More fixes for admin password hashing

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index f9f1e74d0241bb86b4d544b89edab0247797ca9d..6bb648c436e335a9946240dab05a133c763f70fb 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -84,10 +84,13 @@ function SQL_QUERY($sql_string, $F, $L) {
 
 // SQL num rows
 function SQL_NUMROWS($result) {
 
 // SQL num rows
 function SQL_NUMROWS($result) {

-       if ($result != false) {
+       // Is the result a valid resource?
+       if (is_resource($result)) {
+               // Get the count of rows from database

                $lines = @mysql_num_rows($result);
                $lines = @mysql_num_rows($result);

-               if (empty($lines)) $lines = "0";

 
 

+               // Is the result empty? Then we have an error!
+               if (empty($lines)) $lines = "0";

        } else {
                // No resource given, no lines found!
                $lines = "0";
        } else {
                // No resource given, no lines found!
                $lines = "0";

diff --git a/inc/functions.php b/inc/functions.php
index e24be85a2de601d7eb0a4784f70a6b90418b9051..bfa97b999a9e7d533114e74becb3e1bbf73ceb4d 100644 (file)
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1805,7 +1805,7 @@ function CREATE_EMAIL_LINK($email, $table="admins") {
        return $EMAIL;
 }
 // Generate a hash for extra-security for all passwords
        return $EMAIL;
 }
 // Generate a hash for extra-security for all passwords

-function generateHash($plainText, $salt = "") {
+function generateHash ($plainText, $salt = "") {

        global $_CONFIG, $_SERVER;
 
        // Is the required extension "sql_patches" there?
        global $_CONFIG, $_SERVER;
 
        // Is the required extension "sql_patches" there?


@@ -1997,6 +1997,11 @@ function generatePassString($passHash) {
 
                //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
                $ret = generateHash($newHash, $_CONFIG['master_salt']);
 
                //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
                $ret = generateHash($newHash, $_CONFIG['master_salt']);

+       } else {
+               // Hash it simple
+               //* DEBUG: */ echo "--".$passHash."--<br />\n";
+               $ret = md5($passHash);
+               //* DEBUG: */ echo "++".$ret."++<br />\n";

        }
 
        // Return result
        }
 
        // Return result

diff --git a/inc/language/de.php b/inc/language/de.php
index ff35894d31afe4791fd2a5dae3b223ceadeb6ef7..29d0037634628317f822b3f6bd9baf7d612430f3 100644 (file)
--- a/inc/language/de.php
+++ b/inc/language/de.php
@@ -1104,6 +1104,7 @@ define('ADMIN_CONFIG_MAILID_REDIRECT_INDEX', "Auf Hauptseite weiterleiten.");
 define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten.");
 define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)");
 define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System");
 define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten.");
 define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)");
 define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System");

+define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung <strong>sql_patches</strong> installiert haben und dabei das Passort-Hashing ge&auml;ndert/verbessert wurde. Bitte erneut einloggen!");

 
 //
 ?>
 
 //
 ?>

diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index c0e1fdf48a4c581180ac6f9475013f3f86d9121d..a8d2d13419107faf8143efa4a328ca211b1295e7 100644 (file)
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -49,15 +49,12 @@ require_once(PATH."inc/modules/admin/admin-inc.php");
 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
 FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to'));
 
 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
 FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to'));
 

-// Is the logout empty?
-if (empty($_GET['logout'])) $_GET['logout'] = "";
-

 if (!isBooleanConstantAndTrue('admin_registered')) {
        // Admin is not registered so we have to inform the user
        if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
        if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
                // Hash the password with the old function because we are here in install mode
 if (!isBooleanConstantAndTrue('admin_registered')) {
        // Admin is not registered so we have to inform the user
        if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
        if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
                // Hash the password with the old function because we are here in install mode

-               $hashedPass = md5($hashedPass);
+               $hashedPass = md5($_POST['pass']);

 
                // Do registration
                $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
 
                // Do registration
                $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);


@@ -86,6 +83,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Any other kind
                                $ret = "done";
                        }
                                // Any other kind
                                $ret = "done";
                        }

+

                        if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Write to config that registration is done
                                admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
                        if (!isBooleanConstantAndTrue('admin_registered')) {
                                // Write to config that registration is done
                                admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);


@@ -97,6 +95,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                        break;
                }
        }
                        break;
                }
        }

