Fix TINYIB_MANAGEKEY issue

Resolves #194.
This commit is contained in:
Trevor Slocum 2021-03-28 11:06:43 -07:00
parent f6f6502b58
commit 421503ee01
2 changed files with 14 additions and 11 deletions

View File

@ -228,7 +228,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
}
list($loggedin, $isadmin) = manageCheckLogIn();
list($loggedin, $isadmin) = manageCheckLogIn(false);
$rawpost = isRawPost();
$rawposttext = '';
if (!$loggedin) {
@ -554,7 +554,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$post = postByID($_POST['delete']);
if ($post) {
list($loggedin, $isadmin) = manageCheckLogIn();
list($loggedin, $isadmin) = manageCheckLogIn(false);
if ($loggedin && $_POST['password'] == '') {
// Redirect to post moderation page
@ -592,7 +592,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
die('--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=imgboard.php">');
}
list($loggedin, $isadmin) = manageCheckLogIn();
list($loggedin, $isadmin) = manageCheckLogIn(true);
if ($loggedin) {
if ($isadmin) {

View File

@ -335,7 +335,10 @@ function checkMessageSize() {
}
}
function manageCheckLogIn() {
function manageCheckLogIn($requireKey) {
$loggedin = false;
$isadmin = false;
$key = (isset($_GET['manage']) && $_GET['manage'] != '') ? hashData($_GET['manage']) : '';
if ($key == '' && isset($_SESSION['tinyib_key'])) {
$key = $_SESSION['tinyib_key'];
@ -344,11 +347,13 @@ function manageCheckLogIn() {
$_SESSION['tinyib'] = '';
$_SESSION['tinyib_key'] = '';
session_destroy();
fancyDie(__('Invalid key.'));
if ($requireKey) {
fancyDie(__('Invalid key.'));
}
return array($loggedin, $isadmin);
}
$loggedin = false;
$isadmin = false;
if (isset($_POST['managepassword'])) {
checkCAPTCHA(TINYIB_MANAGECAPTCHA);
@ -391,10 +396,8 @@ function setParent() {
function isRawPost() {
if (isset($_POST['rawpost'])) {
list($loggedin, $isadmin) = manageCheckLogIn();
if ($loggedin) {
return true;
}
list($loggedin, $isadmin) = manageCheckLogIn(false);
return $loggedin;
}
return false;