Skip to content

Commit 5413ac8

Browse files
committed
All users are now unified in the users table. Club and site administrators are determined by associations with groups in the user_groups table. Additionally, a few critical MySQL injection vulnerabilities are fixed in this revision.
1 parent 7c0bb66 commit 5413ac8

29 files changed

+427
-409
lines changed

Diff for: admin/comments.php

+5-5
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,15 @@
55
include("../include/session.php");
66

77
//check for $_REQUEST['id'] here because this page should never be accessed without an id set
8-
if(isset($_SESSION['admin_id']) && $_REQUEST['id']) {
9-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
10-
$admin_id = escape($_SESSION['admin_id']);
8+
if(isset($_SESSION['admin']) && isset($_REQUEST['id'])) {
9+
$club_id = $_SESSION['admin_club_id'];
10+
$user_id = $_SESSION['user_id'];
1111
$app_id = escape($_REQUEST['id']);
1212

1313
if($club_id != 0) {
1414
//retrieve and display comments (if not found in table, comments have not been set yet so default to blank)
1515
$current_comments = "";
16-
$result = mysql_query("SELECT comments FROM club_notes WHERE application_id='$app_id' AND admin_id='$admin_id'");
16+
$result = mysql_query("SELECT comments FROM club_notes WHERE application_id='$app_id' AND user_id='$user_id'");
1717
if($row = mysql_fetch_array($result)) {
1818
$current_comments = $row[0];
1919
}
@@ -23,6 +23,6 @@
2323
get_page_advanced("index", "admin", array('warning' => "General application admin does not have comments!"));
2424
}
2525
} else {
26-
header('Location: index.php?error=' . urlencode("You are not logged in!"));
26+
header('Location: index.php');
2727
}
2828
?>

Diff for: admin/easy_question.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
include("../include/apply_gen.php");
88
include("../include/latex.php");
99

10-
if(isset($_SESSION['admin_id'])) {
11-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
10+
if(isset($_SESSION['admin'])) {
11+
$club_id = $_SESSION['admin_club_id'];
1212

1313
if(isset($_REQUEST['type'])) {
1414
if(isset($_REQUEST['done'])) {

Diff for: admin/gen_pdf.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
include("../include/apply_gen.php");
88
include("../include/latex.php");
99

10-
if(isset($_SESSION['admin_id'])) {
11-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
10+
if(isset($_SESSION['admin'])) {
11+
$club_id = $_SESSION['admin_club_id'];
1212
include("category_manager.php"); //sets database and whereString based on club/category
1313

1414
$message = "";

Diff for: admin/index.php

+65-15
Original file line numberDiff line numberDiff line change
@@ -8,28 +8,78 @@
88
$error = $_REQUEST['error'];
99
}
1010

11-
if(isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
12-
$checkResult = checkAdmin($_REQUEST['username'], $_REQUEST['password']);
11+
if(!isset($_SESSION['admin']) && (isset($_SESSION['user_id']) || isset($_REQUEST['username'])) && isset($_REQUEST['password']) && isset($_REQUEST['club'])) {
12+
if(!isset($_SESSION['user_id'])) {
13+
//log in first
14+
$loginResult = checkLogin($_REQUEST['username'], $_REQUEST['password']);
15+
16+
if($result >= 0) {
17+
$_SESSION['user_id'] = $loginResult;
18+
} else if($result == -2) {
19+
$error = "Please try again later (you are locked out for too many failed attempts).";
20+
} else if($result == -3) {
21+
$error = "Login and registration are currently disabled.";
22+
} else if($result == -1) {
23+
$error = "Login information is not correct.";
24+
} else {
25+
$error = "Internal error!";
26+
}
27+
}
1328

