From 1c4326f6b5017f33664d752d4fb78085ab551d77 Mon Sep 17 00:00:00 2001 From: quix0r Date: Sun, 4 Nov 2012 01:28:34 +0000 Subject: [PATCH] Fixes for isAdmin() rewrite of latest commits. --- inc/config-functions.php | 12 ++++++++++ inc/filter-functions.php | 5 ++++- inc/load_cache.php | 3 +++ inc/modules/admin.php | 6 +++++ inc/modules/admin/admin-inc.php | 11 ++++++---- inc/mysql-manager.php | 39 +++++++++++++++------------------ 6 files changed, 50 insertions(+), 26 deletions(-) diff --git a/inc/config-functions.php b/inc/config-functions.php index 310fc6bae3..035f169d78 100644 --- a/inc/config-functions.php +++ b/inc/config-functions.php @@ -86,6 +86,18 @@ function getConfig ($configEntry) { function setConfigEntry ($configEntry, $value) { // Just set it (unsecured won't hurt?) $GLOBALS['config'][$configEntry] = $value; + + // Remove cache + removeGlobalCache($configEntry); +} + +// Removes entry in $GLOBALS +function removeGlobalCache ($configEntry) { + // Generate key + $key = 'get' . capitalizeUnderscoreString($configEntry); + + // Remove it + unset($GLOBALS[$key]); } // Checks whether the given config entry is set diff --git a/inc/filter-functions.php b/inc/filter-functions.php index 4670227106..5a74891427 100644 --- a/inc/filter-functions.php +++ b/inc/filter-functions.php @@ -114,13 +114,16 @@ ORDER BY registerFilter(__FUNCTION__, __LINE__, 'init', 'RUN_HOURLY_RESET'); registerFilter(__FUNCTION__, __LINE__, 'init', 'RUN_DAILY_RESET'); registerFilter(__FUNCTION__, __LINE__, 'init', 'TRIGGER_SENDING_POOL'); - registerFilter(__FUNCTION__, __LINE__, 'init', 'DETERMINE_USERNAME'); + unregisterFilter(__FUNCTION__, __LINE__, 'init', 'DETERMINE_USERNAME', TRUE); registerFilter(__FUNCTION__, __LINE__, 'init', 'DETERMINE_WHAT_ACTION'); registerFilter(__FUNCTION__, __LINE__, 'init', 'COUNT_MODULE'); registerFilter(__FUNCTION__, __LINE__, 'init', 'UPDATE_LOGIN_DATA'); registerFilter(__FUNCTION__, __LINE__, 'init', 'ACTIVATE_EXCHANGE'); registerFilter(__FUNCTION__, __LINE__, 'init', 'REDIRECT_WRONG_SERVER_NAME'); + // Post-initialization + registerFilter(__FUNCTION__, __LINE__, 'post_init', 'DETERMINE_USERNAME'); + // Page headers - pre-filter (normally, you want to register here) registerFilter(__FUNCTION__, __LINE__, 'pre_page_header', 'LOAD_PAGE_HEADER'); diff --git a/inc/load_cache.php b/inc/load_cache.php index 1a25749fff..a4099c3aaf 100644 --- a/inc/load_cache.php +++ b/inc/load_cache.php @@ -71,5 +71,8 @@ initFilterSystem(); // Init system here runFilterChain('init'); +// Run post-initialization (e.g. determining username) +runFilterChain('post_init'); + // [EOF] ?> diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 761d9181aa..d8f29a6bcd 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -383,6 +383,12 @@ if (!isAdminRegistered()) { destroyAdminSession(); break; + case 'invalid': // Invalid admin session + setPostRequestElement('login', $ret); + displayMessage('{--INVALID_ADMIN_SESSION--}'); + destroyAdminSession(); + break; + default: // Others will be logged logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret)); break; diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index a6a660a17c..9476cb0863 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -133,12 +133,15 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) { //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash); // If they both match, the login data is valid - if ($testHash == $passHash) { + if ($testHash != $passHash) { + // Passwords don't match + $ret = 'password'; + } elseif (!isAdmin()) { + // Is not valid session + $ret = 'session'; + } else { // All fine $ret = 'done'; - } else { - // Set status - $ret = 'password'; } } // END - if diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index a7ecf50e8d..5dfaf1366e 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -565,6 +565,7 @@ function isAdmin () { // Is there cache? if (isset($GLOBALS[__FUNCTION__])) { // Return it + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'isAdmin()=' . intval($GLOBALS[__FUNCTION__])); return $GLOBALS[__FUNCTION__]; } // END - if @@ -578,19 +579,18 @@ function isAdmin () { $ret = FALSE; $adminId = '0'; $passwordFromCookie = ''; - $valPass = ''; //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $adminId); // If admin login is not given take current from cookies... if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5'))) { // Get admin login and password from session/cookies - $adminId = getCurrentAdminId(); + $adminId = getCurrentAdminId(); $passwordFromCookie = getAdminMd5(); } // END - if - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminId=' . $adminId . 'passwordFromCookie=' . $passwordFromCookie); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminId=' . $adminId . ',passwordFromCookie=' . $passwordFromCookie); // Abort if admin id is zero - if ($adminId == '0') { + if (($adminId == '0') || (empty($passwordFromCookie))) { // A very noisy debug message ... //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Current adminId is zero. isSessionVariableSet(admin_id)=' . intval(isSessionVariableSet('admin_id')) . ',isSessionVariableSet(admin_md5)=' . intval(isSessionVariableSet('admin_md5'))); @@ -605,32 +605,26 @@ function isAdmin () { // Search in array for entry if (isset($GLOBALS['admin_hash'])) { // Use cached string - $valPass = $GLOBALS['admin_hash']; - } elseif ((!empty($passwordFromCookie)) && (isAdminHashSet($adminId) === TRUE) && (!empty($adminId))) { - // Login data is valid or not? - $valPass = encodeHashForCookie(getAdminHash($adminId)); - - // Cache it away - $GLOBALS['admin_hash'] = $valPass; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using admin_hash=' . $GLOBALS['admin_hash'] . ' from cache'); + } elseif ((!empty($adminId)) && (!empty($passwordFromCookie)) && (isAdminHashSet($adminId) === TRUE)) { + // Get admin hash and hash it + $GLOBALS['admin_hash'] = encodeHashForCookie(getAdminHash($adminId)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'valPass=' . $GLOBALS['admin_hash']); // Count cache hits incrementStatsEntry('cache_hits'); } elseif ((!empty($adminId)) && ((!isExtensionActive('cache')) || (isAdminHashSet($adminId) === FALSE))) { // Get admin hash and hash it - $valPass = encodeHashForCookie(getAdminHash($adminId)); - - // Cache it away - $GLOBALS['admin_hash'] = $valPass; + $GLOBALS['admin_hash'] = encodeHashForCookie(getAdminHash($adminId)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'valPass=' . $GLOBALS['admin_hash']); } - // $valPass shall not be empty. If so, the admin has not found. - if (!empty($valPass)) { - // Check if password is valid - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, '(' . $valPass . '==' . $passwordFromCookie . ')='.intval($valPass == $passwordFromCookie)); - $GLOBALS[__FUNCTION__] = ($GLOBALS['admin_hash'] == $passwordFromCookie); - } // END - if + // Check if password is valid + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, '(' . $GLOBALS['admin_hash'] . '==' . $passwordFromCookie . ')='.intval($GLOBALS['admin_hash'] == $passwordFromCookie)); + $GLOBALS[__FUNCTION__] = ((!empty($GLOBALS['admin_hash'])) && ($GLOBALS['admin_hash'] == $passwordFromCookie)); // Return result of comparision + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'isAdmin()=' . intval($GLOBALS[__FUNCTION__])); return $GLOBALS[__FUNCTION__]; } @@ -1147,9 +1141,11 @@ function setCurrentAdminId ($currentAdminId) { // Get password hash from administrator's login name function getAdminHash ($adminId) { + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminId=' . $adminId . ' - ENTERED!'); // By default an invalid hash is returned $data['password'] = -1; + // Is admin hash set? if (isAdminHashSet($adminId)) { // Check cache $data['password'] = $GLOBALS['cache_array']['admin']['password'][$adminId]; @@ -1175,6 +1171,7 @@ function getAdminHash ($adminId) { } // Return password hash + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminId=' . $adminId . ',data[password]=' . $data['password'] . ' - EXIT!'); return $data['password']; } -- 2.39.2