--- a/includes/sessions.php Sun Dec 02 15:27:21 2007 -0500
+++ b/includes/sessions.php Sun Dec 02 16:00:10 2007 -0500
@@ -150,7 +150,6 @@
* @var string
*/
- //var $valid_username = '([A-Za-z0-9 \!\@\(\)-]+)';
var $valid_username = '([^<>&\?\'"%\n\r\t\a\/]+)';
/**
@@ -261,7 +260,7 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
- if ( defined('IN_ENANO_INSTALL') )
+ if ( defined('IN_ENANO_INSTALL') && !defined('IN_ENANO_UPGRADE') )
{
@include(ENANO_ROOT.'/config.new.php');
}
@@ -282,7 +281,7 @@
{
// Generate and stash a private key
// This should only happen during an automated silent gradual migration to the new encryption platform.
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$this->private_key = $aes->gen_readymade_key();
$config = file_get_contents(ENANO_ROOT.'/config.php');
@@ -511,7 +510,10 @@
else
{
$key = strrev($_REQUEST['auth']);
- $super = $this->validate_session($key);
+ if ( !empty($key) && ( strlen($key) / 2 ) % 4 == 0 )
+ {
+ $super = $this->validate_session($key);
+ }
}
if(is_array($super))
{
@@ -529,13 +531,13 @@
if(!$this->compat)
{
// init groups
- $q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g
- LEFT JOIN '.table_prefix.'group_members AS m
- ON g.group_id=m.group_id
- WHERE ( m.user_id='.$this->user_id.'
- OR g.group_name=\'Everyone\')
- ' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '
- ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
+ $q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g' . "\n"
+ . ' LEFT JOIN '.table_prefix.'group_members AS m' . "\n"
+ . ' ON g.group_id=m.group_id' . "\n"
+ . ' WHERE ( m.user_id='.$this->user_id.'' . "\n"
+ . ' OR g.group_name=\'Everyone\')' . "\n"
+ . ' ' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '' . "\n"
+ . ' ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden
if($row = $db->fetchrow())
{
do {
@@ -618,16 +620,27 @@
}
// Instanciate the Rijndael encryption object
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
// Fetch our decryption key
$aes_key = $this->fetch_public_key($aes_key_id);
- if(!$aes_key)
+ if ( !$aes_key )
+ {
+ // It could be that our key cache is full. If it seems larger than 65KB, clear it
+ if ( strlen(getConfig('login_key_cache')) > 65000 )
+ {
+ setConfig('login_key_cache', '');
+ return array(
+ 'success' => false,
+ 'error' => 'key_not_found_cleared',
+ );
+ }
return array(
'success' => false,
'error' => 'key_not_found'
);
+ }
// Convert the key to a binary string
$bin_key = hexdecode($aes_key);
@@ -862,7 +875,7 @@
}
// Instanciate the Rijndael encryption object
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
// Initialize our success switch
$success = false;
@@ -1059,7 +1072,7 @@
$session_key = "u=$username;p=$passha1;s=$salt";
// Encrypt the key
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
// If we're registering an elevated-privilege key, it needs to be on GET
@@ -1172,7 +1185,8 @@
if ( !$decrypted_key )
{
- die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
+ // die_semicritical('AES encryption error', '<p>Something went wrong during the AES decryption process.</p><pre>'.print_r($decrypted_key, true).'</pre>');
+ return false;
}
$n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata);
@@ -1183,16 +1197,19 @@
}
$keyhash = md5($key);
$salt = $db->escape($keydata[3]);
- $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,u.user_lang,x.* FROM '.table_prefix.'session_keys AS k
- LEFT JOIN '.table_prefix.'users AS u
- ON ( u.user_id=k.user_id )
- LEFT JOIN '.table_prefix.'users_extra AS x
- ON ( u.user_id=x.user_id OR x.user_id IS NULL )
- LEFT JOIN '.table_prefix.'privmsgs AS p
- ON ( p.message_to=u.username AND p.message_read=0 )
- WHERE k.session_key=\''.$keyhash.'\'
- AND k.salt=\''.$salt.'\'
- GROUP BY u.user_id;');
+ // using a normal call to $db->sql_query to avoid failing on errors here
+ $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n"
+ . ' u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n"
