phplib-commit Mailing List for PHPLIB (Page 6)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-commit — A list for automatically mailed CVS Commits
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(76) |
Sep
(7) |
Oct
(2) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(7) |
Feb
(7) |
Mar
(14) |
Apr
(27) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(1) |
Oct
(9) |
Nov
(4) |
Dec
|
| 2003 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
(7) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
(1) |
Apr
(3) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
(6) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Richard A. <ric...@us...> - 2001-09-01 06:52:33
|
Update of /cvsroot/phplib/php-lib/php/db/mysql
In directory usw-pr-cvs1:/tmp/cvs-serv23642
Modified Files:
db_sql.inc
Log Message:
Fix a few typos
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/mysql/db_sql.inc,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** db_sql.inc 2001/08/27 08:23:53 1.9
--- db_sql.inc 2001/09/01 06:52:30 1.10
***************
*** 21,25 ****
var $Auto_Free = 0; ## Set to 1 to automatically free results
var $Debug = 0; ## Set to 1 for debugging messages
! var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
var $Seq_Table = "db_sequence"; ## Name of the sequence table
var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Table
--- 21,25 ----
var $Auto_Free = 0; ## Set to 1 to automatically free results
var $Debug = 0; ## Set to 1 for debugging messages
! var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore error, but spit a warning)
var $Seq_Table = "db_sequence"; ## Name of the sequence table
var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Table
***************
*** 156,160 ****
/* half assed attempt to save the day,
* but do not consider this documented or even
! * desireable behaviour.
*/
@mysql_data_seek($this->Query_ID, $this->num_rows());
--- 156,160 ----
/* half assed attempt to save the day,
* but do not consider this documented or even
! * desirable behaviour.
*/
@mysql_data_seek($this->Query_ID, $this->num_rows());
***************
*** 201,205 ****
if (!$res) {
$this->halt("unlock() failed.");
- return 0;
}
return $res;
--- 201,204 ----
|
|
From: Richard A. <ric...@us...> - 2001-08-30 13:12:28
|
Update of /cvsroot/phplib/php-lib/pages/form/templates
In directory usw-pr-cvs1:/tmp/cvs-serv14225
Modified Files:
form_main.tpl
Log Message:
Convert DOS line breaks, remove tabs
Index: form_main.tpl
===================================================================
RCS file: /cvsroot/phplib/php-lib/pages/form/templates/form_main.tpl,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** form_main.tpl 2000/04/17 10:42:37 1.1
--- form_main.tpl 2001/08/30 13:12:25 1.2
***************
*** 1,25 ****
! {START_FORM}
! <table width="533" border="0" cellspacing="0" cellpadding="4" bordercolor="Silver" bordercolorlight="White" bordercolordark="White">
! <!-- BEGIN element -->
! <tr{BGCOLOR}>
! <td align="left" valign="top"> {IMG_ERROR}{IMG_OPTIONAL}</td>
! <td width="150" align="LEFT" valign="button">
! <font face="Arial,Helvetica,sans-serif" size="2"><b>{LABEL}</b></font>
! </td>
! <td> </td>
! <td align="LEFT" valign="TOP">
! <font face="Arial,Helvetica,sans-serif" size="2">{ELEMENT}</font>
! <br>
! <font face="Arial,Helvetica,sans-serif" size="1">{HINT}</font>
! <font face="Arial,Helvetica,sans-serif" size="1" color="#993535">{ERROR_MSG}</font>
! </td>
! </tr>
! <!-- END element -->
! <tr{BGCOLOR}>
! <td colspan="2"> </td>
! <td align="RIGHT" valign="TOP" colspan="2">
! <font face="Arial,Helvetica,sans-serif" size="2">{BUTTON_PREV} {BUTTON_RESET} {BUTTON_SUBMIT} {BUTTON_NEXT}</font>
! </td>
! </tr>
! </table>
! {END_FORM}
\ No newline at end of file
--- 1,25 ----
! {START_FORM}
! <table width="533" border="0" cellspacing="0" cellpadding="4" bordercolor="Silver" bordercolorlight="White" bordercolordark="White">
! <!-- BEGIN element -->
! <tr{BGCOLOR}>
! <td align="left" valign="top"> {IMG_ERROR}{IMG_OPTIONAL}</td>
! <td width="150" align="LEFT" valign="button">
! <font face="Arial,Helvetica,sans-serif" size="2"><b>{LABEL}</b></font>
! </td>
! <td> </td>
! <td align="LEFT" valign="TOP">
! <font face="Arial,Helvetica,sans-serif" size="2">{ELEMENT}</font>
! <br>
! <font face="Arial,Helvetica,sans-serif" size="1">{HINT}</font>
! <font face="Arial,Helvetica,sans-serif" size="1" color="#993535">{ERROR_MSG}</font>
! </td>
! </tr>
! <!-- END element -->
! <tr{BGCOLOR}>
! <td colspan="2"> </td>
! <td align="RIGHT" valign="TOP" colspan="2">
! <font face="Arial,Helvetica,sans-serif" size="2">{BUTTON_PREV} {BUTTON_RESET} {BUTTON_SUBMIT} {BUTTON_NEXT}</font>
! </td>
! </tr>
! </table>
! {END_FORM}
|
|
From: Richard A. <ric...@us...> - 2001-08-30 13:09:40
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv13506
Modified Files:
ct_dbm.inc
Log Message:
Convert DOS line breaks, cosmetic changes
Index: ct_dbm.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/ct_dbm.inc,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** ct_dbm.inc 2000/04/13 13:28:44 1.5
--- ct_dbm.inc 2001/08/30 13:09:37 1.6
***************
*** 14,26 ****
##
## Define these parameters by overwriting or by
! ## deriving your own class from it (recommened)
##
var $dbm_file = ""; ## PREEXISTING DBM File
! ## writable by the web server UID
## end of configuration
! var $dbmid; ## our dbm resource handle
function ac_start() {
--- 14,26 ----
##
## Define these parameters by overwriting or by
! ## deriving your own class from it (recommended)
##
var $dbm_file = ""; ## PREEXISTING DBM File
! ## writable by the web server UID
## end of configuration
! var $dbmid; ## our dbm resource handle
function ac_start() {
|
|
From: Richard A. <ric...@us...> - 2001-08-30 13:06:37
|
