Navigation

← Previous Changeset
Next Changeset →

Changeset 446

Timestamp:

02/22/06 00:19:09 (3 years ago)

Author:

anarcat

Message:

[project @ alternc: changeset 2004-11-04 06:56:49 by anonymous]
mettre ma menace énoncée dans le bug 293 à exécution: change $nocheck
pour une constante, pour éviter le hijacking éventuel, si quelqu'un
avait oublié de le "setter" avant d'inclure config.php la config est
maintenant faite directement dans config.php. pour sauter le check de
sécurité, on inclus config_nochk.php (comme avant), qui lui règle la
constante NOCHECK.

Original author: anonymous
Date: 2004-11-04 06:56:49

Files:

bureau/class/config.php (modified) (2 diffs)
bureau/class/config_nochk.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

bureau/class/config.php

r222	r446
1	1	<?php
2	2	/*
3		$Id: config.php,v 1.~~6 2004/05/19 14:23:06 benjamin~~ Exp $
	3	$Id: config.php,v 1.7 2004/11/04 06:56:49 anonymous Exp $
4	4	----------------------------------------------------------------------
5	5	AlternC - Web Hosting System
…	…
29	29	*/
30	30
31		$nocheck=0;
32		require_once("config_real.php");
	31	/* Toutes les pages du bureau passent ici. On utilise une sémaphore pour
	32	s'assurer que personne ne pourra accéder à 2 pages du bureau en même temps.
	33	*/
	34
	35	/*
	36	if (getenv("REMOTE_ADDR")!="81.56.98.108") {
	37	echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br>
	38	Merci de revenir plus tard.";
	39	exit();
	40	}
	41	*/
	42
	43	// 1. Get a semaphore id for the alternc magic number (18577)
	44	$alternc_sem = sem_get ( 18577 );
	45	// 2. Declare the shutdown function, that release the semaphore
	46	function alternc_shutdown() {
	47	global $alternc_sem;
	48	sem_release( $alternc_sem );
	49	}
	50	// 3. Register the shutdown function
	51	register_shutdown_function("alternc_shutdown");
	52	// 4. Acquire the semaphore : with that process,
	53	sem_acquire( $alternc_sem );
	54
	55	if (!get_magic_quotes_gpc()) {
	56	echo "MAGIC QUOTES GPC IS DISABLED ! It's a bug in your php4 configuration, please fix it !!";
	57	exit();
	58	}
	59
	60
	61
	62	/* PHPLIB inclusions : */
	63	$root="/var/alternc/bureau/";
	64	/* Server Domain Name */
	65	$host=getenv("HTTP_HOST");
	66
	67	/* Global variables (AlternC configuration) */
	68	require_once($root."class/local.php");
	69
	70	require_once($root."class/db_mysql.php");
	71	require_once($root."class/functions.php");
	72
	73	// Classe héritée de la classe db de la phplib.
	74	class DB_system extends DB_Sql {
	75	var $Host,$Database,$User,$Password;
	76	function DB_system() {
	77	global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD;
	78	$this->Host = $L_MYSQL_HOST;
	79	$this->Database = $L_MYSQL_DATABASE;
	80	$this->User = $L_MYSQL_LOGIN;
	81	$this->Password = $L_MYSQL_PWD;
	82	}
	83	}
	84
	85	$db= new DB_system();
	86
	87	// Current User ID = the user whose commands are made on behalf of.
	88	$cuid=0;
	89
	90	$classes=array();
	91	/* CLASSES PHP4 : automatic include : */
	92	$c=opendir($root."class/");
	93	while ($di=readdir($c)) {
	94	if (ereg("^m_(.*)\\.php$",$di,$match)) { // $
	95	$name1="m_".$match[1];
	96	$name2=$match[1];
	97	$classes[]=$name2;
	98	require_once($root."class/".$name1.".php");
	99	}
	100	}
	101	closedir($c);
	102	/* THE DEFAULT CLASSES ARE :
	103	dom, ftp, mail, quota, bro, admin, mem, mysql, err
	104	*/
	105
	106
	107	/* Language */
	108	bindtextdomain("alternc", "/var/alternc/bureau/locales");
	109
	110	if (!$do_not_set_lang_env) {
	111	// setlang is on the link at the login page
	112	if ($setlang) {
	113	$lang=$setlang;
	114	}
	115	// default language (can be changed here)
	116	$language="fr_FR";
	117	if (!$lang) {
	118	// Use the browser first preferred language
	119	$lang=strtolower(substr(trim($HTTP_ACCEPT_LANGUAGE),0,5));
	120	}
	121	// treat special cases such as en_UK or fr_BF :
	122	if (substr($lang,0,2)=="en") {
	123	$language ='en_US';
	124	}
	125	if (substr($lang,0,2)=="fr") {
	126	$language ='fr_FR';
	127	}
	128	if (substr($lang,0,5)=="fr_LU") {
	129	$language ='fr_LU';
	130	}
	131	if (substr($lang,0,2)=="es") {
	132	$language ='es_ES';
	133	}
	134	if ($setlang && $language) {
	135	setcookie("lang",$lang);
	136	}
	137	/* Language*/
	138	putenv("LC_MESSAGES=$language");
	139	putenv("LANG=$language");
	140	putenv("LANGUAGE=$language");
	141	// this locale MUST be selected in "dpkg-reconfigure locales"
	142	setlocale(LC_ALL,$language);
	143	textdomain("alternc");
	144	}
	145
	146	$mem=new m_mem();
	147	$err=new m_err();
	148
	149	/* Check the User identity (if required) */
	150	if (!defined('NOCHECK')) {
	151	if (!$mem->checkid()) {
	152	$error=$err->errstr();
	153	include("index.php");
	154	exit();
	155	}
	156	}
	157
	158	for($i=0;$i<count($classes);$i++) {
	159	if ($classes[$i]!="mem" && $classes[$i]!="err") {
	160	$name2=$classes[$i];
	161	$name1="m_".$name2;
	162	$$name2= new $name1();
	163	}
	164	}
33	165
34	166	?>

bureau/class/config_nochk.php

r222	r446
1	1	<?php
2	2	/*
3		$Id: config_nochk.php,v 1.~~1 2004/05/19 14:23:06 benjamin~~ Exp $
	3	$Id: config_nochk.php,v 1.2 2004/11/04 06:56:49 anonymous Exp $
4	4	----------------------------------------------------------------------
5	5	AlternC - Web Hosting System
…	…
29	29	*/
30	30
31		~~$nocheck=1~~;
32		require_once("config~~_real~~.php");
	31	define('NOCHECK', 1);
	32	require_once("config.php");
33	33
34	34	?>

Navigation

Changeset 446

Legend:

bureau/class/config.php

bureau/class/config_nochk.php

Download in other formats: