# HG changeset patch # User Dan # Date 1195883603 18000 # Node ID b2f985e4cef3501b1d7b948b2d717068861930c7 # Parent 7846d45bd2509a3a02a59a98390458d8f12857bc Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added diff -r 7846d45bd250 -r b2f985e4cef3 includes/common.php --- a/includes/common.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/common.php Sat Nov 24 00:53:23 2007 -0500 @@ -54,16 +54,18 @@ die(__FILE__.':'.__LINE__.': The debugConsole requires PHP 5.x.x or greater. Please comment out the ENANO_DEBUG constant in your index.php.'); } +/* if(defined('ENANO_DEBUG')) { require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php'); } else { +*/ function dc_here($m) { return false; } function dc_dump($a, $g) { return false; } function dc_watch($n) { return false; } function dc_start_timer($u) { return false; } function dc_stop_timer($m) { return false; } -} +//} if ( file_exists( ENANO_ROOT . '/_nightly.php') ) require(ENANO_ROOT.'/_nightly.php'); diff -r 7846d45bd250 -r b2f985e4cef3 includes/dbal.php --- a/includes/dbal.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/dbal.php Sat Nov 24 00:53:23 2007 -0500 @@ -27,18 +27,21 @@ case E_WARNING: case E_USER_WARNING: case E_CORE_WARNING: case E_COMPILE_WARNING: $errtype = 'Warning'; break; } $debug = debug_backtrace(); - $debug = $debug[2]['file'] . ', line ' . $debug[2]['line']; + if ( !isset($debug[0]['file']) ) + return false; + $debug = $debug[0]['file'] . ', line ' . $debug[0]['line']; echo "$errtype: $errstr
Error source:
$debug
"; } class mysql { - var $num_queries, $query_backtrace, $latest_result, $latest_query, $_conn, $sql_stack_fields, $sql_stack_values; + var $num_queries, $query_backtrace, $query_times, $query_sources, $latest_result, $latest_query, $_conn, $sql_stack_fields, $sql_stack_values, $debug; var $row = array(); var $rowset = array(); var $errhandler; function enable_errorhandler() { + // echo "DBAL: enabling error handler
"; if ( function_exists('debug_backtrace') ) { $this->errhandler = set_error_handler('db_error_handler'); @@ -47,6 +50,7 @@ function disable_errorhandler() { + // echo "DBAL: disabling error handler
"; if ( $this->errhandler ) { set_error_handler($this->errhandler); @@ -57,14 +61,9 @@ } } - function sql_backtrace() { - $qb = explode("\n", $this->query_backtrace); - $bt = ''; - //for($i=sizeof($qb)-1;$i>=0;$i--) { - for($i=0;$iquery_backtrace); } function ensure_connection() @@ -170,9 +169,13 @@ } // Reset some variables - $this->query_backtrace = ''; + $this->query_backtrace = array(); + $this->query_times = array(); + $this->query_sources = array(); $this->num_queries = 0; + $this->debug = ( defined('ENANO_DEBUG') ); + dc_here('dbal: we\'re in, selecting database...'); $q = $this->sql_query('USE `'.$dbname.'`;'); @@ -189,8 +192,27 @@ function sql_query($q) { $this->enable_errorhandler(); + + if ( $this->debug && function_exists('debug_backtrace') ) + { + $backtrace = @debug_backtrace(); + if ( is_array($backtrace) ) + { + $bt = $backtrace[0]; + if ( isset($backtrace[1]['class']) ) + { + if ( $backtrace[1]['class'] == 'sessionManager' ) + { + $bt = $backtrace[1]; + } + } + $this->query_sources[$q] = substr($bt['file'], strlen(ENANO_ROOT) + 1) . ', line ' . $bt['line']; + } + unset($backtrace); + } + $this->num_queries++; - $this->query_backtrace .= $q . "\n"; + $this->query_backtrace[] = $q; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); // First make sure we have a connection @@ -205,7 +227,9 @@ grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $time_start = microtime_float(); $r = mysql_query($q, $this->_conn); + $this->query_times[$q] = microtime_float() - $time_start; $this->latest_result = $r; $this->disable_errorhandler(); return $r; @@ -214,8 +238,9 @@ function sql_unbuffered_query($q) { $this->enable_errorhandler(); + $this->num_queries++; - $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n"; + $this->query_backtrace[] = '(UNBUFFERED) ' . $q; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); // First make sure we have a connection @@ -230,7 +255,9 @@ grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $time_start = microtime_float(); $r = mysql_unbuffered_query($q, $this->_conn); + $this->query_times[$q] = microtime_float() - $time_start; $this->latest_result = $r; $this->disable_errorhandler(); return $r; @@ -681,6 +708,70 @@ return false; } } + /** + * Generates and outputs a report of all the SQL queries made during execution. Should only be called after everything's over with. + */ + + function sql_report() + { + global $db, $session, $paths, $template, $plugins; // Common objects + if ( !$session->get_permissions('mod_misc') ) + { + die_friendly('Access denied', '

You are not authorized to generate a SQL backtrace.

