Context Navigation

← Previous Changeset
Next Changeset →

Changeset 206

Timestamp:

08/28/04 15:20:34 (9 years ago)

Author:

benoitg

Message:

2004-08-28 Benoit Gr�goire <bock@…>

Fix big gaping security hole in login page (password would be ignored if the username was used to login)
PostgreSql? port
Change the method to determine who is online
Stop keeping unused token once user successfully logs in.
Fix missing update of token update date.
Counters wouldn't get updated for stage=LOGOUT
wifidog/auth/index.php: Added a Messages: response in addition to Auth: so we can know what the hell the server is up to. Currently you need to run wifidog in debug level 7 to see it. That message should be parsed so it is visible in debug level 6.
wifidog/auth/index.php: Fix code injection vulnerability.

Location:

trunk/wifidog-auth

Files:

: 2 added
: 1 removed
: 8 modified

ChangeLog (modified) (1 diff)
dump_db_postgres (added)
wifidog-postgres-schema.sql (added)
wifidog.schema (deleted)
wifidog/admin/import_user_database.php (modified) (1 diff)
wifidog/auth/index.php (modified) (2 diffs)
wifidog/classes/AbstractDbPostgres.php (modified) (16 diffs)
wifidog/config.php (modified) (2 diffs)
wifidog/include/common.php (modified) (3 diffs)
wifidog/login/index.php (modified) (3 diffs)
wifidog/portal/index.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wifidog-auth/ChangeLog

r204	r206
1	1	# $Header$
	2	2004-08-28 Benoit Gr�goire <bock@step.polymtl.ca>
	3	* Fix big gaping security hole in login page (password would be ignored if the username was used to login)
	4	* PostgreSql port
	5	* Change the method to determine who is online
	6	* Stop keeping unused token once user successfully logs in.
	7	* Fix missing update of token update date.
	8	* Counters wouldn't get updated for stage=LOGOUT
	9	* wifidog/auth/index.php: Added a Messages: response in addition to Auth: so we can know what the hell the server is up to. Currently you need to run wifidog in debug level 7 to see it. That message should be parsed so it is visible in debug level 6.
	10	* wifidog/auth/index.php: Fix code injection vulnerability.
	11
2	12	2004-08-27 Benoit Gr�goire <bock@step.polymtl.ca>
3	13	* SSL support and RSS improvement

trunk/wifidog-auth/wifidog/admin/import_user_database.php

r174	r206
173	173	$status = ACCOUNT_STATUS_ALLOWED;
174	174	$token = gentoken();
175		$reg_date = ~~time(~~);
	175	$reg_date = iso8601_date(time());
176	176	$password_hash = $db->EscapeString($user['passwd_hash']);
177	177	$username = $db->EscapeString($username);

