From 7c15ca79161bf475e958810a5b585bce869a2af9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 4 Nov 2009 06:39:47 +0000 Subject: [PATCH] Compilation time added, some compileCode() calles removed, ADMIN_WHAT_404 added --- inc/functions.php | 15 +++++++++------ inc/language/de.php | 3 ++- inc/libs/payout_functions.php | 3 --- inc/libs/surfbar_functions.php | 8 ++------ inc/modules/admin/action-admins.php | 2 +- inc/modules/admin/action-bank.php | 2 +- inc/modules/admin/action-country.php | 2 +- inc/modules/admin/action-doubler.php | 2 +- inc/modules/admin/action-email.php | 2 +- inc/modules/admin/action-holiday.php | 2 +- inc/modules/admin/action-login.php | 2 +- inc/modules/admin/action-menu.php | 2 +- inc/modules/admin/action-misc.php | 2 +- inc/modules/admin/action-mods.php | 2 +- inc/modules/admin/action-newsletter.php | 2 +- inc/modules/admin/action-payouts.php | 2 +- inc/modules/admin/action-primera.php | 2 +- inc/modules/admin/action-rallye.php | 2 +- inc/modules/admin/action-repair.php | 2 +- inc/modules/admin/action-setup.php | 2 +- inc/modules/admin/action-sponsor.php | 2 +- inc/modules/admin/action-stats.php | 2 +- inc/modules/admin/action-surfbar.php | 2 +- inc/modules/admin/action-task.php | 2 +- inc/modules/admin/action-theme.php | 2 +- inc/modules/admin/action-transfer.php | 2 +- inc/modules/admin/action-user.php | 2 +- inc/modules/admin/action-wernis.php | 2 +- inc/modules/admin/admin-inc.php | 17 ++++------------- inc/modules/admin/what-list_payouts.php | 1 - inc/mysql-manager.php | 2 ++ 31 files changed, 43 insertions(+), 54 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index b6d40608d3..c9d5300347 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -996,6 +996,9 @@ function compileCode ($code, $simple = false, $constants = true, $full = true) { return $code; } // END - if + // Start couting + $startCompile = explode(' ', microtime()); + // Init replacement-array with full security characters $secChars = $GLOBALS['security_chars']; @@ -1071,6 +1074,12 @@ function compileCode ($code, $simple = false, $constants = true, $full = true) { } // END - foreach } // END - if + // Get timing + $compiled = explode(' ', microtime()); + + // Add timing + $code .= ''; + // Return compiled code return $code; } @@ -1752,9 +1761,6 @@ function sendPostRequest ($script, $postData) { return array('', '', ''); } // END - if - // Compile the script name - $script = compileCode($script); - // Extract host name from script $host = extractHostnameFromUrl($script); @@ -1895,9 +1901,6 @@ function sendRawRequest ($host, $request) { // Taken from www.php.net eregi() user comments function isEmailValid ($email) { - // Compile email - $email = compileCode($email); - // Check first part of email address $first = '[-a-z0-9!#$%&\'*+/=?^_<{|}~]+(\.[-a-zA-Z0-9!#$%&\'*+/=?^_<{|}~]+)*'; diff --git a/inc/language/de.php b/inc/language/de.php index cb08ba49fa..c787381d13 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -123,7 +123,8 @@ addMessages(array( 'ADMIN_LOGOUT_DONE' => "Ausloggen aus dem Admin-Bereich abgeschlossen.", 'ADMIN_LOGOUT_FAILED' => "Konnte nicht aus dem Admin-Bereich ausloggen! :-(", 'ADMIN_RELOGIN_LINK' => "Klicken Sie hier, um sich erneut einzuloggen.", - 'ADMIN_ACTION_404' => "Das aufgerufe Admin-Modul %s ist zwar gültig, konnte aber nicht auf dem Server gefunden werden.", + 'ADMIN_ACTION_404' => "Das aufgerufe Admin-Hauptmenü %s ist zwar gültig, konnte aber nicht auf dem Server gefunden werden.", + 'ADMIN_WHAT_404' => "Das aufgerufe Admin-Untermenü %s ist zwar gültig, konnte aber nicht auf dem Server gefunden werden.", 'ALREADY_INSTALLED' => "Dieses Script ist bereits auf diesem Server installiert worden Bitte löschen Sie install.php inc/install-inc.php und install.sql von Ihrem Server! (Keine Sorge, Sie können es tun...)", 'ADMIN_MAIN_TITLE' => "Willkommen zum Administrationsbereich", 'YOU_ARE_HERE' => "Sie sind hier:", diff --git a/inc/libs/payout_functions.php b/inc/libs/payout_functions.php index 77d7121a2e..167142d239 100644 --- a/inc/libs/payout_functions.php +++ b/inc/libs/payout_functions.php @@ -58,9 +58,6 @@ ORDER BY if (SQL_NUMROWS($result) > 0) { // Now let's check while ($content = SQL_FETCHARRAY($result)) { - // Compile the type - $content['type'] = compileCode($content['type']); - // Are these points enougth? if ($points >= $content['min_points']) { // Prepare content for template diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index 1856892d13..1fc4d35ca5 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -438,20 +438,16 @@ function SURFBAR_MEMBER_EXECUTE_EDIT_ACTION ($urlData) { // Default is nothing done $status = false; - // Translate URLs for testing - $url1 = compileCode($urlData['url']); - $url2 = compileCode($urlData['edit']['url']); - // Has the URL or limit changed? if (true) { //if (($urlData['views_allowed'] != $urlData['edit']['limit']) || ($url1 != $url2)) { // Run the query SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_surfbar_urls` SET url='%s', views_allowed=%s, views_max=%s WHERE `id`=%s AND `status`='%s' LIMIT 1", - array($urlData['url'], $urlData['edit']['limit'], $urlData['edit']['limit'], $urlData['id'], $urlData['status']), __FUNCTION__, __LINE__); + array($urlData['url'], $urlData['edit']['limit'], $urlData['edit']['limit'], $urlData['id'], $urlData['status']), __FUNCTION__, __LINE__); // All fine $status = true; - } + } // END - if // Return status return $status; diff --git a/inc/modules/admin/action-admins.php b/inc/modules/admin/action-admins.php index 06867e14ca..66c5701095 100644 --- a/inc/modules/admin/action-admins.php +++ b/inc/modules/admin/action-admins.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-bank.php b/inc/modules/admin/action-bank.php index 6766542044..9503b6c9e0 100644 --- a/inc/modules/admin/action-bank.php +++ b/inc/modules/admin/action-bank.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-country.php b/inc/modules/admin/action-country.php index af2e9ecbc0..b9b0aa07f7 100644 --- a/inc/modules/admin/action-country.php +++ b/inc/modules/admin/action-country.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-doubler.php b/inc/modules/admin/action-doubler.php index d7599b892f..43a4603327 100644 --- a/inc/modules/admin/action-doubler.php +++ b/inc/modules/admin/action-doubler.php @@ -51,7 +51,7 @@ if (isIncludeReadable($inc)) { loadInclude($inc); } else { // "what file" not found - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-email.php b/inc/modules/admin/action-email.php index 39e63a964b..6a853c0510 100644 --- a/inc/modules/admin/action-email.php +++ b/inc/modules/admin/action-email.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-holiday.php b/inc/modules/admin/action-holiday.php index 60a75ea964..a6cf78cd22 100644 --- a/inc/modules/admin/action-holiday.php +++ b/inc/modules/admin/action-holiday.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-login.php b/inc/modules/admin/action-login.php index e73fccc032..6350134ef8 100644 --- a/inc/modules/admin/action-login.php +++ b/inc/modules/admin/action-login.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-menu.php b/inc/modules/admin/action-menu.php index be767d4bad..9f9ce332ea 100644 --- a/inc/modules/admin/action-menu.php +++ b/inc/modules/admin/action-menu.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-misc.php b/inc/modules/admin/action-misc.php index 3f67688afa..875745497a 100644 --- a/inc/modules/admin/action-misc.php +++ b/inc/modules/admin/action-misc.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // diff --git a/inc/modules/admin/action-mods.php b/inc/modules/admin/action-mods.php index fd1754fefc..004cd8cdb0 100644 --- a/inc/modules/admin/action-mods.php +++ b/inc/modules/admin/action-mods.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-newsletter.php b/inc/modules/admin/action-newsletter.php index f71db92598..befe3b74ac 100644 --- a/inc/modules/admin/action-newsletter.php +++ b/inc/modules/admin/action-newsletter.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-payouts.php b/inc/modules/admin/action-payouts.php index 21c5d95f68..13ae4a1d4a 100644 --- a/inc/modules/admin/action-payouts.php +++ b/inc/modules/admin/action-payouts.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-primera.php b/inc/modules/admin/action-primera.php index 315fda5d4e..3d77746a91 100644 --- a/inc/modules/admin/action-primera.php +++ b/inc/modules/admin/action-primera.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-rallye.php b/inc/modules/admin/action-rallye.php index 6a342875fd..8f8d49033d 100644 --- a/inc/modules/admin/action-rallye.php +++ b/inc/modules/admin/action-rallye.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-repair.php b/inc/modules/admin/action-repair.php index 4ffb2da4f1..40dbbdbb49 100644 --- a/inc/modules/admin/action-repair.php +++ b/inc/modules/admin/action-repair.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-setup.php b/inc/modules/admin/action-setup.php index 60e5d6868a..e21de1011b 100644 --- a/inc/modules/admin/action-setup.php +++ b/inc/modules/admin/action-setup.