webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QI for inserts - fuck you mysqli, disabled fatal error handling(cuz its unsafe), small saimod login fix, Security cleanup

Browse Source
This commit is contained in:
Ulf Gebhardt 2014-01-20 23:18:58 +01:00
parent b5e0bfe59a
commit 6ded7a05b3
5 changed files with 27 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
db/qq/QP.php
View File

@ -24,6 +24,10 @@ class QP {
public static function Q1($params,$params_mys = null){ public static function Q1($params,$params_mys = null){
return self::QQ($params,$params_mys)->next();} return self::QQ($params,$params_mys)->next();}
public static function QI($params,$params_mys = null){
$qq = self::QQ($params,$params_mys);
return $qq->affectedRows() != 0;
}
//override this //override this
protected static function query(){ protected static function query(){
throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');} throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');}

5
db/qq/QQ.php
View File

@ -23,7 +23,10 @@ class QQ {
public static function Q1(){ public static function Q1(){
return self::QQ()->next();} return self::QQ()->next();}
public static function QI($params,$params_mys = null){
$qq = self::QQ($params,$params_mys);
return $qq->affectedRows() != 0;
}
//override this //override this
protected static function query(){ protected static function query(){
throw new \SYSTEM\LOG\ERROR('query function of your QQ Class not overwritten!');} throw new \SYSTEM\LOG\ERROR('query function of your QQ Class not overwritten!');}

2
log/log.php
View File

@ -19,7 +19,7 @@ class log {
set_error_handler ('\SYSTEM\LOG\log::__error_handler'); set_error_handler ('\SYSTEM\LOG\log::__error_handler');
set_exception_handler ('\SYSTEM\LOG\log::__exception_handler'); set_exception_handler ('\SYSTEM\LOG\log::__exception_handler');
register_shutdown_function ('\SYSTEM\LOG\log::__shutdown_handler' ); register_shutdown_function ('\SYSTEM\LOG\log::__shutdown_handler' );
ob_start ('\SYSTEM\LOG\log::__fatal_error_handler'); //ob_start ('\SYSTEM\LOG\log::__fatal_error_handler');
} }
private static function call_handlers(\Exception $E, $thrown = true){ private static function call_handlers(\Exception $E, $thrown = true){

6
sai/modules/saimod_sys_login/sai_sys_login_submit.js
View File

@ -71,9 +71,7 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
if(select_locale.options[i].selected ){ if(select_locale.options[i].selected ){
locale = select_locale.options[i].value; locale = select_locale.options[i].value;
} }
} }
//alert(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password_sha='+$.sha1(password)+'&password_md5='+$.md5(password)+'&email='+email+'&locale='+locale);
$.ajax({ $.ajax({
dataType: "json", dataType: "json",
@ -83,7 +81,7 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
if(dataCreate === 1){ // reload -> user will be loged in if(dataCreate === 1){ // reload -> user will be loged in
window.location.href = location.href.replace(/#/g, ""); window.location.href = location.href.replace(/#/g, "");
}else{ // show errors }else{ // show errors
//todo alert('Not successfull: '+dataCreate);
} }
} }
}); });

39
security/Security.php
View File

@ -10,8 +10,8 @@ class Security {
// check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount) // check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
if($checkAvailable && !self::available($username)){ if($checkAvailable && !self::available($username)){
return self::FAIL;} return self::FAIL;}
$result = \SYSTEM\DBD\SYS_SECURITY_CREATE::Q1(array( $username , $password, $email, $locale, 1 )); $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 )); //insert returns null - sucky implementation @ php/sql throws on error(or should maybe)
if( !$result || !self::login($username, $password, $locale)){ if(!$result || !self::login($username, $password, $locale)){
return self::FAIL;} return self::FAIL;}
return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK); return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
} }
@ -21,32 +21,25 @@ class Security {
if(!$row){ if(!$row){
return self::FAIL;} // old password wrong return self::FAIL;} // old password wrong
$userID = $row['id']; $userID = $row['id'];
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($password_sha_new, $userID)); $result = \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QI(array($password_sha_new, $userID));
return self::OK; return $result ? self::OK : self::FAIL;
} }
public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){ public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession(); self::startSession();
if(!isset($password_sha)){ $_SESSION['user'] = NULL;
//self::trackLogins(NULL, self::FAIL);
$_SESSION['user'] = NULL;
return self::FAIL;}
//Database check //Database check
if(isset($password_md5)){ if(isset($password_md5)){
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::QQ(array($username, $password_sha, $password_md5)); $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5));
}else{ }else{
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::QQ(array($username, $password_sha));} $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));}
if(!$result){
new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");
$_SESSION['user'] = NULL;
return self::FAIL;}
$row = $result->next();
if(!$row){ if(!$row){
new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db"); new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");
$_SESSION['user'] = NULL;
return self::FAIL;} return self::FAIL;}
//todo: move to da-sense
// set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix // set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] || if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] ||
strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){ strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
@ -55,9 +48,8 @@ class Security {
$pw = $password_sha_new; $pw = $password_sha_new;
}else{ }else{
$pw = $password_sha; $pw = $password_sha;
} }
unset($result); \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QQ(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw; $row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw;
} }
// set session variables // set session variables
@ -77,8 +69,9 @@ class Security {
return ($advancedResult ? $row : self::OK); return ($advancedResult ? $row : self::OK);
} }
//todo: remove
private static function trackLogins($userID){ private static function trackLogins($userID){
\SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::Q1(array(microtime(true), $userID));} \SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::QQ(array(microtime(true), $userID));}
public static function getUser(){ public static function getUser(){
if(!self::isLoggedIn()){ if(!self::isLoggedIn()){