Ejemplo n.º 1
0
 function getChallenge()
 {
     global $_SERVER;
     // < 4.1.0
     $this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
     $this->_last_error = '';
     if (!$this->_dbh && !$this->connect()) {
         $this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
         return false;
     }
     $user_agent = mysql_escape_string(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
     $remote_addr = mysql_escape_string(fbHTTP::getRemoteAddress());
     $referer = mysql_escape_string(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
     $attempts = $this->_max_attempts;
     while ($attempts--) {
         $sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
         $rs = @mysql_query($sql, $this->_dbh);
         if (!$rs) {
             $this->_setDbError();
             return false;
         }
         if (mysql_num_rows($rs)) {
             $max_id = @mysql_result($rs, 0, 0);
         } else {
             $max_id = 1;
         }
         $challenge = $this->_getChallenge($max_id, $attempts);
         $qchallenge = mysql_escape_string($challenge);
         $sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tid,\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\tNULL,\n\t\t\t\t\t'{$qchallenge}',\n\t\t\t\t\t'N',\n\t\t\t\t\t'{$remote_addr}',\n\t\t\t\t\t'{$user_agent}',\n\t\t\t\t\t'{$referer}',\n\t\t\t\t\tNOW(),\n\t\t\t\t\tNOW()\n\t\t\t\t)\n\t\t\t";
         $rs = @mysql_query($sql, $this->_dbh);
         if (!$rs) {
             if (@mysql_errno($this->_dbh) == 1062) {
                 // duplicate key
                 // \todo log this key violation,
                 // so admin can purge some records at some point
                 continue;
             }
             $this->_setDbError();
             return false;
         }
         if (!mysql_affected_rows($this->_dbh)) {
             continue;
         }
         return $challenge;
     }
     $this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
     // No challenge
     return $challenge;
 }
Ejemplo n.º 2
0
 function getChallenge()
 {
     global $_SERVER;
     // < 4.1.0
     $this->_last_errno = FB_HMAC_LOGIN_ERROR_OK;
     $this->_last_error = '';
     if (!$this->_dbh && !$this->connect()) {
         $this->_setError(FB_HMAC_LOGIN_ERROR_NOT_CONNECTED);
         return false;
     }
     $dbh = $this->_dbh;
     $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
     $remote_addr = fbHTTP::getRemoteAddress();
     $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
     $attempts = $this->_max_attempts;
     while ($attempts--) {
         $sql = "\n\t\t\t\tSELECT\n\t\t\t\t\tMAX(id) AS id\n\t\t\t\tFROM\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t";
         $rs = $dbh->Execute($sql);
         if (!$rs) {
             $this->_setDbError();
             return false;
         }
         if ($rs->RecordCount()) {
             $row = $rs->FetchRow();
             $max_id = $row[0];
         } else {
             $max_id = 1;
         }
         $challenge = $this->_getChallenge($max_id, $attempts);
         $sql = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\t{$this->_challenge_table}\n\t\t\t\t(\n\t\t\t\t\tchallenge,\n\t\t\t\t\tused,\n\t\t\t\t\tip_address,\n\t\t\t\t\tuser_agent,\n\t\t\t\t\treferer,\n\t\t\t\t\tcreated,\n\t\t\t\t\tmodified\n\t\t\t\t) VALUES (\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t?,\n\t\t\t\t\t{$dbh->sysTimeStamp},\n\t\t\t\t\t{$dbh->sysTimeStamp}\n\t\t\t\t)\n\t\t\t";
         $values = array($challenge, 'N', $remote_addr, $user_agent, $referer);
         $rs = $dbh->Execute($sql, $values);
         if (!$rs) {
             if ($dbh->ErrorNo() == DB_ERROR_ALREADY_EXISTS) {
                 // duplicate key
                 // \todo log this key violation,
                 // so admin can purge some records at some point
                 continue;
             }
             $this->_setDbError();
             return false;
         }
         if (!$dbh->Affected_Rows()) {
             continue;
         }
         return $challenge;
     }
     $this->_setError(FB_HMAC_LOGIN_ERROR_NO_CHALLENGE);
     // No challenge
     return $challenge;
 }