+
+       // Whas that action okay?

        if ($ret != "done") {
                // Fixes another "Notice"
                if (!empty($_POST['login'])) {
        if ($ret != "done") {
                // Fixes another "Notice"
                if (!empty($_POST['login'])) {


@@ -250,7 +250,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load login form template
                LOAD_TEMPLATE("admin_login_form", false, $content);
        }
                // Load login form template
                LOAD_TEMPLATE("admin_login_form", false, $content);
        }

-} elseif ($_GET['logout'] == "1") {
+} elseif (isset($_GET['logout'])) {

        // Only try to remove cookies
        if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) {
                // Also remove array elements
        // Only try to remove cookies
        if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) {
                // Also remove array elements


@@ -263,7 +263,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                @session_destroy();
 
                // Load logout template
                @session_destroy();
 
                // Load logout template

-               LOAD_TEMPLATE("admin_logout");
+               if (isset($_GET['sql_patches'])) {
+                       // Special logout redirect for sql_patchrs
+                       LOAD_TEMPLATE("admin_logout_sql_patches");
+               } else {
+                       // Logged out normally
+                       LOAD_TEMPLATE("admin_logout");
+               }

        } else {
                // Something went wrong here...
                OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGOUT_FAILED."</STRONG>");
        } else {
                // Something went wrong here...
                OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGOUT_FAILED."</STRONG>");


@@ -274,7 +280,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
 } else {
        // Maybe an Admin want's to login?
        $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));
 } else {
        // Maybe an Admin want's to login?
        $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));

-       switch ($ret) {
+       switch ($ret)
+       {

        case "done":
                // Cookie-Data accepted
                if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
        case "done":
                // Cookie-Data accepted
                if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index f9f775a00363cd6860966e8573424bc9a216efdf..8f4623b052226b630c1cd7a9a91967ddc4f8f329 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 //
 }
 
 //

-function REGISTER_ADMIN ($user, $md5)
+function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)

 {
        $ret = "failed";
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
         array($user), __FILE__, __LINE__);
 {
        $ret = "failed";
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
         array($user), __FILE__, __LINE__);

-       if (SQL_NUMROWS($result) == 0)
-       {
+       if (SQL_NUMROWS($result) == 0) {

                // Ok, let's create the admin login
                // Ok, let's create the admin login

-               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",
-                array($user, $md5), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')",
+                array($user, $md5, $email), __FILE__, __LINE__);

                $ret = "done";
                $ret = "done";

-       }
-        else
-       {
+       } else {

                // Free memory
                SQL_FREERESULT($result);
 
                // Free memory
                SQL_FREERESULT($result);
 


@@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 {
        global $cacheArray, $_CONFIG, $cacheInstance;
        $ret = "404"; $pass = "";
 {
        global $cacheArray, $_CONFIG, $cacheInstance;
        $ret = "404"; $pass = "";

-       if (!empty($cacheArray['admins']['aid'][$admin_login]))
-       {
+       if (!empty($cacheArray['admins']['aid'][$admin_login])) {

                // Get password from cache
                $pass = $cacheArray['admins']['password'][$admin_login];
                $ret = "pass";
                $_CONFIG['cache_hits']++;
                // Get password from cache
                $pass = $cacheArray['admins']['password'][$admin_login];
                $ret = "pass";
                $_CONFIG['cache_hits']++;

-       }
-        else
-       {
+       } else {

                // Get password from DB
                $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
                 array($admin_login), __FILE__, __LINE__);
                // Get password from DB
                $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
                 array($admin_login), __FILE__, __LINE__);

-               if (SQL_NUMROWS($result) == 1)
-               {
+               if (SQL_NUMROWS($result) == 1) {

                        $ret = "pass";
                        list($pass) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
        }
 
                        $ret = "pass";
                        list($pass) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
                }
        }
 

-       //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<br />";
-       if ((strlen($pass) == 32) && ($pass == md5($password)))
-       {
+       //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
+       if ((strlen($pass) == 32) && ($pass == md5($password))) {

                // Generate new hash
                $pass = generateHash($password);
                // Generate new hash
                $pass = generateHash($password);

-               if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";
-       }
-        elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))
-       {
+
+               // Is the sql_patches not installed, than we cannot have a valid hashed password here!
+               if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
+       } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {

                // Old hashing way
                return $ret;
        }
                // Old hashing way
                return $ret;
        }


@@ -104,28 +96,25 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
        $salt = __SALT;
 
        // Check if password is same
        $salt = __SALT;
 
        // Check if password is same

-       if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))
-       {
+       if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))   {

                // Update password
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
                 array($pass, $admin_login), __FILE__, __LINE__);
 
                // Shall I remove the cache file?
                // Update password
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
                 array($pass, $admin_login), __FILE__, __LINE__);
 
                // Shall I remove the cache file?