Update of /cvsroot/phplib/php-lib/stuff In directory usw-pr-cvs1:/tmp/cvs-serv13015 Modified Files: create_database.msaccess95 Log Message: Convert DOS line breaks Index: create_database.msaccess95 =================================================================== RCS file: /cvsroot/phplib/php-lib/stuff/create_database.msaccess95,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** create_database.msaccess95 1999/11/12 07:11:25 1.9 --- create_database.msaccess95 2001/08/30 13:06:33 1.10 *************** *** 1,137 **** ! ' ============================================================ ! ' Nom de la base : myapp ! ' Nom de SGBD : Microsoft Access 95 ! ' Date de création : 9/24/98 10:48 AM ! ' ============================================================ ! ' $Id$ ! ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS ! Name = active_sessions ! Begin Column P_SID ! Name = p_sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column P_NAME ! Name = p_name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column P_VALPOS ! Name = p_valenc ! DataType = Text(6) ! Length = 6 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column P_VALENC ! Name = p_valenc ! DataType = Text(16) ! Length = 16 ! Mandatory = YES ! OrdinalNumber = 4 ! End Column ! Begin Column P_VAL ! Name = p_val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 5 ! End Column ! Begin Column P_CHANGED ! Name = p_changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 6 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_PK ! Table = ACTIVE_SESSIONS ! Primary = primarykey ! ! Field = P_NAME ! Field = P_SID ! Field = P_VALPOS ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS ! ! Field = P_CHANGED ! End Index ! ! ' ============================================================ ! ' Table : AUTH_USER ! ' ============================================================ ! Begin Table AUTH_USER ! Name = auth_user ! Begin Column P_USER_ID ! Name = p_user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column P_USERNAME ! Name = p_username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column P_PWENC ! Name = p_pwenc ! DataType = Text(16) ! Length = 16 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column P_PASSWORD ! Name = p_password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 4 ! End Column ! Begin Column P_PERMS ! Name = p_perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : AUTH_USER_PK ! ' ============================================================ ! Begin Index AUTH_USER_PK ! Table = AUTH_USER ! Primary = primarykey ! ! Field = P_USER_ID ! End Index ! ! ' ============================================================ ! ' Index : K_USERNAME ! ' ============================================================ ! Begin Index K_USERNAME ! Table = AUTH_USER ! ! Field = P_USERNAME ! End Index ! --- 1,137 ---- ! ' ============================================================ ! ' Nom de la base : myapp ! ' Nom de SGBD : Microsoft Access 95 ! ' Date de creation : 9/24/98 10:48 AM ! ' ============================================================ ! ' $Id$ ! ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS ! Name = active_sessions ! Begin Column P_SID ! Name = p_sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column P_NAME ! Name = p_name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column P_VALPOS ! Name = p_valenc ! DataType = Text(6) ! Length = 6 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column P_VALENC ! Name = p_valenc ! DataType = Text(16) ! Length = 16 ! Mandatory = YES ! OrdinalNumber = 4 ! End Column ! Begin Column P_VAL ! Name = p_val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 5 ! End Column ! Begin Column P_CHANGED ! Name = p_changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 6 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_PK ! Table = ACTIVE_SESSIONS ! Primary = primarykey ! ! Field = P_NAME ! Field = P_SID ! Field = P_VALPOS ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS ! ! Field = P_CHANGED ! End Index ! ! ' ============================================================ ! ' Table : AUTH_USER ! ' ============================================================ ! Begin Table AUTH_USER ! Name = auth_user ! Begin Column P_USER_ID ! Name = p_user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column P_USERNAME ! Name = p_username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column P_PWENC ! Name = p_pwenc ! DataType = Text(16) ! Length = 16 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column P_PASSWORD ! Name = p_password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 4 ! End Column ! Begin Column P_PERMS ! Name = p_perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : AUTH_USER_PK ! ' ============================================================ ! Begin Index AUTH_USER_PK ! Table = AUTH_USER ! Primary = primarykey ! ! Field = P_USER_ID ! End Index ! ! ' ============================================================ ! ' Index : K_USERNAME ! ' ============================================================ ! Begin Index K_USERNAME ! Table = AUTH_USER ! ! Field = P_USERNAME ! End Index ! |
|
From: Richard A. <ric...@us...> - 2001-08-30 13:04:30
|
Update of /cvsroot/phplib/php-lib-stable/stuff In directory usw-pr-cvs1:/tmp/cvs-serv11873 Modified Files: create_database.msaccess95 Log Message: Convert DOS line breaks, remove tabs Index: create_database.msaccess95 =================================================================== RCS file: /cvsroot/phplib/php-lib-stable/stuff/create_database.msaccess95,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** create_database.msaccess95 2000/04/17 16:40:17 1.1.1.1 --- create_database.msaccess95 2001/08/30 13:04:27 1.2 *************** *** 1,211 **** ! ' ============================================================ ! ' Nom de la base : myapp ! ' Nom de SGBD : Microsoft Access 95 ! ' Date de création : 9/24/98 10:48 AM ! ' ============================================================ ! ' $Id$ ! ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS ! Name = active_sessions ! Begin Column SID ! Name = sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column NAME ! Name = name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column VAL ! Name = val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 3 ! End Column ! Begin Column CHANGED ! Name = changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_PK ! Table = ACTIVE_SESSIONS ! Primary = primarykey ! ! Field = SID ! Field = NAME ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS ! ! Field = CHANGED ! End Index ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS_SPLIT ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS_SPLIT ! Name = active_sessions ! Begin Column CT_SID ! Name = ct_sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column CT_NAME ! Name = ct_name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column CT_POS ! Name = ct_pos ! DataType = Text(6) ! Length = 6 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column