Changeset 1351
- Timestamp:
- 06/11/08 02:10:17 (2 years ago)
- Location:
- trunk/wifidog-auth
- Files:
-
- 2 added
- 12 modified
-
CHANGELOG (modified) (1 diff)
-
sql/wifidog-postgres-initial-data.sql (modified) (2 diffs)
-
sql/wifidog-postgres-schema.sql (modified) (18 diffs)
-
wifidog/admin/generic_object_admin.php (modified) (1 diff)
-
wifidog/auth/index.php (modified) (2 diffs)
-
wifidog/classes/Authenticator.php (modified) (1 diff)
-
wifidog/classes/Content/UIAllowedBandwidth (added)
-
wifidog/classes/Content/UIAllowedBandwidth/UIAllowedBandwidth.php (added)
-
wifidog/classes/Network.php (modified) (3 diffs)
-
wifidog/classes/Node.php (modified) (3 diffs)
-
wifidog/classes/Permission.php (modified) (1 diff)
-
wifidog/classes/User.php (modified) (3 diffs)
-
wifidog/config.php (modified) (1 diff)
-
wifidog/include/schema_validate.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wifidog-auth/CHANGELOG
r1350 r1351 1 1 # $Id$ 2 2008-06-10 Benoit Grégoire <bock@step.polymtl.ca> 3 * Authenticator.php: Fix SQL error closing connections. 4 * auth/index.php: Probably fix the "Access denied" message when user click twice problem that resurfaced. 5 * At long last, implement operational Dynamic abuse control (out of the embryo of the token architecture)! Configurable in Network preferences if you have the permissions. Unlike static limits, this is a sliding window (typically a month) during which user have a bandwidth and connection duration limit, per node, and totalled throughout the network. 6 * UIAllowedBandwidth: New, simplistic content type to show the user how much of his allocation he consumed. Off course, the goal is actually to make it into a pretty graph.... 7 2 8 2008-06-10 Benoit Grégoire <bock@step.polymtl.ca> 3 9 * Begin implementing http://dev.wifidog.org/wiki/doc/developer/TokenArchitecture. This is a first step: SQL schema changes, and adapt the current functionnality to the new schema to have a baseline. Everything should work as before, please notify me if you notice anything strange... -
trunk/wifidog-auth/sql/wifidog-postgres-initial-data.sql
r1261 r1351 197 197 INSERT INTO virtual_hosts (virtual_host_id, hostname, default_network) VALUES ('DEFAULT_VHOST', 'localhost', 'default-network'); 198 198 INSERT INTO server (server_id, default_virtual_host) VALUES ('SERVER_ID', 'DEFAULT_VHOST'); 199 INSERT into roles (role_id, stakeholder_type_id) VALUES ('SERVER_ SYSADMIN', 'Server');200 INSERT into roles (role_id, stakeholder_type_id) VALUES ('NETWORK_ SYSADMIN', 'Network');199 INSERT into roles (role_id, stakeholder_type_id) VALUES ('SERVER_OWNER', 'Server'); 200 INSERT into roles (role_id, stakeholder_type_id) VALUES ('NETWORK_OWNER', 'Network'); 201 201 -- 202 202 -- PostgreSQL database dump … … 215 215 -- 216 216 217 INSERT INTO schema_info (tag, value) VALUES ('schema_version', ' 56');217 INSERT INTO schema_info (tag, value) VALUES ('schema_version', '61'); 218 218 219 219 -
trunk/wifidog-auth/sql/wifidog-postgres-schema.sql
r1261 r1351 25 25 26 26 -- 27 -- Name: SCHEMA public; Type: COMMENT; Schema: -; Owner: -28 --29 30 COMMENT ON SCHEMA public IS 'Standard public schema';31 32 33 --34 27 -- Name: plpgsql; Type: PROCEDURAL LANGUAGE; Schema: -; Owner: - 35 28 -- … … 50 43 CREATE TABLE connections ( 51 44 conn_id integer NOT NULL, 52 token character varying(32) DEFAULT ''::character varying NOT NULL, 53 token_status character varying(10) DEFAULT 'UNUSED'::character varying NOT NULL, 45 token_id character varying(32) DEFAULT ''::character varying NOT NULL, 54 46 timestamp_in timestamp without time zone, 55 47 node_id character varying(32), … … 61 53 last_updated timestamp without time zone NOT NULL, 62 54 incoming bigint, 63 outgoing bigint 64 ); 65 66 67 -- 68 -- Name: connections_conn_id_seq; Type: SEQUENCE; Schema: public; Owner: - 69 -- 70 71 CREATE SEQUENCE connections_conn_id_seq 72 INCREMENT BY 1 73 NO MAXVALUE 74 NO MINVALUE 75 CACHE 1; 76 77 78 -- 79 -- Name: connections_conn_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - 80 -- 81 82 ALTER SEQUENCE connections_conn_id_seq OWNED BY connections.conn_id; 55 outgoing bigint, 56 max_total_bytes integer, 57 max_incoming_bytes integer, 58 max_outgoing_bytes integer, 59 expiration_date timestamp without time zone, 60 logout_reason integer 61 ); 83 62 84 63 … … 295 274 CREATE TABLE content_key_value_pairs ( 296 275 content_id text NOT NULL, 297 "key"text NOT NULL,276 key text NOT NULL, 298 277 value text 299 278 ); … … 451 430 gmaps_map_type text DEFAULT 'G_NORMAL_MAP'::text NOT NULL, 452 431 theme_pack text, 432 connection_limit_window interval, 433 connection_limit_network_max_total_bytes integer, 434 connection_limit_network_max_usage_duration interval, 435 connection_limit_node_max_total_bytes integer, 436 connection_limit_node_max_usage_duration interval, 453 437 CONSTRAINT networks_gmaps_map_type CHECK ((gmaps_map_type <> ''::text)), 454 438 CONSTRAINT networks_name CHECK ((name <> ''::text)), … … 536 520 last_heartbeat_wifidog_uptime integer, 537 521 last_heartbeat_sys_memfree integer, 538 last_heartbeat_sys_load real 522 last_heartbeat_sys_load real, 523 connection_limit_node_max_total_bytes_override integer, 524 connection_limit_node_max_usage_duration_override interval 539 525 ); 540 526 … … 672 658 673 659 660 -- 661 -- Name: token_lots; Type: TABLE; Schema: public; Owner: -; Tablespace: 662 -- 663 664 CREATE TABLE token_lots ( 665 token_lot_id text NOT NULL, 666 