All users are now unified in the users table. Club and site administr…

…ators are determined by associations with groups in the user_groups table. Additionally, a few critical MySQL injection vulnerabilities are fixed in this revision.
uakfdotb · May 10, 2012 · 5413ac8 · 5413ac8
1 parent 7c0bb66
commit 5413ac8
Show file tree

Hide file tree

Showing 29 changed files with 427 additions and 409 deletions.
diff --git a/admin/comments.php b/admin/comments.php
@@ -5,15 +5,15 @@
 include("../include/session.php");
 
 //check for $_REQUEST['id'] here because this page should never be accessed without an id set
-if(isset($_SESSION['admin_id']) && $_REQUEST['id']) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
-	$admin_id = escape($_SESSION['admin_id']);
+if(isset($_SESSION['admin']) && isset($_REQUEST['id'])) {
+	$club_id = $_SESSION['admin_club_id'];
+	$user_id = $_SESSION['user_id'];
 	$app_id = escape($_REQUEST['id']);
 
 	if($club_id != 0) {
 		//retrieve and display comments (if not found in table, comments have not been set yet so default to blank)
 		$current_comments = "";
-		$result = mysql_query("SELECT comments FROM club_notes WHERE application_id='$app_id' AND admin_id='$admin_id'");
+		$result = mysql_query("SELECT comments FROM club_notes WHERE application_id='$app_id' AND user_id='$user_id'");
 		if($row = mysql_fetch_array($result)) {
 			$current_comments = $row[0];
 		}
@@ -23,6 +23,6 @@
 		get_page_advanced("index", "admin", array('warning' => "General application admin does not have comments!"));
 	}
 } else {
-	header('Location: index.php?error=' . urlencode("You are not logged in!"));
+	header('Location: index.php');
 }
 ?>
diff --git a/admin/easy_question.php b/admin/easy_question.php
@@ -7,8 +7,8 @@
 include("../include/apply_gen.php");
 include("../include/latex.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
 
 	if(isset($_REQUEST['type'])) {
 		if(isset($_REQUEST['done'])) {

diff --git a/admin/gen_pdf.php b/admin/gen_pdf.php
@@ -7,8 +7,8 @@
 include("../include/apply_gen.php");
 include("../include/latex.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
 	include("category_manager.php"); //sets database and whereString based on club/category
 
 	$message = "";

diff --git a/admin/index.php b/admin/index.php
@@ -8,28 +8,78 @@
 	$error = $_REQUEST['error'];
 }
 
-if(isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
-	$checkResult = checkAdmin($_REQUEST['username'], $_REQUEST['password']);
+if(!isset($_SESSION['admin']) && (isset($_SESSION['user_id']) || isset($_REQUEST['username'])) && isset($_REQUEST['password']) && isset($_REQUEST['club'])) {
+	if(!isset($_SESSION['user_id'])) {
+		//log in first
+		$loginResult = checkLogin($_REQUEST['username'], $_REQUEST['password']);
+
+		if($result >= 0) {
+			$_SESSION['user_id'] = $loginResult;
+		} else if($result == -2) {
+			$error = "Please try again later (you are locked out for too many failed attempts).";
+		} else if($result == -3) {
+			$error = "Login and registration are currently disabled.";
+		} else if($result == -1) {
+			$error = "Login information is not correct.";
+		} else {
+			$error = "Internal error!";
+		}
+	}
 
-	if($checkResult !== FALSE) {
-		$_SESSION['admin_id'] = $checkResult;
-	} else {
-		$error = "Incorrect username/password. You may be locked from your account. ";
+	//only continue if we haven't failed already
+	if(isset($_SESSION['user_id'])) {
+		$attempt_club_id = escape(intval($_REQUEST['club']));
+		$checkResult = checkAdminLogin($_SESSION['user_id'], $_REQUEST['password'], $attempt_club_id);
+
+		if($checkResult === TRUE) {
+			$_SESSION['admin'] = true;
+			$_SESSION['admin_club_id'] = $attempt_club_id;
+
+			//make sure a admin_notes_settings entry exists for this user
+			$result = mysql_query("SELECT COUNT(*) FROM admin_notes_settings WHERE user_id = '" . $_SESSION['user_id'] . "'");
+			$row = mysql_fetch_row($result);
+
+			if($row[0] == 0) {
+				mysql_query("INSERT INTO admin_notes_settings (user_id, box_enabled, cat_enabled, comment_enabled) VALUES ('" . $_SESSION['user_id'] . "', '0', '0', '0')");
+			}
+		} else if($checkResult === -1) {
+			$error = "Login information is not correct.";
+		} else if($checkResult === -2) {
+			$error = "Please try again later (you are locked out for too many failed attempts).";
+		} else if($checkResult === 1) {
+			$error = "Invalid club specified.";
+		}
 	}
-} else if(isset($_REQUEST['action']) && isset($_SESSION['admin_id'])) {
+} else if(isset($_REQUEST['action']) && isset($_SESSION['admin'])) {
 	if($_REQUEST['action'] == 'logout') {
-		$success = "You are now logged out.";
-		session_unset();
+		$success = "You are now logged out of the club administration area.";
+		unset($_SESSION['admin']);
+		unset($_SESSION['admin_club_id']);
 	}
 }
 