CT_VAL ! Name = ct_val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 4 ! End Column ! Begin Column CT_CHANGED ! Name = ct_changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_SPLIT_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_SPLIT_PK ! Table = ACTIVE_SESSIONS_SPLIT ! Primary = primarykey ! ! Field = CT_SID ! Field = CT_NAME ! Field = CT_POS ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS_SPLIT ! ! Field = CT_CHANGED ! End Index ! ! ' ============================================================ ! ' Table : AUTH_USER ! ' ============================================================ ! Begin Table AUTH_USER ! Name = auth_user ! Begin Column USER_ID ! Name = user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column USERNAME ! Name = username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column PASSWORD ! Name = password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column PERMS ! Name = perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 4 ! End Column ! End Table ! ! ' ============================================================ ! ' Table : AUTH_USER_MD5 ! ' ============================================================ ! Begin Table AUTH_USER_MD5 ! Name = auth_user_md5 ! Begin Column USER_ID ! Name = user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column USERNAME ! Name = username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column PASSWORD ! Name = password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column PERMS ! Name = perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 4 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : AUTH_USER_PK ! ' ============================================================ ! Begin Index AUTH_USER_PK ! Table = AUTH_USER ! Primary = primarykey ! ! Field = USER_ID ! End Index ! ! ' ============================================================ ! ' Index : K_USERNAME ! ' ============================================================ ! Begin Index K_USERNAME ! Table = AUTH_USER ! ! Field = USERNAME ! End Index ! --- 1,211 ---- ! ' ============================================================ ! ' Nom de la base : myapp ! ' Nom de SGBD : Microsoft Access 95 ! ' Date de creation : 9/24/98 10:48 AM ! ' ============================================================ ! ' $Id$ ! ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS ! Name = active_sessions ! Begin Column SID ! Name = sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column NAME ! Name = name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column VAL ! Name = val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 3 ! End Column ! Begin Column CHANGED ! Name = changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_PK ! Table = ACTIVE_SESSIONS ! Primary = primarykey ! ! Field = SID ! Field = NAME ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS ! ! Field = CHANGED ! End Index ! ! ' ============================================================ ! ' Table : ACTIVE_SESSIONS_SPLIT ! ' ============================================================ ! Begin Table ACTIVE_SESSIONS_SPLIT ! Name = active_sessions ! Begin Column CT_SID ! Name = ct_sid ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column CT_NAME ! Name = ct_name ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column CT_POS ! Name = ct_pos ! DataType = Text(6) ! Length = 6 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column CT_VAL ! Name = ct_val ! DataType = Memo ! Length = 4096 ! OrdinalNumber = 4 ! End Column ! Begin Column CT_CHANGED ! Name = ct_changed ! DataType = Text(14) ! Length = 14 ! Mandatory = YES ! OrdinalNumber = 5 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : ACTIVE_SESSIONS_SPLIT_PK ! ' ============================================================ ! Begin Index ACTIVE_SESSIONS_SPLIT_PK ! Table = ACTIVE_SESSIONS_SPLIT ! Primary = primarykey ! ! Field = CT_SID ! Field = CT_NAME ! Field = CT_POS ! End Index ! ! ' ============================================================ ! ' Index : CHANGED ! ' ============================================================ ! Begin Index CHANGED ! Table = ACTIVE_SESSIONS_SPLIT ! ! Field = CT_CHANGED ! End Index ! ! ' ============================================================ ! ' Table : AUTH_USER ! ' ============================================================ ! Begin Table AUTH_USER ! Name = auth_user ! Begin Column USER_ID ! Name = user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column USERNAME ! Name = username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column PASSWORD ! Name = password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column PERMS ! Name = perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 4 ! End Column ! End Table ! ! ' ============================================================ ! ' Table : AUTH_USER_MD5 ! ' ============================================================ ! Begin Table AUTH_USER_MD5 ! Name = auth_user_md5 ! Begin Column USER_ID ! Name = user_id ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 1 ! End Column ! Begin Column USERNAME ! Name = username ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 2 ! End Column ! Begin Column PASSWORD ! Name = password ! DataType = Text(32) ! Length = 32 ! Mandatory = YES ! OrdinalNumber = 3 ! End Column ! Begin Column PERMS ! Name = perms ! DataType = Text(255) ! Length = 255 ! OrdinalNumber = 4 ! End Column ! End Table ! ! ' ============================================================ ! ' Index : AUTH_USER_PK ! ' ============================================================ ! Begin Index AUTH_USER_PK ! Table = AUTH_USER ! Primary = primarykey ! ! Field = USER_ID ! End Index ! ! ' ============================================================ ! ' Index : K_USERNAME ! ' ============================================================ ! Begin Index K_USERNAME ! Table = AUTH_USER ! ! Field = USERNAME ! End Index ! |
|
From: Richard A. <ric...@us...> - 2001-08-30 13:02:03
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv12456
Modified Files:
ct_dbm.inc
Log Message:
Convert DOS line breaks, remove tabs
Index: ct_dbm.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/ct_dbm.inc,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** ct_dbm.inc 2000/07/12 18:22:33 1.2
--- ct_dbm.inc 2001/08/30 13:01:59 1.3
***************
*** 1,74 ****
! <?php
!
