Move some code to specific classes files

This commit is contained in:
Stanislas Dolcini 2018-10-03 19:44:02 +02:00
parent 9e930e1c26
commit 38daa2aedd
3 changed files with 138 additions and 92 deletions

View file

@ -0,0 +1,81 @@
<?php
include_once './nel_command.php';
class ConnectionHandler
{
private $db_Connection;
public function __construct()
{
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
}
public function __destruct()
{
$db_Connection->close();
}
/**
* @param NelCommand
* the command you got from the client
*/
public function process_command($command)
{
switch ($command->cmd) {
case 'ask':
echo '1:' . askSalt($command->login, $command->lg);
break;
case 'login-https':
$salt = askSalt($command->login, $command->lg);
crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt));
case 'login':
$domainId = -1;
// client sent is login info
if (!checkUserValidity($_GET['login'], $_GET['password'], $_GET['clientApplication'], $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang)) {
echo '0:' . $reason;
} else {
// retreive the domain info
$domainInfo = getDomainInfo($domainId);
// if we need to create missing ring info
if ($AutoCreateRingInfo) {
// check if the ring user exist, and create it if not
$ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
mysqli_select_db($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '" . $id . "'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
if (mysqli_num_rows($result) == 0) {
// no ring user record, build one
$login = mysqli_real_escape_string($ringDb, $_GET['login']);
$query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
}
}
// store the web host for this domain
global $RingWebHost, $RingWebHostPHP;
$RingWebHost = $domainInfo['web_host'];
$RingWebHostPHP = $domainInfo['web_host_php'];
$LSaddr = explode(":", $domainInfo['login_address']);
// ask for a session cookie to the login service
$login = new LoginCb;
$res = "";
$login->connect($LSaddr[0], $LSaddr[1], $res);
$login->login($id, $_SERVER["REMOTE_ADDR"], $domainId);
// wait for the return message
if (!$login->waitCallback()) {
die(errorMsgBlock(3003));
}
//the rest of the process is done in the callback function
}
break;
default:
break;
}
}
}

View file

@ -0,0 +1,20 @@
<?php
class NelCommand
{
public $cmd;
public $login;
public $password;
public $clientApplication;
public $cp;
public $lg;
public function __construct($getParams)
{
$this->cmd = $getParams['cmd'];
$this->login = $getParams['login'];
$this->password = $getParams['password'];
$this->clientApplication = $getParams['clientApplication'];
$this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0;
$this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown';
}
}

