CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix long lines, fix timestamp method, fix db error to warning

Browse Source 
DB IO: On multiple PK return it say DB_ERROR, but this is actually a
warning DB_WARNING
Login: fix long lines and make SCHEMA set better with if instead of
terinary
Basic: fix string to time with loop over array parts and not for loop
This commit is contained in:
Clemens Schwaighofer
2018-06-04 18:53:28 +09:00
parent 6db87c64b0
commit 02d1d03c15
4 changed files with 47 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
www/admin/class_test.php
View File

@@ -16,7 +16,9 @@ define('USE_DATABASE', true);
// sample config // sample config
require("config.inc"); require("config.inc");
// set session name // set session name
DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME); if (!defined('SET_SESSION_NAME')) {
DEFINE('SET_SESSION_NAME', EDIT_SESSION_NAME);
}
// define log file id // define log file id
DEFINE('LOG_FILE_ID', 'classTest'); DEFINE('LOG_FILE_ID', 'classTest');
// set language for l10n // set language for l10n
@@ -182,8 +184,14 @@ print "OTHER SCHEMA INSERT STATUS: ".$status." | PK NAME: ".$basic->pk_name.", P
// time string thest // time string thest
$timestamp = 5887998.33445; $timestamp = 5887998.33445;
$time_string = $basic->timeStringFormat($timestamp); $time_string = $basic->timeStringFormat($timestamp);
print "PLANE TIME STRING: ".$timestamp."<br>";
print "TIME STRING TEST: ".$time_string."<br>"; print "TIME STRING TEST: ".$time_string."<br>";
print "REVERSE TIME STRING: ".$basic->stringToTime($time_string); print "REVERSE TIME STRING: ".$basic->stringToTime($time_string)."<br>";
if (round($timestamp, 4) == $basic->stringToTime($time_string)) {
print "REVERSE TIME STRING MATCH<br>";
} else {
print "REVERSE TRIME STRING DO NOT MATCH<br>";
}
// magic links test // magic links test
print $basic->magicLinks('user@bubu.at').'<br>'; print $basic->magicLinks('user@bubu.at').'<br>';

41
www/lib/CoreLibs/ACL/Login.inc
View File

@@ -108,7 +108,8 @@ class Login extends \CoreLibs\DB\IO
// no session could be found at all // no session could be found at all
if (!session_id()) { if (!session_id()) {
echo "<b>Session not started!</b><br>Use 'session_start();'.<br>For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>"; echo "<b>Session not started!</b><br>Use 'session_start();'.<br>";
echo "For less problems with other session, you can set a session name with 'session_name(\"name\");'.<br>";
exit; exit;
} }
@@ -116,7 +117,15 @@ class Login extends \CoreLibs\DB\IO
// if we have a search path we need to set it, to use the correct DB to login // if we have a search path we need to set it, to use the correct DB to login
// check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema // check what schema to use. if there is a login schema use this, else check if there is a schema set in the config, or fall back to DB_SCHEMA if this exists, if this also does not exists use public schema
$SCHEMA = defined('LOGIN_DB_SCHEMA') ? LOGIN_DB_SCHEMA : ($db_config['db_schema'] ? $db_config['db_schema'] : (defined('DB_SCHEMA') ? DB_SCHEMA : 'public')); if (defined('LOGIN_DB_SCHEMA')) {
$SCHEMA = LOGIN_DB_SCHEMA;
} elseif ($db_config['db_schema']) {
$SCHEMA = $db_config['db_schema'];
} elseif (defined('DB_SCHEMA')) {
$SCHEMA = DB_SCHEMA;
} else {
$SCHEMA = 'public';
}
// set schema if schema differs to schema set in db conneciton // set schema if schema differs to schema set in db conneciton
if ($this->dbGetSchema() && $this->dbGetSchema() != $SCHEMA) { if ($this->dbGetSchema() && $this->dbGetSchema() != $SCHEMA) {
$this->dbExec("SET search_path TO ".$SCHEMA); $this->dbExec("SET search_path TO ".$SCHEMA);
@@ -244,6 +253,12 @@ class Login extends \CoreLibs\DB\IO
// DESC : checks if password is valid, sets internal error login variable // DESC : checks if password is valid, sets internal error login variable
private function loginPasswordCheck($hash, $password = '') private function loginPasswordCheck($hash, $password = '')
{ {
// check with what kind of prefix the password begins:
// $2a$ or $2y$: BLOWFISCH
// $1$: MD5
// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
// if no $ => normal password
// NOW, if we have a password encoded, but not the correct encoder available, throw special error
$password_ok = false; $password_ok = false;
if (!$password) { if (!$password) {
$password = $this->password; $password = $this->password;
@@ -277,7 +292,7 @@ class Login extends \CoreLibs\DB\IO
!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) && !preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) &&
$hash != $password $hash != $password
) { ) {
// check old plain password, non case sensitive // check old plain password, case sensitive
$this->login_error = 1012; $this->login_error = 1012;
$password_ok = false; $password_ok = false;
} else { } else {
@@ -300,11 +315,13 @@ class Login extends \CoreLibs\DB\IO
$this->login_error = 102; $this->login_error = 102;
} else { } else {
// we have to get the themes in here too // we have to get the themes in here too
$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, "; $q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, eg.name AS edit_group_name, admin, ";
$q .= "eu.login_error_count, eu.login_error_date_last, eu.login_error_date_first, eu.strict, eu.locked, ";
$q .= "debug, db_debug, "; $q .= "debug, db_debug, ";
$q .= "eareu.level AS user_level, eareu.type AS user_type, "; $q .= "eareu.level AS user_level, eareu.type AS user_type, ";
$q .= "eareg.level AS group_level, eareg.type AS group_type, "; $q .= "eareg.level AS group_level, eareg.type AS group_type, ";
$q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, second.header_color AS second_header_color, second.template "; $q .= "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, first.header_color AS first_header_color, ";
$q .= "second.header_color AS second_header_color, second.template ";
$q .= "FROM edit_user eu "; $q .= "FROM edit_user eu ";
$q .= "LEFT JOIN edit_scheme second ON (second.edit_scheme_id = eu.edit_scheme_id AND second.enabled = 1), "; $q .= "LEFT JOIN edit_scheme second ON (second.edit_scheme_id = eu.edit_scheme_id AND second.enabled = 1), ";
$q .= "edit_language el, edit_group eg, "; $q .= "edit_language el, edit_group eg, ";
@@ -323,13 +340,6 @@ class Login extends \CoreLibs\DB\IO
} else { } else {
// if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try // if login errors is half of max errors and the last login error was less than 10s ago, forbid any new login try
// check with what kind of prefix the password begins:
// $2a$ or $2y$: BLOWFISCH
// $1$: MD5
// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
// if no $ => normal password
// NOW, if we have a password encoded, but not the correct encoder available, throw special error
// check flow // check flow
// - user is enabled // - user is enabled
// - user is not locked // - user is not locked
@@ -382,7 +392,8 @@ class Login extends \CoreLibs\DB\IO
$pages = array(); $pages = array();
$edit_page_ids = array(); $edit_page_ids = array();
// set pages access // set pages access
$q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, popup, popup_x, popup_y, online, ear.level, ear.type "; $q = "SELECT ep.edit_page_id, filename, ep.name AS edit_page_name, ep.order_number AS edit_page_order, menu, ";
$q .= "popup, popup_x, popup_y, online, ear.level, ear.type ";
$q .= "FROM edit_page ep, edit_page_access epa, edit_access_right ear "; $q .= "FROM edit_page ep, edit_page_access epa, edit_access_right ear ";
$q .= "WHERE ep.edit_page_id = epa.edit_page_id AND ear.edit_access_right_id = epa.edit_access_right_id "; $q .= "WHERE ep.edit_page_id = epa.edit_page_id AND ear.edit_access_right_id = epa.edit_access_right_id ";
$q .= "AND epa.enabled = 1 AND epa.edit_group_id = ".$res["edit_group_id"]." "; $q .= "AND epa.enabled = 1 AND epa.edit_group_id = ".$res["edit_group_id"]." ";
@@ -1069,7 +1080,9 @@ EOM;
$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) "; $q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", "; $q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', "; $q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code) { foreach (array(
'REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING'
) as $server_code) {
if (array_key_exists($server_code, $_SERVER)) { if (array_key_exists($server_code, $_SERVER)) {
$q .= "'".$this->dbEscapeString($_SERVER[$server_code])."', "; $q .= "'".$this->dbEscapeString($_SERVER[$server_code])."', ";
} else { } else {

