|
reSIProcate/repro
9694
|
00001 <?php 00002 /* 00003 System: Repro 00004 File: reprofunctions.php 00005 Purpose: shared functions used by multiple pages 00006 Author: S. Chanin 00007 */ 00008 /* because I don't have a final database abstraction to work with and I don't 00009 know how to save db connection state in a cookie (or even if that's possible for 00010 all the db's we need to support, I'm going to make every function open and close 00011 it's own connection. This is inefficient, but at least it's clean. */ 00012 00013 // shared constants (the alternative for this would be to define them 00014 // as constants 00015 $provider = "XYZ"; 00016 $providerEmail = "XYZ Activation <activation@xyz.com>"; 00017 $sessionDuration = 600; /* 600 seconds = 10 min */ 00018 00019 /* 00020 Purpose: Used for debugging. Can pretty print a variable to the browser 00021 or can stuff the pretty printed version in a string (in Broswer format). 00022 00023 return values are: 00024 if $return_str is FALSE or not passed: "" 00025 if $return_str is TRUE: the printable representation of the $data 00026 */ 00027 function dbgShowBroswer($data, $return_str = false, $func = "print_r"){ 00028 ob_start(); 00029 $func($data); 00030 $output = '<pre>'.htmlspecialchars(ob_get_contents()).'</pre>'; 00031 ob_end_clean(); 00032 if($return_str) { 00033 return $output; 00034 } else { 00035 echo $output; 00036 return(""); 00037 } 00038 } 00039 00040 /* 00041 Purpose: Used for debugging. Stuffs the pretty printed version in a string into 00042 a string which is returned so it can be stored in a file. 00043 00044 return values are: 00045 the storable representation of the $data 00046 */ 00047 function dbgShowFile($data, $func = "print_r"){ 00048 ob_start(); 00049 $func($data); 00050 $output = ob_get_contents(); 00051 ob_end_clean(); 00052 return $output; 00053 } 00054 00055 00056 /* 00057 Purpose: Used for debugging. Appens a string ($) to the file /tmp/squirt. 00058 Use tail -f /tmp/squirt in a terminal window to watch the output. 00059 */ 00060 function dbgSquirt($s, $stamp=1) { 00061 $fp = fopen ("/tmp/squirt", "a+"); 00062 if ($stamp == 1) { 00063 fputs($fp, date('ymd H:i:s ')); 00064 } 00065 fputs($fp, $s."\n"); 00066 fclose($fp); 00067 } 00068 00069 /* 00070 Purpose: checks if the supplied user/password combination matches a known user. 00071 00072 If so, the state of that user is returned. 00073 00074 return values are: 00075 A = matches an active user 00076 U = matches an unverified user 00077 D = matches a disabled user 00078 N = does not match */ 00079 function validateUser($u, $p) { 00080 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00081 mysql_select_db("repro",$db) or die (mysql_error()); 00082 $query="select * from Users where username='$u' and password='$p'"; 00083 $result = mysql_query($query) or die(mysql_error()); 00084 00085 $count=mysql_num_rows($result); 00086 00087 if ($count == 1) { 00088 // we matched, so lets get the state of the user 00089 $state = mysql_result($result,0,"state"); 00090 } else { 00091 $state = "N"; } 00092 00093 mysql_free_result($result); 00094 mysql_close($db); 00095 return $state; 00096 } 00097 00098 /* 00099 Purpose: Used to get the state of a user. The state will only be returned if 00100 the function is called with an activationCode that matches the one set for that 00101 user in the database. 