Add key in cookies to verify non-logged in user

2022-01-12 23:44:35 +00:00 · 2022-01-12 23:44:35 +00:00 · 7410bbdb2e
parent 74f7f09fb1
commit 7410bbdb2e
2 changed files with 15 additions and 7 deletions
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@ -571,6 +571,16 @@ function groups_show($gruppen) {
  echo 'Latest</td><td style="text-align: center;">Newsgroup</td><td width="8%" class="np_thread_head">Messages</td><td width="20%" class="np_thread_head" >Last Message</td></tr>';
  $subs =  array();
  $nonsubs = array();
+  $user = null;
+  $pkey_config = get_user_config(strtolower($_COOKIE['mail_name']), "pkey");
+  $pkey_cookie = $_COOKIE['pkey'];
+  if(isset($_COOKIE['mail_name'])) {
+    if($pkey_config == $pkey_cookie) {
+      $user = strtolower($_COOKIE['mail_name']);
+      $userfile=$spooldir.'/'.$user.'-articleviews.dat';
+      $userdata = unserialize(file_get_contents($userfile));
+    }
+  }
  for($i = 0 ; $i < $c ; $i++) {
    unset($groupdisplay);
    $g = $gruppen[$i];
@ -582,12 +592,6 @@ function groups_show($gruppen) {
      if($acttype!="group") {
        $acttype="group";
      }
-      $user = null;
-      if(isset($_COOKIE['mail_name'])) {
-        $user = strtolower($_COOKIE['mail_name']);
-        $userfile=$spooldir.'/'.$user.'-articleviews.dat';
-        $userdata = unserialize(file_get_contents($userfile));
-      }
 /* Display group name and description */
      if(isset($userdata[$g->name])) {
        $lineclass="np_thread_line2";
@ -1208,7 +1212,7 @@ function get_user_config($username,$request) {
        $userdataline=$buffer;
        fclose($userFileHandle);
        $userdatafound = explode(':',$userdataline);
-        return $userdatafound[1];
+        return trim($userdatafound[1]);
      }
    }
    fclose($userFileHandle);
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@ -40,6 +40,8 @@ include "head.inc";
  } else {
    if(check_bbs_auth($_POST['username'], $_POST['password'])) {
      $authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
+      $pkey = hash('crc32', get_user_config($_POST['username'],'encryptionkey'));
+      set_user_config(strtolower($_POST['username']), "pkey", $pkey);
 ?>
      <script type="text/javascript">
       if (navigator.cookieEnabled)
@ -47,8 +49,10 @@ include "head.inc";
         var savename = "<?php echo stripslashes($name); ?>";
 	 var auth_expire = "<?php echo $auth_expire; ?>";
 	 var name_expire = "7776000";
+	 var pkey = "<?php echo $pkey; ?>";
         document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
         document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
+         document.cookie = "pkey="+pkey+"; max-age="+name_expire+"; path=/";
      </script>
 <?php
      $logged_in = true;