function pdo_all_rows_query($qry)
{
$result = pdo_query($qry);
if (FALSE === $result) {
add_log('error: pdo_query failed: ' . pdo_error(), 'pdo_all_rows_query', LOG_ERR);
return array();
}
$all_rows = array();
while ($row = pdo_fetch_array($result)) {
$all_rows[] = $row;
}
pdo_free_result($result);
return $all_rows;
}
/**
* Authentication function
* This is called on every page load where common.php is selected, as well as when
* submitting the login form.
**/
function auth($SessionCachePolicy = 'private_no_expire')
{
include dirname(__DIR__) . '/config/config.php';
$loginid = 1231564132;
if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) {
$login = $_SERVER['REMOTE_USER'];
return authenticate($login, null, $SessionCachePolicy, 0);
// we don't remember
}
if (@$_GET['logout']) {
// user requested logout
session_name('CDash');
session_cache_limiter('nocache');
@session_start();
unset($_SESSION['cdash']);
session_destroy();
// Remove the cookie if we have one
$cookienames = array('CDash', str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME']));
// php doesn't like dot in cookie names
foreach ($cookienames as $cookiename) {
if (isset($_COOKIE[$cookiename])) {
$cookievalue = $_COOKIE[$cookiename];
$cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33);
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
pdo_query('UPDATE ' . qid('user') . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey));
setcookie('CDash-' . $_SERVER['SERVER_NAME'], '', time() - 3600);
}
}
echo "<script language=\"javascript\">window.location='index.php'</script>";
return 0;
}
if (isset($_POST['sent'])) {
// arrive from login form
@($login = $_POST['login']);
if ($login != null) {
$login = htmlspecialchars(pdo_real_escape_string($login));
}
@($passwd = $_POST['passwd']);
if ($passwd != null) {
$passwd = htmlspecialchars(pdo_real_escape_string($passwd));
}
return authenticate($login, $passwd, $SessionCachePolicy, isset($_POST['rememberme']));
} else {
// arrive from session var
$cookiename = str_replace('.', '_', 'CDash-' . $_SERVER['SERVER_NAME']);
// php doesn't like dot in cookie names
if (isset($_COOKIE[$cookiename])) {
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
$cookievalue = $_COOKIE[$cookiename];
$cookiekey = substr($cookievalue, strlen($cookievalue) - 33);
if (strlen($cookiekey) < 1) {
return false;
}
$cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33);
$sql = 'SELECT email,password,id FROM ' . qid('user') . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'";
if (!empty($cookieuseridkey)) {
$sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'";
}
$result = pdo_query("{$sql}");
if (pdo_num_rows($result) == 1) {
$user_array = pdo_fetch_array($result);
session_name('CDash');
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
$sessionArray = array('login' => $user_array['email'], 'passwd' => $user_array['password'], 'ID' => session_id(), 'valid' => 1, 'loginid' => $user_array['id']);
$_SESSION['cdash'] = $sessionArray;
return true;
}
}
// Return early if a session has already been started.
