/** * Contructor * * * @param $dir The directory containing the plugins to load. * @returns Nothing, but it should !!! * * @todo Add return values ! */ function __construct($dir) { // Setup the error handler $this->eh = ER_Handler::getInstance(); // Load the plugins if (!isset($dir)) { $this->eh->logCrit("PG_object constructor", "Missing plugins directory name", "Instanciate this object with the good parameters !"); return false; } if (!is_dir($dir)) { $this->eh->logCrit("PG_object constructor", "Wrong plugins directory name", "Instanciate this object with the name of a directory that exists !"); return false; } $this->dir = $dir; $handle = opendir($this->dir); if ($handle == false) { $this->eh->logCrit("PG_object constructor", "Unable to open the plugins directory", "Check that you have the read permissions on '{$this->dir}'"); return false; } while (($candidate = readdir($handle)) != false) { $candidate_dir = $dir . "/" . $candidate; if (!ereg('^\\.', $candidate) && is_dir($candidate_dir)) { $init_file = $candidate_dir . "/init.php"; if (file_exists($init_file)) { // Include the plugin file. This one sets the '$PG_current_class' // to the name of the class to use to instanciate the plugin // object. include $init_file; // Get the class name from '$PG_current_class', then // instanciate it. Store the object in the right namespace of // the '$object_list' array. // If the '$PG_current_class' variable is empty or unset, // display an error, ignore the current plugin and jump to // the next. $plugin_name = $candidate; if (empty($PG_current_class)) { $this->eh->logCrit("PG_object constructor", "\$PG_current_class not set in the '{$candidate}' plugin, it will be ignored.", "Blame this plugin's author !"); break; } // If the requested class does not exists, ignore the current // plugin, display an error and jump to the next if (!class_exists($PG_current_class)) { $this->eh->logCrit("PG_object constructor", "The '{$PG_current_class}' class does not exists in the '{$candidate}' plugin, it will be ignored.", "Blame this plugin's author !"); break; } $this->objects_list[$plugin_name] = new $PG_current_class($plugin_name); /* Never too cautious : */ unset($PG_current_class); } else { $this->eh->logCrit("PG_object constructor", "'{$init_file}' not found, '{$candidate}' plugin ignored.", "Blame this plugin's author !"); } } else { $this->eh->logDebug("PG_object constructor", "Ignore '{$candidate_dir}'.", "This is not a plugin directory, no error here."); } } }
<?php include_once "../../libAuth.php"; include_once "../../libError.php"; $auth = new AU_auth("plugins/Auth/Enabled"); ?> <html> <head> <title>Test de libAuth.php</title> <style> @import "../../style.css" screen; </style> </head> <body> <h1>Test de libAuth.php</h1> <?php echo $auth->showBox(); $eh = ER_Handler::getInstance(); $eh->displayEvents(); ?> </body> </html>
function jas_searchObject($string, $objectType) { // Check presence of arguments if (empty($string) || empty($objectType)) { $source = "jas_searchObject"; $message = "Missing search string and/or object type !"; $hint = "Please specify \$string and \$objectType for this function."; ER_Handler::getInstance()->logCrit($source, $message, $hint); return false; } // Clean arguments $string = DB_escape_string($string, 0); $objectType = DB_escape_string($objectType, 0); // Check object type value - This code is crappy, I need a way // not to hard code "user", server and "printer". See below. if (!strcmp($objectType, "'user'") || !strcmp($objectType, "'printer'") || !strcmp($objectType, "'server'")) { $source = "jas_searchObject"; $message = "Wrong object type !"; $hint = "Please choose either 'printer', 'server' or 'user' for \$objectType."; ER_Handler::getInstance()->logCrit($source, $message, $hint); return false; } // Choose the MySQL field to query depending on // $objectType. This code is not very extensible and // thus is bound to change ;-) // In fact, I don't even know why I coded it like this, but // at least it must prevent from SQL injetions... $queryField = !strcmp($objectType, "user") ? "user" : !strcmp($objectType, "printer") ? "printer" : "server"; switch ($objectType) { case "user": $queryField = "user"; break; case "printer": $queryField = "printer"; break; case "server": $queryField = "server"; break; default: $queryField = "user"; } // build the query $query = "SELECT {$queryField} FROM jobs_log WHERE {$queryField} LIKE"; $query .= " '%{$string}%' GROUP BY {$queryField} ORDER BY {$queryField} ASC"; // Run the query and return the result or log an error. if ($result = DB_query($query)) { //Assignment ! if (mysql_num_rows($result)) { while ($line = mysql_fetch_array($result)) { $return_array[] = $line[0]; } return $return_array; } else { return -1; } // TO BE CONTINUED.... } else { $source = "jas_searchObject"; $message = "Query failed !"; $hint = "Check for the query syntax, and that the MySQL host is up."; ER_Handler::getInstance()->logCrit($source, $message, $hint); return false; } }
