- obsolete templates/scripts removed

[mailer.git] / 0.2.1 / inc / gen_sql_patches.php

<?php\r
/************************************************************************\r
 * MXChange v0.2.1                                    Start: 10/08/2005 *\r
 * ===============                              Last change: 01/01/2006 *\r
 *                                                                      *\r
 * -------------------------------------------------------------------- *\r
 * File              : gen_sql_patches.php                              *\r
 * -------------------------------------------------------------------- *\r
 * Short description : Patch password system after upgrading            *\r
 * -------------------------------------------------------------------- *\r
 * Kurzbeschreibung  : Patcht das Passwort-System nach DB-Update        *\r
 * -------------------------------------------------------------------- *\r
 *                                                                      *\r
 * -------------------------------------------------------------------- *\r
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *\r
 * For more information visit: http://www.mxchange.org                  *\r
 *                                                                      *\r
 * This program is free software; you can redistribute it and/or modify *\r
 * it under the terms of the GNU General Public License as published by *\r
 * the Free Software Foundation; either version 2 of the License, or    *\r
 * (at your option) any later version.                                  *\r
 *                                                                      *\r
 * This program is distributed in the hope that it will be useful,      *\r
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *\r
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *\r
 * GNU General Public License for more details.                         *\r
 *                                                                      *\r
 * You should have received a copy of the GNU General Public License    *\r
 * along with this program; if not, write to the Free Software          *\r
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *\r
 * MA  02110-1301  USA                                                  *\r
 ************************************************************************/\r
\r
// Some security stuff...\r
if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
{\r
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
        require($INC);\r
}\r
\r
// Check for version of sql_patches\r
if (GET_EXT_VERSION("sql_patches") < "0.3.6") return false;\r
\r
// Check if there is no scrambling string\r
if (empty($CONFIG['pass_scramble']))\r
{\r
        // Generate 40 chars long scramble string\r
        $scrambleString = genScrambleString(40);\r
\r
        // ... and store it there for future usage\r
        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET pass_scramble='%s' WHERE config='0' LIMIT 1",\r
         array($scrambleString), __FILE__, __LINE__);\r
\r
        // Also remember it in config\r
        $CONFIG['pass_scramble'] = $scrambleString;\r
        unset($scrambleString);\r
}\r
\r
// Check if there is no master salt string\r
if (empty($CONFIG['master_salt']))\r
{\r
        // Generate the master salt which is the first chars minus 40 chars of this random hash\r
        // We do an extra scrambling here...\r
        $masterSalt = scrambleString(substr(generateHash(GEN_PASS(rand(128, 256))), 0, -40));\r
\r
        // ... and store it there for future usage\r
        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET master_salt='%s' WHERE config='0' LIMIT 1",\r
         array($masterSalt), __FILE__, __LINE__);\r
\r
        // Also remember it in config\r
        $CONFIG['master_salt'] = $masterSalt;\r
        unset($masterSalt);\r
}\r
\r
if (empty($CONFIG['file_hash']))\r
{\r
        // Create filename from hashed random string\r
        $file_hash = generateHash(GEN_PASS(rand(128, 256)));\r
        $file = PATH."inc/.secret/.".$file_hash;\r
\r
        // File hash was never created\r
        $fp = @fopen($file, 'w') or mxchange_die("Cannot write secret key file!");\r
        if ($fp != false)\r
        {\r
                // Could write to secret file! So let's generate the secret key...\r
                // 1. Count of chars to be taken from back of the string\r
                $nums = rand(40, 45);\r
                // 2. Generate secret key from a randomized string\r
                $secretKey = substr(generateHash(GEN_PASS(rand(128, 256))), -$nums);\r
                // 3. Write the key to the file\r
                fwrite($fp, $secretKey);\r
                // 4. Close file\r
                fclose($fp);\r
\r
                // Change access rights for more security\r
                @chmod($file, 0644);\r
\r
                //* DEBUG: */ unlink($file);\r
                //* DEBUG: */ $test = hexdec($_COOKIE['u_hash']) / hexdec($secretKey);\r
                //* DEBUG: */ $test = generateHash(str_replace('.', '', $test));\r
                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_COOKIE['u_hash']."<br>Test: ".$test);\r
\r
                // Write $file_hash to database\r
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config='0' LIMIT 1",\r
                 array($file_hash), __FILE__, __LINE__);\r
\r
                // Also create .htaccess file\r
                $fp = @fopen(PATH."inc/.secret/.htaccess", 'w') or mxchange_die("Cannot write to .htaccess file!");\r
                if ($fp != false)\r
                {\r
                        // Add deny line to file\r
                        fwrite($fp, "Deny from all");\r
\r
                        // Close the file\r
                        fclose($fp);\r
                }\r
\r
                // Also update configuration\r
                $CONFIG['secret_key'] = $secretKey; unset($secretKey);\r
                $CONFIG['file_hash']  = $file_hash; unset($file_hash);\r
        }\r
}\r
\r
//\r
?>