1 |
commit: 0184aecdf36ab398ef3696e5211aff53b7239772 |
2 |
Author: Brian Evans <grknight <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 30 14:53:01 2018 +0000 |
4 |
Commit: Brian Evans <grknight <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 30 14:53:01 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=0184aecd |
7 |
|
8 |
Fix query errors and missing indexes; add error handling for user facing |
9 |
|
10 |
php/admin/mirror-list.php | 2 +- |
11 |
php/index-list.php | 16 ++++++++++++---- |
12 |
php/index.php | 23 ++++++++++++++++------- |
13 |
php/lib/auth.php | 2 +- |
14 |
4 files changed, 30 insertions(+), 13 deletions(-) |
15 |
|
16 |
diff --git a/php/admin/mirror-list.php b/php/admin/mirror-list.php |
17 |
index e0876d4..29f6e9b 100644 |
18 |
--- a/php/admin/mirror-list.php |
19 |
+++ b/php/admin/mirror-list.php |
20 |
@@ -40,7 +40,7 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { |
21 |
mirror_locations.product_id = ? AND |
22 |
mirror_location_mirror_map.location_active = '1' AND |
23 |
mirror_mirrors.mirror_active = '1' |
24 |
- ", PDO::FETCH_ASSOC, [$os_id, $product_id]); |
25 |
+ ", PDO::FETCH_ASSOC, null, [$os_id, $product_id]); |
26 |
|
27 |
header("Content-type: text/plain;"); |
28 |
foreach ($mirrors as $mirror) { |
29 |
|
30 |
diff --git a/php/index-list.php b/php/index-list.php |
31 |
index 1b158b7..861ba95 100644 |
32 |
--- a/php/index-list.php |
33 |
+++ b/php/index-list.php |
34 |
@@ -7,7 +7,9 @@ |
35 |
require_once('./cfg/init.php'); |
36 |
require_once(LIB.'/auth.php'); // auth functions |
37 |
require_once(LIB.'/forms.php'); // form library |
38 |
-error_reporting(E_GET); |
39 |
+ob_start(); |
40 |
+ |
41 |
+try{ |
42 |
|
43 |
if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
44 |
// clean in os and product strings |
45 |
@@ -44,7 +46,7 @@ if (!empty($os_id)&&!empty($product_id)) { |
46 |
mirror_mirrors.mirror_active = '1' |
47 |
ORDER BY |
48 |
mirror_rating DESC, mirror_baseurl |
49 |
- ", PDO::FETCH_ASSOC, [$os_id, $product_id]); |
50 |
+ ", PDO::FETCH_ASSOC, null, [$os_id, $product_id]); |
51 |
|
52 |
header("Content-type: text/plain;"); |
53 |
foreach ($mirrors as $mirror) { |
54 |
@@ -68,15 +70,21 @@ if (!empty($os_id)&&!empty($product_id)) { |
55 |
echo '<div>'; |
56 |
form_label('Product', 'product','label-small'); |
57 |
form_select('product_id','product','',Mirror::get_products_select(),$_GET['product_id']); |
58 |
- echo ' [<a href="./products.php">edit products</a>]'; |
59 |
+ echo ' [<a href="admin/products.php">edit products</a>]'; |
60 |
echo '</div><br />'; |
61 |
|
62 |
echo '<div>'; |
63 |
form_label('OS', 'os','label-small'); |
64 |
form_select('os_id','os','',Mirror::get_oss_select(),$_GET['os_id']); |
65 |
- echo ' [<a href="./os.php">edit operating systems</a>]'; |
66 |
+ echo ' [<a href="admin/os.php">edit operating systems</a>]'; |
67 |
echo '</div><br />'; |
68 |
form_submit('submit','','button1','Update'); |
69 |
form_end(); |
70 |
require_once(FOOTER); |
71 |
} |
72 |
+ |
73 |
+} catch (Exception $ex) { |
74 |
+ header("Status: 500", true, 500); |
75 |
+ echo "An unexpected error has occurred."; |
76 |
+ trigger_error($ex->getMessage() . ' ' . $ex->getTraceAsString(), E_USER_WARNING); |
77 |
+} |
78 |
|
79 |
diff --git a/php/index.php b/php/index.php |
80 |
index 28b29b8..aeb7128 100644 |
81 |
--- a/php/index.php |
82 |
+++ b/php/index.php |
83 |
@@ -4,14 +4,14 @@ |
84 |
* @package mirror |
85 |
* @subpackage pub |
86 |
*/ |
87 |
-error_reporting(0); // hide all errors |
88 |
+ob_start(); |
89 |
require_once('./cfg/config.php'); // config file that defines constants |
90 |
|
91 |
// if we don't have an os, make it windows, playing the odds |