trunk/wifidog-auth/wifidog/auth/index.php

r158	r206
20	20	* *
21	21	\********************************************************************/
22		/**@file
	22	/**@file index.php
	23	* This is the main auth handler, be very carefull while editing this file.
23	24	* @author Copyright (C) 2004 Benoit Gr�goire et Philippe April
24	25	*/
…	…
26	27	require_once BASEPATH.'include/common.php';
27	28
28		$auth_response = 0;
29		$db->ExecSqlUniqueRes("SELECT * FROM users,connections WHERE users.user_id=connections.user_id AND connections.token='{$_REQUEST['token']}' LIMIT 1", $info, false);
	29	$auth_response = ACCOUNT_STATUS_DENIED;
	30	$auth_message = '';
	31	$token = $db->EscapeString($_REQUEST['token']);
	32	$db->ExecSqlUniqueRes("SELECT * FROM users,connections WHERE users.user_id=connections.user_id AND connections.token='$token'", $info, false);
30	33	if ($info != null)
31	34	{
32		~~switch($_REQUEST['stage']~~)
	35	if ($_REQUEST['stage']== STAGE_LOGIN)
33	36	{
34		~~case STAGE_LOGIN:~~
35	37	if ($info['token_status'] == TOKEN_UNUSED)
36	38	{
37	39	$auth_response = $info['account_status'];
38
39		/* Logging in implies that all other tokens should expire */
40		$sql = '';
41		$sql .= "UPDATE connections SET " .
42		"timestamp_out=NOW()," .
43		"token_status='" . TOKEN_USED . "' " .
44		"WHERE user_id = '{$info['user_id']}' " .
45		"AND token_status='" . TOKEN_INUSE . "';\n";
46		$db->ExecSqlUpdate($sql, false);
	40	/* Login the user */
	41	$mac = $db->EscapeString($_REQUEST['mac']);
	42	$ip = $db->EscapeString($_REQUEST['ip']);
47	43	$sql = "UPDATE connections SET " .
48	44	"token_status='" . TOKEN_INUSE . "'," .
49		"user_mac='{$_REQUEST['mac']}'," .
50		"user_ip='{$_REQUEST['ip']}' " .
51		"WHERE conn_id='{$info['conn_id']}' LIMIT 1;\n";
52		$db->ExecSqlUpdate($sql, false);
53		$sql = "UPDATE users SET " .
54		"online_status='" . ONLINE_STATUS_ONLINE . "' " .
55		"WHERE user_id='{$info['user_id']}' LIMIT 1;\n";
	45	"user_mac='$mac'," .
	46	"user_ip='$ip'," .
	47	"last_updated=NOW()" .
	48	"WHERE conn_id='{$info['conn_id']}';\n";
	49	$db->ExecSqlUpdate($sql, false);
	50
	51	/* Logging in with a new token implies that all other active tokens should expire */
	52	$sql = "UPDATE connections SET " .
	53	"timestamp_out=NOW(), token_status='" . TOKEN_USED . "' " .
	54	"WHERE user_id = '{$info['user_id']}' AND token_status='" . TOKEN_INUSE . "' AND token!='$token';\n";
	55	$db->ExecSqlUpdate($sql, false);
	56	/* Delete all unused tokens for this user, so we don't fill the database with them */
	57	$sql = "DELETE FROM connections "
	58	. "WHERE token_status='" . TOKEN_UNUSED . "' AND user_id = '{$info['user_id']}';\n";
56	59	$db->ExecSqlUpdate($sql, false);
57	60	}
58		break;
	61	else
	62	{
	63	$auth_message .= "\| Tried to login with a token that wasn't TOKEN_UNUSED. ";
	64	}
	65	}
	66	else if($_REQUEST['stage']==STAGE_LOGOUT \|\| $_REQUEST['stage']==STAGE_COUNTERS)
	67	{
	68	if($_REQUEST['stage']==STAGE_LOGOUT)
	69	{
	70	$db->ExecSqlUpdate("UPDATE connections SET " .
	71	"timestamp_out=NOW()," .
	72	"token_status='" . TOKEN_USED . "' " .
	73	"WHERE conn_id='{$info['conn_id']}';\n");
	74	$auth_message .= "\| User is now logged out. ";
