flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

r20160102

Browse source 
why was there a variable called dick in hashing.php
This commit is contained in:
flash 2016-01-02 18:55:31 +01:00
parent 348e30cf4c
commit 57cf99e900
12 changed files with 117 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
libraries/CSRF.php Normal file
View file

@ -0,0 +1,56 @@
<?php
/*
* CSRF protection
*/
namespace Sakura;
use Sakura\Hashing;
/**
* Class CSRF
* @package Sakura
*/
class CSRF
{
// Constants
const ID_PREFIX = '_sakura_csrf_';
const RANDOM_SIZE = 16;
// Create a new CSRF token
public static function create($id)
{
// Generate a token
$token = self::generate();
// Make identifier
$id = strtoupper(self::ID_PREFIX . $id);
// Assign to session
$_SESSION[$id] = $token;
// Return the token
return $token;
}
// Generate a CSRF token
public static function generate()
{
return bin2hex(\mcrypt_create_iv(self::RANDOM_SIZE, MCRYPT_DEV_URANDOM));
}
// Validate a CSRF token
public static function validate($token, $id)
{
// Set id
$id = strtoupper(self::ID_PREFIX . $id);
// Check if the token exists
if (!array_key_exists($id, $_SESSION)) {
return false;
}
// Use the slowEquals function from the hashing lib to validate
return Hashing::slowEquals($token, $_SESSION[$id]);
}
}

7
libraries/Forum/Forum.php
View file

@ -56,19 +56,20 @@ class Forum
}
// Checking a permission
public function permission($flag, $user) {
public function permission($flag, $user, $raw = false)
{
// Set default permission value
$perm = 0;
// Get the permissions of the parent forum if there is one
if ($this->category) {
$perm = $perm | $this->_permissions->user($user, ['forum_id' => [$this->category, '=']]);
$perm = $perm | (new Forum($this->category))->permission($flag, $user, true);
}
// Bitwise OR it with the permissions for this forum
$perm = $perm | $this->_permissions->user($user, ['forum_id' => [$this->id, '=']]);
return $this->_permissions->check($flag, $perm);
return $raw ? $perm : $this->_permissions->check($flag, $perm);
}
// Subforums

2
libraries/Hashing.php
View file

@ -85,7 +85,7 @@ class Hashing
$validate = self::slowEquals(
$pbkdf2,
$dick = self::pbkdf2(
self::pbkdf2(
$params[0],
$password,
$params[2],

3
libraries/Perms.php
View file

@ -27,7 +27,8 @@ class Perms
}
// Change the mode
public function mode($mode) {
public function mode($mode)
{
// Split the mode variable
$mode = explode('\\', $mode);

3
libraries/Rank.php
View file

@ -29,7 +29,8 @@ class Rank
protected static $_rankCache = [];
// Static initialiser
public static function construct($rid, $forceRefresh = false) {
public static function construct($rid, $forceRefresh = false)
{
// Check if a rank object isn't present in cache
if ($forceRefresh || !array_key_exists($rid, self::$_rankCache)) {
// If not create a new object and cache it

3
libraries/User.php
View file

@ -43,7 +43,8 @@ class User
protected static $_userCache = [];
// Static initialiser
public static function construct($uid, $forceRefresh = false) {
public static function construct($uid, $forceRefresh = false)
{
// Check if a user object isn't present in cache
if ($forceRefresh || !array_key_exists($uid, self::$_userCache)) {
// If not create a new object and cache it

2
libraries/Users.php
View file

@ -775,7 +775,7 @@ class Users
if ($user->mainRank() == 2) {
$user->setMainRank($premiumRank);
}
} elseif (!$check[0] && count($check) > 1) {
} elseif (!$check[0]) {
// Remove the expired entry
Database::delete('premium', [
'user_id' => [$user->id(), '='],