'); + } + // Create copies of variables that may be changed after header is called + $backtrace = $this->query_backtrace; + $times = $this->query_times; + $template->header(); + echo '

SQL query log and timetable

'; + echo '
+ '; + $i = 0; + foreach ( $backtrace as $query ) + { + $i++; + $unbuffered = false; + if ( substr($query, 0, 13) == '(UNBUFFERED) ' ) + { + $query = substr($query, 13); + $unbuffered = true; + } + if ( $i == 1 ) + { + echo ' + + '; + } + else + { + echo ' + + '; + } + echo ' + + + + + + + + + + + '; + if ( isset($this->query_sources[$query]) ) + { + echo ' + + + '; + } + } + echo '
SQL backtrace for a normal page load of ' . htmlspecialchars($paths->cpage['urlname']) . '
 
Query:
' . htmlspecialchars($query) . '
Time:' . number_format($this->query_times[$query], 6) . ' seconds
Unbuffered:' . ( $unbuffered ? 'Yes' : 'No' ) . '
Called from:' . $this->query_sources[$query] . '
+
'; + $template->footer(); + } } ?> diff -r 7846d45bd250 -r b2f985e4cef3 includes/pageprocess.php --- a/includes/pageprocess.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/pageprocess.php Sat Nov 24 00:53:23 2007 -0500 @@ -166,13 +166,16 @@ $this->send_headers = false; $strict_no_headers = true; } - if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') ) + if ( isset($paths->pages[$pathskey]['password']) ) { - $password =& $paths->pages[$pathskey]['password']; - if ( $this->password != $password ) + if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') ) { - $this->err_wrong_password(); - return false; + $password =& $paths->pages[$pathskey]['password']; + if ( $this->password != $password ) + { + $this->err_wrong_password(); + return false; + } } } } diff -r 7846d45bd250 -r b2f985e4cef3 includes/paths.php --- a/includes/paths.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/paths.php Sat Nov 24 00:53:23 2007 -0500 @@ -118,7 +118,8 @@ eval($cmd); } - $e = $db->sql_query('SELECT name,urlname,namespace,special,visible,comments_on,protected,delvotes,delvote_ips,wiki_mode,password FROM '.table_prefix.'pages ORDER BY name;'); + $e = $db->sql_query('SELECT name,urlname,namespace,special,visible,comments_on,protected,delvotes,' . "\n" + . ' delvote_ips,wiki_mode,password FROM '.table_prefix.'pages ORDER BY name;'); if( !$e ) { $db->_die('The error seems to have occured while selecting the page information. File: includes/paths.php; line: '.__LINE__); diff -r 7846d45bd250 -r b2f985e4cef3 includes/rijndael.php --- a/includes/rijndael.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/rijndael.php Sat Nov 24 00:53:23 2007 -0500 @@ -16,10 +16,13 @@ define ('ENC_BASE64', 202); define ('ENC_BINARY', 203); +$_aes_objcache = array(); + class AESCrypt { var $debug = false; var $mcrypt = false; + var $decrypt_cache = array(); // Rijndael parameters -- Valid values are 128, 192, or 256 @@ -128,6 +131,18 @@ $this->debug = $debug; } + function singleton($key_size, $block_size) + { + global $_aes_objcache; + if ( isset($_aes_objcache["$key_size,$block_size"]) ) + { + return $_aes_objcache["$key_size,$block_size"]; + } + + $_aes_objcache["$key_size,$block_size"] = new AESCrypt($key_size, $block_size); + return $_aes_objcache["$key_size,$block_size"]; + } + // Error handler function