From 0cd87e682012f224e2b74531190bb983fdcbb430 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Sun, 10 Jan 2016 03:31:27 -0500
Subject: [PATCH] Revert "allow 0 for ISINT"

---
 interface/lib/app.inc.php |   37 +++++++++++++++++++++++++------------
 1 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 8832f45..e23b6ca 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -48,6 +48,7 @@
 	private $_wb;
 	private $_loaded_classes = array();
 	private $_conf;
+	private $_security_config;
 	
 	public $loaded_plugins = array();
 
@@ -69,6 +70,8 @@
 
 			$this->uses('session');
 			$sess_timeout = $this->conf('interface', 'session_timeout');
+			$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
+			$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
 			if($sess_timeout) {
 				/* check if user wants to stay logged in */
 				if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
@@ -78,19 +81,19 @@
 					$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
 					if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
 						$this->session->set_timeout($sess_timeout);
-						session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
+						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
 					} else {
 						// we are doing login here, so we need to set the session data
 						$this->session->set_permanent(true);
-						$this->session->set_timeout(365 * 24 * 3600); // one year
-						session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
+						$this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year
+						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
 					}
 				} else {
 					$this->session->set_timeout($sess_timeout);
-					session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
+					session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
 				}
 			} else {
-				session_set_cookie_params(0); // until browser is closed
+				session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed
 			}
 			
 			session_set_save_handler( array($this->session, 'open'),
@@ -109,7 +112,8 @@
 		}
 
 		$this->uses('functions'); // we need this before all others!
-		$this->uses('auth,plugin');
+		$this->uses('auth,plugin,ini_parser,getconf');
+		
 	}
 
 	public function __get($prop) {
@@ -151,15 +155,15 @@
 	
 	public function conf($plugin, $key, $value = null) {
 		if(is_null($value)) {
-			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
 			if($tmpconf) return $tmpconf['value'];
 			else return null;
 		} else {
 			if($value === false) {
-				$this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+				$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
 				return null;
 			} else {
-				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
+				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
 				return $value;
 			}
 		}
@@ -175,8 +179,8 @@
 			$server_id = 0;
 			$priority = $this->functions->intval($priority);
 			$tstamp = time();
-			$msg = $this->db->quote('[INTERFACE]: '.$msg);
-			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+			$msg = '[INTERFACE]: '.$msg;
+			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
 			/*
 			if (is_writable($this->_conf['log_file'])) {
 				if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
@@ -236,7 +240,7 @@
 			}
 			$this->_language_inc = 1;
 		}
-		if(!empty($this->_wb[$text])) {
+		if(isset($this->_wb[$text]) && $this->wb[$text] !== '') {
 			$text = $this->_wb[$text];
 		} else {
 			if($this->_conf['debug_language']) {
@@ -327,4 +331,13 @@
 //* possible future =  new app($conf);
 $app = new app();
 
+// load and enable PHP Intrusion Detection System (PHPIDS)
+$ids_security_config = $app->getconf->get_security_config('ids');
+		
+if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {
+	$app->uses('ids');
+	$app->ids->start();
+}
+unset($ids_security_config);
+
 ?>

--
Gitblit v1.9.1