function getChallenge()
{
global $_SERVER;
// < 4.1.0
$this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
$this->_last_error = '';
if (!$this->_dbh && !$this->connect()) {
$this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
return false;
}
$user_agent = mysql_escape_string(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
$remote_addr = mysql_escape_string(fbHTTP::getRemoteAddress());
$referer = mysql_escape_string(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
$attempts = $this->_max_attempts;
while ($attempts--) {
$sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
$rs = @mysql_query($sql, $this->_dbh);
if (!$rs) {
$this->_setDbError();
return false;
}
if (mysql_num_rows($rs)) {
$max_id = @mysql_result($rs, 0, 0);
} else {
$max_id = 1;
}
$challenge = $this->_getChallenge($max_id, $attempts);
$qchallenge = mysql_escape_string($challenge);
$sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tid,\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\tNULL,\n\t\t\t\t\t'{$qchallenge}',\n\t\t\t\t\t'N',\n\t\t\t\t\t'{$remote_addr}',\n\t\t\t\t\t'{$user_agent}',\n\t\t\t\t\t'{$referer}',\n\t\t\t\t\tNOW(),\n\t\t\t\t\tNOW()\n\t\t\t\t)\n\t\t\t";
$rs = @mysql_query($sql, $this->_dbh);
if (!$rs) {
if (@mysql_errno($this->_dbh) == 1062) {
// duplicate key
// \todo log this key violation,
// so admin can purge some records at some point
continue;
}
$this->_setDbError();
return false;
}
if (!mysql_affected_rows($this->_dbh)) {
continue;
}
return $challenge;
}
$this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
// No challenge
return $challenge;
}
function getChallenge()
{
global $_SERVER;
// < 4.1.0
$this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
$this->_last_error = '';
if (!$this->_dbh && !$this->connect()) {
$this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
return false;
}
$dbh = $this->_dbh;
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$remote_addr = fbHTTP::getRemoteAddress();
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$attempts = $this->_max_attempts;
while ($attempts--) {
$sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
$rs = $dbh->Execute($sql);
if (!$rs) {
$this->_setDbError();
return false;
}
if ($rs->RecordCount()) {
$row = $rs->FetchRow();
$max_id = $row[0];
} else {
$max_id = 1;
}
$challenge = $this->_getChallenge($max_id, $attempts);
$sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t{$dbh->sysTimeStamp},\n\t\t\t\t\t{$dbh->sysTimeStamp}\n\t\t\t\t)\n\t\t\t";
$values = array($challenge, 'N', $remote_addr, $user_agent, $referer);
$rs = $dbh->Execute($sql, $values);
if (!$rs) {
if ($dbh->ErrorNo() == DB_ERROR_ALREADY_EXISTS) {
// duplicate key
// \todo log this key violation,
// so admin can purge some records at some point
continue;
}
$this->_setDbError();
return false;
}
if (!$dbh->Affected_Rows()) {
continue;
}
return $challenge;
}
$this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
// No challenge
return $challenge;
}