diff --git a/.secrets.baseline b/.secrets.baseline index d7c7c892..2b250779 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -90,6 +90,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -391,7 +395,7 @@ "filename": "src/set-up-database.php", "hashed_secret": "8fa8f4fcd1b98862f0a26551f87e01a95fcaa6a4", "is_verified": false, - "line_number": 1214 + "line_number": 1215 } ], "src/view-user-privilege-level.php": [ @@ -413,5 +417,5 @@ } ] }, - "generated_at": "2024-09-23T22:12:59Z" + "generated_at": "2024-09-29T22:16:02Z" } diff --git a/src/classes/SQLQueryHandler.php b/src/classes/SQLQueryHandler.php index 60ba7aee..80d401ce 100755 --- a/src/classes/SQLQueryHandler.php +++ b/src/classes/SQLQueryHandler.php @@ -5,9 +5,9 @@ if (!defined('__SITE_ROOT__')){if (!defined('__SITE_ROOT__')){define('__SITE_ROOT__', dirname(dirname(__FILE__)));}} class SQLQueryHandler { - protected $encodeOutput = FALSE; - protected $stopSQLInjection = FALSE; - protected $mLimitOutput = FALSE; + protected $encodeOutput = false; + protected $stopSQLInjection = false; + protected $mLimitOutput = false; protected $mSecurityLevel = 0; // private objects @@ -18,11 +18,12 @@ private function doSetSecurityLevel($pSecurityLevel){ $this->mSecurityLevel = $pSecurityLevel; switch ($this->mSecurityLevel){ + default: // Default case: This code is insecure, we are not encoding output case "0": // This code is insecure, we are not encoding output case "1": // This code is insecure, we are not encoding output - $this->encodeOutput = FALSE; - $this->stopSQLInjection = FALSE; - $this->mLimitOutput = FALSE; + $this->encodeOutput = false; + $this->stopSQLInjection = false; + $this->mLimitOutput = false; break; case "2": @@ -30,9 +31,9 @@ private function doSetSecurityLevel($pSecurityLevel){ case "4": case "5": // This code is fairly secure // If we are secure, then we encode all output. - $this->encodeOutput = TRUE; - $this->stopSQLInjection = TRUE; - $this->mLimitOutput = TRUE; + $this->encodeOutput = true; + $this->stopSQLInjection = true; + $this->mLimitOutput = true; break; }// end switch }// end function @@ -42,7 +43,7 @@ public function __construct($pSecurityLevel){ $this->doSetSecurityLevel($pSecurityLevel); //initialize encoder - require_once (__SITE_ROOT__.'/classes/EncodingHandler.php'); + require_once __SITE_ROOT__.'/classes/EncodingHandler.php'; $this->mEncoder = new EncodingHandler(); /* Initialize MySQL Connection handler */ @@ -74,7 +75,7 @@ public function escapeDangerousCharacters($pData){ public function getPageHelpTexts($pPageName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pPageName); }// end if @@ -96,7 +97,7 @@ public function getPageHelpTexts($pPageName){ public function getPageLevelOneHelpIncludeFiles($pPageName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pPageName); }// end if @@ -115,8 +116,8 @@ public function getPageLevelOneHelpIncludeFiles($pPageName){ public function getLevelOneHelpIncludeFile($pIncludeFileKey){ - if ($this->stopSQLInjection == TRUE){ - $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pIncludeFileKey); + if ($this->stopSQLInjection){ + $pIncludeFileKey = $this->mMySQLHandler->escapeDangerousCharacters($pIncludeFileKey); }// end if $lQueryString = " @@ -139,42 +140,42 @@ public function getCapturedData(){ FROM captured_data ORDER BY capture_date DESC"; - if ($this->mLimitOutput == TRUE){ + if ($this->mLimitOutput){ $lQueryString .