mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 21:27:25 +02:00
Code Issues Releases Wiki Activity

Secure-Image is now alphanumeric.

Browse Source
This commit is contained in:
Cameron
2016-02-26 12:36:35 -08:00
parent d295a434c3
commit c2349c6876
3 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
class2.php
View File

@@ -1264,8 +1264,10 @@ if(!isset($_E107['no_menus']))
} }
// here we USE the theme // here we USE the theme
if(e_ADMIN_AREA) if(!isset($_E107['no_theme']))
{ {
if(e_ADMIN_AREA)
{
if(file_exists(THEME.'admin_theme.php')&&(strpos(e_SELF.'?'.e_QUERY, $ADMIN_DIRECTORY.'menus.php?configure')===FALSE)) // no admin theme when previewing. if(file_exists(THEME.'admin_theme.php')&&(strpos(e_SELF.'?'.e_QUERY, $ADMIN_DIRECTORY.'menus.php?configure')===FALSE)) // no admin theme when previewing.
{ {
require_once (THEME.'admin_theme.php'); require_once (THEME.'admin_theme.php');
@@ -1274,17 +1276,17 @@ if(e_ADMIN_AREA)
{ {
require_once (THEME.'theme.php'); require_once (THEME.'theme.php');
} }
} }
else else
{ {
require_once (THEME.'theme.php'); require_once (THEME.'theme.php');
if(isset($SC_WRAPPER)) if(isset($SC_WRAPPER))
{ {
e107::scStyle($SC_WRAPPER); e107::scStyle($SC_WRAPPER);
} }
}
} }
//---------------------------- //----------------------------
// Load shortcode handler // Load shortcode handler
//---------------------------- //----------------------------

17
e107_handlers/secure_img_handler.php
View File

@@ -49,18 +49,19 @@ class secure_image
return call_user_func($user_func); return call_user_func($user_func);
} }
$pref = e107::getPref(); // $pref = e107::getPref();
// $sql = e107::getDb(); // $sql = e107::getDb();
mt_srand ((double)microtime() * 1000000); // mt_srand ((double)microtime() * 1000000);
$maxran = 1000000; // $maxran = 1000000;
$rand_num = mt_rand(0, $maxran); // $rand_num = mt_rand(0, $maxran);
$datekey = date("r"); // $datekey = date("r");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey)); // $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey));
$code = substr($rcode, 2, 6); // $code = substr($rcode, 2, 6);
$recnum = $this->random_number; $recnum = $this->random_number;
// $del_time = time()+1200; // $del_time = time()+1200;
// $sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'");
$code =e107::getUserSession()->generateRandomString('*****');
$_SESSION['secure_img'][$recnum] = $code; $_SESSION['secure_img'][$recnum] = $code;

4
e107_images/secimg.php
View File

@@ -26,6 +26,8 @@
$_E107['no_online'] = true; $_E107['no_online'] = true;
$_E107['no_forceuserupdate'] = true; $_E107['no_forceuserupdate'] = true;
$_E107['no_menus'] = true; $_E107['no_menus'] = true;
$_E107['no_maintenance'] = true;
$_E107['no_theme'] = true;
require_once("../class2.php"); require_once("../class2.php");
/* /*
@@ -41,7 +43,7 @@ if(!isset($mySQLserver))
}*/ }*/
require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php")); // require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php"));
require_once(e_HANDLER."secure_img_handler.php"); require_once(e_HANDLER."secure_img_handler.php");