Secure-Image is now alphanumeric.

2025-01-17 04:38:27 +01:00 · 2016-02-26 12:36:35 -08:00 · 2016-02-26 12:36:35 -08:00 · c2349c6876
commit c2349c6876
parent d295a434c3
3 changed files with 26 additions and 21 deletions
--- a/class2.php
+++ b/class2.php
@ -1264,26 +1264,28 @@ if(!isset($_E107['no_menus']))
 }

 // here we USE the theme
-if(e_ADMIN_AREA)
+if(!isset($_E107['no_theme']))
 {
-	if(file_exists(THEME.'admin_theme.php')&&(strpos(e_SELF.'?'.e_QUERY, $ADMIN_DIRECTORY.'menus.php?configure')===FALSE)) // no admin theme when previewing.
+	if(e_ADMIN_AREA)
 	{
-		require_once (THEME.'admin_theme.php');
+		if(file_exists(THEME.'admin_theme.php')&&(strpos(e_SELF.'?'.e_QUERY, $ADMIN_DIRECTORY.'menus.php?configure')===FALSE)) // no admin theme when previewing.
+		{
+			require_once (THEME.'admin_theme.php');
+		}
+		else
+		{
+			require_once (THEME.'theme.php');
+		}
 	}
 	else
 	{
 		require_once (THEME.'theme.php');
+		if(isset($SC_WRAPPER))
+		{
+			e107::scStyle($SC_WRAPPER);
+		}
 	}
 }
-else
-{
-	require_once (THEME.'theme.php');
-	if(isset($SC_WRAPPER))
-	{
-		e107::scStyle($SC_WRAPPER);
-	}
-}
-

 //----------------------------
 //	Load shortcode handler
--- a/e107_handlers/secure_img_handler.php
+++ b/e107_handlers/secure_img_handler.php
@ -49,18 +49,19 @@ class secure_image
 	 		return call_user_func($user_func);
 		}

-		$pref = e107::getPref();
+	//	$pref = e107::getPref();
 	//	$sql = e107::getDb();

-		mt_srand ((double)microtime() * 1000000);
-		$maxran = 1000000;
-		$rand_num = mt_rand(0, $maxran);
-		$datekey = date("r");
-		$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey));
-		$code = substr($rcode, 2, 6);
+	//	mt_srand ((double)microtime() * 1000000);
+	//	$maxran = 1000000;
+	//	$rand_num = mt_rand(0, $maxran);
+	//	$datekey = date("r");
+	//	$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey));
+	//	$code = substr($rcode, 2, 6);
 		$recnum = $this->random_number;
 	//	$del_time = time()+1200;
-	//	$sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'");
+
+		$code =e107::getUserSession()->generateRandomString('*****');

 		$_SESSION['secure_img'][$recnum] = $code;

--- a/e107_images/secimg.php
+++ b/e107_images/secimg.php
@ -26,6 +26,8 @@
 $_E107['no_online'] = true;
 $_E107['no_forceuserupdate'] = true;
 $_E107['no_menus'] = true;
+$_E107['no_maintenance'] = true;
+$_E107['no_theme'] = true;
 require_once("../class2.php");

 /*
@ -41,7 +43,7 @@ if(!isset($mySQLserver))
 }*/


-require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php"));
+// require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php"));

 require_once(e_HANDLER."secure_img_handler.php");