From de5910b8e5deb9285a7ac57c26ebd894f4e1afbf Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 15 Dec 2009 22:19:25 +0000 Subject: [PATCH] Further fixes for non-working admin login and debug lines commented out --- inc/config-functions.php | 2 +- inc/extensions/ext-admins.php | 11 +++++++-- inc/filters.php | 6 ++--- inc/fix_filters.php | 2 +- inc/functions.php | 27 +++++++++++++++------- inc/gen_refback.php | 2 +- inc/libs/admins_functions.php | 29 ++++++++++++++++++++++++ inc/modules/admin/admin-inc.php | 12 ++++++---- inc/modules/admin/what-config_points.php | 2 +- inc/modules/admin/what-theme_edit.php | 2 +- inc/modules/admin/what-theme_import.php | 2 +- inc/mysql-manager.php | 8 +++---- inc/session-functions.php | 7 +++--- 13 files changed, 81 insertions(+), 31 deletions(-) diff --git a/inc/config-functions.php b/inc/config-functions.php index d10f4fa12d..656501db5d 100644 --- a/inc/config-functions.php +++ b/inc/config-functions.php @@ -352,7 +352,7 @@ function updateConfiguration ($entries, $values, $updateMode='', $config = '0') //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "entries={$entries},affectedRows={$affectedRows}
"); // Rebuild cache - rebuildCacheFile('config', 'config'); + rebuildCache('config', 'config'); } // Filter for loading configuration diff --git a/inc/extensions/ext-admins.php b/inc/extensions/ext-admins.php index 6823b169b7..3033960266 100644 --- a/inc/extensions/ext-admins.php +++ b/inc/extensions/ext-admins.php @@ -42,10 +42,10 @@ if (!defined('__SECURITY')) { } // END - if // Version of this extension -setThisExtensionVersion('0.7.4'); +setThisExtensionVersion('0.7.5'); // Version history array (add more with , '0.1.0' and so on) -setExtensionVersionHistory(array('0.0', '0.1.0', '0.2.0', '0.3.0', '0.3.1', '0.4.0', '0.4.1', '0.4.2', '0.4.3', '0.4.4', '0.4.5', '0.4.6', '0.4.7', '0.4.8', '0.4.9', '0.5.0', '0.5.1', '0.5.2', '0.5.3', '0.5.4', '0.5.5', '0.5.6', '0.5.7', '0.5.8', '0.5.9', '0.6.0', '0.6.1', '0.6.2', '0.6.3', '0.6.4', '0.6.5', '0.6.6', '0.6.7', '0.6.8', '0.6.9', '0.7.0', '0.7.1', '0.7.2', '0.7.3', '0.7.4')); +setExtensionVersionHistory(array('0.0', '0.1.0', '0.2.0', '0.3.0', '0.3.1', '0.4.0', '0.4.1', '0.4.2', '0.4.3', '0.4.4', '0.4.5', '0.4.6', '0.4.7', '0.4.8', '0.4.9', '0.5.0', '0.5.1', '0.5.2', '0.5.3', '0.5.4', '0.5.5', '0.5.6', '0.5.7', '0.5.8', '0.5.9', '0.6.0', '0.6.1', '0.6.2', '0.6.3', '0.6.4', '0.6.5', '0.6.6', '0.6.7', '0.6.8', '0.6.9', '0.7.0', '0.7.1', '0.7.2', '0.7.3', '0.7.4', '0.7.5')); // Keep this extension always active! setExtensionAlwaysActive('Y'); @@ -69,6 +69,7 @@ switch (getExtensionMode()) { unregisterFilter('sql_admin_extra_data', 'ADD_EXTRA_SQL_DATA', true, getExtensionDryRun()); unregisterFilter('do_admin_login_done', 'RESET_ADMINS_LOGIN_FAILURES', true, getExtensionDryRun()); unregisterFilter('do_admin_login_pass', 'COUNT_ADMINS_LOGIN_FAILURE', true, getExtensionDryRun()); + unregisterFilter('do_admin_login_done', 'REHASH_ADMINS_PASSWORD', true, getExtensionDryRun()); break; case 'activate': // Do stuff when admin activates this extension @@ -327,6 +328,12 @@ PRIMARY KEY (id) // Update notes (these will be set as task text!) setExtensionUpdateNotes("Filter hinzugefuegt."); break; + + case '0.7.5': // SQL queries for v0.7.5 + registerFilter('do_admin_login_done', 'REHASH_ADMINS_PASSWORD', false, true, getExtensionDryRun()); + break; + + // Add filter } // END - switch break; diff --git a/inc/filters.php b/inc/filters.php index 6626a7655b..018e8b6fd4 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -127,7 +127,7 @@ function FILTER_FLUSH_FILTERS () { // Should we rebuild cache? if (($inserted > 0) || ($removed > 0)) { // Destroy cache - rebuildCacheFile('filter', 'filter'); + rebuildCache('filter', 'filter'); } // END - if } @@ -568,7 +568,7 @@ function FILTER_REMOVE_EXTENSION () { removeExtensionFromArray(); // Remove