Skip to content

Commit

Permalink
Update VCounter
Browse files Browse the repository at this point in the history 
Update VCounter
  • Loading branch information
@auracms
auracms committed Jan 31, 2014
1 parent bc61f1a commit 4fe9d0d
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions mod/statistik/vcounter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,29 +27,29 @@ function usersOnline () {
function ipCheck() {

if (getenv('HTTP_CLIENT_IP')) {
$ip = getenv('HTTP_CLIENT_IP');
$ip = mysql_real_escape_string(getenv('HTTP_CLIENT_IP'));
}
elseif (getenv('HTTP_X_FORWARDED_FOR')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
$ip = mysql_real_escape_string(getenv('HTTP_X_FORWARDED_FOR'));
}
elseif (getenv('HTTP_X_FORWARDED')) {
$ip = getenv('HTTP_X_FORWARDED');
$ip = mysql_real_escape_string(getenv('HTTP_X_FORWARDED'));
}
elseif (getenv('HTTP_FORWARDED_FOR')) {
$ip = getenv('HTTP_FORWARDED_FOR');
$ip = mysql_real_escape_string(getenv('HTTP_FORWARDED_FOR'));
}
elseif (getenv('HTTP_FORWARDED')) {
$ip = getenv('HTTP_FORWARDED');
$ip = mysql_real_escape_string(getenv('HTTP_FORWARDED'));
}
else {
$ip = $_SERVER['REMOTE_ADDR'];
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
}
return $ip;
}

function new_user() {
global $db;
$insert = $db->sql_query("INSERT INTO `mod_useronline` (`timestamp`, `ip`) VALUES ('mysql_real_escape_string($this->timestamp)', 'mysql_real_escape_string($this->ip)')");
$insert = $db->sql_query("INSERT INTO `mod_useronline` (`timestamp`, `ip`) VALUES ('$this->timestamp', '$this->ip')");
if (!$insert) {
$this->error[$this->i] = "Unable to record new visitor\r\n";
$this->i ++;
Expand Down Expand Up @@ -120,7 +120,7 @@ function count_users() {

$yesterdaystart = $daystart - (24*60*60);
$now = time();
$ip = getIP();
$ip = mysql_real_escape_string(getIP());


$r = mysql_query("SELECT MAX( id ) AS total FROM `mod_visitcounter`");
Expand All @@ -140,12 +140,12 @@ function count_users() {
//$query = mysql_query ("DELETE FROM `mod_visitcounter` WHERE `id`<'$temp'");
}

$item = mysql_fetch_assoc(mysql_query ("SELECT COUNT(*) AS `total` FROM `mod_visitcounter` WHERE `ip`='mysql_real_escape_string($ip)' AND (tm+'$locktime')>'$now'"));
$item = mysql_fetch_assoc(mysql_query ("SELECT COUNT(*) AS `total` FROM `mod_visitcounter` WHERE `ip`='$ip' AND (tm+'$locktime')>'$now'"));
$items = $item['total'];

if (empty($items))
{
mysql_query ("INSERT INTO `mod_visitcounter` (`id`, `tm`, `ip`) VALUES ('', '$now', 'mysql_real_escape_string($ip)')");
mysql_query ("INSERT INTO `mod_visitcounter` (`id`, `tm`, `ip`) VALUES ('', '$now', '$ip')");
}

$n = $all_visitors;
Expand Down

2 comments on commit 4fe9d0d

@fgeek
Copy link

@fgeek fgeek commented on 4fe9d0d Feb 11, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2014-1401 http://osvdb.org/101938

You should add information to commit message when you fix security vulnerabilities and create a security announcement in your webpage.

@auracms
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oke Thanks

Please sign in to comment.