Index du Forum » » Sécurité
Auteur
[Résolu] - Correctif AntiSpamBots
xgonin
709      
 

  Posté : 06-07-2006 23:50

Hello à tous !

Je me suis permis de corriger le hack de Neo_machine, auquel il manquait la sécurité lors d'une réponse à un sujet existant, même en session admin, par l'appel du fichier replyH.php.

Voilà le code de ce fichier corrigé, à votre guise de l'analyser et de me dire si les corrections sont correctes ou pas (Neo est averti par MP de cette correction).

Code :

<?php

/************************************************************************/ br />
/* NPDS V : Net Portal Dynamic System . */

/* =========================== */

/* */

/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */

/* http://phpnuke.org */

/* */

/* This version name NPDS Copyright (c) 2001-2004 */

/* Great mods by snipe */

/* */

/* ========================= */

/* Based on Parts of phpBB */

/* */

/* This program is free software. You can redistribute it and/or modify */

/* it under the terms of the GNU General Public License as published by */

/* the Free Software Foundation; either version 2 of the License. */

/************************************************************************/ br />
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}

!include!('functions.php');

// ##### ==> AntiSpamBots

!include! ("antispambots.php");

// ##### ==> AntiSpamBots

if ($SuperCache) {

$cache_obj = new cacheManager();

}

!include!('auth.php');

global $pdst; $pdst="0";

if ($cancel) {

header("Location: viewtopic.php?topic=$topic&forum=$forum");

}



$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);

if (!$rowQ1)

forumerror('0001');

list(,$myrow) = each($rowQ1);

$forum_name = $myrow[forum_name];

$forum_access = $myrow[forum_access];

$forum_type=$myrow[forum_type];

$mod=$myrow[forum_moderator];



if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {

header("Location: forum.php");

}

if ($forum_access==9) {

header("Location: forum.php");

}

if (is_locked($topic)) {

forumerror('0025');

}

if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {

forumerror('0026');

}



if ($submitS) {

// ##### ==> AntiSpamBots

global $question, $anti_spam_bots, $redir;

AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

if ($message=='') $stop=1;

if (!$user) {

if ($forum_access==0) {

$userdata = array("uid" => 1);

!include!("header.php");

} else {

if (($username=="") or ($password=="")) {

forumerror('0027');

} else {

$result = mysql_query("select pass FROM users WHERE uname='$username'");

list($pass) = mysql_fetch_row($result);

if (!$system) {

$passwd=crypt($password,$pass);

} else {

$passwd=$password;

}

if ((strcmp($passwd,$pass)==0) and ($pass != "")) {

$userdata = get_userdata($username);

!include!("header.php");

} else {

forumerror('0028');

}

$modo=user_is_moderator($username,$pass,$forum_access);

if ($forum_access==2) {

if (!$modo)

forumerror('0027');

}

}

}

} else {

$userX = base_64_decode($user);

$userdata = explode(":", $userX);

$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);

if ($forum_access==2) {

if (!$modo)

forumerror('0027');

}

$userdata = get_userdata($userdata[1]);

!include!("header.php");

}



// Either valid user/pass, or valid session. continue with post.

if ($stop != 1) {

$poster_ip = getip();

if ($dns_verif)

$hostname=@gethostbyaddr($poster_ip);



anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);



if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);

if ($sig && $userdata[uid] != 1) $message .= "

Xav
www.xgonin.ch";

if (($forum_type!="6") and ($forum_type!="5")) {

$message = aff_code($message);

$message = str_replace("\n", "
", $message);

}

if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {

$message = smile($message);

}

if (($forum_type!="6") and ($forum_type!="5")){

$message = make_clickable($message);

$message = removeHack($message);

}

$image_subject=removeHack($image_subject);

$message = addslashes($message);

$time = date("Y-m-d H:i:s",time()+($gmt*3600));

$sql = "INSERT INTO posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname')";

if (!$result = mysql_query($sql)) {

forumerror('0020');

} else {

$IdPost=mysql_insert_id();

}

$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";

if (!$result = mysql_query($sql)) {

forumerror('0020');

}

$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";

if (!$r = mysql_query($sql)) {

forumerror('0001');

}



$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";

$result = mysql_query($sql);

if (!$result) {

forumerror('0029');