token_lot_comment text, 667 token_lot_creation_date timestamp without time zone DEFAULT now() NOT NULL 668 ); 669 670 674 671 SET default_with_oids = true; 675 672 … … 682 679 ); 683 680 681 682 SET default_with_oids = false; 683 684 -- 685 -- Name: token_templates; Type: TABLE; Schema: public; Owner: -; Tablespace: 686 -- 687 688 CREATE TABLE token_templates ( 689 token_template_id text NOT NULL, 690 token_template_network text NOT NULL, 691 token_template_creation_date timestamp without time zone DEFAULT now() NOT NULL, 692 token_max_incoming_data integer, 693 token_max_outgoing_data integer, 694 token_max_total_data integer, 695 token_max_connection_duration interval, 696 token_max_usage_duration interval, 697 token_max_wall_clock_duration interval, 698 token_max_age interval, 699 token_is_reusable boolean DEFAULT true 700 ); 701 702 703 -- 704 -- Name: tokens; Type: TABLE; Schema: public; Owner: -; Tablespace: 705 -- 706 707 CREATE TABLE tokens ( 708 token_id text NOT NULL, 709 token_template_id text, 710 token_status text, 711 token_lot_id text, 712 token_creation_date timestamp without time zone DEFAULT now() NOT NULL, 713 token_issuer text NOT NULL, 714 token_owner text 715 ); 716 717 718 -- 719 -- Name: tokens_template_valid_nodes; Type: TABLE; Schema: public; Owner: -; Tablespace: 720 -- 721 722 CREATE TABLE tokens_template_valid_nodes ( 723 token_template_id text NOT NULL, 724 token_valid_at_node text NOT NULL 725 ); 726 727 728 SET default_with_oids = true; 684 729 685 730 -- … … 723 768 never_show_username boolean DEFAULT false, 724 769 prefered_locale text, 770 open_id_url text, 725 771 CONSTRAINT check_user_not_empty CHECK (((user_id)::text <> ''::text)) 726 772 ); … … 764 810 765 811 -- 812 -- Name: connections_conn_id_seq; Type: SEQUENCE; Schema: public; Owner: - 813 -- 814 815 CREATE SEQUENCE connections_conn_id_seq 816 INCREMENT BY 1 817 NO MAXVALUE 818 NO MINVALUE 819 CACHE 1; 820 821 822 -- 823 -- Name: connections_conn_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - 824 -- 825 826 ALTER SEQUENCE connections_conn_id_seq OWNED BY connections.conn_id; 827 828 829 -- 766 830 -- Name: conn_id; Type: DEFAULT; Schema: public; Owner: - 767 831 -- … … 847 911 848 912 ALTER TABLE ONLY content_key_value_pairs 849 ADD CONSTRAINT content_key_value_pairs_pkey PRIMARY KEY (content_id, "key");913 ADD CONSTRAINT content_key_value_pairs_pkey PRIMARY KEY (content_id, key); 850 914 851 915 … … 1099 1163 1100 1164 -- 1165 -- Name: token_lots_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1166 -- 1167 1168 ALTER TABLE ONLY token_lots 1169 ADD CONSTRAINT token_lots_pkey PRIMARY KEY (token_lot_id); 1170 1171 1172 -- 1101 1173 -- Name: token_status_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1102 1174 -- … … 1107 1179 1108 1180 -- 1181 -- Name: token_templates_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1182 -- 1183 1184 ALTER TABLE ONLY token_templates 1185 ADD CONSTRAINT token_templates_pkey PRIMARY KEY (token_template_id); 1186 1187 1188 -- 1189 -- Name: tokens_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1190 -- 1191 1192 ALTER TABLE ONLY tokens 1193 ADD CONSTRAINT tokens_pkey PRIMARY KEY (token_id); 1194 1195 1196 -- 1197 -- Name: tokens_template_valid_nodes_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1198 -- 1199 1200 ALTER TABLE ONLY tokens_template_valid_nodes 1201 ADD CONSTRAINT tokens_template_valid_nodes_pkey PRIMARY KEY (token_template_id, token_valid_at_node); 1202 1203 1204 -- 1109 1205 -- Name: user_has_content_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 1110 1206 -- … … 1183 1279 1184 1280 -- 1281 -- Name: idx_content_display_log; Type: INDEX; Schema: public; Owner: -; Tablespace: 1282 -- 1283 1284 CREATE INDEX idx_content_display_log ON content_display_log USING btree (last_display_timestamp); 1285 1286 1287 -- 1185 1288 -- Name: idx_content_group_element_content_group_id; Type: INDEX; Schema: public; Owner: -; Tablespace: 1186 1289 -- … … 1211 1314 1212 1315 -- 1316 -- Name: idx_nodes_node_deployment_status; Type: INDEX; Schema: public; Owner: -; Tablespace: 1317 -- 1318 1319 CREATE INDEX idx_nodes_node_deployment_status ON nodes USING btree (node_deployment_status); 1320 1321 1322 -- 1213 1323 -- Name: idx_token; Type: INDEX; Schema: public; Owner: -; Tablespace: 1214 1324 -- 1215 1325 1216 CREATE INDEX idx_token ON connections USING btree (token );1217 1218 1219 -- 1220 -- Name: idx_token_status _and_user_id; Type: INDEX; Schema: public; Owner: -; Tablespace:1221 -- 1222 1223 CREATE INDEX idx_token_status _and_user_id ON connections USING btree (token_status, user_id);1326 CREATE INDEX idx_token ON connections USING btree (token_id); 1327 1328 1329 -- 1330 -- Name: idx_token_status; Type: INDEX; Schema: public; Owner: -; Tablespace: 1331 -- 1332 1333 CREATE INDEX idx_token_status ON tokens USING btree (token_status); 1224 1334 1225 1335 … … 1232 1342 1233 1343 -- 1344 -- Name: idx_users_topen_id_url; Type: INDEX; Schema: public; Owner: -; Tablespace: 1345 -- 1346 1347 CREATE INDEX idx_users_topen_id_url ON users USING btree (open_id_url); 1348 1349 1350 -- 1234 1351 -- Name: profile_template_fields_semantic_id; Type: INDEX; Schema: public; Owner: -; Tablespace: 1235 1352 -- 1236 1353 1237 1354 CREATE INDEX profile_template_fields_semantic_id ON profile_template_fields USING btree (semantic_id); 1238 1239 1240 --1241 -- Name: $1; Type: FK CONSTRAINT; Schema: public; Owner: -1242 --1243 1244 ALTER TABLE ONLY connections1245 ADD CONSTRAINT "$1" FOREIGN KEY (token_status) REFERENCES token_status(token_status);1246 1355 1247 1356 … … 1607 1716 1608 1717 -- 1718 -- Name: fk_roles; Type: FK CONSTRAINT; Schema: public; Owner: - 1719 -- 1720 1721 ALTER TABLE ONLY network_stakeholders 1722 ADD CONSTRAINT fk_roles FOREIGN KEY (role_id) REFERENCES roles(role_id) ON UPDATE CASCADE ON DELETE CASCADE; 1723 1724 1725 -- 1726 -- Name: fk_roles; Type: FK CONSTRAINT; Schema: public; Owner: - 1727 -- 1728 1729 ALTER TABLE ONLY node_stakeholders 1730 ADD CONSTRAINT fk_roles FOREIGN KEY (role_id) REFERENCES roles(role_id) ON UPDATE CASCADE ON DELETE CASCADE; 1731 1732 1733 -- 1734 -- Name: fk_roles; Type: FK CONSTRAINT; Schema: public; Owner: - 1735 -- 1736 1737 ALTER TABLE ONLY server_stakeholders 1738 ADD CONSTRAINT fk_roles FOREIGN KEY (role_id) REFERENCES roles(role_id) ON UPDATE CASCADE ON DELETE CASCADE; 1739 1740 1741 -- 1742 -- Name: fk_tokens; Type: FK CONSTRAINT; Schema: public; Owner: - 1743 -- 1744 1745 ALTER TABLE ONLY connections 1746 ADD CONSTRAINT fk_tokens FOREIGN KEY (token_id) REFERENCES tokens(token_id) ON UPDATE CASCADE ON DELETE RESTRICT; 1747 1748 1749 -- 1609 1750 -- Name: fk_users; Type: FK CONSTRAINT; Schema: public; Owner: - 1610 1751 -- … … 1791 1932 1792 1933 -- 1934 -- Name: token_templates_token_template_network_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1935 -- 1936 1937 ALTER TABLE ONLY token_templates 1938 ADD CONSTRAINT token_templates_token_template_network_fkey FOREIGN KEY (token_template_network) REFERENCES networks(network_id) ON UPDATE CASCADE ON DELETE CASCADE; 1939 1940 1941 -- 1942 -- Name: tokens_template_valid_nodes_token_template_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1943 -- 1944 1945 ALTER TABLE ONLY tokens_template_valid_nodes 1946 ADD CONSTRAINT tokens_template_valid_nodes_token_template_id_fkey FOREIGN KEY (token_template_id) REFERENCES token_templates(token_template_id) ON UPDATE CASCADE ON DELETE CASCADE; 1947 1948 1949 -- 1950 -- Name: tokens_template_valid_nodes_token_valid_at_node_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1951 -- 1952 1953 ALTER TABLE ONLY tokens_template_valid_nodes 1954 ADD CONSTRAINT tokens_template_valid_nodes_token_valid_at_node_fkey FOREIGN KEY (token_valid_at_node) REFERENCES nodes(node_id) ON UPDATE CASCADE ON DELETE CASCADE; 1955 1956 1957 -- 1958 -- Name: tokens_token_issuer_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1959 -- 1960 1961 ALTER TABLE ONLY tokens 1962 ADD CONSTRAINT tokens_token_issuer_fkey FOREIGN KEY (token_issuer) REFERENCES users(user_id) ON UPDATE CASCADE ON DELETE CASCADE; 1963 1964 1965 -- 1966 -- Name: tokens_token_lot_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1967 -- 1968 1969 ALTER TABLE ONLY tokens 1970 ADD CONSTRAINT tokens_token_lot_id_fkey FOREIGN KEY (token_lot_id) REFERENCES token_lots(token_lot_id) ON UPDATE CASCADE ON DELETE CASCADE; 1971 1972 1973 -- 1974 -- Name: tokens_token_owner_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1975 -- 1976 1977 ALTER TABLE ONLY tokens 1978 ADD CONSTRAINT tokens_token_owner_fkey FOREIGN KEY (token_owner) REFERENCES users(user_id) ON UPDATE CASCADE ON DELETE CASCADE; 1979 1980 1981 -- 1982 -- Name: tokens_token_status_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1983 -- 1984 1985 ALTER TABLE ONLY tokens 1986 ADD CONSTRAINT tokens_token_status_fkey FOREIGN KEY (token_status) REFERENCES token_status(token_status) ON UPDATE CASCADE ON DELETE RESTRICT; 1987 1988 1989 -- 1990 -- Name: tokens_token_template_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1991 -- 1992 1993 ALTER TABLE ONLY tokens 1994 ADD CONSTRAINT tokens_token_template_id_fkey FOREIGN KEY (token_template_id) REFERENCES token_templates(token_template_id) ON UPDATE CASCADE ON DELETE CASCADE; 1995 1996 1997 -- 1793 1998 -- Name: user_has_profiles_profile_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - 1794 1999 -- -
trunk/wifidog-auth/wifidog/admin/generic_object_admin.php
r1339 r1351 374 374 case "ProfileTemplate" : 375 375 case "ContentTypeFilter" : 376 if (!User :: getCurrentUser()->DEPRECATEDisSuperAdmin()) {377 $supportsDeletion = false;378 }379 376 break; 380 377 -
trunk/wifidog-auth/wifidog/auth/index.php
r1350 r1351 51 51 require_once('../include/common.php'); 52 52 require_once('classes/Network.php'); 53 $db = AbstractDb::getObject(); 53 require_once('classes/User.php'); 54 $db = AbstractDb::getObject(); 54 55 $auth_response = ACCOUNT_STATUS_DENIED; 55 56 $auth_message = ''; … … 89 90 // Start accounting 90 91 if ($authenticator->acctStart($info['conn_id'], $auth_message)) 91 92 $auth_response = ACCOUNT_STATUS_ALLOWED; 92 93 else 93 94 $auth_response = ACCOUNT_STATUS_DENIED; 94 95 95 96 } 96 97 } 97 98 else 98 if ($info['token_status'] == TOKEN_INUSE && 99 isset($info['gw_id']) && isset($_REQUEST['gw_id']) && $info['gw_id'] == $_REQUEST['gw_id'] && 100 isset($info['mac']) && isset($_REQUEST['mac']) && $info['mac'] == $_REQUEST['mac'] && 101 isset($info['ip']) && isset($_REQUEST['ip']) && $info['ip'] == $_REQUEST['ip']) 99 if ($info['token_status'] == TOKEN_INUSE && 100 $info['gw_id'] && isset($_REQUEST['gw_id']) && $info['gw_id'] == $_REQUEST['gw_id'] && 101 $info['user_mac'] && isset($_REQUEST['mac']) && $info['user_mac'] == $_REQUEST['mac'] && 102 $info['user_ip'] && isset($_REQUEST['ip']) && $info['user_ip'] == $_REQUEST['ip']) 103 { 104 // This solves the bug where the user clicks twice before getting the portal page 105 $auth_response = ACCOUNT_STATUS_ALLOWED; 106 } 107 else 108 { 109 $auth_message .