Update of /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib
In directory usw-pr-cvs1:/tmp/cvs-serv29634/chat/lib
Modified Files:
index.lib.php3
Log Message:
A security fix by Alexei Shalin
***** Bogus filespec: -
***** Bogus filespec: 0.14/chat/lib
Index: index.lib.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat - 0.14/chat/lib/index.lib.php3,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -r1.13 -r1.14
*** index.lib.php3 2001/05/31 20:47:55 1.13
--- index.lib.php3 2001/06/08 17:46:46 1.14
***************
*** 60,64 ****
// Fix some security holes
if (!is_dir('./'.substr($ChatPath, 0, -1))) exit();
!
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/release.lib.php3");
--- 60,64 ----
// Fix some security holes
if (!is_dir('./'.substr($ChatPath, 0, -1))) exit();
!
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/release.lib.php3");
***************
*** 67,70 ****
--- 67,71 ----
require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
require("./${ChatPath}lib/clean.lib.php3");
+ include("./${ChatPath}lib/get_IP.lib.php3");
// Special cache instructions for IE5+
***************
*** 177,182 ****
if(isset($E) && $E != "")
{
! $DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'");
! if ($DbLink->affected_rows() == 0)
{
// HACKERS Atack !!!
--- 178,187 ----
if(isset($E) && $E != "")
{
! // Fix a security issue
! $DbLink->query("SELECT COUNT(*) FROM " . C_USR_TBL . " WHERE username='$U' AND ip='$IP' AND room='$E'");
! list($isHacking) = $DbLink->next_record();
! $isHacking = 1 - $isHacking;
! $DbLink->clean_results();
! if ($isHacking)
{
// HACKERS Atack !!!
***************
*** 186,192 ****
}
else
! {
if (isset($EN))
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
}
}
--- 191,200 ----
}
else
! {
! $DbLink->query("DELETE FROM ".C_USR_TBL." WHERE username='$U' AND room='$E'");
if (isset($EN))
+ {
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");
+ }
}
}
***************
*** 459,464 ****
if (!isset($NT)) $NT = isset($CookieNotify) ? $CookieNotify : C_NOTIFY;
if (!isset($PWD_Hash)) $PWD_Hash = (isset($reguser) && $reguser ? md5(stripslashes($PASSWORD)) : "");
- // Set the $IP var
- if (!isset($IP) || $IP == "") include("./${ChatPath}lib/get_IP.lib.php3");
// Define the user status to be put in the users table if necessary. Skipped when the
--- 467,470 ----
|
