Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-16 04:59:42 +01:00
Code Issues Packages Projects Releases Activity

fixes

Browse Source
This commit is contained in:
Abdulrahman
2019-05-22 19:33:52 +03:00
parent a9dd576094
commit a52aeba650
12 changed files with 38 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
do.php
View File

@@ -417,7 +417,7 @@ elseif (ig('down') || ig('downf') ||
}
}
if (! ($size = @kleeja_filesize($path_file)))
if (! ($size = @filesize($path_file)))
{
$size = $d_size;
}

4
includes/adm/g_users.php
View File

@@ -237,7 +237,7 @@ elseif (ip('newuser'))
if (empty($ERRORS))
{
$name = (string) $SQL->escape(trim(p('lname')));
$user_salt = (string) substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = (string) substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = (string) $usrcp->kleeja_hash_password($SQL->escape(trim(p('lpass'))) . $user_salt);
$mail = (string) trim(strtolower(p('lmail')));
$clean_name = (string) $usrcp->cleanusername($name);
@@ -349,7 +349,7 @@ if (ip('edituser'))
}
elseif (trim(p('l_pass')) != '')
{
$user_salt = substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = "password = '" . $usrcp->kleeja_hash_password(trim(p('l_pass')) . $user_salt) . "', password_salt='" . $user_salt . "',";
}

6
includes/auth_integration/api.php
View File

@@ -37,7 +37,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
// @see file : docs/kleeja_(vb,mysmartbb,phpbb)_api.txt
$api_http_query = 'api_key=' . kleeja_base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass=' . kleeja_base64_encode($pass);
$api_http_query = 'api_key=' . base64_encode($script_api_key) . '&' . ($hashed ? 'userid' : 'username') . '=' . urlencode($name) . '&pass=' . base64_encode($pass);
//if only username, let tell him in the query
$api_http_query .= $return_username ? '&return_username=1' : '';
@@ -56,7 +56,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
//split the data , the first one is always 0 or 1
//0 : error
//1: ok
$user_info = explode('%|%', kleeja_base64_decode($remote_data));
$user_info = explode('%|%', base64_decode($remote_data));
//omg, it's 0 , 0 : error, lets die here
if ((int) $user_info[0] == 0)
@@ -88,7 +88,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
//and this must be filled with user data comming from url
$userinfo = [];
$userinfo['group_id'] = GROUP_ID;
$user_y = kleeja_base64_encode(serialize(['id'=>USER_ID, 'name'=>USER_NAME, 'mail'=>USER_MAIL, 'last_visit'=>time()]));
$user_y = base64_encode(serialize(['id'=>USER_ID, 'name'=>USER_NAME, 'mail'=>USER_MAIL, 'last_visit'=>time()]));
//add cookies

4
includes/auth_integration/phpbb.php
View File

@@ -112,7 +112,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$result2 = $SQLBB->build($query2);
while ($row=$SQLBB->fetch_array($result2))
{
$SQLBB->freeresult($result2);
$SQLBB->freeresult($result2);
if ($return_name)
{
@@ -164,7 +164,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$userinfo = $row;
$userinfo['group_id'] = ($row[$row_leve] == $admin_level ? '1' : '3');
$user_y = kleeja_base64_encode(serialize(['id'=>$row['user_id'], 'name'=>$row['username'], 'mail'=>$row['user_email'], 'last_visit'=>time()]));
$user_y = base64_encode(serialize(['id'=>$row['user_id'], 'name'=>$row['username'], 'mail'=>$row['user_email'], 'last_visit'=>time()]));
if (! $hashed && ! $loginadm)
{

