diff --git a/system/admin/admin.php b/system/admin/admin.php index 488dc0d..147a6ff 100644 --- a/system/admin/admin.php +++ b/system/admin/admin.php @@ -19,7 +19,7 @@ function session($user, $pass, $str = null) { if(file_exists($user_file)) { if($pass === $user_pass) { - $_SESSION['user'] = $user; + $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); } else { @@ -189,6 +189,7 @@ function add_page($title, $url, $content) { // Delete blog post function delete_post($file, $destination) { + if(!login()) return null; $deleted_content = $file; // Get cache file @@ -213,6 +214,7 @@ function delete_post($file, $destination) { // Delete static page function delete_page($file, $destination) { + if(!login()) return null; $deleted_content = $file; if (!empty($menu)) { @@ -322,7 +324,7 @@ function get_feed($feed_url, $credit, $message=null) { $tags = strip_tags(preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($entry->category))); $title = rtrim($entry->title, ' \,\.\-'); $title = ltrim($title, ' \,\.\-'); - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($title))); if ($credit == 'yes') { $source = $entry->link; @@ -341,8 +343,8 @@ function get_feed($feed_url, $credit, $message=null) { // Get recent posts by user function get_recent_posts() { - if (isset($_SESSION['user'])) { - $posts = get_profile($_SESSION['user'], 1, 5); + if (isset($_SESSION[config("site.url")]['user'])) { + $posts = get_profile($_SESSION[config("site.url")]['user'], 1, 5); if(!empty($posts)) { echo ''; echo ''; @@ -372,7 +374,7 @@ function get_recent_posts() { // Get all static pages function get_recent_pages() { - if (isset($_SESSION['user'])) { + if (isset($_SESSION[config("site.url")]['user'])) { $posts = get_static_post(null); if(!empty($posts)) { krsort($posts); @@ -402,7 +404,7 @@ function get_recent_pages() { // Get all available zip files function get_backup_files () { - if (isset($_SESSION['user'])) { + if (isset($_SESSION[config("site.url")]['user'])) { $files = get_zip_files(); if(!empty($files)) { krsort($files); diff --git a/system/admin/views/add-page.html.php b/system/admin/views/add-page.html.php index c0412cc..5875bee 100644 --- a/system/admin/views/add-page.html.php +++ b/system/admin/views/add-page.html.php @@ -13,6 +13,7 @@


+ diff --git a/system/admin/views/add-post.html.php b/system/admin/views/add-post.html.php index 4c62a1b..c0f9eae 100644 --- a/system/admin/views/add-post.html.php +++ b/system/admin/views/add-post.html.php @@ -14,6 +14,7 @@


+ diff --git a/system/admin/views/delete-page.html.php b/system/admin/views/delete-page.html.php index 5db0fd6..99aafa8 100644 --- a/system/admin/views/delete-page.html.php +++ b/system/admin/views/delete-page.html.php @@ -27,6 +27,7 @@ Are you sure want to delete ' . $p->title . '?

';?>
+ Cancel \ No newline at end of file diff --git a/system/admin/views/delete-post.html.php b/system/admin/views/delete-post.html.php index 13e16bf..63989cf 100644 --- a/system/admin/views/delete-post.html.php +++ b/system/admin/views/delete-post.html.php @@ -34,6 +34,7 @@ Are you sure want to delete ' . $p->title . '?

';?>
+ Cancel \ No newline at end of file diff --git a/system/admin/views/edit-page.html.php b/system/admin/views/edit-page.html.php index 9a4c17e..58a0009 100644 --- a/system/admin/views/edit-page.html.php +++ b/system/admin/views/edit-page.html.php @@ -45,6 +45,7 @@

+ Delete diff --git a/system/admin/views/edit-post.html.php b/system/admin/views/edit-post.html.php index 6cc9eb5..8429d1f 100644 --- a/system/admin/views/edit-post.html.php +++ b/system/admin/views/edit-post.html.php @@ -60,6 +60,7 @@

+ Delete diff --git a/system/admin/views/edit-profile.html.php b/system/admin/views/edit-profile.html.php index 6169d7d..e995dc7 100644 --- a/system/admin/views/edit-profile.html.php +++ b/system/admin/views/edit-profile.html.php @@ -1,7 +1,7 @@ *



