0ct0pu5/forkbb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Changed cookies, deleted o_database_revision

Browse source
This commit is contained in:
Visman 2017-01-15 17:46:39 +07:00
parent 41b38f3ebb
commit ec1e6af2b0
4 changed files with 19 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
app/Core/Cookie/UserCookie.php
View file

@ -5,6 +5,8 @@ namespace ForkBB\Core\Cookie;
class UserCookie
{
const NAME = 'user';
const KEY1 = 'key1';
const KEY2 = 'key2';
/**
* @var Secury
@ -78,28 +80,22 @@ class UserCookie
$ckUser = $this->cookie->get(self::NAME);
if (null === $ckUser
|| ! preg_match('%^([\+\-])(\d{1,10})\-(\d{10})\-([a-f\d]{32,})\-([a-f\d]{32,})$%Di', $ckUser, $matches)
|| ! preg_match('%^(\-)?(\d{1,10})_(\d{10})_([a-f\d]{32,})_([a-f\d]{32,})$%Di', $ckUser, $ms)
) {
return;
}
$remember = $matches[1] === '+';
$uId = (int) $matches[2];
$expTime = (int) $matches[3];
$passHash = $matches[4];
$ckHash = $matches[5];
if ($uId < 2
|| $expTime < time()
|| ! hash_equals($this->secury->hmac($uId . $expTime . $passHash, 'cookie'), $ckHash)
if (2 > $ms[2]
|| time() > $ms[3]
|| ! hash_equals($this->secury->hmac($ms[1] . $ms[2] . $ms[3] . $ms[4], self::KEY1), $ms[5])
) {
return;
}
$this->remember = $remember;
$this->uId = $uId;
$this->expTime = $expTime;
$this->passHash = $passHash;
$this->remember = empty($ms[1]);
$this->uId = (int) $ms[2];
$this->expTime = (int) $ms[3];
$this->passHash = $ms[4];
}
/**
@ -122,9 +118,8 @@ class UserCookie
*/
public function verifyHash($id, $hash)
{
return (int) $id === $this->uId
&& hash_equals($this->passHash, $this->secury->hmac($hash . $this->expTime, 'password'));
return $this->uId === (int) $id
&& hash_equals($this->passHash, $this->secury->hmac($hash . $this->expTime, self::KEY2));
}
/**
@ -144,22 +139,22 @@ class UserCookie
if ($remember
|| (null === $remember
&& (int) $id === $this->uId
&& $this->uId === (int) $id
&& $this->remember
)
) {
$expTime = time() + $this->timeMax;
$expire = $expTime;
$prefix = '+';
$pfx = '';
} else {
$expTime = time() + $this->timeMin;
$expire = 0;
$prefix = '-';
$pfx = '-';
}
$passHash = $this->secury->hmac($hash . $expTime, 'password');
$ckHash = $this->secury->hmac($id . $expTime . $passHash, 'cookie');
$passHash = $this->secury->hmac($hash . $expTime, self::KEY2);
$ckHash = $this->secury->hmac($pfx . $id . $expTime . $passHash, self::KEY1);
return $this->cookie->set(self::NAME, $prefix . $id . '-' . $expTime . '-' . $passHash . '-' . $ckHash, $expire);
return $this->cookie->set(self::NAME, $pfx . $id . '_' . $expTime . '_' . $passHash . '_' . $ckHash, $expire);
}
/**

1
app/Core/Install.php
View file

@ -1905,7 +1905,6 @@ foreach ($styles as $temp)
$pun_config = array(
's_fork_version' => FORK_VERSION,
'i_fork_revision' => FORK_REVISION,
'o_database_revision' => FORK_DB_REVISION,
'o_searchindex_revision' => FORK_SI_REVISION,
'o_parser_revision' => FORK_PARSER_REVISION,
'o_board_title' => $title,

11
db_update.php
View file

@ -9,7 +9,6 @@
// The FluxBB version this script updates to
define('UPDATE_TO', '0.0.0');
define('UPDATE_TO_VER_REVISION', 1);
define('UPDATE_TO_DB_REVISION', 21);
define('UPDATE_TO_SI_REVISION', 2.1);
define('UPDATE_TO_PARSER_REVISION', 2);
@ -663,17 +662,12 @@ switch ($stage)
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_cur_version\'') or error('Unable to delete config value \'o_cur_version\'', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_cur_ver_revision\'') or error('Unable to delete config value \'o_cur_ver_revision\'', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_database_revision\'') or error('Unable to delete config value \'o_database_revision\'', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_base_url\'') or error('Unable to delete config value \'o_base_url\'', __FILE__, __LINE__, $db->error());
$db->alter_field('users', 'password', 'VARCHAR(255)', false, '') or error('Unable to alter password field', __FILE__, __LINE__, $db->error());
}
// If we don't need to update the database, skip this stage
if (isset($pun_config['o_database_revision']) && $pun_config['o_database_revision'] >= UPDATE_TO_DB_REVISION)
break;
break;
@ -1332,9 +1326,6 @@ foreach ($errors[$id] as $cur_error)
// Обновляем номер сборки - Visman
$db->query('UPDATE '.$db->prefix.'config SET conf_value = \''.UPDATE_TO_VER_REVISION.'\' WHERE conf_name = \'i_fork_revision\'') or error('Unable to update revision', __FILE__, __LINE__, $db->error());
// And the database revision number
$db->query('UPDATE '.$db->prefix.'config SET conf_value = \''.UPDATE_TO_DB_REVISION.'\' WHERE conf_name = \'o_database_revision\'') or error('Unable to update database revision number', __FILE__, __LINE__, $db->error());
// And the search index revision number
$db->query('UPDATE '.$db->prefix.'config SET conf_value = \''.UPDATE_TO_SI_REVISION.'\' WHERE conf_name = \'o_searchindex_revision\'') or error('Unable to update search index revision number', __FILE__, __LINE__, $db->error());

1
include/common.php
View file

@ -12,7 +12,6 @@ if (!defined('PUN_ROOT'))
// Define the version and database revision that this code was written for
define('FORK_VERSION', '0.0.0');
define('FORK_REVISION', 1);
define('FORK_DB_REVISION', 21);
define('FORK_SI_REVISION', 2.1);
define('FORK_PARSER_REVISION', 2);