Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-16 04:59:42 +01:00
Code Issues Packages Projects Releases Activity

fixes

Browse Source
This commit is contained in:
Abdulrahman
2019-05-23 01:03:12 +03:00
parent a52aeba650
commit ace9ef92ae
5 changed files with 40 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
admin/index.php
View File

@@ -38,9 +38,9 @@ get_lang('acp');
//need to login again
//
if (
(empty($_SESSION['ADMINLOGIN']) || $_SESSION['ADMINLOGIN'] != md5(sha1($config['h_key']) . $usrcp->name() . $config['siteurl'])) ||
(empty($_SESSION['USER_SESS']) || $_SESSION['USER_SESS'] != session_id()) ||
(empty($_SESSION['ADMINLOGIN_T']) || $_SESSION['ADMINLOGIN_T'] < time())
(empty($_SESSION['ADMINLOGIN']) || $_SESSION['ADMINLOGIN'] != md5(sha1($config['h_key']) . $usrcp->name() . $config['siteurl'])) ||
(empty($_SESSION['USER_SESS']) || $_SESSION['USER_SESS'] != KJ_SESSION) ||
(empty($_SESSION['ADMINLOGIN_T']) || $_SESSION['ADMINLOGIN_T'] < time())
) {
if (ig('go') && g('go') == 'login')
{
@@ -48,7 +48,7 @@ if (
{
//login
$ERRORS = [];
$pass_field = 'lpass_' . preg_replace('/[^0-9]/', '', sha1($klj_session . sha1($config['h_key']) . p('kid')));
$pass_field = 'lpass_' . preg_replace('/[^0-9]/', '', sha1(KJ_SESSION . sha1($config['h_key']) . p('kid')));
if (! empty($_SESSION['SHOW_CAPTCHA']))
@@ -79,7 +79,7 @@ if (
{
if ($f = $usrcp->data(p('lname'), p($pass_field), false, 3600*6, true))
{
$_SESSION['USER_SESS'] = session_id();
$_SESSION['USER_SESS'] = KJ_SESSION;
$_SESSION['ADMINLOGIN'] = md5(sha1($config['h_key']) . $usrcp->name() . $config['siteurl']);
//to make sure, sometime setting time from functions doesn't work
$_SESSION['ADMINLOGIN_T'] = time() + 18000;
@@ -115,7 +115,7 @@ if (
$action = './' . basename(ADMIN_PATH) . '?go=login&amp;cp=' . $go_to;
$H_FORM_KEYS = kleeja_add_form_key('admin_login');
$KEY_FOR_WEE = sha1(microtime() . sha1($config['h_key']));
$KEY_FOR_PASS = preg_replace('/[^0-9]/', '', sha1($klj_session . sha1($config['h_key']) . $KEY_FOR_WEE));
$KEY_FOR_PASS = preg_replace('/[^0-9]/', '', sha1(KJ_SESSION . sha1($config['h_key']) . $KEY_FOR_WEE));
$not_you = sprintf($lang['USERNAME_NOT_YOU'], '<a href="' . $config['siteurl'] . 'ucp.php?go=logout">', '</a>');
$show_captcha = ! empty($_SESSION['SHOW_CAPTCHA']);
@@ -272,7 +272,7 @@ is_array($plugin_run_result = Plugins::getInstance()->run('begin_admin_page', ge
/**
* Exception of 406 ! dirty hosting
* 'configs' word listed as dangrous requested word
* so we replaced this word with 'options' instead.
* so we replaced this word with 'options' instead.
*/
if ($go_to == 'options')
{
@@ -285,7 +285,7 @@ if (! $go_to || empty($go_to) || ! in_array($go_to, $adm_extensions))
$go_to = 'start';
}
//make array for menu
//make array for menu
$adm_extensions_menu = $adm_topmenu = [];
@@ -298,7 +298,7 @@ $cr_time = LAST_VISIT > 0 ? LAST_VISIT : time() - 3600*12;
// check calls and reports numbers
if (ig('check_msgs') || ! ig('_ajax_')):
//small bubble system
//small bubble system
//any item can show what is inside it as unread messages
$kbubbles = [];
@@ -375,7 +375,7 @@ $assigned_klj_ver = preg_replace('!#([a-z0-9]+)!', '', KLEEJA_VERSION);
//for plugins
$styleePath = null;
//get it
//get it
if (file_exists(ADM_FILES_PATH . '/' . $go_to . '.php'))
{
$include = true;