00102 00103 return values are: 00104 A = matches an active user 00105 U = matches an unverified user 00106 D = matches a disabled user 00107 N = does not match */ 00108 function getUserState($user, $code) { 00109 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00110 mysql_select_db("repro",$db) or die (mysql_error()); 00111 $query="select * from Users where username='$user' and activationCode='$code'"; 00112 $result = mysql_query($query) or die(mysql_error()); 00113 00114 $count=mysql_num_rows($result); 00115 00116 if ($count == 1) { 00117 // we matched, so lets get the state of the user 00118 $state = mysql_result($result,0,"state"); 00119 } else { 00120 $state = "N"; } 00121 00122 mysql_free_result($result); 00123 mysql_close($db); 00124 return $state; 00125 } 00126 00127 00128 00129 /* 00130 Purpose: Check to see if a user name is already in use 00131 00132 return values are: 00133 Y = username is in use 00134 N = username is not in use 00135 00136 Note -- it is not possible to reuse a user name. */ 00137 function usernameInUse($u) { 00138 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00139 mysql_select_db("repro",$db) or die (mysql_error()); 00140 $query="select * from Users where username='$u'"; 00141 $result = mysql_query($query) or die(mysql_error()); 00142 00143 $count=mysql_num_rows($result); 00144 if ($count == 1) { 00145 // we matched, so that name is in use 00146 $state = "Y"; 00147 } else { 00148 $state = "N"; } 00149 00150 mysql_free_result($result); 00151 mysql_close($db); 00152 return $state; 00153 } 00154 00155 /* 00156 Purpose: create a new account in the system. New accounts are automatically 00157 created in U (unverified) state and have the current date used for 00158 the activationDate. 00159 00160 return values are: 00161 True = account creation succeeded. 00162 False = account creation failed. */ 00163 function createAccount($username, $passwordMD5, $fullname, $domain, $email,$activationCode) { 00164 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00165 mysql_select_db("repro",$db) or die (mysql_error()); 00166 $activationDate = date("Y-m-d"); 00167 $query="insert into Users (username,password,fullname,domain,email,state,activationDate,activationCode) values('$username','$passwordMD5','$fullname','$domain','$email','U','$activationDate','$activationCode')"; 00168 00169 $result = mysql_query($query) or die(mysql_error()); 00170 00171 $count = mysql_affected_rows(); 00172 00173 if ((1 == $count) && (TRUE == $result)) { 00174 // no error and 1 row inserted 00175 $state = TRUE; 00176 } else { 00177 $state = FALSE; } 00178 00179 mysql_close($db); 00180 return $state; 00181 } 00182 00183 /* 00184 Purpose: set a new account to active status 00185 00186 return values are: 00187 TRUE = account activation succeeded. 00188 FALSE = account activation failed. */ 00189 function activateUser($username, $activationCode) { 00190 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00191 mysql_select_db("repro",$db) or die (mysql_error()); 00192 $activationDate = date("Y-m-d"); 00193 $query="update Users set state = 'A' where username = '$username' and activationCode = '$activationCode'"; 00194 00195 $result = mysql_query($query) or die(mysql_error()); 00196 00197 $count = mysql_affected_rows(); 00198 00199 if ((1 == $count) && (TRUE == $result)) { 00200 // no error and 1 row updated 00201 $state = TRUE; 00202 } else { 00203 $state = FALSE; } 00204 00205 mysql_close($db); 00206 return $state; 00207 } 00208 00209 /* 00210 Purpose: Check to see if the supplied username and email address match a known 00211 active user (can't do password resets for unverified or disabled 00212 users) 00213 00214 return values are: 00215 TRUE = username/email combination are a match 00216 FALSE = the combination does not match 00217 */ 00218 function matchUserAndEmail($username,$email) { 00219 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00220 mysql_select_db("repro",$db) or die (mysql_error()); 00221 $query="select * from Users where username='$username' and email='$email' and state = 'A'"; 00222 $result = mysql_query($query) or die(mysql_error()); 00223 00224 $count=mysql_num_rows($result); 00225 if ($count == 1) { 00226 // we matched, so that user/email combination is valid 00227 $state = TRUE; 00228 } else { 00229 $state = FALSE; } 00230 00231 mysql_free_result($result); 00232 mysql_close($db); 00233 return $state; 00234 } 00235 00236 /* 00237 Purpose: Create a new resource for a user. 00238 00239 return values are: 00240 TRUE = create succeeded. 