]> git.mxchange.org Git - mailer.git/blobdiff - inc/libs/surfbar_functions.php
projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security line in all includes changed
[mailer.git] / inc / libs / surfbar_functions.php
diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php
index 8b491c650acadd8365588e92f1ac3e3f6ffeb09e..7df9fd5b8173bd60c9aac3a65b28af1aabd8f8b5 100644 (file)
--- a/inc/libs/surfbar_functions.php
+++ b/inc/libs/surfbar_functions.php
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -450,9 +450,18 @@ LIMIT %s",
 function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
        global $_CONFIG, $SURFBAR_CACHE;
 
 function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
        global $_CONFIG, $SURFBAR_CACHE;
 
+       // @TODO Invalid salt should be refused
+       $SURFBAR_CACHE['salt'] = "INVALID";
+
+       // Get code length from config
+       $length = $_CONFIG['code_length'];
+
+       // Fix length to 10
+       if ($length == 0) $length = 10;
+
        // Generate a code until the length matches
        $valCode = "";
        // Generate a code until the length matches
        $valCode = "";
-       while (strlen($valCode) != $_CONFIG['code_length']) {
+       while (strlen($valCode) != $length) {
                // Is the salt set?
                if (empty($salt)) {
                        // Generate random hashed string
                // Is the salt set?
                if (empty($salt)) {
                        // Generate random hashed string
@@ -465,7 +474,7 @@ function SURFBAR_GENERATE_VALIDATION_CODE ($id, $salt="") {
                }
 
                // ... and now the validation code
                }
 
                // ... and now the validation code
-               $valCode = GEN_RANDOM_CODE($_CONFIG['code_length'], sha1(SURFBAR_GET_SALT().":".$id), $GLOBALS['userid']);
+               $valCode = GEN_RANDOM_CODE($length, sha1(SURFBAR_GET_SALT().":".$id), $GLOBALS['userid']);
                //DEBUG_LOG(__FUNCTION__.":valCode={$valCode}");
        } // END - while
 
                //DEBUG_LOG(__FUNCTION__.":valCode={$valCode}");
        } // END - while
 
Mailer-Project repository