= "| Tried to login with a token that wasn't TOKEN_UNUSED. "; 110 } 111 } 112 else 113 if ($_REQUEST['stage'] == STAGE_LOGOUT || $_REQUEST['stage'] == STAGE_COUNTERS) 114 { 115 if (!empty ($_REQUEST['incoming']) || !empty ($_REQUEST['outgoing'])) 116 { 117 $incoming = $db->escapeString($_REQUEST['incoming']); 118 $outgoing = $db->escapeString($_REQUEST['outgoing']); 119 120 if (($incoming >= $info['incoming']) && ($outgoing >= $info['outgoing'])) 102 121 { 103 // This solves the bug where the user clicks twice before getting the portal page104 $auth_ response = ACCOUNT_STATUS_ALLOWED;122 $authenticator->acctUpdate($info['conn_id'], $incoming, $outgoing); 123 $auth_message .= "| Updated counters. "; 105 124 } 106 125 else 107 126 { 108 $auth_message .= "| Tried to login with a token that wasn't TOKEN_UNUSED. "; 127 $auth_message .= "| Warning: Incoming or outgoing counter is smaller than what is stored in the database; counters not updated. "; 128 109 129 } 110 } 111 else 112 if ($_REQUEST['stage'] == STAGE_LOGOUT || $_REQUEST['stage'] == STAGE_COUNTERS) 130 } 131 else 113 132 { 114 if ($_REQUEST['stage'] == STAGE_LOGOUT) 133 $auth_message .= "| Incoming or outgoing counter is missing; counters not updated. "; 134 } 135 136 if ($_REQUEST['stage'] == STAGE_LOGOUT) 137 { 138 $authenticator->logout($info['conn_id']); 139 $auth_message .= "| User is now logged out. "; 140 } 141 142 if ($_REQUEST['stage'] == STAGE_COUNTERS) 143 { 144 if ($info['token_status'] == TOKEN_INUSE) 115 145 { 116 $authenticator->logout($info['conn_id']); 117 $auth_message .= "| User is now logged out. "; 118 } 119 120 if ($_REQUEST['stage'] == STAGE_COUNTERS) 121 { 122 if ($info['token_status'] == TOKEN_INUSE) 146 /* This is for the 15 minutes validation period, the exact same code is also present when the stage is login. If you update this one don't forget to update the other one! */ 147 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($info['validation_grace_time_expired'] == 't')) 123 148 { 124 /* This is for the 15 minutes validation period, the exact same code is also present when the stage is login. If you update this one don't forget to update the other one! */ 125 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($info['validation_grace_time_expired'] == 't')) 126 { 127 $auth_response = ACCOUNT_STATUS_VALIDATION_FAILED; 128 $auth_message .= "| The validation grace period which began at ".$info['reg_date']." has now expired. "; 129 } 130 else 131 { 132 $auth_response = $info['account_status']; 133 } 149 $auth_response = ACCOUNT_STATUS_VALIDATION_FAILED; 150 $auth_message .= "| The validation grace period which began at ".$info['reg_date']." has now expired. "; 134 151 } 135 152 else 136 153 { 137 $auth_response = ACCOUNT_STATUS_DENIED; 138 $auth_message .= "| Invalid token status: ".$token_to_text[$info['token_status']].". "; 139 } 140 141 } 142 143 if (!empty ($_REQUEST['incoming']) || !empty ($_REQUEST['outgoing'])) 144 { 145 $incoming = $db->escapeString($_REQUEST['incoming']); 146 $outgoing = $db->escapeString($_REQUEST['outgoing']); 147 148 if (($incoming >= $info['incoming']) && ($outgoing >= $info['outgoing'])) 149 { 150 $authenticator->acctUpdate($info['conn_id'], $incoming, $outgoing); 151 $auth_message .= "| Updated counters. "; 152 } 153 else 154 { 155 $auth_message .= "| Warning: Incoming or outgoing counter is smaller than what is stored in the database; counters not updated. "; 156 154 /* TODO: This is a bit hackish, is't a shortcut untill the Token architecture uniform connection limit calculations are in place. */ 155 $abuseControlFault = User::isAbuseControlViolated(User::getObject($info['user_id']), $info['user_mac'], Node::getObject($info['node_id'])); 156 if($abuseControlFault) { 157 $auth_response = ACCOUNT_STATUS_DENIED; 158 $auth_message .= "| $abuseControlFault "; 159 } 160 else { 161 $auth_response = $info['account_status']; 162 } 157 163 } 158 164 } 159 165 else 160 166 { 161 $auth_message .= "| Incoming or outgoing counter is missing; counters not updated. "; 167 $auth_response = ACCOUNT_STATUS_DENIED; 168 $auth_message .= "| Invalid token status: ".$token_to_text[$info['token_status']].". "; 162 169 } 170 163 171 } 164 else 165 { 166 $auth_message .= "| Error: Unknown stage. "; 167 $auth_response = ACCOUNT_STATUS_ERROR; 168 } 172 173 } 174 else 175 { 176 $auth_message .= "| Error: Unknown stage. "; 177 $auth_response = ACCOUNT_STATUS_ERROR; 178 } 169 179 } 170 180 } -
trunk/wifidog-auth/wifidog/classes/Authenticator.php
r1350 r1351 345 345 // Stop traffic counters update 346 346 $conn_id = $db->escapeString($conn_id); 347 $db->execSqlUpdate("UPDATE connections SET "."timestamp_out=CURRENT_TIMESTAMP,"."token_status='".TOKEN_USED."' "."WHERE conn_id='{$conn_id}';\n", false); 347 $sql = "UPDATE connections SET timestamp_out=CURRENT_TIMESTAMP WHERE conn_id='{$conn_id}';\n"; 348 $sql .= "UPDATE tokens SET token_status='".TOKEN_USED."' FROM connections WHERE connections.token_id=tokens.token_id AND conn_id='{$conn_id}';\n"; 349 350 $db->execSqlUpdate($sql, false); 348 351 } 349 352 -
trunk/wifidog-auth/wifidog/classes/Network.php