22
includes/auth_integration/vb.php
View File

@@ -67,7 +67,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$forum_srv .= ':' . $config['MasterServer']['port'];
}
//some people change their db charset
//some people change their db charset
if (isset($config['Mysqli']['charset']))
{
$forum_db_charset = $config['Mysqli']['charset'];
@@ -89,7 +89,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$forum_pass = $script_pass;
$forum_prefix = $script_prefix;
//some people change their db charset
//some people change their db charset
if (isset($script_db_charset))
{
$forum_db_charset = $script_db_charset;
@@ -120,7 +120,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$name = empty($script_cp1256) || ! $script_cp1256 || $hashed ? $name : $usrcp->kleeja_utf8($name, false);
$query_salt = [
'SELECT' => $hashed ? '*' : ($isVB5 ? 'token' : 'salt'),
'SELECT' => $hashed ? '*' : ($isVB5 ? 'token' : 'salt'),
'FROM' => "`{$forum_prefix}user`",
];
@@ -147,7 +147,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
if (! $hashed)
{
$pass = ! $isVB5
$pass = ! $isVB5
? md5(md5($pass) . $row1['salt']) // without normal md5
: crypt(md5($pass), $row1['token']);
@@ -176,18 +176,18 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
$userinfo = $row;
$userinfo['group_id'] = ($row['usergroupid'] == 6 ? 1 : 3);
$user_y = kleeja_base64_encode(serialize(['id'=>$row['userid'], 'name'=>USER_NAME, 'mail'=>$row['email'], 'last_visit'=>time()]));
$user_y = base64_encode(serialize(['id'=>$row['userid'], 'name'=>USER_NAME, 'mail'=>$row['email'], 'last_visit'=>time()]));
$hash_key_expire = sha1(md5($config['h_key'] . ($isVB5 ? $row['token'] : $row['password'])) . $expire);
if (! $loginadm)
{
$usrcp->kleeja_set_cookie('ulogu', $usrcp->en_de_crypt(
$row['userid'] . '|' .
($isVB5 ? $row['token'] : $row['password']) . '|' .
$expire . '|' .
$hash_key_expire . '|' .
($row['usergroupid'] == 6 ? 1 : 3) . '|' .
$row['userid'] . '|' .
($isVB5 ? $row['token'] : $row['password']) . '|' .
$expire . '|' .
$hash_key_expire . '|' .
($row['usergroupid'] == 6 ? 1 : 3) . '|' .
$user_y
), $expire);
}
@@ -217,7 +217,7 @@ function kleeja_auth_login ($name, $pass, $hashed = false, $expire, $loginadm =
}
}//whil1
$SQLVB->freeresult($result_salt);
$SQLVB->freeresult($result_salt);
unset($pass);
$SQLVB->close();

2
includes/functions.php
View File

@@ -216,7 +216,7 @@ function kleeja_get_page()
*/
function _sm_mk_utf8($text)
{
return '=?UTF-8?B?' . kleeja_base64_encode($text) . '?=';
return '=?UTF-8?B?' . base64_encode($text) . '?=';
}
/**

208
includes/functions_alternative.php
View File

@@ -9,8 +9,8 @@
/**
* After a lot of work, we faced many hosts who use a old PHP version, or
* they disabled many general functions ...
* After a lot of work, we faced many hosts who use a old PHP version, or
* they disabled many general functions ...
* so, this file contains those type of functions.
*/
@@ -21,207 +21,3 @@ if (! defined('IN_COMMON'))
exit();
}
if (! function_exists('htmlspecialchars_decode'))
{
function htmlspecialchars_decode($string, $style=ENT_COMPAT)
{
$translation = array_flip(get_html_translation_table(HTML_SPECIALCHARS, $style));
if ($style === ENT_QUOTES)
{
$translation['''] = '\'';
}
return strtr($string, $translation);
}
}
//
//http://us2.php.net/manual/en/function.str-split.php#84891
if (! function_exists('str_split'))
{
function str_split($string, $string_length=1)
{
if (strlen($string) > $string_length || ! $string_length)
{
do
{
$c = strlen($string);
$parts[] = substr($string, 0, $string_length);
$string = substr($string, $string_length);
} while ($string !== false);
}
else
{
$parts = [$string];
}
return $parts;
}
}
//Custom base64_* functions
function kleeja_base64_encode($str = '')
{
return function_exists('base64_encode') ? base64_encode($str) : base64encode($str);
}
function kleeja_base64_decode($str = '')
{
return function_exists('base64_decode') ? base64_decode($str) : base64decode($str);
}
//http://www.php.net/manual/en/function.base64-encode.php#63270
function base64encode($string = '')
{
if (! function_exists('convert_binary_str'))
{
function convert_binary_str($string)
{
if (strlen($string) <= 0)
{
return;
}
$tmp = decbin(ord($string[0]));
$tmp = str_repeat('0', 8-strlen($tmp)) . $tmp;
return $tmp . convert_binary_str(substr($string, 1));
}
}
$binval = convert_binary_str($string);
$final = '';
$start = 0;
while ($start < strlen($binval))
{
if (strlen(substr($binval, $start)) < 6)
{
$binval .= str_repeat('0', 6-strlen(substr($binval, $start)));
}
$tmp = bindec(substr($binval, $start, 6));
if ($tmp < 26)
{
$final .= chr($tmp+65);
}
elseif ($tmp > 25 && $tmp < 52)
{
$final .= chr($tmp+71);
}
elseif ($tmp == 62)
{
$final .= '+';
}
elseif ($tmp == 63)
{
$final .= '/';
}
elseif (! $tmp)
{
$final .= 'A';
}
else
{
$final .= chr($tmp-4);
}
$start += 6;
}
if (strlen($final)%4>0)
{
$final .= str_repeat('=', 4-strlen($final)%4);
}
return $final;
}
function base64decode($str)
{
$len = strlen($str);
$ret = '';
$b64 = [];
$base64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
$len_base64 = strlen($base64);
for ($i = 0; $i < 256; $i++)
{
$b64[$i] = 0;
}
for ($i = 0; $i < $len_base64; $i++)
{
$b64[ord($base64[$i])] = $i;
}
for ($j=0;$j<$len;$j+=4)
{
for ($i = 0; $i < 4; $i++)
{
$c = ord($str[$j+$i]);
$a[$i] = $c;
$b[$i] = $b64[$c];
}
$o[0] = ($b[0] << 2) | ($b[1] >> 4);
$o[1] = ($b[1] << 4) | ($b[2] >> 2);
$o[2] = ($b[2] << 6) | $b[3];
if ($a[2] == ord('='))
{
$i = 1;
}
elseif ($a[3] == ord('='))
{
$i = 2;
}
else
{
$i = 3;
}
for ($k=0;$k<$i;$k++)
{
$ret .= chr((int) $o[$k] & 255);
}
if ($i < 3)
{
break;
}
}
return $ret;
}
if (! function_exists('filesize'))
{
function kleeja_filesize($filename)
{
$a = fopen($filename, 'r');
fseek($a, 0, SEEK_END);
$filesize = ftell($a);
fclose($a);
return $filesize;
}
}
else
{
function kleeja_filesize($filename)
{
return filesize($filename);
}
}
if (! function_exists('array_column'))
{
function array_column($array, $column_name)
{
return array_map(
function($element) use ($column_name) {
return $element[$column_name];
},
array_values($array)
);
}
}