-               if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false))
-               {
+               if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {

                        if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
                }
 
                // Password matches!
                $ret = "done";
                        if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
                }
 
                // Password matches!
                $ret = "done";

-       }
-        elseif ((empty($salt)) && ($ret == "pass"))
-       {
+       } elseif ((empty($salt)) && ($ret == "pass")) {

                // Something bad went wrong
                $ret = "failed";
        }
        return $ret;
 }
                // Something bad went wrong
                $ret = "failed";
        }
        return $ret;
 }

+

 // Only be executed on cookie checking
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        global $cacheArray, $_CONFIG;
 // Only be executed on cookie checking
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        global $cacheArray, $_CONFIG;


@@ -140,16 +129,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) {
                $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
                 array($admin_login), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
                 array($admin_login), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {

+                       // Entry found

                        $ret = "pass";
                        $ret = "pass";

+
+                       // Fetch password

                        list($pass) = SQL_FETCHROW($result);
                        list($pass) = SQL_FETCHROW($result);

-                       SQL_FREERESULT($result);

                }
                }

+
+               // Free result
+               SQL_FREERESULT($result);

        }
 
        }
 

-       //* DEBUG: */ echo "*".$pass."/".$password."<br />";
+       //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."<br />";

 
        // Check if password matches
 
        // Check if password matches

-       if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) {
+       if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {

                // Passwords matches!
                $ret = "done";
        }
                // Passwords matches!
                $ret = "done";
        }


@@ -158,66 +152,75 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        return $ret;
 }
 //
        return $ret;
 }
 //

-function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0)
-{
-       $done = false;  $seek++; $found = false;
-       if (file_exists($file))
-       {
+function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
+       // Initialize some variables
+       $done = false;
+       $seek++;
+       $found = false;
+
+       // Is the file there and read-/write-able?
+       if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) {

                $search = "CFG: ".$comment;
                $tmp = $file.".tmp";
                $search = "CFG: ".$comment;
                $tmp = $file.".tmp";

-               $fp = fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
-               if ($fp)
-               {
-                       $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
-                       if ($fp_tmp)
-                       {
-                               while (! feof($fp))
-                               {
+
+               // Open the source file
+               $fp = @fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
+
+               // Is the resource valid?
+               if (is_resource($fp)) {
+                       // Open temporary file
+                       $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
+
+                       // Is the resource again valid?
+                       if (is_resource($fp_tmp)) {
+                               while (!feof($fp)) {
+                                       // Read from source file

                                        $line = fgets ($fp, 1024);
                                        $line = fgets ($fp, 1024);

+

                                        if (strpos($line, $search) > -1) { $next = 0; $found = true; }
                                        if (strpos($line, $search) > -1) { $next = 0; $found = true; }

-                                       if ($next > -1)
-                                       {
-                                               if ($next == $seek)
-                                               {
+
+                                       if ($next > -1) {
+                                               if ($next == $seek) {

                                                        $next = -1;
                                                        $line = $prefix . $DATA . $suffix."\n";
                                                        $next = -1;
                                                        $line = $prefix . $DATA . $suffix."\n";

-                                               }
-                                                else
-                                               {
+                                               } else {

                                                        $next++;
                                                }
                                        }
                                                        $next++;
                                                }
                                        }

+
+                                       // Write to temp file

                                        fputs($fp_tmp, $line);
                                }
                                        fputs($fp_tmp, $line);
                                }

+
+                               // Close temp file

                                fclose($fp_tmp);
                                fclose($fp_tmp);

+

                                // Finished writing tmp file
                                $done = true;
                        }
                                // Finished writing tmp file
                                $done = true;
                        }

+
+                       // Close source file

                        fclose($fp);
                        fclose($fp);

-                       if (($done) && ($found))
-                       {
+
+                       if (($done) && ($found)) {

