function pdo_all_rows_query($qry) { $result = pdo_query($qry); if (FALSE === $result) { add_log('error: pdo_query failed: ' . pdo_error(), 'pdo_all_rows_query', LOG_ERR); return array(); } $all_rows = array(); while ($row = pdo_fetch_array($result)) { $all_rows[] = $row; } pdo_free_result($result); return $all_rows; }
/** * Authentication function * This is called on every page load where common.php is selected, as well as when * submitting the login form. **/ function auth($SessionCachePolicy = 'private_no_expire') { include dirname(__DIR__) . '/config/config.php'; $loginid = 1231564132; if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) { $login = $_SERVER['REMOTE_USER']; return authenticate($login, null, $SessionCachePolicy, 0); // we don't remember } if (@$_GET['logout']) { // user requested logout session_name('CDash'); session_cache_limiter('nocache'); @session_start(); unset($_SESSION['cdash']); session_destroy(); // Remove the cookie if we have one $cookienames = array('CDash', str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME'])); // php doesn't like dot in cookie names foreach ($cookienames as $cookiename) { if (isset($_COOKIE[$cookiename])) { $cookievalue = $_COOKIE[$cookiename]; $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); pdo_query('UPDATE ' . qid('user') . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey)); setcookie('CDash-' . $_SERVER['SERVER_NAME'], '', time() - 3600); } } echo "<script language=\"javascript\">window.location='index.php'</script>"; return 0; } if (isset($_POST['sent'])) { // arrive from login form @($login = $_POST['login']); if ($login != null) { $login = htmlspecialchars(pdo_real_escape_string($login)); } @($passwd = $_POST['passwd']); if ($passwd != null) { $passwd = htmlspecialchars(pdo_real_escape_string($passwd)); } return authenticate($login, $passwd, $SessionCachePolicy, isset($_POST['rememberme'])); } else { // arrive from session var $cookiename = str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME']); // php doesn't like dot in cookie names if (isset($_COOKIE[$cookiename])) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $cookievalue = $_COOKIE[$cookiename]; $cookiekey = substr($cookievalue, strlen($cookievalue) - 33); if (strlen($cookiekey) < 1) { return false; } $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $sql = 'SELECT email,password,id FROM ' . qid('user') . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'"; if (!empty($cookieuseridkey)) { $sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'"; } $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 1) { $user_array = pdo_fetch_array($result); session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $sessionArray = array('login' => $user_array['email'], 'passwd' => $user_array['password'], 'ID' => session_id(), 'valid' => 1, 'loginid' => $user_array['id']); $_SESSION['cdash'] = $sessionArray; return true; } } // Return early if a session has already been started. if (session_status() != PHP_SESSION_NONE) { return; } session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $email = @$_SESSION['cdash']['login']; if (!empty($email)) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 0) { pdo_free_result($result); $loginerror = 'Wrong email or password.'; return false; } $user_array = pdo_fetch_array($result); if ($user_array['password'] == $_SESSION['cdash']['passwd']) { return true; } $loginerror = 'Wrong email or password.'; return false; } } }
function mysql_free_result($result = NULL) { return pdo_free_result(func_get_args()); }
/** Get the number of tests given a date range */ public function GetNumberOfNotRunTests($startUTCdate, $endUTCdate, $allSubProjects = false) { if (!$allSubProjects && $this->Id < 1) { echo 'SubProject GetNumberOfNotRunTests(): Id not set'; return false; } $queryStr = 'SELECT '; if ($allSubProjects) { $queryStr .= 'subprojectid, '; } $queryStr .= 'SUM(build.testnotrun) FROM build,subproject2build,build2group,buildgroup WHERE '; if (!$allSubProjects) { $queryStr .= 'subprojectid=' . qnum($this->Id) . 'AND '; } $queryStr .= "build2group.buildid=build.id AND build2group.groupid=buildgroup.id\n AND buildgroup.includesubprojectotal=1\n AND subproject2build.buildid=build.id AND build.starttime>'{$startUTCdate}'\n AND build.starttime<='{$endUTCdate}' AND build.testnotrun>=0 "; if ($allSubProjects) { $queryStr .= 'GROUP BY subprojectid'; } $project = pdo_query($queryStr); if (!$project) { add_last_sql_error('SubProject GetNumberOfNotRunTests'); return false; } if ($allSubProjects) { $project_array = array(); while ($row = pdo_fetch_array($project)) { $project_array[$row['subprojectid']] = $row; } pdo_free_result($project); return $project_array; } else { $project_array = pdo_fetch_array($project); return intval($project_array[0]); } }