+ diff --git a/system/admin/views/import.html.php b/system/admin/views/import.html.php index 28da33f..b402de1 100644 --- a/system/admin/views/import.html.php +++ b/system/admin/views/import.html.php @@ -6,5 +6,6 @@ Feed Url *


Add source link (optional)

+ \ No newline at end of file diff --git a/system/admin/views/login.html.php b/system/admin/views/login.html.php index e5d3d0b..cc97d9f 100644 --- a/system/admin/views/login.html.php +++ b/system/admin/views/login.html.php @@ -8,6 +8,7 @@

Password *


+ \ No newline at end of file diff --git a/system/admin/views/logout.html.php b/system/admin/views/logout.html.php index a8b9c93..314be7f 100644 --- a/system/admin/views/logout.html.php +++ b/system/admin/views/logout.html.php @@ -1,6 +1,6 @@ Password field is required.'; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); @@ -156,7 +161,7 @@ get('/:year/:month/:name/edit', function($year, $month, $name){ if(login()) { - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $role = user('role', $user); config('views.root', 'system/admin/views'); @@ -193,6 +198,8 @@ get('/:year/:month/:name/edit', function($year, $month, $name){ // Get edited data for blog post post('/:year/:month/:name/edit', function() { + + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); $title = from($_REQUEST, 'title'); $tag = from($_REQUEST, 'tag'); @@ -200,7 +207,7 @@ post('/:year/:month/:name/edit', function() { $content = from($_REQUEST, 'content'); $oldfile = from($_REQUEST, 'oldfile'); $destination = from($_GET, 'destination'); - if(!empty($title) && !empty($tag) && !empty($content)) { + if($proper && !empty($title) && !empty($tag) && !empty($content)) { if(!empty($url)) { edit_post($title, $tag, $url, $content, $oldfile, $destination); } @@ -220,6 +227,9 @@ post('/:year/:month/:name/edit', function() { if (empty($content)) { $message['error'] .= '
  • Content field is required.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); render('edit-post',array( @@ -242,7 +252,7 @@ get('/:year/:month/:name/delete', function($year, $month, $name){ if(login()) { - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $role = user('role', $user); config('views.root', 'system/admin/views'); @@ -280,10 +290,13 @@ get('/:year/:month/:name/delete', function($year, $month, $name){ // Get deleted data for blog post post('/:year/:month/:name/delete', function() { - $file = from($_REQUEST, 'file'); - $destination = from($_GET, 'destination'); - delete_post($file, $destination); - + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + if($proper) + { + $file = from($_REQUEST, 'file'); + $destination = from($_GET, 'destination'); + delete_post($file, $destination); + } }); // The author page @@ -356,11 +369,13 @@ get('/edit/profile', function(){ // Get edited data for static page post('/edit/profile', function() { - - $user = $_SESSION['user']; + + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + + $user = $_SESSION[config("site.url")]['user']; $title = from($_REQUEST, 'title'); $content = from($_REQUEST, 'content'); - if(!empty($title) && !empty($content)) { + if($proper && !empty($title) && !empty($content)) { edit_profile($title, $content, $user); } else { @@ -371,6 +386,9 @@ post('/edit/profile', function() { if (empty($content)) { $message['error'] .= '
  • Content field is required.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); render('edit-profile',array( @@ -387,7 +405,7 @@ post('/edit/profile', function() { get('/admin/posts', function () { - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $role = user('role', $user); if(login()) { @@ -449,7 +467,7 @@ get('/admin/mine', function(){ config('views.root', 'system/admin/views'); - $profile = $_SESSION['user']; + $profile = $_SESSION[config("site.url")]['user']; $page = from($_GET, 'page'); $page = $page ? (int)$page : 1; @@ -627,13 +645,14 @@ get('/:static/edit', function($static){ // Get edited data for static page post('/:static/edit', function() { - + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + $title = from($_REQUEST, 'title'); $url = from($_REQUEST, 'url'); $content = from($_REQUEST, 'content'); $oldfile = from($_REQUEST, 'oldfile'); $destination = from($_GET, 'destination'); - if(!empty($title) && !empty($content)) { + if($proper && !empty($title) && !empty($content)) { if(!empty($url)) { edit_page($title, $url, $content, $oldfile, $destination); } @@ -650,6 +669,9 @@ post('/:static/edit', function() { if (empty($content)) { $message['error'] .= '
