From ef76b60f7dfbf4bf06b598d4fbbb3b1c26054ad3 Mon Sep 17 00:00:00 2001
From: Stanislas Dolcini <stanislas.dolcini@devinci.fr>
Date: Sat, 6 Oct 2018 17:09:18 +0200
Subject: [PATCH] Attempt to make the code nicer

---
 code/web/public_php/login/class/LoginCb.php   |  12 +-
 .../login/class/connection_handler.php        | 139 ++++++++++++------
 code/web/public_php/login/r2_login.php        |   4 +-
 3 files changed, 107 insertions(+), 48 deletions(-)

diff --git a/code/web/public_php/login/class/LoginCb.php b/code/web/public_php/login/class/LoginCb.php
index ca2fe04b8..dcc1bdea3 100644
--- a/code/web/public_php/login/class/LoginCb.php
+++ b/code/web/public_php/login/class/LoginCb.php
@@ -1,10 +1,18 @@
 <?php
 class LoginCb extends CLoginServiceWeb
 {
+    private $ring_web_host;
+    private $ring_web_host_php;
+
+    public function __construct($ring_web_host, $ring_web_host_php)
+    {
+        $this->ring_web_host_php = $ring_web_host_php;
+        $this->ring_web_host = $ring_web_host;
+    }
+
     // receive the login result sent back by the LS
     public function loginResult($userId, $cookie, $resultCode, $errorString)
     {
-        global $RingWebHost, $RingWebHostPHP;
         global $domainId;
 
         if ($resultCode == 0 && $cookie != "") {
@@ -31,7 +39,7 @@ class LoginCb extends CLoginServiceWeb
             $res = joinMainland($userId, $domainId, $row["domain_name"]);
 
             if ($res) {
-                echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $RingWebHost . "/ring/web_start.php#http://" . $RingWebHostPHP . "/ring/\n";
+                echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n";
                 // return the ring domain information
                 echo $row["patch_version"] . "#" . $row["backup_patch_url"] . "#" . $row["patch_urls"];
             } else {
diff --git a/code/web/public_php/login/class/connection_handler.php b/code/web/public_php/login/class/connection_handler.php
index 08e64f263..e6b9d4de1 100644
--- a/code/web/public_php/login/class/connection_handler.php
+++ b/code/web/public_php/login/class/connection_handler.php
@@ -10,34 +10,81 @@ include_once './../../tools/domain_info.php';
 
 class ConnectionHandler
 {
-    private $db_Connection;
+    private $db_base_connection;
+    private $db_ring_connection;
 
-    public function __construct()
+    private $db_ring_connection_host;
+    private $db_ring_connection_username;
+    private $db_ring_connection_password;
+
+    private $db_base_connection_host;
+    private $db_base_connection_username;
+    private $db_base_connection_password;
+    private $db_base_connection_dbname;
+
+    public function __construct($db_base_connection_host, $db_base_connection_username, $db_base_connection_password, $db_base_connection_dbname, $db_ring_connection_host, $db_ring_connection_username, $db_ring_connection_password)
     {
+        $this->db_ring_connection_host = $db_ring_connection_host;
+        $this->db_ring_connection_username = $db_ring_connection_username;
+        $this->db_ring_connection_password = $db_ring_connection_password;
 
+        $this->db_base_connection_host = $db_base_connection_host;
+        $this->db_base_connection_username = $db_base_connection_username;
+        $this->db_base_connection_password = $db_base_connection_password;
+        $this->db_base_connection_dbname = $db_base_connection_dname;
     }
 
-    public function connect($dbhost, $dbusername, $dbpassword, $dbname)
+    /**
+     * Connects to the database using the constructor provided arguments
+     */
+    public function connect()
     {
-        $this->db_Connection = new mysqli($dbhost, $dbusername, $dbpassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
-        $this->db_Connection->select_db($dbname) or die(errorMsgBlock(3005, 'main', $dbname, $dbhost, $dbusername));
+        connect_to_base_db($this->db_base_connection_host,
+            $this->db_base_connection_username,
+            $this->db_base_connection_password,
+            $this->db_base_connection_dbname);
     }
 
+    /**
+     * Connect to the base database and sets the fields.
+     */
+    public function connect_to_base_db($dbhost, $dbusername, $dbpassword, $dbname)
+    {
+        $this->db_base_connection = new mysqli($dbhost, $dbusername, $dbpassword) or die(errorMsgBlock(3004, 'main', $dbhost, $dbusername));
+        $this->db_base_connection->select_db($dbname) or die(errorMsgBlock(3005, 'main', $dbname, $dbhost, $dbusername));
+    }
+
+    /**
+     * Connect to the ring database and set the fields.
+     */
+    public function connect_to_ring_db($dbhost, $dbusername, $dbpassword, $dbname)
+    {
+        $this->db_ring_connection = new mysqli($dbhost, $dbusername, $dbpassword) or die(errorMsgBlock(3004, 'ring', $dbhost, $dbusername));
+        $this->db_ring_connection->select_db($dbname) or die(errorMsgBlock(3005, 'ring', $dbname, $dbhost, $dbusername));
+    }
+
+    /**
+     * Called when the object goes out of scope.
+     */
     public function __destruct()
     {
-        if ($this->db_Connection != null) {
-            $this->db_Connection->close();
+        if ($this->db_base_connection != null) {
+            $this->db_base_connection->close();
+        }
+
+        if ($this->db_ring_connection != null) {
+            $this->db_ring_connection->close();
         }
     }
 
     private function askSalt($login, $lang)
     {
         setMsgLanguage($lang);
-        $escaped_login = $this->db_Connection->escape_string($login);
-        if ($stmt = $this->db_Connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
+        $escaped_login = $this->db_base_connection->escape_string($login);
+        if ($stmt = $this->db_base_connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
             $stmt->bind_param('s', $escaped_login);
             $stmt->execute();
-            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error));
+            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
             $stmt->fetch();
             if ($stmt->num_rows == 1) {
                 $salt = '1:' . get_salt($password);
@@ -53,46 +100,47 @@ class ConnectionHandler
      * Create the db ring.
      * @todo: currently broken, because it uses globals.
      */
-    private function CreateRing($domainInfo)
-    { // check if the ring user exist, and create it if not
-        // $ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
-        // mysqli_select_db($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
-        // $query = "SELECT user_id FROM ring_users where user_id = '" . $id . "'";
-        // $result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
+    private function CreateRing($domainInfo, $id, $login)
+    {
+        connect_to_ring_db($this->db_ring_connection_host,
+            $this->db_ring_connection_username,
+            $this->db_ring_connection_password,
+            $domainInfo['ring_db_name']);
 
-        // if (mysqli_num_rows($result) == 0) {
-        //     // no ring user record, build one
-        //     $login = mysqli_real_escape_string($ringDb, $_GET['login']);
-        //     $query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
-        //     $result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
-        // }
+        if ($stmt = $this->db_base_connection->prepare('SELECT user_id FROM ring_users where user_id = \'?\' LIMIT 1')) {
+            $stmt->bind_param('i', $id);
+            $stmt->execute();
+            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
+            $stmt->fetch();
+            if ($stmt->num_rows == 0) {
+                // no ring user record, build one
+                $escaped_login = $this->db_ring_connection->escape_string($login);
+                $query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$escaped_login', user_type='ut_pioneer'";
+                $result = $this->db_ring_connection->query($query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $this->db_ring_connection_host, $this->db_ring_connection_username, $this->db_ring_connection->error));
+            }
+            $stmt->close();
+        }
     }
 
     private function Login($login, $password, $clientApplication, $cp, $submittedLang)
     {
         $domainId = -1;
+        $loginSuccessful = checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
         // Client sent his login info
-        if (checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang)) {
+        if (!$loginSuccessful) {
             echo '0:' . $reason;
         } else {
             // retrieve the domain info
             $domainInfo = getDomainInfo($domainId);
             // if we need to create missing ring info
             if ($AutoCreateRingInfo) {
-                CreateRing($domainInfo);
+                CreateRing($domainInfo, $id, $login);
             }
 