trigger_error($text, $level = E_USER_NOTICE) @@ -804,6 +819,14 @@ { if ( $text == '' ) return ''; + $text_orig = $text; + if ( isset($this->decrypt_cache[$key]) && is_array($this->decrypt_cache[$key]) ) + { + if ( isset($this->decrypt_cache[$key][$text]) ) + { + return $this->decrypt_cache[$key][$text]; + } + } switch($input_encoding) { case ENC_BINARY: @@ -838,6 +861,11 @@ } $dypt = $this->byteArrayToString($dypt); } + if ( !isset($this->decrypt_cache[$key]) ) + $this->decrypt_cache[$key] = array(); + + $this->decrypt_cache[$key][$text_orig] = $dypt; + return $dypt; } diff -r 7846d45bd250 -r b2f985e4cef3 includes/sessions.php --- a/includes/sessions.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/sessions.php Sat Nov 24 00:53:23 2007 -0500 @@ -150,7 +150,6 @@ * @var string */ - //var $valid_username = '([A-Za-z0-9 \!\@\(\)-]+)'; var $valid_username = '([^<>&\?\'"%\n\r\t\a\/]+)'; /** @@ -282,7 +281,7 @@ { // Generate and stash a private key // This should only happen during an automated silent gradual migration to the new encryption platform. - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $this->private_key = $aes->gen_readymade_key(); $config = file_get_contents(ENANO_ROOT.'/config.php'); @@ -500,7 +499,10 @@ else { $key = strrev($_REQUEST['auth']); - $super = $this->validate_session($key); + if ( !empty($key) && ( strlen($key) / 2 ) % 4 == 0 ) + { + $super = $this->validate_session($key); + } } if(is_array($super)) { @@ -518,13 +520,13 @@ if(!$this->compat) { // init groups - $q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g - LEFT JOIN '.table_prefix.'group_members AS m - ON g.group_id=m.group_id - WHERE ( m.user_id='.$this->user_id.' - OR g.group_name=\'Everyone\') - ' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . ' - ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden + $q = $this->sql('SELECT g.group_name,g.group_id,m.is_mod FROM '.table_prefix.'groups AS g' . "\n" + . ' LEFT JOIN '.table_prefix.'group_members AS m' . "\n" + . ' ON g.group_id=m.group_id' . "\n" + . ' WHERE ( m.user_id='.$this->user_id.'' . "\n" + . ' OR g.group_name=\'Everyone\')' . "\n" + . ' ' . ( enano_version() == '1.0RC1' ? '' : 'AND ( m.pending != 1 OR m.pending IS NULL )' ) . '' . "\n" + . ' ORDER BY group_id ASC;'); // Make sure "Everyone" comes first so the permissions can be overridden if($row = $db->fetchrow()) { do { @@ -566,7 +568,7 @@ $privcache = $this->private_key; // Instanciate the Rijndael encryption object - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); // Fetch our decryption key @@ -714,7 +716,7 @@ } // Instanciate the Rijndael encryption object - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); // Initialize our success switch $success = false; @@ -862,7 +864,7 @@ $session_key = "u=$username;p=$passha1;s=$salt"; // Encrypt the key - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX); // If we're registering an elevated-privilege key, it needs to be on GET @@ -968,7 +970,8 @@ if ( !$decrypted_key ) { - die_semicritical('AES encryption error', '

Something went wrong during the AES decryption process.

'.print_r($decrypted_key, true).'
'); + // die_semicritical('AES encryption error', '

Something went wrong during the AES decryption process.