function ProcessSubmissions($projectid) { $qs = "SELECT id, filename, filesize, filemd5sum, attempts FROM submission " . "WHERE projectid='" . $projectid . "' AND status=0 ORDER BY id LIMIT 1"; $query = pdo_query($qs); add_last_sql_error("ProcessSubmissions-1"); $iterations = 0; $mypid = getmypid(); @($sleep_in_loop = $_GET['sleep_in_loop']); @($intentional_nonreturning_submit = $_GET['intentional_nonreturning_submit']); $n = pdo_num_rows($query); while ($n > 0) { if ($sleep_in_loop) { sleep($sleep_in_loop); } $query_array = pdo_fetch_array($query); add_last_sql_error("ProcessSubmissions-1.5"); pdo_free_result($query); // Verify that *this* process still owns the lock. // // If not, log a message and return, presuming that the process that took // the lock is now looping over pending submissions. // if (!ProcessOwnsLock($projectid, $mypid)) { add_log("pid '{$mypid}' does not own lock anymore: abandoning loop...", "ProcessSubmissions", LOG_INFO, $projectid); return false; } $submission_id = $query_array['id']; $filename = $query_array['filename']; $new_attempts = $query_array['attempts'] + 1; $md5 = $query_array['filemd5sum']; // Mark the submissionprocessing table each time through the loop so that // we do not become known as an "apparently stalled" processor... // SetLockLastUpdatedTime($projectid); global $CDASH_SUBMISSION_PROCESSING_MAX_ATTEMPTS; if ($new_attempts > $CDASH_SUBMISSION_PROCESSING_MAX_ATTEMPTS) { add_log("Too many attempts to process '" . $filename . "'", "ProcessSubmissions", LOG_ERR, $projectid); $new_status = 5; // done, called do_submit too many times already } else { // Mark it as status=1 (processing) and record started time: // $now_utc = gmdate(FMT_DATETIMESTD); pdo_query("UPDATE submission SET status=1, started='{$now_utc}', " . "lastupdated='{$now_utc}', attempts={$new_attempts} " . "WHERE id='" . $submission_id . "'"); add_last_sql_error("ProcessSubmissions-2"); // Record id in global so that we can mark it as "error status" if we // get thrown to the error handler... // global $PHP_ERROR_SUBMISSION_ID; $PHP_ERROR_SUBMISSION_ID = $submission_id; if ($intentional_nonreturning_submit) { // simulate "error occurred" during do_submit: status will be set // to 4 in error handler... trigger_error('ProcessFile: intentional_nonreturning_submit is on', E_USER_ERROR); } $new_status = ProcessFile($projectid, $filename, $md5); } $PHP_ERROR_SUBMISSION_ID = 0; // Mark it as done with $new_status and record finished time: // $now_utc = gmdate(FMT_DATETIMESTD); pdo_query("UPDATE submission SET status={$new_status}, finished='{$now_utc}', " . "lastupdated='{$now_utc}' WHERE id='" . $submission_id . "'"); add_last_sql_error("ProcessSubmissions-3"); // Query for more... Continue processing while there are records to // process: // $query = pdo_query($qs); add_last_sql_error("ProcessSubmissions-4"); $n = pdo_num_rows($query); $iterations = $iterations + 1; } return true; }
function orsee_query($query, $pars = array()) { $result = or_query($query, $pars); $line = pdo_fetch_assoc($result); pdo_free_result($result); return $line; }
/** Authentication function */ function auth($SessionCachePolicy = 'private_no_expire') { include "cdash/config.php"; $loginid = 1231564132; if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) { $login = $_SERVER['REMOTE_USER']; return authenticate($login, NULL, $SessionCachePolicy, 0); // we don't remember } if (@$_GET["logout"]) { // user requested logout session_name("CDash"); session_cache_limiter('nocache'); @session_start(); unset($_SESSION['cdash']); session_destroy(); // Remove the cookie if we have one $cookienames = array("CDash", str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME'])); // php doesn't like dot in cookie names foreach ($cookienames as $cookiename) { if (isset($_COOKIE[$cookiename])) { $cookievalue = $_COOKIE[$cookiename]; $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); pdo_query("UPDATE " . qid("user") . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey)); setcookie("CDash-" . $_SERVER['SERVER_NAME'], "", time() - 3600); } } echo "<script language=\"javascript\">window.location='index.php'</script>"; return 0; } if (isset($_POST["sent"])) { @($login = $_POST["login"]); if ($login != NULL) { $login = htmlspecialchars(pdo_real_escape_string($login)); } @($passwd = $_POST["passwd"]); if ($passwd != NULL) { $passwd = htmlspecialchars(pdo_real_escape_string($passwd)); } @($rememberme = $_POST["rememberme"]); if ($rememberme != NULL) { $rememberme = pdo_real_escape_numeric($rememberme); } return authenticate($login, $passwd, $SessionCachePolicy, $rememberme); } else { // arrive from session var $cookiename = str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME']); // php doesn't like dot in cookie names if (isset($_COOKIE[$cookiename])) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $cookievalue = $_COOKIE[$cookiename]; $cookiekey = substr($cookievalue, strlen($cookievalue) - 33); $cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33); $sql = "SELECT email,password,id FROM " . qid("user") . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'"; if (!empty($cookieuseridkey)) { $sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'"; } $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 1) { $user_array = pdo_fetch_array($result); session_name("CDash"); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $sessionArray = array("login" => $user_array['email'], "passwd" => $user_array['password'], "ID" => session_id(), "valid" => 1, "loginid" => $user_array['id']); $_SESSION['cdash'] = $sessionArray; return true; } } session_name("CDash"); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $email = @$_SESSION['cdash']["login"]; if (!empty($email)) { $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $sql = "SELECT id,password FROM " . qid("user") . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 0) { pdo_free_result($result); $loginerror = "Wrong email or password."; return false; } $user_array = pdo_fetch_array($result); if ($user_array["password"] == $_SESSION['cdash']["passwd"]) { return true; } $loginerror = "Wrong email or password."; return false; } } }
/** Google authentication */ function googleAuthenticate($code) { include("cdash/config.php"); global $CDASH_DB_HOST, $CDASH_DB_LOGIN, $CDASH_DB_PASS, $CDASH_DB_NAME; $SessionCachePolicy = 'private_no_expire'; // initialize the session session_name("CDash"); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME+600); session_start(); if (!isset($_GET["state"])) { add_log("no state value passed via GET", LOG_ERR); return; } // Both the anti-forgery token and the user's requested URL are specified // in the same "state" GET parameter. Split them out here. $splitState = explode("_AND_STATE_IS_", $_GET["state"]); if (sizeof($splitState) != 2) { add_log("Expected two values after splitting state parameter, found " . sizeof($splitState), LOG_ERR); return; } $requestedURI = $splitState[0]; @$state = $splitState[1]; // don't send the user back to login.php if that's where they came from if (strpos($requestedURI, "login.php") !== false) { $requestedURI = "user.php"; } // check that the anti-forgery token is valid if ($state != $_SESSION['cdash']['state']) { add_log("state anti-forgery token mismatch: " . $state . " vs " . $_SESSION['cdash']['state'], LOG_ERR); return; } // Request the access token $headers = array( 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8', 'Connection: Keep-Alive' ); $redirectURI = strtok(get_server_URI(false), '?'); $postData = join('&', array( 'grant_type=authorization_code', 'code='.$_GET["code"], 'client_id='.$GOOGLE_CLIENT_ID, 'client_secret='.$GOOGLE_CLIENT_SECRET, 'redirect_uri='.$redirectURI )); $url = 'https://accounts.google.com/o/oauth2/token'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $postData); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_PORT, 443); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $resp = curl_exec($curl); $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE); if ($httpStatus != 200) { add_log("Google access token request failed: $resp", LOG_ERR); return; } $resp = json_decode($resp); $accessToken = $resp->access_token; $tokenType = $resp->token_type; // Use the access token to get the user's email address $headers = array( 'Authorization: '.$tokenType.' '.