Use sitekey for input verification instead of admin key

This commit is contained in:
Retro_Guy 2021-05-15 01:51:39 -07:00
parent db4b2b4e89
commit 483951d74c
3 changed files with 11 additions and 15 deletions

View File

@ -2,14 +2,13 @@
include "config.inc.php"; include "config.inc.php";
include "newsportal.php"; include "newsportal.php";
include $config_dir.'/admin.inc.php';
if(isset($_COOKIE['tzo'])) { if(isset($_COOKIE['tzo'])) {
$offset=$_COOKIE['tzo']; $offset=$_COOKIE['tzo'];
} else { } else {
$offset=$CONFIG['timezone']; $offset=$CONFIG['timezone'];
} }
if($_REQUEST['command'] == 'Show' && $_REQUEST['key'] == hash('md5', $admin['key'])) { if($_REQUEST['command'] == 'Show' && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {
$getfilename = $spooldir.'/upload/'.$_REQUEST['showfile']; $getfilename = $spooldir.'/upload/'.$_REQUEST['showfile'];
$getfh = fopen($getfilename, "rb"); $getfh = fopen($getfilename, "rb");
$getfile = fread($getfh, filesize($getfilename)); $getfile = fread($getfh, filesize($getfilename));
@ -41,7 +40,7 @@ include "head.inc";
echo "Select a user directory to browse</small></strong>"; echo "Select a user directory to browse</small></strong>";
echo '<form name="browse" method="post" action="files.php" enctype="multipart/form-data">'; echo '<form name="browse" method="post" action="files.php" enctype="multipart/form-data">';
echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">'; echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">';
echo '<input type="hidden" name="key" value="'.hash('md5', $admin['key']).'">'; echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
echo '<select name="listbox">'; echo '<select name="listbox">';
foreach($users as $user) { foreach($users as $user) {
$num = count(scandir($spooldir.'/upload/'.$user.'/')) - 2; $num = count(scandir($spooldir.'/upload/'.$user.'/')) - 2;
@ -57,11 +56,11 @@ include "head.inc";
echo '</form>'; echo '</form>';
} }
if($found == 1 && $_POST['key'] == hash('md5', $admin['key'])) { if($found == 1 && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {
display_user_files($_POST['listbox'], $offset, $admin); display_user_files($_POST['listbox'], $offset);
} }
function display_user_files($user, $offset, $admin) { function display_user_files($user, $offset) {
global $CONFIG, $spooldir, $text_header; global $CONFIG, $spooldir, $text_header;
$directory = $spooldir.'/upload/'.$user.'/'; $directory = $spooldir.'/upload/'.$user.'/';
if(is_dir($directory)) { if(is_dir($directory)) {
@ -95,12 +94,11 @@ function display_user_files($user, $offset, $admin) {
echo '<button class="np_button_link" type="submit">'.$file.'</button>'; echo '<button class="np_button_link" type="submit">'.$file.'</button>';
echo '<input type="hidden" name="showfile" value="'.$user.'/'.$file.'"/>'; echo '<input type="hidden" name="showfile" value="'.$user.'/'.$file.'"/>';
echo '<input type="hidden" name="showfilename" value="'.$file.'"/>'; echo '<input type="hidden" name="showfilename" value="'.$file.'"/>';
echo '<input type="hidden" name="key" value="'.hash('md5', $admin['key']).'">'; echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
echo '<input type="hidden" name="contenttype" value="'.$mime.'">'; echo '<input type="hidden" name="contenttype" value="'.$mime.'">';
echo '<input name="command" type="hidden" id="command" value="Show" readonly="readonly">'; echo '<input name="command" type="hidden" id="command" value="Show" readonly="readonly">';
echo '</form>'; echo '</form>';
echo '</td>'; echo '</td>';
// echo '<td class="'.$lineclass.'"><span class="np_thread_line_text">'.$file.'</span></td>';
echo '<td class="'.$lineclass.'"><span class="np_thread_line_text">'.$mime.'</span></td>'; echo '<td class="'.$lineclass.'"><span class="np_thread_line_text">'.$mime.'</span></td>';
echo '<td class="'.$lineclass.'"><span class="np_thread_line_text">'.$newdate.'</span></td>'; echo '<td class="'.$lineclass.'"><span class="np_thread_line_text">'.$newdate.'</span></td>';
echo '</tr>'; echo '</tr>';

View File

@ -4,11 +4,10 @@ session_start();
include "config.inc.php"; include "config.inc.php";
include "newsportal.php"; include "newsportal.php";
include $config_dir.'/admin.inc.php';
$snippet_size = 100; $snippet_size = 100;
if(!isset($_POST['key']) || $_POST['key'] !== hash('md5', $admin['key'])) { if(!isset($_POST['key']) || !password_verify($CONFIG['thissitekey'], $_POST['key'])) {
include "head.inc"; include "head.inc";
echo '<h1 class="np_thread_headline">'; echo '<h1 class="np_thread_headline">';
@ -66,7 +65,7 @@ if ($_GET['searchpoint'] == 'Poster') {
if(isset($_GET['group'])) { if(isset($_GET['group'])) {
echo '<input type="hidden" name="group" value="'.$_GET['group'].'">'; echo '<input type="hidden" name="group" value="'.$_GET['group'].'">';
} }
echo '<input type="hidden" name="key" value="'.hash('md5', $admin['key']).'">'; echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
?> ?>
</tr> </tr>

View File

@ -1,7 +1,6 @@
<?php <?php
include "config.inc.php"; include "config.inc.php";
include "newsportal.php"; include "newsportal.php";
include $config_dir.'/admin.inc.php';
if(isset($_POST['username'])) { if(isset($_POST['username'])) {
$name = $_POST['username']; $name = $_POST['username'];
@ -23,7 +22,7 @@ include "head.inc";
if(isset($_FILES)) { if(isset($_FILES)) {
// Check auth here // Check auth here
if(isset($_POST['key']) && $_POST['key'] == hash('md5', $admin['key'])) { if(isset($_POST['key']) && password_verify($CONFIG['thissitekey'], $_POST['key'])) {
if(check_bbs_auth($_POST['username'], $_POST['password'])) { if(check_bbs_auth($_POST['username'], $_POST['password'])) {
$userdir = '/var/spool/rslight/upload/'.strtolower($_POST[username]); $userdir = '/var/spool/rslight/upload/'.strtolower($_POST[username]);
$upload_to = $userdir.'/'.$_FILES[photo][name]; $upload_to = $userdir.'/'.$_FILES[photo][name];
@ -49,11 +48,11 @@ if(isset($_FILES)) {
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">'; echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">'; echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">';
echo '<tr><td><strong>Please Login to Upload<br />(max size=1MB)</strong></td></tr>'; echo '<tr><td><strong>Please Login to Upload<br />(max size=2MB)</strong></td></tr>';
echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>'; echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>'; echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
echo '<td><input name="command" type="hidden" id="command" value="Upload" readonly="readonly"></td>'; echo '<td><input name="command" type="hidden" id="command" value="Upload" readonly="readonly"></td>';
echo '<input type="hidden" name="key" value="'.hash('md5', $admin['key']).'">'; echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
echo '<tr><td><input type="file" name="photo" id="fileSelect" value="fileSelect" accept="image/*,audio/*,text/*,application/*"></td> echo '<tr><td><input type="file" name="photo" id="fileSelect" value="fileSelect" accept="image/*,audio/*,text/*,application/*"></td>
'; ';
echo '<td>&nbsp;</td>'; echo '<td>&nbsp;</td>';