14-
if($checkResult !== FALSE) {
15-
$_SESSION['admin_id'] = $checkResult;
16-
} else {
17-
$error = "Incorrect username/password. You may be locked from your account. ";
29+
//only continue if we haven't failed already
30+
if(isset($_SESSION['user_id'])) {
31+
$attempt_club_id = escape(intval($_REQUEST['club']));
32+
$checkResult = checkAdminLogin($_SESSION['user_id'], $_REQUEST['password'], $attempt_club_id);
33+
34+
if($checkResult === TRUE) {
35+
$_SESSION['admin'] = true;
36+
$_SESSION['admin_club_id'] = $attempt_club_id;
37+
38+
//make sure a admin_notes_settings entry exists for this user
39+
$result = mysql_query("SELECT COUNT(*) FROM admin_notes_settings WHERE user_id = '" . $_SESSION['user_id'] . "'");
40+
$row = mysql_fetch_row($result);
41+
42+
if($row[0] == 0) {
43+
mysql_query("INSERT INTO admin_notes_settings (user_id, box_enabled, cat_enabled, comment_enabled) VALUES ('" . $_SESSION['user_id'] . "', '0', '0', '0')");
44+
}
45+
} else if($checkResult === -1) {
46+
$error = "Login information is not correct.";
47+
} else if($checkResult === -2) {
48+
$error = "Please try again later (you are locked out for too many failed attempts).";
49+
} else if($checkResult === 1) {
50+
$error = "Invalid club specified.";
51+
}
1852
}
19-
} else if(isset($_REQUEST['action']) && isset($_SESSION['admin_id'])) {
53+
} else if(isset($_REQUEST['action']) && isset($_SESSION['admin'])) {
2054
if($_REQUEST['action'] == 'logout') {
21-
$success = "You are now logged out.";
22-
session_unset();
55+
$success = "You are now logged out of the club administration area.";
56+
unset($_SESSION['admin']);
57+
unset($_SESSION['admin_club_id']);
2358
}
2459
}
2560

26-
if(isset($_SESSION['admin_id'])) {
27-
get_page_advanced("index", "admin");
28-
} else if(isset($error)) {
29-
get_page_advanced("index_login", "admin", array('error' => $error));
61+
$parameters = array();
62+
63+
if(isset($error)) {
64+
$parameters['error'] = $error;
3065
} else if(isset($success)) {
31-
get_page_advanced("index_login", "admin", array('success' => $success));
66+
$parameters['success'] = $success;
67+
}
68+
69+
if(isset($_SESSION['admin'])) {
70+
get_page_advanced("index", "admin", $parameters);
3271
} else {
33-
get_page_advanced("index_login", "admin");
72+
if(isset($_SESSION['user_id'])) {
73+
$parameters['user_loggedin'] = true;
74+
$parameters['clubs'] = getAdminClubs($_SESSION['user_id']);
75+
} else {
76+
$parameters['user_loggedin'] = false;
77+
78+
//list normal clubs, and general application
79+
$parameters['clubs'] = listClubsIdName();
80+
$parameters['clubs'][0] = 'General application';
81+
}
82+
83+
get_page_advanced("index_login", "admin", $parameters);
3484
}
3585
?>

Diff for: admin/man_club.php

+24-46
Original file line numberDiff line numberDiff line change
@@ -4,65 +4,43 @@
44
include("../include/db_connect.php");
55
include("../include/session.php");
66

7-
if(isset($_SESSION['admin_id'])) {
8-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
9-
$admin_id = escape($_SESSION['admin_id']);
7+
if(isset($_SESSION['admin'])) {
8+
$club_id = $_SESSION['admin_club_id'];
9+
$user_id = $_SESSION['user_id'];
1010