	75	}
	76
	77	if( $_REQUEST['stage']==STAGE_COUNTERS)
	78	{
	79	if ($info['token_status'] == TOKEN_INUSE)
	80	{
	81	/* This is for the 15 minutes validation period */
	82	if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && (time() >= (strtotime($info['reg_date']) + (60*15))))
	83	{
	84	$auth_response = ACCOUNT_STATUS_VALIDATION_FAILED;
	85	$db->ExecSqlUpdate("UPDATE users SET account_status='".ACCOUNT_STATUS_VALIDATION_FAILED."' WHERE user_id='{$info['user_id']}'");
	86	$auth_message .= "\| The validation period has now expired. ";
	87	}
	88	else
	89	{
	90	$auth_response = $info['account_status'];
	91	}
	92	}
59	93
60		case STAGE_LOGOUT:
61		$sql = '';
62		$sql .= "UPDATE connections SET " .
63		"timestamp_out=NOW()," .
64		"token_status='" . TOKEN_USED . "' " .
65		"WHERE conn_id='{$info['conn_id']}' LIMIT 1;\n";
	94	}
66	95
67		$sql .= "UPDATE users SET " .
68		"online_status='" . ONLINE_STATUS_OFFLINE . "'" .
69		"WHERE user_id='{$info['user_id']}' LIMIT 1;\n";
70		$db->ExecSqlUpdate($sql);
71		break;
72
73		case STAGE_COUNTERS:
74		if ($info['token_status'] == TOKEN_INUSE) {
75		$auth_response = $info['account_status'];
	96	if (!empty($_REQUEST['incoming']) && !empty($_REQUEST['outgoing']))
	97	{
	98	$incoming = $db->EscapeString($_REQUEST['incoming']);
	99	$outgoing = $db->EscapeString($_REQUEST['outgoing']);
76	100
77		/* This is for the 15 minutes validation period */
78		if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && (time() >= ($info['reg_date'] + (60*15))))
79		{
80		$info['account_status'] = ACCOUNT_STATUS_VALIDATION_FAILED;
81		$db->ExecSqlUpdate("UPDATE users SET account_status='{$info['account_status']}' WHERE user_id='{$info['user_id']}'");
82		}
	101	if (($incoming > $info['incoming']) \|\|
	102	($outgoing > $info['outgoing']))
	103	{
	104	$db->ExecSqlUpdate("UPDATE connections SET " .
	105	"incoming='$incoming'," .
	106	"outgoing='$outgoing'," .
	107	"last_updated=NOW() " .
	108	"WHERE conn_id='{$info['conn_id']}'"
	109	);
	110	$auth_message .= "\| Updated counters. ";
	111	}
	112	else
	113	{
	114	$auth_message .= "\| Warning: Incoming or outgoing counter is smaller than what is stored in the database; counters not updated. ";
83	115
84		if ($_REQUEST['incoming'] && $_REQUEST['outgoing'])
85		{
86		if (($_REQUEST['incoming'] > $info['incoming']) \|\|
87		($_REQUEST['outgoing'] > $info['outgoing']))
88		{
89		$db->ExecSqlUpdate("UPDATE connections SET " .
90		"incoming='{$_REQUEST['incoming']}'," .
91		"outgoing='{$_REQUEST['outgoing']}' " .
92		"WHERE conn_id='{$info['conn_id']}' LIMIT 1"
93		);
94		}
95		}
96		}
97
98		break;
99
100		default:
101		echo "Unknown stage";
102		break;
103		}// End switch
	116	}
	117	}
	118	else
	119	{
	120	$auth_message .= "\| Incoming or outgoing counter is missing; counters not updated. ";
	121	}
	122	}
	123	else
	124	{
	125	$auth_message .= "\| Error: Unknown stage. ";
	126	$auth_response = ACCOUNT_STATUS_ERROR;
	127	}
	128	}
	129	else
	130	{
	131	$auth_message .= "\| Error: couldn't find the requested token. ";
	132	$auth_response = ACCOUNT_STATUS_ERROR;
104	133	}
105	134
106	135	echo "Auth: $auth_response\n";
	136	echo "Messages: $auth_message\n"
107	137	?>