+ . ' x.* FROM '.table_prefix.'session_keys AS k' . "\n"
+ . ' LEFT JOIN '.table_prefix.'users AS u' . "\n"
+ . ' ON ( u.user_id=k.user_id )' . "\n"
+ . ' LEFT JOIN '.table_prefix.'users_extra AS x' . "\n"
+ . ' ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
+ . ' LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
+ . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
+ . ' WHERE k.session_key=\''.$keyhash.'\'' . "\n"
+ . ' AND k.salt=\''.$salt.'\'' . "\n"
+ . ' GROUP BY u.user_id;');
if ( !$query )
{
$query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k
@@ -1337,7 +1354,7 @@
$oid = $this->user_id;
if($level > USER_LEVEL_CHPREF)
{
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
if(!$this->user_logged_in || $this->auth_level < USER_LEVEL_MOD)
{
return 'success';
@@ -1416,7 +1433,7 @@
function rijndael_genkey()
{
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$key = $aes->gen_readymade_key();
$keys = getConfig('login_key_cache');
if(is_string($keys))
@@ -1434,7 +1451,7 @@
function dss_rand()
{
- $aes = new AESCrypt();
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$random = $aes->randkey(128);
unset($aes);
return md5(microtime() . $random);
@@ -1551,7 +1568,7 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
$col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
- $is_banned = false;
+ $banned = false;
if ( $this->user_logged_in )
{
// check by IP, email, and username
@@ -1646,7 +1663,7 @@
global $db, $session, $paths, $template, $plugins; // Common objects
// Initialize AES
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
$username = str_replace('_', ' ', $username);
@@ -2002,7 +2019,7 @@
function register_temp_password($user_id, $password)
{
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX);
$this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';');
}
@@ -2113,7 +2130,7 @@
if(intval($user_id) < 1) $errors[] = 'SQL injection attempt';
// Instanciate the AES encryption class
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
// If all of our input vars are false, then we've effectively done our job so get out of here
if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false)
@@ -2407,7 +2424,9 @@
$this->acl_defaults_used = $this->perms;
// Fetch sitewide defaults from the permissions table
- $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( ';
+ $bs = 'SELECT rules, target_type, target_id FROM '.table_prefix.'acl' . "\n"
+ . ' WHERE page_id IS NULL AND namespace IS NULL AND' . "\n"
+ . ' ( ';
$q = Array();
$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )';
@@ -2418,7 +2437,7 @@
$q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )';
}
}
- $bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;';
+ $bs .= implode(" OR \n ", $q) . " ) \n ORDER BY target_type ASC, target_id ASC;";
$q = $this->sql($bs);
if ( $row = $db->fetchrow() )
{
@@ -2462,7 +2481,7 @@
}
// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
// permissions to override group permissions.
- $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) )
+ $bs .= implode(" OR\n ", $q) . " )\n AND (" . $pg_info . ' ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) )
ORDER BY target_type ASC, page_id ASC, namespace ASC;';
$q = $this->sql($bs);
if ( $row = $db->fetchrow() )
@@ -2904,7 +2923,8 @@
}
// Build a query to grab ACL info
- $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( ';
+ $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ' . "\n"
+ . ' ( ';
$q = Array();
$q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
if(count($session->groups) > 0)
@@ -2916,7 +2936,7 @@
}
// The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual
// permissions to override group permissions.
- $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
+ $bs .= implode(" OR\n ", $q) . ' ) AND (' . $pg_info . ' page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' )
ORDER BY target_type ASC, page_id ASC, namespace ASC;';
$q = $session->sql($bs);
if ( $row = $db->fetchrow() )