4images Help / Hilfe > Bug Fixes & Patches
[1.7.3 - 1.7.6] After login always redirect to index.php
V@no:
OK, did you try this fix at all? Your global.php doesn't have this fix applied. I tried using your global.php with fix applied on my test site and it worked fine.
batu544:
Yes the file I have provided doesn't contain the fix.
I have applied the mentioned change in my test site.. there also its not working .. :(
can you please send me the modified global.php file..
kai:
Thanks for the fix. Works great!
V@no:
--- Quote from: batu544 on October 14, 2008, 04:29:17 PM ---Yes the file I have provided doesn't contain the fix.
I have applied the mentioned change in my test site.. there also its not working .. :(
--- End quote ---
The reason I've asked you for the file is to make sure you applied the changes in the right place and to check if its working on my site or not.
batu544:
ok.. V@no,
here is my global.php file with the fix.
--- Code: ---<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: global.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.4 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
error_reporting(E_ERROR | E_WARNING | E_PARSE);
set_magic_quotes_runtime(0);
$start_time = microtime();
function addslashes_array($array) {
foreach ($array as $key => $val) {
$array[$key] = (is_array($val)) ? addslashes_array($val) : addslashes($val);
}
return $array;
}
if (!isset($HTTP_GET_VARS)) {
$HTTP_GET_VARS = &$_GET;
$HTTP_POST_VARS = &$_POST;
$HTTP_COOKIE_VARS = &$_COOKIE;
$HTTP_POST_FILES = &$_FILES;
$HTTP_SERVER_VARS = &$_SERVER;
$HTTP_ENV_VARS = &$_ENV;
}
if (isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS'])) {
// Try to exploit PHP bug
die("Security violation");
}
if (get_magic_quotes_gpc() == 0) {
$HTTP_GET_VARS = addslashes_array($HTTP_GET_VARS);
$HTTP_POST_VARS = addslashes_array($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = addslashes_array($HTTP_COOKIE_VARS);
}
$cat_cache = array();
$cat_parent_cache = array();
$new_image_cache = array();
$session_info = array();
$user_info = array();
$user_access = array();
$config = array();
$lang = array();
$mime_type_match = array();
$additional_image_fields = array();
$additional_user_fields = array();
$additional_urls = array();
$global_info = array();
$auth_cat_sql = array();
unset($self_url);
unset($url);
unset($script_url);
$db_servertype = "mysql";
$db_host = "localhost";
$db_name = "";
$db_user = "";
$db_password = "";
$table_prefix = "4images_";
// Initialize cache configuration
$cache_enable = 0;
$cache_lifetime = 3600; // 1 hour
$cache_path = ROOT_PATH.'cache';
$cache_page_index = 1;
$cache_page_categories = 1;
$cache_page_top = 1;
$cache_page_rss = 1;
// Initialize CAPTCHA configuration
$captcha_enable = 1;
$captcha_enable_comments = 1;
$captcha_enable_upload = 1;
$captcha_enable_registration = 1;
$captcha_enable_postcards = 1;
$captcha_ttf = 1;
$captcha_path = ROOT_PATH.'captcha';
$captcha_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$captcha_length = 5;
$captcha_wordfile = 0;
$captcha_width = 200;
$captcha_height = 70;
$captcha_text_color = '#000000';
$captcha_text_size = 25;
$captcha_text_transparency = 60;
$captcha_filter_text = 1;
$captcha_filter_bg = 1;
@include(ROOT_PATH.'config.php');
if (!$cache_enable) {
$cache_page_index = 0;
$cache_page_categories = 0;
$cache_page_top = 0;
$cache_page_rss = 0;
}
if (!$captcha_enable) {
$captcha_enable_comments = 0;
$captcha_enable_upload = 0;
$captcha_enable_registration = 0;
$captcha_enable_postcards = 0;
}
// Include default languages
@include_once(ROOT_PATH.'lang/english/main.php');
include_once(ROOT_PATH.'includes/constants.php');
include_once(ROOT_PATH.'includes/functions.php');
function clean_array($array) {
$search = array(
// Remove any attribute starting with "on" or xmlns
'#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',
// Remove javascript: and vbscript: protocol
'#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
'#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
//<span style="width: expression(alert('Ping!'));"></span>
// Only works in ie...
