function test_getIPAddressType()
{
$ips = array('0.0.0.0' => 'external', '10.0.0.1' => 'internal', '127.0.0.1' => 'loopback', '172.16.0.1' => 'internal', '192.168.0.1' => 'internal', '255.0.0.1' => 'external');
foreach ($ips as $ip => $expected) {
$rv = fbHTTP::getIPAddressType($ip);
$this->assertEquals($expected, $rv);
}
}
<?php
// $CVSHeader: _freebeer/www/tests/index.php,v 1.3 2004/03/07 17:51:36 ross Exp $
// Copyright (c) 2002-2004, Ross Smith. All rights reserved.
// Licensed under the BSD or LGPL License. See license.txt for details.
error_reporting(2047);
@set_time_limit(0);
defined('FREEBEER_BASE') || define('FREEBEER_BASE', getenv('FREEBEER_BASE') ? getenv('FREEBEER_BASE') : dirname(dirname(dirname(__FILE__))));
require_once FREEBEER_BASE . '/lib/Pear/Pear.php';
require_once FREEBEER_BASE . '/lib/HTTP.php';
fbHTTP::sendLastModified();
require_once 'PHPUnit.php';
require_once 'PHPUnit/GUI/HTML.php';
require_once 'PHPUnit/GUI/SetupDecorator.php';
/// \todo rewrite to fbTestSuite class
// called via:
// fbTestSuite(array(['dir1', 'dir2', .... ]));
$gui =& new PHPUnit_GUI_SetupDecorator(new PHPUnit_GUI_HTML());
chdir(FREEBEER_BASE . '/tests') || trigger_error(sprintf('Can\'t change directory to \'%s\'', FREEBEER_BASE . '/tests'), E_USER_ERROR);
$gui->getSuitesFromDir('.', '^Test.*\\.php$');
error_reporting(0);
$gui->show();
?>
<?php
// $CVSHeader: _freebeer/www/lib/tests/_header.php,v 1.3 2004/03/08 04:29:18 ross Exp $
// Copyright (c) 2002-2004, Ross Smith. All rights reserved.
// Licensed under the BSD or LGPL License. See license.txt for details.
defined('FREEBEER_BASE') || define('FREEBEER_BASE', getenv('FREEBEER_BASE') ? getenv('FREEBEER_BASE') : dirname(dirname(dirname(dirname(__FILE__)))));
require_once FREEBEER_BASE . '/lib/HTTP.php';
require_once FREEBEER_BASE . '/www/fbWeb.php';
$www_root = fbWeb::getWebRoot();
$doc_root = fbWeb::getDocRoot();
//$root_dir = $doc_root . $www_root;
if (isset($test_name)) {
$test_name = $www_root . $test_name;
}
fbHTTP::sendNoCacheHeaders();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!--
$CVSHeader: _freebeer/www/lib/tests/_header.php,v 1.3 2004/03/08 04:29:18 ross Exp $
Copyright (c) 2001-2003, Ross Smith. All rights reserved.
Licensed under the BSD or LGPL License. See doc/license.txt for details.
-->
<head>
<title><?php
echo $test_name;
?>
Test Suite</title>
<?php
// $CVSHeader: _freebeer/www/demo/hmac_login/server_adodb.php,v 1.3 2004/03/07 17:51:34 ross Exp $
// Copyright (c) 2002-2004, Ross Smith. All rights reserved.
// Licensed under the BSD or LGPL License. See license.txt for details.
