webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QI for inserts - fuck you mysqli, disabled fatal error handling(cuz its unsafe), small saimod login fix, Security cleanup

Browse Source
This commit is contained in:
Ulf Gebhardt 2014-01-20 23:18:58 +01:00
parent b5e0bfe59a
commit 6ded7a05b3
5 changed files with 27 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
db/qq/QP.php
View File

@ -24,6 +24,10 @@ class QP {
public static function Q1($params,$params_mys = null){
return self::QQ($params,$params_mys)->next();}
public static function QI($params,$params_mys = null){
$qq = self::QQ($params,$params_mys);
return $qq->affectedRows() != 0;
}
//override this
protected static function query(){
throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');}

5
db/qq/QQ.php
View File

@ -23,7 +23,10 @@ class QQ {
public static function Q1(){
return self::QQ()->next();}
public static function QI($params,$params_mys = null){
$qq = self::QQ($params,$params_mys);
return $qq->affectedRows() != 0;
}
//override this
protected static function query(){
throw new \SYSTEM\LOG\ERROR('query function of your QQ Class not overwritten!');}

2
log/log.php
View File

@ -19,7 +19,7 @@ class log {
set_error_handler ('\SYSTEM\LOG\log::__error_handler');
set_exception_handler ('\SYSTEM\LOG\log::__exception_handler');
register_shutdown_function ('\SYSTEM\LOG\log::__shutdown_handler' );
ob_start ('\SYSTEM\LOG\log::__fatal_error_handler');
//ob_start ('\SYSTEM\LOG\log::__fatal_error_handler');
}
private static function call_handlers(\Exception $E, $thrown = true){

4
sai/modules/saimod_sys_login/sai_sys_login_submit.js
View File

@ -73,8 +73,6 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
}
}
//alert(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password_sha='+$.sha1(password)+'&password_md5='+$.md5(password)+'&email='+email+'&locale='+locale);
$.ajax({
dataType: "json",
url: SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password='+$.sha1(password)+'&email='+email+'&locale='+locale,
@ -83,7 +81,7 @@ function init__SYSTEM_SAI_saimod_sys_login_register(){
if(dataCreate === 1){ // reload -> user will be loged in
window.location.href = location.href.replace(/#/g, "");
}else{ // show errors
//todo
alert('Not successfull: '+dataCreate);
}
}
});

29
security/Security.php
View File

@ -10,7 +10,7 @@ class Security {
// check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
if($checkAvailable && !self::available($username)){
return self::FAIL;}
$result = \SYSTEM\DBD\SYS_SECURITY_CREATE::Q1(array( $username , $password, $email, $locale, 1 ));
$result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 )); //insert returns null - sucky implementation @ php/sql throws on error(or should maybe)
if(!$result || !self::login($username, $password, $locale)){
return self::FAIL;}
return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
@ -21,32 +21,25 @@ class Security {
if(!$row){
return self::FAIL;} // old password wrong
$userID = $row['id'];
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($password_sha_new, $userID));
return self::OK;
$result = \SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QI(array($password_sha_new, $userID));
return $result ? self::OK : self::FAIL;
}
public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession();
if(!isset($password_sha)){
//self::trackLogins(NULL, self::FAIL);
$_SESSION['user'] = NULL;
return self::FAIL;}
//Database check
if(isset($password_md5)){
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::QQ(array($username, $password_sha, $password_md5));
$row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5));
}else{
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::QQ(array($username, $password_sha));}
$row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));}
if(!$result){
new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");
$_SESSION['user'] = NULL;
return self::FAIL;}
$row = $result->next();
if(!$row){
new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");
$_SESSION['user'] = NULL;
return self::FAIL;}
//todo: move to da-sense
// set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] ||
strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
@ -56,8 +49,7 @@ class Security {
}else{
$pw = $password_sha;
}
unset($result);
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::QQ(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw;
}
// set session variables
@ -77,8 +69,9 @@ class Security {
return ($advancedResult ? $row : self::OK);
}
//todo: remove
private static function trackLogins($userID){
\SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::Q1(array(microtime(true), $userID));}
\SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::QQ(array(microtime(true), $userID));}
public static function getUser(){
if(!self::isLoggedIn()){