trunk/wifidog-auth/wifidog/classes/AbstractDbPostgres.php

r204	r206
1	1	<?php
2	2	/********************************************************************\
3		* This program is free software; you can redistribute it and/or *
4		* modify it under the terms of the GNU General Public License as *
5		* published by the Free Software Foundation; either version 2 of *
6		* the License, or (at your option) any later version. *
7		* *
8		* This program is distributed in the hope that it will be useful, *
9		* but WITHOUT ANY WARRANTY; without even the implied warranty of *
10		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
11		* GNU General Public License for more details. *
12		* *
13		* You should have received a copy of the GNU General Public License *
14		* along with this program; if not, contact: *
15		* *
16		* Free Software Foundation Voice: +1-617-542-5942 *
17		* 59 Temple Place - Suite 330 Fax: +1-617-542-2652 *
18		* Boston, MA 02111-1307, USA gnu@gnu.org *
19		* *
	3	* This program is free software; you can redistribute it and/or *
	4	* modify it under the terms of the GNU General Public License as *
	5	* published by the Free Software Foundation; either version 2 of *
	6	* the License, or (at your option) any later version. *
	7	* *
	8	* This program is distributed in the hope that it will be useful, *
	9	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	11	* GNU General Public License for more details. *
	12	* *
	13	* You should have received a copy of the GNU General Public License*
	14	* along with this program; if not, contact: *
	15	* *
	16	* Free Software Foundation Voice: +1-617-542-5942 *
	17	* 59 Temple Place - Suite 330 Fax: +1-617-542-2652 *
	18	* Boston, MA 02111-1307, USA gnu@gnu.org *
	19	* *
20	20	\********************************************************************/
21	21	/**@file AbstractBd.php
…	…
23	23	*/
24	24	error_reporting(E_ALL);
25		/** Classe statique, permet d'abstraire la connexion ~~à la base de donné~~e
	25	/** Classe statique, permet d'abstraire la connexion � la base de donn�e
26	26	*/
27		class AbstractBd
	27	class AbstractDb
28	28	{
29		function connexion~~Bd($str_baseDonnees~~)
30		{
31		if ($~~str_baseDonnees~~ == NULL)
32		{
33		$~~str_baseDonnees~~ = CONF_DATABASE_NAME;
34		}
35
36		$conn_string = "host=".CONF_DATABASE_HOST." dbname=$~~str_baseDonnees~~ user=".CONF_DATABASE_USER." password=".CONF_DATABASE_PASSWORD."";
	29	function connexionDb($db_name)
	30	{
	31	if ($db_name == NULL)
	32	{
	33	$db_name = CONF_DATABASE_NAME;
	34	}
	35
	36	$conn_string = "host=".CONF_DATABASE_HOST." dbname=$db_name user=".CONF_DATABASE_USER." password=".CONF_DATABASE_PASSWORD."";
37	37	$ptr_connexion = pg_connect($conn_string);
38	38
39	39	if ($ptr_connexion == FALSE)
40	40	{
41		echo "~~Impossible de le connecter à $conn_string~~";
	41	echo "<p class=warning>Unable to connect to database on ".CONF_DATABASE_HOST."</p>\n";
42	42	return FALSE;
43	43	}
…	…
46	46	}
47	47
48		/**Ex~~écute la requête, et retourne le ré~~sultat. Affiche l'erreur s'il y a lieu.
49		@param $sql Requ~~ête SELECT à exé~~cuter
50		@param $returnResults un array ~~à deux dimensions des rangées de résultats, NULL si aucun ré~~sultats.
51		@param $debug Si TRUE, affiche les r~~ésultats bruts de la requê~~te
52		@return TRUE si la requete a ~~été effectuée avec succè~~s, FALSE autrement.
	48	/**Ex�cute la requ�te, et retourne le r�sultat. Affiche l'erreur s'il y a lieu.
	49	@param $sql Requ�te SELECT � ex�cuter
	50	@param $returnResults un array � deux dimensions des rang�es de r�sultats, NULL si aucun r�sultats.
	51	@param $debug Si TRUE, affiche les r�sultats bruts de la requ�te
	52	@return TRUE si la requete a �t� effectu�e avec succ�s, FALSE autrement.
53	53	*/
54		function Exec~~uterSql($sql, & $returnResults, $debug~~)
55		{
56		$connection = $this -> connexionBd(NULL);
57		if ($debug == TRUE)
58		{
