- Timestamp:
- Dec 13, 2013 11:24:08 PM (10 years ago)
- Location:
- branches/eli_branch
- Files:
-
- 11 edited
-
lib/App.inc.php (modified) (7 diffs)
-
lib/Auth_File.inc.php (modified) (3 diffs)
-
lib/Auth_SQL.inc.php (modified) (27 diffs)
-
lib/AuthorizeNet.inc.php (modified) (7 diffs)
-
lib/FormValidator.inc.php (modified) (14 diffs)
-
lib/Validator.inc.php (modified) (13 diffs)
-
services/login.php (modified) (2 diffs)
-
tests/AppTest.php (modified) (1 diff)
-
tests/AuthSQLTest.php (modified) (3 diffs)
-
tests/Auth_SQLTest.php (modified) (9 diffs)
-
tests/DBSessionHandlerTest.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/eli_branch/lib/App.inc.php
r446 r447 30 30 */ 31 31 32 //ob_start();33 34 32 // Message Types. 35 33 define('MSG_ERR', 1); … … 321 319 322 320 // Session parameters. 323 /*324 321 ini_set('session.gc_probability', 1); 325 322 ini_set('session.gc_divisor', 1000); … … 330 327 ini_set('session.entropy_length', '512'); 331 328 ini_set('session.cookie_httponly', true); 332 * */333 329 session_name($this->getParam('session_name')); 334 330 … … 343 339 344 340 // Start the session. 345 //session_start();341 session_start(); 346 342 347 343 if (!isset($_SESSION['_app'][$this->_ns])) { … … 378 374 379 375 // Character set. This should also be printed in the html header template. 380 //header('Content-type: text/html; charset=' . $this->getParam('character_set'));376 header('Content-type: text/html; charset=' . $this->getParam('character_set')); 381 377 382 378 // Set the version of the codebase we're using. … … 385 381 $codebase_version = trim(file_get_contents($codebase_version_file)); 386 382 $this->setParam(array('codebase_version' => $codebase_version)); 387 //header('X-Codebase-Version: ' . $codebase_version);383 header('X-Codebase-Version: ' . $codebase_version); 388 384 } 389 385 … … 472 468 return false; 473 469 } 474 //die($_SESSION['_app'][$this->_ns]['messages']);475 470 return isset($_SESSION['_app'][$this->_ns]['messages']) ? $_SESSION['_app'][$this->_ns]['messages'] : array(); 476 471 } -
branches/eli_branch/lib/Auth_File.inc.php
r445 r447 40 40 // )); 41 41 42 // Available encryption types for class Auth_SQL.43 define('AUTH_ENCRYPT_MD5', 'md5');44 define('AUTH_ENCRYPT_CRYPT', 'crypt');45 define('AUTH_ENCRYPT_SHA1', 'sha1');46 define('AUTH_ENCRYPT_PLAINTEXT', 'plaintext');47 48 42 class Auth_File { 43 44 // Available encryption types for class Auth_File. 45 const ENCRYPT_MD5 = 'md5'; 46 const ENCRYPT_CRYPT = 'crypt'; 47 const ENCRYPT_SHA1 = 'sha1'; 48 const ENCRYPT_PLAINTEXT = 'plaintext'; 49 49 50 50 // Namespace of this auth object. … … 58 58 'htpasswd_file' => null, 59 59 60 // The type of encryption to use for passwords stored in the db_table. Use one of the AUTH_ENCRYPT_* types specified above.61 'encryption_type' => AUTH_ENCRYPT_CRYPT,60 // The type of encryption to use for passwords stored in the db_table. Use one of the self::ENCRYPT_* types specified above. 61 'encryption_type' => self::ENCRYPT_CRYPT, 62 62 63 63 // The URL to the login script. … … 390 390 { 391 391 switch ($this->_params['encryption_type']) { 392 case AUTH_ENCRYPT_PLAINTEXT :392 case self::ENCRYPT_PLAINTEXT : 393 393 return $password; 394 394 break; 395 395 396 case AUTH_ENCRYPT_SHA1 :396 case self::ENCRYPT_SHA1 : 397 397 return sha1($password); 398 398 break; 399 399 400 case AUTH_ENCRYPT_MD5 :400 case self::ENCRYPT_MD5 : 401 401 return md5($password); 402 402 break; 403 403 404 case AUTH_ENCRYPT_CRYPT :404 case self::ENCRYPT_CRYPT : 405 405 default : 406 406 return crypt($password, $encrypted_password); -
branches/eli_branch/lib/Auth_SQL.inc.php
