novabbs
/
rocksolid-light
2
0
Fork 1
Code Issues 14 Pull Requests Releases Wiki Activity

Add key in cookies to verify non-logged in user

This commit is contained in:
Retro_Guy 2022-01-12 23:44:35 +00:00
parent 74f7f09fb1
commit 7410bbdb2e
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Rocksolid_Light/rocksolid/newsportal.php
View File

@ -571,6 +571,16 @@ function groups_show($gruppen) {
echo 'Latest</td><td style="text-align: center;">Newsgroup</td><td width="8%" class="np_thread_head">Messages</td><td width="20%" class="np_thread_head" >Last Message</td></tr>'; echo 'Latest</td><td style="text-align: center;">Newsgroup</td><td width="8%" class="np_thread_head">Messages</td><td width="20%" class="np_thread_head" >Last Message</td></tr>';
$subs = array(); $subs = array();
$nonsubs = array(); $nonsubs = array();
$user = null;
$pkey_config = get_user_config(strtolower($_COOKIE['mail_name']), "pkey");
$pkey_cookie = $_COOKIE['pkey'];
if(isset($_COOKIE['mail_name'])) {
if($pkey_config == $pkey_cookie) {
$user = strtolower($_COOKIE['mail_name']);
$userfile=$spooldir.'/'.$user.'-articleviews.dat';
$userdata = unserialize(file_get_contents($userfile));
}
}
for($i = 0 ; $i < $c ; $i++) { for($i = 0 ; $i < $c ; $i++) {
unset($groupdisplay); unset($groupdisplay);
$g = $gruppen[$i]; $g = $gruppen[$i];
@ -582,12 +592,6 @@ function groups_show($gruppen) {
if($acttype!="group") { if($acttype!="group") {
$acttype="group"; $acttype="group";
} }
$user = null;
if(isset($_COOKIE['mail_name'])) {
$user = strtolower($_COOKIE['mail_name']);
$userfile=$spooldir.'/'.$user.'-articleviews.dat';
$userdata = unserialize(file_get_contents($userfile));
}
/* Display group name and description */ /* Display group name and description */
if(isset($userdata[$g->name])) { if(isset($userdata[$g->name])) {
$lineclass="np_thread_line2"; $lineclass="np_thread_line2";
@ -1208,7 +1212,7 @@ function get_user_config($username,$request) {
$userdataline=$buffer; $userdataline=$buffer;
fclose($userFileHandle); fclose($userFileHandle);
$userdatafound = explode(':',$userdataline); $userdatafound = explode(':',$userdataline);
return $userdatafound[1]; return trim($userdatafound[1]);
} }
} }
fclose($userFileHandle); fclose($userFileHandle);

4
Rocksolid_Light/spoolnews/user.php
View File

@ -40,6 +40,8 @@ include "head.inc";
} else { } else {
if(check_bbs_auth($_POST['username'], $_POST['password'])) { if(check_bbs_auth($_POST['username'], $_POST['password'])) {
$authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT); $authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
$pkey = hash('crc32', get_user_config($_POST['username'],'encryptionkey'));
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
?> ?>
<script type="text/javascript"> <script type="text/javascript">
if (navigator.cookieEnabled) if (navigator.cookieEnabled)
@ -47,8 +49,10 @@ include "head.inc";
var savename = "<?php echo stripslashes($name); ?>"; var savename = "<?php echo stripslashes($name); ?>";
var auth_expire = "<?php echo $auth_expire; ?>"; var auth_expire = "<?php echo $auth_expire; ?>";
var name_expire = "7776000"; var name_expire = "7776000";
var pkey = "<?php echo $pkey; ?>";
document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/"; document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/"; document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
document.cookie = "pkey="+pkey+"; max-age="+name_expire+"; path=/";
</script> </script>
<?php <?php
$logged_in = true; $logged_in = true;