59		echo "<hr /><p>ExecuterSql(): DEBUG: Requête:<br>\n<pre>$sql</pre></p>\n<p>Plan:<br />\n";
	54	function ExecSql($sql, & $returnResults, $debug=false)
	55	{
	56	$connection = $this -> connexionDb(NULL);
	57	if ($debug == TRUE)
	58	{
	59	echo "<hr /><p>ExecuterSql(): DEBUG: Requ�te:<br>\n<pre>$sql</pre></p>\n<p>Plan:<br />\n";
60	60	$result = pg_query($connection, "EXPLAIN ".$sql);
61	61
…	…
89	89	if ($debug == TRUE)
90	90	{
91		echo "<P>Temps ~~écoulé pour la requê~~te SQL: $sql_timetaken seconde(s)</P>\n";
	91	echo "<P>Temps �coul� pour la requ�te SQL: $sql_timetaken seconde(s)</P>\n";
92	92	}
93	93
94	94	if ($result == FALSE)
95	95	{
96		echo "<p>ExecuterSql(): ERREUR: Lors de l'ex~~écution de la requê~~te SQL:<br>$sql</p>";
	96	echo "<p>ExecuterSql(): ERREUR: Lors de l'ex�cution de la requ�te SQL:<br>$sql</p>";
97	97	echo "<p>L'erreur est:<br>".pg_last_error($connection)."</p>";
98	98	$returnResults = NULL;
…	…
112	112	{
113	113	$num_rows = pg_num_rows($result);
114		echo "<p>ExecuterSql(): DEBUG: Il y a $num_rows résultats:<br><TABLE class='spreadsheet'>";
	114	echo "<p>ExecuterSql(): DEBUG: Il y a $num_rows r�sultats:<br><TABLE class='spreadsheet'>";
115	115	if ($returnResults != NULL)
116	116	{
117		//On affiche l'en-tête des colonnes une seule fois*/
	117	//On affiche l'en-t�te des colonnes une seule fois*/
118	118	echo "<TR class='spreadsheet'>";
119	119	while (list ($col_name, $col_content) = each($returnResults[0]))
…	…
139	139	}
140	140
141		/**Retourne une chaine de caractère dans un format compatible pour stockage dans la bd
142		@param $chaine La cha~~îne de caractère à~~ nettoyer
143		@return La cha~~îne nettoyé~~e
144		*/
145		function ~~NettoyerChaine~~($chaine)
	141	/**Retourne une chaine de caract�re dans un format compatible pour stockage dans la bd
	142	@param $chaine La cha�ne de caract�re � nettoyer
	143	@return La cha�ne nettoy�e
	144	*/
	145	function EscapeString($chaine)
146	146	{
147	147	if (true) //if (!get_magic_quotes_gpc())
…	…
155	155	}
156	156
157		/** Nettoye une chaine de caractère dans un format compatible bytea.
158		@param $chaine La cha~~îne de caractère à~~ nettoyer
159		@return La cha~~îne nettoyé~~e (escaped string)
	157	/** Nettoye une chaine de caract�re dans un format compatible bytea.
	158	@param $chaine La cha�ne de caract�re � nettoyer
	159	@return La cha�ne nettoy�e (escaped string)
160	160	*/
161	161
…	…
166	166	}
167	167
168		/** Reconverti une chaine de caractère en format bytea pur.
169		@param $chaine La cha~~îne de caractè~~re
170		@return La chaîne reconvertie en format original (unescaped string)
	168	/** Reconverti une chaine de caract�re en format bytea pur.
	169	@param $chaine La cha�ne de caract�re
	170	@return La cha�ne reconvertie en format original (unescaped string)
171	171	*/
172	172
…	…
177	177	}
178	178
179		/**Ex~~écute une requête pour laquelle on prévoit un résultat UNIQUE. Si le résultat n'est pas unique, un avertissement est affiché~~
180		@param $sql Requ~~ête SELECT à exé~~cuter
181		@param $retVal un array des colonnes de la rang~~ée retournée, NULL si aucun ré~~sultats.
182		@param $debug Si TRUE, affiche les r~~ésultats bruts de la requê~~te
183		@return TRUE si la requete a ~~été effectuée avec succè~~s, FALSE autrement.
184		*/
185		function Exec~~uterSqlResUnique($sql, & $retVal, $debug~~)
	179	/**Ex�cute une requ�te pour laquelle on pr�voit un r�sultat UNIQUE. Si le r�sultat n'est pas unique, un avertissement est affich�
	180	@param $sql Requ�te SELECT � ex�cuter
	181	@param $retVal un array des colonnes de la rang�e retourn�e, NULL si aucun r�sultats.
	182	@param $debug Si TRUE, affiche les r�sultats bruts de la requ�te
	183	@return TRUE si la requete a �t� effectu�e avec succ�s, FALSE autrement.
	184	*/
	185	function ExecSqlUniqueRes($sql, & $retVal, $debug=false)
186	186	{
187	187	$retval = TRUE;
188	188	if ($debug == TRUE)
189	189	{
190		echo "<hr /><p>Requête: <br><pre>$sql</pre></p>";
