From 6aa5b6c3d7c49ceb5a41b836657321e9c0b5dea5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 30 Oct 2009 11:34:35 +0000 Subject: [PATCH] Several kinky code smoothed, fixes for admin login --- inc/config-functions.php | 1 + inc/db/lib.php | 3 -- inc/extensions-functions.php | 6 +-- inc/filter-functions.php | 2 +- inc/filters.php | 11 ++++- inc/functions.php | 56 +++++++++++++---------- inc/loader/load_cache-extension.php | 2 +- inc/modules/admin/what-config_session.php | 2 +- inc/mysql-connect.php | 10 ++-- inc/mysql-manager.php | 8 ++-- inc/wrapper-functions.php | 2 + 11 files changed, 58 insertions(+), 45 deletions(-) diff --git a/inc/config-functions.php b/inc/config-functions.php index fd29373344..8f25e9223c 100644 --- a/inc/config-functions.php +++ b/inc/config-functions.php @@ -97,6 +97,7 @@ function setConfigEntry ($configEntry, $value) { // Checks wether the given config entry is set function isConfigEntrySet ($configEntry) { + //* DEBUG: */ print __FUNCTION__.':'.$configEntry.'='.intval(isset($GLOBALS['config'][$configEntry])).'
'; return (isset($GLOBALS['config'][$configEntry])); } diff --git a/inc/db/lib.php b/inc/db/lib.php index a751023953..76a097bf2c 100644 --- a/inc/db/lib.php +++ b/inc/db/lib.php @@ -41,9 +41,6 @@ if (!defined('__SECURITY')) { die(); } // END - if -// Is it not set? -if (!isConfigEntrySet('_DB_TYPE')) setConfigEntry('_DB_TYPE', 'mysql3'); - // Create include file name $inc = sprintf("inc/db/lib-%s.php", getConfig('_DB_TYPE')); diff --git a/inc/extensions-functions.php b/inc/extensions-functions.php index 59e2e95ded..dfa79d8fb9 100644 --- a/inc/extensions-functions.php +++ b/inc/extensions-functions.php @@ -1036,7 +1036,7 @@ function addExtensionNotes ($ver) { $out = ''; $content = array(); // Is do we have verbose output enabled? - if ((getConfig('verbose_sql') == 'Y') || (!isExtensionActive('sql_patches'))) { + if ((!isExtensionActive('sql_patches')) || (getConfig('verbose_sql') == 'Y')) { // Update notes found? if (getExtensionUpdateNotes($ver) != '') { // Update notes found @@ -1391,9 +1391,9 @@ function FILTER_INIT_EXTENSIONS () { // Do we have some entries? //* DEBUG */ print __FUNCTION__.': ENTRY!
'; if (isset($GLOBALS['cache_array']['extension']['ext_name'])) { - //* DEBUG */ print __FUNCTION__.': CACHE - START!
'; // Load all found extensions if found - foreach ($GLOBALS['cache_array']['extension']['ext_name'] as $key=>$ext_name) { + //* DEBUG */ print __FUNCTION__.': CACHE - START!
'; + foreach ($GLOBALS['cache_array']['extension']['ext_name'] as $key => $ext_name) { // Load it //* DEBUG */ print __FUNCTION__.': '.$ext_name.' - START
'; loadExtension($ext_name, 'init'); diff --git a/inc/filter-functions.php b/inc/filter-functions.php index 5e3a5d8284..819c891e70 100644 --- a/inc/filter-functions.php +++ b/inc/filter-functions.php @@ -119,8 +119,8 @@ ORDER BY // Init filters registerFilter('init', 'LOAD_CONFIGURATION'); registerFilter('init', 'INIT_EXTENSIONS'); - registerFilter('init', 'LOAD_RUNTIME_INCLUDES'); registerFilter('init', 'INIT_RANDOMIZER'); + registerFilter('init', 'LOAD_RUNTIME_INCLUDES'); registerFilter('init', 'INIT_RANDOM_NUMBER'); registerFilter('init', 'CHECK_SVN_REVISION'); registerFilter('init', 'RUN_DAILY_RESET'); diff --git a/inc/filters.php b/inc/filters.php index 3f7569eaa3..4204fbb3c1 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -580,7 +580,16 @@ function FILTER_DETERMINE_WHAT_ACTION () { // Get all values if ((getOutputMode() != 1) && (getOutputMode() != -1)) { // Fix module - if (!isModuleSet()) setModule('index'); + if (!isModuleSet()) { + // Is the request element set? + if (isGetRequestElementSet('module')) { + // Set module from request + setModule(getRequestElement('module')); + } else { + // Set default module 'index' + setModule('index'); + } + } // END - if // Fix 'what' if not yet set if (!isWhatSet()) setWhat(getWhatFromModule(getModule())); diff --git a/inc/functions.php b/inc/functions.php index 25610ef39c..57e2c10364 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -458,7 +458,7 @@ function loadEmailTemplate ($template, $content = array(), $UID = 0) { } // END - if // Load user's data - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):UID={$UID},template={$template},content[]=".gettype($content)."
