jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 1.4 security issue

Browse Source
This commit is contained in:
cbo 2024-03-18 08:38:59 +00:00
parent 5bc3f7e199
commit 9a78fe2be4
8 changed files with 53 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
html/account/index.php
View File

@ -1,4 +1,11 @@
<?php <?php
if (isset($_SESSION['userID']) == false || empty($_SESSION['userID'])) {
header("Location: /login");
http_response_code(403);
die('Veuillez vous connecter dans <a href="/login">/login</a>');
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");

11
html/admin/index.php
View File

@ -1,4 +1,10 @@
<?php <?php
if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) {
http_response_code(403);
die("Vous n'êtes pas autorisé à accéder à cette ressource");
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -6,11 +12,6 @@ require("../../include/objects.php");
require("../../include/inputs.php"); require("../../include/inputs.php");
require("../../include/panels.php"); require("../../include/panels.php");
if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) {
http_response_code(403);
die("Vous n'êtes pas autorisé à accéder à cette ressource");
}
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user-accreditation']) && empty($_POST['user-id']) == false) { if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user-accreditation']) && empty($_POST['user-id']) == false) {

12
html/editor/index.php
View File

@ -1,4 +1,11 @@
<?php <?php
if (!isset($_SESSION['userROle']) || $_SESSION['userRole'] < 1) {
header("Location: /login");
http_response_code(403);
die('Veuillez vous connecter dans <a href="/login">/login</a>');
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -7,11 +14,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if ($_SESSION['userRole'] < 1) {
header("Location: login.php");
http_response_code(404);
}
// Getting article informations // Getting article informations
if (isset($_GET['article'])) { if (isset($_GET['article'])) {

11
html/login/index.php
View File

@ -1,4 +1,10 @@
<?php <?php
if (isset($_SESSION['userID'])) {
header("Location: /");
die("Vous êtes déjà connecté.");
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -7,11 +13,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (isset($_SESSION['userID'])) {
header("Location: /");
die("Vous êtes déjà connecté.");
}
if (isset($_POST['username']) && isset($_POST['password'])) { if (isset($_POST['username']) && isset($_POST['password'])) {
if (empty($_POST['username']) == false && empty($_POST['password']) == false) { if (empty($_POST['username']) == false && empty($_POST['password']) == false) {

11
html/login/register.php
View File

@ -1,4 +1,10 @@
<?php <?php
if (isset($_SESSION['userID'])) {
header("Location: index.php");
die("Vous êtes déjà connecté");
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -7,11 +13,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (isset($_SESSION['userID'])) {
header("Location: index.php");
die("Vous êtes déjà connecté");
}
if (isset($_POST['username']) && isset($_POST['password1']) && isset($_POST['password2'])) { if (isset($_POST['username']) && isset($_POST['password1']) && isset($_POST['password2'])) {
if(empty($_POST['username']) == false && empty($_POST['password1']) === false && empty($_POST['password2']) === false) { if(empty($_POST['username']) == false && empty($_POST['password1']) === false && empty($_POST['password2']) === false) {
if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password1']) && preg_match('!\S!u', $_POST['password2'])) { if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password1']) && preg_match('!\S!u', $_POST['password2'])) {

12
html/settings/deleteaccount.php
View File

@ -1,4 +1,11 @@
<?php <?php
if (isset($_SESSION['userID']) == false || empty($_SESSION['userID'])) {
header("Location: /login");
http_response_code(403);
die('Veuillez vous connecter dans <a href="/login">/login</a>');
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -6,11 +13,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (!isset($_SESSION['userID'])) {
header("Location: /login");
http_response_code(403);
}
if (isset($_POST['delete-account']) && $_POST['delete-account'] == "delete-account") { if (isset($_POST['delete-account']) && $_POST['delete-account'] == "delete-account") {
$sqlRequest = "DELETE FROM users WHERE ID = :userID"; $sqlRequest = "DELETE FROM users WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);

12
html/settings/index.php
View File

@ -1,4 +1,11 @@
<?php <?php
if (isset($_SESSION['userID']) == false || empty($_SESSION['userID'])) {
header("Location: /login");
http_response_code(403);
die('Veuillez vous connecter dans <a href="/login">/login</a>');
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -7,11 +14,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (!isset($_SESSION['userID'])) {
header("Location: /login");
http_response_code(403);
}
if (isset($_POST['username']) && isset($_POST['email'])) { if (isset($_POST['username']) && isset($_POST['email'])) {
if(empty($_POST['username']) == false) { if(empty($_POST['username']) == false) {
if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['email'])) { if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['email'])) {

12
html/upload/index.php
View File

@ -1,4 +1,11 @@
<?php <?php
if ($_SESSION['userRole'] < 1) {
header("Location: /login");
http_response_code(403);
die('Veuillez vous connecter dans <a href="/login">/login</a>');
}
require("../../include/variables.php"); require("../../include/variables.php");
require("../../include/init.php"); require("../../include/init.php");
require("../../include/main-functions.php"); require("../../include/main-functions.php");
@ -7,11 +14,6 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if ($_SESSION['userRole'] < 1) {
header("Location: login.php");
http_response_code(404);
}
if(isset($_POST['article-content']) && isset($_POST['classification'])) { if(isset($_POST['article-content']) && isset($_POST['classification'])) {
$sqlRequest = "SELECT ID FROM articles WHERE ID >= 1 ORDER BY ID DESC LIMIT 1"; $sqlRequest = "SELECT ID FROM articles WHERE ID >= 1 ORDER BY ID DESC LIMIT 1";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);