View file

@ -14,19 +14,13 @@ include_once 'login_service_itf.php';
include_once '../ring/join_shard.php';
include_once './class/CWwwLog.php';
include_once './class/LoginCb.php';
include_once './class/connection_handler.php';
include_once './class/nel_command.php';
if (!isset($_GET['cmd'])) {
die(errorMsgBlock(3002));
}
// check for 'clear password' tag
if (!isset($_GET['cp'])) {
$cp = 0;
} else {
$cp = $_GET['cp'];
}
$submittedLang = isset($_GET['lg']) ? $_GET['lg'] : 'unknown';
/**
* $DisplayDbg is used in login_translations.php
* @todo Make sure this is the best place to do it.
@ -35,61 +29,9 @@ if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) {
$DisplayDbg = true;
}
switch ($_GET['cmd']) {
case 'ask':
// client ask for a login salt
askSalt($_GET['login'], $submittedLang);
break;
case 'login':
$domainId = -1;
// client sent is login info
if (!checkUserValidity($_GET['login'], $_GET['password'], $_GET['clientApplication'], $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang)) {
echo '0:' . $reason;
} else {
// retreive the domain info
$domainInfo = getDomainInfo($domainId);
// if we need to create missing ring info
if ($AutoCreateRingInfo) {
// check if the ring user exist, and create it if not
$ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
mysqli_select_db($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '" . $id . "'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
if (mysqli_num_rows($result) == 0) {
// no ring user record, build one
$login = mysqli_real_escape_string($ringDb, $_GET['login']);
$query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
}
}
// store the web host for this domain
global $RingWebHost, $RingWebHostPHP;
$RingWebHost = $domainInfo['web_host'];
$RingWebHostPHP = $domainInfo['web_host_php'];
$LSaddr = explode(":", $domainInfo['login_address']);
// ask for a session cookie to the login service
$login = new LoginCb;
$res = "";
$login->connect($LSaddr[0], $LSaddr[1], $res);
$login->login($id, $_SERVER["REMOTE_ADDR"], $domainId);
// wait for the return message
if (!$login->waitCallback()) {
die(errorMsgBlock(3003));
}
break;
//the rest of the process is done in the callback function
}
}
// no more to do (other global statement are old garbage)
die();
$nel_command = new NelCommand($_GET);
$connection_handler = new ConnectionHandler();
$connection_handler->process_command($nel_command);
// ----------------------------------------------------------------------------------------
// Functions
@ -97,20 +39,14 @@ die();
function get_salt($password)
{
if ($password[0] == '$') {
$salt = substr($password, 0, 19);
} else {
$salt = substr($password, 0, 2);
}
return $salt;
return $password[0] == '$' ? substr($password, 0, 19) : substr($password, 0, 2);
}
// see errorMsg
function errorMsgBlock($errNum = GENERIC_ERROR_NUM) // $mixedArgs
// $mixedArgsx
function errorMsgBlock($errNum = GENERIC_ERROR_NUM)
{
$args = func_get_args();
return '0:' . call_user_func_array('errorMsg', $args);
return '0:' . call_user_func_array('errorMsg', func_get_args());
}
// Callback called on end of output buffering
@ -159,37 +95,46 @@ function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$r
global $AcceptUnknownUser;
setMsgLanguage($lang);
$res = false;
$mysqli = new mysqli($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
$mysqli->select_db($DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$domainName = $mysqli->escape_string($clientApplication);
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$numrows = 0;
if ($stmt = $mysqli->prepare("SELECT TOP 1 domain_id FROM domain WHERE domain_name='?'")) {
$stmt->bind_param("s", $domainName);
$stmt->execute();
$stmt->bind_result($result) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$stmt->fetch();
$numrows = $stmt->num_rows;
$stmt->close();
}
// we map the client application to the domain name
$domainName = mysqli_real_escape_string($link, $clientApplication);
// retreive the domain id
$query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
if ($numrows == 0) {
// unrecoverable error, we must giveup
$reason = errorMsg(3007, $domainName);
mysqli_close($link);
$mysqli->close();
return false;
}
// retrieve the domain info
$domainId = $row[0];
$domainInfo = getDomainInfo($domainId);
// convert the domain status enum into the privilege access set
$accessPriv = strtoupper(substr($domainInfo['status'], 3));
// now, retrieve the user infos
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT * FROM user where Login='$login'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$login = $mysqli->escape_string($login);
$numrows = 0;
if ($stmt = mysqli_prepare("SELECT 1 FROM user WHERE Login='?'")) {
$stmt->bind_param("s", $login);
$stmt->execute();
$stmt->bind_result($result) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$stmt->fetch();
$numrows = $stmt->num_rows;
$stmt->close();
}
if (mysqli_num_rows($result) == 0) {
if ($numrows == 0) {
if ($AcceptUnknownUser) {
// login doesn't exist, create it
$escaped_password = $mysqli->escape_string($password);
@ -220,7 +165,7 @@ function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$r
$reason = errorMsg(2001, $login, 'checkUserValidity');
}
} else {
$row = mysqli_fetch_assoc($result);
$row = $mysqli->fetch_assoc();
$salt = get_salt($row["Password"]);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) {
// Store the real login (with correct case)
@ -287,7 +232,7 @@ function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$r
$reason = errorMsg(2004, 'user');
}
}
mysqli_close($link);
$mysqli->close();
return $res;
}
@ -348,6 +293,6 @@ function askSalt($login, $lang)
$salt = get_salt($res_array['Password']);
}
echo "1:" . $salt;
mysqli_close($link);
return $salt;
}