r1350 r1351 1431 1431 } 1432 1432 1433 /** 1434 * Get an array of all Content linked to the network 1435 * 1436 * @param bool $exclude_subscribed_content Exclude subscribed content? 1437 * @param object $subscriber The User object used to 1438 * discriminate the content 1439 * 1440 * @return array An array of Content or an empty array 1441 */ 1442 /*public function getAllContent($exclude_subscribed_content = false, $subscriber = null) 1443 { 1444 1445 $db = AbstractDb::getObject(); 1446 1447 // Init values 1448 $content_rows = null; 1449 $retval = array (); 1450 1451 // Get all network, but exclude user subscribed content if asked 1452 if ($exclude_subscribed_content == true && $subscriber) { 1453 $sql = "SELECT content_id FROM network_has_content WHERE network_id='$this->_id' AND content_id NOT IN (SELECT content_id FROM user_has_content WHERE user_id = '{$subscriber->getId()}') ORDER BY subscribe_timestamp DESC"; 1454 } else { 1455 $sql = "SELECT content_id FROM network_has_content WHERE network_id='$this->_id' ORDER BY subscribe_timestamp DESC"; 1456 } 1457 1458 $db->execSql($sql, $content_rows, false); 1459 1460 if ($content_rows != null) { 1461 foreach ($content_rows as $content_row) { 1462 $retval[] = Content :: getObject($content_row['content_id']); 1463 } 1464 } 1465 1466 return $retval; 1467 } 1468 */ 1433 /** The length of the window during which the user must not have exceeded the limits below. 1434 * 1435 * @return string Interval as returned by postgresql 1436 */ 1437 public function getConnectionLimitWindow() 1438 { 1439 return $this->_row['connection_limit_window']; 1440 } 1441 1442 /** 1443 * Set the network's creation date 1444 * 1445 * @param string $value The new creation date 1446 * 1447 * @return bool True on success, false on failure 1448 */ 1449 public function setConnectionLimitWindow($value) 1450 { 1451 $db = AbstractDb::getObject(); 1452 // Init values 1453 $retVal = true; 1454 1455 if ($value != $this->getConnectionLimitWindow()) { 1456 $value?$value_sql="'".$db->escapeString($value)."'":$value_sql="NULL"; 1457 $retVal = $db->execSqlUpdate("UPDATE networks SET connection_limit_window = $value_sql WHERE network_id = '{$this->getId()}'", false); 1458 $this->refresh(); 1459 } 1460 return $retVal; 1461 } 1462 1463 /** Maximum data transfer during the abuse control window, in bytes 1464 * 1465 * @return integer Number of bytes 1466 */ 1467 public function getConnectionLimitNetworkMaxTotalBytes() 1468 { 1469 return $this->_row['connection_limit_network_max_total_bytes']; 1470 } 1471 1472 /** 1473 * Maximum data transfer during the abuse control window, in bytes 1474 * 1475 * @param $value integer Number of bytes 1476 * 1477 * @return bool True on success, false on failure 1478 */ 1479 public function setConnectionLimitNetworkMaxTotalBytes($value) 1480 { 1481 $db = AbstractDb::getObject(); 1482 // Init values 1483 $retVal = true; 1484 1485 if ($value != $this->getConnectionLimitNetworkMaxTotalBytes()) { 1486 $value?$value_sql="'".$db->escapeString($value)."'":$value_sql="NULL"; 1487 $retVal = $db->execSqlUpdate("UPDATE networks SET connection_limit_network_max_total_bytes = $value_sql WHERE network_id = '{$this->getId()}'", false); 1488 $this->refresh(); 1489 } 1490 return $retVal; 1491 } 1492 1493 /** Maximum connection duration during the abuse control window 1494 * 1495 * @return string Interval as returned by postgresql 1496 */ 1497 public function getConnectionLimitNetworkMaxDuration() 1498 { 1499 return $this->_row['connection_limit_network_max_usage_duration']; 1500 } 1501 1502 /** Maximum connection duration during the abuse control window 1503 * 1504 * @param string $value The new creation date 1505 * 1506 * @return bool True on success, false on failure 1507 */ 1508 public function setConnectionLimitNetworkMaxDuration($value) 1509 { 1510 $db = AbstractDb::getObject(); 1511 // Init values 1512 $retVal = true; 1513 1514 if ($value != $this->getConnectionLimitNetworkMaxDuration()) { 1515 $value?$value_sql="'".$db->escapeString($value)."'":$value_sql="NULL"; 1516 $retVal = $db->execSqlUpdate("UPDATE networks SET connection_limit_network_max_usage_duration = $value_sql WHERE network_id = '{$this->getId()}'", false); 1517 $this->refresh(); 1518 } 1519 return $retVal; 1520 } 1521 1522 /** Maximum data transfer during the abuse control window, in bytes 1523 * 1524 * @return integer Number of bytes 1525 */ 1526 public function getConnectionLimitNodeMaxTotalBytes() 1527 { 1528 return $this->_row['connection_limit_node_max_total_bytes']; 1529 } 1530 1531 /** 1532 * Maximum data transfer during the abuse control window, in bytes 1533 * 1534 * @param $value integer Number of bytes 1535 * 1536 * @return bool True on success, false on failure 1537 */ 1538 public function setConnectionLimitNodeMaxTotalBytes($value) 1539 { 1540 $db = AbstractDb::getObject(); 1541 // Init values 1542 $retVal = true; 1543 1544 if ($value != $this->getConnectionLimitNodeMaxTotalBytes()) { 1545 $value?$value_sql="'".$db->escapeString($value)."'":$value_sql="NULL"; 1546 $retVal = $db->execSqlUpdate("UPDATE networks SET connection_limit_node_max_total_bytes = $value_sql WHERE network_id = '{$this->getId()}'", false); 1547 $this->refresh(); 1548 } 1549 return $retVal; 1550 } 1551 1552 /** Maximum connection duration during the abuse control window 1553 * 1554 * @return string Interval as returned by postgresql 1555 */ 1556 public function getConnectionLimitNodeMaxDuration() 1557 { 1558 return $this->_row['connection_limit_node_max_usage_duration']; 1559 } 1560 1561 /** Maximum connection duration during the abuse control window 1562 * 1563 * @param string $value The new creation date 1564 * 1565 * @return bool True on success, false on failure 1566 */ 1567 public function setConnectionLimitNodeMaxDuration($value) 1568 { 1569 $db = AbstractDb::getObject(); 1570 // Init values 1571 $retVal = true; 1572 1573 if ($value != $this->getConnectionLimitNodeMaxDuration()) { 1574 $value?