the cache - rebuildCacheFile('extension', 'extension'); + rebuildCache('extension', 'extension'); } // Filter for flushing the output @@ -928,7 +928,7 @@ LIMIT 1", function FILTER_DO_LOGIN_ADMIN ($data) { // Now set all session variables and store the result for later processing $GLOBALS['admin_login_success'] = (( - setSession('admin_md5', encodeHashForCookie(generateHash($data['pass_hash'], '', false))) + setSession('admin_md5', encodeHashForCookie($data['pass_hash'])) ) && ( setSession('admin_login', $data['login']) ) && ( diff --git a/inc/fix_filters.php b/inc/fix_filters.php index 69cd4e001c..7ff1292b6c 100644 --- a/inc/fix_filters.php +++ b/inc/fix_filters.php @@ -65,7 +65,7 @@ if (SQL_NUMROWS($result) > 0) { } // END - while // Rebuild the cache - rebuildCacheFile('filter', 'filter'); + rebuildCache('filter', 'filter'); } // END - if // Free result diff --git a/inc/functions.php b/inc/functions.php index 122ba1204c..5b30f4f795 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -2073,6 +2073,9 @@ function generateEmailLink ($email, $table = 'admins') { // Generate a hash for extra-security for all passwords function generateHash ($plainText, $salt = '', $hash = true) { + // Debug output + //* DEBUG: */ outputHtml('plainText=' . $plainText . ',salt=' . $salt . ',hash='.intval($hash).'
'); + // Is the required extension 'sql_patches' there and a salt is not given? // 0123 4 43 3 4 432 2 3 32 2 3 3210 if ((((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) && (empty($salt))) || (!isExtensionActive('sql_patches')) || (!isExtensionInstalledAndNewer('other', '0.2.5')))) { @@ -2119,9 +2122,9 @@ function generateHash ($plainText, $salt = '', $hash = true) { //* DEBUG: */ outputHtml($salt.' ('.strlen($salt).')
'); } else { // Use given salt - //* DEBUG: */ print 'salt=' . $salt . '
'; + //* DEBUG: */ outputHtml('salt=' . $salt . '
'); $salt = substr($salt, 0, getConfig('salt_length')); - //* DEBUG: */ print 'salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')
'; + //* DEBUG: */ outputHtml('salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')
'); // Sanity check on salt if (strlen($salt) != getConfig('salt_length')) { @@ -2130,8 +2133,14 @@ function generateHash ($plainText, $salt = '', $hash = true) { } // END - if } + // Generate final hash (for debug output) + $finalHash = $salt . sha1($salt . $plainText); + + // Debug output + //* DEBUG: */ outputHtml('finalHash=' . $finalHash); + // Return hash - return $salt.sha1($salt . $plainText); + return $finalHash; } // Scramble a string @@ -2223,9 +2232,11 @@ function encodeHashForCookie ($passHash) { $ret = $passHash; // Is a secret key and master salt already initialized? + //* DEBUG: */ outputHtml(__FUNCTION__.':'.intval(isExtensionInstalled('sql_patches')).'/'.intval(isConfigEntrySet('_PRIME')).'/'.intval(isConfigEntrySet('secret_key')).'/'.intval(isConfigEntrySet('master_salt')).'
'); if ((isExtensionInstalled('sql_patches')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) { // Only calculate when the secret key is generated - if (strlen($passHash) != getConfig('secret_key')) { + //* DEBUG: */ outputHtml(__FUNCTION__.':'.strlen($passHash).'/'.strlen(getConfig('secret_key')).'
'); + if ((strlen($passHash) != 49) || (strlen(getConfig('secret_key')) != 40)) { // Both keys must have same length so return unencrypted return $ret; } // END - if @@ -2233,7 +2244,7 @@ function encodeHashForCookie ($passHash) { $newHash = ''; $start = 9; //* DEBUG: */ outputHtml('passHash=' . $passHash . '(' . strlen($passHash) . ')
'); for ($idx = 0; $idx < 20; $idx++) { - $part1 = hexdec(substr($passHash, ($idx * 2), 2)); + $part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getConfig('secret_key'))), 2)); $part2 = hexdec(substr(getConfig('secret_key'), $start, 2)); //* DEBUG: */ outputHtml('part1='.$part1.'/part2='.$part2.'