                                // Copy back tmp file and delete tmp :-)
                                @copy($tmp, $file);
                                @unlink($tmp);
                                define('_FATAL', false);
                                // Copy back tmp file and delete tmp :-)
                                @copy($tmp, $file);
                                @unlink($tmp);
                                define('_FATAL', false);

-                       }
-                        elseif (!$found)
-                       {
+                       } elseif (!$found) {

                                OUTPUT_HTML("<STRONG>CHANGE:</STRONG> 404!");
                                define('_FATAL', true);
                                OUTPUT_HTML("<STRONG>CHANGE:</STRONG> 404!");
                                define('_FATAL', true);

-                       }
-                        else
-                       {
+                       } else {

                                OUTPUT_HTML("<STRONG>TMP:</STRONG> UNDONE!");
                                define('_FATAL', true);
                        }
                }
                                OUTPUT_HTML("<STRONG>TMP:</STRONG> UNDONE!");
                                define('_FATAL', true);
                        }
                }

-       }
-        else
-       {
+       } else {
+               // File not found, not readable or writeable

                OUTPUT_HTML("<STRONG>404:</STRONG> ".$file."<br />");
        }
 }
                OUTPUT_HTML("<STRONG>404:</STRONG> ".$file."<br />");
        }
 }

+

 //
 function ADMIN_DO_ACTION($wht)
 {
 //
 function ADMIN_DO_ACTION($wht)
 {

diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php
index fb0f2f2c266d9c00aefdd047c527612a9baaff14..ce97012cddc2e3df426ca24181de230648665788 100644 (file)
--- a/inc/modules/admin/what-extensions.php
+++ b/inc/modules/admin/what-extensions.php
@@ -304,7 +304,13 @@ case "register": // Register new extension
 
                        // ... so we can finally register and load it in registration mode
                        $status = EXTENSION_REGISTER($ext_name, $id);
 
                        // ... so we can finally register and load it in registration mode
                        $status = EXTENSION_REGISTER($ext_name, $id);

-                       if ($status) {
+                       if ($status == true) {
+                               // Is this sql_patches? Then we need to auto-logout!
+                               if ($ext_name == "sql_patches") {
+                                       // Auto-logout here
+                                       LOAD_URL("admin.php?module=admin&logout=1&sql_patches=1");
+                               }
+

                                // Extension was found and successfully registered
                                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED);
 
                                // Extension was found and successfully registered
                                LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED);
 

diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php
index e01516610f9900711d3adc77b499b871496e6fdb..813bcb6762ee73837ba309bf162b1a78d7ce19eb 100644 (file)
--- a/inc/mysql-connect.php
+++ b/inc/mysql-connect.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...

-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {

        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }


@@ -65,7 +64,6 @@ if ((empty($MySQL['login'])) && (!isBooleanConstantAndTrue('mxchange_installing'
        echo "<STRONG>".LANG_WARNING.":</STRONG> ".WARN_NULL_PASSWORD;
 }
 
        echo "<STRONG>".LANG_WARNING.":</STRONG> ".WARN_NULL_PASSWORD;
 }
 

-

 // Init configuration arrays
 $_CONFIG = array(
        'code_length' => 0
 // Init configuration arrays
 $_CONFIG = array(
        'code_length' => 0


@@ -97,6 +95,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndT
 
                        // Is it a valid resource?
                        if ($db === true) {
 
                        // Is it a valid resource?
                        if ($db === true) {

+                               // Load more include files
+                               require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database
+

                                // Load configuration stuff
                                $result = SQL_QUERY("SELECT pass_len, points_register, points_ref, least_cats, check_double_email, check_double_pass, admin_notify, url_tlock, test_text, max_tlength, test_subj, autosend_active, max_send, url_blacklist, auto_purge, auto_purge_active, last_update, unconfirmed, profile_lock, online_timeout, mad_timestamp, mad_count, profile_update, send_prof_update, resend_profile_update, code_length, patch_level, patch_ctime, guest_stats, ref_payout, activate_xchange, order_multi_page, display_refid, ip_timeout, allow_direct_pay, config
 FROM "._MYSQL_PREFIX."_config
                                // Load configuration stuff
                                $result = SQL_QUERY("SELECT pass_len, points_register, points_ref, least_cats, check_double_email, check_double_pass, admin_notify, url_tlock, test_text, max_tlength, test_subj, autosend_active, max_send, url_blacklist, auto_purge, auto_purge_active, last_update, unconfirmed, profile_lock, online_timeout, mad_timestamp, mad_count, profile_update, send_prof_update, resend_profile_update, code_length, patch_level, patch_ctime, guest_stats, ref_payout, activate_xchange, order_multi_page, display_refid, ip_timeout, allow_direct_pay, config
 FROM "._MYSQL_PREFIX."_config