1111
if($club_id != 0) {
12-
if(isset($_REQUEST['action'])){
13-
$currpass = mysql_query("SELECT password FROM admins WHERE id='" . $_SESSION['admin_id'] . "'");
14-
$currpass = mysql_fetch_array($currpass);
15-
if($_REQUEST['old_password']==$currpass[0]){
16-
if(isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time']) && isset($_REQUEST['user_type'])) {
17-
$description = escape($_REQUEST['description']);
18-
$view_time = strtotime($_REQUEST['view_time']);
19-
$open_time = strtotime($_REQUEST['open_time']);
20-
$close_time = strtotime($_REQUEST['close_time']);
21-
$num_recommend = escape($_REQUEST['num_recommend']);
22-
$user_type = escape($_REQUEST['user_type']);
23-
if($user_type == "Name"){
24-
$usernot = 1;
25-
} else {
26-
$usernot = 0;
27-
}
28-
29-
mysql_query("UPDATE clubs SET description='$description', view_time='$view_time', open_time='$open_time', close_time='$close_time', num_recommend='$num_recommend' WHERE id='$club_id'");
30-
$success = "Account Updated!";
31-
}
32-
if(isset($_REQUEST['new_password'])) {
33-
$changepass = changeAdminPass($admin_id,$_REQUEST['new_password'],$_REQUEST['new_password_conf']);
34-
if($changepass == 1){
35-
$success = "Password Updated!";
36-
} else if($changepass == -2){
37-
$error = "New password does not match!";
38-
} else {
39-
$error = "Invaid new password!";
40-
}
41-
}
42-
} else {
43-
$error = "Incorrect password! If you have forgotten this password, contact your rood advisor.";
44-
}
45-
} else {
46-
$info = "You need your current password to make any changes!";
12+
if(isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time'])) {
13+
$description = escape($_REQUEST['description']);
14+
$view_time = strtotime($_REQUEST['view_time']);
15+
$open_time = strtotime($_REQUEST['open_time']);
16+
$close_time = strtotime($_REQUEST['close_time']);
17+
$num_recommend = escape($_REQUEST['num_recommend']);
18+
19+
mysql_query("UPDATE clubs SET description='$description', view_time='$view_time', open_time='$open_time', close_time='$close_time', num_recommend='$num_recommend' WHERE id='$club_id'");
20+
$success = "Club updated successfully.";
4721
}
4822

49-
$result = mysql_query("SELECT c.name, a.email, c.description, c.view_time, c.open_time, c.close_time, c.num_recommend FROM clubs c, admins a WHERE c.id='$club_id' AND a.id='$admin_id'");
23+
$result = mysql_query("SELECT name, description, view_time, open_time, close_time, num_recommend FROM clubs WHERE id='$club_id'");
5024

5125
if($row = mysql_fetch_array($result)) {
52-
if( isset($error) ) {
53-
get_page_advanced("man_club", "admin", array('error'=> $error, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
26+
$parameters = array('club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']);
27+
28+
if(isset($error)) {
29+
$parameters['error'] = $error;
5430
} else if( isset($success) ){
55-
get_page_advanced("man_club", "admin", array('success' => $success, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
31+
$parameters['success'] = $success;
5632
} else if( isset($info) ){
57-
get_page_advanced("man_club", "admin", array('info' => $info, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
33+
$parameters['info'] = $info;
5834
} else if( isset($warning) ){
59-
get_page_advanced("man_club", "admin", array('warning' => $warning, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
60-
} else {
61-
get_page_advanced("man_club", "admin", array('email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
35+
$parameters['warning'] = $warning;
6236
}
37+
38+
get_page_advanced("man_club", "admin", $parameters);
6339
} else {
6440
get_page_advanced("message", "admin", array('message' => "Error: your club cannot be found in the clubs table.", 'title' => "Manage Club"));
6541
}
42+
} else {
43+
get_page_advanced("message", "admin", array('message' => "Error: general application does not have club settings.", 'title' => "Manage Club"));
6644
}
6745
} else {
6846
header('Location: index.php?error=' . urlencode("You are not logged in!"));

Diff for: admin/man_notes.php

+9-9
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@
44
include("../include/db_connect.php");
55
include("../include/session.php");
66

