Skip to content
Permalink
Browse files
Fixed most of exploits.
  • Loading branch information
@Clawed
Clawed committed Jun 2, 2013
1 parent 45b1ee9 commit caf1600
Show file tree
Hide file tree
Showing 17 changed files with 41 additions and 7 deletions.
1 admin/index.php
View file
@@ -4,6 +4,7 @@

if(!isLogged()) {
header ("Location: login.php");
exit;
}

if(isset($_GET["_page"])) {
2 admin/logout.php
View file
@@ -3,6 +3,6 @@
require_once "admin_required.php";

unset($_SESSION["HK_Username"], $_SESSION["HK_HashedPass"]);
header ("Location: http://zaphotel.net/me");
header ("Location: http://zaphotel.net/me"); exit;

?>
1 admin/pages/editnews.php
View file
@@ -10,6 +10,7 @@
}
else if(!isset($_GET["articleId"])) {
header("Location: " . WWW . "/admin/index.php?_page=writenews");
exit;
}
else {
$id = filter($_GET["articleId"]);
4 admin/pages/login.php
View file
@@ -3,6 +3,7 @@
if(!defined('In_ZapHK')) { exit; }
if(isLogged()) {
header ("Location: index.php?_page=dashboard");
exit;
}

if(isset($_POST["Username"]) && isset($_POST["Password"])) {
@@ -12,7 +13,8 @@
$_SESSION["Username"] = $_SESSION["HK_Username"];
$_SESSION["HashedPassword"] = $_SESSION["HK_HashedPass"];

header ("Location: index.php?_page=dashboard");
header ("Location: index.php?_page=dashboard");
exit;
}
else {
die('Incorrect login.');
10 engine/lightcms.php
View file
@@ -151,7 +151,7 @@ public static function drawNewsList($selectedId) {
echo "<li>" . $newslist['title'] . "</li>";
}
else {
echo "<li><a href='" . WWW . "/articles/" . $_seo . "'>" . stripslashes($newslist['title']) . "</a></li>";
echo "<li><a href='" . WWW . "/articles/" . $_seo . "'>" . htmlentities(stripslashes($newslist['title'])) . "</a></li>";
}
}
}
@@ -171,9 +171,9 @@ public static function getHotCampaigns() {
echo '<li class="' . $oddEven . '">
<div class="hotcampaign-container">
<a href="' . $url . '">
<img src="' . $imgurl . '" align="left" alt="' . $camps['caption'] . '"/></a>
<h3>' . $camps['caption'] . '</h3>
<p>' . $camps['descr'] . '</p>
<img src="' . $imgurl . '" align="left" alt="' . htmlentities(stripslashes($camps['caption'])) . '"/></a>
<h3>' . htmlentities(stripslashes($camps['caption'])) . '</h3>
<p>' . htmlentities(stripslashes($camps['descr'])) . '</p>
<p class="link"><a href="' . $url . '">Go there &raquo;</a></p>
</div>';
}
@@ -287,7 +287,7 @@ public static function getWallComments($pageid) {
echo "<br /><br /><a href='" . WWW . "/user/" . $users->idToName($pageid) . "&deleteComment=" . $cData['id'] . "'>Delete</a>";
}
echo "</center></td>";
echo "<td>" . stripslashes($cData["message"]);
echo "<td>" . htmlentities(stripslashes($cData["message"]));
echo "</td>";
echo "</tr>";

3 index.php
View file
@@ -19,13 +19,15 @@
if(!isset($_GET["novote"]) && $light->thehabbos_enabled && $light->isVotingOnline()) {
$vote_uri = str_replace('/', '!', WWW);
header ("Location: http://votingapi.com/vote.php?username=" . $light->thehabbos_username . "&api=" . $vote_uri . "!?novote");
exit;
}

$tpl->assign('loginError', null);
$tpl->assign('title', 'Welcome to the best Retro on the web');

if ($users->isLogged()) {
header ("Location: /me");
exit;
}
if (isset($_POST["credentials_username"]) && isset($_POST["credentials_password"])) {
$u = $db->real_escape_string($_POST["credentials_username"]);
@@ -35,6 +37,7 @@
$_SESSION["Username"] = $users->userVar($u, 'username');
$_SESSION["HashedPassword"] = $p;
header ("Location: " . WWW . "/me");
exit;
}
else {
$tpl->assign('LoginError', 'Invalid username or password.');
2 maintenance.php
View file
@@ -17,9 +17,11 @@

if(!$light->maintenance) {
header ("Location: " . WWW . "/");
exit;
}
else if($users->isLogged()) {
header ("Location: " . WWW . "/me");
exit;
}

