From 61bddb167e29e7275f5a1c9fa8cb80431fa5ee6f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 30 Aug 2008 22:55:41 +0000 Subject: [PATCH] Fixes for sql_patches removal vs. password reset of admin --- .gitattributes | 3 +- inc/extensions.php | 49 ++++++++++--------- inc/language.php | 4 +- inc/language/de.php | 2 + inc/libs/cache_functions.php | 8 +-- inc/load_extensions.php | 4 +- inc/modules/admin.php | 23 ++++++--- inc/modules/admin/action-admins.php | 2 +- inc/modules/admin/action-country.php | 2 +- inc/modules/admin/action-doubler.php | 2 +- inc/modules/admin/action-email.php | 2 +- inc/modules/admin/action-holiday.php | 2 +- inc/modules/admin/action-login.php | 2 +- inc/modules/admin/action-menu.php | 2 +- inc/modules/admin/action-misc.php | 2 +- inc/modules/admin/action-mods.php | 2 +- inc/modules/admin/action-newsletter.php | 2 +- inc/modules/admin/action-payouts.php | 2 +- inc/modules/admin/action-rallye.php | 2 +- inc/modules/admin/action-repair.php | 2 +- inc/modules/admin/action-setup.php | 2 +- inc/modules/admin/action-sponsor.php | 2 +- inc/modules/admin/action-stats.php | 2 +- inc/modules/admin/action-task.php | 2 +- inc/modules/admin/action-theme.php | 2 +- inc/modules/admin/action-transfer.php | 2 +- inc/modules/admin/action-user.php | 2 +- inc/modules/admin/action-wernis.php | 2 +- inc/modules/admin/admin-inc.php | 4 +- inc/modules/admin/what-extensions.php | 32 ++++++------ inc/modules/guest/action-admin.php | 2 +- inc/modules/guest/action-main.php | 2 +- inc/modules/guest/action-members.php | 2 +- inc/modules/index.php | 2 +- inc/modules/member/action-account.php | 2 +- inc/modules/member/action-bank.php | 2 +- inc/modules/member/action-extras.php | 2 +- inc/modules/member/action-logout.php | 2 +- inc/modules/member/action-main.php | 2 +- inc/modules/member/action-order.php | 2 +- inc/modules/member/action-rals.php | 2 +- inc/modules/member/action-stats.php | 2 +- inc/mysql-manager.php | 2 +- modules.php | 2 +- ref.php | 3 +- ...l => admin_logout_sql_patches_install.tpl} | 0 .../admin/admin_logout_sql_patches_remove.tpl | 17 +++++++ .../de/html/admin/admin_reset_pass_done.tpl | 2 +- 48 files changed, 129 insertions(+), 92 deletions(-) rename templates/de/html/admin/{admin_logout_sql_patches.tpl => admin_logout_sql_patches_install.tpl} (100%) create mode 100644 templates/de/html/admin/admin_logout_sql_patches_remove.tpl diff --git a/.gitattributes b/.gitattributes index 30914c6957..1a02466916 100644 --- a/.gitattributes +++ b/.gitattributes @@ -922,7 +922,8 @@ templates/de/html/admin/admin_login_form.tpl -text templates/de/html/admin/admin_login_msg.tpl -text templates/de/html/admin/admin_logout.tpl -text templates/de/html/admin/admin_logout_form.tpl -text -templates/de/html/admin/admin_logout_sql_patches.tpl -text +templates/de/html/admin/admin_logout_sql_patches_install.tpl -text +templates/de/html/admin/admin_logout_sql_patches_remove.tpl -text templates/de/html/admin/admin_main_footer.tpl -text templates/de/html/admin/admin_main_header.tpl -text templates/de/html/admin/admin_maintenance_form.tpl -text diff --git a/inc/extensions.php b/inc/extensions.php index cf3ba20d59..145fb1b940 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -52,7 +52,7 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) if (EXT_IS_ACTIVE($ext_name)) return false; // Generate file name - $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name); + $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name); // Does this extension exists? if (file_exists($file) && is_readable($file)) @@ -92,10 +92,10 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) $SQLs2 = $SQLs; $SQLs = array(); $test = false; // Backup language as well - $LANG_BCK = $EXT_LANG_PREFIX; + $LANG_BCK = $EXT_LANG_PREFIX; $EXT_ALWAYS_ACTIVE = "N"; // Load required extension also in update mode - $file = sprintf(PATH."inc/extensions/ext-%s.php", $EXT_UPDATE_DEPENDS); + $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $EXT_UPDATE_DEPENDS); // Check for required file if (file_exists($file) && is_readable($file)) @@ -181,8 +181,8 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) } // Register extension - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_extensions (ext_name, ext_lang_file, ext_active, ext_version) VALUES ('%s', '%s', 'N', '%s')", - array($ext_name, $EXT_LANG_PREFIX, $EXT_VERSION), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_extensions (ext_name, ext_lang_file, ext_active, ext_version) VALUES ('%s', '%s', '%s', '%s')", + array($ext_name, $EXT_LANG_PREFIX, $EXT_ALWAYS_ACTIVE, $EXT_VERSION), __FILE__, __LINE__); // Update task management $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1", @@ -223,24 +223,22 @@ function EXTENSION_REGISTER ($ext_name, $id, $dry_run=false) return $ret; } // -function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) -{ +function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) { global $cacheInstance; + $SQLs = array(); + // This shall never do a non-admin user! if (!IS_ADMIN()) return false; // Get extension's name - $result = SQL_QUERY_ESC("SELECT ext_name FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); - list($ext_name) = SQL_FETCHROW($result); - SQL_FREERESULT($result); + $ext_name = GET_EXT_NAME($id); if (empty($ext_name)) return false; // Load extension in detected mode - $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name); $SQLs = array(); + $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name); if (file_exists($file) && is_readable($file)) require($file); - if ((is_array($SQLs) && (sizeof($SQLs) > 0))) - { + + if ((is_array($SQLs) && (sizeof($SQLs) > 0))) { // Run SQL commands... foreach ($SQLs as $sql) { // Trim spaces away which we don't need @@ -250,21 +248,26 @@ function EXTENSION_RUN_SQLS($id, $EXT_LOAD_MODE) if (!empty($sql)) { // Run SQL command $result = SQL_QUERY($sql, __FILE__, __LINE__, false); - } - } + } // END - if + } // END - foreach // Remove cache file(s) if extension is active - if (EXT_IS_ACTIVE("cache")) { - // Remove cache filer + if ((EXT_IS_ACTIVE("cache")) || (GET_EXT_VERSION("cache") != "")) { + // Remove cache files if ($cacheInstance->cache_file("extensions", true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("mod_reg", true)) $cacheInstance->cache_destroy(); if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); - } - } + } // END - if + + // Is this the sql_patches? + if ($ext_name == "sql_patches") { + // Then redirect to logout + LOAD_URL("modules.php?module=admin&logout=1&remove=sql_patches"); + } // END - if + } // END - if } // -function EXT_IS_ACTIVE ($ext_name, $ignore_admin=false, $ignore_cache=false) -{ +function EXT_IS_ACTIVE ($ext_name, $ignore_admin = false, $ignore_cache = false) { global $cacheArray, $_CONFIG; // Extensions are all inactive during installation @@ -303,7 +306,7 @@ function EXT_IS_ACTIVE ($ext_name, $ignore_admin=false, $ignore_cache=false) } // Is this extension activated? (For admins we always have active extensions...) - $inc = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name); + $inc = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name); // Shorter way return ( ( diff --git a/inc/language.php b/inc/language.php index f39d09b567..cd18027783 100644 --- a/inc/language.php +++ b/inc/language.php @@ -42,12 +42,12 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) if (empty($mx_lang)) $mx_lang = DEFAULT_LANG; // Look for file -$file = sprintf(PATH."inc/language/%s.php", $mx_lang); +$file = sprintf("%sinc/language/%s.php", PATH, $mx_lang); if ((!file_exists($file)) || (!is_readable($file))) { // Switch to default (DO NOT CHANGE!!!) set_session("mx_lang", "de"); $mx_lang = "de"; - $file = sprintf(PATH."inc/language/%s.php", $mx_lang); + $file = sprintf("%sinc/language/%s.php", PATH, $mx_lang); } // Load language file diff --git a/inc/language/de.php b/inc/language/de.php index 2d6e5433f5..43a36e32c5 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1105,6 +1105,7 @@ define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten."); define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)"); define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System"); define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung sql_patches installiert haben und dabei das Passort-Hashing geändert/verbessert wurde. Bitte erneut einloggen!"); +define('ADMIN_LOGOUT_SQL_PATCHES_REMOVE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterun sql_patches entfernt haben. Bitte klicken Sie weiter, um jetzt das Passwort neu zu setzen."); define('ADMIN_POINTS_REPAYED', "Es wurden dem Mitglied %s {!POINTS!