4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on June 07, 2005, 11:17:51 AM
-
This is an important security fix.
Open includes/sessions.php and find the following line:
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
replace this line with the following code:
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
-
ich hab das gefixed. aber wozu is das? bzw. wo war der bug?
was wurde gesichert. interessiert mich mal interessehalber... :)
-
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)
Gruß Jan
-
verstehe. juut.
gut dass ich das installiert hab ;)
-
Jan, in News & Ankündigungen you'll say it's for all versions, but in the headline you write ( [1.7.1] Security fix in sessions.php )
is it only for 1.7.1 or for all versions 4images
-
Edwin:
It is also for 1.7 - so you should also change that!
Jan:
Could you please change the title of this thread, so it says also 1.7?
-
Jan:
Could you please change the title of this thread, so it says also 1.7 ?
martrix, you are right ... that seems to me also very important ... :!:
mawenzi
-
Ist damit das bekannte Problem mit der Übernahme einer SiD gelöst?
-
made this change and the whole gallery went down!
direct image link: http://digiart.graficalicus.com/details.php?image_id=1203
category link: http://digiart.graficalicus.com/categories.php?cat_id=10
home link: http://digiart.graficalicus.com/
rss link: http://digiart.graficalicus.com/rss.php
:?: :!: :?: :!: :?: :!: help :!: :?:
-
Have you restored your session.php?
which version of 4img do you use?
-
restored - using 1.7 - this is the only change I've made in a few days. Dumped my cache, reloaded the page - nothing!
wonder if I've been hacked........
-
every error line is:
$site_template->register_vars(array(
ideas?
-
fixed - I was editing an old sessions.php :oops: now updated :|
thanks for looking!
-
hello all.
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
I integrated phpBB 2.0.15 .
-
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
-
have done it ... am using integration with Invisionboard .
but can someone explain what this fix does exactly ?
-
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)
Gruß Jan
in other language and other words:
Please understand that I won't give you more information on this fix.
There are many 4images installations out there without this fix installed and when I explain you, how one may misuse that... well...hope you understand ;)
in short:
things you would not like could happen without this fix being implemented...
-
thanks... :D
-
HI all
I believe this fix stopps anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..
I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.
Regards
Tariq AlAli
-
HI all
I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..
I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.
Regards
Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.
-
HI all
I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..
I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.
Regards
Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.
well this happened to me since day one i installed 4images, anyhow as I mentioned "It might be". Since I modified the file the intruder had stopped the penetration to the server.
Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.
I will be doing several exercises and will update you accordingly.
Thank you again.
Regards
Tariq AlAli
-
Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.i
that is a perfectly normal behavour.
-
HI All
My thoughts going to be 100% correct. The security bug was the reason for hacking my server. It is been 48hrs since i implemented the new fix and the hacker did not login to the server.
I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.
Thank you all.
-
I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.
via PM please, not public.
-
will try to post you how to penerate the servers with that bug.
Oh my god! Don't even think about giving out this information publicly! PLEASE!
Send it to Jan or V@no via PM, but not in a public thread in this forum - I beg you!
-
Ich habe das Bugfix nun aufgespielt, allerdings wird nun nicht mehr unten über den Usern, die online sind, der Text Es sind x Benutzer und x Besucher online angezeigt. Wie kann man diesen wiederherstellen und das Sicherheitsloch trotzdem schließen?
Falls ihr nicht wisst was ich meine: http://www.zetzero.net/Anime-Folio/
(Unten im oberen Teil ein hellgrauer Balken, dort steht die Schrift die sonst drin stand aber nicht mehr, darunter dann die Usernamen, die online sind, allerdings mit oben etwas Platz)
-
Der Fix hat damit aber nichts zu tun, da musst du noch was anderes geändert haben?
-
Nein, habe lediglich bei der Datei den oben angegebenen Part ersetzt und dann überspielt, sonst wurden keine Änderungen durchgeführt.
-
Gehe ich recht in der Annahme, dass diese Zeile nicht vorhanden ist, wenn ich die Galerie in phpBB integriert habe?