/** * Function to clean inputs before querying a database, mandatory to protect the * project from "SQL injections". * * To unescape the string, "stripslashes()" is enough. Optionnally, one can request * this function not to single-quote the result, by setting $quote to 'false'. This * function was stolen from http://php.net examples ;-) * * @param $string The string to escape before using in a MySQL query. * @param $quote Set to 'true' to force enclosure of the output with single-quotes, * false otherwise. * @returns The escaped string, ready for a MySQL query. * * @todo Rewrite the error handling, and use another criticity. */ function DB_escape_string($string, $quote = false) { // Stripslashes if slashes already present. if (get_magic_quotes_gpc()) { $string = stripslashes($string); } // Escape if not integer value. if (!is_numeric($string)) { // This one will fail if no connection to the SQL server, so: if ($string = @mysql_real_escape_string($string)) { // Assignment !!! $string = $quote == true ? "'{$string}'" : $string; } else { $string = "'" . mysql_escape_string($string) . "'"; $message = "Unable to real_escape string: " . mysql_error(); $hint = "This happens when the MySQL server cannot be reached: Check that it is up !"; ER_Handler::getInstance()->logCrit("DB_escape_string", $message, $hint); } } return $string; }
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* Index.php: Main file */ // Do some includes. include_once "jasConfig.php"; include_once "config.php"; include_once "libError.php"; include_once "header.php"; include_once "menu.php"; if (!file_exists("config.php")) { $message = "Config file not found !"; $hint = "Don't forget to copy \"config.php.dist\" to \"config.php\", then edit "; $hint .= "it to suit your needs."; ER_Handler::getInstance()->logCrit("No Config file", $message, $hint); } ?> <div class="report_page"> <?php // Include a file to fill the main body of the page, based on the $_GET[section] variable. // If the requested file is not found, fallback to $DEFAULT_STARTPAGE (Defined in config.php) if (isset($_GET['section']) && file_exists($_GET['section'] . ".php")) { include_once $_GET['section'] . ".php"; } else { include_once $DEFAULT_STARTPAGE . ".php"; } ?> </div> <?php // Display errors here ER_Handler::getInstance()->displayEvents(); // Ending includes... @(include_once "footer.php");
function testGetInstance() { $this->assertIdentical($this->eh, ER_Handler::getInstance()); $this->assertIsA(ER_Handler::getInstance(), "ER_Handler"); }
/** * The constructor handles automatically all the autentification and * session stuff so there is no need to call anything else than * AU_Auth::showBox(). * * @param $pluginPath Path to the auth plugins directory. Each * plugin must have a subdirectory of its own. * * @todo Modify this class to force the auth plugins to implement a plugin template. * @todo Work on the return values ! */ function __construct($pluginPath) { // Setup the error handler $this->eh = ER_Handler::getInstance(); // Load the auth plugins if (empty($pluginPath)) { $this->eh->logCrit("AU_Auth constructor", "Missing plugins path", "Instanciate this object with the good parameters !"); return false; } $this->loadPlugins($pluginPath); // Nasty debugging // print_r($this->pluginsObject); // echo "<br />\n"; // Set the auth variables from session if (empty($_SESSION["AU_auth"])) { // If not connected, set default values $this->connected = false; $this->userName = "******"; $this->authMethod = "Unknown auth method"; } else { // Else, we are connected and retrieve values from session $this->connected = true; $this->userName = $_SESSION["AU_auth"]["userName"]; $this->authMethod = $_SESSION["AU_auth"]["authMethod"]; } // Now, process actions if (!empty($_GET["AU_action"])) { switch ($_GET["AU_action"]) { case "close": $this->disconnect(); break; case "connect": // If we are already connected, forget it if ($this->isConnected()) { break; } // Else try to authenticate ! if ($_POST["AU_login"] && $_POST["AU_password"]) { // Verify password if ($this->validate($_POST["AU_login"], $_POST["AU_password"])) { $this->eh->logInfo("Authentification", "You are now connected !", "Click on the 'Close this session' link to disconnect."); } else { // Wrong password $this->eh->logError("Authentification", "Wrong login and/or password !", "Check your login parameters and try again."); } } else { // Missing password and/or login (Form hacking ?) $this->eh->logError("Authentification", "Wrong login and/or password !", "Check your login parameters and try again."); } break; case "autoConnect": // If some plugins provide automatic authentification (Cas, Ssl,...), // poll them now to try to get authenticated automagically if (!$this->isConnected() && $this->autoAuth()) { $this->eh->logInfo("Authentification", "You are now connected !", "Click on the 'Close this session' link to disconnect."); } break; } // End of switch() } // End of actions }
/** * Constructor * * The constructor only sets the error handler. */ function __construct() { $this->eh = ER_Handler::getInstance(); }