! ##
! ## Copyright (c) 1999-2000 Daniel Lashua <dan...@gt...>
! ##
! ## $Id$
! ##
! ## PHPLIB Data Storage Container using DBM Files
! ##
! ## Code inspired by ct_shm.inc v 1.1
!
! class CT_DBM {
! ##
! ## Define these parameters by overwriting or by
! ## deriving your own class from it (recommened)
! ##
!
! var $dbm_file = ""; ## PREEXISTING DBM File
! ## writable by the web server UID
!
! ## end of configuration
!
! var $dbmid; ## our dbm resource handle
!
! function ac_start() {
! # Open DBM file for write access
! $this->dbmid = dbmopen($this->dbm_file, "w");
! }
!
! function ac_get_lock() {
! # Not needed in this instance
! }
!
! function ac_release_lock() {
! # Not needed in this instance
! }
!
! function ac_newid($str, $name) {
! return $str;
! }
!
! function ac_store($id, $name, $str) {
! dbmreplace($this->dbmid, "$id$name", urlencode($str).";".time());
! return true;
! }
!
! function ac_delete($id, $name) {
! dbmdelete($this->dbmid, "$id$name");
! }
!
! function ac_gc($gc_time, $name) {
! $cmp = time() - $gc_time * 60;
! $i = dbmfirstkey($this->dbmid);
! while ($i) {
! $val = @dbmfetch($this->dbmid, $i);
! $dat = explode(";", $val);
! if(strcmp($dat[1], $cmp) < 0) {
! dbmdelete($this->dbmid, $i);
! }
! $i = dbmnextkey($this->dbmid,$i);
! }
! }
!
! function ac_halt($s) {
! echo "<b>$s</b>";
! exit;
! }
!
! function ac_get_value($id, $name) {
! $dat = explode(";", dbmfetch($this->dbmid, "$id$name"));
! return urldecode($dat[0]);
! }
! }
! ?>
--- 1,73 ----
! <?php
! ##
! ## Copyright (c) 1999-2000 Daniel Lashua <dan...@gt...>
! ##
! ## $Id$
! ##
! ## PHPLIB Data Storage Container using DBM Files
! ##
! ## Code inspired by ct_shm.inc v 1.1
!
! class CT_DBM {
! ##
! ## Define these parameters by overwriting or by
! ## deriving your own class from it (recommended)
! ##
!
! var $dbm_file = ""; ## PREEXISTING DBM File
! ## writable by the web server UID
!
! ## end of configuration
!
! var $dbmid; ## our dbm resource handle
!
! function ac_start() {
! # Open DBM file for write access
! $this->dbmid = dbmopen($this->dbm_file, "w");
! }
!
! function ac_get_lock() {
! # Not needed in this instance
! }
!
! function ac_release_lock() {
! # Not needed in this instance
! }
!
! function ac_newid($str, $name) {
! return $str;
! }
!
! function ac_store($id, $name, $str) {
! dbmreplace($this->dbmid, "$id$name", urlencode($str).";".time());
! return true;
! }
!
! function ac_delete($id, $name) {
! dbmdelete($this->dbmid, "$id$name");
! }
!
! function ac_gc($gc_time, $name) {
! $cmp = time() - $gc_time * 60;
! $i = dbmfirstkey($this->dbmid);
! while ($i) {
! $val = @dbmfetch($this->dbmid, $i);
! $dat = explode(";", $val);
! if(strcmp($dat[1], $cmp) < 0) {
! dbmdelete($this->dbmid, $i);
! }
! $i = dbmnextkey($this->dbmid,$i);
! }
! }
!
! function ac_halt($s) {
! echo "<b>$s</b>";
! exit;
! }
!
