Attachment #83366 for bug #209557

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Lines 329-334 Link Here

(-)eclipse.org-common/system/app.class.php (+39 lines)
329		329
330	function generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html) {	330	function generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html) {
331		331
		332	# OPT1: ob_start();
		333
332	# All web page parameters passed for variable scope	334	# All web page parameters passed for variable scope
333		335
334	if($theme == "") {	336	if($theme == "") {
Lines 359-364 Link Here
359		361
360	echo $html;	362	echo $html;
361	include($this->getFooterPath($theme));	363	include($this->getFooterPath($theme));
		364
		365	# OPT1:$starttime = microtime();
		366	# OPT1:$html = ob_get_contents();
		367	# OPT1:ob_end_clean();
		368
		369	# OPT1:$stripped_html = $html;
		370	# OPT1:$stripped_html = preg_replace("/^\s*/", "", $stripped_html);
		371	# OPT1:$stripped_html = preg_replace("/\s{2,}/", " ", $stripped_html);
		372	# OPT1:$stripped_html = preg_replace("/^\t*/", "", $stripped_html);
		373	# OPT1:$stripped_html = preg_replace("/\n/", "", $stripped_html);
		374	# OPT1:$stripped_html = preg_replace("/>\s</", "><", $stripped_html);
		375	# $stripped_html = preg_replace("/<!--.*-->/", "", $stripped_html);
		376	# OPT1:$endtime = microtime();
		377
		378	# OPT1:echo "<!-- unstripped: " . strlen($html) . " bytes/ stripped: " . strlen($stripped_html) . "bytes - " . sprintf("%.2f", strlen($stripped_html) / strlen($html)) . " Bytes saved: " . (strlen($html) - strlen($stripped_html)) . " Time: " . ($endtime - $starttime) . " -->";
		379	# echo $stripped_html;
362	}	380	}
363		381
364	function AddExtraHtmlHeader( $string ) {	382	function AddExtraHtmlHeader( $string ) {
Lines 703-708 Link Here
703	}	721	}
704	return $fileSize;	722	return $fileSize;
705	}	723	}
		724
		725	function useSession() {
		726	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
		727	$ssn = new Session();
		728	$ssn->validate();
		729	return $ssn;
		730	}
		731
		732	function isValidCaller($_pathArray) {
		733	$a = debug_backtrace();
		734	$caller = $a[1]['file']; # Caller 0 is the class that called App();
		735	$validCaller = false;
		736	for($i = 0; $i < count($_pathArray); $i++) {
		737	# TODO: use regexp's to match the leftmost portion for better security
		738	if(strstr($caller, $_pathArray[$i])) {
		739	$validCaller = true;
		740	break;
		741	}
		742	}
		743	return $validCaller;
		744	}
706	}	745	}
707		746
708	?>	747	?>




<?php
/*******************************************************************************
 * Copyright (c) 2006 Eclipse Foundation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Denis Roy (Eclipse Foundation)- initial API and implementation
 *******************************************************************************/

define('ECLIPSE_SESSION', 'ECLIPSESESSION');

require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");

class Session {

	private $gid		= "";
	private $bugzilla_id= 0;
	private $subnet		= "";
	private $updated_at	= "";
	private $is_persistent	= 0;
	private $Friend		= null;
	private $data		= "";
	
	/**
	 * Default constructor
	 *
	 * @return null
	 */
	function Session($persistent=0) {
		$this->is_persistent = $persistent;
		$this->validate();			
	}
	

	
	function getGID() {
		return $this->gid;
	}
	function getBugzillaID() {
		return $this->bugzilla_id;
	}
	function getSubnet() {
		return $this->subnet;
	}
	function getUpdatedAt() {
		return $this->updated_at;
	}
	function getFriend() {
		return $this->Friend;
	}
	function getData() {
		return unserialize($this->data);
	}
	function getIsPersistent() {
		return $this->is_persistent;
	}
	
	function setGID($_gid) {
		$this->gid = $_gid;
	}
	function setBugzillaID($_bugzilla_id) {
		$this->bugzilla_id = $_bugzilla_id;
	}
	function setSubnet($_subnet) {
		$this->subnet = $_subnet;
	}
	function setUpdatedAt($_updated_at) {
		$this->updated_at = $_updated_at;
	}
	function setFriend($_friend) {
		$this->Friend = $_friend;
	}
	function setData($_data) {
		$this->data = serialize($_data);
	}
	function setIsPersistent($_is_persistent) {
		$this->is_persistent = $_is_persistent;
	}

	
	/**
	 * Validate session based on browser cookie
	 *
	 * @return boolean
	 */
	function validate() {
		$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
		$rValue = false;
		if ( (!$this->load($cookie))) {
        	# Failed - no such session, or session no match.  Need to relogin
        	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
        	$rValue = false;
        }
        else {
			# TODO: update session?
			$rValue = true;
        	$this->maintenance();
        	$this->setFriend($this->getData());
        }
        return $rValue;
	}

	function destroy() {
	  $cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
      $rValue = 1;
	  