r439 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 28 28 */ 29 29 30 // Available encryption types for class Auth_SQL.31 define('AUTH_ENCRYPT_PLAINTEXT', 1);32 define('AUTH_ENCRYPT_CRYPT', 2);33 define('AUTH_ENCRYPT_SHA1', 3);34 define('AUTH_ENCRYPT_SHA1_HARDENED', 4);35 define('AUTH_ENCRYPT_MD5', 5);36 define('AUTH_ENCRYPT_MD5_HARDENED', 6);37 38 30 require_once dirname(__FILE__) . '/Email.inc.php'; 39 31 40 32 class Auth_SQL { 41 33 34 // Available encryption types for class Auth_SQL. 35 const ENCRYPT_PLAINTEXT = 1; 36 const ENCRYPT_CRYPT = 2; 37 const ENCRYPT_SHA1 = 3; 38 const ENCRYPT_SHA1_HARDENED = 4; 39 const ENCRYPT_MD5 = 5; 40 const ENCRYPT_MD5_HARDENED = 6; 41 42 42 // Namespace of this auth object. 43 43 private $_ns; 44 44 45 45 // Static var for test. 46 46 private $_authentication_tested; … … 66 66 'db_login_table' => 'user_login_tbl', 67 67 68 // The type of encryption to use for passwords stored in the db_table. Use one of the A UTH_ENCRYPT_* types specified above.68 // The type of encryption to use for passwords stored in the db_table. Use one of the Auth_SQL::ENCRYPT_* types specified above. 69 69 // Hardened password hashes rely on the same key/salt being used to compare encryptions. 70 70 // Be aware that when using one of the hardened types the App signing_key or $more_salt below cannot change! 71 'encryption_type' => AUTH_ENCRYPT_MD5,71 'encryption_type' => self::ENCRYPT_MD5, 72 72 73 73 // The URL to the login script. … … 130 130 { 131 131 $app =& App::getInstance(); 132 132 133 133 $this->_ns = $namespace; 134 134 135 135 // Initialize default parameters. 136 136 $this->setParam($this->_default_params); … … 157 157 $app =& App::getInstance(); 158 158 $db =& DB::getInstance(); 159 160 159 160 161 161 static $_db_tested = false; 162 162 … … 277 277 { 278 278 $app =& App::getInstance(); 279 279 280 280 if (isset($this->_params[$param])) { 281 281 return $this->_params[$param]; … … 294 294 { 295 295 $db =& DB::getInstance(); 296 296 297 297 $this->initDB(); 298 298 … … 369 369 370 370 switch ($this->_params['encryption_type']) { 371 case AUTH_ENCRYPT_CRYPT :371 case self::ENCRYPT_CRYPT : 372 372 // Query DB for user matching credentials. Compare cyphertext with salted-encrypted password. 373 373 $qid = $db->query(" … … 378 378 "); 379 379 break; 380 case AUTH_ENCRYPT_PLAINTEXT :381 case AUTH_ENCRYPT_MD5 :382 case AUTH_ENCRYPT_SHA1 :380 case self::ENCRYPT_PLAINTEXT : 381 case self::ENCRYPT_MD5 : 382 case self::ENCRYPT_SHA1 : 383 383 default : 384 384 // Query DB for user matching credentials. Directly compare cyphertext with result from encryptPassword(). … … 416 416 $app =& App::getInstance(); 417 417 $db =& DB::getInstance(); 418 418 419 419 $this->initDB(); 420 420 421 421 $this->clear(); 422 422 423 if ( !$user_data = $this->authenticate($username, $password)) {423 if ((!$user_data = $this->authenticate($username, $password))) { 424 424 // No login: failed authentication! 425 425 return false; 426 426 } 427 427 428 428 // Register authenticated session. 429 429 $_SESSION['_auth_sql'][$this->_ns] = array( … … 563 563 $this->_authentication_tested = true; 564 564 565 // Some users will access from networks with a changing IP number (i.e. behind a proxy server). 565 // Some users will access from networks with a changing IP number (i.e. behind a proxy server). 566 566 // These users must be allowed entry by adding their IP to the list of trusted_networks, or their usernames to the list of match_remote_ip_exempt_usernames. 