'.print_r($decrypted_key, true).'
'); + return false; } $n = preg_match('/^u='.$this->valid_username.';p=([A-Fa-f0-9]+?);s=([A-Fa-f0-9]+?)$/', $decrypted_key, $keydata); @@ -979,16 +982,19 @@ } $keyhash = md5($key); $salt = $db->escape($keydata[3]); - $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k - LEFT JOIN '.table_prefix.'users AS u - ON ( u.user_id=k.user_id ) - LEFT JOIN '.table_prefix.'users_extra AS x - ON ( u.user_id=x.user_id OR x.user_id IS NULL ) - LEFT JOIN '.table_prefix.'privmsgs AS p - ON ( p.message_to=u.username AND p.message_read=0 ) - WHERE k.session_key=\''.$keyhash.'\' - AND k.salt=\''.$salt.'\' - GROUP BY u.user_id;'); + // using a normal call to $db->sql_query to avoid failing on errors here + $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n" + . ' u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n" + . ' x.* FROM '.table_prefix.'session_keys AS k' . "\n" + . ' LEFT JOIN '.table_prefix.'users AS u' . "\n" + . ' ON ( u.user_id=k.user_id )' . "\n" + . ' LEFT JOIN '.table_prefix.'users_extra AS x' . "\n" + . ' ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n" + . ' LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n" + . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n" + . ' WHERE k.session_key=\''.$keyhash.'\'' . "\n" + . ' AND k.salt=\''.$salt.'\'' . "\n" + . ' GROUP BY u.user_id;'); if ( !$query ) { $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k @@ -1133,7 +1139,7 @@ $oid = $this->user_id; if($level > USER_LEVEL_CHPREF) { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); if(!$this->user_logged_in || $this->auth_level < USER_LEVEL_MOD) return 'success'; // Destroy elevated privileges $keyhash = md5(strrev($this->sid_super)); @@ -1209,7 +1215,7 @@ function rijndael_genkey() { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $key = $aes->gen_readymade_key(); $keys = getConfig('login_key_cache'); if(is_string($keys)) @@ -1227,7 +1233,7 @@ function dss_rand() { - $aes = new AESCrypt(); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $random = $aes->randkey(128); unset($aes); return md5(microtime() . $random); @@ -1344,7 +1350,7 @@ { global $db, $session, $paths, $template, $plugins; // Common objects $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason'; - $is_banned = false; + $banned = false; if ( $this->user_logged_in ) { // check by IP, email, and username @@ -1439,7 +1445,7 @@ global $db, $session, $paths, $template, $plugins; // Common objects // Initialize AES - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.'; $username = str_replace('_', ' ', $username); @@ -1795,7 +1801,7 @@ function register_temp_password($user_id, $password) { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $temp_pass = $aes->encrypt($password, $this->private_key, ENC_HEX); $this->sql('UPDATE '.table_prefix.'users SET temp_password=\'' . $temp_pass . '\',temp_password_time='.time().' WHERE user_id='.intval($user_id).';'); } @@ -1906,7 +1912,7 @@ if(intval($user_id) < 1) $errors[] = 'SQL injection attempt'; // Instanciate the AES encryption class - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); // If all of our input vars are false, then we've effectively done our job so get out of here if($username === false && $password === false && $email === false && $realname === false && $signature === false && $user_level === false) @@ -2200,7 +2206,9 @@ $this->acl_defaults_used = $this->perms; // Fetch sitewide defaults from the permissions table - $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE page_id IS NULL AND namespace IS NULL AND ( '; + $bs = 'SELECT rules, target_type, target_id FROM '.table_prefix.'acl' . "\n" + . ' WHERE page_id IS NULL AND namespace IS NULL AND' . "\n" + . ' ( '; $q = Array(); $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )'; @@ -2211,7 +2219,7 @@ $q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )'; } } - $bs .