if (session_status() != PHP_SESSION_NONE) {
return;
}
session_name('CDash');
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
$email = @$_SESSION['cdash']['login'];
if (!empty($email)) {
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
$sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'";
$result = pdo_query("{$sql}");
if (pdo_num_rows($result) == 0) {
pdo_free_result($result);
$loginerror = 'Wrong email or password.';
return false;
}
$user_array = pdo_fetch_array($result);
if ($user_array['password'] == $_SESSION['cdash']['passwd']) {
return true;
}
$loginerror = 'Wrong email or password.';
return false;
}
}
}
function mysql_free_result($result = NULL)
{
return pdo_free_result(func_get_args());
}
/** Get the number of tests given a date range */
public function GetNumberOfNotRunTests($startUTCdate, $endUTCdate, $allSubProjects = false)
{
if (!$allSubProjects && $this->Id < 1) {
echo 'SubProject GetNumberOfNotRunTests(): Id not set';
return false;
}
$queryStr = 'SELECT ';
if ($allSubProjects) {
$queryStr .= 'subprojectid, ';
}
$queryStr .= 'SUM(build.testnotrun) FROM build,subproject2build,build2group,buildgroup WHERE ';
if (!$allSubProjects) {
$queryStr .= 'subprojectid=' . qnum($this->Id) . 'AND ';
}
$queryStr .= "build2group.buildid=build.id AND build2group.groupid=buildgroup.id\n AND buildgroup.includesubprojectotal=1\n AND subproject2build.buildid=build.id AND build.starttime>'{$startUTCdate}'\n AND build.starttime<='{$endUTCdate}' AND build.testnotrun>=0 ";
if ($allSubProjects) {
$queryStr .= 'GROUP BY subprojectid';
}
$project = pdo_query($queryStr);
if (!$project) {
add_last_sql_error('SubProject GetNumberOfNotRunTests');
return false;
}
if ($allSubProjects) {
$project_array = array();
while ($row = pdo_fetch_array($project)) {
$project_array[$row['subprojectid']] = $row;
}
pdo_free_result($project);
return $project_array;
} else {
$project_array = pdo_fetch_array($project);
return intval($project_array[0]);
}
}
function ProcessSubmissions($projectid)
{
$qs = "SELECT id, filename, filesize, filemd5sum, attempts FROM submission " . "WHERE projectid='" . $projectid . "' AND status=0 ORDER BY id LIMIT 1";
$query = pdo_query($qs);
add_last_sql_error("ProcessSubmissions-1");
$iterations = 0;
$mypid = getmypid();
@($sleep_in_loop = $_GET['sleep_in_loop']);
@($intentional_nonreturning_submit = $_GET['intentional_nonreturning_submit']);
$n = pdo_num_rows($query);
while ($n > 0) {
if ($sleep_in_loop) {
sleep($sleep_in_loop);
}
$query_array = pdo_fetch_array($query);
add_last_sql_error("ProcessSubmissions-1.5");
pdo_free_result($query);
// Verify that *this* process still owns the lock.
//
// If not, log a message and return, presuming that the process that took
// the lock is now looping over pending submissions.
//
if (!ProcessOwnsLock($projectid, $mypid)) {
add_log("pid '{$mypid}' does not own lock anymore: abandoning loop...", "ProcessSubmissions", LOG_INFO, $projectid);
return false;
}
$submission_id = $query_array['id'];
$filename = $query_array['filename'];
$new_attempts = $query_array['attempts'] + 1;
$md5 = $query_array['filemd5sum'];
// Mark the submissionprocessing table each time through the loop so that
// we do not become known as an "apparently stalled" processor...
//
SetLockLastUpdatedTime($projectid);
global $CDASH_SUBMISSION_PROCESSING_MAX_ATTEMPTS;
if ($new_attempts > $CDASH_SUBMISSION_PROCESSING_MAX_ATTEMPTS) {
add_log("Too many attempts to process '" . $filename . "'", "ProcessSubmissions", LOG_ERR, $projectid);
$new_status = 5;
// done, called do_submit too many times already
} else {
// Mark it as status=1 (processing) and record started time:
//
$now_utc = gmdate(FMT_DATETIMESTD);
pdo_query("UPDATE submission SET status=1, started='{$now_utc}', " . "lastupdated='{$now_utc}', attempts={$new_attempts} " . "WHERE id='" . $submission_id . "'");
add_last_sql_error("ProcessSubmissions-2");
// Record id in global so that we can mark it as "error status" if we
// get thrown to the error handler...