567 567 if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) { … … 579 579 $user_in_trusted_network = false; 580 580 } 581 581 582 582 // Do we match the user's remote IP at all? Yes, if set in config and not disabled for specific user. 583 583 if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt')) { 584 584 $remote_ip_is_matched = (isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) && $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr()) || $user_in_trusted_network; 585 585 } else { 586 $app->logMsg(sprintf('User_id %s exempt from remote_ip match (comparing %s == %s)', 586 $app->logMsg(sprintf('User_id %s exempt from remote_ip match (comparing %s == %s)', 587 587 ($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown'), 588 588 $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], … … 593 593 594 594 // Test login with information stored in session. Skip IP matching for users from trusted networks. 595 if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) 595 if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) 596 596 && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated'] 597 597 && isset($_SESSION['_auth_sql'][$this->_ns]['username']) … … 671 671 { 672 672 $app =& App::getInstance(); 673 673 674 674 if (!$this->isLoggedIn()) { 675 675 // Display message for requiring login. (RaiseMsg will ignore empty strings.) … … 694 694 $app =& App::getInstance(); 695 695 $db =& DB::getInstance(); 696 696 697 697 $this->initDB(); 698 698 … … 730 730 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 731 731 $qid = $db->query(" 732 SELECT 1 732 SELECT 1 733 733 FROM " . $this->_params['db_table'] . " 734 734 WHERE blocked = 'true' … … 745 745 { 746 746 $db =& DB::getInstance(); 747 747 748 748 $this->initDB(); 749 749 750 750 if ($this->getParam('blocking')) { 751 751 // Get user_id if specified. … … 769 769 { 770 770 $db =& DB::getInstance(); 771 771 772 772 $this->initDB(); 773 773 … … 789 789 { 790 790 $db =& DB::getInstance(); 791 791 792 792 $this->initDB(); 793 793 … … 846 846 { 847 847 $app =& App::getInstance(); 848 848 849 849 // Existing password hashes rely on the same key/salt being used to compare encryptions. 850 850 // Don't change this (or the value applied to signing_key) unless you know existing hashes or signatures will not be affected! 851 851 $more_salt = 'B36D18E5-3FE4-4D58-8150-F26642852B81'; 852 852 853 853 switch ($this->_params['encryption_type']) { 854 case AUTH_ENCRYPT_PLAINTEXT :854 case self::ENCRYPT_PLAINTEXT : 855 855 return $password; 856 856 break; 857 857 858 case AUTH_ENCRYPT_CRYPT :858 case self::ENCRYPT_CRYPT : 859 859 // If comparing plaintext password with a hash, provide first two chars of the hash as the salt. 860 860 return isset($salt) ? crypt($password, mb_substr($salt, 0, 2)) : crypt($password); 861 861 break; 862 862 863 case AUTH_ENCRYPT_SHA1 :863 case self::ENCRYPT_SHA1 : 864 864 return sha1($password); 865 865 break; 866 866 867 case AUTH_ENCRYPT_SHA1_HARDENED :867 case self::ENCRYPT_SHA1_HARDENED : 868 868 $hash = sha1($app->getParam('signing_key') . $password . $more_salt); 869 869 // Increase key strength by 12 bits. 870 for ($i=0; $i < 4096; $i++) { 871 $hash = sha1($hash); 872 } 870 for ($i=0; $i < 4096; $i++) { 871 $hash = sha1($hash); 872 } 873 873 return $hash; 874 874 break; 875 875 876 case AUTH_ENCRYPT_MD5 :876 case self::ENCRYPT_MD5 : 877 877 return md5($password); 878 878 break; 879 879 880 case AUTH_ENCRYPT_MD5_HARDENED :880 case self::ENCRYPT_MD5_HARDENED : 881 881 // Include salt to improve hash 882 882 $hash = md5($app->getParam('signing_key') . $password . $more_salt); 883 883 // Increase key strength by 12 bits. 884 for ($i=0; $i < 4096; $i++) { 885 $hash = md5($hash); 886 } 884 for ($i=0; $i < 4096; $i++) { 885 $hash = md5($hash); 886 } 887 887 return $hash; 888 888 break; … … 902 902 $app =& App::getInstance(); 903 903 $db =& DB::getInstance(); 904 904 905 905 $this->initDB(); 906 906 … … 909 909 910 910 // Get old password. 