}

$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";

if (!$result = mysql_query($sql)) {

forumerror('0022');

}

$m = mysql_fetch_array($result);

if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {

!include!_once("language/lang-multi.php");

$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");

list($title_topic)=mysql_fetch_row($resultZ);

$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");

$message = $m[uname]."\r\n";

$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";

$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";

$message .= "$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start=9999\r\n";

!include!("signat.php");

if (!$system) {

send_email($m[email], $subject, $message, "", true, "text");

$sauf=$m[uid];

}

}

global $subscribe;

if ($subscribe) {

if (subscribe_query($userdata[uid],"forum",$forum)) {

$sauf=$userdata[uid];

}

subscribe_mail("forum",$topic,$forum,"",$sauf);

}

if ($upload) {

!include!("modules/upload/upload_forum.php");

win_upload("forum_npds",$IdPost,$forum,$topic,"win");

redirect_!url(!"viewtopic.php?forum=$forum&topic=$topic&start=9999");

die();

}

redirect_!url(!"viewforum.php?forum=$forum");

} else {

OpenTable();

echo "

".translate("You must type a message to post.")."

";

echo "[ ".translate("Go Back")." ]

";

CloseTable();

}

} else {

!include!('header.php');

if ($allow_bbcode==1) {

!include!("lib/formhelp.java.php");

}



list($topic_title, $topic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));

$userX = base_64_decode($user);

$userdata = explode(":", $userX);

$moderator = get_moderator($mod);

$moderator=explode(" ",$moderator);

$Mmod=false;

echo "
\n";

echo "".translate("Moderated By: ")."";

for ($i = 0; $i < count($moderator); $i++) {

echo "$moderator[$i] ";

if (($userdata[1]==$moderator[$i])) { $Mmod=true;}

}

echo "

";

echo "".translate("Post Reply in Topic:")."";

echo " ".stripslashes($forum_name)."  |  ";

echo "".translate("Forum Index")."\n";

echo "
";

echo "
";

echo "";

echo "";

if ($forum_access == 0) {

echo "";

} else if($forum_access == 1) {

echo "";

} else if($forum_access == 2) {

echo "";

}

echo "";

$allow_to_reply=false;

if ($forum_access==0) {

$allow_to_reply=true;

} elseif ($forum_access==1) {

if (isset($user)) {

$allow_to_reply=true;

}

} elseif ($forum_access==2) {

if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {

$allow_to_reply=true;

}

}

if ($topic_status!=0)

$allow_to_reply=false;



if ($allow_to_reply) {

if ($submitP) {

// ##### ==> AntiSpamBots

global $question, $anti_spam_bots, $redir;

AntiSpamBots::reponse($question, $anti_spam_bots);

// ##### ==> AntiSpamBots

$acc = "reply";

$message=stripslashes($message);

echo "";

} else {

$message='';

}

echo "";

echo "";

echo "";

if ($smilies) {

echo "



";

}

echo "";

echo "";

if ($allow_bbcode==1)

$xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';

echo "";

echo "";

echo "";

echo "";

} else {

echo "";

echo "";

echo "";

}

echo "
".translate("About Posting:")."
".translate("Anonymous users can post new topics and replies in this forum.")." ".translate("All registered users can post new topics and replies to this forum.")." ".translate("Only Moderators can post new topics and replies in this forum.")."
";

!include! ("preview.php");

echo "
".translate("Nickname: ")." ";

echo $userdata[1];

echo "
".translate("Message Icon: ")." ";

echo emotion_add($image_subject);

echo "
".translate("Message: ")."

";

echo "";

echo "HTML : ";

if ($allow_html==1) {

echo translate("On")."
";

echo HTML_Add($allow_forum_hide);

} else

echo translate("Off")."
";

if ($citation && !$submitP) {

$sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";

if ($r = mysql_query($sql)) {

$m = mysql_fetch_array($r);

$text = $m[post_text];

if (($forum_type!="6") and ($forum_type!="5")) {

$text = smile($text);

$text = str_replace("
", "\n", $text);

} else {

$text = htmlspecialchars($text);

}

$text = stripslashes($text);

if ($m[post_time]!="" && $m[uname]!="") {

$reply = "
".translate("Quote")." : $m[uname] \n\n$text \n
";