191		}
192		$connection = $this -> connexionBd(NULL);
	190	echo "<hr /><p>Requ�te: <br><pre>$sql</pre></p>";
	191	}
	192	$connection = $this -> connexionDb(NULL);
193	193
194	194	$sql_starttime = microtime();
…	…
214	214	if ($debug == TRUE)
215	215	{
216		echo "<P>Temps ~~écoulé pour la requê~~te SQL: $sql_timetaken seconde(s)</P>\n";
	216	echo "<P>Temps �coul� pour la requ�te SQL: $sql_timetaken seconde(s)</P>\n";
217	217	}
218	218
219	219	if ($result == FALSE)
220	220	{
221		echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex~~écution de la requê~~te SQL:<br>$sql</p>";
	221	echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex�cution de la requ�te SQL:<br>$sql</p>";
222	222	echo "<p>L'erreur est:<br>".pg_last_error($connection)."</p>";
223	223	$retval = FALSE;
…	…
229	229	if (pg_num_rows($result) > 1)
230	230	{
231		echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex~~écution de la requê~~te SQL:<br>$sql</p>";
232		echo "<p>Il y a ".pg_num_rows($result)." résultats alors qu'il ne devrait y en avoir qu'un seul.</p>";
	231	echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex�cution de la requ�te SQL:<br>$sql</p>";
	232	echo "<p>Il y a ".pg_num_rows($result)." r�sultats alors qu'il ne devrait y en avoir qu'un seul.</p>";
233	233	$retval = FALSE;
234	234	$debug = true;
…	…
239	239	{
240	240	$num_rows = pg_num_rows($result);
241		echo "<p>ExecuterSqlResUnique(): DEBUG: Il y a $num_rows résultats:<br><TABLE class='spreadsheet'>";
	241	echo "<p>ExecuterSqlResUnique(): DEBUG: Il y a $num_rows r�sultats:<br><TABLE class='spreadsheet'>";
242	242	if ($returnResults != NULL)
243	243	{
244		//On affiche l'en-tête des colonnes une seule fois*/
	244	//On affiche l'en-t�te des colonnes une seule fois*/
245	245	echo "<TR class='spreadsheet'>";
246	246	while (list ($col_name, $col_content) = each($returnResults[0]))
…	…
268	268	}
269	269
270		/**Ex~~écute une requête visant à modifier la base de donnée, et donc ne retournant aucun ré~~sultat.
271		@param $sql Requ~~ête SELECT à exé~~cuter
272		@param $debug Si TRUE, affiche la requête brute
273		*/
274		function Exec~~uterSqlUpdate($sql, $debug~~)
275		{
276		$connection = $this -> connexionBd(NULL);
277		if ($debug == TRUE)
278		{
279		echo "<hr /><p>ExecuterSqlUpdate(): DEBUG: Requête:<br>\n<pre>$sql</pre></p>\n";
	270	/**Ex�cute une requ�te visant � modifier la base de donn�e, et donc ne retournant aucun r�sultat.
	271	@param $sql Requ�te SELECT � ex�cuter
	272	@param $debug Si TRUE, affiche la requ�te brute
	273	*/
	274	function ExecSqlUpdate($sql, $debug=false)
	275	{
	276	$connection = $this -> connexionDb(NULL);
	277	if ($debug == TRUE)
	278	{
	279	echo "<hr /><p>ExecuterSqlUpdate(): DEBUG: Requ�te:<br>\n<pre>$sql</pre></p>\n";
280	280	}
281	281
…	…
302	302	if ($debug == TRUE)
303	303	{
304		echo "<P>".pg_affected_rows($result)." rang~~ées affectées par la requê~~te SQL<br>\n";
305		echo "Temps ~~écoulé~~: $sql_timetaken seconde(s)</P>\n";
	304	echo "<P>".pg_affected_rows($result)." rang�es affect�es par la requ�te SQL<br>\n";
	305	echo "Temps �coul�: $sql_timetaken seconde(s)</P>\n";
306	306	}
307	307
308	308	if ($result == FALSE)
309	309	{
310		echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex~~écution de la requê~~te SQL:<br><pre>$sql</pre></p>";
	310	echo "<p>ExecuterSqlResUnique(): ERREUR: Lors de l'ex�cution de la requ�te SQL:<br><pre>$sql</pre></p>";
311	311	echo "<p>L'erreur est:<br>".pg_last_error()."<br>".pg_result_error($result)."</p>";
312	312	}
…	…
315	315	if ($debug == TRUE)
316	316	{
317		echo "<p>ExecuterSqlUpdate(): DEBUG: ".pg_affected_rows($result)." rang~~ée(s) affecté~~e(s)</p><hr />\n";
	317	echo "<p>ExecuterSqlUpdate(): DEBUG: ".pg_affected_rows($result)." rang�e(s) affect�e(s)</p><hr />\n";
318	318	}
319	319	return $result;
…	…
365	365	}
366	366
367		} /* end class AbstractBd */
	367	} /* end class AbstractDb */
368	368	?>
369