$value_sql="'".$db->escapeString($value)."'":$value_sql="NULL"; 1575 $retVal = $db->execSqlUpdate("UPDATE networks SET connection_limit_node_max_usage_duration = $value_sql WHERE network_id = '{$this->getId()}'", false); 1576 $this->refresh(); 1577 } 1578 return $retVal; 1579 } 1580 1469 1581 1470 1582 /** … … 1614 1726 1615 1727 /* 1728 * Dynamic abuse control 1729 */ 1730 $html_dynamic_abuse_control = array(); 1731 $permArray=null; 1732 $permArray[]=array(Permission::P('NETWORK_PERM_EDIT_DYNAMIC_ABUSE_CONTROL'), $this); 1733 if (Security::hasAnyPermission($permArray)) { 1734 // connection_limit_window 1735 $title = _("Abuse control window"); 1736 $help = _("The length of the window (in seconds) during which the user must not have exceeded the limits below. Typically a month (259200 s) or a week (604800s). A user who exceeds the limits will be denied access until his usage falls below the limits."); 1737 $data = InterfaceElements::generateInputText("network_" . $this->getId() . "_connection_limit_window", $this->getConnectionLimitWindow(), "network_connection_limit_window_input"); 1738 $html_dynamic_abuse_control[] = InterfaceElements::generateAdminSectionContainer("network_connection_limit_window", $title, $data, $help); 1739 1740 // connection_limit_network_max_total_bytes 1741 $title = _("Network max total bytes transfered"); 1742 $help = _("Maximum data transfer during the abuse control window"); 1743 $data = InterfaceElements::generateInputText("network_" . $this->getId() . "_connection_limit_network_max_total_bytes", $this->getConnectionLimitNetworkMaxTotalBytes(), "network_connection_limit_network_max_total_bytes"); 1744 $html_dynamic_abuse_control[] = InterfaceElements::generateAdminSectionContainer("network_connection_limit_network_max_total_bytes", $title, $data, $help); 1745 1746 // connection_limit_network_max_usage_duration 1747 $title = _("Network max connection duration"); 1748 $help = _("Maximum connection duration during the abuse control window"); 1749 $data = InterfaceElements::generateInputText("network_" . $this->getId() . "_connection_limit_network_max_usage_duration", $this->getConnectionLimitNetworkMaxDuration(), "network_connection_limit_network_max_usage_duration"); 1750 $html_dynamic_abuse_control[] = InterfaceElements::generateAdminSectionContainer("network_connection_limit_network_max_usage_duration", $title, $data, $help); 1751 1752 // connection_limit_node_max_total_bytes 1753 $title = _("Node max total bytes transfered"); 1754 $help = _("Maximum data transfer during the abuse control window"); 1755 $data = InterfaceElements::generateInputText("network_" . $this->getId() . "_connection_limit_node_max_total_bytes", $this->getConnectionLimitNodeMaxTotalBytes(), "network_connection_limit_node_max_total_bytes"); 1756 $html_dynamic_abuse_control[] = InterfaceElements::generateAdminSectionContainer("network_connection_limit_node_max_total_bytes", $title, $data, $help); 1757 1758 // connection_limit_node_max_usage_duration 1759 $title = _("Node max connection duration"); 1760 $help = _("Maximum connection duration during the abuse control window"); 1761 $data = InterfaceElements::generateInputText("network_" . $this->getId() . "_connection_limit_node_max_usage_duration", $this->getConnectionLimitNodeMaxDuration(), "network_connection_limit_node_max_usage_duration"); 1762 $html_dynamic_abuse_control[] = InterfaceElements::generateAdminSectionContainer("network_connection_limit_node_max_usage_duration", $title, $data, $help); 1763 } 1764 else{ 1765 $html_dynamic_abuse_control[] = _("You do not have access to edit these options"); 1766 } 1767 // Build section 1768 $html .= InterfaceElements::generateAdminSectionContainer("network_user_verification", _("Dynamic abuse control"), implode(null, $html_dynamic_abuse_control)); 1769 1770 /* 1616 1771 * Access management 1617 1772 */ … … 1751 1906 $this->setCustomPortalRedirectAllowed(empty ($_REQUEST[$name]) ? false : true); 1752 1907 1908 /* 1909 * Dynamic abuse control 1910 */ 1911 $html_dynamic_abuse_control = array(); 1912 $permArray=null; 1913 $permArray[]=array(Permission::P('NETWORK_PERM_EDIT_DYNAMIC_ABUSE_CONTROL'), $this); 1914 if (Security::hasAnyPermission($permArray)) { 1915 // connection_limit_window 1916 $name = "network_" . $this->getId() . "_connection_limit_window"; 1917 $this->setConnectionLimitWindow($_REQUEST[$name]); 1918 1919 // connection_limit_network_max_total_bytes 1920 $name = "network_" . $this->getId() . "_connection_limit_network_max_total_bytes"; 1921 $this->setConnectionLimitNetworkMaxTotalBytes($_REQUEST[$name]); 1922 1923 // connection_limit_network_max_usage_duration 1924 $name = "network_" . $this->getId() . "_connection_limit_network_max_usage_duration"; 1925 $this->setConnectionLimitNetworkMaxDuration($_REQUEST[$name]); 1926 1927 // connection_limit_node_max_total_bytes 1928 $name = "network_" . $this->getId() . "_connection_limit_node_max_total_bytes"; 1929 $this->setConnectionLimitNodeMaxTotalBytes($_REQUEST[$name]); 1930 1931 // connection_limit_node_max_usage_duration 1932 $name = "network_" . $this->getId() . "_connection_limit_node_max_usage_duration"; 1933 $this->setConnectionLimitNodeMaxDuration($_REQUEST[$name]); 1934 } 1935 1753 1936 // Access rights 1754 1937 require_once('classes/Stakeholder.php'); -