} else {

$reply = $text."\n";

}

$reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);

} else {

$reply = translate("Error Connecting to DB")."\n";

}

}

if (!$reply) {$reply=$message;}

echo "
";

if ($allow_bbcode == 1)

putitems();

echo "
".translate("Options: ")." ";

if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {

if ($html == "on") {

$sethtml = "checked";

}

echo "".translate("Disable HTML on this Post")."
";

}

if ($user) {

if ($allow_sig == 1||$sig == "on") {

$asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");

list($attachsig) = mysql_fetch_row($asig);

if ($attachsig == 1) {

$s = "checked";

}

if (($forum_type!="6") and ($forum_type!="5")) {

echo "".translate("Show signature")." (".translate("This can be altered or added in your profile").")
";

}

}

if ($allow_upload_forum) {

if ($upload == "on") {

$up = "checked";

}

echo "".translate("Upload file after send accepted")."
";

}

}

echo "
";

echo "";

echo "";

// ##### ==> AntiSpamBots

AntiSpamBots::question();

AntiSpamBots::field();

// ##### ==> AntiSpamBots

echo "
 ";

echo "  ";

echo "  ";

echo " 

";

echo "
".translate("You are not allowed to reply in this forum")."
";

if ($allow_to_reply) {

echo "";

echo "";

if ($Mmod) {

$post_aff="";

} else {

$post_aff=" and post_aff='1' ";

}

$sql = "SELECT * FROM posts WHERE topic_id='$topic'".$post_aff."ORDER BY post_id DESC limit 0,10";

if (!$result = mysql_query($sql))

forumerror('0001');

$myrow = mysql_fetch_array($result);

$count=0;

do {

$rowcolor=tablos();

$posterdata = get_userdata_from_id($myrow[poster_id]);

echo "";

echo "";

$count++;

} while($myrow = mysql_fetch_array($result));

echo "
".translate("Topic Review")."
";

if ($posterdata[uname]!=$anonymous) {

echo "$posterdata[uname]";

} else {

echo $posterdata[uname];

}

echo "
";

$posts = $posterdata[posts];

echo member_qualif($posterdata[uname], $posts, $posterdata[rank]);

echo "

";

if ($smilies) {

if ($posterdata[user_avatar] != '') {

if (stristr($posterdata[user_avatar],"users_private")) {

$imgtmp=$posterdata[user_avatar];

} else {

if ($ibid=theme_image("forum/avatar/$posterdata[user_avatar]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/avatar/$posterdata[user_avatar]";}

}

echo "
\"".$posterdata[uname]."\"
";

}

}



echo "		";

echo "";

echo "
";



if ($myrow[image] != "") {

if ($ibid=theme_image("forum/subject/$myrow[image]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/subject/$myrow[image]";}

echo "\"\"";

} else {

if ($ibid=theme_image("forum/subject/icons/posticon.gif")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/icons/posticon.gif";}

echo "\"\"";

}

echo " ".translate("Posted: ").convertdate($myrow[post_time]);

echo "
";

$message = stripslashes($myrow[post_text]);

if ($allow_bbcode==1) {

$message = Smilie($message);

}

if ($allow_forum_hide) {

$show_hide = false;

if ($Mmod!=true) {

$sqlH = "Select count(*) from posts where topic_id = $topic and poster_id = $userdata[0]";

$resultH = @mysql_result(@mysql_query($sqlH),0,0);

if ($resultH>0) {

$show_hide = true;

}

} else {

$show_hide = true;

}

$message = control_hide_post($message,$show_hide);

}

//
if (stristr($message,"
$message=eregi_replace("_blank\"", "_blank\" class=\"NOIR\"", $message);

}

$message=split_string_without_space($message, 80);

if (($forum_type=="6") or ($forum_type=="5")) {

highlight_string(stripslashes($myrow[post_text]))."

";

} else {

$message = str_replace("

Xav
www.xgonin.ch", "

" . nl2br($posterdata[user_sig]), $message);

echo $message."
";

}

echo "
";

echo "
";

}

}

!include!('footer.php');

?>

Message édité par : xgonin / 07-07-2006 00:50



Cet article provient de NPDS

http://www.npds.org/viewtopic.php?topic=20839&forum=12