Assorted Security improvements

2019-10-05 19:35:55 +01:00 · 2019-10-05 19:35:55 +01:00 · a22c0cb149
--- a/application/controllers/Awards.php
+++ b/application/controllers/Awards.php
@ -8,6 +8,14 @@
 class Awards extends CI_Controller {
 	function __construct()
 	{
 		parent::__construct();
 		$this->load->model('user_model');
 		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
 	}
 	public function index()
 	{
 		// Render Page
--- a/application/controllers/Backup.php
+++ b/application/controllers/Backup.php
@ -1,6 +1,13 @@
 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 class Backup extends CI_Controller {
 	function __construct()
 	{
 		parent::__construct();
 		$this->load->model('user_model');
 		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
 	}
 	/* User Facing Links to Backup URLs */
 	public function index()
--- a/application/controllers/Lookup.php
+++ b/application/controllers/Lookup.php
@ -8,6 +8,15 @@
 class Lookup extends CI_Controller {
 	function __construct()
 	{
 		parent::__construct();
 		$this->load->model('user_model');
 		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
 	}
 	public function index()
 	{
--- a/application/controllers/Notes.php
+++ b/application/controllers/Notes.php
@ -2,6 +2,15 @@
 class Notes extends CI_Controller {
 	function __construct()
 	{
 		parent::__construct();
 		$this->load->model('user_model');
 		if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
 	}
 	/* Displays all notes in a list */
 	public function index()
 	{
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@ -236,21 +236,21 @@ class User extends CI_Controller {
 			switch($this->user_model->edit($this->input->post())) {
 				// Check for errors
 				case EUSERNAMEEXISTS:
-					$data['username_error'] = 'Username <b>'.$this->input->post('user_name').'</b> already in use!';
+					$data['username_error'] = 'Username <b>'.$this->input->post('user_name', true).'</b> already in use!';
 					break;
 				case EEMAILEXISTS:
-					$data['email_error'] = 'E-mail address <b>'.$this->input->post('user_email').'</b> already in use!';
+					$data['email_error'] = 'E-mail address <b>'.$this->input->post('user_email', true).'</b> already in use!';
 					break;
 				case EPASSWORDINVALID:
 					$data['password_error'] = 'Invalid password!';
 					break;
 				// All okay, return to user screen
 				case OK:
-					if($this->session->userdata('user_id') == $this->input->post('id')) {
+					if($this->session->userdata('user_id') == $this->input->post('id', true)) {
-						$this->session->set_flashdata('notice', 'User '.$this->input->post('user_name').' edited');
+						$this->session->set_flashdata('notice', 'User '.$this->input->post('user_name', true).' edited');
 						redirect('user/profile');
 					} else {
-						$this->session->set_flashdata('notice', 'User '.$this->input->post('user_name').' edited');
+						$this->session->set_flashdata('notice', 'User '.$this->input->post('user_name', true).' edited');
 						redirect('user');
 					}
 					return;
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@ -22,7 +22,10 @@ class User_Model extends CI_Model {
 	// FUNCTION: object get($username)
 	// Retrieve a user
 	function get($username) {
-		$this->db->where('user_name', $username);
+		// Clean ID
 		$clean_username = $this->security->xss_clean($username);
 		$this->db->where('user_name', $clean_username);
 		$r = $this->db->get($this->config->item('auth_table'));
 		return $r;
 	} 
@ -30,7 +33,10 @@ class User_Model extends CI_Model {
 	// FUNCTION: object get_by_id($id)
 	// Retrieve a user by user ID
 	function get_by_id($id) {
-		$this->db->where('user_id', $id);
+				// Clean ID
 		$clean_id = $this->security->xss_clean($id);
 		$this->db->where('user_id', $clean_id);
 		$r = $this->db->get($this->config->item('auth_table'));
 		return $r;
 	}
@ -38,7 +44,10 @@ class User_Model extends CI_Model {
 	// FUNCTION: object get_by_email($email)
 	// Retrieve a user by email address
 	function get_by_email($email) {
-		$this->db->where('user_email', $email);
+
 		$clean_email = $this->security->xss_clean($email);
 		$this->db->where('user_email', $clean_email);
 		$r = $this->db->get($this->config->item('auth_table'));
 		return $r;
 	}
@ -46,7 +55,8 @@ class User_Model extends CI_Model {
 	// FUNCTION: bool exists($username)
 	// Check if a user exists (by username)
 	function exists($username) {
-		if($this->get($username)->num_rows() == 0) {
+		$clean_username = $this->security->xss_clean($username);
 		if($this->get($clean_username)->num_rows() == 0) {
 			return 0;
 		} else {
 			return 1;
@ -56,7 +66,9 @@ class User_Model extends CI_Model {
 	// FUNCTION: bool exists_by_id($id)
 	// Check if a user exists (by user ID)
 	function exists_by_id($id) {
-		if($this->get_by_id($id)->num_rows() == 0) {
+		$clean_id = $this->security->xss_clean($id);
 		if($this->get_by_id($clean_id)->num_rows() == 0) {
 			return 0;
 		} else {
 			return 1;
@ -196,8 +208,8 @@ class User_Model extends CI_Model {
 	// This is really just a wrapper around User_Model::authenticate
 	function login() {
-		$username = $this->input->post('user_name');
+		$username = $this->input->post('user_name', true);
-		$password = $this->input->post('user_password');
+		$password = $this->input->post('user_password', true);
 		return $this->authenticate($username, $password);
 	}