911 $qid = $db->query(" 911 $qid = $db->query(" 912 912 SELECT userpass 913 913 FROM " . $this->_params['db_table'] . " … … 918 918 return false; 919 919 } 920 920 921 921 // Compare old with new to ensure we're actually *changing* the password. 922 922 $encrypted_password = $this->encryptPassword($password); … … 932 932 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 933 933 "); 934 934 935 935 if (mysql_affected_rows($db->getDBH()) != 1) { 936 936 $app->logMsg(sprintf('Failed to update password for user_id %s', $user_id), LOG_WARNING, __FILE__, __LINE__); 937 937 return false; 938 938 } 939 939 940 940 return true; 941 941 } … … 952 952 $app =& App::getInstance(); 953 953 $db =& DB::getInstance(); 954 954 955 955 $this->initDB(); 956 956 … … 1039 1039 { 1040 1040 $app =& App::getInstance(); 1041 1041 1042 1042 // return true; /// WTF? 1043 1043 $zone_members = preg_split('/,\s*/', $security_zone); -
branches/eli_branch/lib/AuthorizeNet.inc.php
r439 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 31 31 * @date 2004-04-06 32 32 */ 33 33 34 34 // Example usage 35 35 // require_once 'codebase/lib/AuthorizeNet.inc.php'; … … 143 143 $this->_params = $this->_default_params; 144 144 $this->setParam($params); 145 145 146 146 $this->setParam(array('md5_hash_salt' => $app->getParam('signing_key'))); 147 147 } … … 156 156 { 157 157 $app =& App::getInstance(); 158 158 159 159 if (isset($params) && is_array($params)) { 160 160 // Merge new parameters with old overriding only those passed. … … 175 175 { 176 176 $app =& App::getInstance(); 177 177 178 178 if (isset($this->_params[$param])) { 179 179 return $this->_params[$param]; … … 195 195 { 196 196 $app =& App::getInstance(); 197 197 198 198 if (empty($this->_params['x_login'])) { 199 199 $this->_results['x_response_reason_text'] = _("Transaction gateway temporarily not available. Please try again later."); -
branches/eli_branch/lib/FormValidator.inc.php
r439 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 70 70 // Array filling with error messages. 71 71 public $errors = array(); 72 72 73 73 /** 74 74 * Set (or overwrite existing) parameters by passing an array of new parameters. … … 80 80 { 81 81 $app =& App::getInstance(); 82 82 83 83 if (isset($params) && is_array($params)) { 84 84 // Merge new parameters with old overriding only those passed. … … 99 99 { 100 100 $app =& App::getInstance(); 101 101 102 102 if (isset($this->_params[$param])) { 103 103 return $this->_params[$param]; … … 107 107 } 108 108 } 109 109 110 110 /** 111 111 * Return the current list of errors. … … 159 159 return false; 160 160 } else { 161 return (sizeof($this->errors) > 0); 161 return (sizeof($this->errors) > 0); 162 162 } 163 163 } … … 283 283 } 284 284 } 285 285 286 286 /* 287 287 * We were using the isEmpty method *wrong* all these years and should have been using notEmpty. 288 * But the fact is the only use is to ensure a value is not empty, so this function simply becomes 288 * But the fact is the only use is to ensure a value is not empty, so this function simply becomes 289 289 * an alias of the one-true notEmpty() function. 290 290 * @since 03 Jun 2006 22:56:46 … … 474 474 } 475 475 476 // Validator::validateEmail() returns a value that relates to the V ALIDATE_EMAIL_* constants (defined in Validator.inc.php).476 // Validator::validateEmail() returns a value that relates to the Validate::EMAIL_* constants (defined in Validator.inc.php). 477 477 switch (parent::validateEmail($email)) { 478 case VALIDATE_EMAIL_REGEX_FAIL:478 case parent::EMAIL_REGEX_FAIL: 479 479 // Failed regex match. 