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu'
);
$replace = array(
"$1>",
'$1=$2nojavascript...',
'$1=$2novbscript...',
"$1>",
"$1>",
"$1>"
);
// Remove all control (i.e. with ASCII value lower than 0x20 (space),
// except of 0x0A (line feed) and 0x09 (tabulator)
$search2 =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace2 = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
foreach ($array as $key => $val) {
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = preg_replace($search, $replace, $val);
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
}
$array[$key] = $val;
}
return $array;
}
if (!defined('IN_CP')) {
$HTTP_GET_VARS = clean_array($HTTP_GET_VARS);
$HTTP_POST_VARS = clean_array($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = clean_array($HTTP_COOKIE_VARS);
$HTTP_POST_FILES = clean_array($HTTP_POST_FILES);
}
//-----------------------------------------------------
//--- Useful Stuff ------------------------------------
//-----------------------------------------------------
if (isset($HTTP_GET_VARS['action']) || isset($HTTP_POST_VARS['action'])) {
$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim($HTTP_POST_VARS['action'])) : stripslashes(trim($HTTP_GET_VARS['action']));
$action = preg_replace("/[^a-z0-9_-]+/i", "", $action);
}
else {
$action = "";
}
if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
$mode = preg_replace("/[^a-z0-9_-]+/i", "", $mode);
}
else {
$mode = "";
}
if (isset($HTTP_GET_VARS[URL_CAT_ID]) || isset($HTTP_POST_VARS[URL_CAT_ID])) {
$cat_id = (isset($HTTP_POST_VARS[URL_CAT_ID])) ? intval($HTTP_POST_VARS[URL_CAT_ID]) : intval($HTTP_GET_VARS[URL_CAT_ID]);
}
else {
$cat_id = 0;
}
if (isset($HTTP_GET_VARS[URL_IMAGE_ID]) || isset($HTTP_POST_VARS[URL_IMAGE_ID])) {
$image_id = (isset($HTTP_POST_VARS[URL_IMAGE_ID])) ? intval($HTTP_POST_VARS[URL_IMAGE_ID]) : intval($HTTP_GET_VARS[URL_IMAGE_ID]);
}
else {
$image_id = 0;
}
if (isset($HTTP_GET_VARS[URL_ID]) || isset($HTTP_POST_VARS[URL_ID])) {
$id = (isset($HTTP_POST_VARS[URL_ID])) ? intval($HTTP_POST_VARS[URL_ID]) : intval($HTTP_GET_VARS[URL_ID]);
}
else {
$id = 0;
}
if (isset($HTTP_GET_VARS[URL_PAGE]) || isset($HTTP_POST_VARS[URL_PAGE])) {
$page = (isset($HTTP_POST_VARS[URL_PAGE])) ? intval($HTTP_POST_VARS[URL_PAGE]) : intval($HTTP_GET_VARS[URL_PAGE]);
if (!$page) {
$page = 1;
}
}
else {
$page = 1;
}
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
if (empty($PHP_SELF)) {
if (!empty($HTTP_SERVER_VARS['PHP_SELF'])) {
$PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"];
}
elseif (!empty($HTTP_ENV_VARS['PHP_SELF'])) {
$PHP_SELF = $HTTP_ENV_VARS["PHP_SELF"];
}
elseif (!empty($HTTP_SERVER_VARS['PATH_INFO'])) {
$PHP_SELF = $HTTP_SERVER_VARS['PATH_INFO'];
}
else {
$PHP_SELF = getenv("SCRIPT_NAME");
}
}
$self_url = basename($PHP_SELF);
if (empty($self_url) || !preg_match("/\.php$/", $self_url)) {
$self_url = "index.php";
}
//if (getenv("QUERY_STRING")) {
// $self_url .= "?".getenv("QUERY_STRING");
// $self_url = preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), $self_url);
//}
//else {
if (preg_match("/details.php/", $self_url) && !preg_match("/[?|&]".URL_IMAGE_ID."=[^?|&]*/", $self_url) && $image_id) {
$self_url .= "?".URL_IMAGE_ID."=".$image_id;
}
elseif (preg_match("/categories.php/", $self_url) && !preg_match("/[?|&]".URL_CAT_ID."=[^?|&]*/", $self_url)) {
$self_url .= "?".URL_CAT_ID."=".$cat_id;
}
if (isset($show_result) && $show_result) {
$self_url .= preg_match("/\?/", $self_url) ? "&" : "?";
$self_url .= "show_result=1";
}
if ($page && $page != 1) {
$self_url .= preg_match("/\?/", $self_url) ? "&" : "?";
$self_url .= URL_PAGE."=".$page;
}
//}
if (isset($HTTP_GET_VARS['url']) || isset($HTTP_POST_VARS['url'])) {
$url = (isset($HTTP_GET_VARS['url'])) ? trim($HTTP_GET_VARS['url']) : trim($HTTP_POST_VARS['url']);
}
else {
$url = "";
}
if (empty($url)) {
$url = get_basename(getenv("HTTP_REFERER"));
}
else {
if ($url == getenv("HTTP_REFERER")) {
$url = "index.php";
}
}
$url = preg_replace(array("/[?|&]action=[^?|&]*/", "/[?|&]mode=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", ""), $url);
if ($url == $self_url || $url == "" || !preg_match("/\.php/", $url)) {
$url = "index.php";
}
if (defined("SCRIPT_URL") && SCRIPT_URL != "") {
$script_url = SCRIPT_URL;
}
else {
$port = (!preg_match("/^(80|443)$/", getenv("SERVER_PORT"), $port_match)) ? ":".getenv("SERVER_PORT") : "";
