From 05ac410a5adaa49c99b6eeae4bef60f2994f1575 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 12 Jul 2011 19:53:02 +0000 Subject: [PATCH] Rewrites to use fake POST data --- inc/functions.php | 6 ++++-- inc/libs/admins_functions.php | 33 ++++++++++++++++++++++++++++----- inc/modules/admin/admin-inc.php | 13 +++++++++---- install/tables.sql | 2 +- 4 files changed, 42 insertions(+), 12 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index be4eed9d40..93c08ad2e5 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1317,8 +1317,10 @@ function isUrlValidSimple ($url) { $reg = ($reg || preg_match(('^' . $pat . '^'), $url)); // Does it match? - if ($reg === true) break; - } + if ($reg === true) { + break; + } // END - if + } // END - foreach // Return true/false return $reg; diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 62de1cab37..e81d6a1389 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -169,12 +169,15 @@ LIMIT 1", } // Change a lot admin account -function adminsChangeAdminAccount ($postData, $element = '') { +function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = true) { // Begin the update $cache_update = '0'; + $message = ''; + foreach ($postData['login'] as $id => $login) { // Secure id number $id = bigintval($id); + /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'id=' . $id . ',login=' . $login); // When both passwords match update admin account if ((!empty($element)) && (isset($postData[$element]))) { @@ -184,7 +187,7 @@ function adminsChangeAdminAccount ($postData, $element = '') { // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; - } elseif ((isset($postData['pass1'])) && (isset($postData['pass2']))) { + } elseif ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) { // Update only if both passwords match if (($postData['pass1'][$id] == $postData['pass2'][$id])) { // Save only when both passwords are the same (also when they are empty) @@ -194,7 +197,9 @@ function adminsChangeAdminAccount ($postData, $element = '') { $hash = generateHash($postData['pass1'][$id]); // Save password when set - if (!empty($postData['pass1'][$id])) $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); + if (!empty($postData['pass1'][$id])) { + $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); + } // END - if // Get admin's id $adminId = getCurrentAdminId(); @@ -272,7 +277,9 @@ LIMIT 1", $SQL = 'UPDATE `{?_MYSQL_PREFIX?}_admins` SET '; foreach ($postData as $entry => $value) { // Skip login/id entry - if (in_array($entry, array('login', 'id'))) continue; + if (in_array($entry, array('login', 'id'))) { + continue; + } // END - if // Do we have a non-string (e.g. number, NULL, NOW() or back-tick at the beginning? if (is_null($value[$id])) { @@ -292,16 +299,30 @@ LIMIT 1", // Run it SQL_QUERY_ESC($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); + + // Was it updated? + if (SQL_AFFECTEDROWS() == 1) { + // Admin account saved + $message = '{--ADMIN_ACCOUNT_SAVED--}'; + } else { + // Passwords did not match + $message = '{--ADMIN_ADMINS_ERROR_PASS_MISMATCH--}'; + } } } // END - foreach // Display message if (!empty($message)) { - displayMessage($message); + if ($displayMessage === true) { + displayMessage($message); + } // END - if } // END - if // Remove cache file runFilterChain('post_form_submited', postRequestArray()); + + // Return message + return $message; } // Make admin accounts editable @@ -442,6 +463,8 @@ function sendAdminsEmails ($subj, $template, $content, $userid) { // Check which admin shall receive this mail $result = SQL_QUERY_ESC("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", array($template), __FUNCTION__, __LINE__); + + // No entries found? if (SQL_HASZERONUMS($result)) { // Create new entry (to all admins) SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`, `mail_template`) VALUES (0, '%s')", diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index f8017ebbef..18f99003fc 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -97,7 +97,7 @@ function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { // All fine $ret = 'done'; } else { - // Set status + // Did not match! $ret = 'password'; } } // END - if @@ -1338,12 +1338,17 @@ function doResetAdminPassword ($login, $password) { // Generate hash (we already check for sql_patches in generateHash()) $passHash = generateHash($password); + // Prepare fake POST data + $postData = array( + 'login' => array(getAdminId($login) => $login), + 'password' => array(getAdminId($login) => $passHash), + ); + // Update database - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1", - array($passHash, $login), __FUNCTION__, __LINE__); + $message = adminsChangeAdminAccount($postData, '', false); // Run filters - runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash)); + runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash, 'message' => $message)); // Return output return '{--ADMIN_PASSWORD_RESET_DONE--}'; diff --git a/install/tables.sql b/install/tables.sql index 1756758372..f851b665d9 100644 --- a/install/tables.sql +++ b/install/tables.sql @@ -13,7 +13,7 @@ DROP TABLE IF EXISTS `{?_MYSQL_PREFIX?}_admins`; CREATE TABLE `{?_MYSQL_PREFIX?}_admins` ( `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, `login` VARCHAR(100) NOT NULL DEFAULT '', - `password` VARCHAR(40) NOT NULL DEFAULT '', + `password` VARCHAR(255) NOT NULL DEFAULT '', `email` VARCHAR(255) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY (`login`) -- 2.30.2