(ich weis leider nicht mehr, welche Zeilen dabei entfernt wurden)
-
Wenige Beiträge weiter oben steht das:
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
-
*hust* ... hab's gelesen und ausgeblendet...
Sorrry :oops: :oops:
Danke nochmal !!!
-
Wenn ich die Version 1.7.1 heute heruntergeladen habe, muss ich dan diese Änderung auch vornehmen?
-
Nein
-
I cant seem to find that line in version 1.7.1. It's sessions.php right?
-
It's sessions.php right?
yes
-
Cant find it. If you dont believe me, please check at http://usa.57host.com/cantfindit/sessions.php .
-
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?
-
W :D W , what i say 8) , i was install 4images with postnuke and alwayz wanted that both working in same database, try many things but never got working both , finally i install postnuke module pn4images, now both was working but got only one error, when i add this security fix, error gone :D
thank you guys, you dont know how much i appreciate your work n time & also this security fix :wink:
-
omg im having problems i cant even get on my s4image gallery let alone fix it can anyone help, im getting a error message saying:
Warning: mysql_connect(): Too many connections in /home/sue/public_html/gallery/includes/db_mysql.php on line 39
DB Error: Could not connect to the database server (localhost, sue_imga1).
-
What about for those os us who have integrated the script with vbulletin?
My line says this
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;
What do I change it to?
-
When i fix this problem - my sessions living about 5-15sec.
Where is problem?
-
@morningstar:
I have no idea why u wasted your (and our) time replying to this topic with absolutely unrelated issue!
@kane:
which integration are u talking about? Integration 4images 1.7 / vBulletin 2.x (http://www.4homepages.de/forum/index.php?topic=1659.0)? if so, then its seems to be fixed already.
@ID25:
Unless u did something else wrong, this fix could NOT possible affect anything in the way u've discribed.
-
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?
Yeah, it's integrated with PHPBB. Here is the new link:
http://usa.57host.com/cantfindit/sessions.txt
-
replace
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
to: $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : GUEST;
-
When i fix this problem - my sessions living about 5-15sec.
das gleiche problem, es häufen sich nach einfügen des fixes die beschwerden der user das sie alle naselang rausgeschmissen werden.
-
HI All,
it has been a month since my first post about this fix. No more penetration to my server via SESSION :D :D
no other details will be posted :lol: :lol: :lol:
My advise, replace ASAP.
Regards
Tariq
-
I see that the vbulletin 2.x integration is ok, but what about the 3.x?
Here's the line in 3.x
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;
-
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? intval($this->read_cookie_data(COOKIE_PREFIX."userid")) : GUEST;
-
I have a problem, I did this fix when it first came out, I recently had an influx of members, and I got an email today from one of them with a link in it, and when I clicked on it, I was logged into her account, I checked and double checked...this is the part of the code I changed in includes/sessions.php am I missing something?
function demand_session() {
$this->get_session_id();
if (!$this->load_session_info()) {
$this->delete_old_sessions();
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
$this->start_session($user_id);
}
else {
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
$update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction'];
if ($update_cutoff > 60) {
$this->update_session();
$this->delete_old_sessions();
}
}
}
function start_session($user_id = GUEST, $login_process = 0) {
global $site_db;
$this->user_info = $this->load_user_info($user_id);
if ($this->user_info['user_id'] != GUEST && !$login_process) {
if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
}
else {
$this->set_cookie_data("userpass", "", 0);
$this->user_info = $this->load_user_info(GUEST);
}
}
-
Seems to be that problem: http://www.4homepages.de/forum/index.php?topic=8895.0
-
I already have that in my includes/sessions.php.... see down below, so that cant be the problem unless I should have that in there...this is so confusing.
if (!isset($this->session_info['session_user_id'])) {
return false;
}
if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
{
session_regenerate_id();
$this->session_id = session_id();
return false;
}
return $this->session_info;
}
-
I have 1.7 and I already have this modificition, (didn't need to change in sessions.php)
-
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
-
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...
-
But as I said, I have 1.7 and I didn't need to change this as it was already there..
Probably some other mod changed it? I don't remember, really. But it's there (new format)
-
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...
Well then what topic IS it related to?