"); + //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):UID={$UID},template={$template},content[]=".gettype($content).'
'); if (($UID > 0) && (is_array($content))) { // If nickname extension is installed, fetch nickname as well if (isExtensionActive('nickname')) { @@ -585,7 +585,7 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = ' // Load email address $result_email = SQL_QUERY_ESC("SELECT `email` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(bigintval($toEmail)), __FUNCTION__, __LINE__); - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):numRows=".SQL_NUMROWS($result_email)."
"); + //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):numRows=".SQL_NUMROWS($result_email).'
'); // Does the user exist? if (SQL_NUMROWS($result_email)) { @@ -1307,7 +1307,7 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { // Calculate number for generating the code $a = $code + getConfig('_ADD') - 1; - if (isConfigEntrySet('master_hash')) { + if (isConfigEntrySet('master_salt')) { // Generate hash with master salt from modula of number with the prime number and other data $saltedHash = generateHash(($a % getConfig('_PRIME')) . getConfig('ENCRYPT_SEPERATOR') . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a, getConfig('master_salt')); @@ -1315,7 +1315,7 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { $rcode = hexdec(substr($saltedHash, strlen(getConfig('master_salt')), 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); } else { // Generate hash with "hash of site key" from modula of number with the prime number and other data - $saltedHash = generateHash(($a % getConfig('_PRIME')) . getConfig('ENCRYPT_SEPERATOR') . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a, substr(sha1(getConfig('SITE_KEY')), 0, 8)); + $saltedHash = generateHash(($a % getConfig('_PRIME')) . getConfig('ENCRYPT_SEPERATOR') . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a, substr(sha1(getConfig('SITE_KEY')), 0, getConfig('salt_length'))); // Create number from hash $rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); @@ -1724,7 +1724,7 @@ function extractHostnameFromUrl (&$script) { if (ereg('/', $host)) $host = substr($host, 0, strpos($host, '/')); // Generate relative URL - //* DEBUG: */ print("SCRIPT=" . $script."
"); + //* DEBUG: */ print("SCRIPT=" . $script.'
'); if (substr(strtolower($script), 0, 7) == 'http://') { // But only if http:// is in front! $script = substr($script, (strlen($url) + 7)); @@ -1733,7 +1733,7 @@ function extractHostnameFromUrl (&$script) { $script = substr($script, (strlen($url) + 8)); } - //* DEBUG: */ print("SCRIPT=" . $script."
"); + //* DEBUG: */ print("SCRIPT=" . $script.'
'); if (substr($script, 0, 1) == '/') $script = substr($script, 1); // Return host name @@ -1834,7 +1834,7 @@ function sendRawRequest ($host, $request) { } // END - if // Open connection - //* DEBUG: */ die("SCRIPT=" . $script."
"); + //* DEBUG: */ die("SCRIPT=" . $script.'
'); if ($useProxy === true) { // Connect to host through proxy connection $fp = @fsockopen(compileCode(getConfig('proxy_host')), bigintval(getConfig('proxy_port')), $errno, $errdesc, 30); @@ -1952,11 +1952,11 @@ function isEmailValid ($email) { function isUrlValid ($URL, $compile=true) { // Trim URL a little $URL = trim(urldecode($URL)); - //* DEBUG: */ outputHtml($URL."
"); + //* DEBUG: */ outputHtml($URL.'
'); // Compile some chars out... if ($compile === true) $URL = compileUriCode($URL, false, false, false); - //* DEBUG: */ outputHtml($URL."
"); + //* DEBUG: */ outputHtml($URL.'
'); // Check for the extension filter if (isExtensionActive('filter')) { @@ -2073,8 +2073,15 @@ function generateHash ($plainText, $salt = '') { //* DEBUG: */ outputHtml($salt." (".strlen($salt).")
