v1.5.6.5 - Fixed non-admin AV scans.

-v1.5.6.5.
-Under some circumstances (when config.php was incorrect) HRCloud2 would allow users to skip AV scans even though the admin has specified them
-Now users are forced to comply with the latest Admin settings on every operation.
-Sensitive variables are securely (properly) null'ed and unset.

commonCore.php

@@ -87,7 +87,6 @@
 // / The followind code hashes the user ID and sets the directory structure for the session.
 $ServerID = hash('ripemd160', $UniqueServerName.$Salts);
 $UserID = hash('ripemd160', $UserIDRAW.$Salts);
-$AdminID = 1;
 $SesHash = substr(hash('ripemd160', $Date.$UserID.$Salts), -7);
 $LogLoc = $InstLoc.'/DATA/'.$UserID.'/.AppData';
 $LogInc = 0;
@@ -289,11 +288,38 @@
   $ClamLogDir = $SesLogDir.'/VirusLog_'.$ClamLogFileInc.'_'.$Date.'.txt'; } 
 // / -----------------------------------------------------------------------------------
 
+// / -----------------------------------------------------------------------------------
+// / The following code reads the Admin configuration settings and sets temporary variables.
+$AdminIDRAW = 1;
+$AdminID = hash('ripemd160', $AdminIDRAW.$Salts);
+$adminAppDataInstDir = $InstLoc.'/DATA/'.$AdminID.'/.AppData';
+$AdminConfig = $adminAppDataInstDir.'/.config.php';
+if (!file_exists($AdminConfig)) { 
+  chmod($AdminConfig, 0755); 
+  chown($AdminConfig, 'www-data'); }
+include ($AdminConfig);
+$AV = $VirusScan;
+$HP = $HighPerformanceAV;
+$TH = $ThoroughAV; 
+$PS = $PersistentAV;
+if (!file_exists($AdminConfig)) { 
+  $txt = ('ERROR!!! HRC2CommonCore151, There was a problem creating the admin config file on '.$Time.'!'); 
+  $MAKELogFile = file_put_contents($LogFile, $txt.PHP_EOL, FILE_APPEND); 
+  die ('ERROR!!! HRC2CommonCore151, There was a problem creating the admin config file on '.$Time.'!'); }
+if (file_exists($AdminConfig)) {
+  include ($AdminConfig); }
+$AdminIDRAW = null;
+$AdminID = null;
+$adminAppDataInstDir = null;
+$AdminConfig = null;  
+unset ($AdminIDRAW, $AdminID, $adminAppDataInstDir, $AdminConfig);
+// / -----------------------------------------------------------------------------------
+
 // / -----------------------------------------------------------------------------------
 // / The following code loads the user config file if it exists and creates one if it does not.
 if (!file_exists($UserConfig)) { 
-  @chmod($UserConfig, 0755); 
-  @chown($UserConfig, 'www-data'); } 
+  chmod($UserConfig, 0755); 
+  chown($UserConfig, 'www-data'); } 
 if (!file_exists($UserConfig)) { 
   copy($LogInstallDir.'.config.php', $UserConfig); }
 if (!file_exists($UserConfig)) { 
@@ -304,6 +330,14 @@
   include ($UserConfig); }
 // / -----------------------------------------------------------------------------------
 
+// / -----------------------------------------------------------------------------------
+// / The following code re-sets some variables for security. Just-in-case the UserConfig is compromised.
+$VirusScan = $AV;
+$HighPerformanceAV = $HP;
+$ThoroughAV = $TH;
+$PersistentAV = $PS;
+// / -----------------------------------------------------------------------------------
+
 // / -----------------------------------------------------------------------------------
 // / The following code sync's the users AppData between the CloudLoc and the InstLoc.
 if (!file_exists($appDataCloudDir)) {
@@ -379,5 +413,4 @@
 if ($ColorScheme == '5') {
   echo ('<link rel="stylesheet" type="text/css" href="'.$URL.'/HRProprietary/HRCloud2/Styles/styleBLACK.css">'); }
 // / -----------------------------------------------------------------------------------
-
 ?>

compatibilityCore.php

@@ -2,7 +2,7 @@
 
 /*
 HRCLOUD2 VERSION INFORMATION
-THIS VERSION : v1.5.6.4
+THIS VERSION : v1.5.6.5
 WRITTEN ON : 6/6/2017
 */
 

versionInfo.php

@@ -1,4 +1,4 @@
 <?php 
 // / This file contains the current HRCloud2 version for auto-update purposes.
   // / 
-$Version = 'v1.5.6.4';
+$Version = 'v1.5.6.5';