Changeset 805

Timestamp:

May 24, 2014, 11:35:47 PM (10 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

Location:

trunk

Files:

• Modules/Export/ProcessAoWoWExport.php (modified) (2 diffs)
• Modules/Export/ProcessTask.php (modified) (1 diff)
• Modules/Export/cmdmpqexport.php (modified) (1 diff)
• Modules/Forum/Forum.php (modified) (1 diff)
• Modules/Import/cmd.php (modified) (2 diffs)
• Modules/Log/Log.php (modified) (2 diffs)
• Modules/Referrer/Referrer.php (modified) (1 diff)
• Modules/ShoutBox/ShoutBox.php (modified) (1 diff)
• Modules/User/User.php (modified) (4 diffs)
• admin/install.php (modified) (3 diffs)
• includes/Update.php (modified) (1 diff)
• includes/Version.php (modified) (1 diff)
• includes/global.php (modified) (2 diffs)
• includes/system.php (modified) (2 diffs)
• locale/cs.php (modified) (1 diff)

trunk/Modules/Export/ProcessAoWoWExport.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once('../../includes/global.php');
@@ -14 +11 @@
   $System->DoNotShowPage = true;
         $System->Run();
-
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 $Output = '';

trunk/Modules/Export/ProcessTask.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once(dirname(__FILE__).'/../../includes/global.php');

trunk/Modules/Export/cmdmpqexport.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once(dirname(__FILE__).'/../../includes/global.php');

trunk/Modules/Forum/Forum.php

@@ -261 +261 @@
                 $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'","'.$_GET['Thread'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
               } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
              } else
             $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
                                                 $Output .= ShowMessage(T('Added.'));
                                         }

trunk/Modules/Import/cmd.php

@@ -1 +1 @@
 <?php
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
-
 
 include_once('../../includes/global.php');
@@ -13 +9 @@
         $System->Run();
 $Import = new Import($System);
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 $Output = '';

trunk/Modules/Log/Log.php

@@ -33 +33 @@
   function WriteLog($Text, $Type)
   {
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-        
-        if(isset($this->System->User) and !is_null($this->System->User->Id)) $UserId = $this->System->User->Id;
+        if(isset($this->System->User) and !is_null($this->System->User->Id)) 
+          $UserId = $this->System->User->Id;
           else $UserId = 'NULL';
         $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
-                'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
+          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
+          GetRemoteAddress().'", "'.GetRequestURI().'")';
         $this->System->Database->query($Query);
   }
@@ -60 +59 @@
 {
         global $System, $User;
-
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-
+        
         if(isset($User) and !is_null($User->Id)) $UserId = $User->Id;
           else $UserId = 'NULL';
         $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
-          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
+          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
+      GetRemoteAddress().'", "'.GetRequestURI().'")';
         $System->Database->query($Query);
 }

trunk/Modules/Referrer/Referrer.php

@@ -40 +40 @@
       if(!in_array($HostName, $this->Excludes))
       {
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-
+        $IP = GetRemoteAddress();
+        
         // Check if client IP is not blocked as spam source
         $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `Referrer` WHERE `LastIP` = "'.$IP.'" AND (`Visible` = 0)');

trunk/Modules/ShoutBox/ShoutBox.php

@@ -125 +125 @@
                                                 $this->System->Database->query('INSERT INTO `ShoutBox` ( `User`, `UserName` , `Text` , `Date` , `IP` ) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
                                                 $Output .= ShowMessage('Zpráva vložena.');
                                         }

trunk/Modules/User/User.php

@@ -137 +137 @@
       $this->Database->query('UPDATE `UserTrace` SET '.
         '`LastLogin` = NOW(), '.
-        '`LastIP` = "'.$_SERVER['REMOTE_ADDR'].'", '.
+        '`LastIP` = "'.GetRemoteAddress().'", '.
         '`UserAgent` = "'.$this->System->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'" '.
         ' WHERE `User` = '.$this->Id);
@@ -194 +194 @@
   function Licence($Licence)
   {
-    if(!isset($_SERVER['REMOTE_ADDR'])) return(true); // Execution from command line
-    else return($this->Role >= $Licence);
+    if(GetRemoteAddress() == '') return(true); // Execution from command line
+      else return($this->Role >= $Licence);
   }
 
@@ -229 +229 @@
       // Refresh time of last access
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
-    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
+    } else {
+        if(GetRemoteAddress() != '') $HostName = gethostbyaddr(GetRemoteAddress());
+          else $HostName = '';
+        $this->Database->insert('UserOnline', array('SessionId' => $SID,
       'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
-      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
-      'ScriptName' => $_SERVER['REQUEST_URI']));
-
+      'IpAddress' => GetRemoteAddress(), 'HostName' => $HostName,
+      'ScriptName' => GetRequestURI()));
+    }
+        
     // Logged permanently?
           if(array_key_exists('LoginHash', $_COOKIE))
@@ -281 +285 @@
     $UserId = $this->Database->insert_id;
     $this->Database->query('INSERT INTO `UserTrace` (`User`, `LastIP`, `UserAgent`) '.
-        'VALUES ('.$UserId.', "'.$_SERVER['REMOTE_ADDR'].'", '.
+        'VALUES ('.$UserId.', "'.GetRemoteAddress().'", '.
         '"'.$this->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'")');
   }

trunk/admin/install.php

@@ -95 +95 @@
   $Output = "<?php
 
-  \$IsDeveloper = in_array(\$_SERVER['REMOTE_ADDR'], array('127.0.0.1'));
+  \$IsDeveloper = in_array(GetRemoteAddress(), array('127.0.0.1'));
 