! function ac_get_value($id, $name) {
! $dat = explode(";", dbmfetch($this->dbmid, "$id$name"));
! return urldecode($dat[0]);
! }
! }
! ?>
|
|
From: Richard A. <ric...@us...> - 2001-08-29 21:03:29
|
Update of /cvsroot/phplib/php-lib-stable
In directory usw-pr-cvs1:/tmp/cvs-serv12171
Modified Files:
CHANGES
Log Message:
added credit for bug discovery
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/CHANGES,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** CHANGES 2000/12/13 17:46:50 1.8
--- CHANGES 2001/08/29 21:03:27 1.9
***************
*** 1,4 ****
--- 1,9 ----
$Id$
+ 29 Aug 2001 richardarcher
+ - Fixed possible cross-site scripting attack by making sess->url()
+ return a urlencoded string (reported by Daniel Naber
+ <dan...@t-...>)
+
13 Dec 2000 negro
- Added $this->Debug functionality to db_pgsl.inc for consistency
|
|
From: Richard A. <ric...@us...> - 2001-08-29 21:02:45
|
Update of /cvsroot/phplib/php-lib
In directory usw-pr-cvs1:/tmp/cvs-serv5411
Modified Files:
CHANGES
Log Message:
added credit for bug discovery
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib/CHANGES,v
retrieving revision 1.187
retrieving revision 1.188
diff -C2 -d -r1.187 -r1.188
*** CHANGES 2001/01/05 09:30:21 1.187
--- CHANGES 2001/08/29 21:02:42 1.188
***************
*** 1,4 ****
--- 1,9 ----
$Id$
+ 29-Aug-2001 richardarcher
+ - Fixed possible cross-site scripting attack by making sess->url()
+ return a urlencoded string (reported by Daniel Naber
+ <dan...@t-...>)
+
05-Jan-2001 max
- Added user4.inc with User class that works with session4* session implementations.
|
|
From: Richard A. <ric...@us...> - 2001-08-29 12:36:45
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv4497/php
Modified Files:
crcloginform.ihtml crloginform.ihtml local.inc
Log Message:
Sync with -stable:
Changes to new_user_md5.php3 to increase reliability:
- added debug output and a plain text warning
- check whether a new password was entered - if not, leave old password alone
- rewrite the Javascript to fix Mozilla and IE5 problems
- remove the deprecated if: ... else: coding style
Check to see if db query returned any results in local.inc
Modify Javascript in cr*loginform.ihtml to fix IE5 problem
Index: crcloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crcloginform.ihtml,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** crcloginform.ihtml 2001/08/29 07:26:44 1.6
--- crcloginform.ihtml 2001/08/29 12:36:42 1.7
***************
*** 21,29 ****
a password type input tag. <an...@ro...>
-->
-
<html>
<head>
! <title>Test for login</title>
<style type="text/css">
<!--
--- 21,29 ----
a password type input tag. <an...@ro...>
+ $Id$
-->
<html>
<head>
! <title>Test for Login</title>
<style type="text/css">
<!--
***************
*** 32,38 ****
-->
</style>
! <script language="javascript" src="md5.js"></script>
<script language="javascript">
-
<!--
function doChallengeResponse() {
--- 32,37 ----
-->
</style>
! <script language="javascript" src="../md5.js"></script>
<script language="javascript">
<!--
function doChallengeResponse() {
***************
*** 40,62 ****
MD5(document.login.password.value) + ":" +
document.login.challenge.value;
! document.logintrue.username.value = document.login.username.value;
! document.logintrue.response.value = MD5(str);
! document.logintrue.submit();
}
// -->
-
</script>
</head>
<body bgcolor="#ffffff">
! <DIV ALIGN="center">
! Welcome!<BR>
Please identify yourself with a username and a password:<br>
- </DIV>
! <form name="login" action="<?php print $this->url() ?>" method=post>
! <table border=2 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
<td>Username:</td>
--- 39,62 ----
MD5(document.login.password.value) + ":" +
document.login.challenge.value;
! document.login.response.value = MD5(str);
! document.login.password.value = "";
! document.logintrue.username.value = document.login.username.value;
! document.logintrue.response.value = MD5(str);
! document.logintrue.submit();
! return false;
}
// -->
</script>
</head>
<body bgcolor="#ffffff">
! <h1>Test for Login</h1>
! Welcome!
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post onSubmit="doChallengeResponse()">
! <table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
<td>Username:</td>
***************
*** 66,90 ****
<tr valign=top align=left>
<td>Password:</td>
! <td><input type="password" name="password" size=32 maxlength=32 value=""></td>
</tr>
<tr>
! <td colspan=2 align=center><A HREF="javascript:doChallengeResponse();">login</A></td>
</tr>
</table>
! <?php global $username; if ( isset($username) ): ?>
<!-- failed login code -->
! <DIV ALIGN="CENTER">
<table>
<tr>
! <td colspan=2 align=center><font color=red><b>Either your username or your password
are invalid.<br>
Please try again!</b></font></td>
</tr>
</table>
! </DIV>
! <?php endif ?>
</table>
--- 66,96 ----
<tr valign=top align=left>
<td>Password:</td>
! <td><input type="password" name="password" size=32 maxlength=32></td>
</tr>
<tr>
! <td> </td>
! <td align=right><input type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php
! global $username;
! if ( isset($username) ) {
! ?>
<!-- failed login code -->
! <p>
<table>
<tr>
! <td colspan=2><font color=red><b>Either your username or your password
are invalid.<br>
Please try again!</b></font></td>
</tr>
</table>
!