30
includes/FetchFile.php
View File

@@ -91,9 +91,10 @@ class FetchFile
protected function finishUp()
{
global $klj_session;
session_id($klj_session);
if(defined('KJ_SESSION'))
{
session_id(constant('KJ_SESSION'));
}
session_start();
}
@@ -102,13 +103,15 @@ class FetchFile
{
$ch = curl_init($this->url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Kleeja)');
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
if ($this->binary)
{
@@ -120,7 +123,13 @@ class FetchFile
{
$out = fopen($this->destinationPath, 'w');
curl_setopt($ch, CURLOPT_FILE, $out);
curl_exec($ch);
$result = curl_exec($ch);
if ($result === false)
{
kleeja_log(sprintf("cUrl error (#%d): %s\n", curl_errno($ch), htmlspecialchars(curl_error($ch))));
}
curl_close($ch);
fclose($out);
@@ -129,7 +138,12 @@ class FetchFile
else
{
$data = curl_exec($ch);
if ($data === false)
{
kleeja_log(sprintf("FetchFile error (curl: #%d): %s\n", curl_errno($ch), htmlspecialchars(curl_error($ch))));
}
curl_close($ch);
return $data;
}
}

13
includes/common.php
View File

@@ -123,8 +123,6 @@ if (! is_bot() && ! isset($_SESSION))
}
//no enough data
if (empty($dbname) || empty($dbuser))
{
@@ -188,6 +186,7 @@ while ($row=$SQL->fetch_array($result))
$config[$row['name']] = $row['value'];
}
$SQL->freeresult($result);
//check user or guest
@@ -242,16 +241,10 @@ date_default_timezone_set('GMT');
//kleeja session id
$klj_session = $SQL->escape(session_id());
define('KJ_SESSION', preg_replace('/[^-,a-zA-Z0-9]/', '', session_id()));
//site url must end with /
if ($config['siteurl'])
{
$config['siteurl'] = $config['siteurl'][strlen($config['siteurl'])-1] != '/'
? $config['siteurl'] . '/'
: $config['siteurl'];
}
$config['siteurl'] = rtrim($config['siteurl'], '/') . '/';
//check lang

15
includes/usr.php
View File

@@ -17,10 +17,8 @@ if (! defined('IN_COMMON'))
class usrcp
{
public function data ($name, $pass, $hashed = false, $expire = 86400, $loginadm = false)
public function data($name, $pass, $hashed = false, $expire = 86400, $loginadm = false)
{
global $config, $userinfo;
//expire
$expire = time() + ((int) $expire ? intval($expire) : 86400);
$name = trim($name);
@@ -35,7 +33,6 @@ class usrcp
return $login_status;
}
//normal
return $this->normal($name, $pass, $hashed, $expire, $loginadm);
}
@@ -43,8 +40,6 @@ class usrcp
//get username by id
public function usernamebyid($user_id)
{
global $config;
$return_now = $auth_status = false;
is_array($plugin_run_result = Plugins::getInstance()->run('auth_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
@@ -92,7 +87,8 @@ class usrcp
while ($row=$SQL->fetch_array($result))
{
if (empty($row['password']))
{ //more security
{
//more security
return false;
}
@@ -208,7 +204,7 @@ class usrcp
}
// user ids
public function id ()
public function id()
{
is_array($plugin_run_result = Plugins::getInstance()->run('id_func_usr_class', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
@@ -429,9 +425,6 @@ class usrcp
//if not expire
if (($hashed_expire == sha1(md5($config['h_key'] . $hashed_password) . $expire_at)) && ($expire_at > time()))
{
// For better performance we will take the risks
// !defined('IN_DOWNLOAD')
//exit(print_r( @explode('|', $this->en_de_crypt($this->kleeja_get_cookie('ulogu'), 2))));
if (user_can('enter_acp', $group_id))
{
$user_data = $this->data($user_id, $hashed_password, true, $expire_at);

2
ucp.php
View File

@@ -235,7 +235,7 @@ switch (g('go'))
$user_salt = (string) substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = (string) $usrcp->kleeja_hash_password($SQL->escape(trim(p('lpass'))) . $user_salt);
$mail = (string) strtolower(trim($SQL->escape(p('lmail'))));
$session_id = (string) session_id();
$session_id = (string) constant('KJ_SESSION');
$clean_name = (string) $usrcp->cleanusername($name);
$insert_query = [