   \$Config = array(
@@ -119 +119 @@
     'ShowSQLQuery' => false,
     'ShowSQLError' => \$IsDeveloper,
+    'LogSQLQuery' => false,
     'ShowPHPError' => \$IsDeveloper,
     'ShowRuntimeInfo' => \$IsDeveloper,
     'FormatOutput' => \$IsDeveloper,
-        'ItemsPerPage' => ".$Config['Web']['ItemsPerPage'].",
-    'TempFolder' => '../tmp/',
+    'ItemsPerPage' => ".$Config['Web']['ItemsPerPage'].",
+    'TempFolder' => 'tmp/',
+    'SourceFolder' => 'source/',
     'GameVersion' => '3.3.5a',
     'VisiblePagingItems' => ".$Config['Web']['VisiblePagingItems'].",
@@ -135 +137 @@
   'MaxExportPerUser' => 10,
   'AoWoWExportId' => 1,
-        'OriginalLanguage' => 1, 
+  'OriginalLanguage' => 1, 
   'SystemPassword' => '".$Config['SystemPassword']."',
 );";

trunk/includes/Update.php

@@ -54 +54 @@
         $InstallMethod = $this->InstallMethod; 
         $InstallMethod($this);
+        $this->Update();
   }
   

trunk/includes/Version.php

@@ -6 +6 @@
 // and system will need database update.
 
-$Revision = 804; // Subversion revision
+$Revision = 805; // Subversion revision
 $DatabaseRevision = 803; // Database structure revision
-$ReleaseTime = '2014-04-14';
+$ReleaseTime = '2014-05-24';

trunk/includes/global.php

@@ -754 +754 @@
         if(substr($PathString, -1, 1) == '/') $PathString = substr($PathString, 0, -1);
         $PathItems = explode('/', $PathString);
-        if(strpos($_SERVER['REQUEST_URI'], '?') !== false)
-                $_SERVER['QUERY_STRING'] = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
+        if(strpos(GetRequestURI(), '?') !== false)
+                $_SERVER['QUERY_STRING'] = substr(GetRequestURI(), strpos(GetRequestURI(), '?') + 1);
         else $_SERVER['QUERY_STRING'] = '';
         parse_str($_SERVER['QUERY_STRING'], $_GET);
@@ -780 +780 @@
 }
 
+function GetClientProxyAddresses()
+{
+  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    else $IP = array();
+}
+
 function GetRemoteAddress()
 {
-  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'] ;
-  else if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
-  else $IP = '0.0.0.0';
+  if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
+    else $IP = '';
   return($IP);
 }
+
+function GetRequestURI()
+{
+  if(array_key_exists('REQUEST_URI', $_SERVER)) return($_SERVER['REQUEST_URI']);
+    else return($_SERVER['PHP_SELF']);
+}

trunk/includes/system.php

@@ -110 +110 @@
     $ScriptStartTime = GetMicrotime();
 
-    if(isset($_SERVER['REMOTE_ADDR'])) session_start();
+    if(GetRemoteAddress() != '') session_start();
 
     if(!isset($Config)) die('Systém není nainstalován. Pokračujte v instalaci <a href="admin/install.php">zde</a>.');
@@ -433 +433 @@
                 $ScriptGenerateDuration.' s / '.ini_get('max_execution_time').' s &nbsp;&nbsp; '.T('Used memory').': '.
                 HumanSize(memory_get_peak_usage(FALSE)).' / '.ini_get('memory_limit').'B &nbsp;&nbsp; <a href="http://validator.w3.org/check?uri='.
-                htmlentities('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
+                htmlentities('http://'.$_SERVER['HTTP_HOST'].GetRequestURI().'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
                 $Output .= '</table>'.
       '</body>'.

trunk/locale/cs.php

@@ -202 +202 @@
       'Additional files: modified wow.exe, fonts to game, translated interface aowow and more can be found on page' => 'Doplňkové soubory: upravené wow.exe, fonty do hry, přeložené rozhraní aowow a další najdete na stránce',
       'If none of these files is suitable for you, for example, to the Czech without the translated interface. You can generate your own section in section' => 'Pokud vám nevyhovuje žádný z následujících souborů, například chcete češtinu bez přeloženého rozhraní. Můžete si vygenerovat vlastní v sekci',
-      'The following files are generated every day, if needed. That means if is added new translation to database. Therefore, if you translate a translation or correct the mistake, tomorrow you can download the new patched version. Or you can rebuild and download for a few minutes the repaired file.' => 'Následující soubory se generují každý den, pokud je zapotřebí. To zanamená, pokud se v databázi oběví nové překlady. Proto, pokud přeložíte nějaký překlad nebo opravíte chybu, zítra si můžete stáhnout novou opravenou verzi. Nebo si můžete přegenerovat a stáhnout si za pár minut opravený soubor.',
+      'The following files are generated every day, if needed. That means if is added new translation to database. Therefore, if you translate a translation or correct the mistake, tomorrow you can download the new patched version. Or you can rebuild and download for a few minutes the repaired file.' => 'Následující soubory se generují každý den, pokud je zapotřebí. To znamená, pokud se v databázi objeví nové překlady. Proto, pokud přeložíte nějaký překlad nebo opravíte chybu, následující den si můžete stáhnout novou opravenou verzi. Nebo si můžete přegenerovat a stáhnout si za pár minut opravený soubor.',
       'If you no longer want translation in game, you can uninstall it by file Uninstall.exe at the directory of game.' => 'Pokud si češtinu dále nebudete přát, můžete ji jednoduše odinstalovat pomocí souboru Uninstall.exe ve složce hry.',
       'Make export' => 'Exportovat',