= implode(' OR ', $q) . ' ) ORDER BY target_type ASC, target_id ASC;'; + $bs .= implode(" OR \n ", $q) . " ) \n ORDER BY target_type ASC, target_id ASC;"; $q = $this->sql($bs); if ( $row = $db->fetchrow() ) { @@ -2255,7 +2263,7 @@ } // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual // permissions to override group permissions. - $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) ) + $bs .= implode(" OR\n ", $q) . " )\n AND (" . $pg_info . ' ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) ) ORDER BY target_type ASC, page_id ASC, namespace ASC;'; $q = $this->sql($bs); if ( $row = $db->fetchrow() ) @@ -2697,7 +2705,8 @@ } // Build a query to grab ACL info - $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( '; + $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ' . "\n" + . ' ( '; $q = Array(); $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )'; if(count($session->groups) > 0) @@ -2709,7 +2718,7 @@ } // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual // permissions to override group permissions. - $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' ) + $bs .= implode(" OR\n ", $q) . ' ) AND (' . $pg_info . ' page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' ) ORDER BY target_type ASC, page_id ASC, namespace ASC;'; $q = $session->sql($bs); if ( $row = $db->fetchrow() ) diff -r 7846d45bd250 -r b2f985e4cef3 includes/tagcloud.php --- a/includes/tagcloud.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/tagcloud.php Sat Nov 24 00:53:23 2007 -0500 @@ -35,7 +35,7 @@ * @param array Optional. An initial list of words, just a plain old array. */ - function __construct($words) + function __construct($words = array()) { if ( count($words) > 0 ) { diff -r 7846d45bd250 -r b2f985e4cef3 includes/template.php --- a/includes/template.php Fri Nov 23 17:59:24 2007 -0500 +++ b/includes/template.php Sat Nov 24 00:53:23 2007 -0500 @@ -748,7 +748,8 @@ 'STYLE_ID'=>$this->style, 'JS_DYNAMIC_VARS'=>$js_dynamic, 'UNREAD_PMS'=>$session->unread_pms, - 'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true) + 'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true), + 'REPORT_URI' => makeUrl($paths->page, 'do=sql_report', true) ); foreach ( $paths->nslist as $ns_id => $ns_prefix ) @@ -1047,7 +1048,7 @@ continue; $tag_complete = <<fetch_block('Links') ) $this->initLinksWidget(); - $q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;'); + $q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar' . "\n" + . ' WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;'); if(!$q) $db->_die('The sidebar text data could not be selected.'); $vars = $this->extract_vars('elements.tpl'); @@ -1794,7 +1796,8 @@ * "critical error" messages. ** REQUIRES ** the Oxygen theme. */ -class template_nodb { +class template_nodb +{ var $fading_button, $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list; function __construct() { diff -r 7846d45bd250 -r b2f985e4cef3 index.php --- a/index.php Fri Nov 23 17:59:24 2007 -0500 +++ b/index.php Sat Nov 24 00:53:23 2007 -0500 @@ -429,6 +429,17 @@ $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); PageUtils::aclmanager($data); break; + case 'sql_report': + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $rev_id ); + $page->send_headers = true; + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + ob_end_clean(); + ob_start(); + $db->sql_report(); + break; } // @@ -438,7 +449,7 @@ { // Load up the HTML $html = ob_get_contents(); - ob_end_clean(); + @ob_end_clean(); $html = aggressive_optimize_html($html); diff -r 7846d45bd250 -r b2f985e4cef3 install.php --- a/install.php Fri Nov 23 17:59:24 2007 -0500 +++ b/install.php Sat Nov 24 00:53:23 2007 -0500 @@ -329,7 +329,7 @@ if ( $act_get ) return $decrypted_pass; - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); if ( !empty($_POST['crypt_data']) ) { @@ -359,7 +359,7 @@ if ( $act_get ) return $key; - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $key = $aes->gen_readymade_key(); return true; } @@ -372,7 +372,7 @@ $admin_pass = stg_decrypt_admin_pass(true); $key = stg_generate_aes_key(true); - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $key = $aes->hextostring($key); $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); @@ -452,7 +452,7 @@ { $admin_pass = stg_decrypt_admin_pass(true); $key = stg_generate_aes_key(true); - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $key = $aes->hextostring($key); $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); $admin_user = mysql_real_escape_string($_POST['admin_user']); @@ -1334,7 +1334,7 @@ } unset($_POST['_cont']); require('config.new.php'); - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); if ( isset($crypto_key) ) { $cryptkey = $crypto_key; diff -r 7846d45bd250 -r b2f985e4cef3 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Fri Nov 23 17:59:24 2007 -0500 +++ b/plugins/SpecialUserFuncs.php Sat Nov 24 00:53:23 2007 -0500 @@ -376,7 +376,7 @@ if ( $_POST['use_crypt'] == 'yes' ) { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $crypt_key = $session->fetch_public_key($_POST['crypt_key']); if ( !$crypt_key ) { @@ -1067,7 +1067,7 @@ if ( isset($_POST['do_stage2']) ) { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); if($_POST['use_crypt'] == 'yes') { $crypt_key = $session->fetch_public_key($_POST['crypt_key']); diff -r 7846d45bd250 -r b2f985e4cef3 plugins/SpecialUserPrefs.php --- a/plugins/SpecialUserPrefs.php Fri Nov 23 17:59:24 2007 -0500 +++ b/plugins/SpecialUserPrefs.php Sat Nov 24 00:53:23 2007 -0500 @@ -25,7 +25,7 @@ function userprefs_menu_add($section, $text, $link) { global $userprefs_menu; - if ( is_array($userprefs_menu[$section]) ) + if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) ) { $userprefs_menu[$section][] = Array( 'text' => $text, @@ -133,7 +133,7 @@ $uid = intval($session->user_id); // Instanciate the AES encryptor - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); // Basic user info $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';'); diff -r 7846d45bd250 -r b2f985e4cef3 plugins/admin/UserManager.php --- a/plugins/admin/UserManager.php Fri Nov 23 17:59:24 2007 -0500 +++ b/plugins/admin/UserManager.php Sat Nov 24 00:53:23 2007 -0500 @@ -68,7 +68,7 @@ $password = false; if ( $_POST['changing_pw'] == 'yes' ) { - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $key_hex_md5 = $_POST['crypt_key']; $key_hex = $session->fetch_public_key($key_hex_md5); if ( $key_hex ) @@ -348,7 +348,7 @@ else { // Get the current session information so the user doesn't get logged out - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); $sk = md5(strrev($session->sid_super)); $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); if ( !$qb ) @@ -544,21 +544,12 @@ * Constructor. */ - function __construct() + function Admin_UserManager_SmartForm() { $this->uuid = md5( mt_rand() . microtime() ); } /** - * PHP4 constructor. - */ - - function Admin_UserManager_SmartForm() - { - $this->__construct(); - } - - /** * Renders and returns the finished form. * @return string */ diff -r 7846d45bd250 -r b2f985e4cef3 themes/oxygen/footer.tpl --- a/themes/oxygen/footer.tpl Fri Nov 23 17:59:24 2007 -0500 +++ b/themes/oxygen/footer.tpl Sat Nov 24 00:53:23 2007 -0500 @@ -12,7 +12,7 @@ -->
{COPYRIGHT}
- Website engine powered by Enano  |  Valid XHTML 1.1  |  Valid CSS  |  Generated in [[GenTime]]sec + Website engine powered by Enano  |  Valid XHTML 1.1  |  Valid CSS  |  Generated in [[GenTime]]sec  |  [[NumQueries]] SQL
diff -r 7846d45bd250 -r b2f985e4cef3 themes/stpatty/footer.tpl --- a/themes/stpatty/footer.tpl Fri Nov 23 17:59:24 2007 -0500 +++ b/themes/stpatty/footer.tpl Sat Nov 24 00:53:23 2007 -0500 @@ -10,7 +10,7 @@ -Dan --> {COPYRIGHT}
- Powered by Enano | Valid XHTML 1.1 | Valid CSS | [[Stats]] + Powered by Enano  |  Valid XHTML 1.1  |  Valid CSS  |  Time: [[GenTime]]s  |  [[NumQueries]] SQL