00241 FALSE = create failed. */ 00242 function createResource($username, $aor, $forwardType, $forwardDestination, $voicemail) { 00243 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00244 mysql_select_db("repro",$db) or die (mysql_error()); 00245 00246 // first we need to get the userid from the username 00247 $query="select id from Users where username = '$username'"; 00248 $result = mysql_query($query) or die(mysql_error()); 00249 00250 $count=mysql_num_rows($result); 00251 if ($count == 1) { 00252 // we matched, so lets get the userid of the user 00253 $userid = mysql_result($result,0,"id"); 00254 mysql_free_result($result); 00255 00256 // if there are any constraints (e.g. AOR must be unique, etc, check 00257 // for them here 00258 00259 // add the resource to the Resources table 00260 $query = "insert into Resources (userid,aor,forwardType,forwardDestination,voicemail) values($userid,'$aor','$forwardType','$forwardDestination','$voicemail')"; 00261 00262 $result = mysql_query($query) or die(mysql_error()); 00263 $count = mysql_affected_rows(); 00264 00265 if ((1 == $count) && (TRUE == $result)) { 00266 // no error and 1 row inserted 00267 $state = TRUE; 00268 } else { 00269 $state = FALSE; } 00270 } else { 00271 $state = FALSE; } 00272 00273 mysql_free_result($result); 00274 mysql_close($db); 00275 return $state; 00276 } 00277 00278 /* 00279 Purpose: Looks up other info tied to a user. 00280 00281 Since arguments are passed by reference, they are set to the values returned 00282 by the select. The functions return value is used to indicate whether execution 00283 succeed or failed. 00284 00285 return values are: 00286 TRUE == lookup suceeded. 00287 FALSE == error during lookup 00288 */ 00289 00290 function lookupUserInformation($username,&$id,&$fullname,&$domain,&$email) { 00291 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00292 mysql_select_db("repro",$db) or die (mysql_error()); 00293 $query="select * from Users where username='$username'"; 00294 $result = mysql_query($query) or die(mysql_error()); 00295 00296 $count=mysql_num_rows($result); 00297 00298 if ($count == 1) { 00299 // we matched, so lets get the state of the user 00300 $id = mysql_result($result,0,"id"); 00301 $fullname = mysql_result($result,0,"fullname"); 00302 $domain = mysql_result($result,0,"domain"); 00303 $email = mysql_result($result,0,"email"); 00304 00305 $state = TRUE; 00306 } else { 00307 $state = FALSE; } 00308 00309 mysql_free_result($result); 00310 mysql_close($db); 00311 return $state; 00312 } 00313 00314 /* 00315 Purpose: Builds an associative array containing all the resources associated 00316 with a username. This is extra work, but it should isolate any dependency 00317 on mysql here and allow the function to be re-implemented for other 00318 databases without affecting the surrounding code. 00319 00320 return values are: 00321 TRUE == lookup succeeded 00322 FALSE == lookup failed 00323 */ 00324 function getResourcesByUsername($username,&$resources) { 00325 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00326 mysql_select_db("repro",$db) or die (mysql_error()); 00327 00328 // first we need to get the userid from the username 00329 $query="select id from Users where username = '$username'"; 00330 $result = mysql_query($query) or die(mysql_error()); 00331 00332 $count=mysql_num_rows($result); 00333 // print "Query -- $query<br />\nCount -- $count<br >\n"; 00334 00335 if ($count == 1) { 00336 // we matched, so lets get the userid of the user 00337 $userid = mysql_result($result,0,"id"); 00338 mysql_free_result($result); 00339 00340 $query = "select id,aor,forwardType,forwardDestination,voicemail