-
I made that change few months ago and today i was hacked... do you have another recent security fix?
-
I made that change few months ago and today i was hacked... do you have another recent security fix?
and what is your evidence that your've been hacked THROUGH 4images ?
-
That's terrible..
Xico, what else do you have public on your server? any php forums such as phpbb or invision board?
please list the versions of any other php script you have on your server..
What kind of "hack" was it? Was it "deface" (changing of INDEX)
-
please list the versions of any other php script you have on your server..
@Xico:
If you intend to list your Global Server Information on the forum, please install this MOD first if you haven't do so. It will facilitate your task. ;)
http://www.4homepages.de/forum/index.php?topic=9289.msg43918#msg43918
-
Can´t find the line:
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
in my session.php
-
In your includes/sessions.php file,
find :
$this->delete_old_sessions();
and the line right below is the one you're looking for - which should be
this one :
$user_id = ($this->read_cookie_data("userid")) ? ...
replace that entire line
with this one :
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
Merry Christmas.
-
Sorry in my sesions.php I can´t finde this line
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: sessions.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Main part is adapted from of phpBB, (C) 2001 The phpBB Group *
* phpBB is released under the GNU General Public License *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
//-----------------------------------------------------
//--- Start Configuration -----------------------------
//-----------------------------------------------------
// Define here the name of the session. Default of phpBB is "sid".
define('SESSION_NAME', 'sid');
// Define here the name of the banlist and config database tables.
// Maybe you only need to change the table prefix if you another
// than the phpBB default "phpbb_".
define('PHPBB_BANLIST_TABLE', 'phpbb_banlist');
define('PHPBB_CONFIG_TABLE', 'phpbb_config');
// Set her the corresponding database fields of the user table.
// If there is no corresponding field in the new user table,
// leave the value blank. Normally no need to change.
$user_table_fields = array(
"user_id" => "user_id",
"user_level" => "user_level",
"user_name" => "username",
"user_password" => "user_password",
"user_email" => "user_email",
"user_showemail" => "user_viewemail",
"user_allowemails" => "",
"user_invisible" => "user_allow_viewonline",
"user_joindate" => "user_regdate",
"user_activationkey" => "user_actkey",
"user_lastaction" => "user_session_time",
"user_location" => "user_session_page",
"user_lastvisit" => "user_lastvisit",
"user_comments" => "",
"user_homepage" => "user_website",
"user_icq" => "user_icq"
);
// Set here the URL to your phpBB forum. WITH trailing slash!
$url_app = "http://www.myforum.de";
// Set here different URL's to your phpBB forum.
// Normally no need to change.
$url_register = $url_app."profile.php?mode=register";
$url_lost_password = $url_app."profile.php?mode=sendpassword";
$url_control_panel = $url_app."profile.php?mode=editprofile";
$url_mailform = $url_app."profile.php?mode=email&u={user_id}";
$url_show_profile = $url_app."profile.php?mode=viewprofile&u={user_id}";
$url_login = $url_app."login.php";
$url_logout = $url_app."login.php?logout=true";
//-----------------------------------------------------
//--- End Configuration -------------------------------
//-----------------------------------------------------
define('USER_INTEGRATION', 'PHPBB');
function get_user_table_field($add, $user_field) {
global $user_table_fields;
return (!empty($user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : "";
}
class Session {
var $session_id;
var $user_ip;
var $user_location;
var $current_time;
var $session_timeout;
var $mode = "get";
var $session_info = array();
var $user_info = array();
function Session() {
global $config, $board_config;
$this->session_timeout = $board_config['session_length'];
$this->user_ip = $this->get_user_ip();
$this->user_location = 1;
$this->current_time = time();
$this->session_pagestart($this->user_ip, 0);
}
function session_pagestart($user_ip, $thispage_id) {
global $site_db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$this->session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
if (!is_array($sessiondata)) {
$sessiondata = array();
}
$this->mode = "cookie";
}
else
{
$sessiondata = array();
if (isset($HTTP_GET_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_GET_VARS[SESSION_NAME];
}
elseif (isset($HTTP_POST_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_POST_VARS[SESSION_NAME];
}
else {
$this->session_id = false;
}
}
//
// Does a session exist?