@@ -105,7 +106,7 @@ LIMIT 1", __FILE__, __LINE__);
 
                                if (SQL_NUMROWS($result) == 1) {
                                        // Load data when previous SQL query did not fail
 
                                if (SQL_NUMROWS($result) == 1) {
                                        // Load data when previous SQL query did not fail

-                                       if (!$result) {
+                                       if (!is_resource($result)) {

                                                // Something went wrong
                                                ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);
                                                return;
                                                // Something went wrong
                                                ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);
                                                return;


@@ -117,9 +118,6 @@ LIMIT 1", __FILE__, __LINE__);
                                        // Initialize include-file-pool
                                        $INC_POOL = array();
 
                                        // Initialize include-file-pool
                                        $INC_POOL = array();
 

-                                       // Load more include files
-                                       require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database
-

                                        // Run daily reset
                                        if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) {
                                                // Do daily things in external PHP file but only when script is completely setup
                                        // Run daily reset
                                        if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) {
                                                // Do daily things in external PHP file but only when script is completely setup


@@ -133,7 +131,7 @@ LIMIT 1", __FILE__, __LINE__);
                                        require_once(PATH."inc/load_extensions.php");
 
                                        // Loading patching system is required here...
                                        require_once(PATH."inc/load_extensions.php");
 
                                        // Loading patching system is required here...

-                                       require_once(PATH."inc/patch-system.php");      // Initialize patch system
+                                       require_once(PATH."inc/patch-system.php"); // Initialize patch system

 
                                        // Functions which are related to themes
                                        require_once(PATH."inc/theme-manager.php");
 
                                        // Functions which are related to themes
                                        require_once(PATH."inc/theme-manager.php");


@@ -191,12 +189,18 @@ LIMIT 1", __FILE__, __LINE__);
                                        $dummy = CHECK_MODULE($GLOBALS['module']);
                                        if ($dummy == "done") COUNT_MODULE($GLOBALS['module']);
                                        unset($dummy);
                                        $dummy = CHECK_MODULE($GLOBALS['module']);
                                        if ($dummy == "done") COUNT_MODULE($GLOBALS['module']);
                                        unset($dummy);

+
+                                       // Shall we activate the exchange?

                                        if ($_CONFIG['activate_xchange'] > 0) activateExchange();
                                } else {
                                        // If you will read following error message you probably need to contact me (webmaster@mxchange.org)
                                        // and download the sql-upgrades extension from my server. Please ask me which SQL file(s) you need to
                                        // import *BEFORE* you import them!
                                        ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);
                                        if ($_CONFIG['activate_xchange'] > 0) activateExchange();
                                } else {
                                        // If you will read following error message you probably need to contact me (webmaster@mxchange.org)
                                        // and download the sql-upgrades extension from my server. Please ask me which SQL file(s) you need to
                                        // import *BEFORE* you import them!
                                        ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);

+
+                                       // Reset link and db here, close database first
+                                       SQL_CLOSE($link, __FILE__, __LINE__);
+                                       $link = false; $db = false;

                                }
 
                                // Free memory
                                }
 
                                // Free memory

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index e4bcad187cb98d9505a358ec57139a435f9ef9a2..723f61ecb63bea6f39d14401b5d8d9645e7ab716 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...

-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {

        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }


@@ -73,6 +72,7 @@ function ADD_MODULE_TITLE($mod) {
        }
        return $name;
 }
        }
        return $name;
 }

+

 // Check validity of a given module name (no file extension)
 function CHECK_MODULE($mod) {
        // We need them now here...
 // Check validity of a given module name (no file extension)
 function CHECK_MODULE($mod) {
        // We need them now here...


@@ -187,9 +187,9 @@ function CHECK_MODULE($mod) {
        // Return the value
        return $ret;
 }
        // Return the value
        return $ret;
 }

+

 // Add menu description pending on given file name (without path!)
 // Add menu description pending on given file name (without path!)

