Attachment 83428 Details for Bug 209557 – Revised patch for site login

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

[patch] Revised patch for site login

patch.txt (text/plain), 12.77 KB, created by Denis Roy

on 2007-11-21 09:04:01 EST

(hide)

Description:

Filename:

MIME Type:

Creator: Denis Roy

Created: 2007-11-21 09:04:01 EST

Size: 12.77 KB

patch

obsolete

>### Eclipse Workspace Patch 1.0
>#P www
>Index: eclipse.org-common/system/app.class.php
>===================================================================
>RCS file: /cvsroot/org.eclipse/www/eclipse.org-common/system/app.class.php,v
>retrieving revision 1.36
>diff -u -r1.36 app.class.php
>--- eclipse.org-common/system/app.class.php	16 Oct 2007 15:51:23 -0000	1.36
>+++ eclipse.org-common/system/app.class.php	21 Nov 2007 13:50:34 -0000
>@@ -329,6 +329,8 @@
> 	
> 	function generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html) {
> 		
>+		# OPT1: ob_start();
>+		
> 		# All web page parameters passed for variable scope
> 		
> 		if($theme == "") {
>@@ -359,6 +361,22 @@
> 		
> 		echo $html;
> 		include($this->getFooterPath($theme));
>+		
>+		# OPT1:$starttime = microtime();
>+		# OPT1:$html = ob_get_contents();
>+		# OPT1:ob_end_clean();
>+		
>+		# OPT1:$stripped_html = $html;
>+		# OPT1:$stripped_html = preg_replace("/^\s*/", "", $stripped_html);
>+		# OPT1:$stripped_html = preg_replace("/\s{2,}/", " ", $stripped_html);
>+		# OPT1:$stripped_html = preg_replace("/^\t*/", "", $stripped_html);
>+		# OPT1:$stripped_html = preg_replace("/\n/", "", $stripped_html);
>+		# OPT1:$stripped_html = preg_replace("/>\s</", "><", $stripped_html);
>+		# $stripped_html = preg_replace("//", "", $stripped_html);
>+		# OPT1:$endtime = microtime();
>+		
>+		# OPT1:echo "";
>+		# echo $stripped_html;
> 	}
> 	
> 	function AddExtraHtmlHeader( $string ) {
>@@ -703,6 +721,27 @@
> 			}
> 			return $fileSize;
> 		}
>+
>+		function useSession() {
>+			require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
>+        	$ssn = new Session();
>+        	$ssn->validate();
>+        	return $ssn;
>+		}
>+		
>+		function isValidCaller($_pathArray) {
>+			$a = debug_backtrace();
>+			$caller = $a[1]['file'];  # Caller 0 is the class that called App();
>+			$validCaller = false;
>+			for($i = 0; $i < count($_pathArray); $i++) {
>+				# TODO: use regexp's to match the leftmost portion for better security 
>+				if(strstr($caller, $_pathArray[$i])) {
>+					$validCaller = true;
>+					break;
>+				}
>+			}
>+			return $validCaller;			
>+		}
> }
> 
> ?>
>\ No newline at end of file
>Index: eclipse.org-common/system/session.class.php
>===================================================================
>RCS file: eclipse.org-common/system/session.class.php
>diff -N eclipse.org-common/system/session.class.php
>--- /dev/null	1 Jan 1970 00:00:00 -0000
>+++ eclipse.org-common/system/session.class.php	1 Jan 1970 00:00:00 -0000
>@@ -0,0 +1,233 @@
>+<?php
>+/*******************************************************************************
>+ * Copyright (c) 2007 Eclipse Foundation and others.
>+ * All rights reserved. This program and the accompanying materials
>+ * are made available under the terms of the Eclipse Public License v1.0
>+ * which accompanies this distribution, and is available at
>+ * http://www.eclipse.org/legal/epl-v10.html
>+ *
>+ * Contributors:
