG> 404!");
-                               define('_FATAL', true);
+                               define ('_FATAL', true);
                        }
                         else
                        {
                                OUTPUT_HTML("<STRONG>TMP:</STRONG> UNDONE!");
-                               define('_FATAL', true);
+                               define ('_FATAL', true);
                        }
                }
        }