Changeset 15
- Timestamp:
- Nov 13, 2005 4:51:22 AM (19 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r14 r15 441 441 $this =& App::getInstance(); 442 442 } 443 444 if (!$this->running) {445 return false;446 }447 443 448 444 // If priority is not specified, assume the worst. … … 452 448 } 453 449 454 // If log file is not specified, create one in the codebase root. 455 if ($this->getParam('log_directory') === null || !is_dir($this->getParam('log_directory')) || !is_writable($this->getParam('log_directory'))) { 456 // If log file is not specified, don't log to a file. 450 // If log file is not specified, don't log to a file. 451 if (!$this->getParam('log_directory') || !$this->getParam('log_filename') || !is_dir($this->getParam('log_directory')) || !is_writable($this->getParam('log_directory'))) { 457 452 $this->setParam(array('log_file_priority' => false)); 458 // We must use trigger_error rather than calling App::logMsg, which might lead to an infinite loop.453 // We must use trigger_error to report this problem rather than calling App::logMsg, which might lead to an infinite loop. 459 454 trigger_error(sprintf('Codebase error: log directory (%s) not found or writable.', $this->getParam('log_directory')), E_USER_NOTICE); 460 455 } -
trunk/lib/Auth_SQL.inc.php
r14 r15 123 123 } 124 124 125 // The minimal columns for a table compatable with the Auth_SQL class. 125 126 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 126 127 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment, … … 306 307 // Return user data if found. 307 308 if ($user_data = mysql_fetch_assoc($qid)) { 308 App::logMsg(sprintf('Authentication successful for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);309 App::logMsg(sprintf('Authentication successful for %s %s (%s)', $this->_auth, $user_data['user_id'], $username), LOG_DEBUG, __FILE__, __LINE__); 309 310 return $user_data; 310 311 } else { 311 App::logMsg(sprintf('Authentication failed for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);312 App::logMsg(sprintf('Authentication failed for %s %s (encrypted attempted password: %s)', $this->_auth, $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__); 312 313 return false; 313 314 } … … 352 353 if (!empty($user_data['blocked'])) { 353 354 354 App::logMsg(sprintf(' Login failed, blocked account. User: %s (%s) Reason: %s', $user_data['user_id'], $username, $user_data['blocked_reason']), LOG_NOTICE, __FILE__, __LINE__);355 App::logMsg(sprintf('%s %s (%s) login failed due to blocked account: %s', ucfirst($this->_auth), $this->getVal('user_id'), $this->getVal('username'), $this->getVal('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__); 355 356 356 357 switch ($user_data['blocked_reason']) { … … 385 386 if ($this->getVal('abuse_warning_level') < $this->_params['login_abuse_warnings']) { 386 387 // Warn the user with a password reset. 387 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share your login information with others. If further account abuse is detected youraccount will be blocked."));388 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked.")); 388 389 App::raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__); 389 App::logMsg(sprintf('Account abuse detected for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__);390 App::logMsg(sprintf('Account abuse detected for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__); 390 391 } else { 391 392 // Block the account with the reason of account abuse. 