//
global $PHP_ERROR_SUBMISSION_ID;
$PHP_ERROR_SUBMISSION_ID = $submission_id;
if ($intentional_nonreturning_submit) {
// simulate "error occurred" during do_submit: status will be set
// to 4 in error handler...
trigger_error('ProcessFile: intentional_nonreturning_submit is on', E_USER_ERROR);
}
$new_status = ProcessFile($projectid, $filename, $md5);
}
$PHP_ERROR_SUBMISSION_ID = 0;
// Mark it as done with $new_status and record finished time:
//
$now_utc = gmdate(FMT_DATETIMESTD);
pdo_query("UPDATE submission SET status={$new_status}, finished='{$now_utc}', " . "lastupdated='{$now_utc}' WHERE id='" . $submission_id . "'");
add_last_sql_error("ProcessSubmissions-3");
// Query for more... Continue processing while there are records to
// process:
//
$query = pdo_query($qs);
add_last_sql_error("ProcessSubmissions-4");
$n = pdo_num_rows($query);
$iterations = $iterations + 1;
}
return true;
}
function orsee_query($query, $pars = array())
{
$result = or_query($query, $pars);
$line = pdo_fetch_assoc($result);
pdo_free_result($result);
return $line;
}
/** Authentication function */
function auth($SessionCachePolicy = 'private_no_expire')
{
include "cdash/config.php";
$loginid = 1231564132;
if (isset($CDASH_EXTERNAL_AUTH) && $CDASH_EXTERNAL_AUTH && isset($_SERVER['REMOTE_USER'])) {
$login = $_SERVER['REMOTE_USER'];
return authenticate($login, NULL, $SessionCachePolicy, 0);
// we don't remember
}
if (@$_GET["logout"]) {
// user requested logout
session_name("CDash");
session_cache_limiter('nocache');
@session_start();
unset($_SESSION['cdash']);
session_destroy();
// Remove the cookie if we have one
$cookienames = array("CDash", str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME']));
// php doesn't like dot in cookie names
foreach ($cookienames as $cookiename) {
if (isset($_COOKIE[$cookiename])) {
$cookievalue = $_COOKIE[$cookiename];
$cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33);
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
pdo_query("UPDATE " . qid("user") . " SET cookiekey='' WHERE id=" . qnum($cookieuseridkey));
setcookie("CDash-" . $_SERVER['SERVER_NAME'], "", time() - 3600);
}
}
echo "<script language=\"javascript\">window.location='index.php'</script>";
return 0;
}
if (isset($_POST["sent"])) {
@($login = $_POST["login"]);
if ($login != NULL) {
$login = htmlspecialchars(pdo_real_escape_string($login));
}
@($passwd = $_POST["passwd"]);
if ($passwd != NULL) {
$passwd = htmlspecialchars(pdo_real_escape_string($passwd));
}
@($rememberme = $_POST["rememberme"]);
if ($rememberme != NULL) {
$rememberme = pdo_real_escape_numeric($rememberme);
}
return authenticate($login, $passwd, $SessionCachePolicy, $rememberme);
} else {
// arrive from session var
$cookiename = str_replace('.', '_', "CDash-" . $_SERVER['SERVER_NAME']);
// php doesn't like dot in cookie names
if (isset($_COOKIE[$cookiename])) {
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
$cookievalue = $_COOKIE[$cookiename];
$cookiekey = substr($cookievalue, strlen($cookievalue) - 33);
$cookieuseridkey = substr($cookievalue, 0, strlen($cookievalue) - 33);
$sql = "SELECT email,password,id FROM " . qid("user") . "\n WHERE cookiekey='" . pdo_real_escape_string($cookiekey) . "'";
if (!empty($cookieuseridkey)) {
$sql .= " AND id='" . pdo_real_escape_string($cookieuseridkey) . "'";
}
$result = pdo_query("{$sql}");
if (pdo_num_rows($result) == 1) {
$user_array = pdo_fetch_array($result);
session_name("CDash");