"); } else { // Use given salt + //* DEBUG: */ print 'salt=' . $salt . '
'; $salt = substr($salt, 0, getConfig('salt_length')); - //* DEBUG: */ outputHtml("GIVEN={$salt}
"); + //* DEBUG: */ print 'salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')
'; + + // Sanity check on salt + if (strlen($salt) != getConfig('salt_length')) { + // Not the same! + debug_report_bug(__FUNCTION__.': salt length mismatch! ('.strlen($salt).'/'.getConfig('salt_length').')'); + } // END - if } // Return hash @@ -2167,7 +2174,7 @@ function generatePassString ($passHash) { $ret = $passHash; // Is a secret key and master salt already initialized? - if ((isExtensionInstalled('sql_patches')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) { + if ((isExtensionInstalled('sql_patches')) && (isExtensionInstalledAndNewer('other', '0.2.5')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) { // Only calculate when the secret key is generated $newHash = ''; $start = 9; for ($idx = 0; $idx < 10; $idx++) { @@ -2179,16 +2186,17 @@ function generatePassString ($passHash) { } elseif ($part2 > $part1) { $mod = dechex(sqrt(($part2 - $part1) * getConfig('_PRIME') / pi())); } - $mod = substr(round($mod), 0, 4); - $mod = str_repeat(0, 4-strlen($mod)) . $mod; - //* DEBUG: */ outputHtml("*" . $start.'=' . $mod."*
"); + $mod = substr($mod, 0, 4); + //* DEBUG: */ outputHtml('part1='.$part1.'/part2='.$part2.'/mod=' . $mod . '('.strlen($mod).')
'); + $mod = str_repeat(0, (4 - strlen($mod))) . $mod; + //* DEBUG: */ outputHtml('*' . $start . '=' . $mod . '*
'); $start += 4; $newHash .= $mod; } // END - for - //* DEBUG: */ print($passHash."
" . $newHash." (".strlen($newHash).')'); + //* DEBUG: */ print($passHash.'
' . $newHash." (".strlen($newHash).')
'); $ret = generateHash($newHash, getConfig('master_salt')); - //* DEBUG: */ print($ret."
"); + //* DEBUG: */ print('ret='.$ret.'
'); } else { // Hash it simple //* DEBUG: */ outputHtml("--" . $passHash."--
"); @@ -2421,12 +2429,12 @@ function generateErrorCodeFromUserStatus ($status) { // Function to search for the last modifified file function searchDirsRecursive ($dir, &$last_changed) { // Get dir as array - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):dir=" . $dir."
"); + //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):dir=" . $dir.'
'); // Does it match what we are looking for? (We skip a lot files already!) // RegexPattern to exclude ., .., .revision, .svn, debug.log or .cache in the filenames $excludePattern = '@(\.revision|debug\.log|\.cache|config\.php)$@'; $ds = getArrayFromDirectory($dir, '', true, false, array(), '.php', $excludePattern); - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):ds[]=".count($ds)."
"); + //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):ds[]=".count($ds).'
'); // Walk through all entries foreach ($ds as $d) { @@ -2439,7 +2447,7 @@ function searchDirsRecursive ($dir, &$last_changed) { // $FQFN is a directory so also crawl into this directory $newDir = $d; if (!empty($dir)) $newDir = $dir . '/'. $d; - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):DESCENT: " . $newDir."
"); + //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):DESCENT: " . $newDir.'
'); searchDirsRecursive($newDir, $last_changed); } elseif (isFileReadable($FQFN)) { // $FQFN is a filename and no directory @@ -2854,7 +2862,7 @@ function isUrlValidSimple ($url) { // @TODO Are these convertions still required? $pat = str_replace('.', "\.", $pat); $pat = str_replace('@', "\@", $pat); - //* DEBUG: */ outputHtml($key."= " . $pat . "
"); + //* DEBUG: */ outputHtml($key."= " . $pat . '
'); } // END - if // Check if expression matches @@ -3402,7 +3410,7 @@ function getArrayFromDirectory ($baseDir, $prefix, $fileIncludeDirs = false, $ad // Exclude '.', '..' and entries in $excludeArray automatically if (in_array($baseFile, $excludeArray, true)) { // Exclude them - //* DEBUG: */ outputHtml('excluded=' . $baseFile . "
"); + //* DEBUG: */ outputHtml('excluded=' . $baseFile . '
'); continue; } // END - if @@ -3416,9 +3424,9 @@ function getArrayFromDirectory ($baseDir, $prefix, $fileIncludeDirs = false, $ad // Check if the base filename matches an exclusion pattern and if the pattern is not empty if ((!empty($excludePattern)) && (preg_match($excludePattern, $baseFile, $match))) { // These Lines are only for debugging!! - //* DEBUG: */ outputHtml('baseDir:' . $baseDir . "
"); - //* DEBUG: */ outputHtml('baseFile:' . $baseFile . "
"); - //* DEBUG: */ outputHtml('FQFN:' . $FQFN . "