12
includes/up_helpers/others.php
View File

@@ -17,7 +17,7 @@ if (! defined('IN_COMMON'))
/**
* checking the safety and validity of sub-extension of given file
*
*
* @param mixed $filename
*/
function ext_check_safe($filename)
@@ -256,7 +256,7 @@ function check_mime_type($given_file_mime, $file_ext, $file_path)
//if normal checks failed!
if (@kleeja_filesize($file_path) > 6*(1000*1024))
if (@filesize($file_path) > 6*(1000*1024))
{
return true;
}
@@ -285,7 +285,7 @@ function check_mime_type($given_file_mime, $file_ext, $file_path)
/**
* to prevent flooding at uploading
* to prevent flooding at uploading
* @param mixed $user_id
*/
function user_is_flooding($user_id = '-1')
@@ -307,9 +307,9 @@ function user_is_flooding($user_id = '-1')
return false;
}
//In my point of view I see 30 seconds is not bad rate to stop flooding ..
//even though this minimum rate sometime isn't enough to protect Kleeja from flooding attacks
$time = time() - ($user_id == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']);
//In my point of view I see 30 seconds is not bad rate to stop flooding ..
//even though this minimum rate sometime isn't enough to protect Kleeja from flooding attacks
$time = time() - ($user_id == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']);
$query = [
'SELECT' => 'f.time',