/*        if($nbr) {
        	# TODO: untaint
        	$sql = "DELETE FROM sessions WHERE userid = " . $nbr;
        	sqlQuery($sql);
        	unset($_SESSION['s_userAcct']);
  			unset($_SESSION['s_userName']);
  			unset($_SESSION['s_userType']);
        }
      }*/
	}
	
	function create() {
		# create session on the database
		$Friend = $this->getFriend();
		$this->setData($Friend);
		
		# need to have a bugzilla ID to log in
		if($Friend->getBugzillaID() > 0) {
			$App = new App();
			$this->setGID(md5(uniqid(rand(),true)));
			$this->setSubnet($this->getClientSubnet());
			$this->setUpdatedAt($App->getCURDATE());
			
			#$ModLog = new ModLog();
			#$ModLog->setLogTable("Person");
			#$ModLog->setPK1($this->getPersonID());

			$dbc = new DBConnectionRW();
			$dbh = $dbc->connect();
			
			$sql = "INSERT INTO sessions (
						gid,
						bugzilla_id,
						subnet,
						updated_at,
						data,
						is_persistent)
						VALUES (
							" . $App->returnQuotedString($this->getGID()) . ",
							" . $Friend->getBugzillaID() . ",
							" . $App->returnQuotedString($this->getSubnet()) . ",
							NOW(),
							'" . $App->returnJSSAfeString($this->data) . "',
							'" . $this->getIsPersistent() . "')";

			mysql_query($sql, $dbh);

			#$ModLog->setLogAction("INSERT");
			#$ModLog->insertModLog();
			$dbc->disconnect();
			
			$cookie_time = 0;
			if($this->persistent) {
				$cookie_time = time()+3600*24*365;
			}
			setcookie(ECLIPSE_SESSION, $this->getGID(), $cookie_time, "/", "eclipse.org");			
		}
	}
	
	function load($_gid) {
		# need to have a bugzilla ID to log in
		
		$rValue = false;
		
		$App = new App();
		$sql = "SELECT	gid,
						bugzilla_id,
						subnet,
						updated_at,
						data,
						is_persistent
				FROM sessions
				WHERE gid = " . $App->returnQuotedString($_gid) . "
					AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
		
		$dbc = new DBConnectionRW();
		$dbh = $dbc->connect();
		$result = mysql_query($sql, $dbh);
		if($result && mysql_num_rows($result) > 0) {
			$rValue = true;
			$myrow = mysql_fetch_assoc($result);
			$this->setGID($_gid);
			$this->setBugzillaID($myrow['bugzilla_id']);
			$this->setSubnet($myrow['subnet']);
			$this->setUpdatedAt($myrow['updated_at']);
			$this->data = $myrow['data'];
			$this->setIsPersistent($myrow['is_persistent']);
		}
		$dbc->disconnect();
		
		return $rValue;
	}
	
	
	function maintenance() {
		$dbc = new DBConnectionRW();
		$dbh = $dbc->connect();
			
		$sql = "DELETE FROM sessions 
				WHERE (updated_at < DATE_SUB(NOW(), INTERVAL 1 DAY) AND is_persistent = 0) 
				OR (subnet = '" . $this->getClientSubnet() . "' AND gid <> '" . $this->getGID() . "')"; 

		mysql_query($sql, $dbh);

		$dbc->disconnect();
	}
		
	function getClientSubnet() {
		# return class-c subnet
		return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
	}	
}    
?>

