Gentoo Archives: gentoo-commits

From: Liam McLoughlin <hexxeh@××××××.net>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/gentoaster:webui commit in: /, web/
Date: Wed, 27 Jul 2011 19:30:39
Message-Id: 5099c71493abe193f23b7f0a7381e539bc67bb33.hexxeh@gentoo
1 commit: 5099c71493abe193f23b7f0a7381e539bc67bb33
2 Author: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net>
3 AuthorDate: Wed Jul 27 19:29:49 2011 +0000
4 Commit: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net>
5 CommitDate: Wed Jul 27 19:29:49 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gentoaster.git;a=commit;h=5099c714
7
8 Moved to using mysqli and prepared statements
9
10 ---
11 client.php | 19 +++++----
12 daemon.php | 108 ++++++++++++++++++++++++++++++++++------------------
13 status.php | 40 ++++++++++++--------
14 web/config.php | 2 +-
15 web/process.php | 60 +++++++++++++++++++----------
16 web/status.php | 61 +++++++++++++++---------------
17 web/testdrive.php | 39 ++++++++++++-------
18 7 files changed, 200 insertions(+), 129 deletions(-)
19
20 diff --git a/client.php b/client.php
21 index e2284b4..56313ae 100644
22 --- a/client.php
23 +++ b/client.php
24 @@ -21,13 +21,16 @@
25
26 echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n";
27
28 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
29 - if (!$db) {
30 - die("Could not connect to database ".mysql_error());
31 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
32 + MYSQL_PASSWORD, MYSQL_DATABASE);
33 + if (mysqli_connect_errno()) {
34 + die("Could not connect to database ".mysqli_connect_error());
35 }
36 - mysql_select_db(MYSQL_DATABASE);
37 - $query = "INSERT INTO builds (id, handle)".
38 - ." VALUES('".$handlehash."','".$handle."')";
39 - mysql_query($query);
40 - echo "Job handle mapping added to database\n";
41
42 + $query = "INSERT INTO builds (id, handle) VALUES(?, ?)";
43 + $stmt = $db->prepare($query);
44 + $stmt->bind_param("ss", $handlehash, $handle);
45 + $stmt->execute();
46 + $stmt->close();
47 + $db->close();
48 + echo "Job handle mapping added to database\n";
49 \ No newline at end of file
50
51 diff --git a/daemon.php b/daemon.php
52 index 1936864..5fa09b2 100644
53 --- a/daemon.php
54 +++ b/daemon.php
55 @@ -17,16 +17,22 @@
56 {
57 $result = trim($result);
58 echo "A job finished with return code ".$returncode.": ".$result."\n";
59 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
60 - if (!$db) {
61 - die("Could not connect to database ".mysql_error());
62 +
63 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
64 + MYSQL_PASSWORD, MYSQL_DATABASE);
65 + if (mysqli_connect_errno()) {
66 + die("Could not connect to database ".mysqli_connect_error());
67 }
68 - mysql_select_db(MYSQL_DATABASE);
69 - $result = mysql_real_escape_string($result);
70 - $query = "UPDATE builds".
71 - " SET result = '".$result."', returncode = '".$returncode.
72 - "' WHERE handle = '".mysql_real_escape_string($handle)."'";
73 - mysql_query($query);
74 +
75 + $query = "UPDATE builds SET result = ?, returncode = ? ".
76 + "WHERE handle = ?";
77 +
78 + $stmt = $db->prepare($query);
79 + $stmt->bind_param("sds", $result, $returncode, $handle);
80 + $stmt->execute();
81 + $stmt->close();
82 + $db->close();
83 +
84 return serialize(array($returncode, $result));
85 }
86
87 @@ -103,26 +109,42 @@
88 $insert = false;
89 $update = false;
90
91 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
92 - if (!$db) {
93 - die("Could not connect to database ".mysql_error());
94 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
95 + MYSQL_PASSWORD, MYSQL_DATABASE);
96 + if (mysqli_connect_errno()) {
97 + die("Could not connect to database ".mysqli_connect_error());
98 }
99 - mysql_select_db(MYSQL_DATABASE);
100 +
101 + $query = "UPDATE builds SET result = ?, returncode = ? ".