//
if ( !empty($this->session_id) )
{
$valid_session = 1;
if (!$this->load_session_info()) {
$this->session_info['session_user_id'] = GUEST;
$valid_session = 0;
}
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
if ( $valid_session )
{
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' . $this->session_id : '';
if ( $this->current_time - $this->session_info['session_time'] > 60 )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $this->current_time, session_page = $thispage_id
WHERE session_id = '$this->session_id'
AND session_ip = '$user_ip'";
$site_db->query($sql);
if ( $this->user_info['user_id'] != GUEST )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $this->current_time, user_session_page = $thispage_id
WHERE user_id = " . $this->user_info['user_id'];
$site_db->query($sql);
}
$this->delete_old_sessions();
setcookie($cookiename . '_data', serialize($sessiondata), $this->current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $this->session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
return $this->user_info;
}
}
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
$this->user_info = $this->session_begin($user_id, $user_ip, $thispage_id, TRUE);
return $this->user_info;
}
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) {
global $site_db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$this->session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
$this->mode = "cookie";
}
else
{
$sessiondata = array();
if (isset($HTTP_GET_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_GET_VARS[SESSION_NAME];
}
elseif (isset($HTTP_POST_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_POST_VARS[SESSION_NAME];
}
else {
$this->session_id = false;
}
}
$last_visit = 0;
$expiry_time = $this->current_time - $board_config['session_length'];
$this->user_info = $this->load_user_info($user_id);
$user_id = $this->user_info['user_id'];
if ( $user_id != GUEST )
{
$auto_login_key = $this->user_info['user_password'];
if ( $auto_create )
{
if ( isset($sessiondata['autologinid']) && $this->user_info['user_active'] )
{
// We have to login automagically
if( $sessiondata['autologinid'] == $auto_login_key )
{
// autologinid matches password
$login = 1;
$enable_autologin = 1;
}
else
{
// No match; don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
}
else
{
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
}
else
{
$login = 1;
}
}
else
{
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . PHPBB_BANLIST_TABLE . "
WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
OR ban_userid = $user_id";
if ( $user_id != GUEST )
{
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $this->user_info['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $this->user_info['user_email']), strpos(str_replace("\'", "''", $this->user_info['user_email']), "@")) . "'";
}
$result = $site_db->query($sql);
if ( $ban_info = $site_db->fetch_array($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
header("Location: $url_login");
exit;
}
}
//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $this->current_time, session_time = $this->current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $this->session_id . "'
AND session_ip = '$user_ip'";
if ( !$site_db->query($sql) || !$site_db->affected_rows() )
{
$this->session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$this->session_id', $user_id, $this->current_time, $this->current_time, '$user_ip', $page_id, $login)";
$site_db->query($sql);
}
if ( $user_id != GUEST )
{
$last_visit = ( $this->user_info['user_session_time'] > 0 ) ? $this->user_info['user_session_time'] : $this->current_time;
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $this->current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
$site_db->query($sql);
$this->user_info['user_lastvisit'] = $last_visit;
$sessiondata['autologinid'] = ( $enable_autologin && $this->mode == "cookie" ) ? $auto_login_key : '';
$sessiondata['userid'] = $user_id;
}
$this->user_info['user_id'] = $user_id;
$this->session_info['session_id'] = $this->session_id;
$this->session_info['session_ip'] = $user_ip;
$this->session_info['session_user_id'] = $user_id;
$this->session_info['session_logged_in'] = $login;
$this->session_info['session_page'] = $page_id;
$this->session_info['session_start'] = $this->current_time;
$this->session_info['session_time'] = $this->current_time;
setcookie($cookiename . '_data', serialize($sessiondata), $this->current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $this->session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' . $this->session_id : '';
return $this->user_info;
}
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
global $url_login;
header("Location: $url_login");
}
function logout($user_id = GUEST) {
global $url_logout;
header("Location: $url_logout");
}
function delete_old_sessions() {
global $site_db, $board_config;
$expiry_time = $this->current_time - $board_config['session_length'];
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE session_time < $expiry_time";
$site_db->query($sql);
$sql = "SELECT session_id
FROM ".SESSIONS_TABLE;
$result = $site_db->query($sql);
if ($result) {
$session_ids_sql = "";
while ($row = $site_db->fetch_array($result)) {
$session_ids_sql .= (($session_ids_sql != "") ? ", " : "") . "'".$row['session_id']."'";
}
}
if (!empty($session_ids_sql)) {
$sql = "DELETE FROM ".SESSIONVARS_TABLE."
