taiosBlockadePPLassyPadnaviNQABugsQTronsssnakessstacoemtronserver

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - Koreanमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishOëzbekcha - Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 507

  → / @ 516

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 507 → Rev 516

/install.sql
66,7 → 66,7
PRIMARY KEY(ID)
);
INSERT INTO Users VALUES (1, 0, "admin", SHA1("password"), "admins@tim32.org", "Tim32 Admin", 0);
INSERT INTO Users VALUES (1, 0, "admin", SHA1("passwordrostok"), "admins@tim32.org", "Tim32 Admin", "rostok", "rostok", 0);
INSERT INTO BlogPosts VALUES(1, -1, 1, "Welcome to Tim32!", "Welcome to the new Tim32 website! It has had a complete design re-think to make it simpler and easier to use!", NOW(), "Tim32", FALSE);
INSERT INTO Projects VALUES (1, 1, "TAIOS", "TAIOS (The All In One System) is a PHP based system to make the Tim32 website very self contained and altogether.", "http://websvn.kde.org/*checkout*/trunk/kdesupport/oxygen-icons/64x64/categories/applications-internet.png", "", "http://tim32.org/~tom/taios/", "SVN", NOW());
INSERT INTO ForumCategories VALUES (1, -1, "Tim32", "Talk about Tim32 in here");

/projects/edit-project-do.php
2,6 → 2,8
require '../_taios.php';
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
$page = new Taios_Page('Edit Project', '../');
$project = $page->getProject($page->getPostID());

/projects/edit-project.php
62,6 → 62,7
<td class="bold"></td>
<td><input type="submit" value="Edit Project" /></td>
</tr>
<input type="hidden" name="csrftoken" value=""<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
</table>
</form>

/projects/add-project-do.php
2,6 → 2,8
require '../_taios.php';
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
$page = new Taios_Page('Add Project', '../');
$title = $_POST['title'];

/projects/add-project.php
54,6 → 54,7
<td class="bold"></td>
<td><input type="submit" value="Add Project" /></td>
</tr>
<input type="hidden" name="csrftoken" value=""<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
</table>
</form>

/_taios.php
356,10 → 356,10
$user->accessID = $row['AccessID'];
$user->username = $row['Username'];
$user->password = $row['Password'];
$user->salt = $row['Salt'];
$user->emailAddress = $row['EmailAddress'];
$user->name = $row['Name'];
$user->csrftoken = $row['CSRFToken'];
$user->salt = $row['Salt'];
$user->challengeID = $row['ChallengeID'];
return $user;
476,6 → 476,33
return sha1($salt . $pass);
}
function rndString($len = 8) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
$clen = strlen($chars);
$res = '';
for ($i = $len - 1; $i >= 0; $i--) {
$res .= $chars[rand(0, $clen - 1)];
}
return $res;
}
function getCSRFToken($id) {
$token = $this->rndString();
$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
return $token;
}
function checkCSRFToken($id, $token) {
$user = $this->getUserByID($id);
if ($token !== $user->csrftoken) {
die("a death");
}
$this->getCSRFToken($id); // change to something else so we can't re-use it
}
function getGetID() {
$id = $_GET['id'];
if (empty($id)) {
502,9 → 529,9
public $accessID;
public $username;
public $password;
public $salt;
public $emailAddress;
public $name;
public $salt;
public $csrftoken;
public $challengeID;

/blog/edit-post.php
28,6 → 28,8
$error = '';
if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
$title = $_POST['title'];
$content = $_POST['content'];
$category = $_POST['category'];
71,8 → 73,9
<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
<tr>
<tr>
<td class="bold"></td>
<td><input type="submit" value="Edit" /></td>
</tr>

/blog/add-post.php
21,6 → 21,8
if (isset($_POST['post']))
{
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
$title = $_POST['title'];
$content = $_POST['content'];
$parentID = $_POST['parentID'];
78,6 → 80,7
</tr>
<input type="hidden" name="post" value="yes" />
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
<?php
write('<input type="hidden" name="parentID" value="' . getParentID() . '" />');

/register-do.php
44,8 → 44,8
$salt = $username . "horses";
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args);
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args);
$page->redirect('login.php');