PHP project cookie validator

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

PHP project cookie validator

Post by truefriend-cz » Mar 03, 2019 2:17 am

Hi all. I make php code for validating MANTIS_PROJECT_COOKIE.

custom_functions_api.php:

Code: Select all

		$my_project_cookie_valid = false;
// get cookies
		$my_cookie_name = config_get_global( 'project_cookie' );
		$my_project_id = gpc_get_cookie( $my_cookie_name, null );

		if( $my_project_id === 0 || !isset( $my_project_id ) || project_exists($my_project_id) != true ) {
			$my_project_cookie_valid = false;
		} else {
			$my_project_cookie_valid = true;
		}

		if( $my_project_cookie_valid == false) {
			$my_bypass_script = array('my_view_page', 'roadmap_page', 'changelog_page', 'view_all_bug_page');
			foreach( $my_bypass_script as $value ) {
				if( basename($_SERVER['SCRIPT_NAME']) == $value . '.php' ) {
					print_header_redirect( 'login_select_proj_page.php' );
				}
			}
		}
where checking MANTIS_PROJECT_COOKIE exist, exist as project and elimited zero (all projects).

I accessing to MantisBT from URL login.php?project_id=5
If not accesing from this URL then...
Idea is: User after click any links on left sidebar redirect to login_select_proj_page.php and must select project. But this my PHP code after select project stayed links on left sidebar to login_select_proj_page.php.

Reproduct: I cleaned cache and cookies. But not solved.

Where is a problem? Thanks
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

cas
Posts: 668
Joined: Mar 11, 2006 11:08 am
Contact:

Re: PHP project cookie validator

Post by cas » Mar 03, 2019 4:53 am

Cannot be answered this way. Did you validate that this new fuction is called or that the code is processed?
You can simply add a line just before the redirect:

Code: Select all

die('Processing');
Now use a link that should end up there. If the script does not die, your code is not processed at all :mrgreen:

truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

Re: PHP project cookie validator

Post by truefriend-cz » Mar 03, 2019 3:30 pm

Yes the code is processed good.

I tested. Adding

Code: Select all

echo 'testOK';
exit;
to parts of the code.

And the code works but causes these abnormal situations.
When I comment on the redirection line (print_header_redirect( 'login_select_proj_page.php' );) and clear the cache and browser cookies, it works normally (as default (no changed) mantis php files). I do not know what"s wrong. Even the error log does not generate any error.
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

cas
Posts: 668
Joined: Mar 11, 2006 11:08 am
Contact:

Re: PHP project cookie validator

Post by cas » Mar 04, 2019 5:12 am

Well in that case, see what happens in the next script (login_select_project.php) :?
Step by step, that is the way forward

truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

Re: PHP project cookie validator

Post by truefriend-cz » Mar 04, 2019 7:15 am

I dont know how. I want no loading login_select_project.php if exist cookie.

Before placing this script I had these sections in set_project.php and login.php. And it worked smoothly (in the section where it received data from the user about the selected project). By simplifying the code and pointing out that there is a custom_function_api.php, (from user atroI from this forum) was thinking of uniting it. And ensure that the user does not get to other projects. For better security. Perhaps by changing the parameter manually in browser cookies.
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

cas
Posts: 668
Joined: Mar 11, 2006 11:08 am
Contact:

Re: PHP project cookie validator

Post by cas » Mar 04, 2019 8:23 am

WEll, you can revert to the "old" solution which apparently did what you wanted.....

truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

Re: PHP project cookie validator

Post by truefriend-cz » Mar 04, 2019 9:56 am

But this is more complex and does not solve security. That's why I'm dealing with this particular thing. From a complicated solution, I worked on a simple one. But the problem has come up and I do not know how to analyze it.
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

cas
Posts: 668
Joined: Mar 11, 2006 11:08 am
Contact:

Re: PHP project cookie validator

Post by cas » Mar 04, 2019 10:06 am

If user-access to projects is arranged according mantis standard, it all goes automatic. So not clear why such change is requred.

truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

Re: PHP project cookie validator

Post by truefriend-cz » Mar 05, 2019 12:12 am

Should I upload the entire php scripts to GitHub for better show changes? I can not optimal describe the problem quite well in English.
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

cas
Posts: 668
Joined: Mar 11, 2006 11:08 am
Contact:

Re: PHP project cookie validator

Post by cas » Mar 05, 2019 4:25 am

Not sure why you would move anything to github.
You say you had a working solution, next you try to improve but end up with problems.
So either track your errors or revert to the initial solution which worked.

I am not saying security is perfect in Mantis but it works pretty good. Not clear to me if you are doing this because you are still using the anonymous user. If so, my advice would be not to go that route.

truefriend-cz
Posts: 65
Joined: Jan 08, 2019 2:14 am

Re: PHP project cookie validator

Post by truefriend-cz » Mar 05, 2019 7:01 pm

Unfortunately, I can not deal with it, because I'm constantly attacking some people in the office for doing good things. As a job, I try to maintain a working relationship with my partner. I have been forcibly cut off from school, from work and from property and from a partner to fight for power by the state. The state has my notebook, the state has my cell phone, my friends, my partner and my partner who employed and employed me. I've been on the street for a long time, and I'm trying to work, to program what I have left behind. But I can not even. I do not know whether to commit suicide or to try. I need to help. Politicians have disfigured my whole world. They destroyed and attacked me on members of my family and my partner. He takes people on the street, manipulates people and kills the people around me and exploits the state police that ignores me and favors those people who do this.

Sorry, for little bad english.

Shortly: Politics workers killed humans in my neighbourhood for quality in works and relation. And politics using globall agression of the humans for killing and attacks to me.
Reason is my boyfriend whom they approached began to oblige and position themselves amongst their posts, which they do with his mother, who works in office as a social worker of that state. He shoots randomly at me on the streets, rides cars, coats the state police who shoot to me for no reason, and other activities.
I dont know my future. Sorry

I"m trying to do things that I understand at least in some way what to do with a partner and to program and study, but it is forcibly blocked.
People from the authorities, and some people from local politics because of the power struggle, and they are destroying my life and blocking quality.

Location: State: Czech republic, City: Liberec
Mantis version: 2.19.0, OS: Windows, PHP: 7.3, Charset (PHP, Database): UTF-8, and: little, bad english

Post Reply