From c1be29ce359d054fa273fd56661d9900f88fa491 Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@tinyboard.org>
Date: Fri, 2 Dec 2011 15:11:13 +1100
Subject: [PATCH] ammended mod authentication system (no more $_SESSION)

---
 inc/mod.php | 111 ++++++++++++++++++++++++++++------------------------
 mod.php     |  16 +++++---
 post.php    |  12 +-----
 3 files changed, 71 insertions(+), 68 deletions(-)

diff --git a/inc/mod.php b/inc/mod.php
index 0b460a39..d7920a78 100644
--- a/inc/mod.php
+++ b/inc/mod.php
@@ -5,13 +5,24 @@
 		exit;
 	}
 	
-	// Creates a small random string for validating moderators' cookies
-	function mkhash($length=12) {
-		// The method here isn't really important,
-		// but I think this generates a relatively
-		// unique string that looks cool.
-		// If you choose to change this, make sure it cannot include a ':' character.
-		return substr(base64_encode(sha1(rand() . time(), true)), 0, $length);
+	// create a hash/salt pair for validate logins
+	function mkhash($username, $password, $salt = false) {
+		global $config;
+		
+		if(!$salt) {
+			// create some sort of salt for the hash
+			$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
+			
+			$generated_salt = true;
+		}
+		
+		// generate hash (method is not important as long as it's strong)
+		$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
+		
+		if(isset($generated_salt))
+			return Array($hash, $salt);
+		else
+			return $hash;
 	}
 	
 	function hasPermission($action = null, $board = null, $_mod = null) {
@@ -52,8 +63,7 @@
 				'id' => $user['id'],
 				'type' => $user['type'],
 				'username' => $username,
-				'password' => $password,
-				'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash(),
+				'hash' => mkhash($username, $password),
 				'boards' => explode(',', $user['boards'])
 				);
 		} else return false;
@@ -61,26 +71,22 @@
 	
 	function setCookies() {
 		global $mod, $config;
-		if(!$mod) error('setCookies() was called for a non-moderator!');
-		
-		// $config['cookies']['mod'] contains username:hash
-		setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
-		
-		// Put $mod in the session
-		$_SESSION['mod'] = $mod;
+		if(!$mod)
+			error('setCookies() was called for a non-moderator!');
 		
-		// Lock sessions to IP addresses
-		if($config['mod']['lock_ip'])
-			$_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR'];
+		setcookie($config['cookies']['mod'],
+				$mod['username'] . // username
+				':' . 
+				$mod['hash'][0] . // password
+				':' .
+				$mod['hash'][1], // salt
+			time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
 	}
 	
 	function destroyCookies() {
 		global $config;
 		// Delete the cookies
-		setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
-		
-		// Unset the session
-		unset($_SESSION['mod']);
+		setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
 	}
 	
 	function create_pm_header() {
@@ -112,33 +118,6 @@
 		$query->execute() or error(db_error($query));
 	}
 	
-	if(isset($_COOKIE[$config['cookies']['mod']]) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) {
-		// Should be username:session hash
-		$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
-		if(count($cookie) != 2) {
-			destroyCookies();
-			error($config['error']['malformed']);
-		}
-		
-		// Validate session
-		if(	$cookie[0] != $_SESSION['mod']['username'] ||
-			$cookie[1] != $_SESSION['mod']['hash']) {
-			// Malformed cookies
-			destroyCookies();
-			error($config['error']['malformed']);
-		}
-		
-		// Open connection
-		sql_open();
-		
-		// Check username/password
-		if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) {
-			destroyCookies();
-			error($config['error']['invalidafter']);
-		}
-		
-	}
-	
 	// Generates a <ul> element with a list of linked
 	// boards and their subtitles. (without the <ul> opening and ending tags)
 	function ulBoards() {
@@ -288,4 +267,34 @@
 		//}
 	}
 	
-?>
+	
+	// Validate session
+	
+	if(isset($_COOKIE[$config['cookies']['mod']])) {
+		// Should be username:hash:salt
+		$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+		if(count($cookie) != 3) {
+			destroyCookies();
+			error($config['error']['malformed']);
+		}
+		
+		$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1");
+		$query->bindValue(':username', $cookie[0]);
+		$query->execute() or error(db_error($query));
+		$user = $query->fetch();
+		
+		// validate password hash
+		if($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
+			// Malformed cookies
+			destroyCookies();
+			error($config['error']['malformed']);
+		}
+		
+		$mod = Array(
+			'id' => $user['id'],
+			'type' => $user['type'],
+			'username' => $cookie[0],
+			'boards' => explode(',', $user['boards'])
+		);
+	}
+
diff --git a/mod.php b/mod.php
index e44ecde2..34a540f7 100644
--- a/mod.php
+++ b/mod.php
@@ -171,8 +171,8 @@
 			if($mod['type'] >= ADMIN && $config['check_updates']) {
 				if(!$config['version'])
 					error('Could not find current version! (Check .installed)');
-				if(isset($_SESSION['update']) && time() - $_SESSION['update']['time'] < $config['check_updates_time']) {
-					$latest = unserialize($_SESSION['update']['latest']);
+				if(isset($_COOKIE['update'])) {
+					$latest = unserialize($_COOKIE['update']);
 				} else {
 					$ctx = stream_context_create(array( 
 						'http' => array(
@@ -208,7 +208,9 @@
 						// TODO: Display some sort of warning message
 						$latest = false;
 					}
-					$_SESSION['update'] = Array('time' => time(), 'latest' => serialize($latest));
+					
+					
+					setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
 				}
 				
 				if($latest) {
@@ -236,8 +238,7 @@
 				'title'=>_('Dashboard'),
 				'body'=>$body,
 				'__mod'=>true
-				)
-			);
+			));
 		} elseif(preg_match('/^\/logout$/', $query)) {
 			destroyCookies();
 			
@@ -1221,6 +1222,9 @@
 				
 					if($_mod['id'] == $mod['id']) {
 						// Changed own password. Update cookies
+						
+						login($mod['username'], $_POST['password']);
+						
 						setCookies();
 					}
 				}
@@ -2248,7 +2252,7 @@
 				
 				openBoard($targetBoard);
 				foreach($replies as &$post) {
-					var_dump(post($post, false));
+					post($post, false);
 					if($post['has_file']) {
 						$clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
 						$clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
diff --git a/post.php b/post.php
index 5dcc9424..c2466961 100644
--- a/post.php
+++ b/post.php
@@ -164,17 +164,6 @@
 		if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
 			error($config['error']['referer']);
 		
-		// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
-		// Find another anti-spam method.
-		
-		/*
-		// Check if he has a valid cookie.
-		if(!$user['valid']) error($config['error']['bot']);
-		
-		// Check how long he has been here.
-		if(time()-$user['appeared']<LURKTIME) error(ERROR_LURK);
-		*/
-		
 		checkDNSBL();
 			
 		// Check if board exists
@@ -597,6 +586,7 @@
 			
 		}
 		
+		
 		rebuildThemes('post');
 		header('Location: ' . $redirect, true, $config['redirect_http']);