} zurückgeschrieben."); define('ADMIN_POINTS_TO_JACKPOT', "Es wurden %s {!POINTS!} in den Jackpot gelegt."); define('ADMIN_NO_POINTS_REPAYED', "Die Mailbuchung hatte keine {!POINTS!} zum zurückbuchen!"); @@ -1147,6 +1148,7 @@ define('ADMIN_SHOW_LOGIN', "Ihr Administratorlogin:"); define('ADMIN_CHANGE_LOGIN', "Anderes Adminlogin"); define('ADMIN_PASSWORD_RESET_DONE', "Ihr Administratorkennwort wurde neu gesetzt. Sie können sich jetzt mit Ihren neuen Zugangsdaten im Adminbereich einloggen."); define('ADMIN_CONTINUE_LOGIN', "Weiter zum Administratorlogin"); +define('ADMIN_RESET_PASS_LINK', "Jetzt Ihr Administratorkennwort zurücksetzen (nötiger Schritt!)"); // ?> diff --git a/inc/libs/cache_functions.php b/inc/libs/cache_functions.php index cfb4cd4cae..9e5202d558 100644 --- a/inc/libs/cache_functions.php +++ b/inc/libs/cache_functions.php @@ -262,13 +262,13 @@ class mxchange_cache foreach($v as $k2=>$v2) { // Put every array element in a row... - $LINE .= "\$cacheInstance['".$k."'][] = \"".$v2."\";\n"; + $LINE .= "\$data['".$k."'][] = \"".$v2."\";\n"; } } else { // Single line found - $LINE = "\$cacheInstance['".$k."'] = \"".$v."\";\n"; + $LINE = "\$data['".$k."'] = \"".$v."\";\n"; } // Write line(s) @@ -325,13 +325,13 @@ class mxchange_cache foreach($v as $k2=>$v2) { // Put every array element in a row... - $LINE .= "\$cacheInstance['".$k."'][] = \"".$v2."\";\n"; + $LINE .= "\$data['".$k."'][] = \"".$v2."\";\n"; } } else { // Single line found - $LINE = "\$cacheInstance['".$k."'] = \"".$v."\";\n"; + $LINE = "\$data['".$k."'] = \"".$v."\";\n"; } // Write line(s) diff --git a/inc/load_extensions.php b/inc/load_extensions.php index ed0a69b5e1..1ca104512e 100644 --- a/inc/load_extensions.php +++ b/inc/load_extensions.php @@ -93,7 +93,7 @@ if ($cacheMode == "load") { // Load Language file if ($EXT_DUMMY['ext_lang'][$k] == "Y") { - $INC = sprintf(PATH."inc/language/%s_%s.php", $name, GET_LANGUAGE()); + $INC = sprintf("%sinc/language/%s_%s.php", PATH, $name, GET_LANGUAGE()); if (file_exists($INC)) require_once($INC); } @@ -184,7 +184,7 @@ if ((SQL_NUMROWS($res_ext_crt) > 0) && (($cacheMode == "init") || ($cacheMode == $file2 = $file1; $EXT_CSS = "N"; $EXT_ALWAYS_ACTIVE = "N"; // Special functions file - $file3 = sprintf(PATH."inc/libs/%s_functions.php", $name); + $file3 = sprintf("%sinc/libs/%s_functions.php", PATH, $name); // Does the extension file exists? if (file_exists($file1) && is_readable($file1)) diff --git a/inc/modules/admin.php b/inc/modules/admin.php index ed6f004ddf..5219de274b 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -299,18 +299,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Only try to remove cookies if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) { // Also remove array elements - set_session('admin_login' , ""); - set_session('admin_md5' , ""); - set_session('admin_last' , ""); - set_session('admin_to' , ""); + set_session('admin_login', ""); + set_session('admin_md5' , ""); + set_session('admin_last' , ""); + set_session('admin_to' , ""); // Destroy session @session_destroy(); // Load logout template - if (isset($_GET['sql_patches'])) { - // Special logout redirect for sql_patchrs - LOAD_TEMPLATE("admin_logout_sql_patches"); + if (isset($_GET['install'])) { + // Secure input + $install = secureString(SQL_ESCAPE($_GET['install'])); + + // Special logout redirect for installation of given extension + LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $install)); + } elseif (isset($_GET['remove'])) { + // Secure input + $remove = secureString(SQL_ESCAPE($_GET['remove'])); + + // Special logout redirect for removal of given extension + LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); } else { // Logged out normally LOAD_TEMPLATE("admin_logout"); diff --git a/inc/modules/admin/action-admins.php b/inc/modules/admin/action-admins.php index a0beb1b828..a4a1d738dd 100644 --- a/inc/modules/admin/action-admins.php +++ b/inc/modules/admin/action-admins.