From c94bdc878ff62149a7b62a1bf0ead3eaf54fec77 Mon Sep 17 00:00:00 2001
From: GRMrGecko <GRMrGecko@gmail.com>
Date: Mon, 29 Jul 2013 14:18:48 -0500
Subject: [PATCH] Fixed some syntax. Fixed upload to encode html and changed
 plugin loop index variable to $pluginIndex so it's less likely to be used by
 a plugin. Probably should be using foreach or whatever it is, but I am
 stubborn. Added to the logout a time change to invalidate the login session.
 Fixed issue with pus state back to filter/index whenever you click the x
 button or background. Fixed user creation to use the correct password hashing
 system.

---
 code/api.php    |  2 +-
 code/index.php  |  2 +-
 code/logout.php |  2 ++
 code/upload.php | 17 ++++++++++-------
 code/users.php  |  2 +-
 header.php      |  2 +-
 6 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/code/api.php b/code/api.php
index 3476aba..8f528e9 100644
--- a/code/api.php
+++ b/code/api.php
@@ -55,7 +55,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user
 		$level = (isset($_REQUEST['level']) ? trim($_REQUEST['level']) : "");
 		if (!empty($email) && !empty($level)) {
 			$salt = substr(sha1(rand()),0,12);
-			$epassword = $salt.hash("sha512", $salt.hash("sha512", $password));
+			$epassword = $salt.hashPassword($password,hex2bin($salt));
 			databaseQuery("INSERT INTO users (email, password, time, level) VALUES (%s,%s,%d,%s)", $email, $epassword, $_MGM['time'], $level);
 		}
 	}
diff --git a/code/index.php b/code/index.php
index aa33757..270bf45 100644
--- a/code/index.php
+++ b/code/index.php
@@ -322,7 +322,7 @@ $(document).ready(function() {
 		
 		repositionImage(2);
 		
-		if (urlHistory==undefined) {
+		if (urlHistory!=true) {
 			if (filter!="") {
 				window.history.pushState({state: currentState}, "<?=$_MGM['title']?>", "<?=$_MGM['installPath']?>?filter="+encodeURIComponent(filter));
 			} else {
diff --git a/code/logout.php b/code/logout.php
index 8bdae0f..9eda330 100644
--- a/code/logout.php
+++ b/code/logout.php
@@ -13,6 +13,8 @@
 //  DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 //  ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 //
+
+databaseQuery("UPDATE users SET time=%d WHERE docid=%s", $_MGM['time'], $_MGM['user']['docid']);
 setcookie("{$_MGM['CookiePrefix']}user_email", "", $_MGM['time'], $_MGM['CookiePath'], $_MGM['CookieDomain']);
 setcookie("{$_MGM['CookiePrefix']}user_password", "", $_MGM['time'], $_MGM['CookiePath'], $_MGM['CookieDomain']);
 header("location: ".generateURL());
diff --git a/code/upload.php b/code/upload.php
index a7f8c1e..136a040 100644
--- a/code/upload.php
+++ b/code/upload.php
@@ -88,18 +88,18 @@ if ($_MGM['path'][1]=="complete") {
 					$ocr .= $line;
 				}
 			}	
-			echo "OCR: ".$ocr."<br />\n";
+			echo "OCR: ".htmlspecialchars($ocr, ENT_COMPAT | ENT_HTML401, 'UTF-8', true)."<br />\n";
 		}
 		
 		$tags = array();
 		$external_data = "";
 		
 		$plugins = glob("./external_data_plugins/*.php");
-		for ($i=0; $i<count($plugins); $i++) {
-			require($plugins[$i]);
+		for ($pluginIndex=0; $pluginIndex<count($plugins); $pluginIndex++) {
+			require($plugins[$pluginIndex]);
 		}
 		
-		echo "External Data: ".$external_data."<br />\n";
+		echo "External Data: ".htmlspecialchars($external_data, ENT_COMPAT | ENT_HTML401, 'UTF-8', true)."<br />\n";
 		
 		$thumbFile = "./thumbs/".$hash.".".$extension;
 		$target = 150;
@@ -142,16 +142,19 @@ if ($_MGM['path'][1]=="complete") {
 	Processing...<br />
 	<div id="result"></div>
 	<script type="text/javascript">
-	var files = new Array(<?
+	var files = new Array(
+		<?
 		$array = "";
 		for ($i=0; $i<count($files); $i++) {
 			//if (in_array(pathinfo($files[$i], PATHINFO_EXTENSION), $allowedExtensions)) {
 			if ($array!="")
-				$array .= ",";
+				$array .= ",\n\t\t";
 			$array .= "\"".str_replace("\"", "\\\"", $files[$i])."\"";
 		}
 		echo $array;
-	?>);
+	?>
+
+	);
 	var i=0;
 	function processFiles() {
 		if (i<files.length) {
diff --git a/code/users.php b/code/users.php
index d6492a0..8acf9d7 100644
--- a/code/users.php
+++ b/code/users.php
@@ -72,7 +72,7 @@ require_once("header.php");
 </table>
 <script type="text/javascript">
 function loadUsers() {
-	$("#users_list tbody").load("<?=generateURL("api/users/list")?>/")
+	$("#users_list tbody").load("<?=generateURL("api/users/list")?>/");
 }
 $(document).ready(function() {
 	$("#users_list").on("click", "tbody tr", function() {
diff --git a/header.php b/header.php
index a1ae5a3..b671069 100644
--- a/header.php
+++ b/header.php
@@ -25,7 +25,7 @@
 	
 	<link href="<?=$_MGM['installPath']?>css/bootstrap.min.css" rel="stylesheet">
 	<style>
-      body {
+	body {
 		padding-top: 60px;
 	}
 	</style>