! <?php
! }
! ?>
</table>
Index: crloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crloginform.ihtml,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** crloginform.ihtml 2001/08/29 07:26:44 1.5
--- crloginform.ihtml 2001/08/29 12:36:42 1.6
***************
*** 15,18 ****
--- 15,22 ----
authenticated, but the password is visible on the network.
+ Changed the way of submitting the challenge:response with a 2nd login form.
+ This fixes the problems some browsers have with overwriting the content of
+ a password type input tag. <an...@ro...>
+
$Id$
-->
***************
*** 26,30 ****
-->
</style>
! <script language="javascript" src="/md5.js"></script>
<script language="javascript">
<!--
--- 30,34 ----
-->
</style>
! <script language="javascript" src="../md5.js"></script>
<script language="javascript">
<!--
***************
*** 33,40 ****
document.login.password.value + ":" +
document.login.challenge.value;
-
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.login.submit();
}
// -->
--- 37,46 ----
document.login.password.value + ":" +
document.login.challenge.value;
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.logintrue.username.value = document.login.username.value;
! document.logintrue.response.value = MD5(str);
! document.logintrue.submit();
! return false;
}
// -->
***************
*** 49,53 ****
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post>
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
--- 55,59 ----
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post onSubmit="doChallengeResponse()">
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
***************
*** 63,71 ****
<tr>
<td> </td>
! <td align=right><input onClick="doChallengeResponse(); return false;" type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php if ($this->auth["error"]): ?>
<!-- failed login code -->
--- 69,79 ----
<tr>
<td> </td>
! <td align=right><input type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php
! if ($this->auth["error"]) {
! ?>
<!-- failed login code -->
***************
*** 77,88 ****
</table>
! <?php
! $this->auth["error"] = "";
! endif;
! ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
--- 85,102 ----
</table>
! <?php
! $this->auth["error"] = "";
! }
! ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
+ <input type="hidden" name="challenge" value="<?php print $challenge ?>">
+ <input type="hidden" name="response" value="">
+ </form>
+
+ <form name="logintrue" action="<?php print $this->url() ?>" method=post>
+ <input type="hidden" name="username" value="">
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local.inc,v
retrieving revision 1.34
retrieving revision 1.35
diff -C2 -d -r1.34 -r1.35
*** local.inc 2001/08/21 12:56:02 1.34
--- local.inc 2001/08/29 12:36:42 1.35
***************
*** 143,146 ****
--- 143,150 ----
addslashes($username)));
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
+
while($this->db->next_record()) {
$uid = $this->db->f("p_user_id");
***************
*** 232,235 ****
--- 236,243 ----
$this->database_table,
addslashes($username)));
+
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
while($this->db->next_record()) {
|
|
From: Richard A. <ric...@us...> - 2001-08-29 12:36:45
|
Update of /cvsroot/phplib/php-lib/pages/admin
In directory usw-pr-cvs1:/tmp/cvs-serv4497/pages/admin
Modified Files:
new_user_md5.php3
Log Message:
Sync with -stable:
Changes to new_user_md5.php3 to increase reliability:
- added debug output and a plain text warning
- check whether a new password was entered - if not, leave old password alone
- rewrite the Javascript to fix Mozilla and IE5 problems
- remove the deprecated if: ... else: coding style
Check to see if db query returned any results in local.inc
Modify Javascript in cr*loginform.ihtml to fix IE5 problem
Index: new_user_md5.php3
===================================================================
RCS file: /cvsroot/phplib/php-lib/pages/admin/new_user_md5.php3,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** new_user_md5.php3 2001/08/15 08:23:04 1.7
--- new_user_md5.php3 2001/08/29 12:36:42 1.8
***************
*** 109,112 ****
--- 109,126 ----
###
+ ## Some debug output - can be useful to see what's going on
+ #$debug_output = "<br>\n";
+ #reset($HTTP_POST_VARS);
+ #while(list($var,$value)=each($HTTP_POST_VARS)) {
+ # $debug_output .= "$var: $value<br>\n";
+ #}
+ #reset($HTTP_POST_VARS);
+ #my_msg($debug_output);
+
+ # Notify the user if a plain text password is received
+ if(!empty($password)) {
+ my_error("<b>Warning:</b> plain text password received. Is Javascript enabled?");
+ }
+
## Get a database connection
$db = new DB_Example;
***************
*** 123,126 ****
--- 137,147 ----
}
+ ## Find out if a new password was entered
+ if ($password == md5("*******")) {
+ $new_password = false;
+ } else {
+ $new_password = true;
+ }
+
## $perms array will be unset if a user has had all perms removed.
## If so, set $perms to an empty array to prevent errors from implode.
***************
*** 180,183 ****
--- 201,208 ----
## Handle users changing their own password...
if (!$perm->have_perm("admin")) {
+ if (!$new_password) {
+ my_error("Please fill out a new <b>Password</b> ");
+ break;
+ }
$query = "update auth_user_md5 set p_password='$password' where p_user_id='$u_id'";
$db->query($query);
***************
*** 199,203 ****
## Update user information.
$permlist = addslashes(implode($perms,","));
! $query = "update auth_user_md5 set p_username='$username', p_password='$password', p_perms='$permlist' where p_user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
