Skip to content

Commit

Permalink
Fix CSRF for module users
Browse files Browse the repository at this point in the history
  • Loading branch information
@vuthao
VINADES.,JSC authored and vuthao committed May 30, 2020
1 parent 4ef22d6 commit 4c395f9
Show file tree
Hide file tree
Showing 29 changed files with 212 additions and 168 deletions.
1 change: 1 addition & 0 deletions modules/users/action_mysql.php
View file
Expand Up @@ -216,6 +216,7 @@
checknum varchar(50) NOT NULL DEFAULT '',
users_info text,
openid_info text,
idsite(8) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (userid),
UNIQUE KEY login (username),
UNIQUE KEY md5username (md5username),
Expand Down
6 changes: 5 additions & 1 deletion modules/users/admin/config.php
View file
Expand Up @@ -35,14 +35,17 @@ function valid_name_config($array_name)
$array_config = [];

$oauth_config = $nv_Request->get_title('oauth_config', 'post,get');
$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $oauth_config);
if (preg_match('/^([a-z0-9\-\_]+)$/', $oauth_config, $m) and file_exists(NV_ROOTDIR . '/modules/users/admin/config_' . $oauth_config . '.php')) {
$page_title = sprintf($lang_module['oauth_config'], $oauth_config);

require NV_ROOTDIR . '/modules/users/admin/config_' . $oauth_config . '.php';
} else {
if ($nv_Request->isset_request('submit', 'post')) {
if ($checkss != $nv_Request->get_string('checkss', 'post')) {
nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&rand=' . nv_genpass());
}
$array_config['is_user_forum'] = $nv_Request->get_int('is_user_forum', 'post', 0);

$array_config['dir_forum'] = $nv_Request->get_string('dir_forum', 'post', 0);
if (!$array_config['is_user_forum'] or !is_dir(NV_ROOTDIR . '/' . $array_config['dir_forum'] . '/nukeviet')) {
$array_config['dir_forum'] = '';
Expand Down Expand Up @@ -235,6 +238,7 @@ function valid_name_config($array_name)
'index.html',
'.htaccess'
);
$array_config['checkss'] = $checkss;

$xtpl = new XTemplate('config.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('FORM_ACTION', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op);
Expand Down
22 changes: 12 additions & 10 deletions modules/users/admin/config_facebook.php
View file
Expand Up @@ -15,23 +15,25 @@
if ($nv_Request->isset_request('submit', 'post')) {
$array_config['oauth_client_id'] = ( string )$nv_Request->get_title('oauth_client_id', 'post', '');
$array_config['oauth_client_secret'] = $nv_Request->get_title('oauth_client_secret', 'post', '');
if ($checkss == $nv_Request->get_string('checkss', 'post')) {
$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");

$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");
$sth->bindValue(':config_name', 'facebook_client_id', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_id'], PDO::PARAM_STR);
$sth->execute();

$sth->bindValue(':config_name', 'facebook_client_id', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_id'], PDO::PARAM_STR);
$sth->execute();
$sth->bindValue(':config_name', 'facebook_client_secret', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_secret'], PDO::PARAM_STR);
$sth->execute();

$sth->bindValue(':config_name', 'facebook_client_secret', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_secret'], PDO::PARAM_STR);
$sth->execute();

nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
}
nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config . '&rand=' . nv_genpass());
} else {
$array_config['oauth_client_id'] = $global_config['facebook_client_id'];
$array_config['oauth_client_secret'] = $global_config['facebook_client_secret'];
$array_config['checkss'] = $checkss;

$xtpl = new XTemplate('config_oauth.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('FORM_ACTION', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config);
Expand Down
22 changes: 12 additions & 10 deletions modules/users/admin/config_google.php
View file
Expand Up @@ -15,23 +15,25 @@
if ($nv_Request->isset_request('submit', 'post')) {
$array_config['oauth_client_id'] = (string) $nv_Request->get_title('oauth_client_id', 'post', '');
$array_config['oauth_client_secret'] = $nv_Request->get_title('oauth_client_secret', 'post', '');
if ($checkss == $nv_Request->get_string('checkss', 'post')) {
$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");

$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");
$sth->bindValue(':config_name', 'google_client_id', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_id'], PDO::PARAM_STR);
$sth->execute();