480 480 $this->addError($form_name, sprintf(_("The email address <em>%s</em> is formatted incorrectly."), oTxt($email))); … … 482 482 return false; 483 483 break; 484 485 case VALIDATE_EMAIL_LENGTH_FAIL :484 485 case parent::EMAIL_LENGTH_FAIL : 486 486 // Failed length requirements. 487 487 $this->addError($form_name, sprintf(_("The email address <em>%s</em> is too long (email addresses must have fewer than 256 characters)."), oTxt($email))); … … 489 489 return false; 490 490 break; 491 492 case VALIDATE_EMAIL_MX_FAIL :491 492 case parent::EMAIL_MX_FAIL : 493 493 // Failed MX record test. 494 494 $this->addError($form_name, sprintf(_("The email address <em>%s</em> does not have a valid domain name"), oTxt($email))); … … 496 496 return false; 497 497 break; 498 499 case VALIDATE_EMAIL_SUCCESS :498 499 case parent::EMAIL_SUCCESS : 500 500 default : 501 501 return true; … … 550 550 * 551 551 * @param string $form_name The name of the incoming form variable. 552 * @param string $cc_type Optional, card type to do specific checks. One of the CC_TYPE_* constants.552 * @param string $cc_type Optional, card type to do specific checks. One of the Validator::CC_TYPE_* constants. 553 553 * 554 554 * @return bool true if no errors found, false otherwise … … 557 557 { 558 558 $cc_num = getFormData($form_name); 559 559 560 560 if (parent::validateCCNumber($cc_num, $cc_type)) { 561 561 return true; -
branches/eli_branch/lib/Validator.inc.php
r439 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 24 24 * Validator.inc.php 25 25 * 26 * The Validator class provides a methods for validating input against different criteria. 26 * The Validator class provides a methods for validating input against different criteria. 27 27 * All functions return true if the input passes the test. 28 28 * … … 31 31 */ 32 32 33 // Known credit card types.34 define('CC_TYPE_VISA', 1);35 define('CC_TYPE_MASTERCARD', 2);36 define('CC_TYPE_AMEX', 3);37 define('CC_TYPE_DISCOVER', 4);38 define('CC_TYPE_DINERS', 5);39 define('CC_TYPE_JCB', 6);40 41 // validateEmail return types.42 define('VALIDATE_EMAIL_SUCCESS', 0);43 define('VALIDATE_EMAIL_REGEX_FAIL', 1);44 define('VALIDATE_EMAIL_LENGTH_FAIL', 2);45 define('VALIDATE_EMAIL_MX_FAIL', 3);46 47 33 class Validator { 34 35 // Known credit card types. 36 const CC_TYPE_VISA = 1; 37 const CC_TYPE_MASTERCARD = 2; 38 const CC_TYPE_AMEX = 3; 39 const CC_TYPE_DISCOVER = 4; 40 const CC_TYPE_DINERS = 5; 41 const CC_TYPE_JCB = 6; 42 43 // Validator::validateEmail() return types. 44 const EMAIL_SUCCESS = 0; 45 const EMAIL_REGEX_FAIL = 1; 46 const EMAIL_LENGTH_FAIL = 2; 47 const EMAIL_MX_FAIL = 3; 48 48 49 49 /** … … 180 180 * @access public 181 181 * @param string $val The input data to validate.. 182 * @return const One of the constant values: V ALIDATE_EMAIL_SUCCESS|VALIDATE_EMAIL_REGEX_FAIL|VALIDATE_EMAIL_LENGTH_FAIL|VALIDATE_EMAIL_MX_FAIL182 * @return const One of the constant values: Validate::EMAIL_SUCCESS|Validate::EMAIL_REGEX_FAIL|Validate::EMAIL_LENGTH_FAIL|Validate::EMAIL_MX_FAIL 183 183 * @author Quinn Comendant <quinn@strangecode.com> 184 184 */ … … 190 190 // Test email address format. 191 191 if (!preg_match($e->getParam('regex'), $val, $e_parts)) { 192 return VALIDATE_EMAIL_REGEX_FAIL;193 } 194 192 return self::EMAIL_REGEX_FAIL; 193 } 194 195 195 // We have a match! Here are the captured subpatterns, on which further tests are run. 196 // The part before the @. 196 // The part before the @. 197 197 $local = $e_parts[2]; 198 198 199 // The part after the @. 199 // The part after the @. 200 200 // If domain is an IP [XXX.XXX.XXX.XXX] strip off the brackets. 201 201 $domain = $e_parts[3]{0} == '[' ? mb_substr($e_parts[3], 1, -1) : $e_parts[3]; … … 203 203 // Test length. 