'); $mod = dechex($idx); @@ -2250,9 +2261,9 @@ function encodeHashForCookie ($passHash) { $newHash .= $mod; } // END - for - //* DEBUG: */ print($passHash . '
' . $newHash . ' (' . strlen($newHash) . ')
'); + //* DEBUG: */ outputHtml($passHash . '
' . $newHash . ' (' . strlen($newHash) . ')
'); $ret = generateHash($newHash, getConfig('master_salt')); - //* DEBUG: */ print('ret=' . $ret . '
'); + //* DEBUG: */ outputHtml('ret=' . $ret . '
'); } // END - if // Return result @@ -2904,7 +2915,7 @@ function handleLoginFailures ($accessLevel) { } // Rebuild cache -function rebuildCacheFile ($cache, $inc = '', $force = false) { +function rebuildCache ($cache, $inc = '', $force = false) { // Debug message /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("cache=%s, inc=%s, force=%s", $cache, $inc, intval($force))); diff --git a/inc/gen_refback.php b/inc/gen_refback.php index fc21e4e775..22b7806345 100644 --- a/inc/gen_refback.php +++ b/inc/gen_refback.php @@ -57,7 +57,7 @@ if (SQL_NUMROWS($result) > 0) { SQL_ALTER_TABLE("ALTER TABLE `{?_MYSQL_PREFIX?}_refsystem` ADD UNIQUE `userid_level` ( `userid`,`level` )", __FILE__, __LINE__); // Rebuild cache - rebuildCacheFile('refsystem', 'refsystem'); + rebuildCache('refsystem', 'refsystem'); } // END - if // Free result diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 12727422c0..795287883c 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -658,6 +658,9 @@ function FILTER_RESET_ADMINS_LOGIN_FAILURES ($data) { // Change it in the admin adminsChangeAdminAccount($postData); + // Always make sure the cache is destroyed + rebuildCache('admin'); + // Return the data for further processing return $data; } @@ -672,6 +675,32 @@ function FILTER_COUNT_ADMINS_LOGIN_FAILURE ($data) { // Change it in the admin adminsChangeAdminAccount($postData); + // Always make sure the cache is destroyed + rebuildCache('admin'); + + // Return the data for further processing + return $data; +} + +// Rehashes the given plain admin password and stores it the database +function FILTER_REHASH_ADMINS_PASSWORD ($data) { + // Generate new hash + $newHash = generateHash($data['plain_pass']); + + // Prepare update data + $postData['login'][getCurrentAdminId()] = $data['login']; + $postData['password'][getCurrentAdminId()] = $newHash; + + // Change it in the admin + adminsChangeAdminAccount($postData); + + // Update cookie/session and data array + setSession('admin_md5', encodeHashForCookie($newHash)); + $data['pass_hash'] = $newHash; + + // Always make sure the cache is destroyed + rebuildCache('admin'); + // Return the data for further processing return $data; } diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index e8e468b2be..6a726a464d 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -99,8 +99,9 @@ function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { // Prepare data array $data = array( - 'login' => $adminLogin, - 'pass_hash' => $adminHash + 'login' => $adminLogin, + 'plain_pass' => $adminPassword, + 'pass_hash' => $adminHash ); // Run a special filter @@ -122,19 +123,20 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) { if ($adminHash != '-1') { // Now, we need to encode the password in the same way the one is encoded in database $testHash = encodeHashForCookie($adminHash); + //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',
passHash='.$passHash.',
adminHash='.$adminHash.',
testHash='.$testHash.'
