Prevent loading public parts outside of index.php, remove unused code from requiredpublic.php

5 years ago · afb82c4072
parent b21b5ca423
commit afb82c4072
6 changed files with 31 additions and 92 deletions
--- a/lib/requiredpublic.php
+++ b/lib/requiredpublic.php
@ -18,6 +18,13 @@ if (!DEBUG) {
    ini_set('display_errors', 'On');
 }

+$libs = glob(__DIR__ . "/*.lib.php");
+foreach ($libs as $lib) {
+    require_once $lib;
+}
+
+$IN_SITE = true;
+
 ini_set('session.gc_maxlifetime', 3600 * 2);
 session_set_cookie_params(0);

@ -80,89 +87,4 @@ try {
 } catch (Exception $ex) {
    //header('HTTP/1.1 500 Internal Server Error');
    sendError("Database error.  Try again later.  $ex");
-}
-
-function getdatabase() {
-    global $database;
-    return $database;
-}
-
-function getsiteid() {
-    global $database;
-    if (isset($_GET['siteid'])) {
-        $id = preg_replace("/[^0-9]/", '', $_GET['siteid']);
-        if ($database->has('sites', ["siteid" => $id])) {
-            return $id;
-        }
-    }
-    $host = $_SERVER['HTTP_HOST'];
-    $args = $_SERVER['QUERY_STRING'];
-    $path = str_replace("?$args", "", $_SERVER['REQUEST_URI']);
-    $dir = str_replace("index.php", "", $path);
-    $sites = $database->select("sites", ["siteid", "url"], ["OR" => ["url[~]" => $host, "url" => $dir]]);
-    //var_dump($sites);
-    if (count($sites) == 1) {
-        return $sites[0]["siteid"];
-    }
-    if (count($sites) > 1) {
-        //var_dump($sites);
-        //die();
-        return $sites[0]['siteid'];
-    }
-    return $database->get("sites", "siteid");
-}
-
-function getpageslug() {
-    global $database;
-    if (isset($_GET['id'])) {
-        $id = $_GET['id'];
-    } else {
-        $id = "index";
-    }
-    if ($database->has("pages", ["AND" => ["slug" => $id, "siteid" => getsiteid()]])) {
-        return $id;
-    }
-    return null;
-}
-
-function getpageid() {
-    global $database;
-    if (isset($_GET['id'])) {
-        $id = $_GET['id'];
-    } else {
-        $id = "index";
-    }
-    $siteid = getsiteid();
-    if ($database->has("pages", ["AND" => ["slug" => $id, "siteid" => $siteid]])) {
-        return $database->get("pages", "pageid", ["AND" => ["slug" => $id, "siteid" => $siteid]]);
-    }
-    return null;
-}
-
-function getpagetemplate() {
-    global $database;
-    $slug = getpageslug();
-    if (isset($_GET['template'])) {
-        return preg_replace("/[^A-Za-z0-9]/", '', $_GET['template']);
-    }
-    if (!is_null($slug)) {
-        return $database->get("pages", "template", ["AND" => ["slug" => $slug, "siteid" => getsiteid()]]);
-    }
-    return "404";
-}
-
-function formatsiteurl($url) {
-    if (substr($url, 0) != "/") {
-        if (strpos($url, "http://") !== 0 && strpos($url, "https://") !== 0) {
-            if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off") {
-                $url = "http://$url";
-            } else {
-                $url = "https://$url";
-            }
-        }
-    }
-    if (substr($url, -1) != "/") {
-        $url = $url . "/";
-    }
-    return $url;
-}
+}
--- a/public/parts/entry.php
+++ b/public/parts/entry.php
@ -5,6 +5,10 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

+if (empty($IN_SITE)) {
+    die("Access denied.");
+}
+
 session_destroy();
 ?>
 <div class="container mt-4">
--- a/public/parts/renew.php
+++ b/public/parts/renew.php
@ -4,6 +4,10 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
+
+if (empty($IN_SITE)) {
+    die("Access denied.");
+}
 ?>
 <div class="container mt-4">
    <div class="row justify-content-center">
--- a/public/parts/signup.php
+++ b/public/parts/signup.php
@ -5,6 +5,10 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

+if (empty($IN_SITE)) {
+    die("Access denied.");
+}
+
 $familyname = "";
 $fathername = "";
 $mothername = "";
@ -40,8 +44,8 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_
        // expired before we submitted the thing
        if (isset($_SESSION['familyid'])) {
            ?>
-        <input type="hidden" name="renewing" value="1" />
-        <?php
+            <input type="hidden" name="renewing" value="1" />
+            <?php
        }
        ?>
        <div class="card mb-4">
--- a/public/parts/thanks.php
+++ b/public/parts/thanks.php
@ -4,6 +4,10 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
+
+if (empty($IN_SITE)) {
+    die("Access denied.");
+}
 ?>
 <div class="container mt-4">
    <div class="card mb-4 bg-success text-white">
@ -23,7 +27,7 @@
                    echo "<h2 class=\"h3\">Your membership has been submitted and paid for.  We'll be in touch soon!</h2>";
                }
                ?>
-                
+
                <h3 class="h5 mt-4">You may now close this page.</h3>
            </div>
        </div>
--- a/public/parts/verify.php
+++ b/public/parts/verify.php
@ -5,8 +5,9 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

-require_once __DIR__ . "/../../lib/Email.lib.php";
-
+if (empty(IN_SITE)) {
+    die("Access denied.");
+}
 $badcode = false;
 if (!empty($_POST['email'])) {
    if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
@ -20,7 +21,7 @@ if (!empty($_POST['email'])) {

    $code = mt_rand(100000, 999999);
    $_SESSION['code'] = $code;
-    $_SESSION['maybefamily'] = $database->get('families', 'familyid', ['email' => strtolower($_POST['email'])]);
+    $_SESSION['maybefamily'] = $familyid;

    try {
        $verification = new Email();