92 |
if (empty($_GET['os'])) { |
93 |
$_GET['os'] = 'Any'; |
94 |
} |
95 |
- |
96 |
+try{ |
97 |
// do we even have an os or product? |
98 |
if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
99 |
require_once(LIB.'/db.php'); // core mysql wrappers |
100 |
@@ -27,19 +27,19 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
101 |
|
102 |
// do we have a valid os and product? |
103 |
if (!empty($os_id)&&!empty($product_id)) { |
104 |
- $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id={$product_id} AND os_id={$os_id}"); |
105 |
+ $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, [$product_id, $os_id]); |
106 |
|
107 |
// did we get a valid location? |
108 |
if (!empty($location)) { |
109 |
- $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors, mirror_location_mirror_map WHERE mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id AND mirror_location_mirror_map.location_id = {$location['location_id']} AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)"); |
110 |
+ $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id WHERE mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, [$location['location_id']]); |
111 |
|
112 |
// did we get a valid mirror? |
113 |
if (!empty($mirror)) { |
114 |
|
115 |
// if logging is enabled, insert log |
116 |
if (LOGGING) { |
117 |
- DB::query("UPDATE mirror_mirrors SET mirror_count=mirror_count+1 WHERE mirror_id={$mirror['mirror_id']}"); |
118 |
- DB::query("UPDATE mirror_products SET product_count=product_count+1 WHERE product_id={$product_id}"); |
119 |
+ DB::query("UPDATE mirror_mirrors SET mirror_count=mirror_count+1 WHERE mirror_id=?", [$mirror['mirror_id']]); |
120 |
+ DB::query("UPDATE mirror_products SET product_count=product_count+1 WHERE product_id=?", [$product_id]); |
121 |
} |
122 |
|
123 |
// LANGUAGE HACK |
124 |
@@ -51,7 +51,7 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
125 |
// BitTorrent HACK - robbat2 |
126 |
if (!empty($_GET['extra'])) { |
127 |
$extra = $_GET['extra']; |
128 |
- $location['location_path'] .= ereg_replace('\?.*|&.*','',$extra); |
129 |
+ $location['location_path'] .= preg_replace('/\?.*|&.*/','',$extra); |
130 |
} |
131 |
|
132 |
// if we are just testing, then just print and exit. |
133 |
@@ -62,11 +62,20 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
134 |
|
135 |
// otherwise, by default, redirect them and exit |
136 |
header('Location: '.$mirror['mirror_baseurl'].$location['location_path']); |
137 |
+ var_dump($mirror); |
138 |
exit; |
139 |
} |
140 |
} |
141 |
} |
142 |
} |
143 |
+} |
144 |
+catch (Exception $ex) { |
145 |
+ header("Status: 500", true, 500); |
146 |
+ echo "An unexpected error has occurred."; |
147 |
+ trigger_error($ex->getMessage() . ' ' . $ex->getTraceAsString(), E_USER_WARNING); |
148 |
+ exit(); |
149 |
+} |
150 |
+ |
151 |
|
152 |
// if we get here, the request was invalid; redirect to Gentoo home |
153 |
header('Location: http://www.gentoo.org/'); |
154 |
|
155 |
diff --git a/php/lib/auth.php b/php/lib/auth.php |
156 |
index eb6319c..68bf91a 100644 |
157 |
--- a/php/lib/auth.php |
158 |
+++ b/php/lib/auth.php |
159 |
@@ -62,7 +62,7 @@ public static function query($username,$password) |
160 |
|
161 |
private static function password_upgrade($userrow, $username, $password) { |
162 |
require_once(LIB.'/mirror.php'); //Upgrade password security |
163 |
- Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['firstname'],$userrow['lastname'],$userrow['email']); |
164 |
+ Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['user_firstname'],$userrow['user_lastname'],$userrow['user_email']); |
165 |
} |
166 |
|
167 |
/** |