17
includes/usr.php
View File

@@ -106,7 +106,7 @@ class usrcp
if ($row['password'] == $passmd5)
{
////new salt
$new_salt = substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$new_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
////new password hash
$new_password = $this->kleeja_hash_password(trim($pass) . $new_salt);
@@ -145,7 +145,7 @@ class usrcp
//all user fileds info
$userinfo = $row;
$user_y = kleeja_base64_encode(serialize(['id'=>$row['id'], 'name'=>$row['name'], 'mail'=>$row['mail'], 'last_visit'=>$row['last_visit']]));
$user_y = base64_encode(serialize(['id'=>$row['id'], 'name'=>$row['name'], 'mail'=>$row['mail'], 'last_visit'=>$row['last_visit']]));
if (! $hashed && ! $loginadm)
{
@@ -272,11 +272,6 @@ class usrcp
//clean usernames
public function cleanusername($uname)
{
if (! function_exists('kleeja_base64_decode'))
{
include_once PATH . 'includes/functions_alternative.php';
}
is_array($plugin_run_result = Plugins::getInstance()->run('cleanusername_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
static $arabic_t = [];
@@ -288,7 +283,7 @@ class usrcp
if (empty($arabic_t))
{
//Arabic chars must be stay in utf8 format, so we encoded them
$arabic_t = unserialize(kleeja_base64_decode('YToyOntpOjA7YToxMjp7aTowO3M6Mjoi2KMiO2k6MTtzOjI6ItilIjtpOjI7czoyOiLYpCI7aTozO3M6Mjoi2YAiO2k6NDtzOjI6Itm' .
$arabic_t = unserialize(base64_decode('YToyOntpOjA7YToxMjp7aTowO3M6Mjoi2KMiO2k6MTtzOjI6ItilIjtpOjI7czoyOiLYpCI7aTozO3M6Mjoi2YAiO2k6NDtzOjI6Itm' .
'LIjtpOjU7czoyOiLZjCI7aTo2O3M6Mjoi2Y8iO2k6NztzOjI6ItmOIjtpOjg7czoyOiLZkCI7aTo5O3M6Mjoi2ZIiO2k6MTA7czoyOiLYoiI7aToxMTtzOjI6ItimIjt9aToxO' .
'2E6MTI6e2k6MDtzOjI6ItinIjtpOjE7czoyOiLYpyI7aToyO3M6Mjoi2YgiO2k6MztzOjA6IiI7aTo0O3M6MDoiIjtpOjU7czowOiIiO2k6NjtzOjA6IiI7aTo3O3M6MDoiIjt' .
'pOjg7czowOiIiO2k6OTtzOjA6IiI7aToxMDtzOjI6ItinIjtpOjExO3M6Mjoi2YkiO319'));
@@ -381,7 +376,7 @@ class usrcp
switch ($type)
{
case 1:
$data = str_replace('=', '_', kleeja_base64_encode($data));
$data = str_replace('=', '_', base64_encode($data));
$data = strtr($data, $txt);
break;
@@ -390,7 +385,7 @@ class usrcp
$txtx = array_flip($txt);
$txtx = array_reverse($txtx, true);
$data = strtr($data, $txtx);
$data = kleeja_base64_decode(str_replace('_', '=', $data));
$data = base64_decode(str_replace('_', '=', $data));
break;
}
@@ -445,7 +440,7 @@ class usrcp
{
if (! empty($u_info))
{
$userinfo = unserialize(kleeja_base64_decode($u_info));
$userinfo = unserialize(base64_decode($u_info));
$userinfo['group_id'] = $group_id;
$userinfo['password'] = $hashed_password;

2
install/install.php
View File

@@ -208,7 +208,7 @@ case 'data' :
include_once PATH . 'includes/functions_alternative.php';
$usrcp = new usrcp;
$user_salt = substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_pass = $usrcp->kleeja_hash_password(p('password') . $user_salt);
$user_name = $SQL->escape(p('username'));
$user_mail = $SQL->escape(p('email'));

2
install/quick.php
View File

@@ -83,7 +83,7 @@ include_once PATH . 'includes/functions_alternative.php';
$usrcp = new usrcp;
$password = ! empty($cli_options['password']) ? $cli_options['password'] : mt_rand();
$user_salt = substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_pass = $usrcp->kleeja_hash_password($password . $user_salt);
$user_name = $clean_name = 'admin';
$user_mail = $config_sitemail = 'admin@example.com';

4
ucp.php
View File

@@ -232,7 +232,7 @@ switch (g('go'))
if (empty($ERRORS))
{
$name = (string) $SQL->escape(trim(p('lname')));
$user_salt = (string) substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = (string) substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = (string) $usrcp->kleeja_hash_password($SQL->escape(trim(p('lpass'))) . $user_salt);
$mail = (string) strtolower(trim($SQL->escape(p('lmail'))));
$session_id = (string) session_id();
@@ -701,7 +701,7 @@ switch (g('go'))
//no errors , do it
if (empty($ERRORS))
{
$user_salt = substr(kleeja_base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$user_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$mail = $new_mail ? "mail='" . $SQL->escape(strtolower(trim(p('pmail')))) . "'" : '';
$showmyfile = p('show_my_filecp', 'int') != $show_my_filecp ? ($mail == '' ? '': ',') . "show_my_filecp='" . p('show_my_filecp', 'int') . "'" : '';
$pass = ! empty(p('ppass_new')) ? ($showmyfile != '' || $mail != '' ? ',' : '') . "password='" . $usrcp->kleeja_hash_password($SQL->escape(p('ppass_new')) . $user_salt) .