require_once '../_demo.php';
$title = 'fbHMAC_Login_ADOdb Class (Secure Challenge/Response Login)';
require_once FREEBEER_BASE . '/lib/HMAC_Login/ADOdb.php';
$html_header = html_header_demo($title, null, null, false);
require_once FREEBEER_BASE . '/lib/HTTP.php';
$client_url = dirname(dirname($_SERVER['PHP_SELF'])) . '/Hmac_Login.ADOdb.php';
if (!isset($_REQUEST['challenge'])) {
fbHTTP::redirect($client_url);
exit;
}
echo $html_header;
$hmac_login =& new fbHMAC_Login_ADOdb();
$hmac_login->setTimeout(10);
if (!$hmac_login->connect('localhost', 'root', '', 'hmac_login', 'mysql')) {
echo $hmac_login->getLastError();
exit;
}
// $hmac_login->_dbh->debug = true;
$hmac_login->validate(@$_REQUEST['challenge'], @$_REQUEST['response'], @$_REQUEST['login'], @$_REQUEST['password']);
echo $hmac_login->getLastError();
?>
<p>
<a href="<?php
echo $client_url;
?>
function html_header($hash, $included_files = null, $path = null, $no_cache = true)
{
$www_root = fbWeb::getWebRoot();
if (preg_match('/wget/i', $_SERVER['HTTP_USER_AGENT'])) {
@ini_set('html_errors', false);
}
@ini_set('html_errors', false);
include_once FREEBEER_BASE . '/lib/HTTP.php';
// required for Opera 7.x
fbHTTP::sendNoCacheHeaders();
@ini_set('implicit_flush', true);
@ini_set('max_execution_time', 60);
$path2 = '';
/*
if ($path == null) {
$path = '';
}
if (!strpos($path, '://')) {
$path2 = $path;
$home_url = $path . '..';
$demo_url = $path;
} else {
$path2 = '';
$home_url = $path;
$demo_url = $path;
}
*/
$page_title = '';
$header = '';
foreach ($hash as $label => $url) {
if ($page_title) {
$page_title .= ' > ';
$header .= ' > ';
}
$page_title .= $label;
$header .= $url ? sprintf("<a href='%s'>%s</a>", $url, $label) : $label;
}
$files = get_included_files();
# $files[] = $_SERVER['SCRIPT_NAME'];
if (!is_array($included_files)) {
$included_files = array($included_files);
}
static $skip_files = array('HTTP.php', 'System.php', 'fbWeb.php', '_demo.php', '_header.php');
$script_dir = dirname($_SERVER['SCRIPT_FILENAME']);
$hfiles = '';
foreach ($files as $file) {
$bfile = basename($file);
if (in_array($bfile, $skip_files)) {
continue;
}
if (substr($file, 0, 1) != '/') {
$file = $script_dir . '/' . $file;
}
$rfile = realpath($file);
if (!$rfile) {
$bfile = "<blink><i>{$bfile}</i></blink>";
}
$encfile = urlencode($rfile);
$hfiles .= sprintf("\n \n<a target='%s' href='%s/_source.php?file=%s'>%s</a>", $file, fbWeb::getWebRoot(), $encfile, $bfile);
}
foreach ($included_files as $file) {
$bfile = basename($file);
if (substr($file, 0, 1) != '/') {
$file = $script_dir . '/' . $file;
}
$rfile = realpath($file);
if (!$rfile) {
$bfile = "<blink><i>{$bfile}</i></blink>";
}
$encfile = urlencode($rfile);
$hfiles .= sprintf("\n \n<a target='%s' href='%s/%s_source.php?file=%s'>%s</a>", $file, fbWeb::getWebRoot(), $path2, $encfile, $bfile);
}
if (preg_match('/wget/i', $_SERVER['HTTP_USER_AGENT'])) {
$header = '';
$hfiles = '';
}
$html = <<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Copyright (c) 2001-2003, Ross Smith. All rights reserved.
Licensed under the BSD or LGPL License. See doc/license.txt for details.
-->
<html lang='en-US' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>{$page_title}</title>
<!-- meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1' / -->
<meta name="MSSmartTagsPreventParsing" content="TRUE" /><!-- ! -->
<!--
<meta name="robots" content="noindex, nofollow" />
<meta name="googlebot" content="noarchive" />
<link rel='stylesheet' href='example.css' type='text/css' />
<style type='text/css'>
@import 'example.css';
</style>
<link rel='icon' href='favicon.png' type='image/png' />
-->
<script language='JavaScript' type='text/javascript'>
<!-- // <![CDATA[
// JavaScript code goes here
// ]]> -->
</script>
<link rel='stylesheet' href='{$www_root}/main.css' type='text/css' />
</head>
<body>
<table width='100%' border='0'>
<tr>
<td align='left'>
\t{$header}
</td>
<td align='right'>
{$hfiles}
</td>
</tr>
</table>
<hr />
EOD;
return $html;
}
$driver = fbHTTP::getRequestVar('driver', $driver);
if (isset($defaults[$driver])) {
extract($defaults[$driver]);
}
$clob = fbHTTP::getRequestVar('clob', $clob);
$data_field_name = fbHTTP::getRequestVar('data_field_name', $data_field_name);
$database = fbHTTP::getRequestVar('database', $database);
$debug = (int) fbHTTP::getRequestVar('debug', $debug);
$expire_notify = (int) fbHTTP::getRequestVar('expire_notify', $expire_notify);
$host = fbHTTP::getRequestVar('host', $host);
$lifetime = (int) fbHTTP::getRequestVar('lifetime', $lifetime);
$optimize = (int) fbHTTP::getRequestVar('optimize', $optimize);
$password = fbHTTP::getRequestVar('password', $password);
$sync_seconds = (int) fbHTTP::getRequestVar('sync_seconds', $sync_seconds);
$table = fbHTTP::getRequestVar('table', $table);
$user = fbHTTP::getRequestVar('user', $user);
if (!empty($_REQUEST['submit'])) {
switch ($_REQUEST['submit']) {
case 'Change Driver':
if (isset($defaults[$driver])) {
extract($defaults[$driver]);
}
}
}
// to test the original code
$ADODB_SESSION_CONNECT = $host;
$ADODB_SESSION_DB = $database;
$ADODB_SESSION_DRIVER = $driver;
$ADODB_SESSION_PWD = $password;
$ADODB_SESSION_TBL = $table;
$ADODB_SESSION_USER = $user;
function httpMe($url = false)
{
if (!$this->_enabled) {
return true;
}
if ($this->isHttps()) {
fbHTTP::redirect($this->httpUrl($url));
exit;
}
return false;
}
function getChallenge()
{
global $_SERVER;
// < 4.1.0
$this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
$this->_last_error = '';
if (!$this->_dbh && !$this->connect()) {
$this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
return false;
}
$user_agent = mysql_escape_string(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
$remote_addr = mysql_escape_string(fbHTTP::getRemoteAddress());
$referer = mysql_escape_string(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
$attempts = $this->_max_attempts;
while ($attempts--) {
$sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
$rs = @mysql_query($sql, $this->_dbh);
if (!$rs) {
$this->_setDbError();
return false;
}
if (mysql_num_rows($rs)) {
$max_id = @mysql_result($rs, 0, 0);
} else {
$max_id = 1;
}
$challenge = $this->_getChallenge($max_id, $attempts);
$qchallenge = mysql_escape_string($challenge);
$sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tid,\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\tNULL,\n\t\t\t\t\t'{$qchallenge}',\n\t\t\t\t\t'N',\n\t\t\t\t\t'{$remote_addr}',\n\t\t\t\t\t'{$user_agent}',\n\t\t\t\t\t'{$referer}',\n\t\t\t\t\tNOW(),\n\t\t\t\t\tNOW()\n\t\t\t\t)\n\t\t\t";
$rs = @mysql_query($sql, $this->_dbh);
if (!$rs) {
if (@mysql_errno($this->_dbh) == 1062) {
// duplicate key
// \todo log this key violation,
// so admin can purge some records at some point
continue;
}
$this->_setDbError();
return false;
}
if (!mysql_affected_rows($this->_dbh)) {
continue;
}
return $challenge;
}
$this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
// No challenge
return $challenge;
}
function getRemoteAddress()
{
global $_SERVER;
// < 4.1.0
static $rv = null;
while (is_null($rv)) {
if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$ip = trim($_SERVER['HTTP_CLIENT_IP']);
if (strcasecmp($ip, 'unknown')) {
$ip2 = explode('.', $ip);
$rv = $ip2[3] . '.' . $ip2[2] . '.' . $ip2[1] . '.' . $ip2[0];
if (fbHTTP::getIPAddressType($rv) == 'external') {
break;
}
}
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
while (preg_match('/([^, ]+)[, ]+(.*)/', $ips, $matches)) {
$rv = trim($matches[1]);
if (strcasecmp($ip, 'unknown')) {
if (fbHTTP::getIPAddressType($rv) == 'external') {
break 2;
}
}
$ips = @$matches[2];
}
}
if (isset($_SERVER['HTTP_FORWARDED'])) {
$ips = trim($_SERVER['HTTP_FORWARDED']);
while (preg_match('/([^, ]+)[, ]+(.*)/', $ips, $matches)) {
$rv = trim($matches[1]);
if (strcasecmp($ip, 'unknown')) {
if (fbHTTP::getIPAddressType($rv) == 'external') {
break 2;
}
}
$ips = @$matches[2];
}
}
if (isset($_SERVER['REMOTE_ADDR'])) {
$rv = trim($_SERVER['REMOTE_ADDR']);
break;
}
$rv = false;
break;
}
return $rv;
}
function getChallenge()
{
global $_SERVER;
// < 4.1.0
$this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
$this->_last_error = '';
if (!$this->_dbh && !$this->connect()) {
$this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
return false;
}
$dbh = $this->_dbh;
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$remote_addr = fbHTTP::getRemoteAddress();
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$attempts = $this->_max_attempts;
while ($attempts--) {
$sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
$rs = $dbh->Execute($sql);
if (!$rs) {
$this->_setDbError();
return false;
}
if ($rs->RecordCount()) {
$row = $rs->FetchRow();
$max_id = $row[0];
} else {
$max_id = 1;
}
$challenge = $this->_getChallenge($max_id, $attempts);
$sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t{$dbh->sysTimeStamp},\n\t\t\t\t\t{$dbh->sysTimeStamp}\n\t\t\t\t)\n\t\t\t";
$values = array($challenge, 'N', $remote_addr, $user_agent, $referer);
$rs = $dbh->Execute($sql, $values);
if (!$rs) {
if ($dbh->ErrorNo() == DB_ERROR_ALREADY_EXISTS) {
// duplicate key
// \todo log this key violation,
// so admin can purge some records at some point
continue;
}
$this->_setDbError();
return false;
}
if (!$dbh->Affected_Rows()) {
continue;
}
return $challenge;
}
$this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
// No challenge
return $challenge;
}
