From 9419d126eb9f9a768e82e625624dec6e8881528c Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Fri, 14 Jun 2013 11:39:06 +0200 Subject: [PATCH 1/7] added field locale to $_SESSION --- security/Security.php | 3 ++- security/User.php | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/security/Security.php b/security/Security.php index a50ff7c..a9c8024 100644 --- a/security/Security.php +++ b/security/Security.php @@ -88,7 +88,8 @@ class Security { time(), getenv('REMOTE_ADDR'), 0, - NULL); + NULL, + $row[\SYSTEM\DBD\UserTable::FIELD_LOCALE]); if(isset($locale)){ \SYSTEM\locale::set($locale);} diff --git a/security/User.php b/security/User.php index 13861df..5cc025c 100644 --- a/security/User.php +++ b/security/User.php @@ -12,8 +12,9 @@ class User { public $lastLoginIP = NULL; public $passwordWrongCount = NULL; public $rights = NULL; + public $locale = NULL; - public function __construct($id, $username, $email, $creationDate, $lastLoginDate, $lastLoginIP, $passwordWrongCount, $rights){ + public function __construct($id, $username, $email, $creationDate, $lastLoginDate, $lastLoginIP, $passwordWrongCount, $rights, $locale){ $this->id = $id; $this->username = $username; $this->email = $email; @@ -22,5 +23,6 @@ class User { $this->lastLoginIP = $lastLoginIP; $this->passwordWrongCount = $passwordWrongCount; $this->rights = $rights; + $this->locale = $locale; } } \ No newline at end of file From 45d105841e3bd8f9fd25f359b6456fd74891bf43 Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Sun, 16 Jun 2013 12:31:37 +0200 Subject: [PATCH 2/7] fixed login -> hex_md5() -> $.md5() --- sai/modules/saimod_sys_login/sai_sys_login_submit.js | 4 ++-- sai/modules/saimod_sys_login/saimod_sys_login.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sai/modules/saimod_sys_login/sai_sys_login_submit.js b/sai/modules/saimod_sys_login/sai_sys_login_submit.js index f4241d4..ca1de7c 100644 --- a/sai/modules/saimod_sys_login/sai_sys_login_submit.js +++ b/sai/modules/saimod_sys_login/sai_sys_login_submit.js @@ -3,8 +3,8 @@ function init__SYSTEM_SAI_saimod_sys_login() { $("#login_form input").not("[type=submit]").jqBootstrapValidation({ preventSubmit: true, submitError: function($form, event, errors) {}, - submitSuccess: function($form, event){ - $.get('./api.php?call=account&action=login&username='+$('#bt_login_user').val()+'&password_sha='+$.sha1($('#bt_login_password').val())+'&password_md5='+hex_md5($('#bt_login_password').val()), function (data) { + submitSuccess: function($form, event){ + $.get('./api.php?call=account&action=login&username='+$('#bt_login_user').val()+'&password_sha='+$.sha1($('#bt_login_password').val())+'&password_md5='+$.md5($('#bt_login_password').val()), function (data) { if(data == 1){ $('.help-block').html("Login successfull.
"); location.reload(true); diff --git a/sai/modules/saimod_sys_login/saimod_sys_login.php b/sai/modules/saimod_sys_login/saimod_sys_login.php index 20572ae..d8d50e8 100644 --- a/sai/modules/saimod_sys_login/saimod_sys_login.php +++ b/sai/modules/saimod_sys_login/saimod_sys_login.php @@ -32,7 +32,7 @@ class saimod_sys_login extends \SYSTEM\SAI\SaiModule { public static function src_js(){return \SYSTEM\LOG\JsonResult::toString( array( \SYSTEM\WEBPATH(new \PPAGE(),'default_page/js/jqBootstrapValidation.js'), \SYSTEM\WEBPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_login/sai_sys_login_submit.js'), - \SYSTEM\WEBPATH(new \PPAGE(),'default_page/js/crypto/md5.js'), + \SYSTEM\WEBPATH(new \PPAGE(),'default_page/js/crypto/jquery.md5.js'), \SYSTEM\WEBPATH(new \PPAGE(),'default_page/js/crypto/jquery.sha1.js') ));} } \ No newline at end of file From f8a36c6e7409f43c57f60eef6d5cc5fbc9f4fad4 Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Sun, 16 Jun 2013 12:57:21 +0200 Subject: [PATCH 3/7] fixed database name convention --- sai/modules/saimod_sys_log/saimod_sys_log.php | 2 +- security/Security.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sai/modules/saimod_sys_log/saimod_sys_log.php b/sai/modules/saimod_sys_log/saimod_sys_log.php index aeb6e39..1a6bbcd 100644 --- a/sai/modules/saimod_sys_log/saimod_sys_log.php +++ b/sai/modules/saimod_sys_log/saimod_sys_log.php @@ -63,7 +63,7 @@ class saimod_sys_log extends \SYSTEM\SAI\SaiModule {

