From 421503ee01f13841c3e19fc3ac70c88e91d82b8c Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Sun, 28 Mar 2021 11:06:43 -0700
Subject: [PATCH] Fix TINYIB_MANAGEKEY issue

Resolves #194.
---
 imgboard.php      |  6 +++---
 inc/functions.php | 19 +++++++++++--------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/imgboard.php b/imgboard.php
index 6edc6f3..bc2b288 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -228,7 +228,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
 	}
 
-	list($loggedin, $isadmin) = manageCheckLogIn();
+	list($loggedin, $isadmin) = manageCheckLogIn(false);
 	$rawpost = isRawPost();
 	$rawposttext = '';
 	if (!$loggedin) {
@@ -554,7 +554,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 
 	$post = postByID($_POST['delete']);
 	if ($post) {
-		list($loggedin, $isadmin) = manageCheckLogIn();
+		list($loggedin, $isadmin) = manageCheckLogIn(false);
 
 		if ($loggedin && $_POST['password'] == '') {
 			// Redirect to post moderation page
@@ -592,7 +592,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		die('--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=imgboard.php">');
 	}
 
-	list($loggedin, $isadmin) = manageCheckLogIn();
+	list($loggedin, $isadmin) = manageCheckLogIn(true);
 
 	if ($loggedin) {
 		if ($isadmin) {
diff --git a/inc/functions.php b/inc/functions.php
index 402f7f6..6dd7dd0 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -335,7 +335,10 @@ function checkMessageSize() {
 	}
 }
 
-function manageCheckLogIn() {
+function manageCheckLogIn($requireKey) {
+	$loggedin = false;
+	$isadmin = false;
+
 	$key = (isset($_GET['manage']) && $_GET['manage'] != '') ? hashData($_GET['manage']) : '';
 	if ($key == '' && isset($_SESSION['tinyib_key'])) {
 		$key = $_SESSION['tinyib_key'];
@@ -344,11 +347,13 @@ function manageCheckLogIn() {
 		$_SESSION['tinyib'] = '';
 		$_SESSION['tinyib_key'] = '';
 		session_destroy();
-		fancyDie(__('Invalid key.'));
+
+		if ($requireKey) {
+			fancyDie(__('Invalid key.'));
+		}
+		return array($loggedin, $isadmin);
 	}
 
-	$loggedin = false;
-	$isadmin = false;
 	if (isset($_POST['managepassword'])) {
 		checkCAPTCHA(TINYIB_MANAGECAPTCHA);
 
@@ -391,10 +396,8 @@ function setParent() {
 
 function isRawPost() {
 	if (isset($_POST['rawpost'])) {
-		list($loggedin, $isadmin) = manageCheckLogIn();
-		if ($loggedin) {
-			return true;
-		}
+		list($loggedin, $isadmin) = manageCheckLogIn(false);
+		return $loggedin;
 	}
 
 	return false;