2
public/profile.php
View file

@ -34,7 +34,7 @@ $renderData['profileView'] = isset($_GET['view']) && in_array($_GET['view'], $vi
// If the user id is zero check if there was a namechange
if ($profile->id() == 0) {
// Fetch from username_history
$check = Database::fetch('username_history', false, ['username_old_clean' => [Main::cleanString(isset($_GET['u']) ? $_GET['u'] : 0, true ,true), '=']]);
$check = Database::fetch('username_history', false, ['username_old_clean' => [Main::cleanString(isset($_GET['u']) ? $_GET['u'] : 0, true, true), '=']]);
// Redirect if so
if ($check) {

5
sakura.php
View file

@ -8,7 +8,7 @@
namespace Sakura;
// Define Sakura version
define('SAKURA_VERSION', '20151231');
define('SAKURA_VERSION', '20160102');
define('SAKURA_VLABEL', 'Eminence');
define('SAKURA_COLOUR', '#6C3082');
@ -37,6 +37,7 @@ require_once ROOT . 'libraries/Bans.php';
require_once ROOT . 'libraries/BBcode.php';
require_once ROOT . 'libraries/Comments.php';
require_once ROOT . 'libraries/Config.php';
require_once ROOT . 'libraries/CSRF.php';
require_once ROOT . 'libraries/Database.php';
require_once ROOT . 'libraries/File.php';
require_once ROOT . 'libraries/Hashing.php';
@ -145,7 +146,7 @@ if (!defined('SAKURA_NO_TPL')) {
'siteName' => Config::get('sitename'),
'siteLogo' => Config::get('sitelogo'),
'siteDesc' => Config::get('sitedesc'),
'siteTags' => implode(", ", json_decode(Config::get('sitetags'), true)),
'siteTags' => json_decode(Config::get('sitetags'), true),
'dateFormat' => Config::get('date_format'),
'currentPage' => '//' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
'referrer' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null),

37
templates/yuuno/elements/editor.tpl Normal file
View file

@ -0,0 +1,37 @@
<form id="{{ editorFormId }}" method="post" action="{{ sakura.currentPage }}">
<div class="head">Forum / Posting</div>
<div class="posting-subject">
<input type="text" class="inputStyling" name="subject" placeholder="Subject" value="{{ posting.subject }}" />
</div>
<hr class="default" />
<div class="posting-bbcodes">
{% for code,meta in bbcode %}
<button onclick="insertBBcode('postingText', '{{ code }}'{% if meta[2] %}, true{% endif %});" type="button"{% if meta[0] %} title="{{ meta[0] }}"{% endif %} class="inputStyling{% if meta[1] %} fa fa-{{ meta[1] }}{% endif %}" style="min-width: 0;">{% if not meta[1] %}{{ code }}{% endif %}</button>
{% endfor %}
</div>
<hr class="default" />
<div class="posting-text">
<textarea class="inputStyling" name="text" id="postingText">{{ posting.text }}</textarea>
</div>
<hr class="default" />
<div class="posting-emotes">
{% for emoticon in posting.emoticons %}
<img src="{{ emoticon.emote_path }}" alt="{{ emoticon.emote_string }}" title="{{ emoticon.emote_string }}" onclick="insertText('postingText', '{{ emoticon.emote_string }}')" />
{% endfor %}
</div>
<hr class="default" />
<div class="posting-buttons">
<input class="inputStyling" type="submit" name="post" value="Post" />
<input class="inputStyling" type="button" onclick="{{ cancelTarget }}" value="Cancel" />
</div>
{% if posting.id %}
<input type="hidden" name="id" value="posting.id" />
{% endif %}
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
<input type="hidden" name="timestamp" value="{{ php.time }}" />
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('{{ editorFormId }}', 'Making post...');
});
</script>
</form>

