Fixes for Lang Check (#638)

* Fixes for Lang Check

* Fixes for Lang Check

lang/lang-check.php

@@ -35,33 +35,59 @@ require_once CONFIG_FILE;
 // Connect to the database server and select database.
 $db = createDatabaseConnection($db_type, $db_host, $db_user, $db_pass, $db_name, $table_prefix);
 
-startSession();
-
-if(!isset($_SESSION['user_id']) || !$db->isAdmin($_SESSION['user_id'])){
-	die("You must be logged in and an admin user to use this page!");
-}
-
 function curPageURL() {
 	$pageURL = ( isset($_SERVER['HTTPS']) and  get_true_boolean($_SERVER['HTTPS']) ) ? "https://" : "http://";
+	$serverName = $_SERVER["SERVER_NAME"];
+	if($serverName == "_"){
+		$serverName = "localhost";
+	}
 	if ($_SERVER["SERVER_PORT"] != "80")
-		$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
+		$pageURL .= $serverName.":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 	else
-		$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
+		$pageURL .= $serverName.$_SERVER["REQUEST_URI"];
 	return $pageURL;
 }
 
-if(isset($_GET['file'])) // Don't allow remote URLs
+if(isset($_GET['file']) && isset($_GET['apiKey']) && isset($_GET['userId'])) // Don't allow remote URLs
 {
-	if(!filter_var($_GET['file'], FILTER_VALIDATE_URL)){
-		$file = urldecode($_GET['file']);
-		include($file);
-		$constants = get_defined_constants(true);
-		echo base64_encode(serialize($constants['user']));
-		exit();
+	// Check API key
+	$isAdminUser = $db->isAdmin($_GET['userId']);
+	$apiKey = $db->getApiToken($_GET['userId']);
+	if($isAdminUser){
+		if($apiKey == $_GET['apiKey']){
+			if(!filter_var($_GET['file'], FILTER_VALIDATE_URL)){
+				$file = urldecode($_GET['file']);
+				if(file_exists(__dir__ . "/" . $file)){
+					include(__dir__ . "/" . $file);
+					$constants = get_defined_constants(true);
+					echo base64_encode(serialize($constants['user']));
+					exit();
+				}else{
+					echo "FILE DOESNT EXIST " . $file;
+					exit();
+				}
+			}else{
+				echo "FILE IS URL - NOT ALLOWED";
+				exit();
+			}
+		}else{
+			echo "NO MATCH";
+			exit();
+		}
 	}else{
+		echo "NOT ADMIN";
 		exit();
 	}
 }
+
+startSession();
+
+if(!isset($_SESSION['user_id']) || !$db->isAdmin($_SESSION['user_id'])){
+	die("You must be logged in and an admin user to use this page!");
+}else{
+	$apiKey = $db->getApiToken($_SESSION['user_id']);
+}
+
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -152,8 +178,6 @@ foreach ($locale_files as $lang_name)
 }
 echo "</ul>";
 
-startSession();
-
 if ( isset($_SESSION['users_login']) )
 {
 	$userInfo = $db->getUser($_SESSION['users_login']);
@@ -195,7 +219,7 @@ $current_url = curPageURL();
 foreach ($global_comparison_lang_files as $glf)
 {
 	$file = $COMPARISON_LANG."/".$glf;
-	$contents = file_get_contents($current_url.'?file='.$file);
+	$contents = file_get_contents($current_url.'?file='.$file . '&apiKey=' . $apiKey . "&userId=" . $_SESSION['user_id']);
 	$lang[$glf] = unserialize(base64_decode($contents));
 }
 
@@ -220,7 +244,7 @@ foreach ($locale_files as $lang_name)
 		}
 		
 		$compare_lang = array();
-		$contents = file_get_contents("$current_url?file=$file");
+		$contents = file_get_contents($current_url . "?file=" . $file . "&apiKey=" . $apiKey . "&userId=" . $_SESSION['user_id']);
 		$compare_lang = unserialize(base64_decode($contents));
 		if(!is_array($compare_lang))
 			die("Errors where found at $file");

modules/litefm/fm_dir.php

@@ -156,7 +156,11 @@ function exec_ogp_module()
 			$count = 0;
 			$s = ( isset($_SERVER['HTTPS']) and  get_true_boolean($_SERVER['HTTPS']) ) ? "s" : "";
 			$p = (isset($_SERVER['SERVER_PORT']) and $_SERVER['SERVER_PORT'] != "80") ? ":".$_SERVER['SERVER_PORT'] : "";
-			$url = 'http'.$s.'://'.$_SERVER['SERVER_NAME'].$p.$_SERVER['SCRIPT_NAME'];
+			$serverName = $_SERVER["SERVER_NAME"];
+			if($serverName == "_"){
+				$serverName = "localhost";
+			}
+			$url = 'http'.$s.'://'.$serverName.$p.$_SERVER['SCRIPT_NAME'];
 			// loop all files
 			foreach ( $_FILES['files']['name'] as $i => $name )
 			{

modules/lostpwd/lostpwd.php

@@ -89,8 +89,14 @@ function exec_ogp_module() {
 					$ch_pass_uid = $user_info['users_passwd'];
 					$subject = get_lang('confirm_change_subject');
 					$s = ( isset($_SERVER['HTTPS']) and  get_true_boolean($_SERVER['HTTPS']) ) ? "s" : "";
-					$recover_link = '<a href="http'.$s.'://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']."&user_id=".$user_id.'&ch_pass_uid='.$ch_pass_uid.
-									'" >http'.$s.'://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']."&user_id=".$user_id.'&ch_pass_uid='.$ch_pass_uid.'</a>';
+					
+					$serverName = $_SERVER["SERVER_NAME"];
+					if($serverName == "_"){
+						$serverName = "localhost";
+					}
+					
+					$recover_link = '<a href="http'.$s.'://'.$serverName.$_SERVER['REQUEST_URI']."&user_id=".$user_id.'&ch_pass_uid='.$ch_pass_uid.
+									'" >http'.$s.'://'.$serverName.$_SERVER['REQUEST_URI']."&user_id=".$user_id.'&ch_pass_uid='.$ch_pass_uid.'</a>';
 					$message = get_lang_f('confirm_change_password_message',$recover_link);
 
 					if (mymail($email_address, $subject, $message, $settings) == TRUE)