Menu
▾
▴
[phpMyChat CVS] CVS: phpMyChat - 0.14/chat messagesL.php3,1.6,1.7 loader.php3,1.9,1.10
|
From: Lo?c C. <lo...@us...> - 2001-11-30 23:13:39
|
Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat
In directory usw-pr-cvs1:/tmp/cvs-serv1880/chat
Modified Files:
messagesL.php3 loader.php3
Log Message:
fixed a security issue thanks to Pepe
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat
Index: messagesL.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/messagesL.php3,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -r1.6 -r1.7
*** messagesL.php3 2001/11/30 20:49:27 1.6
--- messagesL.php3 2001/11/30 23:13:36 1.7
***************
*** 45,54 ****
// ** Updates user info in connected users tables **
! $DbLink->query("SELECT room,status FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($room,$status) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
--- 45,57 ----
+ // Get IP address
+ require("./lib/get_IP.lib.php3"); // Set the $IP var
+
// ** Updates user info in connected users tables **
! $DbLink->query("SELECT room,status,ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($room,$status,$knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
***************
*** 71,90 ****
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1,1)."\")')");
$kicked = 4;
! };
! if ($kicked > 0)
{
! // Kick the user from the current room
! ?>
! <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
! <!--
! window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&E=$R&KICKED=${kicked}"); ?>';
! // -->
! </SCRIPT>
! <?php
! $DbLink->close();
! exit;
! };
! // Updates the time to ensure the user won't be cleaned from the users table
! $DbLink->query("UPDATE ".C_USR_TBL." SET u_time = ".time()." WHERE room = '$R' AND username = '$U'");
}
else
--- 74,87 ----
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1,1)."\")')");
$kicked = 4;
! }
! else if ($knownIp != $IP)
! {
! $kicked = 5;
! }
! if (!$kicked)
{
! // Updates the time to ensure the user won't be cleaned from the users table
! $DbLink->query("UPDATE ".C_USR_TBL." SET u_time = ".time()." WHERE room = '$R' AND username = '$U'");
! }
}
else
***************
*** 92,103 ****
// User hasn't been found in the users table -> add a row
$DbLink->clean_results();
! $DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
! $reguser = ($DbLink->num_rows() != 0);
! if ($reguser) list($perms, $rooms) = $DbLink->next_record();
$DbLink->clean_results();
! // Get user status
! $status = "u";
! if ($reguser)
{
switch ($perms)
{
--- 89,104 ----
// User hasn't been found in the users table -> add a row
$DbLink->clean_results();
! $DbLink->query("SELECT latin1,perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
! $reguser = (list($fake, $perms, $rooms) = $DbLink->next_record());
$DbLink->clean_results();
! // Kick unreg users
! if (!$reguser)
! {
! $kicked = 6;
! }
! // Add reg users
! else
{
+ // Get user status
switch ($perms)
{
***************
*** 118,126 ****
$status = "r";
};
! };
! // Get IP address
! include("./lib/get_IP.lib.php3"); // Set the $IP var
! $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', ".time().", '$status', '$IP')");
! };
--- 119,141 ----
$status = "r";
};
! $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', ".time().", '$status', '$IP')");
! }
! }
!
! if (!empty($kicked))
! {
! // Kick the user from the current room
! $kickedUrl = "$From?L=$L&U=" . urlencode(stripslashes($U));
! if ($kicked < 5) $kickedUrl .= "&E=$R&$KICKED=$kicked";
! ?>
! <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
! <!--
! window.parent.window.location = '<?php echo($kickedUrl); ?>';
! // -->
! </SCRIPT>
! <?php
! $DbLink->close();
! exit;
! }
Index: loader.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/loader.php3,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** loader.php3 2001/11/30 20:49:27 1.9
--- loader.php3 2001/11/30 23:13:36 1.10
***************
*** 36,45 ****
// ** Updates user info in connected users tables **;
! $DbLink->query("SELECT status,room FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($status,$room) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
--- 36,48 ----
+ // Get IP address
+ require("./lib/get_IP.lib.php3"); // Set the $IP var
+
// ** Updates user info in connected users tables **;
! $DbLink->query("SELECT status,room,ip FROM ".C_USR_TBL." WHERE username = '$U' LIMIT 1");
if($DbLink->num_rows() != 0)
{
// There is a row for the user in the users table
! list($status,$room,$knownIp) = $DbLink->next_record();
$DbLink->clean_results();
$kicked = 0;
***************
*** 62,94 ****
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1,1)."\")')");
$kicked = 4;
! };
! if ($kicked > 0)
{
! // Kick the user from the current room
! ?>
! <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
! <!--
! window.parent.window.location = '<?php echo("$From?L=$L&U=".urlencode(stripslashes($U))."&E=$R&KICKED=${kicked}"); ?>';
! // -->
! </SCRIPT>
! <?php
! $DbLink->close();
! exit;
}
- // Updates the time to ensure the user won't be cleaned from the users table
- $DbLink->query("UPDATE ".C_USR_TBL." SET u_time = ".time()." WHERE room = '$R' AND username = '$U'");
}
else
{
! // User hasn't been found in the users table -> add a row
$DbLink->clean_results();
! $DbLink->query("SELECT perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
! $reguser = ($DbLink->num_rows() != 0);
! if ($reguser) list($perms, $rooms) = $DbLink->next_record();
$DbLink->clean_results();
! // Get user status
! $status = "u";
! if ($reguser)
{
switch ($perms)
{
--- 65,95 ----
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($T, '$R', 'SYS exit', '', ".time().", '', 'sprintf(L_BANISHED, \"".special_char($U,$Latin1,1)."\")')");
$kicked = 4;
! }
! else if ($knownIp != $IP)
! {
! $kicked = 5;
! }
! if (!$kicked)
{
! // Updates the time to ensure the user won't be cleaned from the users table
! $DbLink->query("UPDATE ".C_USR_TBL." SET u_time = ".time()." WHERE room = '$R' AND username = '$U'");
}
}
else
{
! // User hasn't been found in the users table -> add a row if he is registered
$DbLink->clean_results();
! $DbLink->query("SELECT latin1,perms,rooms FROM ".C_REG_TBL." WHERE username='$U' LIMIT 1");
! $reguser = (list($fake,$perms, $rooms) = $DbLink->next_record());
$DbLink->clean_results();
! // Kick unreg users
! if (!$reguser)
! {
! $kicked = 6;
! }
! // Add reg users
! else
{
+ // Get user status
switch ($perms)
{
***************
*** 109,117 ****
$status = "r";
};
! };
! // Get IP address
! include("./lib/get_IP.lib.php3"); // Set the $IP var
! $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', ".time().", '$status', '$IP')");
! };
--- 110,132 ----
$status = "r";
};
! $DbLink->query("INSERT INTO ".C_USR_TBL." VALUES ('$R', '$U', '$Latin1', ".time().", '$status', '$IP')");
! }
! }
!
! if (!empty($kicked))
! {
! // Kick the user from the current room
! $kickedUrl = "$From?L=$L&U=" . urlencode(stripslashes($U));
! if ($kicked < 5) $kickedUrl .= "&E=$R&$KICKED=$kicked";
! ?>
! <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
! <!--
! window.parent.window.location = '<?php echo($kickedUrl); ?>';
! // -->
! </SCRIPT>
! <?php
! $DbLink->close();
! exit;
! }
|