7-
if(isset($_SESSION['admin_id'])) {
8-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
9-
$admin_id = escape($_SESSION['admin_id']);
7+
if(isset($_SESSION['admin'])) {
8+
$club_id = $_SESSION['admin_club_id'];
9+
$user_id = $_SESSION['user_id'];
1010

1111
if($club_id != 0) {
1212
//first, notes enabled/disabled settings
@@ -15,11 +15,11 @@
1515
$cat_enabled = isset($_REQUEST['cat_enabled']) ? 1 : 0;
1616
$comment_enabled = isset($_REQUEST['comment_enabled']) ? 1 : 0;
1717

18-
mysql_query("UPDATE admins SET box_enabled = '$box_enabled', cat_enabled = '$cat_enabled', comment_enabled = '$comment_enabled' WHERE id = '" . $_SESSION['admin_id'] . "'");
18+
mysql_query("UPDATE admin_notes_settings SET box_enabled = '$box_enabled', cat_enabled = '$cat_enabled', comment_enabled = '$comment_enabled' WHERE user_id = '$user_id'");
1919
$success = "Note preferences updated successfully!";
2020
}
2121

22-
$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admins WHERE id='" . $_SESSION['admin_id'] . "'");
22+
$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admin_notes_settings WHERE user_id='$user_id'");
2323

2424
$box_enabled = false;
2525
$cat_enabled = false;
@@ -37,20 +37,20 @@
3737
$catName = escape($_REQUEST['name']);
3838

3939
if($_REQUEST['action'] == "delete") {
40-
mysql_query("DELETE FROM club_notes_categories WHERE admin_id = '$admin_id' AND name = '$catName'");
40+
mysql_query("DELETE FROM club_notes_categories WHERE club_id = '$club_id' AND name = '$catName'");
4141
$success = "Category deleted!";
4242
} else if($_REQUEST['action'] == "add") {
43-
$result = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id' AND name = '$catName'");
43+
$result = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id' AND name = '$catName'");
4444
if($row = mysql_fetch_array($result)) {
4545
$error = "Category already exists!";
4646
} else {
47-
mysql_query("INSERT INTO club_notes_categories (name, admin_id) VALUES ('$catName', '$admin_id')");
47+
mysql_query("INSERT INTO club_notes_categories (name, club_id) VALUES ('$catName', '$club_id')");
4848
$success = "Category added!";
4949
}
5050
}
5151
}
5252

53-
$result = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id'");
53+
$result = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id'");
5454
$categories = array();
5555

5656
while($row = mysql_fetch_array($result)) {

Diff for: admin/man_questions.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
include("../include/apply_gen.php");
88
include("../include/apply_admin.php");
99

10-
if(isset($_SESSION['admin_id'])) {
11-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
10+
if(isset($_SESSION['admin'])) {
11+
$club_id = $_SESSION['admin_club_id'];
1212
include("category_manager.php");
1313

1414
$message = "";

Diff for: admin/preview.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@
66

77
include("../include/apply_gen.php");
88

9-
if(isset($_SESSION['admin_id'])) {
10-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
9+
if(isset($_SESSION['admin'])) {
10+
$club_id = $_SESSION['admin_club_id'];
1111
include("category_manager.php");
1212

1313
$result = mysql_query("SELECT varname, vardesc, vartype FROM $database WHERE $whereString ORDER BY orderId");

Diff for: admin/statistics.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
include("../include/apply_gen.php");
88
include("../include/statistics.php");
99

10-
if(isset($_SESSION['admin_id'])) {
11-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
10+
if(isset($_SESSION['admin'])) {
11+
$club_id = $_SESSION['club_id'];
1212

1313
$adminStat = adminStatistics($club_id);
1414
$responseStat = responseStatistics($club_id, true, 8);

Diff for: admin/user_detail.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
include("../include/db_connect.php");
55
include("../include/session.php");
66