Return to bug 209557

Added Link Here

(-)eclipse.org-common/system/session.class.php (+224 lines)
1	<?php
2	/*******************************************************************************
3	* Copyright (c) 2006 Eclipse Foundation and others.
4	* All rights reserved. This program and the accompanying materials
5	* are made available under the terms of the Eclipse Public License v1.0
6	* which accompanies this distribution, and is available at
7	* http://www.eclipse.org/legal/epl-v10.html
8	*
9	* Contributors:
10	* Denis Roy (Eclipse Foundation)- initial API and implementation
11	*******************************************************************************/
12
13	define('ECLIPSE_SESSION', 'ECLIPSESESSION');
14
15	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
16	require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
17	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
18
19	class Session {
20
21	private $gid = "";
22	private $bugzilla_id= 0;
23	private $subnet = "";
24	private $updated_at = "";
25	private $is_persistent = 0;
26	private $Friend = null;
27	private $data = "";
28
29	/**
30	* Default constructor
31	*
32	* @return null
33	*/
34	function Session($persistent=0) {
35	$this->is_persistent = $persistent;
36	$this->validate();
37	}
38
39
40
41	function getGID() {
42	return $this->gid;
43	}
44	function getBugzillaID() {
45	return $this->bugzilla_id;
46	}
47	function getSubnet() {
48	return $this->subnet;
49	}
50	function getUpdatedAt() {
51	return $this->updated_at;
52	}
53	function getFriend() {
54	return $this->Friend;
55	}
56	function getData() {
57	return unserialize($this->data);
58	}
59	function getIsPersistent() {
60	return $this->is_persistent;
61	}
62
63	function setGID($_gid) {
64	$this->gid = $_gid;
65	}
66	function setBugzillaID($_bugzilla_id) {
67	$this->bugzilla_id = $_bugzilla_id;
68	}
69	function setSubnet($_subnet) {
70	$this->subnet = $_subnet;
71	}
72	function setUpdatedAt($_updated_at) {
73	$this->updated_at = $_updated_at;
74	}
75	function setFriend($_friend) {
76	$this->Friend = $_friend;
77	}
78	function setData($_data) {
79	$this->data = serialize($_data);
80	}
81	function setIsPersistent($_is_persistent) {
82	$this->is_persistent = $_is_persistent;
83	}
84
85
86	/**
87	* Validate session based on browser cookie
88	*
89	* @return boolean
90	*/
91	function validate() {
92	$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
93	$rValue = false;
94	if ( (!$this->load($cookie))) {
95	# Failed - no such session, or session no match. Need to relogin
96	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
97	$rValue = false;
98	}
99	else {
100	# TODO: update session?
101	$rValue = true;
102	$this->maintenance();
103	$this->setFriend($this->getData());
104	}
105	return $rValue;
106	}
107
108	function destroy() {
109	$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
110	$rValue = 1;
111
112	/* if($nbr) {
113	# TODO: untaint
114	$sql = "DELETE FROM sessions WHERE userid = " . $nbr;
115	sqlQuery($sql);
116	unset($_SESSION['s_userAcct']);
117	unset($_SESSION['s_userName']);
118	unset($_SESSION['s_userType']);
119	}
120	}*/
121	}
122
123	function create() {
124	# create session on the database
125	$Friend = $this->getFriend();
126	$this->setData($Friend);
127
128	# need to have a bugzilla ID to log in
129	if($Friend->getBugzillaID() > 0) {
130	$App = new App();
131	$this->setGID(md5(uniqid(rand(),true)));
132	$this->setSubnet($this->getClientSubnet());
133	$this->setUpdatedAt($App->getCURDATE());
134
135	#$ModLog = new ModLog();
136	#$ModLog->setLogTable("Person");
137	#$ModLog->setPK1($this->getPersonID());
138
139	$dbc = new DBConnectionRW();
140	$dbh = $dbc->connect();
141
142	$sql = "INSERT INTO sessions (
143	gid,
144	bugzilla_id,
145	subnet,
146	updated_at,
147	data,
148	is_persistent)
149	VALUES (
150	" . $App->returnQuotedString($this->getGID()) . ",
151	" . $Friend->getBugzillaID() . ",
152	" . $App->returnQuotedString($this->getSubnet()) . ",
153	NOW(),
154	'" . $App->returnJSSAfeString($this->data) . "',
155	'" . $this->getIsPersistent() . "')";
156
157	mysql_query($sql, $dbh);
158
159	#$ModLog->setLogAction("INSERT");
160	#$ModLog->insertModLog();
161	$dbc->disconnect();
162
163	$cookie_time = 0;
164	if($this->persistent) {
165	$cookie_time = time()+360024365;
166	}
167	setcookie(ECLIPSE_SESSION, $this->getGID(), $cookie_time, "/", "eclipse.org");
168	}
169	}
170
171	function load($_gid) {
172	# need to have a bugzilla ID to log in
173
174	$rValue = false;
175
176	$App = new App();
177	$sql = "SELECT gid,
178	bugzilla_id,
179	subnet,
180	updated_at,
181	data,
182	is_persistent
183	FROM sessions
184	WHERE gid = " . $App->returnQuotedString($_gid) . "
185	AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
186
187	$dbc = new DBConnectionRW();
188	$dbh = $dbc->connect();
189	$result = mysql_query($sql, $dbh);
190	if($result && mysql_num_rows($result) > 0) {
191	$rValue = true;
192	$myrow = mysql_fetch_assoc($result);
193	$this->setGID($_gid);
194	$this->setBugzillaID($myrow['bugzilla_id']);
195	$this->setSubnet($myrow['subnet']);
196	$this->setUpdatedAt($myrow['updated_at']);
197	$this->data = $myrow['data'];
198	$this->setIsPersistent($myrow['is_persistent']);
199	}
200	$dbc->disconnect();
201
202	return $rValue;
203	}
204
205
206	function maintenance() {
207	$dbc = new DBConnectionRW();
208	$dbh = $dbc->connect();
209
210	$sql = "DELETE FROM sessions
211	WHERE (updated_at < DATE_SUB(NOW(), INTERVAL 1 DAY) AND is_persistent = 0)
212	OR (subnet = '" . $this->getClientSubnet() . "' AND gid <> '" . $this->getGID() . "')";
213
214	mysql_query($sql, $dbh);
215
216	$dbc->disconnect();
217	}
218
219	function getClientSubnet() {
220	# return class-c subnet
221	return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
222	}
223	}
224	?>