trunk/wifidog-auth/wifidog/classes/Node.php
r1350 r1351 1032 1032 public function getAdminUI() 1033 1033 { 1034 $permArray=null; 1034 1035 $permArray[]=array(Permission::P('NETWORK_PERM_EDIT_ANY_NODE_CONFIG'), $this->getNetwork()); 1035 1036 $permArray[]=array(Permission::P('NODE_PERM_EDIT_CONFIG'), $this); … … 1044 1045 // Get information about the network 1045 1046 $network = $this->getNetwork(); 1046 1047 // Check if user is a admin 1048 $_userIsAdmin = User::getCurrentUser()->DEPRECATEDisSuperAdmin(); 1049 1047 1050 1048 $node_id = $this->getId(); 1051 1049 … … 1249 1247 * Access rights 1250 1248 */ 1251 if ( $_userIsAdmin) {1249 if (User::getCurrentUser()->DEPRECATEDisSuperAdmin()) { 1252 1250 require_once('classes/Stakeholder.php'); 1253 1251 $html_access_rights = Stakeholder::getAssignStakeholdersUI($this); -
trunk/wifidog-auth/wifidog/classes/Permission.php
r1324 r1351 90 90 $PERMISSIONS['NETWORK_PERM_EDIT_ANY_NODE_CONFIG'] = array(_("User is allowed to edit any configuration of any node on the network"), StakeholderType::Network, true); 91 91 $PERMISSIONS['NETWORK_PERM_ADD_NODE'] = array(_("User is allowed to create a new Node on this network"), StakeholderType::Network, true); 92 92 $PERMISSIONS['NETWORK_PERM_EDIT_DYNAMIC_ABUSE_CONTROL'] = array(_("User is allowed to set dynamic abuse control options for the network"), StakeholderType::Network, false); 93 93 94 $PERMISSIONS['SERVER_PERM_EDIT_ROLES'] = array(_("User is allowed to edit user role definitions"), StakeholderType::Server, true); 94 95 $PERMISSIONS['SERVER_PERM_EDIT_ANY_VIRTUAL_HOST'] = array(_("User is allowed to edit any virtual host definition"), StakeholderType::Server, true); -
trunk/wifidog-auth/wifidog/classes/User.php
r1350 r1351 521 521 } 522 522 523 /** Retrieves the connection history necessary for abuse control 524 525 * @return false if abuse control is disabled */ 526 527 static function getAbuseControlConnectionHistory($user = null, $mac = null, $node = null) { 528 if (!$user) { 529 $user = User::getCurrentUser(); 530 } 531 if (!$node) { 532 $node = Node::getCurrentNode();//Maybe this should be getCurrentRealNode, but it would make debuging harder 533 } 534 $network = $node->getNetwork(); 535 536 $db = AbstractDb::getObject(); 537 538 if ($network->getConnectionLimitWindow()) { 539 //$sql = " SELECT * from connections \n";//For debugging 540 $sql = " SELECT \n"; 541 $sql .= " SUM (incoming+outgoing) AS network_total_bytes, \n"; 542 $sql .= " SUM (CASE WHEN node_id = '".$node->getId()."' THEN (incoming+outgoing) END) AS node_total_bytes, \n"; 543 $sql .= " SUM (timestamp_out - timestamp_in) AS network_duration, \n"; 544 $sql .= " SUM (CASE WHEN node_id = '".$node->getId()."' THEN (timestamp_out - timestamp_in) END) AS node_duration \n";//For real 545 $sql .= " FROM connections \n";//For real 546 $sql .= " JOIN nodes USING (node_id) \n"; 547 $sql .= " JOIN networks USING (network_id) \n"; 548 $sql .= " JOIN tokens ON (tokens.token_id = connections.token_id) \n"; 549 $sql .= " WHERE 1=1 \n"; 550 551 if ($mac) { 552 //Catch some cheaters 553 $mac = $db->escapeString($mac); 554 $mac_sql_or = " OR connections.user_mac = '$mac' "; 555 } 556 else { 557 $mac_sql_or = null; 558 } 559 $sql .= " AND (connections.user_id = '".$user->getId()."' $mac_sql_or ) \n"; 560 561 $sql .= " AND (timestamp_in > CURRENT_TIMESTAMP - networks.connection_limit_window OR tokens.token_status = '".TOKEN_INUSE."')"; //Get every connection within the window plus any still active connection, even if it started before the window 562 563 $subselect = $sql; 564 $sql = " SELECT subselect.*, \n"; 565 $sql .= " networks.connection_limit_window, \n"; 566 $sql .= " networks.connection_limit_network_max_total_bytes, COALESCE(network_total_bytes>networks.connection_limit_network_max_total_bytes, false) AS network_total_bytes_exceeded_limit, \n"; 567 $sql .= " networks.connection_limit_node_max_total_bytes, COALESCE(node_total_bytes>networks.connection_limit_node_max_total_bytes, false) AS node_total_bytes_exceeded_limit, \n"; 568 $sql .= " networks.connection_limit_network_max_usage_duration, COALESCE(network_duration>networks.connection_limit_network_max_usage_duration, false) AS network_duration_exceeded_limit, \n"; 569 $sql .= " networks.connection_limit_node_max_usage_duration, COALESCE(node_duration>networks.connection_limit_node_max_usage_duration, false) AS node_duration_exceeded_limit \n"; 570 571 $sql .= " FROM ($subselect) AS subselect JOIN networks ON (network_id = '".$network->getId()."')"; 572 573 $db->execSqlUniqueRes($sql, $connection_limits_report, false); 574 return $connection_limits_report; 575 } 576 else { 577 return false; 578 } 579 } 580 581 /** Takes the same paramaters as getAbuseControlConnectionHistory, and tells you if the abuse limits are busted 582 583 * @return false if abuse control respected, else a string containing the reason(s) for the bust */ 584 585 static function isAbuseControlViolated($user = null, $mac = null, $node = null) { 586 $retval = false; 587 $abuseControlReport = self::getAbuseControlConnectionHistory($user, $mac, $node); 588 if($abuseControlReport) { 589 //pretty_print_r($abuseControlReport); 590 591 if($abuseControlReport['network_total_bytes_exceeded_limit']=='t') { 592 $retval .