102 + "WHERE handle = ?";
103 +
104 + $stmt = $db->prepare($query);
105 + $stmt->bind_param("sds", $result, $returncode, $handle);
106 + $stmt->execute();
107 + $stmt->close();
108 + $db->close();
109 +
110 $query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1";
111 - $result = mysql_query($query);
112 - if (mysql_num_rows($result) == 0) {
113 + $stmt = $db->prepare($query);
114 + $stmt->execute();
115 + if ($stmt->num_rows == 0) {
116 // no ports! assign a new one
117 + $stmt->close();
118 $port = LOW_PORT;
119 $insert = true;
120 echo "No ports! Assigning ".$port."\n";
121 } else {
122 // we have a port! let's check if our vm has one
123 - $ports = mysql_fetch_array($result);
124 - $lastport = $ports[0];
125 - $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'";
126 - $result = mysql_query($query);
127 - if (mysql_num_rows($result) == 0) {
128 + $stmt->bind_result($lastport);
129 + $stmt->fetch();
130 + $stmt->close();
131 + $query = "SELECT port, pid FROM ports WHERE id = ?";
132 + $stmt = $db->prepare($query);
133 + $stmt->bind_param("s", $buildID);
134 + $stmt->execute();
135 + if ($stmt->num_rows == 0) {
136 // vm doesn't have one, assign one!
137 + $stmt->close();
138 $port = $lastport+1;
139 if ($port > HIGH_PORT) {
140 $port = LOW_PORT;
141 @@ -131,18 +153,18 @@
142 echo "Assigning new port ".$port."\n";
143 } else {
144 // vm already has one, return it
145 - $ports = mysql_fetch_array($result);
146 - $port = $ports[0];
147 - $pid = $ports[1];
148 - $running = true;
149 - if (!check_pid($pid)) {
150 - $running = false;
151 - $update = true;
152 - echo "VM is not running, PID ".$pid." is dead!\n";
153 - } else {
154 - echo "VM is running on PID ".$pid."\n";
155 - }
156 - echo "VM already has port ".$port."\n";
157 + $stmt->bind_result($port, $pid);
158 + $stmt->fetch();
159 + $stmt->close();
160 + $running = true;
161 + if (!check_pid($pid)) {
162 + $running = false;
163 + $update = true;
164 + echo "VM is not running, PID ".$pid." is dead!\n";
165 + } else {
166 + echo "VM is running on PID ".$pid."\n";
167 + }
168 + echo "VM already has port ".$port."\n";
169 }
170 }
171
172 @@ -162,17 +184,27 @@
173 $pid = $pid + 2;
174
175 if ($insert) {
176 - $query = "DELETE FROM ports WHERE port = ".$port;
177 - $result = mysql_query($query);
178 - $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")";
179 - $result = mysql_query($query);
180 + $query = "DELETE FROM ports WHERE port = ?";
181 + $stmt = $db->prepare($query);
182 + $stmt->bind_param("d", $port);
183 + $stmt->execute();
184 + $stmt->close();
185 + $query = "INSERT INTO ports (id, port, pid) VALUES(?, ?, ?)";
186 + $stmt = $db->prepare($query);
187 + $stmt->bind_param("sdd", $buildID, $port, $pid);
188 + $stmt->execute();
189 + $stmt->close();
190 echo "Doing insert!\n";
191 } elseif ($update) {
192 - $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'";
193 - $result = mysql_query($query);
194 + $query = "UPDATE ports SET pid = ? WHERE id = ?";
195 + $stmt = $db->prepare($query);
196 + $stmt->bind_param("ds", $pid, $buildID);
197 + $stmt->execute();
198 + $stmt->close();
199 echo "Doing update\n";
200 }
201
202 + $db->close();
203 $port = $port+1000;
204 return serialize(array(EXTERNAL_HOST, $port));
205 }
206
207 diff --git a/status.php b/status.php
208 index 48f4dff..66d55f8 100644
209 --- a/status.php
210 +++ b/status.php
211 @@ -8,17 +8,21 @@
212 if (!isset($argv[1])) {
213 die("No handle hash given\n");
214 }
215 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
216 - if (!$db) {
217 - die("Could not connect to database ".mysql_error()."\n");
218 +
219 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
220 + MYSQL_PASSWORD, MYSQL_DATABASE);
221 + if (mysqli_connect_errno()) {
222 + die("Could not connect to database ".mysqli_connect_error());
223 }
224 - mysql_select_db(MYSQL_DATABASE);
225 - $query = "SELECT handle FROM builds ".
