Added several input checks.

tbrehm

2009-03-23 0cef61a3fd0c988cf46f5e45f7e06ab4e1a720d6

Added several input checks.

 install/tpl/config.inc.php.master

@@ -39,8 +39,8 @@
    ini_set('register_globals',0);
    ini_set('magic_quotes_gpc', 0);
    
    if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
        die('Internal Error: GLOBALS override attempt detected');
    if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {

        die('Internal Error: var override attempt detected');

        exit;
    }
}

 interface/lib/app.inc.php

@@ -44,6 +44,11 @@
    public function __construct()
    {
        global $conf;
		
        if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {

            die('Internal Error: var override attempt detected');

        }

		
        $this->_conf = $conf;
        if($this->_conf['start_db'] == true) {
            $this->load('db_'.$this->_conf['db_type']);

 interface/web/admin/form/users.tform.php

@@ -142,7 +142,7 @@
                                        1 => array (    'type'    => 'UNIQUE',
                                                        'errmsg'=> 'username_unique'),
                                        2 => array (    'type'    => 'REGEX',
                                                        'regex' => '/^[\w\.\-\_]{0,50}$/',
                                                        'regex' => '/^[\w\.\-\_]{0,64}$/',

                                                        'errmsg'=> 'username_err'),
                                    ),
            'regex'        => '',

 interface/web/capp.php

@@ -35,7 +35,10 @@
$mod = $_REQUEST["mod"];

// Checke ob User eingeloggt
if(!is_array($_SESSION["s"]["user"])) header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);
if($_SESSION["s"]["user"]['active'] != 1) {

    header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);

    die();

}


// checke ob User Modul verwenden darf
$user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);

 interface/web/clang.php

File was deleted

 interface/web/client/form/client.tform.php

@@ -105,7 +105,7 @@
                                                        'function' => 'username_unique',
                                                        'errmsg'=> 'username_error_unique'),
                                        2 => array (    'type'    => 'REGEX',
                                                        'regex' => '/^[\w\.\-\_]{0,50}$/',
                                                        'regex' => '/^[\w\.\-\_]{0,64}$/',

                                                        'errmsg'=> 'username_error_regex'),
                                        ),
            'default'    => '',

 interface/web/content.php

@@ -70,8 +70,7 @@
    
} elseif (is_array($_SESSION["s"]['user']) or is_array($_SESSION["s"]["module"])) {
    // If the user is logged in, we try to load the default page of the module
    die('hhhhh');
	
    die('- error -');

} else {
    die('Page does not exist.');
}

 interface/web/index.php

@@ -36,66 +36,6 @@
$app->uses('tpl');
$app->tpl->newTemplate('main.tpl.htm');

/*

// Checke User Login and current module
if(!is_array($_SESSION["s"]['user']) or !is_array($_SESSION["s"]["module"])) {
    // Loading Login Module
    include_once('login/lib/module.conf.php');
    $_SESSION["s"]['module'] = $module;
    $topnav[] = array(    'title'     => "Login",
                          'active'     => 1);
    $module = null;
    unset($module);
} else {
    // Loading modules of the user and building top navigation
    $modules = explode(',',$_SESSION["s"]["user"]["modules"]);
    if(is_array($modules)) {
        foreach($modules as $mt) {
            if(is_file($mt."/lib/module.conf.php")) {
                include_once($mt."/lib/module.conf.php");
                $active = ($module["name"] == $_SESSION["s"]["module"]["name"])?1:0;
                $topnav[] = array(    'title'     => $app->lng($module["title"]),
                                      'active'     => $active,
                                    'module'    => $module["name"]);
            }
        }
    }
}

// Topnavigation
$app->tpl->setLoop('nav_top',$topnav);

// Loading Module part
$app->tpl->setInclude('module_tpl',$_SESSION["s"]["module"]["template"]);