204 204 if (mb_strlen($local) > 64 || mb_strlen($domain) > 191) { 205 return VALIDATE_EMAIL_LENGTH_FAIL;205 return self::EMAIL_LENGTH_FAIL; 206 206 } 207 207 … … 210 210 if ((ip2long($domain) == '-1' || ip2long($domain) === false) && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) { 211 211 // FIXME: Do we care? 212 // return VALIDATE_EMAIL_MX_FAIL;213 } 214 215 return VALIDATE_EMAIL_SUCCESS;212 // return self::EMAIL_MX_FAIL; 213 } 214 215 return self::EMAIL_SUCCESS; 216 216 } 217 217 … … 225 225 { 226 226 $app =& App::getInstance(); 227 227 228 228 if ('' == trim($val)) { 229 229 // Don't be too bothered about empty strings. … … 257 257 // Perform card-specific checks, if applicable 258 258 switch ($cc_type) { 259 case CC_TYPE_VISA :259 case self::CC_TYPE_VISA : 260 260 $regex = '/^4\d{15}$|^4\d{12}$/'; 261 261 break; 262 case CC_TYPE_MASTERCARD :262 case self::CC_TYPE_MASTERCARD : 263 263 $regex = '/^5[1-5]\d{14}$/'; 264 264 break; 265 case CC_TYPE_AMEX :265 case self::CC_TYPE_AMEX : 266 266 $regex = '/^3[47]\d{13}$/'; 267 267 break; 268 case CC_TYPE_DISCOVER :268 case self::CC_TYPE_DISCOVER : 269 269 $regex = '/^6011\d{12}$/'; 270 270 break; 271 case CC_TYPE_DINERS :271 case self::CC_TYPE_DINERS : 272 272 $regex = '/^30[0-5]\d{11}$|^3[68]\d{12}$/'; 273 273 break; 274 case CC_TYPE_JCB :274 case self::CC_TYPE_JCB : 275 275 $regex = '/^3\d{15}$|^2131|1800\d{11}$/'; 276 276 break; … … 279 279 break; 280 280 } 281 281 282 282 if ('' != $regex && !preg_match($regex, $cc_num)) { 283 283 // Invalid format. … … 324 324 return false; 325 325 } 326 326 327 327 if (is_array($_FILES[$form_name]['name'])) { 328 328 foreach($_FILES[$form_name]['name'] as $f) { … … 336 336 } 337 337 } 338 338 339 339 return true; 340 340 } -
branches/eli_branch/services/login.php
r438 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. -
branches/eli_branch/tests/AppTest.php
r446 r447 113 113 { 114 114 ob_start(); 115 //$this->test_raisemsg(); //had to add this line for phpunit ver. 3.7115 $this->test_raisemsg(); //had to add this line for phpunit ver. 3.7 /// 116 116 $app =& App::getInstance(); 117 117 $app->printraisedmessages(); -
branches/eli_branch/tests/AuthSQLTest.php
r446 r447 47 47 'login_url' => '/login.php', 48 48 'blocking' => true, 49 'encryption_type' => A UTH_ENCRYPT_MD5_HARDENED,49 'encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED, 50 50 )); 51 51 … … 212 212 function test_encryptpassword() 213 213 { 214 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_MD5));214 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5)); 215 215 $result = $this->Auth_SQL->encryptpassword('123'); 216 216 $this->assertEquals('202cb962ac59075b964b07152d234b70', $result); 217 217 218 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_MD5_HARDENED));218 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED)); 219 219 $result = $this->Auth_SQL->encryptpassword('123'); 220 220 $this->assertEquals('c55e4ac608a8768ecd758fab971b0646', $result); 221 221 222 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1));222 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1)); 223 223 $result = $this->Auth_SQL->encryptpassword('123'); 224 224 $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result); 225 225 226 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1_HARDENED));226 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED)); 227 227 $result = $this->Auth_SQL->encryptpassword('123'); 228 228 $this->assertEquals('33d90af96a5928ac93cbd41fc436e8c55d2768c2', $result); 229 229 230 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_PLAINTEXT));230 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_PLAINTEXT)); 231 231 $result = $this->Auth_SQL->encryptpassword('123'); 232 232 $this->assertEquals('123', $result); 233 233 234 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_CRYPT));234 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_CRYPT)); 235 235 $result = $this->Auth_SQL->encryptpassword('123', 'saltstring'); 236 236 $this->assertEquals('saEZ6MlWYV9nQ', $result); … … 241 241 $db =& DB::getInstance(); 242 242 243 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1_HARDENED));243 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED)); 244 244 $this->Auth_SQL->setpassword(null, '123'); 245 245 $qid = $db->query(" -