-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {

        global $DEPTH, $_CONFIG;
        $LINK_ADD = ""; $OUT = ""; $AND = "";
        // First we have to do some analysis...
        global $DEPTH, $_CONFIG;
        $LINK_ADD = ""; $OUT = ""; $AND = "";
        // First we have to do some analysis...


@@ -251,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
                if (!$return) $DEPTH++;
                $prefix = "";
        }
                if (!$return) $DEPTH++;
                $prefix = "";
        }

+

        $prefix .= " -> ";
        $prefix .= " -> ";

+

        if (ereg(".php", $search)) {
                $search = substr($search, 0, strpos($search, ".php"));
        }
        if (ereg(".php", $search)) {
                $search = substr($search, 0, strpos($search, ".php"));
        }

+

        $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
         array($ACC_LVL, $type, $search), __FILE__, __LINE__);
        $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
         array($ACC_LVL, $type, $search), __FILE__, __LINE__);

+

        if (SQL_NUMROWS($result) == 1) {
                list($ret) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        if (SQL_NUMROWS($result) == 1) {
                list($ret) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);


@@ -287,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
 //
 function ADD_MENU($MODE, $act, $wht) {
        global $_CONFIG;
 //
 function ADD_MENU($MODE, $act, $wht) {
        global $_CONFIG;

+
+       // Init some variables
+       $main_cnt = 0;
+       $AND = "";
+       $main_action = "";
+       $sub_what = "";
+

        if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
        if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;

-       $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = "";
-       if (!IS_ADMIN())
-       {
+
+       // Non-admin shall not see all menus
+       if (!IS_ADMIN()) {

                $AND = "AND visible='Y' AND locked='N'";
        }
                $AND = "AND visible='Y' AND locked='N'";
        }

+

        // Load SQL data and add the menu to the output stream...
        $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
         array($MODE), __FILE__, __LINE__);
        //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
        // Load SQL data and add the menu to the output stream...
        $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
         array($MODE), __FILE__, __LINE__);
        //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";

-       if (SQL_NUMROWS($result_main) > 0)
-       {
+       if (SQL_NUMROWS($result_main) > 0) {

                OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
                // There are menus available, so we simply display them... :)
                OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
                // There are menus available, so we simply display them... :)

-               while (list($main_title, $main_action) = SQL_FETCHROW($result_main))
-               {
+               while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) {

                        //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
                        // Load menu header template
                        $BLOCK_MODE = false; $act = $main_action;
                        //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
                        // Load menu header template
                        $BLOCK_MODE = false; $act = $main_action;


@@ -311,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) {
                        $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
                         array($MODE, $main_action), __FILE__, __LINE__);
                        $ctl = SQL_NUMROWS($result_sub);
                        $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
                         array($MODE, $main_action), __FILE__, __LINE__);
                        $ctl = SQL_NUMROWS($result_sub);

-                       if ($ctl > 0)
-                       {
+                       if ($ctl > 0) {

                                $cnt=0;
                                $cnt=0;

-                               while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub))
-                               {
+                               while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) {
+                                       // Init content

                                        $content = "";
 
                                        // Full file name for checking menu
                                        $content = "";
 
                                        // Full file name for checking menu


@@ -390,7 +399,9 @@ function IS_ADMIN($admin="")
 
        // If admin login is not given take current from cookies...
        if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
 
        // If admin login is not given take current from cookies...
        if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {

-               $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
+               // Get admin login and password from session/cookies
+               $admin = SQL_ESCAPE(get_session('admin_login'));
+               $passCookie = SQL_ESCAPE(get_session('admin_md5'));

        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 


@@ -411,6 +422,8 @@ function IS_ADMIN($admin="")
                if (SQL_NUMROWS($result) == 1) {
                        // Admin login was found so let's load password from DB
                        list($passDB) = SQL_FETCHROW($result);
                if (SQL_NUMROWS($result) == 1) {
                        // Admin login was found so let's load password from DB
                        list($passDB) = SQL_FETCHROW($result);

+
+                       // Generate password hash

                        $valPass = generatePassString($passDB);
                }
 
                        $valPass = generatePassString($passDB);
                }
 


@@ -420,8 +433,8 @@ function IS_ADMIN($admin="")
 
        if (!empty($valPass)) {
                // Check if password is valid
 
        if (!empty($valPass)) {
                // Check if password is valid

-               //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
-               $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+               //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+               $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));

        }
 
        // Return result of comparision
        }
 
        // Return result of comparision