From 361c12be462a3a81a17969e7e371f5ce0a156a8c Mon Sep 17 00:00:00 2001 From: Quentin Bramas Date: Wed, 4 Nov 2015 23:00:57 +0100 Subject: [PATCH 1/2] Check if a user is logged in before displaying log or seeing system information\n This resolve electerious/Lychee#420 --- plugins/check/index.php | 12 ++++++++++++ plugins/displaylog/index.php | 15 +++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/plugins/check/index.php b/plugins/check/index.php index b21b087..915e7fd 100644 --- a/plugins/check/index.php +++ b/plugins/check/index.php @@ -93,6 +93,18 @@ if ($database->server_version<50500) echo('Warning: Lychee uses the GBK charset if ($error==='') echo('No critical problems found. Lychee should work without problems!' . PHP_EOL); else echo $error; +# Don't go further if the user is not connected +session_start(); +$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& + (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])); + +if(!$isAdmin) +{ + echo(PHP_EOL . PHP_EOL . 'You have to be logged in to see more information.'); + exit(); +} + + # Show separator echo(PHP_EOL . PHP_EOL . 'System Information' . PHP_EOL); echo('------------------' . PHP_EOL); diff --git a/plugins/displaylog/index.php b/plugins/displaylog/index.php index 0b6ca83..48107ff 100644 --- a/plugins/displaylog/index.php +++ b/plugins/displaylog/index.php @@ -37,6 +37,21 @@ if (mysqli_connect_errno()!=0) { exit(); } +# Load settings +$settings = new Settings($database); +$settings = $settings->get(); + +# Check if the user is connected +session_start(); +$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& + (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])); + +if(!$isAdmin) +{ + exit('You have to be logged in to see the log.'); +} + + # Result $query = Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG)); $result = $database->query($query); From 2a0212e33a6e4dbd55630a40e225f6ebe656fcb6 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Sun, 10 Jan 2016 13:07:21 +0100 Subject: [PATCH 2/2] Updated #421 syntax --- plugins/check/index.php | 66 +++++++++++++++++++----------------- plugins/displaylog/index.php | 47 +++++++++++++------------ 2 files changed, 59 insertions(+), 54 deletions(-) diff --git a/plugins/check/index.php b/plugins/check/index.php index 0d2a303..b44519e 100644 --- a/plugins/check/index.php +++ b/plugins/check/index.php @@ -99,43 +99,45 @@ if (!$gdVersion['GIF Read Support'] || !$gdVersion['GIF Create Support']) $error if ($error==='') echo('No critical problems found. Lychee should work without problems!' . PHP_EOL); else echo $error; -# Don't go further if the user is not connected -session_start(); -$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& - (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])); - -if(!$isAdmin) -{ - echo(PHP_EOL . PHP_EOL . 'You have to be logged in to see more information.'); - exit(); -} - - # Show separator echo(PHP_EOL . PHP_EOL . 'System Information' . PHP_EOL); echo('------------------' . PHP_EOL); -# Load json -$json = file_get_contents(LYCHEE_SRC . 'package.json'); -$json = json_decode($json, true); +# Ensure that user is logged in +session_start(); -# About imagick -$imagick = extension_loaded('imagick'); -if ($imagick===true) $imagickVersion = @Imagick::getVersion(); -else $imagick = '-'; -if (!isset($imagickVersion, $imagickVersion['versionNumber'])||$imagickVersion==='') $imagickVersion = '-'; -else $imagickVersion = $imagickVersion['versionNumber']; +if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& + (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])) { -# Output system information -echo('Lychee Version: ' . $json['version'] . PHP_EOL); -echo('DB Version: ' . $settings['version'] . PHP_EOL); -echo('System: ' . PHP_OS . PHP_EOL); -echo('PHP Version: ' . floatval(phpversion()) . PHP_EOL); -echo('MySQL Version: ' . $database->server_version . PHP_EOL); -echo('Imagick: ' . $imagick . PHP_EOL); -echo('Imagick Active: ' . $settings['imagick'] . PHP_EOL); -echo('Imagick Version: ' . $imagickVersion . PHP_EOL); -echo('GD Version: ' . $gdVersion['GD Version'] . PHP_EOL); -echo('Plugins: ' . $settings['plugins'] . PHP_EOL); + # Load json + $json = file_get_contents(LYCHEE_SRC . 'package.json'); + $json = json_decode($json, true); + + # About imagick + $imagick = extension_loaded('imagick'); + if ($imagick===true) $imagickVersion = @Imagick::getVersion(); + else $imagick = '-'; + if (!isset($imagickVersion, $imagickVersion['versionNumber'])||$imagickVersion==='') $imagickVersion = '-'; + else $imagickVersion = $imagickVersion['versionNumber']; + + # Output system information + echo('Lychee Version: ' . $json['version'] . PHP_EOL); + echo('DB Version: ' . $settings['version'] . PHP_EOL); + echo('System: ' . PHP_OS . PHP_EOL); + echo('PHP Version: ' . floatval(phpversion()) . PHP_EOL); + echo('MySQL Version: ' . $database->server_version . PHP_EOL); + echo('Imagick: ' . $imagick . PHP_EOL); + echo('Imagick Active: ' . $settings['imagick'] . PHP_EOL); + echo('Imagick Version: ' . $imagickVersion . PHP_EOL); + echo('GD Version: ' . $gdVersion['GD Version'] . PHP_EOL); + echo('Plugins: ' . $settings['plugins'] . PHP_EOL); + +} else { + + # Don't go further if the user is not logged in + echo('You have to be logged in to see more information.'); + exit(); + +} ?> diff --git a/plugins/displaylog/index.php b/plugins/displaylog/index.php index 48107ff..e6e690b 100644 --- a/plugins/displaylog/index.php +++ b/plugins/displaylog/index.php @@ -41,37 +41,40 @@ if (mysqli_connect_errno()!=0) { $settings = new Settings($database); $settings = $settings->get(); -# Check if the user is connected +# Ensure that user is logged in session_start(); -$isAdmin = ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& - (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])); -if(!$isAdmin) -{ - exit('You have to be logged in to see the log.'); -} +if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&& + (isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])) { + # Result + $query = Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG)); + $result = $database->query($query); -# Result -$query = Database::prepare($database, "SELECT FROM_UNIXTIME(time), type, function, line, text FROM ?", array(LYCHEE_TABLE_LOG)); -$result = $database->query($query); + # Output + if ($result->num_rows===0) { -# Output -if ($result->num_rows===0) { + echo('Everything looks fine, Lychee has not reported any problems!'); - echo('Everything looks fine, Lychee has not reported any problems!' . PHP_EOL . PHP_EOL); + } else { + + while($row = $result->fetch_row()) { + + # Encode result before printing + $row = array_map('htmlentities', $row); + + # Format: time TZ - type - function(line) - text + printf ("%s - %s - %s (%s) \t- %s\n", $row[0], $row[1], $row[2], $row[3], $row[4]); + + } + + } } else { - while($row = $result->fetch_row()) { - - # Encode result before printing - $row = array_map("htmlentities", $row); - - # Format: time TZ - type - function(line) - text - printf ("%s %s - %s - %s (%s) \t- %s\n", $row[0], date_default_timezone_get(), $row[1], $row[2], $row[3], $row[4]); - - } + # Don't go further if the user is not logged in + echo('You have to be logged in to see the log.'); + exit(); }