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
$sessionArray = array("login" => $user_array['email'], "passwd" => $user_array['password'], "ID" => session_id(), "valid" => 1, "loginid" => $user_array['id']);
$_SESSION['cdash'] = $sessionArray;
return true;
}
}
session_name("CDash");
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
$email = @$_SESSION['cdash']["login"];
if (!empty($email)) {
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
$sql = "SELECT id,password FROM " . qid("user") . " WHERE email='" . pdo_real_escape_string($email) . "'";
$result = pdo_query("{$sql}");
if (pdo_num_rows($result) == 0) {
pdo_free_result($result);
$loginerror = "Wrong email or password.";
return false;
}
$user_array = pdo_fetch_array($result);
if ($user_array["password"] == $_SESSION['cdash']["passwd"]) {
return true;
}
$loginerror = "Wrong email or password.";
return false;
}
}
}
/** Google authentication */
function googleAuthenticate($code)
{
include("cdash/config.php");
global $CDASH_DB_HOST, $CDASH_DB_LOGIN, $CDASH_DB_PASS, $CDASH_DB_NAME;
$SessionCachePolicy = 'private_no_expire';
// initialize the session
session_name("CDash");
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME+600);
session_start();
if (!isset($_GET["state"]))
{
add_log("no state value passed via GET", LOG_ERR);
return;
}
// Both the anti-forgery token and the user's requested URL are specified
// in the same "state" GET parameter. Split them out here.
$splitState = explode("_AND_STATE_IS_", $_GET["state"]);
if (sizeof($splitState) != 2)
{
add_log("Expected two values after splitting state parameter, found " .
sizeof($splitState), LOG_ERR);
return;
}
$requestedURI = $splitState[0];
@$state = $splitState[1];
// don't send the user back to login.php if that's where they came from
if (strpos($requestedURI, "login.php") !== false)
{
$requestedURI = "user.php";
}
// check that the anti-forgery token is valid
if ($state != $_SESSION['cdash']['state'])
{
add_log("state anti-forgery token mismatch: " . $state .
" vs " . $_SESSION['cdash']['state'], LOG_ERR);
return;
}
// Request the access token
$headers = array(
'Content-Type: application/x-www-form-urlencoded;charset=UTF-8',
'Connection: Keep-Alive'
);
$redirectURI = strtok(get_server_URI(false), '?');
$postData = join('&', array(
'grant_type=authorization_code',
'code='.$_GET["code"],
'client_id='.$GOOGLE_CLIENT_ID,
'client_secret='.$GOOGLE_CLIENT_SECRET,
'redirect_uri='.$redirectURI
));
$url = 'https://accounts.google.com/o/oauth2/token';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_PORT, 443);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$resp = curl_exec($curl);
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($httpStatus != 200)
{
add_log("Google access token request failed: $resp", LOG_ERR);
return;
}
$resp = json_decode($resp);
$accessToken = $resp->access_token;
$tokenType = $resp->token_type;
// Use the access token to get the user's email address
$headers = array(
'Authorization: '.$tokenType.' '.$accessToken
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://www.googleapis.com/plus/v1/people/me');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_PORT, 443);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$resp = curl_exec($curl);
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($httpStatus != 200)
{
add_log("Get Google user email address request failed: $resp", LOG_ERR);
return;
}
// Extract the user's email address from the response.