'); // If they both match, the login data is valid if ($testHash == $passHash) { // All fine $ret = 'done'; } else { - // Set status $ret = 'pass'; } } // END - if // Return status + //* DEBUG: */ outputHtml('ret='.$ret); return $ret; } @@ -143,7 +145,7 @@ function doAdminAction () { // Get default what $what = getWhat(); - //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*
"); + //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*
'); // Remove any spaces from variable if (empty($what)) { @@ -559,7 +561,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement $affected = SQL_AFFECTEDROWS(); // Rebuild cache - rebuildCacheFile('config', 'config'); + rebuildCache('config', 'config'); // Settings saved, so display message? if ($displayMessage === true) loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED')); diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php index 92845f6c65..ad1e6f2b67 100644 --- a/inc/modules/admin/what-config_points.php +++ b/inc/modules/admin/what-config_points.php @@ -148,7 +148,7 @@ WHERE `mails_confirmed` < %s", $REF, $REF)); $message = getMessage('SETTINGS_SAVED'); // Destroy config cache file here... - rebuildCacheFile('config', 'config'); + rebuildCache('config', 'config'); } else { // Prepare failed-message $message = '{--SETTINGS_NOT_SAVED--}'; diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php index 8b2c80037b..cbba8f5368 100644 --- a/inc/modules/admin/what-theme_edit.php +++ b/inc/modules/admin/what-theme_edit.php @@ -75,7 +75,7 @@ if (countPostSelection() > 0) { $result = SQL_QUERY($sql, __FILE__, __LINE__); // Rebuild cache - rebuildCacheFile('themes', 'them'); + rebuildCache('themes', 'them'); } // END - if } // END - foreach diff --git a/inc/modules/admin/what-theme_import.php b/inc/modules/admin/what-theme_import.php index 302558b4da..67114b6865 100644 --- a/inc/modules/admin/what-theme_import.php +++ b/inc/modules/admin/what-theme_import.php @@ -74,7 +74,7 @@ VALUES ('%s','N','%s','%s')", ), __FILE__, __LINE__); // Destroy cache - rebuildCacheFile('themes', 'them'); + rebuildCache('themes', 'them'); // Prepare message $message = getMaskedMessage('ADMIN_THEME_IMPORTED', postRequestParameter('theme')); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index d56ddf7cd7..f3ef16d593 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -261,7 +261,7 @@ function checkModulePermissions ($module = '') { // Destroy cache here // @TODO Rewrite this to a filter - if ((getOutputMode() == '0') || (getOutputMode() == -1)) rebuildCacheFile('modules', 'modules'); + if ((getOutputMode() == '0') || (getOutputMode() == -1)) rebuildCache('modules', 'modules'); // And reload data unset($GLOBALS['module_status'][$module]); @@ -272,7 +272,7 @@ function checkModulePermissions ($module = '') { } } elseif (($ret == 'cache_miss') && (getOutputMode() == '0')) { // Rebuild the cache files - rebuildCacheFile('modules', 'modules'); + rebuildCache('modules', 'modules'); } elseif ($found === false) { // Problem with module detected logDebugMessage(__FUNCTION__, __LINE__, sprintf("Problem in module %s detected. ret=%s, locked=%s, hidden=%s, mem=%s, admin=%s, output_mode=%s", @@ -1312,7 +1312,7 @@ function updateReferalCounter ($userid) { } elseif ((($ref == $userid) || ($ref == '0')) && (isExtensionInstalledAndNewer('cache', '0.1.2'))) { // Remove cache here //* DEBUG: */ print(__FUNCTION__ . '(' . __LINE__."):ref={$ref} - CACHE!
"); - rebuildCacheFile('refsystem', 'refsystem'); + rebuildCache('refsystem', 'refsystem'); } // "Walk" back here @@ -1619,7 +1619,7 @@ function FILTER_ACTIVATE_EXCHANGE () { updateConfiguration('activate_xchange' ,0); // Rebuild cache - rebuildCacheFile('modules', 'modules'); + rebuildCache('modules', 'modules'); } // END - if } diff --git a/inc/session-functions.php b/inc/session-functions.php index d1ee9408d9..0b3a356b48 100644 --- a/inc/session-functions.php +++ b/inc/session-functions.php @@ -52,17 +52,17 @@ function setSession ($var, $value) { // Is the session variable set? if (('' . $value . '' == '') && (isSessionVariableSet($var))) { // Remove the session - /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'UNSET:' . $var . '=' . getSession($var)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'UNSET:' . $var . '=' . getSession($var)); unset($GLOBALS['_SESSION'][$var]); return session_unregister($var); } elseif (('' . $value . '' != '') && (!isSessionVariableSet($var))) { // Set session - /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'SET:' . $var . '=' . $value); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'SET:' . $var . '=' . $value); $GLOBALS['_SESSION'][$var] = $value; return session_register($var); } elseif (!empty($value)) { // Update session - /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'UPDATE:' . $var . '=' . $value); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'UPDATE:' . $var . '=' . $value); $GLOBALS['_SESSION'][$var] = $value; return true; } @@ -90,6 +90,7 @@ function getSession ($var) { } // END - if // Return the value + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $var . '=' . $value); return $value; } -- 2.39.5