From 6ded7a05b39508b8b446bf5ce8a7263d1160d6da Mon Sep 17 00:00:00 2001
From: rylon <rylon@web.de>
Date: Mon, 20 Jan 2014 23:18:58 +0100
Subject: [PATCH] QI for inserts - fuck you mysqli, disabled fatal error
 handling(cuz its unsafe), small saimod login fix, Security cleanup

---
 db/qq/QP.php                                  |  4 ++
 db/qq/QQ.php                                  |  5 ++-
 log/log.php                                   |  2 +-
 .../saimod_sys_login/sai_sys_login_submit.js  |  6 +--
 security/Security.php                         | 39 ++++++++-----------
 5 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/db/qq/QP.php b/db/qq/QP.php
index 6a09927..e666907 100644
--- a/db/qq/QP.php
+++ b/db/qq/QP.php
@@ -24,6 +24,10 @@ class QP {
     public static function Q1($params,$params_mys = null){
         return self::QQ($params,$params_mys)->next();}
     
+    public static function QI($params,$params_mys = null){
+        $qq = self::QQ($params,$params_mys);
+        return $qq->affectedRows() != 0; 
+    }
     //override this
     protected static function query(){
         throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');}
diff --git a/db/qq/QQ.php b/db/qq/QQ.php
index c8bf9dc..12b7582 100644
--- a/db/qq/QQ.php
+++ b/db/qq/QQ.php
@@ -23,7 +23,10 @@ class QQ {
     
     public static function Q1(){
         return self::QQ()->next();}
-    
+    public static function QI($params,$params_mys = null){
+        $qq = self::QQ($params,$params_mys);
+        return $qq->affectedRows() != 0; 
+    }
     //override this
     protected static function query(){
         throw new \SYSTEM\LOG\ERROR('query function of your QQ Class not overwritten!');}
diff --git a/log/log.php b/log/log.php
index fd94af8..c849a8e 100644
--- a/log/log.php
+++ b/log/log.php
@@ -19,7 +19,7 @@ class log {
         set_error_handler           ('\SYSTEM\LOG\log::__error_handler');
         set_exception_handler       ('\SYSTEM\LOG\log::__exception_handler');
         register_shutdown_function  ('\SYSTEM\LOG\log::__shutdown_handler' );                
-        ob_start                    ('\SYSTEM\LOG\log::__fatal_error_handler');
+        //ob_start                    ('\SYSTEM\LOG\log::__fatal_error_handler');
     }
     
     private static function call_handlers(\Exception $E, $thrown = true){                  
diff --git a/sai/modules/saimod_sys_login/sai_sys_login_submit.js b/sai/modules/saimod_sys_login/sai_sys_login_submit.js
index a3c5978..c00651d 100644
--- a/sai/modules/saimod_sys_login/sai_sys_login_submit.js
+++ b/sai/modules/saimod_sys_login/sai_sys_login_submit.js
@@ -71,9 +71,7 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
                    if(select_locale.options[i].selected ){
                         locale = select_locale.options[i].value;
                    }
-                }
-                
-                //alert(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password_sha='+$.sha1(password)+'&password_md5='+$.md5(password)+'&email='+email+'&locale='+locale);
+                }                                
                 
                 $.ajax({
                     dataType: "json",
@@ -83,7 +81,7 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
                         if(dataCreate === 1){ // reload -> user will be loged in
                             window.location.href = location.href.replace(/#/g, "");
                         }else{  // show errors
-                            //todo
+                            alert('Not successfull: '+dataCreate);
                         }
                     }
                 });
diff --git a/security/Security.php b/security/Security.php
index 061e3b0..bb0c95d 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -10,8 +10,8 @@ class Security {
         // check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
         if($checkAvailable && !self::available($username)){
             return self::FAIL;}                        
-        $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::Q1(array( $username , $password, $email, $locale, 1 ));                
-        if( !$result || !self::login($username, $password, $locale)){
+        $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 )); //insert returns null - sucky implementation @ php/sql throws on error(or should maybe)
+        if(!$result || !self::login($username, $password, $locale)){            
                 return self::FAIL;}                 
         return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
     }
@@ -21,32 +21,25 @@ class Security {
         if(!$row){
             return self::FAIL;} // old password wrong                  
         $userID = $row['id'];        
-        \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($password_sha_new, $userID));        
-        return self::OK;
+        $result = \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QI(array($password_sha_new, $userID));        
+        return $result ? self::OK : self::FAIL;
     }
              
     public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
         self::startSession();        
-        if(!isset($password_sha)){
-            //self::trackLogins(NULL, self::FAIL);
-            $_SESSION['user'] = NULL;
-            return self::FAIL;}
+        $_SESSION['user'] = NULL;
+                
         //Database check
         if(isset($password_md5)){      
-            $result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::QQ(array($username, $password_sha, $password_md5));
+            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5));
         }else{
-            $result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::QQ(array($username, $password_sha));}
-            
-        if(!$result){
-            new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");            
-            $_SESSION['user'] = NULL;
-            return self::FAIL;}
-            
-        $row = $result->next();
+            $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));}                    
+                    
         if(!$row){
-            new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");            
-            $_SESSION['user'] = NULL;            
+            new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");                        
             return self::FAIL;}
+            
+        //todo: move to da-sense    
         // set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
         if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] ||
             strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
@@ -55,9 +48,8 @@ class Security {
                 $pw = $password_sha_new;
             }else{
                 $pw = $password_sha;
-            }
-            unset($result);
-            \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));            
+            }            
+            \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QQ(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));            
             $row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw;
         }            
         // set session variables
@@ -77,8 +69,9 @@ class Security {
         return ($advancedResult ? $row : self::OK);
     }       
     
+    //todo: remove
     private static function trackLogins($userID){
-        \SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::Q1(array(microtime(true), $userID));}
+        \SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::QQ(array(microtime(true), $userID));}
 
     public static function getUser(){
         if(!self::isLoggedIn()){