= " LIMIT 20"; }// end if return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function getCapturedData() - public function insertVoteIntoUserPoll(/*Text*/ $pToolName, /*Text*/ $pUserName){ - - if ($this->stopSQLInjection == TRUE){ - $pToolName = $this->mMySQLHandler->escapeDangerousCharacters($pToolName); + public function insertVoteIntoUserPoll(/*Text*/ $pToolName, /*Text*/ $pUserName){ + + if ($this->stopSQLInjection){ + $pToolName = $this->mMySQLHandler->escapeDangerousCharacters($pToolName); $pUserName = $this->mMySQLHandler->escapeDangerousCharacters($pUserName); - }// end if - - $lQueryString = " - INSERT INTO user_poll_results(tool_name, username, date) VALUES ('". + }// end if + + $lQueryString = " + INSERT INTO user_poll_results(tool_name, username, date) VALUES ('". $pToolName . "', '". $pUserName . "', " . - " now() );"; - - return $this->mMySQLHandler->executeQuery($lQueryString); - }//end public function insertVoteIntoUserPoll - - public function getUserPollVotes(){ - - $lQueryString = " + " now() );"; + + return $this->mMySQLHandler->executeQuery($lQueryString); + }//end public function insertVoteIntoUserPoll + + public function getUserPollVotes(){ + + $lQueryString = " SELECT tool_name, COUNT(tool_name) as tool_count FROM user_poll_results - GROUP BY tool_name"; - - return $this->mMySQLHandler->executeQuery($lQueryString); + GROUP BY tool_name"; + + return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function insertVoteIntoUserPoll public function insertBlogRecord($pBloggerName, $pBlogEntry){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pBloggerName = $this->mMySQLHandler->escapeDangerousCharacters($pBloggerName); $pBlogEntry = $this->mMySQLHandler->escapeDangerousCharacters($pBlogEntry); }// end if @@ -190,7 +191,7 @@ public function insertBlogRecord($pBloggerName, $pBlogEntry){ public function getBlogRecord($pBloggerName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pBloggerName = $this->mMySQLHandler->escapeDangerousCharacters($pBloggerName); }// end if @@ -208,7 +209,7 @@ public function getPenTestTool($pPostedToolID){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPostedToolID = $this->mMySQLHandler->escapeDangerousCharacters($pPostedToolID); }// end if @@ -238,7 +239,7 @@ public function getHitLogEntries(){ * is static. */ $lLimitString = ""; - if ($this->mLimitOutput == TRUE){ + if ($this->mLimitOutput){ $lLimitString .= " LIMIT 20"; }// end if @@ -251,7 +252,7 @@ public function getYouTubeVideo($pRecordIdentifier){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pRecordIdentifier = $this->mMySQLHandler->escapeDangerousCharacters($pRecordIdentifier); }// end if @@ -269,7 +270,7 @@ public function getUsernames(){ public function accountExists($pUsername){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if @@ -279,16 +280,16 @@ public function accountExists($pUsername){ $lQueryResult = $this->mMySQLHandler->executeQuery($lQueryString); if (isset($lQueryResult->num_rows)){ - return ($lQueryResult->num_rows > 0); + return $lQueryResult->num_rows > 0; }else{ - return FALSE; + return false; }// end if }//end public function getUsernames public function authenticateAccount($pUsername, $pPassword){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); }// end if @@ -302,9 +303,9 @@ public function authenticateAccount($pUsername, $pPassword){ $lQueryResult = $this->mMySQLHandler->executeQuery($lQueryString); if (isset($lQueryResult->num_rows)){ - return ($lQueryResult->num_rows > 0); + return $lQueryResult->num_rows > 0; }else{ - return FALSE; + return false; }// end if }//end public function getUsernames @@ -314,7 +315,7 @@ public function getNonSensitiveAccountInformation($pUsername){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if @@ -326,16 +327,16 @@ public function getNonSensitiveAccountInformation($pUsername){ return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function getNonSensitiveAccountInformation - public function getUserAccountByID($pUserID){ - - if ($this->stopSQLInjection == TRUE){ - $pUserID = $this->mMySQLHandler->escapeDangerousCharacters($pUserID); - }// end if - - $lQueryString = "SELECT * FROM accounts WHERE cid='" . $pUserID . "'"; - - return $this->mMySQLHandler->executeQuery($lQueryString); - }//end public function getUserAccountByID + public function getUserAccountByID($pUserID){ + + if ($this->stopSQLInjection){ + $pUserID = $this->mMySQLHandler->escapeDangerousCharacters($pUserID); + }// end if + + $lQueryString = "SELECT * FROM accounts WHERE cid='" . $pUserID . "'"; + + return $this->mMySQLHandler->executeQuery($lQueryString); + }//end public function getUserAccountByID public function getUserAccount($pUsername, $pPassword){ /* @@ -343,7 +344,7 @@ public function getUserAccount($pUsername, $pPassword){ * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); }// end if @@ -359,21 +360,22 @@ public function getUserAccount($pUsername, $pPassword){ /* ----------------------------------------- * Insert Queries * ----------------------------------------- */ - public function insertNewUserAccount($pUsername, $pPassword, $pSignature){ + public function insertNewUserAccount($pUsername, $pPassword, $pSignature, $pAPIToken){ /* * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); $pSignature = $this->mMySQLHandler->escapeDangerousCharacters($pSignature); }// end if - $lQueryString = "INSERT INTO accounts (username, password, mysignature) VALUES ('" . + $lQueryString = "INSERT INTO accounts (username, password, mysignature, api_token) VALUES ('" . $pUsername ."', '" . $pPassword . "', '" . - $pSignature . + $pSignature . "', '" . + $pAPIToken . "')"; if ($this->mMySQLHandler->executeQuery($lQueryString)){ @@ -391,7 +393,7 @@ public function insertCapturedData( $pClientReferrer, $pCapturedData ){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pClientIP = $this->mMySQLHandler->escapeDangerousCharacters($pClientIP); $pClientHostname = $this->mMySQLHandler->escapeDangerousCharacters($pClientHostname); $pClientPort = $this->mMySQLHandler->escapeDangerousCharacters($pClientPort); @@ -426,7 +428,7 @@ public function updateUserAccount($pUsername, $pPassword, $pSignature){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); $pSignature = $this->mMySQLHandler->escapeDangerousCharacters($pSignature); @@ -452,7 +454,7 @@ public function updateUserAccount($pUsername, $pPassword, $pSignature){ * Delete Queries * ----------------------------------------- */ public function deleteUser($pUsername){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if diff --git a/src/includes/constants.php b/src/includes/constants.php index 4458fce5..b55a7439 100755 --- a/src/includes/constants.php +++ b/src/includes/constants.php @@ -2,7 +2,7 @@ /* ------------------------------------------ * @VERSION * ------------------------------------------*/ - $C_VERSION = "2.11.18"; + $C_VERSION = "2.11.19"; $C_VERSION_STRING = "Version: " . $C_VERSION; $C_MAX_HINT_LEVEL = 1; diff --git a/src/includes/process-login-attempt.php b/src/includes/process-login-attempt.php index faefe92a..19ea8418 100755 --- a/src/includes/process-login-attempt.php +++ b/src/includes/process-login-attempt.php @@ -51,7 +51,7 @@ function logLoginAttempt($lMessage){ $lAuthenticationAttemptResult = $cUNSURE; $lAuthenticationAttemptResultFound = false; $lKeepGoing = true; - $lQueryResult=NULL; + $lQueryResult=null; logLoginAttempt("User {$lUsername} attempting to authenticate"); diff --git a/src/register.php b/src/register.php index 29246144..bc1c470a 100755 --- a/src/register.php +++ b/src/register.php @@ -1,22 +1,33 @@ -Register for an Account - - + + Username cannot be blank'; }// end if if ($lPassword != $lConfirmedPassword ) { - $lValidationFailed = TRUE; + $lValidationFailed = true; echo '