Verify key each time for subscriptions

2022-01-20 04:05:06 +00:00 · 2022-01-20 04:05:06 +00:00 · a46dbced75
parent 0d057763b9
commit a46dbced75
4 changed files with 28 additions and 17 deletions
--- a/Rocksolid_Light/rocksolid/article-flat.php
+++ b/Rocksolid_Light/rocksolid/article-flat.php
@ -13,9 +13,9 @@
  $accessfile=$logdir.'/access.log';
  throttle_hits();
  if(isset($_COOKIE['mail_name'])) {
-    $user = strtolower($_COOKIE['mail_name']);
-    $userfile=$spooldir.'/'.$user.'-articleviews.dat';
-    $userdata = unserialize(file_get_contents($userfile));
+    if($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {
+      $userfile=$spooldir.'/'.strtolower($_COOKIE['mail_name']).'-articleviews.dat';
+    }
  }
  // register parameters
  $id=$_REQUEST["id"];
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@ -572,13 +572,9 @@ function groups_show($gruppen) {
  $subs =  array();
  $nonsubs = array();
  $user = null;
-  $pkey_config = get_user_config(strtolower($_COOKIE['mail_name']), "pkey");
-  $pkey_cookie = $_COOKIE['pkey'];
  if(isset($_COOKIE['mail_name'])) {
-    if($pkey_config == $pkey_cookie) {
-      $user = strtolower($_COOKIE['mail_name']);
-      $userfile=$spooldir.'/'.$user.'-articleviews.dat';
-      $userdata = unserialize(file_get_contents($userfile));
+    if($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {
+      $userfile=$spooldir.'/'.strtolower($_COOKIE['mail_name']).'-articleviews.dat';
    }
  }
  for($i = 0 ; $i < $c ; $i++) {
@ -1586,6 +1582,19 @@ $logfile=$logdir.'/newsportal.log';
  }
 }

+function get_user_mail_auth_data($user) {
+  global $spooldir;
+  $user = strtolower($user);
+  $pkey_config = get_user_config($user, "pkey");
+  $pkey_cookie = $_COOKIE['pkey'];
+  if($pkey_config == $pkey_cookie) {
+    $userfile=$spooldir.'/'.$user.'-articleviews.dat';
+    $userdata = unserialize(file_get_contents($userfile));
+    return $userdata;
+  }
+  return false;
+}
+
 function get_data_from_msgid($msgid) {
      global $spooldir;
      $database = $spooldir.'/articles-overview.db3';
--- a/Rocksolid_Light/rocksolid/overboard.php
+++ b/Rocksolid_Light/rocksolid/overboard.php
@ -29,10 +29,11 @@

  throttle_hits();
  if(isset($_COOKIE['mail_name'])) {
-    $user = strtolower($_COOKIE['mail_name']);
-    $userfile=$spooldir.'/'.$user.'-articleviews.dat';
-    $userdata = unserialize(file_get_contents($userfile));
+    if($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {
+      $userfile=$spooldir.'/'.strtolower($_COOKIE['mail_name']).'-articleviews.dat';
+    }
  }
+  
 if(isset($frames_on) && $frames_on === true) {
 ?>
 <script>
--- a/Rocksolid_Light/rocksolid/thread.php
+++ b/Rocksolid_Light/rocksolid/thread.php
@ -26,11 +26,12 @@ if(isset($_REQUEST["last"]))
    die();
  }

-if(isset($_COOKIE['mail_name'])) {
-  $user = strtolower($_COOKIE['mail_name']);
-  $userfile=$spooldir.'/'.$user.'-articleviews.dat';
-  $userdata = unserialize(file_get_contents($userfile));
-}
+  if(isset($_COOKIE['mail_name'])) {
+    if($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {
+      $userfile=$spooldir.'/'.strtolower($_COOKIE['mail_name']).'-articleviews.dat';
+    }
+  }
+  
 $thread_show["latest"]=true;
 $title.= ' - '.$group;
 include "head.inc";