-if(isset($_SESSION['admin_id'])) {
-	get_page_advanced("index", "admin");
-} else if(isset($error)) {
-	get_page_advanced("index_login", "admin", array('error' => $error));
+$parameters = array();
+
+if(isset($error)) {
+	$parameters['error'] = $error;
 } else if(isset($success)) {
-	get_page_advanced("index_login", "admin", array('success' => $success));
+	$parameters['success'] = $success;
+}
+
+if(isset($_SESSION['admin'])) {
+	get_page_advanced("index", "admin", $parameters);
 } else {
-	get_page_advanced("index_login", "admin");
+	if(isset($_SESSION['user_id'])) {
+		$parameters['user_loggedin'] = true;
+		$parameters['clubs'] = getAdminClubs($_SESSION['user_id']);
+	} else {
+		$parameters['user_loggedin'] = false;
+
+		//list normal clubs, and general application
+		$parameters['clubs'] = listClubsIdName();
+		$parameters['clubs'][0] = 'General application';
+	}
+
+	get_page_advanced("index_login", "admin", $parameters);
 }
 ?>
diff --git a/admin/man_club.php b/admin/man_club.php
@@ -4,65 +4,43 @@
 include("../include/db_connect.php");
 include("../include/session.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
-	$admin_id = escape($_SESSION['admin_id']);
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
+	$user_id = $_SESSION['user_id'];
 
 	if($club_id != 0) {
-		if(isset($_REQUEST['action'])){
-			$currpass = mysql_query("SELECT password FROM admins WHERE id='" . $_SESSION['admin_id'] . "'");
-			$currpass = mysql_fetch_array($currpass);
-			if($_REQUEST['old_password']==$currpass[0]){
-				if(isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time']) && isset($_REQUEST['user_type'])) {
-					$description = escape($_REQUEST['description']);
-					$view_time = strtotime($_REQUEST['view_time']);
-					$open_time = strtotime($_REQUEST['open_time']);
-					$close_time = strtotime($_REQUEST['close_time']);
-					$num_recommend = escape($_REQUEST['num_recommend']);
-					$user_type = escape($_REQUEST['user_type']);
-					if($user_type == "Name"){
-						$usernot = 1;
-					} else {
-						$usernot = 0;
-					}
-
-					mysql_query("UPDATE clubs SET description='$description', view_time='$view_time', open_time='$open_time', close_time='$close_time', num_recommend='$num_recommend' WHERE id='$club_id'");
-					$success = "Account Updated!";
-				}
-				if(isset($_REQUEST['new_password'])) {
-					$changepass = changeAdminPass($admin_id,$_REQUEST['new_password'],$_REQUEST['new_password_conf']);
-					if($changepass == 1){
-						$success = "Password Updated!";
-					} else if($changepass == -2){
-						$error = "New password does not match!";
-					} else {
-						$error = "Invaid new password!";
-					}
-				}
-			} else {
-				$error = "Incorrect password! If you have forgotten this password, contact your rood advisor.";
-			}
-		} else {
-			$info = "You need your current password to make any changes!";
+		if(isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time'])) {
+			$description = escape($_REQUEST['description']);
+			$view_time = strtotime($_REQUEST['view_time']);
+			$open_time = strtotime($_REQUEST['open_time']);
+			$close_time = strtotime($_REQUEST['close_time']);
+			$num_recommend = escape($_REQUEST['num_recommend']);
+
+			mysql_query("UPDATE clubs SET description='$description', view_time='$view_time', open_time='$open_time', close_time='$close_time', num_recommend='$num_recommend' WHERE id='$club_id'");
+			$success = "Club updated successfully.";
 		}
 
