r20160102
why was there a variable called dick in hashing.php
This commit is contained in:
parent
348e30cf4c
commit
57cf99e900
12 changed files with 117 additions and 57 deletions
56
libraries/CSRF.php
Normal file
56
libraries/CSRF.php
Normal file
|
@ -0,0 +1,56 @@
|
|||
<?php
|
||||
/*
|
||||
* CSRF protection
|
||||
*/
|
||||
|
||||
namespace Sakura;
|
||||
|
||||
use Sakura\Hashing;
|
||||
|
||||
/**
|
||||
* Class CSRF
|
||||
* @package Sakura
|
||||
*/
|
||||
class CSRF
|
||||
{
|
||||
// Constants
|
||||
const ID_PREFIX = '_sakura_csrf_';
|
||||
const RANDOM_SIZE = 16;
|
||||
|
||||
// Create a new CSRF token
|
||||
public static function create($id)
|
||||
{
|
||||
// Generate a token
|
||||
$token = self::generate();
|
||||
|
||||
// Make identifier
|
||||
$id = strtoupper(self::ID_PREFIX . $id);
|
||||
|
||||
// Assign to session
|
||||
$_SESSION[$id] = $token;
|
||||
|
||||
// Return the token
|
||||
return $token;
|
||||
}
|
||||
|
||||
// Generate a CSRF token
|
||||
public static function generate()
|
||||
{
|
||||
return bin2hex(\mcrypt_create_iv(self::RANDOM_SIZE, MCRYPT_DEV_URANDOM));
|
||||
}
|
||||
|
||||
// Validate a CSRF token
|
||||
public static function validate($token, $id)
|
||||
{
|
||||
// Set id
|
||||
$id = strtoupper(self::ID_PREFIX . $id);
|
||||
|
||||
// Check if the token exists
|
||||
if (!array_key_exists($id, $_SESSION)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Use the slowEquals function from the hashing lib to validate
|
||||
return Hashing::slowEquals($token, $_SESSION[$id]);
|
||||
}
|
||||
}
|
|
@ -56,19 +56,20 @@ class Forum
|
|||
}
|
||||
|
||||
// Checking a permission
|
||||
public function permission($flag, $user) {
|
||||
public function permission($flag, $user, $raw = false)
|
||||
{
|
||||
// Set default permission value
|
||||
$perm = 0;
|
||||
|
||||
// Get the permissions of the parent forum if there is one
|
||||
if ($this->category) {
|
||||
$perm = $perm | $this->_permissions->user($user, ['forum_id' => [$this->category, '=']]);
|
||||
$perm = $perm | (new Forum($this->category))->permission($flag, $user, true);
|
||||
}
|
||||
|
||||
// Bitwise OR it with the permissions for this forum
|
||||
$perm = $perm | $this->_permissions->user($user, ['forum_id' => [$this->id, '=']]);
|
||||
|
||||
return $this->_permissions->check($flag, $perm);
|
||||
return $raw ? $perm : $this->_permissions->check($flag, $perm);
|
||||
}
|
||||
|
||||
// Subforums
|
||||
|
|
|
@ -85,7 +85,7 @@ class Hashing
|
|||
|
||||
$validate = self::slowEquals(
|
||||
$pbkdf2,
|
||||
$dick = self::pbkdf2(
|
||||
self::pbkdf2(
|
||||
$params[0],
|
||||
$password,
|
||||
$params[2],
|
||||
|
|
|
@ -27,7 +27,8 @@ class Perms
|
|||
}
|
||||
|
||||
// Change the mode
|
||||
public function mode($mode) {
|
||||
public function mode($mode)
|
||||
{
|
||||
// Split the mode variable
|
||||
$mode = explode('\\', $mode);
|
||||
|
||||
|
|
|
@ -29,7 +29,8 @@ class Rank
|
|||
protected static $_rankCache = [];
|
||||
|
||||
// Static initialiser
|
||||
public static function construct($rid, $forceRefresh = false) {
|
||||
public static function construct($rid, $forceRefresh = false)
|
||||
{
|
||||
// Check if a rank object isn't present in cache
|
||||
if ($forceRefresh || !array_key_exists($rid, self::$_rankCache)) {
|
||||
// If not create a new object and cache it
|
||||
|
|
|
@ -43,7 +43,8 @@ class User
|
|||
protected static $_userCache = [];
|
||||
|
||||
// Static initialiser
|
||||
public static function construct($uid, $forceRefresh = false) {
|
||||
public static function construct($uid, $forceRefresh = false)
|
||||
{
|
||||
// Check if a user object isn't present in cache
|
||||
if ($forceRefresh || !array_key_exists($uid, self::$_userCache)) {
|
||||
// If not create a new object and cache it
|
||||
|
|
|
@ -775,7 +775,7 @@ class Users
|
|||
if ($user->mainRank() == 2) {
|
||||
$user->setMainRank($premiumRank);
|
||||
}
|
||||
} elseif (!$check[0] && count($check) > 1) {
|
||||
} elseif (!$check[0]) {
|
||||
// Remove the expired entry
|
||||
Database::delete('premium', [
|
||||
'user_id' => [$user->id(), '='],
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
namespace Sakura;
|
||||
|
||||
// Define Sakura version
|
||||
define('SAKURA_VERSION', '20151231');
|
||||
define('SAKURA_VERSION', '20160102');
|
||||
define('SAKURA_VLABEL', 'Eminence');
|
||||
define('SAKURA_COLOUR', '#6C3082');
|
||||
|
||||
|
@ -37,6 +37,7 @@ require_once ROOT . 'libraries/Bans.php';
|
|||
require_once ROOT . 'libraries/BBcode.php';
|
||||
require_once ROOT . 'libraries/Comments.php';
|
||||
require_once ROOT . 'libraries/Config.php';
|
||||
require_once ROOT . 'libraries/CSRF.php';
|
||||
require_once ROOT . 'libraries/Database.php';
|
||||
require_once ROOT . 'libraries/File.php';
|
||||
require_once ROOT . 'libraries/Hashing.php';
|
||||
|
@ -145,7 +146,7 @@ if (!defined('SAKURA_NO_TPL')) {
|
|||
'siteName' => Config::get('sitename'),
|
||||
'siteLogo' => Config::get('sitelogo'),
|
||||
'siteDesc' => Config::get('sitedesc'),
|
||||
'siteTags' => implode(", ", json_decode(Config::get('sitetags'), true)),
|
||||
'siteTags' => json_decode(Config::get('sitetags'), true),
|
||||
'dateFormat' => Config::get('date_format'),
|
||||
'currentPage' => '//' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
|
||||
'referrer' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null),
|
||||
|
|
37
templates/yuuno/elements/editor.tpl
Normal file
37
templates/yuuno/elements/editor.tpl
Normal file
|
@ -0,0 +1,37 @@
|
|||
<form id="{{ editorFormId }}" method="post" action="{{ sakura.currentPage }}">
|
||||
<div class="head">Forum / Posting</div>
|
||||
<div class="posting-subject">
|
||||
<input type="text" class="inputStyling" name="subject" placeholder="Subject" value="{{ posting.subject }}" />
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-bbcodes">
|
||||
{% for code,meta in bbcode %}
|
||||
<button onclick="insertBBcode('postingText', '{{ code }}'{% if meta[2] %}, true{% endif %});" type="button"{% if meta[0] %} title="{{ meta[0] }}"{% endif %} class="inputStyling{% if meta[1] %} fa fa-{{ meta[1] }}{% endif %}" style="min-width: 0;">{% if not meta[1] %}{{ code }}{% endif %}</button>
|
||||
{% endfor %}
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-text">
|
||||
<textarea class="inputStyling" name="text" id="postingText">{{ posting.text }}</textarea>
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-emotes">
|
||||
{% for emoticon in posting.emoticons %}
|
||||
<img src="{{ emoticon.emote_path }}" alt="{{ emoticon.emote_string }}" title="{{ emoticon.emote_string }}" onclick="insertText('postingText', '{{ emoticon.emote_string }}')" />
|
||||
{% endfor %}
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-buttons">
|
||||
<input class="inputStyling" type="submit" name="post" value="Post" />
|
||||
<input class="inputStyling" type="button" onclick="{{ cancelTarget }}" value="Cancel" />
|
||||
</div>
|
||||
{% if posting.id %}
|
||||
<input type="hidden" name="id" value="posting.id" />
|
||||
{% endif %}
|
||||
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
|
||||
<input type="hidden" name="timestamp" value="{{ php.time }}" />
|
||||
<script type="text/javascript">
|
||||
window.addEventListener("load", function() {
|
||||
prepareAjaxForm('{{ editorFormId }}', 'Making post...');
|
||||
});
|
||||
</script>
|
||||
</form>
|
|
@ -1,55 +1,17 @@
|
|||
{% extends 'global/master.tpl' %}
|
||||
|
||||
{% set bbcode = {'b': ['Bold', 'bold'], 'i': ['Italic', 'italic'], 'u': ['Underline', 'underline'], 's': ['Strikethrough', 'strikethrough'], 'header': ['Header', 'header'], 'url': ['URL', 'chain'], 'code': ['Code', 'code'], 'spoiler': ['Spoiler', 'minus'], 'box': ['Spoiler box', 'folder', true], 'list': ['List', 'list-ul'], 'img': ['Image', 'picture-o'], 'youtube': ['YouTube video', 'youtube-play']} %}
|