WHERE session_id NOT IN ($session_ids_sql)";
$site_db->query($sql);
}
return true;
}
function return_session_info() {
return $this->session_info;
}
function return_user_info() {
return $this->user_info;
}
function freeze() {
return;
}
function load_session_info() {
global $site_db;
if (empty($this->session_id)) {
return false;
}
$ip_sql = ($this->mode == "get") ? " AND session_ip = '$this->user_ip'" : "";
$this->session_info = array();
$sql = "SELECT *
FROM ".SESSIONS_TABLE."
WHERE session_id = '$this->session_id'
$ip_sql";
$this->session_info = $site_db->query_firstrow($sql);
if (empty($this->session_info['session_user_id'])) {
return false;
}
else {
$sql = "SELECT sessionvars_name, sessionvars_value
FROM ".SESSIONVARS_TABLE."
WHERE session_id = '$this->session_id'";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$this->session_info[$row['sessionvars_name']] = $row['sessionvars_value'];
}
return $this->session_info;
}
}
function load_user_info($user_id = GUEST) {
global $site_db, $user_table_fields;
if ($user_id != GUEST) {
$sql = "SELECT u.*, l.*
FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
WHERE ".get_user_table_field("u.", "user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.", "user_id");
$user_info = $site_db->query_firstrow($sql);
if (!$user_info) {
$sql = "SELECT *
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_id")." = $user_id";
$user_info = $site_db->query_firstrow($sql);
if ($user_info) {
$lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id");
$sql = "INSERT INTO ".LIGHTBOXES_TABLE."
(lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
VALUES
('$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')";
$site_db->query($sql);
$user_info['lightbox_lastaction'] = $this->current_time;
$user_info['lightbox_image_ids'] = "";
}
}
}
if (empty($user_info[$user_table_fields['user_id']])) {
$user_info = array();
$user_info['user_id'] = GUEST;
$user_info['user_level'] = GUEST;
$user_info['user_lastaction'] = $this->current_time;
}
foreach ($user_table_fields as $key => $val) {
if (isset($user_info[$val])) {
if ($val == "user_allow_viewonline") {
$user_info[$key] = ($user_info[$val] == 1) ? 0 : 1;
}
else {
$user_info[$key] = $user_info[$val];
}
}
elseif (!isset($user_info[$key])) {
$user_info[$key] = "";
}
}
if (isset($user_info['user_active']) && $user_info['user_active'] == 0) {
$user_info['user_level'] = USER_AWAITING;
}
return $user_info;
}
function set_session_var($var_name, $value) {
global $site_db;
$sql = "SELECT session_id
FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
if ($site_db->is_empty($sql)) {
$sql = "INSERT INTO ".SESSIONVARS_TABLE."
(session_id, sessionvars_name, sessionvars_value)
VALUES
('$this->session_id', '$var_name', '$value')";
$site_db->query($sql);
}
else {
$sql = "UPDATE ".SESSIONVARS_TABLE."