$accessToken ); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, 'https://www.googleapis.com/plus/v1/people/me'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_PORT, 443); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); $resp = curl_exec($curl); $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE); if ($httpStatus != 200) { add_log("Get Google user email address request failed: $resp", LOG_ERR); return; } // Extract the user's email address from the response. $resp = json_decode($resp); $email = strtolower($resp->emails[0]->value); // Check if this email address appears in our user database $db = pdo_connect("$CDASH_DB_HOST", "$CDASH_DB_LOGIN","$CDASH_DB_PASS"); pdo_select_db("$CDASH_DB_NAME",$db); $sql="SELECT id,password FROM ".qid("user")." WHERE email='".pdo_real_escape_string($email)."'"; $result = pdo_query("$sql"); if(pdo_num_rows($result)==0) { // if no match is found, redirect to pre-filled out registration page pdo_free_result($result); $firstname = $resp->name->givenName; $lastname = $resp->name->familyName; header("Location: register.php?firstname=$firstname&lastname=$lastname&email=$email"); return false; } $user_array = pdo_fetch_array($result); $pass = $user_array["password"]; $sessionArray = array( "login" => $email, "passwd" => $user_array['password'], "ID" => session_id(), "valid" => 1, "loginid" => $user_array["id"]); $_SESSION['cdash'] = $sessionArray; session_write_close(); pdo_free_result($result); header("Location: $requestedURI"); return true; // authentication succeeded }
/** Google authentication */ function googleAuthenticate($code) { $state = getGoogleAuthenticateState(); if ($state === false) { return; } include dirname(__DIR__) . '/config/config.php'; global $CDASH_DB_HOST, $CDASH_DB_LOGIN, $CDASH_DB_PASS, $CDASH_DB_NAME; $SessionCachePolicy = 'private_no_expire'; // initialize the session session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); // check that the anti-forgery token is valid if ($state->csrfToken != $_SESSION['cdash']['csrfToken']) { add_log('state anti-forgery token mismatch: ' . $state->csrfToken . ' vs ' . $_SESSION['cdash']['csrfToken'], 'googleAuthenticate', LOG_ERR); return; } $redirectURI = strtok(get_server_URI(false), '?'); // The return value of get_server_URI can be inconsistent. // It simply returns $CDASH_BASE_URL if that variable is set, yielding a // return value like http://mydomain.com/CDash. // If this variable is not set, then it will return the full URI including // the current script, ie // http://mydomain.com/CDash/googleauth_callback.php. // // Make sure that redirectURI contains the path to our callback script. if (strpos($redirectURI, 'googleauth_callback.php') === false) { $redirectURI .= '/googleauth_callback.php'; } try { $config = new Google_Config(); if ($CDASH_MEMCACHE_ENABLED) { $config->setCacheClass('Google_Cache_Memcache'); list($server, $port) = $CDASH_MEMCACHE_SERVER; $config->setClassConfig('Google_Cache_Memcache', 'host', $server); $config->setClassConfig('Google_Cache_Memcache', 'port', $port); } $client = new Google_Client($config); $client->setClientId($GOOGLE_CLIENT_ID); $client->setClientSecret($GOOGLE_CLIENT_SECRET); $client->setRedirectUri($redirectURI); $client->authenticate($_GET['code']); $oauth = new Google_Service_Oauth2($client); $me = $oauth->userinfo->get(); $tokenResponse = json_decode($client->getAccessToken()); } catch (Google_Auth_Exception $e) { add_log('Google access token request failed: ' . $e->getMessage(), 'googleAuthenticate', LOG_ERR); return; } // Check if this email address appears in our user database $email = strtolower($me->getEmail()); $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}"); pdo_select_db("{$CDASH_DB_NAME}", $db); $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); if (pdo_num_rows($result) == 0) { // if no match is found, redirect to pre-filled out registration page pdo_free_result($result); $firstname = $me->getGivenName(); $lastname = $me->getFamilyName(); header("Location: register.php?firstname={$firstname}&lastname={$lastname}&email={$email}"); return false; } $user_array = pdo_fetch_array($result); $pass = $user_array['password']; if ($state->rememberMe) { require_once 'include/login_functions.php'; setRememberMeCookie($user_array['id']); } $sessionArray = array('login' => $email, 'passwd' => $user_array['password'], 'ID' => session_id(), 'valid' => 1, 'loginid' => $user_array['id']); $_SESSION['cdash'] = $sessionArray; session_write_close(); pdo_free_result($result); header("Location: {$state->requestedURI}"); return true; // authentication succeeded }
function __destruct() { foreach ($this->results as $result) { @pdo_free_result($result); } }