from Resources where userid = '$userid'"; 00341 $result = mysql_query($query) or die(mysql_error()); 00342 00343 // print "Query -- $query<br />\nResult -- $result<br />\n"; 00344 00345 $state = TRUE; 00346 while (($myrow = mysql_fetch_array($result))) { 00347 // print "Row -- "; 00348 // print_r($myrow); 00349 $newRow = array($myrow['id'],$myrow['aor'],$myrow['forwardType'],$myrow['forwardDestination'],$myrow['voicemail']); 00350 00351 // print "<br />New Row --"; 00352 // print_r($newRow); 00353 $resources[] = $newRow; 00354 // print "<br />Resource -- "; 00355 // print_r($resources); 00356 } 00357 } else { 00358 $state = FALSE; 00359 } 00360 00361 mysql_free_result($result); 00362 mysql_close($db); 00363 return $state; 00364 } 00365 00366 /* 00367 Purpose: gets the shared salt from the database to use in creating authentication 00368 tokens. 00369 00370 return values are: 00371 TRUE == salt successfully retrieved 00372 FALSE == error while retreiving salt 00373 */ 00374 function getSalt(&$salt) { 00375 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00376 mysql_select_db("repro",$db) or die (mysql_error()); 00377 $query="select value from Parameters where parameter='salt'"; 00378 $result = mysql_query($query) or die(mysql_error()); 00379 00380 $count=mysql_num_rows($result); 00381 00382 if ($count == 1) { 00383 // we matched, so lets get the state of the user 00384 $salt = mysql_result($result,0,"value"); 00385 $state = TRUE; 00386 } else { 00387 $salt = ""; 00388 $state = FALSE; } 00389 00390 mysql_free_result($result); 00391 mysql_close($db); 00392 return $state; 00393 } 00394 00395 /* 00396 Purpose: clears authentication cookies 00397 00398 return values are: 00399 TRUE == no errors reported from setcookie 00400 FALSE == errors were reported 00401 */ 00402 function clearCookies() { 00403 00404 dbgSquirt("==============Function: Clear Cookies =============="); 00405 dbgSquirt('Cookie --' . dbgShowFile($_COOKIE)); 00406 00407 00408 $result = setcookie("user","",mktime(12,0,0,1,1,1970)); 00409 $result1 = setcookie("authentication","",mktime(12,0,0,1,1,1970)); 00410 00411 return ($result && $result1); 00412 } 00413 00414 /* 00415 Purpose: checks whether the current cookies validate the user or if additional 00416 authentication is needed. 00417 00418 if the cookies are unset or are blank, $ignoreBlanks is checked. 00419 if $ignoreBlanks is TRUE, no error is reported in this case. 00420 if $ignoreBlanks is FALSE, then this case is treated as an error. 00421 ...in either case, blank or unset cookies will result in $forceLogin 00422 being true. 00423 00424 return values are: 00425 TRUE == no errors reported 00426 FALSE == errors were reported 00427 00428 mutates the following: 00429 $forceLogin: TRUE == cookies contain valid authentication data 00430 FALSE == user is NOT authenticated 00431 $error: "" == no errors 00432 otherwise contains displayable text of error 00433 */ 00434 function checkCookies(&$forceLogin,&$error,$ignoreBlanks) { 00435 $forceLogin = TRUE; 00436 $error = ""; 00437 global $sessionDuration; 00438 00439 dbgSquirt("==============Function: checkCoookies =============="); 00440 dbgSquirt('Cookie --' . dbgShowFile($_COOKIE)); 00441 00442 if (isset($_COOKIE['user']) && !empty($_COOKIE['user']) && 00443 isset($_COOKIE['authentication']) && !empty($_COOKIE['authentication'])) { 00444 // both user and authentication cookies are set and non-blank 00445 // dbgSquirt("Cookies set and non-empty"); 00446 $userCookie = $_COOKIE['user']; 00447 $authenticationCookie = $_COOKIE['authentication']; 00448 $time = time(); 00449 00450 // dbgSquirt("Getting salt"); 00451 if (getSalt($salt)) { 00452 // dbgSquirt("...salt gotten"); 00453 // dbgSquirt("Encrypting"); 00454 if (sha1($userCookie . $salt) == $authenticationCookie) { 00455 // authentication passed 00456 // so reset expiration on cookies 00457 // dbgSquirt("Cookie matches encryption"); 00458 // dbgSquirt("Resetting cookies"); 00459 // dbgSquirt("Time -- $time"); 00460 // dbgSquirt("Time + Duration -- ". ($time+$sessionDuration)); 00461 $result = setcookie("user",$userCookie,$time+$sessionDuration); 00462 $result1 = setcookie("authentication",$authenticationCookie, 00463 $time+$sessionDuration); 00464 if ((TRUE == $result) && (TRUE == $result1)) { 00465 // everything worked 00466 // dbgSquirt("Everything worked ... no need to forceLogin"); 00467 $forceLogin = FALSE; 00468 } else { 00469 $error = "Internal error -- problem while creating cookies. Please contact an administrator."; 00470 } 00471 } else { 00472 // credentials in cookies don't match. 00473 // dbgSquirt("Cookie does NOT match encryption"); 00474 $error = "Authentication error -- The supplied credentials don't match our stored values. Please reauthenticate and try again."; 00475 } 00476 } else { 00477 // dbgSquirt("...error while getting salt"); 00478 // error while trying to get salt value 00479 $error = "Internal error -- unable to validate supplied credentials. Please reauthenticate and try again."; 00480 } 00481 } else { 00482 // cookies were unset or contained empty values 00483 // dbgSquirt("Cookies unset or empty"); 00484 if (FALSE == $ignoreBlanks) { 00485 $error = "Please log in."; } 00486 } 00487 00488 dbgSquirt("Returning -- ". empty($error)); 00489 return(empty($error)); 00490 } 00491 00492 /* 00493 Purpose: change the fullname saved for a user 00494 00495 return values are: 00496 TRUE = change succeeded. 00497 FALSE = change failed. */ 00498 function updateFullname($username, $newFullname) { 00499 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00500 mysql_select_db("repro",$db) or die (mysql_error()); 00501 $query="update Users set fullname = '$newFullname' where username = '$username'"; 00502 00503 $result = mysql_query($query) or die(mysql_error()); 00504 00505 $count = mysql_affected_rows(); 00506 00507 if ((1 == $count) && (TRUE == $result)) { 00508 // no error and 1 row updated 00509 $state = TRUE; 00510 } else { 00511 $state = FALSE; } 00512 00513 mysql_close($db); 00514 return $state; 00515 } 00516 00517 /* 00518 Purpose: Create an encrypted password based on the username and supplied 00519 cleartext password. 00520 00521 Returns encrypted password */ 00522 function createPassword($username, $password) { 00523 $encryptedPassword = md5($username . "::" . $password); 00524 return $encryptedPassword; 00525 } 00526 00527 /* 00528 Purpose: change the password saved for a user 00529 00530 Note: expects the password to come in already encrypted 00531 00532 return values are: 00533 TRUE = change succeeded. 00534 FALSE = change failed. */ 00535 function updatePassword($username, $newPassword) { 00536 dbgSquirt("============= Function: updatePassword ==========="); 00537 00538 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00539 mysql_select_db("repro",$db) or die (mysql_error()); 00540 $query="update Users set password = '$newPassword' where username = '$username'"; 00541 dbgSquirt("Query -- $query"); 00542 00543 $result = mysql_query($query) or die(mysql_error()); 00544 00545 $count = mysql_affected_rows(); 00546 00547 if ((1 == $count) && (TRUE == $result)) { 00548 // no error and 1 row updated 00549 $state = TRUE; 00550 } else { 00551 $state = FALSE; } 00552 00553 mysql_close($db); 00554 return $state; 00555 } 00556 00557 /* 00558 Purpose: change the email saved for a user 00559 00560 return values are: 00561 TRUE = change succeeded. 