392 393 $this->blockAccount(null, 'account abuse'); 393 394 App::raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__); 394 App::logMsg(sprintf('Account blocked for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__);395 App::logMsg(sprintf('Account blocked for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__); 395 396 } 396 397 // Increment user's warning level. … … 608 609 $this->initDB(); 609 610 610 $qid = DB::query("SELECT 1 FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'"); 611 $qid = DB::query(" 612 SELECT 1 613 FROM " . $this->_params['db_table'] . " 614 WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "' 615 "); 611 616 return (mysql_num_rows($qid) > 0); 612 617 } … … 622 627 $this->initDB(); 623 628 624 $qid = DB::query("SELECT " . $this->_params['db_username_column'] . " FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'"); 629 $qid = DB::query(" 630 SELECT " . $this->_params['db_username_column'] . " 631 FROM " . $this->_params['db_table'] . " 632 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "' 633 "); 625 634 if (list($username) = mysql_fetch_row($qid)) { 626 635 return $username; … … 677 686 678 687 case AUTH_ENCRYPT_SHA1 : 679 if (function_exists('sha1')) { // Only in PHP 4.3.0+ 680 return sha1($password); 681 break; 682 } 688 return sha1($password); 689 break; 683 690 684 691 case AUTH_ENCRYPT_MD5 : … … 726 733 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "' 727 734 "); 728 $user_data = mysql_fetch_assoc($qid); 735 if (!$user_data = mysql_fetch_assoc($qid)) { 736 App::logMsg(sprintf('Reset password failed. %s %s not found.', ucfirst($this->_auth), $user_id), LOG_NOTICE, __FILE__, __LINE__); 737 return false; 738 } 739 740 // Make sure user has an email on record. 741 if (!isset($user_data['email']) || '' == trim($user_data['email'])) { 742 App::logMsg(sprintf('Password reset but notification failed, no email address for %s %s (%s).', $this->_auth, $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__); 743 } 729 744 730 745 // Get new password. … … 755 770 EOF; 756 771 $email_body = wordwrap(sprintf($email_body, 757 $user_data[ 'username'],772 $user_data[$this->_params['db_username_column']], 758 773 App::getParam('site_name'), 759 774 $reason, 760 $user_data[ 'username'],775 $user_data[$this->_params['db_username_column']], 761 776 $password, 762 777 App::getParam('site_name'), … … 767 782 mail($user_data['email'], $email_subject, $email_body, sprintf("From: %s <%s>\r\n", App::getParam('site_name'), App::getParam('site_email')), App::getParam('envelope_sender_address')); 768 783 769 return array('username'=>$user_data['username'], 'userpass'=>$password); 784 return array( 785 'username' => $user_data[$this->_params['db_username_column']], 786 'userpass' => $password 787 ); 770 788 } 771 789 -
trunk/lib/DB.inc.php
r14 r15 7 7 * 8 8 * @author Quinn Comendant <quinn@strangecode.com> 9 * @version 1.0 9 * @version 1.0.1 10 10 */ 11 11 … … 144 144 } 145 145 146 // Connection errors.146 // Test for connection errors. 147 147 if (!$this->dbh || mysql_error($this->dbh)) { 148 148 $mysql_error_msg = $this->dbh ? 'Codebase MySQL error: (' . mysql_errno($this->dbh) . ') ' . mysql_error($this->dbh) : 'Codebase MySQL error: Could not connect to server.'; 149 App::logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__); 150 151 // Print helpful or pretty error? 149 152 if ($this->getParam('db_debug')) { 150 153 echo $mysql_error_msg . "\n"; … … 152 155 echo _("This page is temporarily unavailable. It should be back up in a few minutes."); 153 156 } 154 App::logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__); 155 echo "\n\n<!-- Script execution stopped out of embarrassment. -->"; 156 die; 157 158 // Die or continue without connection? 159 if ($this->getParam('db_die_on_failure')) { 160 echo "\n\n<!-- Script execution stopped out of embarrassment. -->"; 161 die; 162 } else { 163 return false; 164 } 157 165 } 158 166 -
trunk/lib/DBSessionHandler.inc.php
r14 r15 38 38 $this->db =& $db; 39 39 40 } else if (isset($db) && is_a($db, 'DB')) { 41 // Not a DB object. 42 App::logMsg(sprintf('Provided DB object is not connected. %s', mysql_error($db->dbh)), LOG_ERR, __FILE__, __LINE__); 43 40 44 } else if (isset($db)) { 41 45 // Not a DB object. 42 App::logMsg(sprintf(' Argument one is not a valid DB object:%s', gettype($db)), LOG_ERR, __FILE__, __LINE__);46 App::logMsg(sprintf('Provided DB object is not valid. %s', gettype($db)), LOG_ERR, __FILE__, __LINE__); 43 47 44 48 } else { … … 59 63 // Connect to database. 60 64 $this->db->connect(); 61 62 65 } 63 66 -
trunk/lib/FormValidator.inc.php