$tpl->assign('title', 'Maintenance break');
1 me.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ("Location: " . WWW . "/");
exit;
}

define('MeSelected', true);
1 news.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ("Location: " . WWW . "/");
exit;
}

define('CommunitySelected', true);
2 pincode.php
View file
@@ -16,6 +16,7 @@

if(!$light->pin_enabled) {
header ("Location: " . WWW . "/client");
exit;
}

if(isset($_SESSION["Attempts"])) {
@@ -32,6 +33,7 @@
if($pin == $currentPin) {
$_SESSION["Pincode_Passed"] = true;
header ("Location: " . WWW . "/client");
exit;
}
else {
if(!isset($_SESSION["Attempts"])) {
1 profile.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ("Location: " . WWW . "/");
exit;
}

define('MeSelected', true);
13 register.php
View file
@@ -16,9 +16,11 @@

if($users->isLogged()) {
header ("Location: " . WWW . "/me");
exit;
}
else if(!$light->reg_enabled) {
header ("Location: " . WWW . "/index.php?registerDisabled");
exit;
}
else if(isset($_GET["_error"])) {
$gerr = $db->real_escape_string($_GET["_error"]);
@@ -37,6 +39,7 @@

if($db->lnumrows("SELECT null FROM users WHERE ip_last = '" . $_SERVER["REMOTE_ADDR"] . "' OR ip_reg = '" . $_SERVER["REMOTE_ADDR"] . "'") >= $light->max_per_ip) {
header ("Location: " . WWW . "/index.php?maxAccountsReached");
exit;
}

$tpl->assign('title', 'Register an account');
@@ -57,11 +60,13 @@
$_SESSION["_userAge"] = $d . "/" . $m . "/" . $y;
$_SESSION["_userGender"] = $g;
header ("Location: " . WWW . "/quickregister/email_password");
exit;
}
}
else if($s == 3) { // email_password - get their email and their password for future logins
if(!isset($_SESSION["_ageGatePass"]) || !isset($_SESSION["_userAge"]) || !isset($_SESSION["_userGender"])) {
header ("Location: " . WWW . "/quickregister/age_gate/error");
exit;
}
else {
$tpl->draw('quickregister-step2');
@@ -78,6 +83,7 @@
$t = $db->real_escape_string($_POST["bean_termsOfServiceSelection"]);
if(!$users->isUsernameValid($u)) {
header("Location: " . WWW . "/quickregister/email_password_submit/invalid_username");
exit;
}
else {
if($e == $e2 && $users->isEmailValid($e)) {
@@ -88,18 +94,22 @@
$_SESSION["_userPassword"] = $p;
$_SESSION["_userName"] = $u;
header("Location: " . WWW . "/quickregister/captcha");
exit;
}
else {
header("Location: " . WWW . "/quickregister/email_password_submit/invalid_password");
exit;
}
}
else {
header("Location: " . WWW . "/quickregister/email_password_submit/invalid_email");
exit;
}
}
}
else {
header ("Location: " . WWW . "/quickregister/email_password_submit/fields");
exit;
}
}
else if($s == 5) {
@@ -140,14 +150,17 @@
unset($user_password);

header ("Location: " . WWW . "/me");
exit;
}
else {
header ("Location: " . WWW . "/quickregister/captcha/error");
exit;
}
}
}
else {
header("Location: " . WWW . "/quickregister/captcha");
exit;
}
}
?>
3 required.php
View file
@@ -37,9 +37,12 @@
if($light->maintenance && !defined("NO_MAINT_HERE")) {
if(!$users->isLogged()) {
header ("Location: " . WWW . "/maintenance.php");
exit;
}
else if($users->isLogged() && USER_RANK < 6) {
header ("Location: " . WWW . "/maintenance.php");
exit;

}
}

1 signout.php
View file
@@ -17,5 +17,6 @@
unset($_SESSION["Username"]);
unset($_SESSION["HashedPassword"]);
header ("Location: " . WWW . "/");
exit;

?>
1 staff.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ("Location: " . WWW . "/");
exit;
}

define('StaffPageSelected', true);
1 userprofile.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ('Location: ' . WWW . '/');
exit;
}

define('UserProfileTabSelected', true);
1 vip.php
View file
@@ -16,6 +16,7 @@

if(!$users->isLogged()) {
header ('Location: ' . WWW . '/');
exit;
}

define('VipTabSelected', true);

0 comments on commit caf1600

Please sign in to comment.