00562 FALSE = change failed. */ 00563 function updateEmail($username, $newEmail) { 00564 dbgSquirt("============= Function: updateEmail ==========="); 00565 00566 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00567 mysql_select_db("repro",$db) or die (mysql_error()); 00568 $query="update Users set email = '$newEmail' where username = '$username'"; 00569 dbgSquirt("Query -- $query"); 00570 00571 $result = mysql_query($query) or die(mysql_error()); 00572 00573 $count = mysql_affected_rows(); 00574 00575 if ((1 == $count) && (TRUE == $result)) { 00576 // no error and 1 row updated 00577 $state = TRUE; 00578 } else { 00579 $state = FALSE; } 00580 00581 mysql_close($db); 00582 return $state; 00583 } 00584 00585 /* 00586 Purpose: Delete a resource 00587 00588 Note: to limit risk this function makes sure the resourceId that is being 00589 flagged for deletion is owned by the user passed in (which should be the 00590 username from the authentication cookies) 00591 00592 return values are: 00593 TRUE = delete succeeded. 00594 FALSE = delete failed. */ 00595 function deleteResource($username, $resourceId) { 00596 dbgSquirt("============= Function: deleteResource ==========="); 00597 00598 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00599 mysql_select_db("repro",$db) or die (mysql_error()); 00600 00601 // first we need to get the userid from the username 00602 $query="select id from Users where username = '$username'"; 00603 dbgSquirt("Query -- $query"); 00604 $result = mysql_query($query) or die(mysql_error()); 00605 00606 $count=mysql_num_rows($result); 00607 dbgSquirt("Rows -- $count"); 00608 if ($count == 1) { 00609 // we matched, so lets get the userid of the user 00610 $userid = mysql_result($result,0,"id"); 00611 mysql_free_result($result); 00612 00613 // delete the resource 00614 $query = "delete from Resources where userid = '$userid' and id = '$resourceId'"; 00615 dbgSquirt("Query2 -- $query"); 00616 00617 $result = mysql_query($query) or die(mysql_error()); 00618 $count = mysql_affected_rows(); 00619 00620 dbgSquirt("Rows -- $count"); 00621 if ((1 == $count) && (TRUE == $result)) { 00622 // no error and 1 row deleted (should only be 1 row since id is 00623 // the primary key) 00624 $state = TRUE; 00625 } else { 00626 $state = FALSE; } 00627 } else { 00628 $state = FALSE; } 00629 00630 mysql_free_result($result); 00631 mysql_close($db); 00632 return $state; 00633 } 00634 00635 /* 00636 Purpose: update a resource based on the resourceId 00637 00638 return values are: 00639 TRUE = update succeeded. 00640 FALSE = update failed. */ 00641 function updateResource($resourceId,$username,$resource,$forwardType, 00642 $forward,$voicemail) { 00643 dbgSquirt("============= Function: updateResource ==========="); 00644 00645 $db = mysql_connect("localhost","apache","apache") or die(mysql_error()); 00646 mysql_select_db("repro",$db) or die (mysql_error()); 00647 00648 // first we need to get the userid from the username 00649 $query="select id from Users where username = '$username'"; 00650 dbgSquirt("Query -- $query"); 00651 $result = mysql_query($query) or die(mysql_error()); 00652 00653 $count=mysql_num_rows($result); 00654 dbgSquirt("Rows -- $count"); 00655 if ($count == 1) { 00656 // we matched, so lets get the userid of the user 00657 $userid = mysql_result($result,0,"id"); 00658 mysql_free_result($result); 00659 00660 // delete the resource 00661 $query = "update Resources set aor='$resource',forwardType='$forwardType',forwardDestination='$forward',voicemail='$voicemail' where userid = '$userid' and id = '$resourceId'"; 00662 dbgSquirt("Query2 -- $query"); 00663 00664 $result = mysql_query($query) or die(mysql_error()); 00665 $count = mysql_affected_rows(); 00666 00667 dbgSquirt("Rows -- $count"); 00668 if ((1 == $count) && (TRUE == $result)) { 00669 // no error and 1 row modified (should only be 1 row since id is 00670 // the primary key) 00671 $state = TRUE; 00672 } else { 00673 $state = FALSE; } 00674 } else { 00675 $state = FALSE; } 00676 00677 mysql_free_result($result); 00678 mysql_close($db); 00679 return $state; 00680 } 00681 ?>
1.7.5.1