// translating module navigation
$nav_translated = array();
if(is_array($_SESSION["s"]["module"]["nav"])) {
    foreach($_SESSION["s"]["module"]["nav"] as $nav) {
        $tmp_items = array();
        foreach($nav["items"] as $item) {
            $item["title"] = $app->lng($item["title"]);
            $tmp_items[] = $item;
        }
        $nav["title"] = $app->lng($nav["title"]);
        $nav["items"] = $tmp_items;
        $nav_translated[] = $nav;
    }
} else {
    $nav_translated = null;
}

// Loading left navigation						
//$app->tpl->setLoop('nav_left',$_SESSION["s"]["module"]["nav"]);
$app->tpl->setLoop('nav_left',$nav_translated);

// Setting startpage
$app->tpl->setVar('startpage',$_SESSION["s"]["module"]["startpage"]);
$app->tpl->setVar('navframe_page',$_SESSION["s"]["module"]["navframe_page"]);

*/

$app->tpl_defaults();
$app->tpl->pparse();
?>

 interface/web/login/index.php

@@ -57,16 +57,21 @@
        //* Login Form was send
        if(count($_POST) > 0) {
    
            // iporting variables
            //** Check variables

            if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = 'Username contains unallowed characters or is longer then 64 characters.';

            if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = 'The password length is > 64 characters.';

			
            //** iporting variables

            $ip       = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));
            $username = $app->db->quote($_POST['username']);
            $passwort = $app->db->quote($_POST['passwort']); 
            $loginAs  = false;

    
            if($username != '' and $passwort != '') {
            if($username != '' && $passwort != '' && $error == '') {

                /*
                 *  Check, if there is a "login as" instead of a "normal" login
                 */
                if (isset($_SESSION['s']['user'])){
                if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){

                    /*
                     * only the admin can "login as" so if the user is NOT a admin, we
                     * open the startpage (after killing the old session), so the user
@@ -91,7 +96,7 @@
                    $loginAs = false;
                }

                //* Check if there already wrong logins
                //* Check if there are already wrong logins

                $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
                $alreadyfailed = $app->db->queryOneRecord($sql);
                //* login to much wrong
@@ -100,8 +105,7 @@
                } else {
                    if ($loginAs){
                        $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
                    }
                    else {
                    } else {

                        $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";
                    }
                    $user = $app->db->queryOneRecord($sql);

 interface/web/nav.php

@@ -33,28 +33,19 @@

$app->uses('tpl');

//die('HHH');

//** Top Naviation
if(isset($_GET['nav']) && $_GET['nav'] == 'top') {
    
    $app->tpl->newTemplate('topnav.tpl.htm');

    //* Check User Login and current module
    if(!isset($_SESSION['s']['user']) or !is_array($_SESSION['s']['user']) or !is_array($_SESSION['s']['module'])) {
        //*  Loading Login Module
        include_once('login/lib/module.conf.php');
        $_SESSION['s']['module'] = $module;
        $topnav[] = array(    'title'     => 'Login',
                              'active'     => 1);
        $module = null;
        unset($module);
    } else {
    if(isset($_SESSION["s"]["user"]) && $_SESSION["s"]["user"]['active'] == 1 && is_array($_SESSION['s']['module'])) {

        //* Loading modules of the user and building top navigation
        $modules = explode(',', $_SESSION['s']['user']['modules']);
        if(is_array($modules)) {
            foreach($modules as $mt) {
                if(is_file($mt.'/lib/module.conf.php')) {
                    if(!preg_match("/^[a-z]{2,20}$/i", $mt)) die('module name contains unallowed chars.');

                    include_once($mt.'/lib/module.conf.php');
                    $active = ($module['name'] == $_SESSION['s']['module']['name']) ? 1 : 0;
                    $topnav[] = array(    'title'     => $app->lng($module['title']),
@@ -63,6 +54,14 @@
                }
            }
        }
    } else {

        //*  Loading Login Module

        include_once('login/lib/module.conf.php');

        $_SESSION['s']['module'] = $module;

        $topnav[] = array(    'title'     => 'Login',

                              'active'     => 1);

        $module = null;

        unset($module);

    }

    //* Topnavigation