r14 r15 390 390 // Test email address format. 391 391 if ($allow_fullname) { 392 if (!$this->checkRegex($form_name, '/^[\w\s]*<? php[A-Za-z0-9._-]{1,}\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5}>?$/i', true, sprintf(_("<strong>%s</strong> is not a valid email address."), $email))) {392 if (!$this->checkRegex($form_name, '/^[\w\s]*<?[^\s@\[\]<>]{1,}\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5}>?$/i', true, sprintf(_("<strong>%s</strong> is not a valid email address."), $email))) { 393 393 App::logMsg(sprintf('The email address %s is not valid.', getFormData($form_name)), LOG_DEBUG, __FILE__, __LINE__); 394 394 return false; 395 395 } 396 396 } else { 397 if (!$this->checkRegex($form_name, '/^[ A-Za-z0-9._-]{1,}\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5}$/i', true, sprintf(_("<strong>%s</strong> is not a valid email address."), $email))) {397 if (!$this->checkRegex($form_name, '/^[^\s@\[\]<>]{1,}\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5}$/i', true, sprintf(_("<strong>%s</strong> is not a valid email address."), $email))) { 398 398 App::logMsg(sprintf('The email address %s is not valid.', getFormData($form_name)), LOG_DEBUG, __FILE__, __LINE__); 399 399 return false; … … 402 402 403 403 // Test length. 404 if (!$this->stringLength($form_name, 0, 128, sprintf(_("<strong>Email address</strong> must contain less than 128characters."), $email))) {405 App::logMsg(sprintf('The email address %s must contain less than 128characters.', getFormData($form_name)), LOG_DEBUG, __FILE__, __LINE__);404 if (!$this->stringLength($form_name, 0, 255, sprintf(_("<strong>Email address</strong> must contain less than 256 characters."), $email))) { 405 App::logMsg(sprintf('The email address %s must contain less than 256 characters.', getFormData($form_name)), LOG_DEBUG, __FILE__, __LINE__); 406 406 return false; 407 407 } 408 408 409 409 // Check domain exists and has valid MX record. 410 preg_match('/^[\w\s]*<? php[A-Za-z0-9._-]{1,}\@([A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/i', $email, $matches);410 preg_match('/^[\w\s]*<?[^\s@\[\]<>]{1,}\@([A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/i', $email, $matches); 411 411 if (!empty($matches[1])) { 412 412 if (!checkdnsrr($matches[1] . '.', 'MX') && gethostbyname($matches[1]) == $matches[1]) { -
trunk/lib/RecordVersion.inc.php
r14 r15 338 338 AND record_val = '" . addslashes($record_val) . "' 339 339 ORDER BY version_datetime DESC 340 " , 1); die;///340 "); 341 341 $versions = array(); 342 342 while ($row = mysql_fetch_assoc($qid)) { -
trunk/lib/SpellCheck.inc.php
r14 r15 7 7 * 8 8 * @author Quinn Comendant <quinn@strangecode.com> 9 * @version 1. 09 * @version 1.1 10 10 */ 11 11 12 12 /* Implementation example: 13 13 -------------------------------------------------------------------------------- 14 include '_config.inc.php';14 include_once dirname(__FILE__) . '/_config.inc.php'; 15 15 include 'codebase/lib/SpellCheck.inc.php'; 16 16 17 // Instantiate with language and optionally the path to the custom wordlist file. 18 $spell = new SpellCheck('en', '/tmp/my_custom_dict'); 17 // Instantiate with parameters. In this example we'll set the language and the path to the personal wordlist file. 18 $spell = new SpellCheck(array( 19 'language' => 'en', 20 'personal_wordlist' => '/tmp/my_custom_dict' 21 )); 22 23 // Just for the heck of it add a new word to persistent personal wordlist file. 24 $spell->add('mealworm'); 19 25 20 26 $text_to_check = 'donky rinds taste like mealworm paste'; 21 22 // Add new word to persistent custom wordlist file.23 $spell->add('mealworm');24 27 25 28 if (!$spell->checkString($text_to_check)) { 26 29 $suggestions = $spell->getStringSuggestions($text_to_check); 27 echo 'Spelling errors :';30 echo 'Spelling errors! Here are suggested alternatives:'; 28 31 print_r($suggestions); 29 32 } else { … … 39 42 40 43 var $_params = array( 41 'personal_wordlist' => '', 42 'skip_len' => 3, 44 'language' => 'en', 45 'personal_wordlist' => '', // Text file to save custom words to. 46 'skip_length' => 3, // Words with this many chars or less will not be checked. 