-		$result = mysql_query("SELECT c.name, a.email, c.description, c.view_time, c.open_time, c.close_time, c.num_recommend FROM clubs c, admins a WHERE c.id='$club_id' AND a.id='$admin_id'");
+		$result = mysql_query("SELECT name, description, view_time, open_time, close_time, num_recommend FROM clubs WHERE id='$club_id'");
 
 		if($row = mysql_fetch_array($result)) {
-			if( isset($error) ) {
-				get_page_advanced("man_club", "admin", array('error'=> $error, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
+			$parameters = array('club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']);
+
+			if(isset($error)) {
+				$parameters['error'] = $error;
 			} else if( isset($success) ){
-				get_page_advanced("man_club", "admin", array('success' => $success, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
+				$parameters['success'] = $success;
 			} else if( isset($info) ){
-				get_page_advanced("man_club", "admin", array('info' => $info, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
+				$parameters['info'] = $info;
 			} else if( isset($warning) ){
-				get_page_advanced("man_club", "admin", array('warning' => $warning, 'email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
-			} else {
-				get_page_advanced("man_club", "admin", array('email' => $row['email'], 'club_name' => $row['name'], 'description' => $row['description'], 'view_time' => $row['view_time'], 'open_time' => $row['open_time'], 'close_time' => $row['close_time'], 'num_recommend' => $row['num_recommend']));
+				$parameters['warning'] = $warning;
 			}
+
+			get_page_advanced("man_club", "admin", $parameters);
 		} else {
 			get_page_advanced("message", "admin", array('message' => "Error: your club cannot be found in the clubs table.", 'title' => "Manage Club"));
 		}
+	} else {
+			get_page_advanced("message", "admin", array('message' => "Error: general application does not have club settings.", 'title' => "Manage Club"));
 	}
 } else {
 	header('Location: index.php?error=' . urlencode("You are not logged in!"));

diff --git a/admin/man_notes.php b/admin/man_notes.php
@@ -4,9 +4,9 @@
 include("../include/db_connect.php");
 include("../include/session.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
-	$admin_id = escape($_SESSION['admin_id']);
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
+	$user_id = $_SESSION['user_id'];
 
 	if($club_id != 0) {
 		//first, notes enabled/disabled settings
@@ -15,11 +15,11 @@
 			$cat_enabled = isset($_REQUEST['cat_enabled']) ? 1 : 0;
 			$comment_enabled = isset($_REQUEST['comment_enabled']) ? 1 : 0;
 
-			mysql_query("UPDATE admins SET box_enabled = '$box_enabled', cat_enabled = '$cat_enabled', comment_enabled = '$comment_enabled' WHERE id = '" . $_SESSION['admin_id'] . "'");
+			mysql_query("UPDATE admin_notes_settings SET box_enabled = '$box_enabled', cat_enabled = '$cat_enabled', comment_enabled = '$comment_enabled' WHERE user_id = '$user_id'");
 			$success = "Note preferences updated successfully!";
 		}
 
-		$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admins WHERE id='" . $_SESSION['admin_id'] . "'");
+		$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admin_notes_settings WHERE user_id='$user_id'");
 
 		$box_enabled = false;
 		$cat_enabled = false;
@@ -37,20 +37,20 @@
 			$catName = escape($_REQUEST['name']);
 
 			if($_REQUEST['action'] == "delete") {
-				mysql_query("DELETE FROM club_notes_categories WHERE admin_id = '$admin_id' AND name = '$catName'");
+				mysql_query("DELETE FROM club_notes_categories WHERE club_id = '$club_id' AND name = '$catName'");
 				$success = "Category deleted!";
 			} else if($_REQUEST['action'] == "add") {
-				$result = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id' AND name = '$catName'");
+				$result = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id' AND name = '$catName'");
 				if($row = mysql_fetch_array($result)) {
 					$error = "Category already exists!";
 				} else {
-					mysql_query("INSERT INTO club_notes_categories (name, admin_id) VALUES ('$catName', '$admin_id')");
+					mysql_query("INSERT INTO club_notes_categories (name, club_id) VALUES ('$catName', '$club_id')");
 					$success = "Category added!";
 				}
 			}
 		}
 
-		$result = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id'");
+		$result = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id'");
 		$categories = array();
 
 		while($row = mysql_fetch_array($result)) {

diff --git a/admin/man_questions.php b/admin/man_questions.php
@@ -7,8 +7,8 @@
 include("../include/apply_gen.php");
 include("../include/apply_admin.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
 	include("category_manager.php");
 
 	$message = "";

diff --git a/admin/preview.php b/admin/preview.php
@@ -6,8 +6,8 @@
 
 include("../include/apply_gen.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
 	include("category_manager.php");
 
 	$result = mysql_query("SELECT varname, vardesc, vartype FROM $database WHERE $whereString ORDER BY orderId");

diff --git a/admin/statistics.php b/admin/statistics.php
@@ -7,8 +7,8 @@
 include("../include/apply_gen.php");
 include("../include/statistics.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['club_id'];
 
 	$adminStat = adminStatistics($club_id);
 	$responseStat = responseStatistics($club_id, true, 8);

diff --git a/admin/user_detail.php b/admin/user_detail.php
@@ -4,7 +4,7 @@
 include("../include/db_connect.php");
 include("../include/session.php");
 
-if(isset($_SESSION['admin_id']) && isset($_REQUEST['id'])) {
+if(isset($_SESSION['admin']) && isset($_REQUEST['id'])) {
 	//todo: admins currently can get information of users that didn't apply to their club
 	$user_id = escape($_REQUEST['id']);
 	$userinfo = getUserInformation($user_id); //userinfo is array(username, email)

diff --git a/admin/view_recommendation.php b/admin/view_recommendation.php
@@ -4,7 +4,7 @@
 include("../include/db_connect.php");
 include("../include/session.php");
 
-if(isset($_SESSION['admin_id']) && isset($_REQUEST['peer_pdf']) && isset($_REQUEST['user_id'])) {
+if(isset($_SESSION['admin']) && isset($_REQUEST['peer_pdf']) && isset($_REQUEST['user_id'])) {
 	//todo: admins can see any peer recommendations if they know the user ID
 	$peer_pdf = escape($_REQUEST['peer_pdf']);
 	$user_id = escape($_REQUEST['user_id']);

diff --git a/admin/view_submit.php b/admin/view_submit.php
@@ -6,14 +6,15 @@
 
 include("../include/apply_submit.php");
 
-if(isset($_SESSION['admin_id'])) {
-	$club_id = escape(getAdminClub($_SESSION['admin_id']));
-	$admin_id = escape($_SESSION['admin_id']);
+if(isset($_SESSION['admin'])) {
+	$club_id = $_SESSION['admin_club_id'];
+	$user_id = $_SESSION['user_id'];
 
 	if($club_id != 0) {
 		//check if this admin is using textboxes and categories
-		$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admins WHERE id='" . escape($_SESSION['admin_id']) . "'");
+		$result = mysql_query("SELECT box_enabled, cat_enabled, comment_enabled FROM admin_notes_settings WHERE user_id='$user_id'");
 		$row = mysql_fetch_array($result);
+
 		$box_enabled = ($row['box_enabled'] == 1) ? true : false;
 		$cat_enabled = ($row['cat_enabled'] == 1) ? true : false;
 		$comment_enabled = ($row['comment_enabled'] == 1) ? true : false;
@@ -27,7 +28,7 @@
 		//we will need to construct a map from the application database IDs to the box and category note values if enabled
 		// we do this now so that we can check if an entry exists already for updating the notes table
 		if($box_enabled || $cat_enabled || $comment_enabled) {
-			$toolsResult = mysql_query("SELECT application_id, box, category, comments FROM club_notes WHERE admin_id = '$admin_id'");
+			$toolsResult = mysql_query("SELECT application_id, box, category, comments FROM club_notes WHERE club_id = '$club_id'");
 
 			while($row = mysql_fetch_array($toolsResult)) {
 				$toolsMap[$row['application_id']] = array($row['box'], $row['category'], $row['comments']);
@@ -46,7 +47,7 @@
 					//if the tools map does not contain the ID, then we have to add it to database
 					if(!isset($toolsMap[$application_id])) {
 						$toolsMap[$application_id] = array('', '');
-						mysql_query("INSERT INTO club_notes (application_id, admin_id) VALUES ('$application_id', '$admin_id')");
+						mysql_query("INSERT INTO club_notes (application_id, club_id) VALUES ('$application_id', '$club_id')");
 					}
 
 					//now we check what needs to be updated
@@ -71,7 +72,7 @@
 
 					if(strlen($updateString) > 0) {
 						$updateString = substr($updateString, 0, -2);
-						mysql_query("UPDATE club_notes SET $updateString WHERE application_id='$application_id' AND admin_id='$admin_id'");
+						mysql_query("UPDATE club_notes SET $updateString WHERE application_id='$application_id' AND club_id='$club_id'");
 					}
 				}
 			}
@@ -95,7 +96,7 @@
 		//category filter manager
 		if($cat_enabled) {
 			//first, we retrieve a list of categories (this will be used in dropdown as well)
-			$catResult = mysql_query("SELECT name FROM club_notes_categories WHERE admin_id = '$admin_id'");
+			$catResult = mysql_query("SELECT name FROM club_notes_categories WHERE club_id = '$club_id'");
 
 			while($row = mysql_fetch_array($catResult)) {
 				array_push($catList, $row[0]);