15
www/lib/CoreLibs/Basic.inc
View File

@@ -1245,17 +1245,20 @@ class Basic
// xd xh xm xs xms to a timestamp.microtime format // xd xh xm xs xms to a timestamp.microtime format
public static function stringToTime($timestring) public static function stringToTime($timestring)
{ {
$timestamp = ''; $timestamp = 0;
if (preg_match("/(d|h|m|s|ms)/", $timestring)) { if (preg_match("/(d|h|m|s|ms)/", $timestring)) {
$timegroups = array (1 => 86400, 3 => 3600, 5 => 60, 7 => 1); // pos for preg match read + multiply factor
$timegroups = array (2 => 86400, 4 => 3600, 6 => 60, 8 => 1);
// preg match: 0: full strsing
// 2, 4, 6, 8 are the to need values
preg_match("/^((\d+)d ?)?((\d+)h ?)?((\d+)m ?)?((\d+)s ?)?((\d+)ms)?$/", $timestring, $matches); preg_match("/^((\d+)d ?)?((\d+)h ?)?((\d+)m ?)?((\d+)s ?)?((\d+)ms)?$/", $timestring, $matches);
// multiply the returned matches and sum them up. the last one (ms) is added with . // multiply the returned matches and sum them up. the last one (ms) is added with .
for ($i = 1; $i <= 7; $i += 2) { foreach ($timegroups as $i => $time_multiply) {
if ($matches[$i]) { if (is_numeric($matches[$i])) {
$timestamp += ($matches[($i + 1)] * $timegroups[$i]); $timestamp += $matches[$i] * $time_multiply;
} }
} }
if ($matches[10]) { if (is_numeric($matches[10])) {
$timestamp .= '.'.$matches[10]; $timestamp .= '.'.$matches[10];
} }
return $timestamp; return $timestamp;

2
www/lib/CoreLibs/DB/IO.inc
View File

@@ -567,7 +567,7 @@ class IO extends \CoreLibs\Basic
// write detailed error log // write detailed error log
} }
if ($this->warning_id) { if ($this->warning_id) {
$this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_ERROR', $where_called); $this->__dbDebug('db', '<span style="color: orange;"><b>DB-Warning</b> '.$this->warning_id.': '.$this->error_string[$this->warning_id].($msg ? ', '.$msg : '').'</span>', 'DB_WARNING', $where_called);
$this->had_warning = $this->warning_id; $this->had_warning = $this->warning_id;
} }
// unset the error/warning vars // unset the error/warning vars