226 - "WHERE id = '".mysql_real_escape_string($argv[1])."'";
227 - $result = mysql_query($query);
228 - if (mysql_num_rows($result) == 1) {
229 - $handles = mysql_fetch_array($result);
230 - $handle = $handles[0];
231 +
232 + $query = "SELECT handle FROM builds WHERE id = ?";
233 + $stmt = $db->prepare($query);
234 + $stmt->bind_param("s", $argv[1]);
235 + $stmt->execute();
236 + $stmt->store_result();
237 + if ($stmt->num_rows == 1) {
238 + $stmt->bind_result($handle);
239 + $stmt->close();
240 $client = new GearmanClient();
241 $client->addServer();
242
243 @@ -33,11 +37,14 @@
244 }
245 } else {
246 $query = "SELECT returncode, result FROM builds ".
247 - "WHERE id = '".mysql_real_escape_string($argv[1])."'";
248 - $result = mysql_query($query);
249 - $jobres = mysql_fetch_array($result);
250 - if ($jobres[0] !== null) {
251 - echo "Job returned with code ".$jobres[0].": ".$jobres[1]."\n";
252 + "WHERE id = ?";
253 + $stmt = $db->prepare($query);
254 + $stmt->bind_param("s", $argv[1]);
255 + $stmt->execute();
256 + $stmt->bind_result($returncode, $result);
257 + $stmt->fetch();
258 + if ($returncode !== null) {
259 + echo "Job returned with code ".$returncode.": ".$result."\n";
260 } else {
261 echo "Job failed\n";
262 }
263 @@ -45,4 +52,5 @@
264 } else {
265 echo "Invalid handle hash\n";
266 }
267 -
268 +
269 + $db->close();
270 \ No newline at end of file
271
272 diff --git a/web/config.php b/web/config.php
273 index 6d5735c..30d6aa4 100644
274 --- a/web/config.php
275 +++ b/web/config.php
276 @@ -16,6 +16,6 @@
277 define("MYSQL_DATABASE", "gentoaster");
278
279 // Set the RECAPTCHA keys that should be used, if enabled
280 - define("RECAPTCHA_ENABLED", true);
281 + define("RECAPTCHA_ENABLED", false);
282 define("RECAPTCHA_PUBLIC_KEY","REPLACE_ME");
283 define("RECAPTCHA_PRIVATE_KEY", "REPLACE_ME");
284 \ No newline at end of file
285
286 diff --git a/web/process.php b/web/process.php
287 index 43827b9..238e843 100644
288 --- a/web/process.php
289 +++ b/web/process.php
290 @@ -8,27 +8,42 @@
291 if (RECAPTCHA_ENABLED) {
292 require_once "recaptcha.php";
293
294 + $remoteAddress = filter_input(INPUT_SERVER,
295 + "remote_addr",
296 + FILTER_VALIDATE_IP);
297 + $challenge = filter_input(INPUT_POST,
298 + "recaptcha_challenge_field",
299 + FILTER_UNSAFE_RAW);
300 + $response = filter_input(INPUT_POST,
301 + "recaptcha_response_field",
302 + FILTER_UNSAFE_RAW);
303 +
304 $resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY,
305 - $_SERVER["REMOTE_ADDR"],
306 - $_POST["recaptcha_challenge_field"],
307 - $_POST["recaptcha_response_field"]);
308 + $remoteAddress,
309 + $challenge,
310 + $response);
311
312 if (!$resp->is_valid) {
313 die("CAPTCHA was incorrect");
314 }
315 }
316
317 + function sanitize_shellarg($arg) {
318 + return escapeshellarg($arg);
319 + }
320 + define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg"));
321 +
322 $buildID = uniqid();
323 - $bootMegabytes = intval($_POST["boot_size"]);
324 - $swapMegabytes = intval($_POST["swap_size"]);
325 - $rootMegabytes = intval($_POST["root_size"]);
326 - $timezone = escapeshellarg($_POST["timezone"]);
327 - $hostname = escapeshellarg($_POST["hostname"]);
328 - $username = escapeshellarg($_POST["username"]);
329 - $password = escapeshellarg($_POST["password"]);
330 - $rootPassword = escapeshellarg($_POST["rootpassword"]);
331 - $packagesList = escapeshellarg($_POST["packages"]);
332 - $outputFormat = escapeshellarg($_POST["format"]);
333 + $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT);