$script_url = (isset($port_match[1]) && $port_match[1] == 443) ? "https://" : "http://";
$script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
$script_url .= $port;
$dirname = str_replace("\\", "/", dirname($PHP_SELF));
$script_url .= ($dirname != "/") ? $dirname : "";
}
// Check if we should redirect to the installation routine
if (!defined("4IMAGES_ACTIVE")) {
redirect("install.php");
}
//-----------------------------------------------------
//--- Start DB ----------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/db_'.strtolower($db_servertype).'.php');
$site_db = new Db($db_host, $db_user, $db_password, $db_name);
//-----------------------------------------------------
//--- Generate Setting --------------------------------
//-----------------------------------------------------
$sql = "SELECT setting_name, setting_value
FROM ".SETTINGS_TABLE;
$result = $site_db->query($sql);
if (!$result) {
echo $lang['no_settings'];
exit;
}
while ($row = $site_db->fetch_array($result)) {
$config[$row['setting_name']] = $row['setting_value'];
}
$site_db->free_result();
$config['allowed_mediatypes'] = str_replace(" ", "", $config['allowed_mediatypes']);
$config['allowed_mediatypes_array'] = explode(",", $config['allowed_mediatypes']);
$config['allowed_mediatypes_match'] = str_replace(",", "|", $config['allowed_mediatypes']);
$msg = "";
$clickstream = "";
define('MEDIA_PATH', ROOT_PATH.MEDIA_DIR);
define('THUMB_PATH', ROOT_PATH.THUMB_DIR);
define('MEDIA_TEMP_PATH', ROOT_PATH.MEDIA_TEMP_DIR);
define('THUMB_TEMP_PATH', ROOT_PATH.THUMB_TEMP_DIR);
define('TEMPLATE_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']);
define('ICON_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']."/icons");
//-----------------------------------------------------
//--- Templates ---------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/template.php');
$site_template = new Template(TEMPLATE_PATH);
$config['language_dir_default'] = $config['language_dir'];
$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
$l = $requested_l;
$config['language_dir'] = $l;
}
}
include_once(ROOT_PATH.'lang/'.$config['language_dir'].'/main.php');
include_once(ROOT_PATH."includes/db_field_definitions.php");
include_once(ROOT_PATH.'includes/auth.php');
//-----------------------------------------------------
//--- Cache -------------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/cache_utils.php');
//-----------------------------------------------------
//--- CAPTCHA -----------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/captcha_utils.php');
//-----------------------------------------------------
//--- GZip Compression --------------------------------
//-----------------------------------------------------
$do_gzip_compress = 0;
if ($config['gz_compress'] == 1 && !isset($nozip)) {
if (get_php_version() >= 40004) {
if (extension_loaded("zlib")) {
ob_start("ob_gzhandler");
}
}
elseif (get_php_version() > 40000) {
if (eregi("gzip", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"]) || eregi("x-gzip", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"])) {
if (extension_loaded("zlib")) {
$do_gzip_compress = 1;
ob_start();
ob_implicit_flush(0);
}
}
}
}
if (defined("GET_CACHES")) {
// Line commented for T&C MOD 12/07/2008
// $sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment
$sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment, terms, terms_msg
FROM ".CATEGORIES_TABLE."
ORDER BY cat_order, cat_name ASC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$cat_cache[$row['cat_id']] = $row;
$cat_parent_cache[$row['cat_parent_id']][] = $row['cat_id'];
}
$site_db->free_result();
// --------------------------------------
$new_cutoff = time() - (60 * 60 * 24 * $config['new_cutoff']);
$sql = "SELECT cat_id, COUNT(image_id) AS new_images
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND image_date >= $new_cutoff
GROUP BY cat_id";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$new_image_cache[$row['cat_id']] = $row['new_images'];
}
$site_db->free_result();
// --------------------------------------
$sql = "SELECT cat_id, COUNT(*) AS num_images
FROM ".IMAGES_TABLE."
WHERE image_active = 1
GROUP BY cat_id";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
}
$site_db->free_result();
} //end if GET_CACHES
?>
--- End code ---
If you need the admin password .. then I can PM it to you. :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version