>+ *    Denis Roy (Eclipse Foundation)- initial API and implementation
>+ *******************************************************************************/
>+
>+define('ECLIPSE_SESSION', 'ECLIPSESESSION');
>+
>+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
>+require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
>+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
>+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/evt_log.class.php");
>+
>+class Session {
>+
>+	private $gid		= "";
>+	private $bugzilla_id= 0;
>+	private $subnet		= "";
>+	private $updated_at	= "";
>+	private $is_persistent	= 0;
>+	private $Friend		= null;
>+	private $data		= "";
>+	
>+	/**
>+	 * Default constructor
>+	 *
>+	 * @return null
>+	 */
>+	function Session($persistent=null) {
>+		$this->is_persistent = $persistent;
>+		$this->validate();			
>+	}
>+	
>+
>+	
>+	function getGID() {
>+		return $this->gid;
>+	}
>+	function getBugzillaID() {
>+		return $this->bugzilla_id;
>+	}
>+	function getSubnet() {
>+		return $this->subnet;
>+	}
>+	function getUpdatedAt() {
>+		return $this->updated_at;
>+	}
>+	function getFriend() {
>+		return $this->Friend;
>+	}
>+	function getData() {
>+		return unserialize($this->data);
>+	}
>+	function getIsPersistent() {
>+		return $this->is_persistent == null ? 0 : $this->is_persistent;
>+	}
>+	
>+	function setGID($_gid) {
>+		$this->gid = $_gid;
>+	}
>+	function setBugzillaID($_bugzilla_id) {
>+		$this->bugzilla_id = $_bugzilla_id;
>+	}
>+	function setSubnet($_subnet) {
>+		$this->subnet = $_subnet;
>+	}
>+	function setUpdatedAt($_updated_at) {
>+		$this->updated_at = $_updated_at;
>+	}
>+	function setFriend($_friend) {
>+		$this->Friend = $_friend;
>+	}
>+	function setData($_data) {
>+		$this->data = serialize($_data);
>+	}
>+	function setIsPersistent($_is_persistent) {
>+		$this->is_persistent = $_is_persistent;
>+	}
>+
>+	
>+	/**
>+	 * Validate session based on browser cookie
>+	 *
>+	 * @return boolean
>+	 */
>+	function validate() {
>+		$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
>+		$rValue = false;
>+		if ( (!$this->load($cookie))) {
>+        	# Failed - no such session, or session no match.  Need to relogin
>+        	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
>+        	$rValue = false;
>+        }
>+        else {
>+			# TODO: update session?
>+			$rValue = true;
>+        	$this->maintenance();
>+        	$this->setFriend($this->getData());
>+        }
>+        return $rValue;
>+	}
>+
>+
>+	function destroy() {
>+		if($this->getBugzillaID() != 0) {
>+        	$sql = "DELETE FROM sessions WHERE bugzilla_id = " . $this->getBugzillaID();
>+        	$dbc = new DBConnectionRW();
>+			$dbh = $dbc->connect();
>+			mysql_query($sql, $dbh);
>+			$dbc->disconnect();
>+			setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
>+			
>+			# Log this event
>+			$EvtLog = new EvtLog();
>+			$EvtLog->setLogTable("sessions");
>+			$EvtLog->setPK1($this->getBugzillaID());
>+			$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
>+			$EvtLog->setLogAction("DELETE");
>+			$EvtLog->insertModLog("apache");
>+		}
>+	}
>+	
>+	function create() {
>+		# create session on the database
>+		$Friend = $this->getFriend();
>+		$this->setData($Friend);
>+		
>+		# need to have a bugzilla ID to log in
>+		if($Friend->getBugzillaID() > 0) {
>+			$App = new App();
>+			$this->setGID(md5(uniqid(rand(),true)));