SET sessionvars_value = '$value'
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
$site_db->query($sql);
}
$this->session_info[$var_name] = $value;
return true;
}
function get_session_var($var_name) {
global $site_db;
if (isset($this->session_info[$var_name])) {
return $this->session_info[$var_name];
}
else {
$sql = "SELECT sessionvars_value
FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
$value = $site_db->query_firstrow($sql);
if ($value) {
$this->session_info[$var_name] = $value['sessionvars_value'];
return $value['sessionvars_value'];
}
else {
return "";
}
}
}
function drop_session_var($var_name) {
global $site_db;
$sql = "DELETE FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
return ($site_db->query($sql)) ? 1 : 0;
}
function get_user_ip() {
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $REMOTE_ADDR;
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
else
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
$ip_sep = explode('.', $client_ip);
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
function get_user_location() {
global $self_url;
return (defined("IN_CP")) ? "Control Panel" : preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), addslashes($self_url));
}
/* ORIGINAL CODE
function url($url, $amp = "&") {
global $l;
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
if ($this->mode == "get" && !preg_match("/".SESSION_NAME."=/i", $url)) {
$url .= preg_match("/\?/", $url) ? "$amp" : "?";
$url .= SESSION_NAME."=".$this->session_id;
}
if (!empty($l)) {
$url .= preg_match("/\?/", $url) ? "$amp" : "?";
$url .= "l=".$l;
}
$url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : "";
return $url;
}
*/
function url($url, $amp = "&") {
global $l, $user_info;
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
$url = str_replace('&', '&', $url);
if (!defined('IN_CP')) {
if (strstr($url, 'index.php')) {
$url = str_replace('index.php', '', $url);
}
elseif (strstr($url, 'search.php')) {
if (strstr($url, 'page=')) {
preg_match('#page=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('search.php', 'search.'.$matches[1].'.htm', $url);
$query = str_replace('page='.$matches[1].'&', '', $query);
$query = str_replace('&page='.$matches[1], '', $query);
$query = str_replace('page='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('search.php', 'search.htm', $url);
}
}
elseif (strstr($url, 'lightbox.php')) {
if (strstr($url, 'page=')) {
preg_match('#page=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('lightbox.php', 'lightbox.'.$matches[1].'.htm', $url);
$query = str_replace('page='.$matches[1].'&', '', $query);
$query = str_replace('&page='.$matches[1], '', $query);
$query = str_replace('page='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('lightbox.php', 'lightbox.htm', $url);
}
}
elseif (strstr($url, 'categories.php')) {
if (strstr($url, 'cat_id=') && strstr($url, 'page=')) {
preg_match('#cat_id=([0-9]+)&?#', $url, $matches1);
preg_match('#page=([0-9]+)&?#', $url, $matches2);
if (isset($matches1[1]) && isset($matches2[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('categories.php', 'cat'.$matches1[1].'.'.$matches2[1].'.htm', $url);
$query = str_replace('cat_id='.$matches1[1].'&', '', $query);
$query = str_replace('&cat_id='.$matches1[1], '', $query);
$query = str_replace('cat_id='.$matches1[1], '', $query);
$query = str_replace('page='.$matches2[1].'&', '', $query);
$query = str_replace('&page='.$matches2[1], '', $query);
$query = str_replace('page='.$matches2[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
elseif (strstr($url, 'cat_id=')) {
preg_match('#cat_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('categories.php', 'cat'.$matches[1].'.htm', $url);
$query = str_replace('cat_id='.$matches[1].'&', '', $query);
$query = str_replace('&cat_id='.$matches[1], '', $query);
$query = str_replace('cat_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('categories.php', 'cat.htm', $url);
}
}
elseif (strstr($url, 'details.php?image_id=')) {
if (strstr($url, 'image_id=') && strstr($url, 'mode=')) {
preg_match('#image_id=([0-9]+)&?#', $url, $matches1);
preg_match('#mode=([a-zA-Z0-9]+)&?#', $url, $matches2);
if (isset($matches1[1]) && isset($matches2[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('details.php', 'img'.$matches1[1].'.'.$matches2[1].'.htm', $url);
$query = str_replace('image_id='.$matches1[1].'&', '', $query);
$query = str_replace('&image_id='.$matches1[1], '', $query);
$query = str_replace('image_id='.$matches1[1], '', $query);
$query = str_replace('mode='.$matches2[1].'&', '', $query);
$query = str_replace('&mode='.$matches2[1], '', $query);
$query = str_replace('mode='.$matches2[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
preg_match('#image_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('details.php', 'img'.$matches[1].'.htm', $url);
$query = str_replace('image_id='.$matches[1].'&', '', $query);
