From feebd0199748544fe8c930b70e97452001a13f76 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 31 Mar 2008 18:47:47 +0000 Subject: [PATCH] Misc fixes --- inc/functions.php | 9 +- inc/gen_sql_patches.php | 150 ++++++++++++++------------- inc/modules/admin.php | 7 +- inc/modules/admin/admin-inc.php | 11 +- inc/modules/admin/what-del_email.php | 39 +++---- inc/mysql-manager.php | 2 +- 6 files changed, 98 insertions(+), 120 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index df26e508c0..3cdabf7e3e 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1800,8 +1800,8 @@ function generateHash($plainText, $salt = "") { // Is the required extension "sql_patches" there? if ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { - // Extension sql_patches is missing/outdated so we return only the regular SHA1 hash - return sha1($plainText); + // Extension sql_patches is missing/outdated so we return the plain text + return $plainText; } // When the salt is empty build a new one, else use the first x configured characters as the salt @@ -2051,7 +2051,6 @@ function DISPLAY_PARSING_TIME_FOOTER() { // Unset/set session variables function set_session ($var, $value) { global $CSS; - // Abort in CSS mode here if ($CSS == 1) return true; @@ -2080,9 +2079,7 @@ function set_session ($var, $value) { // Taken from user comments in PHP documentation for function constant() function isBooleanConstantAndTrue($constname) { // : Boolean $res = false; - if (defined($constname)) { - $res = (constant($constname) === true); - } + if (defined($constname)) $res = (constant($constname) === true); return($res); } diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index 8fd4b43047..2e59c8da53 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -32,91 +32,93 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; - require($INC); +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) +{ + $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; + require($INC); } // Check for version of sql_patches if (GET_EXT_VERSION("sql_patches") < "0.3.6") return false; // Check if there is no scrambling string -if (empty($_CONFIG['pass_scramble'])) { - // Generate 40 chars long scramble string - $scrambleString = genScrambleString(40); - - // ... and store it there for future usage - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET pass_scramble='%s' WHERE config=0 LIMIT 1", - array($scrambleString), __FILE__, __LINE__); - - // Also remember it in config - $_CONFIG['pass_scramble'] = $scrambleString; - unset($scrambleString); +if (empty($_CONFIG['pass_scramble'])) +{ + // Generate 40 chars long scramble string + $scrambleString = genScrambleString(40); + + // ... and store it there for future usage + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET pass_scramble='%s' WHERE config=0 LIMIT 1", + array($scrambleString), __FILE__, __LINE__); + + // Also remember it in config + $_CONFIG['pass_scramble'] = $scrambleString; + unset($scrambleString); } // Check if there is no master salt string -if (empty($_CONFIG['master_salt'])) { - // Generate the master salt which is the first chars minus 40 chars of this random hash - // We do an extra scrambling here... - $masterSalt = scrambleString(substr(generateHash(GEN_PASS(rand(128, 256))), 0, -40)); - - // ... and store it there for future usage - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET master_salt='%s' WHERE config=0 LIMIT 1", - array($masterSalt), __FILE__, __LINE__); - - // Also remember it in config - $_CONFIG['master_salt'] = $masterSalt; - unset($masterSalt); +if (empty($_CONFIG['master_salt'])) +{ + // Generate the master salt which is the first chars minus 40 chars of this random hash + // We do an extra scrambling here... + $masterSalt = scrambleString(substr(generateHash(GEN_PASS(rand(128, 256))), 0, -40)); + + // ... and store it there for future usage + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET master_salt='%s' WHERE config=0 LIMIT 1", + array($masterSalt), __FILE__, __LINE__); + + // Also remember it in config + $_CONFIG['master_salt'] = $masterSalt; + unset($masterSalt); } -if (empty($_CONFIG['file_hash'])) { - // Create filename from hashed random string - $file_hash = generateHash(GEN_PASS(rand(128, 256))); - $file = PATH."inc/.secret/.".$file_hash; - - // File hash was never created - $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!"); - if ($fp != false) { - // Could write to secret file! So let's generate the secret key... - // 1. Count of chars to be taken from back of the string - $nums = rand(40, 45); - // 2. Generate secret key from a randomized string - $secretKey = substr(generateHash(GEN_PASS(rand(128, 256))), -$nums); - // 3. Write the key to the file - fwrite($fp, $secretKey); - // 4. Close file - fclose($fp); - - // Change access rights for more security - @chmod($file, 0644); - - //* DEBUG: */ unlink($file); - //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey); - //* DEBUG: */ $test = generateHash(str_replace('.', "", $test)); - //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); - - // Write $file_hash to database - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config=0 LIMIT 1", - array($file_hash), __FILE__, __LINE__); - - // Also create .htaccess file - $fp = @fopen(PATH."inc/.secret/.htaccess", 'w') or mxchange_die("Cannot write to .htaccess file!"); - if ($fp != false) { - // Add deny line to file - fwrite($fp, "Deny from all"); - - // Close the file - fclose($fp); - } - - // Also update configuration - $_CONFIG['secret_key'] = $secretKey; unset($secretKey); - $_CONFIG['file_hash'] = $file_hash; unset($file_hash); - - // Don't miss the admin hash here... - $passHash = generatePassString(get_session('admin_md5')); - set_session('admin_md5', $passHash); - } +if (empty($_CONFIG['file_hash'])) +{ + // Create filename from hashed random string + $file_hash = generateHash(GEN_PASS(rand(128, 256))); + $file = PATH."inc/.secret/.".$file_hash; + + // File hash was never created + $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!"); + if ($fp != false) + { + // Could write to secret file! So let's generate the secret key... + // 1. Count of chars to be taken from back of the string + $nums = rand(40, 45); + // 2. Generate secret key from a randomized string + $secretKey = substr(generateHash(GEN_PASS(rand(128, 256))), -$nums); + // 3. Write the key to the file + fwrite($fp, $secretKey); + // 4. Close file + fclose($fp); + + // Change access rights for more security + @chmod($file, 0644); + + //* DEBUG: */ unlink($file); + //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey); + //* DEBUG: */ $test = generateHash(str_replace('.', "", $test)); + //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".get_session('u_hash')."