>+			$this->setSubnet($this->getClientSubnet());
>+			$this->setUpdatedAt($App->getCURDATE());
>+			
>+			$dbc = new DBConnectionRW();
>+			$dbh = $dbc->connect();
>+			
>+			$sql = "INSERT INTO sessions (
>+						gid,
>+						bugzilla_id,
>+						subnet,
>+						updated_at,
>+						data,
>+						is_persistent)
>+						VALUES (
>+							" . $App->returnQuotedString($this->getGID()) . ",
>+							" . $Friend->getBugzillaID() . ",
>+							" . $App->returnQuotedString($this->getSubnet()) . ",
>+							NOW(),
>+							'" . $App->returnJSSAfeString($this->data) . "',
>+							'" . $this->getIsPersistent() . "')";
>+
>+			mysql_query($sql, $dbh);
>+			$dbc->disconnect();
>+			
>+			
>+			# Log this event
>+			$EvtLog = new EvtLog();
>+			$EvtLog->setLogTable("sessions");
>+			$EvtLog->setPK1($this->getBugzillaID());
>+			$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
>+			$EvtLog->setLogAction("INSERT");
>+			$EvtLog->insertModLog("apache");
>+
>+			
>+			$cookie_time = 0;
>+			if($this->persistent) {
>+				$cookie_time = time()+3600*24*365;
>+			}
>+			setcookie(ECLIPSE_SESSION, $this->getGID(), $cookie_time, "/", "eclipse.org");			
>+		}
>+	}
>+	
>+	function load($_gid) {
>+		# need to have a bugzilla ID to log in
>+		
>+		$rValue = false;
>+		if($_gid != "") {
>+			$App = new App();
>+			$sql = "SELECT	gid,
>+							bugzilla_id,
>+							subnet,
>+							updated_at,
>+							data,
>+							is_persistent
>+					FROM sessions
>+					WHERE gid = " . $App->returnQuotedString($_gid) . "
>+						AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
>+			
>+			$dbc = new DBConnectionRW();
>+			$dbh = $dbc->connect();
>+			$result = mysql_query($sql, $dbh);
>+			if($result && mysql_num_rows($result) > 0) {
>+				$rValue = true;
>+				$myrow = mysql_fetch_assoc($result);
>+				$this->setGID($_gid);
>+				$this->setBugzillaID($myrow['bugzilla_id']);
>+				$this->setSubnet($myrow['subnet']);
>+				$this->setUpdatedAt($myrow['updated_at']);
>+				$this->data = $myrow['data'];
>+				$this->setIsPersistent($myrow['is_persistent']);
>+			}
>+			$dbc->disconnect();
>+		}		
>+		return $rValue;
>+	}
>+	
>+	
>+	function maintenance() {
>+		$dbc = new DBConnectionRW();
>+		$dbh = $dbc->connect();
>+			
>+		$sql = "DELETE FROM sessions 
>+				WHERE (updated_at < DATE_SUB(NOW(), INTERVAL 1 DAY) AND is_persistent = 0) 
>+				OR (subnet = '" . $this->getClientSubnet() . "' AND gid <> '" . $this->getGID() . "')"; 
>+
>+		mysql_query($sql, $dbh);
>+
>+		$dbc->disconnect();
>+	}
>+		
>+	function getClientSubnet() {
>+		# return class-c subnet
>+		return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
>+	}	
>+}    
>+?>
>Index: eclipse.org-common/system/evt_log.class.php
>===================================================================
>RCS file: eclipse.org-common/system/evt_log.class.php
>diff -N eclipse.org-common/system/evt_log.class.php
>--- /dev/null	1 Jan 1970 00:00:00 -0000
>+++ eclipse.org-common/system/evt_log.class.php	1 Jan 1970 00:00:00 -0000
>@@ -0,0 +1,141 @@
>+<?php
>+/*******************************************************************************
>+ * Copyright (c) 2007 Eclipse Foundation and others.
>+ * All rights reserved. This program and the accompanying materials
>+ * are made available under the terms of the Eclipse Public License v1.0
>+ * which accompanies this distribution, and is available at