334 + $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT);
335 + $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT);
336 + $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL);
337 + $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL);
338 + $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL);
339 + $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL);
340 + $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL);
341 + $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL);
342 + $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL);
343
344 $packagesList = str_replace("\r\n", " ", $packagesList);
345 $packagesList = str_replace("\n", " ", $packagesList);
346 @@ -41,7 +56,7 @@ SWAP_MEGABYTES='$swapMegabytes'
347 ROOT_MEGABYTES='$rootMegabytes'
348 TIMEZONE=$timezone
349 HOSTNAME=$hostname
350 -ROOT_PASSWORD=$rootPassword
351 +ROOT_PASSWORD=$rootPass
352 DEFAULT_USERNAME=$username
353 DEFAULT_PASSWORD=$password
354 USE_FLAGS=''
355 @@ -55,13 +70,16 @@ OUTPUT_FORMAT=$outputFormat";
356 $client->addServer();
357 $handle = $client->doBackground("invoke_image_build", $iniString);
358
359 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
360 - if (!$db) {
361 - die("Could not connect to database ".mysql_error());
362 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
363 + MYSQL_PASSWORD, MYSQL_DATABASE);
364 + if (mysqli_connect_errno()) {
365 + die("Could not connect to database ".mysqli_connect_error());
366 }
367 - mysql_select_db(MYSQL_DATABASE);
368 - $query = "INSERT INTO builds (id, handle) ".
369 - "VALUES('".$buildID."','".$handle."')";
370 - mysql_query($query);
371 +
372 + $stmt = $db->prepare("INSERT INTO builds (id, handle) VALUES(?, ?)");
373 + $stmt->bind_param("ss", $buildID, $handle);
374 + $stmt->execute();
375 + $stmt->close();
376 + $db->close();
377
378 header("Location: finished.php?uuid=".$buildID);
379 \ No newline at end of file
380
381 diff --git a/web/status.php b/web/status.php
382 index 86e7e0e..719afe6 100644
383 --- a/web/status.php
384 +++ b/web/status.php
385 @@ -5,22 +5,24 @@
386
387 require_once "config.php";
388
389 - $buildID = $_GET["uuid"];
390 + $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
391 $buildresult = "Unknown!";
392 $inprogress = false;
393 $builddone = false;
394
395 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
396 - if (!$db) {
397 - die("Could not connect to database ".mysql_error()."\n");
398 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
399 + MYSQL_PASSWORD, MYSQL_DATABASE);
400 + if (mysqli_connect_errno()) {
401 + die("Could not connect to database ".mysqli_connect_error());
402 }
403 - mysql_select_db(MYSQL_DATABASE);
404 - $query = "SELECT handle FROM builds ".
405 - "WHERE id = '".mysql_real_escape_string($buildID)."'";
406 - $result = mysql_query($query);
407 - if (mysql_num_rows($result) == 1) {
408 - $handles = mysql_fetch_array($result);
409 - $handle = $handles[0];
410 +
411 + $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
412 + $stmt->bind_param("s", $buildID);
413 + $stmt->execute();
414 + if ($stmt->num_rows == 1) {
415 + $stmt->bind_result($handle);
416 + $stmt->fetch();
417 + $stmt->close();
418 $client = new GearmanClient();
419 $client->addServer();
420
421 @@ -35,13 +37,14 @@
422 $buildresult = "Task has not yet been processed";
423 }
424 } else {
425 - $cleanBuildID = mysql_real_escape_string($buildID);
426 - $query = "SELECT returncode, result FROM builds ".