--- 224,233 ----
## Update user information.
$permlist = addslashes(implode($perms,","));
! if (!$new_password) {
! $password_query = "";
! } else {
! $password_query = "p_password='$password',";
! }
! $query = "update auth_user_md5 set p_username='$username', $password_query p_perms='$permlist' where p_user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
***************
*** 237,240 ****
--- 267,280 ----
?>
+ <script language="javascript">
+ <!--
+ function doHashPass(theForm) {
+ theForm.hashpass.value = MD5(theForm.password.value);
+ theForm.password.value = "";
+ return true;
+ }
+ // -->
+ </script>
+
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=2 cellpadding=4 width=540>
<tr valign=top align=left>
***************
*** 246,299 ****
<?php
! if ($perm->have_perm("admin")):
?>
<!-- create a new user -->
! <script language="javascript">
! <!--
! function doAddUser() {
! document.add.hashpass.value = MD5(document.add.password.value);
! document.add.password.value = "";
! document.add.submit();
! }
! // -->
! </script>
! <form name="add" method="post" action="<?php $sess->pself_url() ?>">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input onClick="doAddUser(); return true;" type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
- endif;
- ?>
-
- <script language="javascript">
- <!--
- function doEditUser() {
- document.edit.hashpass.value = MD5(document.edit.password.value);
- document.edit.password.value = "";
- document.edit.submit();
- }
- // -->
- </script>
-
- <?
## Traverse the result set
$db->query("select * from auth_user_md5 order by p_username");
! while ($db->next_record()):
?>
<!-- existing user -->
! <form name="edit" method="post" action="<?php $sess->pself_url() ?>">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")):
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 286,317 ----
<?php
! if ($perm->have_perm("admin")) {
?>
<!-- create a new user -->
! <form name="add" method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
+ } // end if admin
## Traverse the result set
$db->query("select * from auth_user_md5 order by p_username");
! while ($db->next_record()) {
?>
<!-- existing user -->
! <form method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")) {
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 303,311 ****
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
<?php
! elseif ($auth->auth["uname"] == $db->f("username")):
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 321,329 ----
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input type="submit" name="u_edit" value="Change">
</td>
<?php
! } elseif ($auth->auth["uname"] == $db->f("username")) {
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 313,319 ****
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
! <?php else: ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
--- 331,339 ----
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input type="submit" name="u_edit" value="Change">
</td>
! <?php
! } else {
! ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
***************
*** 321,330 ****
<td align=right> </td>
<?php
! endif;
! ?>
</tr>
</form>
<?php
! endwhile;
?>
</table>
--- 341,350 ----
<td align=right> </td>
<?php
! }
! ?>
</tr>
</form>
<?php
! } // while next record
?>
</table>
|
|
From: Richard A. <ric...@us...> - 2001-08-29 12:34:51
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv32608/php
Modified Files:
crcloginform.ihtml crloginform.ihtml local.inc
Log Message:
Changes to new_user_md5.php3 to increase reliability:
- added debug output and a plain text warning
- check whether a new password was entered - if not, leave old password alone
- rewrite the Javascript to fix Mozilla and IE5 problems
- remove the deprecated if: ... else: coding style
Fixed a missing global declaration in local.inc
Check to see if db query returned any results in local.inc
Modify Javascript in cr*loginform.ihtml to fix IE5 problem
Index: crcloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/crcloginform.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** crcloginform.ihtml 2001/08/29 07:30:21 1.2
--- crcloginform.ihtml 2001/08/29 12:34:47 1.3
***************
*** 17,20 ****
--- 17,25 ----
Modified for hashed password storage by Jim Zajkowski <ji...@ji...>
+ Changed the way of submitting the challenge:response with a 2nd login form.
+ This fixes the problems some browsers have with overwriting the content of
+ a password type input tag. <an...@ro...>
+
+ $Id$
-->
<html>
***************
*** 27,31 ****
-->
</style>
! <script language="javascript" src="/session/md5.js"></script>
<script language="javascript">
<!--
--- 32,36 ----
-->
</style>
! <script language="javascript" src="../md5.js"></script>
<script language="javascript">
<!--
***************
*** 34,41 ****
MD5(document.login.password.value) + ":" +
document.login.challenge.value;
-
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.login.submit();
}
// -->
--- 39,48 ----
MD5(document.login.password.value) + ":" +
document.login.challenge.value;
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.logintrue.username.value = document.login.username.value;
! document.logintrue.response.value = MD5(str);
! document.logintrue.submit();
! return false;
}
// -->
***************
*** 50,54 ****
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post>
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
--- 57,61 ----
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post onSubmit="doChallengeResponse()">
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
***************
*** 64,72 ****
<tr>
<td> </td>
! <td align=right><input onClick="doChallengeResponse(); return false;" type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php global $username; if ( isset($username) ): ?>
<!-- failed login code -->
--- 71,82 ----
<tr>
<td> </td>
! <td align=right><input type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php
! global $username;
! if ( isset($username) ) {
! ?>
<!-- failed login code -->
***************
*** 80,88 ****
</table>
! <?php endif ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
--- 90,106 ----
</table>
! <?php
! }
! ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
+ <input type="hidden" name="challenge" value="<?php print $challenge ?>">
+ <input type="hidden" name="response" value="">
+ </form>
+
+ <form name="logintrue" action="<?php print $this->url() ?>" method=post>
+ <input type="hidden" name="username" value="">
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
Index: crloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/crloginform.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** crloginform.ihtml 2001/08/29 07:30:21 1.2
--- crloginform.ihtml 2001/08/29 12:34:47 1.3
***************
*** 15,18 ****
--- 15,22 ----
authenticated, but the password is visible on the network.