7-
if(isset($_SESSION['admin_id']) && isset($_REQUEST['id'])) {
7+
if(isset($_SESSION['admin']) && isset($_REQUEST['id'])) {
88
//todo: admins currently can get information of users that didn't apply to their club
99
$user_id = escape($_REQUEST['id']);
1010
$userinfo = getUserInformation($user_id); //userinfo is array(username, email)

Diff for: admin/view_recommendation.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
include("../include/db_connect.php");
55
include("../include/session.php");
66

7-
if(isset($_SESSION['admin_id']) && isset($_REQUEST['peer_pdf']) && isset($_REQUEST['user_id'])) {
7+
if(isset($_SESSION['admin']) && isset($_REQUEST['peer_pdf']) && isset($_REQUEST['user_id'])) {
88
//todo: admins can see any peer recommendations if they know the user ID
99
$peer_pdf = escape($_REQUEST['peer_pdf']);
1010
$user_id = escape($_REQUEST['user_id']);

Diff for: admin/view_submit.php

+9-8
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,15 @@
66

77
include("../include/apply_submit.php");
88

9-
if(isset($_SESSION['admin_id'])) {
10-
$club_id = escape(getAdminClub($_SESSION['admin_id']));
11-
$admin_id = escape($_SESSION['admin_id']);
9+
if(isset($_SESSION['admin'])) {
10+
$club_id = $_SESSION['admin_club_id'];
11+
$user_id = $_SESSION['user_id'];
1212

1313
if($club_id != 0) {
1414
//check if this admin is using textboxes and categories
15-
$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admins WHERE id='" . escape($_SESSION['admin_id']) . "'");
15+
$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admin_notes_settings WHERE user_id='$user_id'");
1616
$row = mysql_fetch_array($result);
17+
1718
$box_enabled = ($row['box_enabled'] == 1) ? true : false;
1819
$cat_enabled = ($row['cat_enabled'] == 1) ? true : false;
1920
$comment_enabled = ($row['comment_enabled'] == 1) ? true : false;
@@ -27,7 +28,7 @@
2728
//we will need to construct a map from the application database IDs to the box and category note values if enabled
2829
// we do this now so that we can check if an entry exists already for updating the notes table
2930
if($box_enabled || $cat_enabled || $comment_enabled) {
30-
$toolsResult = mysql_query("SELECT application_id, box, category, comments FROM club_notes WHERE admin_id = '$admin_id'");
31+
$toolsResult = mysql_query("SELECT application_id, box, category, comments FROM club_notes WHERE club_id = '$club_id'");
3132

3233
while($row = mysql_fetch_array($toolsResult)) {
3334
$toolsMap[$row['application_id']] = array($row['box'], $row['category'], $row['comments']);
@@ -46,7 +47,7 @@
4647
//if the tools map does not contain the ID, then we have to add it to database
4748
if(!isset($toolsMap[$application_id])) {
4849
$toolsMap[$application_id] = array('', '');
49-
mysql_query("INSERT INTO club_notes (application_id, admin_id) VALUES ('$application_id', '$admin_id')");
50+
mysql_query("INSERT INTO club_notes (application_id, club_id) VALUES ('$application_id', '$club_id')");
5051
}
5152

5253
//now we check what needs to be updated
@@ -71,7 +72,7 @@
7172

7273
if(strlen($updateString) > 0) {
7374
$updateString = substr($updateString, 0, -2);
74-
mysql_query("UPDATE club_notes SET $updateString WHERE application_id='$application_id' AND admin_id='$admin_id'");
75+
mysql_query("UPDATE club_notes SET $updateString WHERE application_id='$application_id' AND club_id='$club_id'");
7576
}
7677
}
7778
}
@@ -95,7 +96,7 @@
9596
//category filter manager
9697
if($cat_enabled) {
9798
//first, we retrieve a list of categories (this will be used in dropdown as well)
98-
$catResult = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id'");
99+
$catResult = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id'");
99100

100101
while($row = mysql_fetch_array($catResult)) {
101102
array_push($catList, $row[0]);

0 commit comments

Comments
 (0)