Truncate table system.sys_log

-

This action will delete all error messages from databse.
+

This action will delete all error messages from database.
Are you sure?

diff --git a/security/Security.php b/security/Security.php index a9c8024..798689c 100644 --- a/security/Security.php +++ b/security/Security.php @@ -74,7 +74,7 @@ class Security { // set password_sha if it is empty if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]){ $res = $con->prepare( 'updatePasswordSHAStmt', - 'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';', + 'UPDATE '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\UserTable::NAME_PG : \SYSTEM\DBD\UserTable::NAME_MYS).' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';', array($password_sha,$row[\SYSTEM\DBD\UserTable::FIELD_ID])); $res = $res->next(); $row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]; From fbb7187230ba72ea82b751a08c86659327170a25 Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Sun, 16 Jun 2013 13:37:20 +0200 Subject: [PATCH 4/7] updated name convention --- system/locale.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/locale.php b/system/locale.php index 69e95f4..fef81d2 100644 --- a/system/locale.php +++ b/system/locale.php @@ -15,7 +15,7 @@ class locale { \SYSTEM\SECURITY\Security::save(self::SESSION_KEY, $lang); if(\SYSTEM\SECURITY\Security::isLoggedIn()){ - \SYSTEM\SECURITY\Security::_db_setLocale(new \SYSTEM\DBD\systemPostgres(), $lang);} //TODO: connection def move somewhere? + \SYSTEM\SECURITY\Security::_db_setLocale(\SYSTEM\system::getSystemDBInfo(), $lang);} //TODO: connection def move somewhere? return true; } From 1397abff5d42e496d2f8c0dbc91fc7bab4fee754 Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Sun, 16 Jun 2013 18:18:39 +0200 Subject: [PATCH 5/7] updated name convention --- security/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/Security.php b/security/Security.php index 798689c..5068fec 100644 --- a/security/Security.php +++ b/security/Security.php @@ -187,7 +187,7 @@ class Security { $con = new \SYSTEM\DB\Connection($dbinfo); $res = $con->prepare( 'updateUserLocaleStmt', - 'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.' = $1 '. + 'UPDATE '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\UserTable::NAME_PG : \SYSTEM\DBD\UserTable::NAME_MYS).' SET '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.' = $1 '. 'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.';', array($lang, $user->id)); if(!$res->next()){ From 0265e407b704c6d828d0e171cf9885264571803b Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Tue, 18 Jun 2013 14:33:57 +0200 Subject: [PATCH 6/7] update name convention --- security/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/Security.php b/security/Security.php index 5068fec..ef9ebf3 100644 --- a/security/Security.php +++ b/security/Security.php @@ -119,7 +119,7 @@ class Security { public static function available(\SYSTEM\DB\DBInfo $dbinfo, $username){ $con = new \SYSTEM\DB\Connection($dbinfo); $res = $con->prepare( 'availableStmt', - 'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserTable::NAME. + 'SELECT COUNT(*) as count FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\UserTable::NAME_PG : \SYSTEM\DBD\UserTable::NAME_MYS). ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') like lower($1) ;', array($username)); From 2029a3032a841d35ec52d53334d9e5ec61a3feb9 Mon Sep 17 00:00:00 2001 From: scholzDaSense Date: Tue, 18 Jun 2013 18:49:12 +0200 Subject: [PATCH 7/7] fixed name convention --- security/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/Security.php b/security/Security.php index ef9ebf3..b9d96da 100644 --- a/security/Security.php +++ b/security/Security.php @@ -23,7 +23,7 @@ class Security { return self::REGISTER_FAIL;} $con = new \SYSTEM\DB\Connection($dbinfo); - $result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\UserTable::NAME. + $result = $con->prepare('createAccountStmt','INSERT INTO '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\UserTable::NAME_PG : \SYSTEM\DBD\UserTable::NAME_MYS). ' ('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.','.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.',' .\SYSTEM\DBD\UserTable::FIELD_EMAIL.','.\SYSTEM\DBD\UserTable::FIELD_LOCALE.','.\SYSTEM\DBD\UserTable::FIELD_ACCOUNT_FLAG.')'. ' VALUES ($1, $2, $3, $4, $5) RETURNING *;',