43 47 'mode' => PSPELL_NORMAL, // PSPELL_FAST, PSPELL_NORMAL, or PSPELL_BAD_SPELLERS. 44 48 'highlight_start' => '<strong style="color:red;">', … … 53 57 /** 54 58 * Constructor. 55 */ 56 function SpellCheck($lang='en', $personal_wordlist=null) 57 { 58 $this->_pspell_cfg_handle = pspell_config_create($lang); 59 60 pspell_config_ignore($this->_pspell_cfg_handle, $skip_len); 61 pspell_config_mode($this->_pspell_cfg_handle, $mode); 62 63 if (isset($personal_wordlist)) { 64 if (!is_writable(dirname($personal_wordlist)) && !is_writable($personal_wordlist)) { 65 App::logMsg(sprintf('Personal wordlist file not writable: %s', $personal_wordlist), LOG_NOTICE, __FILE__, __LINE__); 59 * 60 * @param array $params Array of parameters (key => val pairs). 61 */ 62 function SpellCheck($params) 63 { 64 if (!is_array($params) || empty($params)) { 65 trigger_error('SpellCheck parameters not set properly', E_USER_ERROR); 66 } 67 68 $this->setParam($params); 69 70 $this->_pspell_cfg_handle = pspell_config_create($this->getParam('language')); 71 72 pspell_config_ignore($this->_pspell_cfg_handle, $this->getParam('skip_length')); 73 pspell_config_mode($this->_pspell_cfg_handle, $this->getParam('mode')); 74 75 if ('' != $this->getParam('personal_wordlist')) { 76 if (!is_writable(dirname($this->getParam('personal_wordlist'))) || !is_writable($this->getParam('personal_wordlist'))) { 77 App::logMsg(sprintf('Personal wordlist file not writable: %s', $this->getParam('personal_wordlist')), LOG_WARNING, __FILE__, __LINE__); 66 78 } else { 67 $this->setParam(array('personal_wordlist' => $personal_wordlist)); 68 pspell_config_personal($this->_pspell_cfg_handle, $personal_wordlist); 79 pspell_config_personal($this->_pspell_cfg_handle, $this->getParam('personal_wordlist')); 69 80 $this->_use_personal_wordlist = true; 70 App::logMsg(sprintf('Using personal wordlist: %s', $ personal_wordlist), LOG_DEBUG, __FILE__, __LINE__);81 App::logMsg(sprintf('Using personal wordlist: %s', $this->getParam('personal_wordlist')), LOG_DEBUG, __FILE__, __LINE__); 71 82 } 72 83 } … … 174 185 { 175 186 if ($this->_use_personal_wordlist) { 176 App::logMsg(sprintf('Added "%s" to personal wordlist: %s', $word, $this->getParam('personal_wordlist')), LOG_DEBUG, __FILE__, __LINE__); 177 return pspell_add_to_personal($this->_pspell_handle, $word); 187 if (pspell_add_to_personal($this->_pspell_handle, $word)) { 188 App::logMsg(sprintf('Added "%s" to personal wordlist: %s', $word, $this->getParam('personal_wordlist')), LOG_DEBUG, __FILE__, __LINE__); 189 return true; 190 } else { 191 App::logMsg(sprintf('Failed adding "%s" to personal wordlist: %s', $word, $this->getParam('personal_wordlist')), LOG_ERR, __FILE__, __LINE__); 192 return false; 193 } 178 194 } 179 195 } -
trunk/tests/Auth_SQLTest.php
r14 r15 106 106 $true = $this->Auth_SQL->authenticate('testuser', 'testpass'); 107 107 $this->assertTrue($true, 'User login failed, but should have succeeded.'); 108 109 echo "Testing wrong password...\n"; 108 110 $false = $this->Auth_SQL->authenticate('testuser', 'wrongpass'); 111 109 112 $this->assertfalse($false, 'User login succeeded, but should have failed.'); 110 113 } … … 120 123 $this->assertFalse($after_logged_in, '3. User is still logged in but should not be.'); 121 124 125 echo "Testing wrong password...\n"; 122 126 $login2 = $this->Auth_SQL->login('testuser', 'wrongpass'); 123 127 $this->assertFalse($login2, '4. User login succeeded, but should have failed.'); -
trunk/tests/_config.inc.php
r14 r15 19 19 'db_name' => 'test', 20 20 'db_user' => 'root', 21 'db_pass' => getenv('DB_PASS'), 21 'db_pass' => getenv('DB_PASS'), 22 22 'display_errors' => true, 23 23 'db_always_debug' => false, // TRUE = display all SQL queries. … … 32 32 33 33 $app->start(); 34 35 34 ?> -
trunk/tests/run_tests.sh
r14 r15 1 1 #!/bin/sh 2 for foo in `dirname $0`/*Test.php; 2 3 # Be in the directory with all the tests. 4 cd `dirname $0`; 5 6 # Run tests sequentially. 7 for foo in *Test.php; 3 8 do 4 9 php $foo;
Note: See TracChangeset
for help on using the changeset viewer.