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-country.php b/inc/modules/admin/action-country.php index 90455e7a8e..342f2b0fe1 100644 --- a/inc/modules/admin/action-country.php +++ b/inc/modules/admin/action-country.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-doubler.php b/inc/modules/admin/action-doubler.php index 6982a4083c..6f553f0a32 100644 --- a/inc/modules/admin/action-doubler.php +++ b/inc/modules/admin/action-doubler.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf(."%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-email.php b/inc/modules/admin/action-email.php index 787081af62..a2a221c90f 100644 --- a/inc/modules/admin/action-email.php +++ b/inc/modules/admin/action-email.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-holiday.php b/inc/modules/admin/action-holiday.php index ca00de5b71..a9ee8cbb06 100644 --- a/inc/modules/admin/action-holiday.php +++ b/inc/modules/admin/action-holiday.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-login.php b/inc/modules/admin/action-login.php index a66a1be3b4..17a0d0d315 100644 --- a/inc/modules/admin/action-login.php +++ b/inc/modules/admin/action-login.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-menu.php b/inc/modules/admin/action-menu.php index ddaf08a59b..e1245595d9 100644 --- a/inc/modules/admin/action-menu.php +++ b/inc/modules/admin/action-menu.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-misc.php b/inc/modules/admin/action-misc.php index 41cdcc67e5..95d0b1e589 100644 --- a/inc/modules/admin/action-misc.php +++ b/inc/modules/admin/action-misc.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-mods.php b/inc/modules/admin/action-mods.php index 4f05fccc13..20c846844a 100644 --- a/inc/modules/admin/action-mods.php +++ b/inc/modules/admin/action-mods.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-newsletter.php b/inc/modules/admin/action-newsletter.php index 49c3361e4c..da9c090b61 100644 --- a/inc/modules/admin/action-newsletter.php +++ b/inc/modules/admin/action-newsletter.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-payouts.php b/inc/modules/admin/action-payouts.php index 2882feb8b9..8871db900d 100644 --- a/inc/modules/admin/action-payouts.php +++ b/inc/modules/admin/action-payouts.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-rallye.php b/inc/modules/admin/action-rallye.php index 221889a6bd..243c179b4f 100644 --- a/inc/modules/admin/action-rallye.php +++ b/inc/modules/admin/action-rallye.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-repair.php b/inc/modules/admin/action-repair.php index 1f54b7e2c7..09eba7ec2e 100644 --- a/inc/modules/admin/action-repair.php +++ b/inc/modules/admin/action-repair.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-setup.php b/inc/modules/admin/action-setup.php index 2e62585b95..b9e372ccad 100644 --- a/inc/modules/admin/action-setup.php +++ b/inc/modules/admin/action-setup.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-sponsor.php b/inc/modules/admin/action-sponsor.php index b4cbba35c9..a841ef6d32 100644 --- a/inc/modules/admin/action-sponsor.php +++ b/inc/modules/admin/action-sponsor.php @@ -41,7 +41,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-stats.php b/inc/modules/admin/action-stats.php index 2db7b93dd3..3cd387404b 100644 --- a/inc/modules/admin/action-stats.php +++ b/inc/modules/admin/action-stats.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-task.php b/inc/modules/admin/action-task.php index 692d4f0d36..4c7691cd5c 100644 --- a/inc/modules/admin/action-task.php +++ b/inc/modules/admin/action-task.php @@ -44,7 +44,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-theme.php b/inc/modules/admin/action-theme.php index 651d82ad4b..8b702b0aef 100644 --- a/inc/modules/admin/action-theme.php +++ b/inc/modules/admin/action-theme.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-transfer.php b/inc/modules/admin/action-transfer.php index 3ea5af90fe..1eae1b12c2 100644 --- a/inc/modules/admin/action-transfer.php +++ b/inc/modules/admin/action-transfer.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-user.php b/inc/modules/admin/action-user.php index 20254c254d..1d53df9a13 100644 --- a/inc/modules/admin/action-user.php +++ b/inc/modules/admin/action-user.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/action-wernis.php b/inc/modules/admin/action-wernis.php index 25b4ff15e1..5b91251679 100644 --- a/inc/modules/admin/action-wernis.php +++ b/inc/modules/admin/action-wernis.php @@ -42,7 +42,7 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) ADD_DESCR("admin", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/admin/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the admin action module diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index d0aef8c0f0..6c7c2416ed 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -308,7 +308,7 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); SQL_FREERESULT($result); // Is valid but does the inlcude file exists? - $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act); + $INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act); if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) { // Ok, we finally load the admin action module @@ -406,7 +406,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename - $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub); + $INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub); if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { $ACL = ADMINS_CHECK_ACL("", $wht_sub); diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index bf5e182470..eb6079c2e0 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -143,7 +143,7 @@ if (!empty($_GET['reg_ext'])) { $OUT .= LOAD_TEMPLATE("admin_extensions_edit_row", true, $content); $SW = 3 - $SW; } - } + } // END - foreach define('__EXTENSIONS_ROWS', $OUT); // Load template @@ -154,11 +154,15 @@ if (!empty($_GET['reg_ext'])) { // List extensions and when verbose is enabled SQL statements which will be executed $SW = 2; $OUT = ""; foreach ($_POST['sel'] as $id=>$sel) { + // Init variables $VERBOSE_OUT = ""; $SQLs = array(); - // Load extension's data - $result = SQL_QUERY_ESC("SELECT ext_name, ext_version FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); - list($ext_name, $ext_ver) = SQL_FETCHROW($result); + + // Secure id number + $id = bigintval($id); + + // Get extension name + $ext_name = GET_EXT_NAME($id); + $ext_ver = GET_EXT_VERSION($ext_name); // Free the result SQL_FREERESULT($result); @@ -166,12 +170,12 @@ if (!empty($_GET['reg_ext'])) { if ($_CONFIG['verbose_sql']) { // Load SQL commands in remove mode $EXT_LOAD_MODE = "remove"; - $file = sprintf(PATH."inc/extensions/ext-%s.php", $ext_name); + $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $ext_name); include($file); // Generate extra table with loaded SQL commands $VERBOSE_OUT = EXTENSION_VERBOSE_TABLE($SQLs); - } + } // END - if // Prepare data for the row template $content = array( @@ -185,7 +189,7 @@ if (!empty($_GET['reg_ext'])) { // Load row template and switch color $OUT .= LOAD_TEMPLATE("admin_extensions_delete_row", true, $content); $SW = 3 - $SW; - } + } // END - foreach define('__EXTENSIONS_ROWS', $OUT); // Load template @@ -205,9 +209,9 @@ if (!empty($_GET['reg_ext'])) { // Delete this extension (remember to remove it from your server *before* you click on welcome! $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_extensions WHERE id=%d LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); - } - } + array($id), __FILE__, __LINE__); + } // END - if + } // END - foreach } elseif (!empty($_GET['do']) && (!IS_DEMO())) { // Other things to do $do = SQL_ESCAPE(strip_tags($_GET['do'])); @@ -220,7 +224,7 @@ if (!empty($_GET['reg_ext'])) { $where = ""; if (!empty($_GET['active'])) { $where = sprintf("WHERE ext_active = '%s'", SQL_ESCAPE(strip_tags($_GET['active']))); -} +} // END - if // Case selection switch ($do) { @@ -308,7 +312,7 @@ case "register": // Register new extension // Is this sql_patches? Then we need to auto-logout! if ($ext_name == "sql_patches") { // Auto-logout here - LOAD_URL("modules.php?module=admin&logout=1&sql_patches=1"); + LOAD_URL("modules.php?module=admin&logout=1&install=sql_patches"); } // Extension was found and successfully registered @@ -362,7 +366,7 @@ case "search": // Search for new extensions on our server if ((substr($value, 0, 4) == "ext-") && (substr($value, -4) == ".zip")) { $name = substr($value, 4, -4); - $file = sprintf(PATH."inc/extensions/ext-%s.php", $name); + $file = sprintf("%sinc/extensions/ext-%s.php", PATH, $name); $ver = trim(substr($response[$id + 3], 4)); // Load current extension's version diff --git a/inc/modules/guest/action-admin.php b/inc/modules/guest/action-admin.php index 7eaf1cdc79..fce845e27a 100644 --- a/inc/modules/guest/action-admin.php +++ b/inc/modules/guest/action-admin.php @@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) if (GET_ACTION("guest", $GLOBALS['what']) == "admin") { // Only when one admin link is clicked... - $INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']); + $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the guest action module diff --git a/inc/modules/guest/action-main.php b/inc/modules/guest/action-main.php index 8894d8a648..0647588b14 100644 --- a/inc/modules/guest/action-main.php +++ b/inc/modules/guest/action-main.php @@ -42,7 +42,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("guest", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); $IS_VALID = WHAT_IS_VALID(GET_ACTION("guest", $GLOBALS['what']), $GLOBALS['what'], "guest"); if ((file_exists($INC)) && (is_readable($INC)) && ($IS_VALID)) diff --git a/inc/modules/guest/action-members.php b/inc/modules/guest/action-members.php index 911c408d0b..1b2c0460a2 100644 --- a/inc/modules/guest/action-members.php +++ b/inc/modules/guest/action-members.php @@ -42,7 +42,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("guest", basename(__FILE__)); // Load the include file -$INC = sprintf(PATH."inc/modules/guest/what-%s.php", $GLOBALS['what']); +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC)) { // Ok, we finally load the guest action module diff --git a/inc/modules/index.php b/inc/modules/index.php index 006eca162a..e5019640be 100644 --- a/inc/modules/index.php +++ b/inc/modules/index.php @@ -96,7 +96,7 @@ if (($_CONFIG['guest_menu'] == "Y") || (!EXT_IS_ACTIVE("sql_patches", true))) // TDs between menu and content LOAD_TEMPLATE("guest_menu_content"); -$INC_ACTION = sprintf(PATH."inc/modules/guest/action-%s.php", $act); +$INC_ACTION = sprintf("%sinc/modules/guest/action-%s.php", PATH, $act); if ((file_exists($INC_ACTION)) && (is_readable($INC_ACTION)) && (VALIDATE_MENU_ACTION("guest", $act, $GLOBALS['what']))) { // Requested module is available so we load it diff --git a/inc/modules/member/action-account.php b/inc/modules/member/action-account.php index 03de3d9d03..e7391a9cf0 100644 --- a/inc/modules/member/action-account.php +++ b/inc/modules/member/action-account.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-bank.php b/inc/modules/member/action-bank.php index 71f304155e..4b01b03a09 100644 --- a/inc/modules/member/action-bank.php +++ b/inc/modules/member/action-bank.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-extras.php b/inc/modules/member/action-extras.php index 2feb671d59..7cd95faabd 100644 --- a/inc/modules/member/action-extras.php +++ b/inc/modules/member/action-extras.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-logout.php b/inc/modules/member/action-logout.php index 440503f750..1a35520733 100644 --- a/inc/modules/member/action-logout.php +++ b/inc/modules/member/action-logout.