trunk/wifidog-auth/wifidog/config.php

r205	r206
4	4	define('CONF_DATABASE_NAME', 'wifidog');
5	5	define('CONF_DATABASE_USER', 'wifidog');
6		define('CONF_DATABASE_PASSWORD', '');
	6	define('CONF_DATABASE_PASSWORD', 'wifidogtest');
7	7
8	8	/************************* Common setup option. Adjust to suit your environment *****************************/
…	…
30	30
31	31	/** Defines which Database management software you want to use */
32		define('CONF_DBMS',DBMS_~~MYSQL~~);
	32	define('CONF_DBMS',DBMS_POSTGRES);
33	33
34	34	/*** You should normally not have to edit anything below this ****/

trunk/wifidog-auth/wifidog/include/common.php

r204	r206
114	114	}
115	115
	116	function iso8601_date($unix_timestamp) {
	117	$tzd = date('O',$unix_timestamp);
	118	$tzd = substr(chunk_split($tzd, 3, ':'),0,6);
	119	$date = date('Y-m-d\TH:i:s', $unix_timestamp) . $tzd;
	120	return $date;
	121	}
	122
116	123	/** Cleanup dangling tokens and connections from the database, left if a gateway crashed, etc. */
117	124	function garbage_collect()
…	…
121	128	// 10 minutes
122	129	$expiration = time() - 60*10;
123		$db -> ExecSqlUpdate ("UPDATE connections SET token_status='" . TOKEN_USED . "' WHERE UNIX_TIMESTAMP(last_updated) < $expiration");
	130	$expiration=iso8601_date($expiration);
	131	$db -> ExecSqlUpdate ("UPDATE connections SET token_status='" . TOKEN_USED . "' WHERE last_updated < '$expiration' AND token_status = '".TOKEN_INUSE."'", false);
124	132
125
126		$db -> ExecSql("SELECT user_id FROM users WHERE online_status='" . ONLINE_STATUS_ONLINE . "'", $users);
	133	/* Not needed anymore
	134	$db -> ExecSql("SELECT user_id FROM users WHERE online_status='" . ONLINE_STATUS_ONLINE . "'", $users, true);
127	135	if($users!=null)
128	136	{
129	137	foreach ($users as $user)
130	138	{
131		$db -> ExecSqlUniqueRes("SELECT COUNT(*) FROM connections WHERE user_id='{$user['user_id']}' AND token_status='" . TOKEN_INUSE . "'",$count_row, ~~fals~~e);
	139	$db -> ExecSqlUniqueRes("SELECT COUNT(*) FROM connections WHERE user_id='{$user['user_id']}' AND token_status='" . TOKEN_INUSE . "'",$count_row, true);
132	140	if ($count_row['COUNT(*)'] != 1)
133	141	{
…	…
136	144	}
137	145	}
	146	*/
138	147	}
139	148

trunk/wifidog-auth/wifidog/login/index.php

r204	r206
40	40	$user = $db->EscapeString($_REQUEST['user']);
41	41	$password_hash = get_password_hash($_REQUEST['pass']);
42		$db->ExecSqlUniqueRes("SELECT * FROM users WHERE ~~user_id='$user' OR email='$user'~~ AND pass='$password_hash'", $user_info, false);
43
	42	$db->ExecSqlUniqueRes("SELECT * FROM users WHERE (user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false);
	43
44	44	if ($user_info != null)
45	45	{
…	…
53	53	$node_ip = $db->EscapeString($_SERVER['REMOTE_ADDR']);
54	54	}
55		$db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip~~) VALUES ('{$user_info['user_id']}', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip'~~)");
	55	$db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip, last_updated) VALUES ('{$user_info['user_id']}', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip', NOW())");
56	56
57	57	$login_successfull=true;
…	…
68	68	else
69	69	{
70		$login_failed_message = _('Incorrect password');
	70	$login_failed_message = _('Incorrect password (Maybe you have CAPS LOCK on?)');
71	71	}
72	72	}

trunk/wifidog-auth/wifidog/portal/index.php

r204	r206
92	92	}
93	93
	94	/* Find out who is online */
94	95	$db->ExecSql("SELECT users.user_id FROM users,connections " .
95	96	"WHERE connections.token_status='" . TOKEN_INUSE . "' " .
96		"AND users.user_id=connections.user_id " .
97		"AND users.online_status='" . ONLINE_STATUS_ONLINE . "'"
	97	"AND users.user_id=connections.user_id "
98	98	,$users, false);
99	99	if($users!=null)
100	100	{
101
102	101	foreach ($users as $user_info)
103	102	{

Context Navigation

Changeset 206

Legend:

Download in other formats: