wbuezas
/
hedera-web-mindshore
forked from verdnatura/hedera-web
0
1
Fork 0
Code Pull Requests Activity

Backup

This commit is contained in:
Juan Ferrer Toribio 2016-09-20 20:36:22 +02:00
parent d9829da5be
commit 5c159f3ceb
7 changed files with 123 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/apache.conf
View File

@ -1,5 +1,5 @@
# Alias /hedera-web /usr/share/hedera-web/
# Alias /vn-image-data /var/lib/hedera-web/image/
# Alias /vn-image-data /var/lib/hedera-web/image-db/
<Directory /usr/share/hedera-web/>
@ -21,7 +21,7 @@
</Directory>
<Directory /var/lib/hedera-web/image/>
<Directory /var/lib/hedera-web/image-db/>
Options Indexes FollowSymLinks MultiViews
AllowOverride FileInfo Options

9
rest/core/login.php
View File

@ -1,13 +1,20 @@
<?php
require_once ('vn/web/json-request.php');
require_once ('vn/web/jwt.php');
class Login extends Vn\Web\JsonRequest
{
function run ()
{
$token = Jwt::encode ([
'userName' => $_SESSION['user'],
'timestamp' => time ()
'exp' => time () + 7 * 24 * 60 * 60
]);
$this->updateCredentials ();
return TRUE;
return $token;
}
/**

24
rest/core/query.php
View File

@ -10,13 +10,17 @@ class Query extends Vn\Web\JsonRequest
function run ($db)
{
$password = $db->getValue (
'SELECT password FROM user WHERE name = #', $_SESSION['user']);
$userDb = $this->createConnection ($_SESSION['user'], $password);
$results = [];
try {
$db->multiQuery ($_REQUEST['sql']);
$userDb->multiQuery ($_REQUEST['sql']);
do {
$result = $db->storeResult ();
$result = $userDb->storeResult ();
if ($result !== FALSE)
{
@ -26,12 +30,12 @@ class Query extends Vn\Web\JsonRequest
else
$results[] = TRUE;
}
while ($db->moreResults () && $db->nextResult ());
while ($userDb->moreResults () && $userDb->nextResult ());
// Checks for warnings
if ($db->checkWarnings ()
&& ($result = $db->query ('SHOW WARNINGS')))
if ($userDb->checkWarnings ()
&& ($result = $userDb->query ('SHOW WARNINGS')))
{
$sql = 'SELECT description, @warn code '.
'FROM sql_message WHERE code = @warn';
@ -39,7 +43,7 @@ class Query extends Vn\Web\JsonRequest
while ($row = $result->fetch_assoc ())
{
if ($row['Code'] == 1265
&& ($warning = $db->getRow ($sql)))
&& ($warning = $userDb->getRow ($sql)))
trigger_error ("{$warning['code']}: {$warning['description']}", E_USER_WARNING);
else
trigger_error ("{$row['Code']}: {$row['Message']}", E_USER_WARNING);
@ -48,7 +52,7 @@ class Query extends Vn\Web\JsonRequest
// Checks for errors
$db->checkError ();
$userDb->checkError ();
}
catch (Vn\Db\Exception $e)
{
@ -62,7 +66,7 @@ class Query extends Vn\Web\JsonRequest
{
$sql = 'SELECT description, #code code '.
'FROM sql_message WHERE code = #code';
$row = $db->getRow ($sql, ['code' => $message]);
$row = $userDb->getRow ($sql, ['code' => $message]);
break;
}
case 1305: // ER_SP_DOES_NOT_EXIST
@ -72,7 +76,7 @@ class Query extends Vn\Web\JsonRequest
$sql = 'SELECT description, @err code '.
'FROM sql_message WHERE code = @err';
$row = $db->getRow ($sql);
$row = $userDb->getRow ($sql);
break;
}
}
@ -87,7 +91,7 @@ class Query extends Vn\Web\JsonRequest
}
/**
* Transforms the database result into a JSON parseable array.
* Transforms the database result into a JSON parseable object.
**/
function transformResult ($result)
{

8
rest/image/image.php
View File

@ -1,5 +1,7 @@
<?php
use Vn\Lib\UserException;
class Image
{
/**
@ -24,10 +26,10 @@ class Image
$image = imagecreatefromgif ($srcFile);
break;
default:
throw new Exception (s('Bad file format'));
throw new UserException (s('Bad file format'));
}
else
throw new Exception (s('Image open error'));
throw new UserException (s('Image open error'));
return $image;
}
@ -138,7 +140,7 @@ class Image
}
if (!$saved)
throw new Exception (sprintf (s('File save error: %s'), $dstFile));
throw new UserException (sprintf (s('File save error: %s'), $dstFile));
}
}

119
vn/web/app.php
View File

@ -67,125 +67,6 @@ class App extends \Vn\Lib\App
else
return parent::getConfigFile ();
}
/**
* Tries to retrieve user credentials from many sources such as POST,
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
* are saved on the client brownser for future logins, cookies names are
* 'vn_user' for the user name and 'vn_pass' for user password, the
* password is encoded using base64_encode() function and should be decoded
* using base64_decode().
*
* return Db\Conn The database connection
**/
function login ()
{
if ($this->conn)
return $this->conn;
$user = NULL;
$password = NULL;
$credentialsChanged = TRUE;
$wasLoged = isset ($_SESSION['user']);
if (isset ($_POST['guest']))
{
$sysConn = $this->getSysConn ();
$row = $sysConn->getRow (
'SELECT guest_user, guest_pass FROM config');
if ($row)
{
$user = $row['guest_user'];
$password = base64_decode ($row['guest_pass']);
}
}
elseif (isset ($_POST['user']) && isset ($_POST['password']))
{
$user = $_POST['user'];
$password = $_POST['password'];
}
elseif (isset ($_POST['token']) || isset ($_GET['token']))
{
$key = $sysDb->getValue ('SELECT jwt_key FROM config');
$jwtPayload = Jwt::decode ($_REQUEST['token'], $key);
$user = $jwtPayload['user'];
}
elseif (isset ($_SESSION['user']))
{
$user = $_SESSION['user'];
$password = $_SESSION['password'];
$credentialsChanged = FALSE;
}
if (!isset ($user))
throw new SessionExpiredException ();
$user = strtolower ($user);
try {
$db = $this->createConnection ($user, $password);
$db->query ('CALL userStartSession (#)', [session_id ()]);
$this->conn = $db;
$jwtToken = Jwt::encode ([
'userName' => $user,
'timestamp' => time ()
'exp' => NULL
]);
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
}
catch (\Exception $e)
{
$this->conn = NULL;
throw new BadLoginException ();
}
// Registering the user access
if (!$wasLoged)
unset ($_SESSION['visitUser']);
if (isset ($_SESSION['access'])
&& !isset ($_SESSION['visitUser']))
{
$sysConn = $this->getSysConn ();
$_SESSION['visitUser'] = $sysConn->getValue (
'CALL visitUserNew (#, #, #)',
[
$_SESSION['access']
,nullIf ($_SESSION, 'visitUser')
,session_id ()
]
);
if (!isset ($_SESSION['visitUnknown']))
$_SESSION['visitUnknown'] = $_SESSION['visitUser'];
}
return $db;
}
/**
* Logouts the current user. Cleans the last saved used credentials.
**/
function logout ()
{
$_SESSION['visitUser'] = nullIf ($_SESSION, 'visitUnknown');
setcookie ('vnPass', '', -1);
unset ($_SESSION['user']);
unset ($_SESSION['password']);
if ($this->conn)
{
$this->conn->query ('DELETE FROM user_session_view');
$this->conn->close ();
$this->conn = NULL;
}
}
}
?>

13
vn/web/db-session-handler.php
View File

@ -18,14 +18,14 @@ class DbSessionHandler implements SessionHandlerInterface
function destroy ($sessionId)
{
$db->query ('DELETE FROM userSession WHERE id = #', [$sessionId]);
$db->query ('DELETE FROM userSession WHERE ssid = #', [$sessionId]);
return TRUE;
}
function gc ($maxLifeTime)
{
$db->query ('DELETE FROM userSession
WHERE creationDate < TIMESTAMPADD(SECOND, -#, NOW())',
WHERE lastUpdate < TIMESTAMPADD(SECOND, -#, NOW())',
[$maxLifeTime]
);
return TRUE;
@ -38,20 +38,19 @@ class DbSessionHandler implements SessionHandlerInterface
function read ($sessionId)
{
$db->query ('DO GET_LOCK(#, 30)', [$sessionId]);
//$db->query ('DO GET_LOCK(#, 30)', [$sessionId]);
$sessionData = $db->getValue (
'SELECT data FROM userSession WHERE id = #', [$sessionId]);
'SELECT data FROM userSession WHERE ssid = #', [$sessionId]);
return isset ($sessionData) ? $sessionData : '';
}
function write ($sessionId, $sessionData)
{
$db->query ('REPLACE INTO userSession SET id = #, data = #',
$db->query ('REPLACE INTO userSession SET ssid = #, data = #',
[$sessionId, $sessionData]);
$db->query ('DO RELEASE_LOCK(#)', [$sessionId]);
//$db->query ('DO RELEASE_LOCK(#)', [$sessionId]);
return TRUE;
}
}
?>

90
vn/web/service.php
View File

@ -5,9 +5,7 @@ namespace Vn\Web;
require_once ('vn/lib/app.php');
require_once (__DIR__.'/db-session-handler.php');
use Vn\Lib;
use Vn\Lib\Locale;
use Vn\Db\Conn;
/**
* Thrown when user credentials could not be fetched.
@ -117,6 +115,94 @@ abstract class Service
else
$_SESSION['skipVisit'] = TRUE;
}
/**
* Tries to retrieve user credentials from many sources such as POST,
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
* are saved on the client brownser for future logins, cookies names are
* 'vn_user' for the user name and 'vn_pass' for user password, the
* password is encoded using base64_encode() function and should be decoded
* using base64_decode().
*
* return Db\Conn The database connection
**/
function login ()
{
$db = $this->getSysConn ();
$user = NULL;
$wasLoged = isset ($_SESSION['user']);
if (isset ($_POST['user']) && isset ($_POST['password']))
{
$user = strtolower ($_POST['user']);
try {
$db->query ('CALL account.userLogin (#, #)',
[$user, $_POST['password']]);
}
catch (\Exception $e)
{
throw new BadLoginException ();
}
}
else
{
if (isset ($_POST['token']) || isset ($_GET['token']))
{
if (isset ($_POST['token']))
$token = $_POST['token'];
if (isset ($_GET['token']))
$token = $_GET['token'];
$key = $db->getValue ('SELECT jwt_key FROM config');
$jwtPayload = Jwt::decode ($token, $key);
$expiration = $jwtPayload['exp'];
if (isset ($expiration) && $expiration > time())
throw new SessionExpiredException ();
$user = $jwtPayload['user'];
}
else
$user = $db->getValue ('SELECT guest_user FROM config');
$db->query ('CALL account.userLoginWithName (#)', [$user]);
}
$_SESSION['user'] = $user;
// Registering the user access
if (isset ($_SESSION['access'])
&& (!isset ($_SESSION['visitUser'] || $wasLoged)))
{
$_SESSION['visitUser'] = TRUE;
$db->query (
'CALL visitUserNew (#, #)',
[$_SESSION['access'], session_id ()]
);
}
$db->query ('CALL userSessionStart (#)', [session_id ()]);
}
function deinit ()
{
$db = $this->getSysConn ();
$db->query ('CALL userSessionEnd ()');
$db->query ('CALL account.userLogout ()');
}
/**
* Logouts the current user. Cleans the last saved used credentials.
**/
function logout ()
{
unset ($_SESSION['visitUser']);
unset ($_SESSION['user']);
}
/**
* Checks if the HTTP connection is secure.