$sth->bindValue(':config_name', 'google_client_id', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_id'], PDO::PARAM_STR);
$sth->execute();
$sth->bindValue(':config_name', 'google_client_secret', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_secret'], PDO::PARAM_STR);
$sth->execute();

$sth->bindValue(':config_name', 'google_client_secret', PDO::PARAM_STR);
$sth->bindParam(':config_value', $array_config['oauth_client_secret'], PDO::PARAM_STR);
$sth->execute();

nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
}
nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config . '&rand=' . nv_genpass());
} else {
$array_config['oauth_client_id'] = $global_config['google_client_id'];
$array_config['oauth_client_secret'] = $global_config['google_client_secret'];
$array_config['checkss'] = $checkss;

$xtpl = new XTemplate('config_oauth.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('FORM_ACTION', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config);
Expand Down
35 changes: 18 additions & 17 deletions modules/users/admin/config_single-sign-on.php
View file
Expand Up @@ -43,25 +43,26 @@

$_cas_config['config_field'] = $nv_Request->get_array('config_field', 'post', '');
$_cas_config['config_field_lock'] = $nv_Request->get_array('config_field_lock', 'post', '');

$config_sso = serialize($_cas_config);

try {
if (isset($global_config['config_sso'])) {
$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");
} else {
$sth = $db->prepare("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'site', :config_name, :config_value)");
if ($checkss == $nv_Request->get_string('checkss', 'post')) {
$config_sso = serialize($_cas_config);

try {
if (isset($global_config['config_sso'])) {
$sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'site' AND config_name = :config_name");
} else {
$sth = $db->prepare("INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'site', :config_name, :config_value)");
}

$sth->bindValue(':config_name', 'config_sso', PDO::PARAM_STR);
$sth->bindParam(':config_value', $config_sso, PDO::PARAM_STR);
$sth->execute();
} catch (PDOException $e) {
trigger_error($e->getMessage());
}

$sth->bindValue(':config_name', 'config_sso', PDO::PARAM_STR);
$sth->bindParam(':config_value', $config_sso, PDO::PARAM_STR);
$sth->execute();
} catch (PDOException $e) {
trigger_error($e->getMessage());
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
}

nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['config'], $page_title, $admin_info['userid']);
$nv_Cache->delAll();
nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config . '&rand=' . nv_genpass());
} elseif (isset($global_config['config_sso'])) {
$_cas_config = unserialize($global_config['config_sso']);
Expand Down Expand Up @@ -110,7 +111,7 @@
$field_lock[$key]['oncreate'] = ($value == 'oncreate') ? 'selected="selected"' : '';
$field_lock[$key]['onlogin'] = ($value == 'onlogin') ? 'selected="selected"' : '';
}

$_cas_config['checkss'] = $checkss;
$xtpl = new XTemplate('config_single-sign-on.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('FORM_ACTION', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&oauth_config=' . $oauth_config);
$xtpl->assign('LANG', $lang_module);
Expand Down
109 changes: 55 additions & 54 deletions modules/users/admin/del.php
View file
Expand Up @@ -20,71 +20,72 @@
$userids = array_filter(array_unique(array_map('intval', array_map('trim', explode(',', $userids)))));

$error = '';

foreach ($userids as $userid) {
$sql = 'SELECT admin_id FROM ' . NV_AUTHORS_GLOBALTABLE . ' WHERE admin_id=' . $userid;
$admin_id = $db->query($sql)->fetchColumn();
if ($admin_id) {
continue;
}

$sql = 'SELECT group_id, username, first_name, last_name, email, photo, in_groups, idsite FROM ' . NV_MOD_TABLE . ' WHERE userid=' . $userid;
$row = $db->query($sql)->fetch(3);
if (empty($row)) {
continue;
}

list($group_id, $username, $first_name, $last_name, $email, $photo, $in_groups, $idsite) = $row;

if ($global_config['idsite'] > 0 and $idsite != $global_config['idsite']) {
continue;
}

$query = $db->query('SELECT COUNT(*) FROM ' . NV_MOD_TABLE . '_groups_users WHERE group_id IN (1,2,3) AND userid=' . $userid);
if ($query->fetchColumn()) {
$error = $lang_module['delete_group_system'];
} else {
$userdelete = (!empty($first_name)) ? $first_name . ' (' . $username . ')' : $username;

$result = $db->exec('DELETE FROM ' . NV_MOD_TABLE . ' WHERE userid=' . $userid);
if (!$result) {
if (md5(NV_CHECK_SESSION . '_' . $module_name . '_main') == $nv_Request->get_string('checkss', 'post')) {
foreach ($userids as $userid) {
$sql = 'SELECT admin_id FROM ' . NV_AUTHORS_GLOBALTABLE . ' WHERE admin_id=' . $userid;
$admin_id = $db->query($sql)->fetchColumn();
if ($admin_id) {
continue;
}

$in_groups = explode(',', $in_groups);

try {
// Giảm thống kê số thành viên trong nhóm
$db->exec('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers-1 WHERE group_id IN (SELECT group_id FROM ' . NV_MOD_TABLE . '_groups_users WHERE userid=' . $userid . ' AND approved = 1)');
} catch (PDOException $e) {
trigger_error($e->getMessage());
}
try {
// Giảm thống kê số thành viên chính thức và số thành viên mới xuống
$db->query('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers-1 WHERE group_id=' . (($group_id == 7 or in_array(7, $in_groups)) ? 7 : 4));
} catch (PDOException $e) {
trigger_error($e->getMessage());
$sql = 'SELECT group_id, username, first_name, last_name, email, photo, in_groups, idsite FROM ' . NV_MOD_TABLE . ' WHERE userid=' . $userid;
$row = $db->query($sql)->fetch(3);
if (empty($row)) {
continue;
}
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_groups_users WHERE userid=' . $userid);
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_openid WHERE userid=' . $userid);
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_info WHERE userid=' . $userid);

nv_insert_logs(NV_LANG_DATA, $module_name, 'log_del_user', 'userid ' . $userid, $admin_info['userid']);
list($group_id, $username, $first_name, $last_name, $email, $photo, $in_groups, $idsite) = $row;

if (!empty($photo) and is_file(NV_ROOTDIR . '/' . $photo)) {
@nv_deletefile(NV_ROOTDIR . '/' . $photo);
if ($global_config['idsite'] > 0 and $idsite != $global_config['idsite']) {
continue;
}

if (sizeof($userids) < 5) {
$subject = $lang_module['delconfirm_email_title'];
$message = sprintf($lang_module['delconfirm_email_content'], $userdelete, $global_config['site_name']);
$message = nl2br($message);
nv_sendmail([$global_config['site_name'], $global_config['site_email']], $email, $subject, $message);
$query = $db->query('SELECT COUNT(*) FROM ' . NV_MOD_TABLE . '_groups_users WHERE group_id IN (1,2,3) AND userid=' . $userid);
if ($query->fetchColumn()) {
$error = $lang_module['delete_group_system'];
} else {
$userdelete = (!empty($first_name)) ? $first_name . ' (' . $username . ')' : $username;

$result = $db->exec('DELETE FROM ' . NV_MOD_TABLE . ' WHERE userid=' . $userid);
if (!$result) {
continue;
}

$in_groups = explode(',', $in_groups);

try {
// Giảm thống kê số thành viên trong nhóm
$db->exec('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers-1 WHERE group_id IN (SELECT group_id FROM ' . NV_MOD_TABLE . '_groups_users WHERE userid=' . $userid . ' AND approved = 1)');
} catch (PDOException $e) {
trigger_error($e->getMessage());
}
try {
// Giảm thống kê số thành viên chính thức và số thành viên mới xuống
$db->query('UPDATE ' . NV_MOD_TABLE . '_groups SET numbers = numbers-1 WHERE group_id=' . (($group_id == 7 or in_array(7, $in_groups)) ? 7 : 4));
} catch (PDOException $e) {
trigger_error($e->getMessage());
}
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_groups_users WHERE userid=' . $userid);
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_openid WHERE userid=' . $userid);
$db->query('DELETE FROM ' . NV_MOD_TABLE . '_info WHERE userid=' . $userid);

nv_insert_logs(NV_LANG_DATA, $module_name, 'log_del_user', 'userid ' . $userid, $admin_info['userid']);

if (!empty($photo) and is_file(NV_ROOTDIR . '/' . $photo)) {
@nv_deletefile(NV_ROOTDIR . '/' . $photo);
}

if (sizeof($userids) < 5) {
$subject = $lang_module['delconfirm_email_title'];
$message = sprintf($lang_module['delconfirm_email_content'], $userdelete, $global_config['site_name']);
$message = nl2br($message);
nv_sendmail([$global_config['site_name'], $global_config['site_email']], $email, $subject, $message);
}
}
}
}

$nv_Cache->delMod($module_name);
$nv_Cache->delMod($module_name);
}

if ($error) {
nv_htmlOutput('ERROR_' . $error);
Expand Down
10 changes: 8 additions & 2 deletions modules/users/admin/edit.php
View file
Expand Up @@ -83,8 +83,14 @@

$access_passus = (isset($access_admin['access_passus'][$admin_info['level']]) and $access_admin['access_passus'][$admin_info['level']] == 1) ? true : false;
$_user = $custom_fields = [];

$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $userid);
if ($nv_Request->isset_request('confirm', 'post')) {
if ($checkss != $nv_Request->get_string('checkss', 'post')) {
nv_jsonOutput([
'status' => 'error',
'mess' => 'Error Session, Please close the browser and try again'
]);
}
$_user['username'] = $nv_Request->get_title('username', 'post', '', 1);
$_user['email'] = nv_strtolower($nv_Request->get_title('email', 'post', '', 1));
if ($access_passus) {
Expand Down Expand Up @@ -364,6 +370,7 @@
$_user = $row;
$_user['password1'] = $_user['password2'] = '';
$_user['in_groups'] = $array_old_groups;
$_user['checkss'] = $checkss;

$sql = 'SELECT * FROM ' . NV_MOD_TABLE . '_info WHERE userid=' . $userid;
$result = $db->query($sql);
Expand Down Expand Up @@ -398,7 +405,6 @@
$xtpl->assign('FORM_ACTION', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&amp;' . NV_NAME_VARIABLE . '=' . $module_name . '&amp;' . NV_OP_VARIABLE . '=edit&amp;userid=' . $userid);
$xtpl->assign('NV_BASE_SITEURL', NV_BASE_SITEURL);
$xtpl->assign('NV_LANG_INTERFACE', NV_LANG_INTERFACE);

$xtpl->assign('NV_REDIRECT', $nv_redirect);

if (defined('NV_IS_USER_FORUM')) {
Expand Down
6 changes: 5 additions & 1 deletion modules/users/admin/groups.php
View file
Expand Up @@ -529,6 +529,7 @@
if (defined('NV_IS_SPADMIN')) {
$post = [];
$post['id'] = $nv_Request->get_int('id', 'get');
$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $post['id']);

if ($nv_Request->isset_request('edit', 'get')) {
if (empty($post['id']) or !isset($groupsList[$post['id']]) or $groupsList[$post['id']]['idsite'] != $global_config['idsite']) {
Expand All @@ -549,6 +550,9 @@
}

if ($nv_Request->isset_request('save', 'post')) {
if ($checkss != $nv_Request->get_string('checkss', 'post')) {
die('Error Session, Please close the browser and try again');
}
// Sửa / Thêm full thông tin
if (empty($post['id']) or $post['id'] > 9) {
$post['title'] = $nv_Request->get_title('title', 'post', '', 1);
Expand Down Expand Up @@ -752,7 +756,7 @@
if (!empty($post['group_avatar']) and is_file(NV_UPLOADS_REAL_DIR . '/' . $module_upload . '/' . $post['group_avatar'])) {
$post['group_avatar'] = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/' . $post['group_avatar'];
}

$post['checkss'] = $checkss;
$xtpl->assign('CONFIG', $post['config']);
$xtpl->assign('DATA', $post);

Expand Down
2 changes: 1 addition & 1 deletion modules/users/admin/main.php
View file
Expand Up @@ -259,6 +259,7 @@
$xtpl->assign('SEARCH_VALUE', nv_htmlspecialchars($methodvalue));
$xtpl->assign('TABLE_CAPTION', $table_caption);
$xtpl->assign('HEAD', $head_tds);
$xtpl->assign('CHECKSESS', md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op));

if (defined('NV_IS_USER_FORUM')) {
$xtpl->parse('main.is_forum');
Expand Down Expand Up @@ -299,7 +300,6 @@
} else {
$u['active_obj'] = 'N/A';
}

$xtpl->assign('CONTENT_TD', $u);
$xtpl->assign('NV_BASE_SITEURL', NV_BASE_SITEURL);
$xtpl->assign('NV_ADMIN_THEME', $global_config['admin_theme']);
Expand Down

0 comments on commit 4c395f9

Please sign in to comment.