"); + //* DEBUG: */ outputHtml('baseDir:' . $baseDir . '
'); + //* DEBUG: */ outputHtml('baseFile:' . $baseFile . '
'); + //* DEBUG: */ outputHtml('FQFN:' . $FQFN . '
'); // Exclude this one continue; diff --git a/inc/loader/load_cache-extension.php b/inc/loader/load_cache-extension.php index d93cb6656d..e4509b218e 100644 --- a/inc/loader/load_cache-extension.php +++ b/inc/loader/load_cache-extension.php @@ -65,7 +65,7 @@ if (($GLOBALS['cache_instance']->loadCacheFile('extension')) && ($GLOBALS['cache if ($EXT_DUMMY['ext_css'][$k] == 'Y') addExtensionCssFile($name . '.css'); // Load extension file itself - if ((($EXT_DUMMY['ext_active'][$k] == 'Y') || ($EXT_DUMMY['ext_keep'][$k] == 'Y') || (isAdmin()))) { + if (($EXT_DUMMY['ext_active'][$k] == 'Y') || ($EXT_DUMMY['ext_keep'][$k] == 'Y')) { $EXT_POOL[] = $name; } // END - if diff --git a/inc/modules/admin/what-config_session.php b/inc/modules/admin/what-config_session.php index 5e02381932..abc556d8de 100644 --- a/inc/modules/admin/what-config_session.php +++ b/inc/modules/admin/what-config_session.php @@ -39,7 +39,7 @@ // Some security stuff... if ((!defined('__SECURITY')) || (!isAdmin())) { die(); -} +} // END - if // Add description as navigation point addMenuDescription('admin', __FILE__); diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index f6c1a1f126..a733ea9abd 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -70,16 +70,12 @@ initMessages(); // Check if this file is writeable or read-only and warn the user if (!isInstalling()) { - // Load database layer here - loadIncludeOnce('inc/db/lib.php'); - - // Set missing module - if ((!isModuleSet()) && (isGetRequestElementSet('module'))) setModule(getRequestElement('module')); - if (!isModuleSet()) setModule('index'); - // Load configuration file(s) here loadIncludeOnce('inc/load_config.php'); + // Load database layer here + loadIncludeOnce('inc/db/lib.php'); + // CSS array initExtensionCssFiles(); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 7088fec5ae..3c095aee9e 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -641,7 +641,7 @@ function isMember () { function isAdmin ($admin = '') { // Init variables $ret = false; $passCookie = ''; $valPass = ''; - //* DEBUG: */ print(__FUNCTION__.':'.$admin."
"); + //* DEBUG: */ print(__FUNCTION__.':'.$admin.'
'); // If admin login is not given take current from cookies... if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { @@ -649,7 +649,7 @@ function isAdmin ($admin = '') { $admin = getSession('admin_login'); $passCookie = getSession('admin_md5'); } // END - if - //* DEBUG: */ print(__FUNCTION__.':'.$admin.'/'.$passCookie."
"); + //* DEBUG: */ print(__FUNCTION__.':'.$admin.'/'.$passCookie.'
'); // Search in array for entry if (isset($GLOBALS['admin_hash'])) { @@ -965,7 +965,7 @@ function getModeAction ($mode, $what) { // Get it directly from URL return getAction(); } - //* DEBUG: */ print(__FUNCTION__."(".__LINE__."): ret=".$ret."
"); + //* DEBUG: */ print(__FUNCTION__."(".__LINE__."): ret=".$ret.'
'); // Does the module have a menu? if (ifModuleHasMenu($mode)) { @@ -1343,7 +1343,7 @@ function updateReferalCounter ($userid) { array(bigintval($userid), $GLOBALS['cache_array']['ref_level'][$userid]), __FUNCTION__, __LINE__); // When no entry was updated then we have to create it here - //* DEBUG: */ print(__FUNCTION__."(".__LINE__."):updated=".SQL_AFFECTEDROWS()."
"); + //* DEBUG: */ print(__FUNCTION__."(".__LINE__."):updated=".SQL_AFFECTEDROWS().'
'); if (SQL_AFFECTEDROWS() < 1) { // First count! SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_refsystem` (`userid`, `level`, `counter`) VALUES (%s,%s,1)", diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index 882cd3aa9b..0f89445a06 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -646,12 +646,14 @@ function redirectToIndexMemberOnlyModule () { // Wrapper function for checking if extension is installed and newer or same version function isExtensionInstalledAndNewer ($ext_name, $version) { // Return it + //* DEBUG: */ print __FUNCTION__.':'.$ext_name.'=>'.$version.'
'; return ((isExtensionInstalled($ext_name)) && (getExtensionVersion($ext_name) >= $version)); } // Wrapper function for checking if extension is installed and older than given version function isExtensionInstalledAndOlder ($ext_name, $version) { // Return it + //* DEBUG: */ print __FUNCTION__.':'.$ext_name.'<'.$version.'
'; return ((isExtensionInstalled($ext_name)) && (isExtensionOlder($ext_name, $version))); } -- 2.39.5