RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

little more cleanup

Browse Source 
put version check/config check after sessions/rate limiter so it works correctly & only uses 1 db hit
This commit is contained in:
xisi 2014-01-29 09:16:03 -05:00
parent 568445845a
commit f298c60260
6 changed files with 14 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/include/admin_checks.php
View File

@ -104,9 +104,9 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
// salts too short -> notice, salts default -> error
if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
$error[] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u>";
$error[] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u> changing them will require registering again";
} else {
$notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.";
$notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again";
}
}

7
public/include/autoloader.inc.php
View File

@ -68,11 +68,4 @@ require_once(CLASS_DIR . '/api.class.php');
require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php');
require_once(INCLUDE_DIR . '/lib/scrypt.php');
// Include our versions
require_once(INCLUDE_DIR . '/version.inc.php');
if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA']['id'])) {
include_once(INCLUDE_DIR . '/admin_checks.inc.php');
}
?>

1
public/include/config/global.inc.dist.php
View File

@ -13,7 +13,6 @@ $config['version'] = '0.0.7';
*/
$config['skip_config_tests'] = false;
/**
* Defines
* Debug setting and salts for hashing passwords

2
public/include/config/security.inc.dist.php
View File

@ -53,7 +53,7 @@ $config['twofactor']['options']['changepw'] = true;
/**
* Lock account after X
* Lock accounts after X attempts
* Lock accounts after X invalid logins or pins
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-lock-accounts-after-failed-logins
**/
$config['maxfailed']['login'] = 3;

9
public/include/version.inc.php
View File

@ -9,12 +9,9 @@ define('CONFIG_VERSION', '0.0.7');
$db_version = $setting->getValue('DB_VERSION');
if ($db_version != DB_VERSION) {
// Notify admins via error popup
if (isset($_SESSION['USERDATA']) && $user->isAdmin($_SESSION['USERDATA']['id']))
$_SESSION['POPUP'][] = array('CONTENT' => 'Database version mismatch (Installed: ' . $db_version . ', Current: ' . DB_VERSION . '). Database update required, please import any new SQL files. Cronjobs have been halted.', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Database version mismatch (Installed: ' . $db_version . ', Current: ' . DB_VERSION . '). Database update required, please import any new SQL files. Cronjobs have been halted.', 'TYPE' => 'errormsg');
}
if (@$config['version'] != CONFIG_VERSION) {
if (@$config['version'] !== CONFIG_VERSION) {
// Notify admins via error popup
if (isset($_SESSION['USERDATA']) && $user->isAdmin($_SESSION['USERDATA']['id']))
$_SESSION['POPUP'][] = array('CONTENT' => 'Configuration file version mismatch (Installed: ' . @$config['version'] . ', Current: ' . CONFIG_VERSION . '). Configuration update required, please check dist config for changes. Cronjobs have been halted.', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Configuration file version mismatch (Installed: ' . @$config['version'] . ', Current: ' . CONFIG_VERSION . '). Configuration update required, please check dist config for changes. Cronjobs have been halted.', 'TYPE' => 'errormsg');
}

13
public/index.php
View File

@ -72,7 +72,6 @@ if ($config['memcache']['enabled'] && $config['strict']) {
}
@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
}
// Rate limiting
if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
$skip_check = false;
@ -116,7 +115,8 @@ if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $conf
}
}
// Got past rate limiter and session manager, show last logged in popup if it's still set
// Got past rate limiter and session manager
// show last logged in popup if it's still set
if (@$_GET['clp'] == 1 && @$_SESSION['last_ip_pop']) unset($_SESSION['last_ip_pop']);
if (count(@$_SESSION['last_ip_pop']) == 2) {
$data = $_SESSION['last_ip_pop'];
@ -130,9 +130,12 @@ if (count(@$_SESSION['last_ip_pop']) == 2) {
}
}
// Quick config check
if (@$_SESSION['USERDATA']['is_admin'] && !@$config['skip_config_tests']) {
require_once(INCLUDE_DIR. '/admin_checks.php');
// version check and config check if not disabled
if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA']['id'])) {
require_once(INCLUDE_DIR . '/version.inc.php');
if (!@$config['skip_config_checks']) {
require_once(INCLUDE_DIR . '/admin_checks.php');
}
}
// Create our pages array from existing files