||||
|
||||
{% set cancelTarget = 'history.go(-1);' %}
|
||||
|
||||
{% set editorFormId = 'forumPostingForm' %}
|
||||
|
||||
{% block title %}Posting{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="content">
|
||||
<div class="content-column forum posting">
|
||||
<form id="forumPostingForm" method="post" action="{{ sakura.currentPage }}">
|
||||
<div class="head">Forum / Posting</div>
|
||||
<div class="posting-subject">
|
||||
<input type="text" class="inputStyling" name="subject" placeholder="Subject" value="{{ posting.subject }}" />
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-bbcodes">
|
||||
<button onclick="insertBBcode('postingText', 'b');" type="button" title="Bold" class="inputStyling fa fa-bold" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'i');" type="button" title="Italic" class="inputStyling fa fa-italic" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'u');" type="button" title="Underline" class="inputStyling fa fa-underline" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 's');" type="button" title="Strikethrough" class="inputStyling fa fa-strikethrough" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'header');" type="button" title="Header" class="inputStyling fa fa-header" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'url');" type="button" title="Link" class="inputStyling fa fa-chain" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'spoiler');" type="button" title="Spoiler text" class="inputStyling fa fa-minus" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'box', true);" type="button" title="Spoiler box" class="inputStyling fa fa-square-o" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'list');" type="button" title="List (use [*] for entries)" class="inputStyling fa fa-list" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'img');" type="button" title="Image" class="inputStyling fa fa-picture-o" style="min-width: 0;"></button>
|
||||
<button onclick="insertBBcode('postingText', 'youtube');" type="button" title="YouTube video" class="inputStyling fa fa-youtube-play" style="min-width: 0;"></button>
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-text">
|
||||
<textarea class="inputStyling" name="text" id="postingText">{{ posting.text }}</textarea>
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-emotes">
|
||||
{% for emoticon in posting.emoticons %}
|
||||
<img src="{{ emoticon.emote_path }}" alt="{{ emoticon.emote_string }}" title="{{ emoticon.emote_string }}" onclick="insertText('postingText', '{{ emoticon.emote_string }}')" />
|
||||
{% endfor %}
|
||||
</div>
|
||||
<hr class="default" />
|
||||
<div class="posting-buttons">
|
||||
<input class="inputStyling" type="submit" name="post" value="Post" />
|
||||
<input class="inputStyling" type="button" onclick="history.go(-1);" value="Cancel" />
|
||||
</div>
|
||||
{% if posting.id %}
|
||||
<input type="hidden" name="id" value="posting.id" />
|
||||
{% endif %}
|
||||
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
|
||||
<input type="hidden" name="timestamp" value="{{ php.time }}" />
|
||||
</form>
|
||||
{% include 'elements/editor.tpl' %}
|
||||
</div>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
window.addEventListener("load", function() {
|
||||
prepareAjaxForm('forumPostingForm', 'Making post...');
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<meta charset="{{ sakura.charset }}" />
|
||||
<title>{% block title %}{{ sakura.siteName }}{% endblock %}</title>
|
||||
<meta name="description" content="{{ sakura.siteDesc }}" />
|
||||
<meta name="keywords" content="{{ sakura.siteTags }}" />
|
||||
<meta name="keywords" content="{{ sakura.siteTags|join(', ') }}" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
|
||||
<meta name="msapplication-TileColor" content="#9475b2" />
|
||||
<meta name="msapplication-TileImage" content="/content/images/icons/ms-icon-144x144.png" />
|
||||
|
|
Reference in a new issue