Test: ".$test); + + // Write $file_hash to database + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config=0 LIMIT 1", + array($file_hash), __FILE__, __LINE__); + + // Also create .htaccess file + $fp = @fopen(PATH."inc/.secret/.htaccess", 'w') or mxchange_die("Cannot write to .htaccess file!"); + if ($fp != false) + { + // Add deny line to file + fwrite($fp, "Deny from all"); + + // Close the file + fclose($fp); + } + + // Also update configuration + $_CONFIG['secret_key'] = $secretKey; unset($secretKey); + $_CONFIG['file_hash'] = $file_hash; unset($file_hash); + } } // diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 3598511473..c364ae283a 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -67,7 +67,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { switch ($ret) { case "done": - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0); + admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); if (!_FATAL) { // Registering is done LOAD_URL(URL."/modules.php?module=admin&action=login®ister=done"); @@ -91,7 +91,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } if (!isBooleanConstantAndTrue('admin_registered')) { // Write to config that registration is done - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0); + admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); // Load URL for login $URL = URL."/modules.php?module=admin&action=login"; @@ -161,7 +161,6 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Try to register the session variables if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) { // Construct URL and redirect - die("OK"); $URL = URL."/modules.php?module=admin&"; // Rewrite overview module @@ -277,7 +276,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } } else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES('admin_login', 'admin_md5'); + $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5'))); switch ($ret) { case "done": // Cookie-Data accepted diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index ae5db92b5b..6aba44b398 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -129,11 +129,6 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; - - // Get login and password hash - $admin_login = SQL_ESCAPE(get_session($admin_login)); - $password = SQL_ESCAPE(get_session($password)); - $ret = "404"; $pass = ""; if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache @@ -204,17 +199,17 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); - define ('_FATAL', false); + define('_FATAL', false); } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); - define ('_FATAL', true); + define('_FATAL', true); } else { OUTPUT_HTML("TMP: UNDONE!"); - define ('_FATAL', true); + define('_FATAL', true); } } } diff --git a/inc/modules/admin/what-del_email.php b/inc/modules/admin/what-del_email.php index 60079d8830..751ad7407e 100644 --- a/inc/modules/admin/what-del_email.php +++ b/inc/modules/admin/what-del_email.php @@ -35,17 +35,15 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // Add description as navigation point ADD_DESCR("admin", basename(__FILE__)); -OPEN_TABLE("100%", "admin_content admin_content_align", ""); -if (!empty($_GET['mid'])) -{ + +if (!empty($_GET['mid'])) { // Load email data $result = SQL_QUERY_ESC("SELECT id, sender, subject, url, timestamp FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); @@ -53,8 +51,7 @@ if (!empty($_GET['mid'])) SQL_FREERESULT($result); // Delete mail only once - if ($sender > 0) - { + if ($sender > 0) { // Prepare data for the template define('__ID' , $id); define('__SENDER' , ADMIN_USER_PROFILE_LINK($sender)); @@ -81,8 +78,7 @@ if (!empty($_GET['mid'])) LEFT JOIN "._MYSQL_PREFIX."_pool AS p ON s.pool_id=%d LIMIT 1", array(bigintval($_GET['mid'])), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Fetch stats id list($stats_id) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -94,22 +90,16 @@ ON s.pool_id=%d LIMIT 1", // Output link for manually removing stats entry LOAD_TEMPLATE("admin_settings_saved", false, "".ADMIN_REMOVE_STATS_ENTRY.""); } - } - else - { + } else { // Mail already deleted! LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NORMAL_MAIL_ALREADY_DELETED); } -} - elseif (!empty($_GET['pid'])) -{ +} elseif (!empty($_GET['pid'])) { // Remove stats entries $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_stats WHERE pool_id=%d LIMIT 1", array(bigintval($_GET['pid'])), __FILE__, __LINE__); LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_USER_STATS_REMOVED); -} - elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) -{ +} elseif ((!empty($_GET['bid'])) && (EXT_IS_ACTIVE("bonus"))) { // Load data from bonus mail $result = SQL_QUERY_ESC("SELECT id, subject, url, timestamp FROM "._MYSQL_PREFIX."_bonus WHERE id=%d", array(bigintval($_GET['bid'])), __FILE__, __LINE__); @@ -117,8 +107,7 @@ ON s.pool_id=%d LIMIT 1", SQL_FREERESULT($result); // Delete mail only once - if ($id > 0) - { + if ($id > 0) { // Delete bonus mail entirely from database $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_bonus WHERE id=%d LIMIT 1", array(bigintval($_GET['bid'])), __FILE__, __LINE__); @@ -133,18 +122,14 @@ ON s.pool_id=%d LIMIT 1", // Load template LOAD_TEMPLATE("admin_del_email_bonus"); - } - else - { + } else { // Mail already deleted! LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_BONUS_MAIL_ALREADY_DELETED); } -} - else -{ +} else { // No mail orders fond LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_WRONG_CALL); } -CLOSE_TABLE(); + // ?> diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 1ea993612d..46154a4108 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -381,7 +381,7 @@ function ADD_MENU($MODE, $act, $wht) { } } // This patched function will reduce many SELECT queries for the specified or current admin login -function IS_ADMIN ($admin="") +function IS_ADMIN($admin="") { global $cacheArray, $_CONFIG; $ret = false; $passCookie = ""; $valPass = ""; -- 2.39.5