>+ * http://www.eclipse.org/legal/epl-v10.html
>+ *
>+ * Contributors:
>+ *    Denis Roy (Eclipse Foundation)- initial API and implementation
>+ *******************************************************************************/
>+
>+define('MAX_LOG_DAYS', 365);
>+
>+require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
>+
>+class EvtLog {
>+
>+	#*****************************************************************************
>+	#
>+	# evt_log.class.php
>+	#
>+	# Author: 		Denis Roy
>+	# Date:			2004-08-05
>+	#
>+	# Description: Functions and modules related to a modification log entry
>+	#
>+	# HISTORY:
>+	#
>+	#*****************************************************************************
>+
>+
>+	
>+	var $LogID 		= 0;
>+	var $LogTable		= "";
>+	var $PK1		= "";
>+	var $PK2		= "";
>+	var $LogAction		= "";
>+	var $uid		= "";
>+	var $EvtDateTime	= "";
>+	
>+	function getLogID() {
>+		return $this->LogID;
>+	}
>+	function getLogTable() {
>+		return $this->LogTable;
>+	}
>+	function getPK1() {
>+		return $this->PK1;
>+	}
>+	function getPK2() {
>+		return $this->PK2;
>+	}
>+	function getLogAction() {
>+		return $this->LogAction;
>+	}
>+	function getuid() {
>+		return $this->PersonID;
>+	}
>+	function getEvtDateTime() {
>+		return $this->EvtDateTime;
>+	}
>+
>+
>+	function setLogID($_LogID) {
>+		$this->LogID = $_LogID;
>+	}
>+	function setLogTable($_LogTable) {
>+		$this->LogTable = $_LogTable;
>+	}
>+	function setPK1($_PK1) {
>+		$this->PK1 = $_PK1;
>+	}
>+	function setPK2($_PK2) {
>+		$this->PK2 = $_PK2;
>+	}
>+	function setLogAction($_LogAction) {
>+		$this->LogAction = $_LogAction;
>+	}
>+	function setuid($_uid) {
>+		$this->uid = $_uid;
>+	}
>+	function setEvtDateTime($_EvtDateTime) {
>+		$this->EvtDateTime = $_EvtDateTime;
>+	}
>+
>+	function insertModLog ($_uid) {
>+		$uid = $_uid;
>+		if($this->getLogTable() != "" && $this->getPK1() != "" && $this->getLogAction() != "" && $uid != "") {
>+			$App = new App();
>+			$dbc = new DBConnectionRW();
>+			$dbh = $dbc->connect();
>+			
>+			$sql = "INSERT INTO SYS_EvtLog (
>+						LogID,
>+						LogTable,
>+						PK1,
>+						PK2,
>+						LogAction,
>+						uid,
>+						EvtDateTime)
>+					VALUES (
>+						NULL,
>+						" . $App->returnQuotedString($this->getLogTable()) . ",
>+						" . $App->returnQuotedString($this->getPK1()) . ",
>+						" . $App->returnQuotedString($this->getPK2()) . ",
>+						" . $App->returnQuotedString($this->getLogAction()) . ",
>+						" . $App->returnQuotedString($uid) . ",
>+						NOW()
>+					)";
>+					
>+			mysql_query($sql, $dbh);
>+			if(mysql_error() != "") {
>+				echo "An unknown database error has occurred while logging information.  Please contact the System Administrator.";
>+				echo mysql_error();
>+				exit;
>+			}
>+			
>+			$dbc->disconnect();
>+			
>+			# 1% of each hits will perform clean up	
>+			if(rand(0, 100) < 1) {
>+				$this->cleanup();
>+			}
>+		}
>+		else {
>+			echo "An unknown system error has occurred while logging information.  Please contact the System Administrator.";
>+			exit;
>+		}
>+	}
>+	
>+	function cleanup() {
>+		 $sql = "DELETE FROM SYS_EvtLog WHERE EvtDateTime < " . MAX_LOG_DAYS;
>+					
>+		$dbc = new DBConnectionRW();
>+		$dbh = $dbc->connect();
>+		mysql_query($sql, $dbh);
>+		$dbc->disconnect();
>+	}
>+}
>+?>

Actions: View | Diff

Attachments on bug 209557: 83366 | 83428 | 83469