= sprintf(_("During the last %s period, you transfered %d bytes throughout the network, which exceeds the %d bytes limit."), $abuseControlReport['connection_limit_window'], $abuseControlReport['network_total_bytes'], $abuseControlReport['connection_limit_network_max_total_bytes']); 593 } 594 if($abuseControlReport['node_total_bytes_exceeded_limit']=='t') { 595 $retval .= sprintf(_("During the last %s period, you transfered %d bytes at this node, which exceeds the %d bytes limit."), $abuseControlReport['connection_limit_window'], $abuseControlReport['node_total_bytes'], $abuseControlReport['connection_limit_node_max_total_bytes']); 596 } 597 if($abuseControlReport['network_duration_exceeded_limit']=='t') { 598 $retval .= sprintf(_("During the last %s period, you were online for a duration of %s throughout the network, which exceeds the %s limit."), $abuseControlReport['connection_limit_window'], $abuseControlReport['network_duration'], $abuseControlReport['connection_limit_network_max_usage_duration']); 599 } 600 if($abuseControlReport['node_duration_exceeded_limit']=='t') { 601 $retval .= sprintf(_("During the last %s period, you were online for a duration of %s at this node, which exceeds the %s limit."), $abuseControlReport['connection_limit_window'], $abuseControlReport['node_duration'], $abuseControlReport['connection_limit_node_max_usage_duration']); 602 } 603 } 604 return $retval; 605 } 523 606 /** Generate a token in the connection table so the user can actually use the internet 524 607 @return true on success, false on failure … … 536 619 //echo "$session && $node_ip && {$session->get(SESS_NODE_ID_VAR)}"; 537 620 $node_id = $db->escapeString($session->get(SESS_NODE_ID_VAR)); 538 621 $abuseControlFault = User::isAbuseControlViolated($this, null, Node::getObject($node_id)); 622 if($abuseControlFault) { 623 throw new Exception ($abuseControlFault); 624 } 539 625 /* 540 626 * Delete all unused tokens for this user, so we don't fill the database … … 543 629 $sql = "DELETE FROM connections USING tokens "."WHERE tokens.token_id=connections.token_id AND token_status='".TOKEN_UNUSED."' AND user_id = '".$this->getId()."';\n"; 544 630 // TODO: Try to find a reusable token before creating a brand new one! 545 631 546 632 $sql .= "INSERT INTO tokens (token_owner, token_issuer, token_id, token_status) VALUES ('" . $this->getId() . "', '" . $this->getId() . "', '$token', '" . TOKEN_UNUSED . "');\n"; 547 633 $sql .= "INSERT INTO connections (user_id, token_id, timestamp_in, node_id, node_ip, last_updated) VALUES ('" . $this->getId() . "', '$token', CURRENT_TIMESTAMP, '$node_id', '$node_ip', CURRENT_TIMESTAMP)"; 548 634 $db->execSqlUpdate($sql, false); 549 635 $retval = $token; 550 } else 551 $retval = false; 552 } else { 636 } 637 else { 638 $retval = false; 639 } 640 } 641 else { 553 642 $retval = false; 554 643 } -
trunk/wifidog-auth/wifidog/config.php
r1300 r1351 108 108 * ======= 109 109 * 110 * Experimental: If you installed PEAR::Cache_Lite and set this value to true, caching110 * Experimental: If you installed PEAR::Cache_Lite and set this value to true, additional caching 111 111 * will be enabled. 112 112 * -
trunk/wifidog-auth/wifidog/include/schema_validate.php
r1350 r1351 48 48 * Define current database schema version 49 49 */ 50 define('REQUIRED_SCHEMA_VERSION', 6 0);50 define('REQUIRED_SCHEMA_VERSION', 61); 51 51 /** Used to test a new shecma version before modyfying the database */ 52 52 define('SCHEMA_UPDATE_TEST_MODE', false); … … 1383 1383 $sql .= "ALTER TABLE connections RENAME COLUMN token TO token_id;\n"; 1384 1384 } 1385 /* 1386 1387 1388 */ 1385 $new_schema_version = 61; 1386 if ($schema_version < $new_schema_version && $new_schema_version <= $targetSchema) { 1387 printUpdateVersion($new_schema_version); 1388 $sql .= "\n\nUPDATE schema_info SET value='$new_schema_version' WHERE tag='schema_version';\n"; 1389 1390 $sql .= "ALTER TABLE networks ADD column connection_limit_window interval; \n"; 1391 $sql .= "ALTER TABLE networks ALTER COLUMN connection_limit_window SET DEFAULT NULL;\n"; 1392 $sql .= "ALTER TABLE networks ADD COLUMN connection_limit_network_max_total_bytes integer;\n"; 1393 $sql .= "ALTER TABLE networks ALTER COLUMN connection_limit_network_max_total_bytes SET DEFAULT NULL;\n"; 1394 $sql .= "ALTER TABLE networks ADD COLUMN connection_limit_network_max_usage_duration interval;\n"; 1395 $sql .= "ALTER TABLE networks ALTER COLUMN connection_limit_network_max_usage_duration SET DEFAULT NULL;\n"; 1396 $sql .= "ALTER TABLE networks ADD COLUMN connection_limit_node_max_total_bytes integer;\n"; 1397 $sql .= "ALTER TABLE networks ALTER COLUMN connection_limit_node_max_total_bytes SET DEFAULT NULL;\n"; 1398 $sql .= "ALTER TABLE networks ADD COLUMN connection_limit_node_max_usage_duration interval;\n"; 1399 $sql .= "ALTER TABLE networks ALTER COLUMN connection_limit_node_max_usage_duration SET DEFAULT NULL;\n"; 1400 1401 $sql .= "ALTER TABLE nodes ADD COLUMN connection_limit_node_max_total_bytes_override integer;\n"; 1402 $sql .= "ALTER TABLE nodes ALTER COLUMN connection_limit_node_max_total_bytes_override SET DEFAULT NULL;\n"; 1403 $sql .= "ALTER TABLE nodes ADD COLUMN connection_limit_node_max_usage_duration_override interval;\n"; 1404 $sql .= "ALTER TABLE nodes ALTER COLUMN connection_limit_node_max_usage_duration_override SET DEFAULT NULL;\n"; 1405 1406 } 1407 1389 1408 /* 1390 1409 $new_schema_version = ;