427 - "WHERE id = '".$cleanBuildID."'";
428 - $result = mysql_query($query);
429 - $jobres = mysql_fetch_array($result);
430 - if ($jobres[0] !== null) {
431 - if ($jobres[0] == 0) {
432 + $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
433 + $stmt->bind_param("s", $buildID);
434 + $stmt->execute();
435 + $stmt->bind_result($returncode, $result);
436 + $stmt->fetch();
437 + $stmt->close();
438 + if ($returncode !== null) {
439 + if ($returncode == 0) {
440 $buildresult = "Your build is complete! ".
441 "What would you like to do now?".
442 "<br /><br /><center>".
443 @@ -56,16 +59,24 @@
444 "</table></center>";
445 $builddone = true;
446 } else {
447 - $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1];
448 + $buildresult = "Job returned with code ".$returncode.": ".$result;
449 }
450 } else {
451 $buildresult = "Job failed";
452 }
453 }
454 } else {
455 + $stmt->close();
456 $buildresult = "Invalid handle hash";
457 }
458
459 + $db->close();
460 +
461 + if (!$builddone) {
462 + $titleString = "How's things?";
463 + } else {
464 + $titleString = "It's showtime!";
465 + }
466 ?>
467 <html>
468 <head>
469 @@ -90,17 +101,7 @@
470 <div id="content">
471 <div id="main">
472 <div id="status" class="step">
473 - <?php
474 - if (!$builddone) {
475 - ?>
476 - <h1>How's things?</h1>
477 - <?php
478 - } else {
479 - ?>
480 - <h1>It's showtime!</h1>
481 - <?php
482 - }
483 - ?>
484 + <h1><?php echo $titleString; ?></h1>
485 <p>
486 <?php echo $buildresult; ?>
487 <div id="progressbar"></div>
488
489 diff --git a/web/testdrive.php b/web/testdrive.php
490 index 066dd4c..8f3c718 100644
491 --- a/web/testdrive.php
492 +++ b/web/testdrive.php
493 @@ -5,19 +5,24 @@
494
495 require_once "config.php";
496
497 - $buildID = $_GET["uuid"];
498 + $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
499 $buildresult = "Unknown!";
500 $inprogress = false;
501
502 - $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
503 - if (!$db) {
504 - die("Could not connect to database ".mysql_error()."\n");
505 + $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
506 + MYSQL_PASSWORD, MYSQL_DATABASE);
507 + if (mysqli_connect_errno()) {
508 + die("Could not connect to database ".mysqli_connect_error());
509 }
510 - mysql_select_db(MYSQL_DATABASE);
511 - $result = mysql_query("SELECT handle FROM builds WHERE id = '".mysql_real_escape_string($buildID)."'");
512 - if (mysql_num_rows($result) == 1) {
513 - $handles = mysql_fetch_array($result);
514 - $handle = $handles[0];
515 +
516 + $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
517 + $stmt->bind_param("s", $buildID);
518 + $stmt->execute();
519 +
520 + if ($stmt->num_rows == 1) {
521 + $stmt->bind_result($handle);
522 + $stmt->fetch();
523 + $stmt->close();
524 $client = new GearmanClient();
525 $client->addServer();
526
527 @@ -25,12 +30,14 @@
528 if ($status[0]) {
529 header("Location: status.php?uuid=".$buildID);
530 } else {
531 - $cleanBuildID = mysql_real_escape_string($buildID);
532 - $query = "SELECT returncode, result FROM builds WHERE id = '".$cleanBuildID."'";
533 - $result = mysql_query();
534 - $jobres = mysql_fetch_array($result);
535 - if ($jobres[0] !== null) {
536 - if ($jobres[0] == 0) {
537 + $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
538 + $stmt->bind_param("s", $buildID);
539 + $stmt->execute();
540 + $stmt->bind_result($returncode, $result);
541 + $stmt->fetch();
542 + $stmt->close();
543 + if ($returncode !== null) {
544 + if ($returncode == 0) {
545 // we're built, let's do this
546 $client = new GearmanClient();
547 $client->addServer();
548 @@ -44,9 +51,11 @@
549 }
550 }
551 } else {
552 + $stmt->close();
553 die("Invalid handle hash");
554 }
555
556 + $db->close();
557 ?>
558 <html>
559 <head>