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-main.php b/inc/modules/member/action-main.php index fa47565ce4..d3c82ec007 100644 --- a/inc/modules/member/action-main.php +++ b/inc/modules/member/action-main.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-order.php b/inc/modules/member/action-order.php index 171e581eb0..6c3cbfcb9b 100644 --- a/inc/modules/member/action-order.php +++ b/inc/modules/member/action-order.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-rals.php b/inc/modules/member/action-rals.php index a9fb0e72f8..4733d9c326 100644 --- a/inc/modules/member/action-rals.php +++ b/inc/modules/member/action-rals.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/modules/member/action-stats.php b/inc/modules/member/action-stats.php index e556417d09..ac10d889d0 100644 --- a/inc/modules/member/action-stats.php +++ b/inc/modules/member/action-stats.php @@ -51,7 +51,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) ADD_DESCR("member", basename(__FILE__)); // Load the include file -$INC_WHAT = sprintf(PATH."inc/modules/member/what-%s.php", $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); if (file_exists($INC_WHAT)) { // Ok, we finally load the member action module diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index ef2e46d8c7..50ca9f790a 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -364,7 +364,7 @@ function ADD_MENU($MODE, $act, $wht) { } else { // This is a menu block... ;-) $BLOCK_MODE = true; - $INC_BLOCK = sprintf(PATH."inc/modules/%s/action-%s.php", $MODE, $main_action); + $INC_BLOCK = sprintf("%sinc/modules/%s/action-%s.php", PATH, $MODE, $main_action); if ((file_exists($INC_BLOCK)) && (is_readable($INC_BLOCK))) { // Load include file if ((!EXT_IS_ACTIVE($main_action)) || ($main_action == "online")) OUTPUT_HTML(" diff --git a/modules.php b/modules.php index f8fbe88fb7..41b049938a 100644 --- a/modules.php +++ b/modules.php @@ -109,7 +109,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I case "mem_only": case "done": // Construct module name - define('__MODULE', sprintf(PATH."inc/modules/%s.php", $GLOBALS['module'])); + define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module'])); // Does the module exists on local file system? if (((file_exists(__MODULE)) || (!empty($URL))) && (sizeof($FATAL) == 0)) diff --git a/ref.php b/ref.php index 456fc3b969..0532103089 100644 --- a/ref.php +++ b/ref.php @@ -60,7 +60,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install } // Get referral ID from ref or refid variable - if (!empty($_GET['ref'])) $ref = strip_tags(htmlentities($_GET['ref'])); + if (!empty($_GET['ref'])) $ref = secureString($_GET['ref']); elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']); if (!empty($ref)) @@ -74,6 +74,7 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install list($ref) = SQL_FETCHROW($result); SQL_FREERESULT($result); } + // Also edit this 0 ! if (empty($ref)) $ref = "0"; diff --git a/templates/de/html/admin/admin_logout_sql_patches.tpl b/templates/de/html/admin/admin_logout_sql_patches_install.tpl similarity index 100% rename from templates/de/html/admin/admin_logout_sql_patches.tpl rename to templates/de/html/admin/admin_logout_sql_patches_install.tpl diff --git a/templates/de/html/admin/admin_logout_sql_patches_remove.tpl b/templates/de/html/admin/admin_logout_sql_patches_remove.tpl new file mode 100644 index 0000000000..a4de412932 --- /dev/null +++ b/templates/de/html/admin/admin_logout_sql_patches_remove.tpl @@ -0,0 +1,17 @@ +
+ + + + + + + + + + +
 
+ {--ADMIN_LOGOUT_SQL_PATCHES_REMOVE--}
+
+ {--ADMIN_RESET_PASS_LINK--} +
 
+
diff --git a/templates/de/html/admin/admin_reset_pass_done.tpl b/templates/de/html/admin/admin_reset_pass_done.tpl index 289a8f1c60..ea48561692 100644 --- a/templates/de/html/admin/admin_reset_pass_done.tpl +++ b/templates/de/html/admin/admin_reset_pass_done.tpl @@ -12,7 +12,7 @@ - {--ADMIN_CONTINUE_LOGIN--} + --> {--ADMIN_CONTINUE_LOGIN--} -- 2.30.2