branches/eli_branch/tests/Auth_SQLTest.php
r446 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. … … 51 51 'login_url' => '/login.php', 52 52 'blocking' => true, 53 'encryption_type' => A UTH_ENCRYPT_MD5_HARDENED,53 'encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED, 54 54 )); 55 55 … … 80 80 { 81 81 $db =& DB::getInstance(); 82 82 83 83 unset($this->Auth_SQL); 84 84 $db->query("DROP TABLE IF EXISTS test_user_tbl"); … … 145 145 $after_logged_in = $this->Auth_SQL->isloggedin(); 146 146 $this->assertFalse($after_logged_in, '3. User is still logged in but should not be.'); 147 147 148 148 // Testing wrong password. 149 149 $login2 = $this->Auth_SQL->login('testuser', 'wrongpass'); … … 164 164 { 165 165 $db =& DB::getInstance(); 166 166 167 167 $this->Auth_SQL->login('testuser', 'testpass'); 168 168 $this->Auth_SQL->blockaccount(null, 'blocktestuser'); … … 178 178 { 179 179 $db =& DB::getInstance(); 180 180 181 181 $db->query(" 182 182 UPDATE test_user_tbl SET blocked_reason = 'blocktestuser' … … 212 212 function test_encryptpassword() 213 213 { 214 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_MD5));214 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5)); 215 215 $result = $this->Auth_SQL->encryptpassword('123'); 216 216 $this->assertEquals('202cb962ac59075b964b07152d234b70', $result); 217 217 218 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_MD5_HARDENED));218 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED)); 219 219 $result = $this->Auth_SQL->encryptpassword('123'); 220 220 $this->assertEquals('c55e4ac608a8768ecd758fab971b0646', $result); 221 221 222 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1));222 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1)); 223 223 $result = $this->Auth_SQL->encryptpassword('123'); 224 224 $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result); 225 225 226 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1_HARDENED));226 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED)); 227 227 $result = $this->Auth_SQL->encryptpassword('123'); 228 228 $this->assertEquals('33d90af96a5928ac93cbd41fc436e8c55d2768c2', $result); 229 229 230 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_PLAINTEXT));230 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_PLAINTEXT)); 231 231 $result = $this->Auth_SQL->encryptpassword('123'); 232 232 $this->assertEquals('123', $result); 233 233 234 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_CRYPT));234 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_CRYPT)); 235 235 $result = $this->Auth_SQL->encryptpassword('123', 'saltstring'); 236 236 $this->assertEquals('saEZ6MlWYV9nQ', $result); … … 240 240 { 241 241 $db =& DB::getInstance(); 242 243 $this->Auth_SQL->setParam(array('encryption_type' => A UTH_ENCRYPT_SHA1_HARDENED));242 243 $this->Auth_SQL->setParam(array('encryption_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED)); 244 244 $this->Auth_SQL->setpassword(null, '123'); 245 245 $qid = $db->query(" -
branches/eli_branch/tests/DBSessionHandlerTest.php
r442 r447 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
Note: See TracChangeset
for help on using the changeset viewer.