  • Content field is required.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); render('edit-page',array( @@ -697,10 +719,13 @@ get('/:static/delete', function($static){ // Get deleted data for static page post('/:static/delete', function() { - $file = from($_REQUEST, 'file'); - $destination = from($_GET, 'destination'); - delete_page($file, $destination); - + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + if($proper) + { + $file = from($_REQUEST, 'file'); + $destination = from($_GET, 'destination'); + delete_page($file, $destination); + } }); // Add blog post @@ -725,12 +750,14 @@ get('/add/post', function(){ // Get submitted blog post data post('/add/post', function(){ + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + $title = from($_REQUEST, 'title'); $tag = from($_REQUEST, 'tag'); $url = from($_REQUEST, 'url'); $content = from($_REQUEST, 'content'); - $user = $_SESSION['user']; - if(!empty($title) && !empty($tag) && !empty($content)) { + $user = $_SESSION[config("site.url")]['user']; + if($proper && !empty($title) && !empty($tag) && !empty($content)) { if(!empty($url)) { add_post($title, $tag, $url, $content, $user); } @@ -750,6 +777,9 @@ post('/add/post', function(){ if (empty($content)) { $message['error'] .= '
  • Content field is required.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); render('add-post',array( 'head_contents' => head_contents('Add post - ' . blog_title(), blog_description(), site_url()), @@ -787,10 +817,12 @@ get('/add/page', function(){ // Get submitted static page data post('/add/page', function(){ + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); + $title = from($_REQUEST, 'title'); $url = from($_REQUEST, 'url'); $content = from($_REQUEST, 'content'); - if(!empty($title) && !empty($content)) { + if($proper && !empty($title) && !empty($content)) { if(!empty($url)) { add_page($title, $url, $content); } @@ -807,6 +839,9 @@ post('/add/page', function(){ if (empty($content)) { $message['error'] .= '
  • Content field is required.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); render('add-page',array( 'head_contents' => head_contents('Add page - ' . blog_title(), blog_description(), site_url()), @@ -840,6 +875,8 @@ get('/admin/import',function(){ // Get import post post('/admin/import', function() { + + $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); $url = from($_REQUEST, 'url'); $credit = from($_REQUEST, 'credit'); @@ -865,6 +902,9 @@ post('/admin/import', function() { if(empty($url)) { $message['error'] .= '
  • You need to specify the feed url.
    • '; } + if(! $proper ) { + $message['error'] .= '
  • CSRF Token not correct.
    • '; + } config('views.root', 'system/admin/views'); diff --git a/system/includes/functions.php b/system/includes/functions.php index 17ec99c..1644e78 100644 --- a/system/includes/functions.php +++ b/system/includes/functions.php @@ -894,7 +894,7 @@ function get_thumbnail($text) { // Return edit tab on post function tab($p) { - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $role = user('role', $user); if(isset($p->author)) { if ($user === $p->author || $role === 'admin') { @@ -1669,7 +1669,7 @@ function head_contents($title, $description, $canonical) { // Return toolbar function toolbar() { - $user = $_SESSION['user']; + $user = $_SESSION[config("site.url")]['user']; $role = user('role', $user); $base = site_url(); @@ -1702,4 +1702,27 @@ function file_cache($request) { readfile($cachefile); die; } +} + +function generate_csrf_token() +{ + $_SESSION[config("site.url")]['csrf_token'] = sha1(microtime(true).mt_rand(10000,90000)); +} + +function get_csrf() +{ + if(! isset($_SESSION[config("site.url")]['csrf_token']) || empty($_SESSION[config("site.url")]['csrf_token'])) + { + generate_csrf_token(); + } + return $_SESSION[config("site.url")]['csrf_token']; +} + +function is_csrf_proper($csrf_token) +{ + if($csrf_token == get_csrf()) + { + return true; + } + return false; } \ No newline at end of file diff --git a/system/includes/session.php b/system/includes/session.php index 8aa8c5a..e498bdc 100644 --- a/system/includes/session.php +++ b/system/includes/session.php @@ -4,7 +4,7 @@ session_start(); function login() { - if(isset($_SESSION['user']) && !empty($_SESSION['user'])) { + if(isset($_SESSION[config("site.url")]['user']) && !empty($_SESSION[config("site.url")]['user'])) { return true; } else {
    TitlePublishedTagOperations