$resp = json_decode($resp);
$email = strtolower($resp->emails[0]->value);
// Check if this email address appears in our user database
$db = pdo_connect("$CDASH_DB_HOST", "$CDASH_DB_LOGIN","$CDASH_DB_PASS");
pdo_select_db("$CDASH_DB_NAME",$db);
$sql="SELECT id,password FROM ".qid("user")." WHERE email='".pdo_real_escape_string($email)."'";
$result = pdo_query("$sql");
if(pdo_num_rows($result)==0)
{
// if no match is found, redirect to pre-filled out registration page
pdo_free_result($result);
$firstname = $resp->name->givenName;
$lastname = $resp->name->familyName;
header("Location: register.php?firstname=$firstname&lastname=$lastname&email=$email");
return false;
}
$user_array = pdo_fetch_array($result);
$pass = $user_array["password"];
$sessionArray = array(
"login" => $email,
"passwd" => $user_array['password'],
"ID" => session_id(),
"valid" => 1,
"loginid" => $user_array["id"]);
$_SESSION['cdash'] = $sessionArray;
session_write_close();
pdo_free_result($result);
header("Location: $requestedURI");
return true; // authentication succeeded
}
/** Google authentication */
function googleAuthenticate($code)
{
$state = getGoogleAuthenticateState();
if ($state === false) {
return;
}
include dirname(__DIR__) . '/config/config.php';
global $CDASH_DB_HOST, $CDASH_DB_LOGIN, $CDASH_DB_PASS, $CDASH_DB_NAME;
$SessionCachePolicy = 'private_no_expire';
// initialize the session
session_name('CDash');
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
// check that the anti-forgery token is valid
if ($state->csrfToken != $_SESSION['cdash']['csrfToken']) {
add_log('state anti-forgery token mismatch: ' . $state->csrfToken . ' vs ' . $_SESSION['cdash']['csrfToken'], 'googleAuthenticate', LOG_ERR);
return;
}
$redirectURI = strtok(get_server_URI(false), '?');
// The return value of get_server_URI can be inconsistent.
// It simply returns $CDASH_BASE_URL if that variable is set, yielding a
// return value like http://mydomain.com/CDash.
// If this variable is not set, then it will return the full URI including
// the current script, ie
// http://mydomain.com/CDash/googleauth_callback.php.
//
// Make sure that redirectURI contains the path to our callback script.
if (strpos($redirectURI, 'googleauth_callback.php') === false) {
$redirectURI .= '/googleauth_callback.php';
}
try {
$config = new Google_Config();
if ($CDASH_MEMCACHE_ENABLED) {
$config->setCacheClass('Google_Cache_Memcache');
list($server, $port) = $CDASH_MEMCACHE_SERVER;
$config->setClassConfig('Google_Cache_Memcache', 'host', $server);
$config->setClassConfig('Google_Cache_Memcache', 'port', $port);
}
$client = new Google_Client($config);
$client->setClientId($GOOGLE_CLIENT_ID);
$client->setClientSecret($GOOGLE_CLIENT_SECRET);
$client->setRedirectUri($redirectURI);
$client->authenticate($_GET['code']);
$oauth = new Google_Service_Oauth2($client);
$me = $oauth->userinfo->get();
$tokenResponse = json_decode($client->getAccessToken());
} catch (Google_Auth_Exception $e) {
add_log('Google access token request failed: ' . $e->getMessage(), 'googleAuthenticate', LOG_ERR);
return;
}
// Check if this email address appears in our user database
$email = strtolower($me->getEmail());
$db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
pdo_select_db("{$CDASH_DB_NAME}", $db);
$sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'";
$result = pdo_query("{$sql}");
if (pdo_num_rows($result) == 0) {
// if no match is found, redirect to pre-filled out registration page
pdo_free_result($result);
$firstname = $me->getGivenName();
$lastname = $me->getFamilyName();
header("Location: register.php?firstname={$firstname}&lastname={$lastname}&email={$email}");
return false;
}
$user_array = pdo_fetch_array($result);
$pass = $user_array['password'];
if ($state->rememberMe) {
require_once 'include/login_functions.php';
setRememberMeCookie($user_array['id']);
}
$sessionArray = array('login' => $email, 'passwd' => $user_array['password'], 'ID' => session_id(), 'valid' => 1, 'loginid' => $user_array['id']);
$_SESSION['cdash'] = $sessionArray;
session_write_close();
pdo_free_result($result);
header("Location: {$state->requestedURI}");
return true;
// authentication succeeded
}
function __destruct()
{
foreach ($this->results as $result) {
@pdo_free_result($result);
}
}
