Netsyms/HACHEMembershipPortal
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent loading public parts outside of index.php, remove unused code from requiredpublic.php

Browse Source
This commit is contained in:
Skylar Ittner 2018-12-17 19:06:57 -07:00
parent b21b5ca423
commit afb82c4072
6 changed files with 31 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
lib/requiredpublic.php
View File

@ -18,6 +18,13 @@ if (!DEBUG) {
ini_set('display_errors', 'On'); ini_set('display_errors', 'On');
} }
$libs = glob(__DIR__ . "/*.lib.php");
foreach ($libs as $lib) {
require_once $lib;
}
$IN_SITE = true;
ini_set('session.gc_maxlifetime', 3600 * 2); ini_set('session.gc_maxlifetime', 3600 * 2);
session_set_cookie_params(0); session_set_cookie_params(0);
@ -81,88 +88,3 @@ try {
//header('HTTP/1.1 500 Internal Server Error'); //header('HTTP/1.1 500 Internal Server Error');
sendError("Database error. Try again later. $ex"); sendError("Database error. Try again later. $ex");
} }
function getdatabase() {
global $database;
return $database;
}
function getsiteid() {
global $database;
if (isset($_GET['siteid'])) {
$id = preg_replace("/[^0-9]/", '', $_GET['siteid']);
if ($database->has('sites', ["siteid" => $id])) {
return $id;
}
}
$host = $_SERVER['HTTP_HOST'];
$args = $_SERVER['QUERY_STRING'];
$path = str_replace("?$args", "", $_SERVER['REQUEST_URI']);
$dir = str_replace("index.php", "", $path);
$sites = $database->select("sites", ["siteid", "url"], ["OR" => ["url[~]" => $host, "url" => $dir]]);
//var_dump($sites);
if (count($sites) == 1) {
return $sites[0]["siteid"];
}
if (count($sites) > 1) {
//var_dump($sites);
//die();
return $sites[0]['siteid'];
}
return $database->get("sites", "siteid");
}
function getpageslug() {
global $database;
if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
$id = "index";
}
if ($database->has("pages", ["AND" => ["slug" => $id, "siteid" => getsiteid()]])) {
return $id;
}
return null;
}
function getpageid() {
global $database;
if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
$id = "index";
}
$siteid = getsiteid();
if ($database->has("pages", ["AND" => ["slug" => $id, "siteid" => $siteid]])) {
return $database->get("pages", "pageid", ["AND" => ["slug" => $id, "siteid" => $siteid]]);
}
return null;
}
function getpagetemplate() {
global $database;
$slug = getpageslug();
if (isset($_GET['template'])) {
return preg_replace("/[^A-Za-z0-9]/", '', $_GET['template']);
}
if (!is_null($slug)) {
return $database->get("pages", "template", ["AND" => ["slug" => $slug, "siteid" => getsiteid()]]);
}
return "404";
}
function formatsiteurl($url) {
if (substr($url, 0) != "/") {
if (strpos($url, "http://") !== 0 && strpos($url, "https://") !== 0) {
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off") {
$url = "http://$url";
} else {
$url = "https://$url";
}
}
}
if (substr($url, -1) != "/") {
$url = $url . "/";
}
return $url;
}

4
public/parts/entry.php
View File

@ -5,6 +5,10 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
if (empty($IN_SITE)) {
die("Access denied.");
}
session_destroy(); session_destroy();
?> ?>
<div class="container mt-4"> <div class="container mt-4">

4
public/parts/renew.php
View File

@ -4,6 +4,10 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
if (empty($IN_SITE)) {
die("Access denied.");
}
?> ?>
<div class="container mt-4"> <div class="container mt-4">
<div class="row justify-content-center"> <div class="row justify-content-center">

8
public/parts/signup.php
View File

@ -5,6 +5,10 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
if (empty($IN_SITE)) {
die("Access denied.");
}
$familyname = ""; $familyname = "";
$fathername = ""; $fathername = "";
$mothername = ""; $mothername = "";
@ -40,8 +44,8 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_
// expired before we submitted the thing // expired before we submitted the thing
if (isset($_SESSION['familyid'])) { if (isset($_SESSION['familyid'])) {
?> ?>
<input type="hidden" name="renewing" value="1" /> <input type="hidden" name="renewing" value="1" />
<?php <?php
} }
?> ?>
<div class="card mb-4"> <div class="card mb-4">

4
public/parts/thanks.php
View File

@ -4,6 +4,10 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
if (empty($IN_SITE)) {
die("Access denied.");
}
?> ?>
<div class="container mt-4"> <div class="container mt-4">
<div class="card mb-4 bg-success text-white"> <div class="card mb-4 bg-success text-white">

7
public/parts/verify.php
View File

@ -5,8 +5,9 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
require_once __DIR__ . "/../../lib/Email.lib.php"; if (empty(IN_SITE)) {
die("Access denied.");
}
$badcode = false; $badcode = false;
if (!empty($_POST['email'])) { if (!empty($_POST['email'])) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
@ -20,7 +21,7 @@ if (!empty($_POST['email'])) {
$code = mt_rand(100000, 999999); $code = mt_rand(100000, 999999);
$_SESSION['code'] = $code; $_SESSION['code'] = $code;
$_SESSION['maybefamily'] = $database->get('families', 'familyid', ['email' => strtolower($_POST['email'])]); $_SESSION['maybefamily'] = $familyid;
try { try {
$verification = new Email(); $verification = new Email();