52
templates/yuuno/forum/posting.tpl
View file

@ -1,55 +1,17 @@
{% extends 'global/master.tpl' %}
{% set bbcode = {'b': ['Bold', 'bold'], 'i': ['Italic', 'italic'], 'u': ['Underline', 'underline'], 's': ['Strikethrough', 'strikethrough'], 'header': ['Header', 'header'], 'url': ['URL', 'chain'], 'code': ['Code', 'code'], 'spoiler': ['Spoiler', 'minus'], 'box': ['Spoiler box', 'folder', true], 'list': ['List', 'list-ul'], 'img': ['Image', 'picture-o'], 'youtube': ['YouTube video', 'youtube-play']} %}
{% set cancelTarget = 'history.go(-1);' %}
{% set editorFormId = 'forumPostingForm' %}
{% block title %}Posting{% endblock %}
{% block content %}
<div class="content">
<div class="content-column forum posting">
<form id="forumPostingForm" method="post" action="{{ sakura.currentPage }}">
<div class="head">Forum / Posting</div>
<div class="posting-subject">
<input type="text" class="inputStyling" name="subject" placeholder="Subject" value="{{ posting.subject }}" />
</div>
<hr class="default" />
<div class="posting-bbcodes">
<button onclick="insertBBcode('postingText', 'b');" type="button" title="Bold" class="inputStyling fa fa-bold" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'i');" type="button" title="Italic" class="inputStyling fa fa-italic" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'u');" type="button" title="Underline" class="inputStyling fa fa-underline" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 's');" type="button" title="Strikethrough" class="inputStyling fa fa-strikethrough" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'header');" type="button" title="Header" class="inputStyling fa fa-header" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'url');" type="button" title="Link" class="inputStyling fa fa-chain" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'spoiler');" type="button" title="Spoiler text" class="inputStyling fa fa-minus" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'box', true);" type="button" title="Spoiler box" class="inputStyling fa fa-square-o" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'list');" type="button" title="List (use [*] for entries)" class="inputStyling fa fa-list" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'img');" type="button" title="Image" class="inputStyling fa fa-picture-o" style="min-width: 0;"></button>
<button onclick="insertBBcode('postingText', 'youtube');" type="button" title="YouTube video" class="inputStyling fa fa-youtube-play" style="min-width: 0;"></button>
</div>
<hr class="default" />
<div class="posting-text">
<textarea class="inputStyling" name="text" id="postingText">{{ posting.text }}</textarea>
</div>
<hr class="default" />
<div class="posting-emotes">
{% for emoticon in posting.emoticons %}
<img src="{{ emoticon.emote_path }}" alt="{{ emoticon.emote_string }}" title="{{ emoticon.emote_string }}" onclick="insertText('postingText', '{{ emoticon.emote_string }}')" />
{% endfor %}
</div>
<hr class="default" />
<div class="posting-buttons">
<input class="inputStyling" type="submit" name="post" value="Post" />
<input class="inputStyling" type="button" onclick="history.go(-1);" value="Cancel" />
</div>
{% if posting.id %}
<input type="hidden" name="id" value="posting.id" />
{% endif %}
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
<input type="hidden" name="timestamp" value="{{ php.time }}" />
</form>
{% include 'elements/editor.tpl' %}
</div>
</div>
<script type="text/javascript">
window.addEventListener("load", function() {
prepareAjaxForm('forumPostingForm', 'Making post...');
});
</script>
{% endblock %}

2
templates/yuuno/global/master.tpl
View file

@ -5,7 +5,7 @@
<meta charset="{{ sakura.charset }}" />
<title>{% block title %}{{ sakura.siteName }}{% endblock %}</title>
<meta name="description" content="{{ sakura.siteDesc }}" />
<meta name="keywords" content="{{ sakura.siteTags }}" />
<meta name="keywords" content="{{ sakura.siteTags|join(', ') }}" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
<meta name="msapplication-TileColor" content="#9475b2" />
<meta name="msapplication-TileImage" content="/content/images/icons/ms-icon-144x144.png" />