$query = str_replace('&image_id='.$matches[1], '', $query);
$query = str_replace('image_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
}
elseif (strstr($url, 'postcards.php?image_id=')) {
preg_match('#image_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('postcards.php', 'postcard.img'.$matches[1].'.htm', $url);
$query = str_replace('image_id='.$matches[1].'&', '', $query);
$query = str_replace('&image_id='.$matches[1], '', $query);
$query = str_replace('image_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
}
if ($this->mode == "get" && strstr($url, $this->session_id)) {
$url .= strpos($url, '?') !== false ? '&' : '?';
$url .= SESSION_NAME."=".$this->session_id;
}
if (!empty($l)) {
$url .= strpos($url, '?') ? '&' : '?';
$url .= "l=".$l;
}
$url = str_replace('&', $amp, $url);
$url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : "";
return $url;
}
} //end of class
//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
$board_config = array();
$sql = "SELECT * FROM " . PHPBB_CONFIG_TABLE;
$result = $site_db->query($sql);
while($row = $site_db->fetch_array($result)) {
$board_config[$row['config_name']] = $row['config_value'];
}
//Start Session
$site_sess = new Session();
// Get Userinfo
$session_info = $site_sess->return_session_info();
$user_info = $site_sess->return_user_info();
//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
$num_total_online = 0;
$num_visible_online = 0;
$num_invisible_online = 0;
$num_registered_online = 0;
$num_guests_online = 0;
$user_online_list = "";
$prev_user_ids = array();
$prev_session_ips = array();
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) {
$time_out = time() - 300;
$sql = "SELECT ".get_user_table_field("u.", "user_id").get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_invisible").", s.session_user_id, s.session_time, s.session_ip
FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s
WHERE ".get_user_table_field("u.", "user_id")." = s.session_user_id AND (s.session_time >= $time_out OR ".get_user_table_field("u.", "user_lastaction")." >= $time_out)
ORDER BY ".get_user_table_field("u.", "user_id")." ASC, s.session_ip ASC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
if ($row['session_user_id'] != GUEST) {
if (!isset($prev_user_ids[$row['session_user_id']])) {
$is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 0) ? 1 : 0;
$invisibleuser = ($is_invisible) ? "*" : "";
$username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>", $row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
if (!$is_invisible || $user_info['user_level'] == ADMIN) {
$user_online_list .= ($user_online_list != "") ? ", " : "";
$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$row['session_user_id'];
$user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".$username."</a>".$invisibleuser;
}
(!$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
$num_registered_online++;
}
$prev_user_ids[$row['session_user_id']] = 1;
}
else {
if (!isset($prev_session_ips[$row['session_ip']])) {
$num_guests_online++;
}
}
$prev_session_ips[$row['session_ip']] = 1;
}
$num_total_online = $num_registered_online + $num_guests_online;
$site_template->register_vars(array(
"num_total_online" => $num_total_online,
"num_invisible_online" => $num_invisible_online,
"num_registered_online" => $num_registered_online,
"num_guests_online" => $num_guests_online,
"user_online_list" => $user_online_list,
"lang_user_online" => str_replace('{num_total_online}', $num_total_online, $lang['user_online']),
"lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
));
$whos_online = $site_template->parse_template("whos_online");
$site_template->register_vars("whos_online", $whos_online);
unset($whos_online);
unset($prev_user_ids);
unset($prev_session_ips);
}
?>
-
The Lini "$this->delete_old_sessions();" was in the current download included with the modification (the Post from "theOracle")
-
Please read the replys before you complain :P ;)
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
-
Is this fix already implemented in the version i'm about to get from the Download section?
-
Unless you are getting version newer then v1.7.1 (which is not out yet) then no, these fixes are not implemented into current version.
-
Is this fix important for integrated 4images 1.7 version for Runcms/E-Xoops? I can't find a code to replace in sessions.php, seems that there is no such line - user's login/logout integrated with CMS. I use russian language in 4images 1.7 and Runcms 1.2-)
-
Perhaps if you would attach your sessions.php (as a .txt file), then I could answer your question ;)
-
Theres another fix for sessions.php:
http://www.4homepages.de/forum/index.php?topic=12807.0
-
Find $string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace with
$string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
bazmineh.com
bitdefendercenter.ir