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-sponsor.php b/inc/modules/admin/action-sponsor.php index fb44eea7b6..6ca94660a6 100644 --- a/inc/modules/admin/action-sponsor.php +++ b/inc/modules/admin/action-sponsor.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-stats.php b/inc/modules/admin/action-stats.php index 9f31458f25..02d66b7297 100644 --- a/inc/modules/admin/action-stats.php +++ b/inc/modules/admin/action-stats.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-surfbar.php b/inc/modules/admin/action-surfbar.php index c50fae900d..1cd344aed0 100644 --- a/inc/modules/admin/action-surfbar.php +++ b/inc/modules/admin/action-surfbar.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-task.php b/inc/modules/admin/action-task.php index 4589cb3bd3..97373241a6 100644 --- a/inc/modules/admin/action-task.php +++ b/inc/modules/admin/action-task.php @@ -55,7 +55,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-theme.php b/inc/modules/admin/action-theme.php index 53fa648418..b66b48c580 100644 --- a/inc/modules/admin/action-theme.php +++ b/inc/modules/admin/action-theme.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-transfer.php b/inc/modules/admin/action-transfer.php index fd4f45ed08..11d8405a3e 100644 --- a/inc/modules/admin/action-transfer.php +++ b/inc/modules/admin/action-transfer.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-user.php b/inc/modules/admin/action-user.php index f2b7ca6892..8d379ac382 100644 --- a/inc/modules/admin/action-user.php +++ b/inc/modules/admin/action-user.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // [EOF] diff --git a/inc/modules/admin/action-wernis.php b/inc/modules/admin/action-wernis.php index 75296b5ec3..c35124f397 100644 --- a/inc/modules/admin/action-wernis.php +++ b/inc/modules/admin/action-wernis.php @@ -50,7 +50,7 @@ if (isIncludeReadable($inc)) { // Ok, we finally load the admin action module loadInclude($inc); } else { - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_ACTION_404'), getWhat()); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_WHAT_404'), getWhat()); } // diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 22b09b64e0..db07ff3596 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -249,8 +249,8 @@ function doAdminAction () { // Default admin action is the overview page $what = 'overview'; } else { - // Compile out some chars - $what = compileCode($what, false, false, false); + // Secure it + $what = secureString($what); } // Get action value @@ -567,9 +567,6 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement // Shall we process this id? It muss not be empty, of course if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) { - // Save this entry - $val = compileCode($val); - // Translate the value? (comma to dot!) if ((is_array($translateComma)) && (in_array($id, $translateComma))) { // Then do it here... :) @@ -1156,9 +1153,6 @@ function sendAdminPasswordResetLink ($email) { // Init output $OUT = ''; - // Compile out security characters (must be for looking up!) - $email = compileCode($email); - // Look up administator login $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); @@ -1197,12 +1191,9 @@ function adminResetValidateHashLogin ($hash, $login) { // By default nothing validates... ;) $valid = false; - // Compile the login for lookup - $login = compileCode($login); - // Then try to find that user $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", - array($login), __FUNCTION__, __LINE__); + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1210,7 +1201,7 @@ function adminResetValidateHashLogin ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10)); // Does both match? $valid = ($hash == $hashFromData); diff --git a/inc/modules/admin/what-list_payouts.php b/inc/modules/admin/what-list_payouts.php index 479c54100c..ff1e5c6520 100644 --- a/inc/modules/admin/what-list_payouts.php +++ b/inc/modules/admin/what-list_payouts.php @@ -97,7 +97,6 @@ LIMIT 1", if (!empty($eurl)) { // Ok, run URL... - $eurl = compileCode($eurl); switch ($eenc) { case 'md5': $fpass = md5($fpass); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 90c8d83eb0..343477e891 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -869,6 +869,8 @@ function isMenuActionValid ($mode, $action, $what, $updateEntry=false) { // Run SQL command $result = SQL_QUERY($sql, __FUNCTION__, __LINE__); + + // Should we look for affected rows (only update) or found rows? if ($updateEntry === true) { // Check updated/affected rows $ret = (SQL_AFFECTEDROWS() == 1); -- 2.39.5