-            // store the web host for this domain
-            global $RingWebHost;
-            global $RingWebHostPHP;
-
-            $RingWebHost = $domainInfo['web_host'];
-            $RingWebHostPHP = $domainInfo['web_host_php'];
-
             $LSaddr = explode(":", $domainInfo['login_address']);
 
             // ask for a session cookie to the login service
-            $loginCb = new LoginCb();
+            $loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php']);
             $loginCb->connect($LSaddr[0], $LSaddr[1], '');
             $loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId);
 
@@ -147,12 +195,12 @@ class ConnectionHandler
     {
         $res = false;
         setMsgLanguage($lang);
-        $domainName = $this->db_Connection->escape_string($clientApplication);
+        $domainName = $this->db_base_connection->escape_string($clientApplication);
 
-        if ($stmt = $this->db_Connection->prepare('SELECT domain_id FROM domain WHERE domain_name=\'?\' LIMIT 1')) {
+        if ($stmt = $this->db_base_connection->prepare('SELECT domain_id FROM domain WHERE domain_name=\'?\' LIMIT 1')) {
             $stmt->bind_param("s", $domainName);
             $stmt->execute();
-            $stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_Connection->error));
+            $stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error));
             $stmt->fetch();
             if ($stmt->num_rows == 0) {
                 // unrecoverable error, we must giveup
@@ -170,20 +218,20 @@ class ConnectionHandler
         $accessPriv = strtoupper(substr($domainInfo['status'], 3));
 
         // now, retrieve the user infos
-        $login = $this->db_Connection->escape_string($login);
+        $login = $this->db_base_connection->escape_string($login);
         $numrows = 0;
-        if ($stmt = $this->db_Connection->prepare('SELECT Password, UId FROM user WHERE Login=\'?\' LIMIT 1')) {
+        if ($stmt = $this->db_base_connection->prepare('SELECT Password, UId FROM user WHERE Login=\'?\' LIMIT 1')) {
             $stmt->bind_param('s', $login);
             $stmt->execute();
-            $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error));
+            $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
             $stmt->fetch();
             if ($stmt->num_rows) {
                 $salt = get_salt($dbPassword);
                 if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) {
-                    if ($stmt2 = $this->db_Connection->prepare('SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission WHERE UId=\'' . $dbUid . '\' AND DomainId=\'$domainId\'')) {
+                    if ($stmt2 = $this->db_base_connection->prepare('SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission WHERE UId=\'' . $dbUid . '\' AND DomainId=\'$domainId\'')) {
                         $stmt2->bind_param('i', $dbUid);
                         $stmt2->execute();
-                        $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error));
+                        $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
                         $stmt2->fetch();
                         if ($stmt->num_rows == 0) {
                             // no permission
@@ -194,9 +242,7 @@ class ConnectionHandler
                                 // no permission
                                 $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
                             } else {
-                                if (IsUserOnline()) {
-
-                                } else {
+                                if (!IsUserOnline($res)) {
                                     $id = $dbUid;
                                     $priv = $dbPrivilege;
                                     $extended = $dbExtendedPrivilege;
@@ -215,7 +261,12 @@ class ConnectionHandler
         return $res;
     }
 
-    private function IsUserOnline()
+    /**
+     * Check if user is online and try to disconnect him.
+     * Sets res to false if it failed.
+     * @todo fix it.
+     */
+    private function IsUserOnline(&$res)
     {
         return false;
         // // check if the user not already online
diff --git a/code/web/public_php/login/r2_login.php b/code/web/public_php/login/r2_login.php
index 834d94f35..bde0d9f4f 100755
--- a/code/web/public_php/login/r2_login.php
+++ b/code/web/public_php/login/r2_login.php
@@ -21,8 +21,8 @@ if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) {
 // Create a command object using the user's parameters.
 $nel_command = new NelCommand($_GET);
 // Create a connexion handler to process that command.
-$connection_handler = new ConnectionHandler();
+$connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword);
 // Connect the connection handler to the database.
-$connection_handler->connect($DBHost, $DBUserName, $DBPassword, $DBName);
+$connection_handler->connect();
 // Process the command sent by the user.
 $connection_handler->process_command($nel_command);