+ Changed the way of submitting the challenge:response with a 2nd login form.
+ This fixes the problems some browsers have with overwriting the content of
+ a password type input tag. <an...@ro...>
+
$Id$
-->
***************
*** 26,30 ****
-->
</style>
! <script language="javascript" src="/session/md5.js"></script>
<script language="javascript">
<!--
--- 30,34 ----
-->
</style>
! <script language="javascript" src="../md5.js"></script>
<script language="javascript">
<!--
***************
*** 33,40 ****
document.login.password.value + ":" +
document.login.challenge.value;
-
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.login.submit();
}
// -->
--- 37,46 ----
document.login.password.value + ":" +
document.login.challenge.value;
document.login.response.value = MD5(str);
document.login.password.value = "";
! document.logintrue.username.value = document.login.username.value;
! document.logintrue.response.value = MD5(str);
! document.logintrue.submit();
! return false;
}
// -->
***************
*** 49,53 ****
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post>
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
--- 55,59 ----
Please identify yourself with a username and a password:<br>
! <form name="login" action="<?php print $this->url() ?>" method=post onSubmit="doChallengeResponse()">
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
<tr valign=top align=left>
***************
*** 63,71 ****
<tr>
<td> </td>
! <td align=right><input onClick="doChallengeResponse(); return false;" type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php global $username; if ( isset($username) ): ?>
<!-- failed login code -->
--- 69,80 ----
<tr>
<td> </td>
! <td align=right><input type="submit" name="submitbtn" value="Login now"></td>
</tr>
</table>
! <?php
! global $username;
! if ( isset($username) ) {
! ?>
<!-- failed login code -->
***************
*** 79,87 ****
</table>
! <?php endif ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
--- 88,104 ----
</table>
! <?php
! }
! ?>
</table>
<!-- Set up the form with the challenge value and an empty reply value -->
+ <input type="hidden" name="challenge" value="<?php print $challenge ?>">
+ <input type="hidden" name="response" value="">
+ </form>
+
+ <form name="logintrue" action="<?php print $this->url() ?>" method=post>
+ <input type="hidden" name="username" value="">
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response" value="">
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/local.inc,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** local.inc 2001/08/21 12:58:45 1.7
--- local.inc 2001/08/29 12:34:47 1.8
***************
*** 171,174 ****
--- 171,178 ----
addslashes($username)));
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
+
while($this->db->next_record()) {
$uid = $this->db->f("user_id");
***************
*** 219,222 ****
--- 223,227 ----
global $sess;
global $challenge;
+ global $_PHPLIB;
$challenge = md5(uniqid($this->magic));
***************
*** 235,238 ****
--- 240,247 ----
$this->database_table,
addslashes($username)));
+
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
while($this->db->next_record()) {
|
|
From: Richard A. <ric...@us...> - 2001-08-29 12:34:51
|
Update of /cvsroot/phplib/php-lib-stable/pages/admin
In directory usw-pr-cvs1:/tmp/cvs-serv32608/pages/admin
Modified Files:
new_user_md5.php3
Log Message:
Changes to new_user_md5.php3 to increase reliability:
- added debug output and a plain text warning
- check whether a new password was entered - if not, leave old password alone
- rewrite the Javascript to fix Mozilla and IE5 problems
- remove the deprecated if: ... else: coding style
Fixed a missing global declaration in local.inc
Check to see if db query returned any results in local.inc
Modify Javascript in cr*loginform.ihtml to fix IE5 problem
Index: new_user_md5.php3
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/pages/admin/new_user_md5.php3,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** new_user_md5.php3 2001/08/15 08:34:43 1.2
--- new_user_md5.php3 2001/08/29 12:34:47 1.3
***************
*** 109,112 ****
--- 109,126 ----
###
+ ## Some debug output - can be useful to see what's going on
+ #$debug_output = "<br>\n";
+ #reset($HTTP_POST_VARS);
+ #while(list($var,$value)=each($HTTP_POST_VARS)) {
+ # $debug_output .= "$var: $value<br>\n";
+ #}
+ #reset($HTTP_POST_VARS);
+ #my_msg($debug_output);
+
+ # Notify the user if a plain text password is received
+ if(!empty($password)) {
+ my_error("<b>Warning:</b> plain text password received. Is Javascript enabled?");
+ }
+
## Get a database connection
$db = new DB_Example;
***************
*** 123,126 ****
--- 137,147 ----
}
+ ## Find out if a new password was entered
+ if ($password == md5("*******")) {
+ $new_password = false;
+ } else {
+ $new_password = true;
+ }
+
## $perms array will be unset if a user has had all perms removed.
## If so, set $perms to an empty array to prevent errors from implode.
***************
*** 180,183 ****
--- 201,208 ----
## Handle users changing their own password...
if (!$perm->have_perm("admin")) {
+ if (!$new_password) {
+ my_error("Please fill out a new <b>Password</b> ");
+ break;
+ }
$query = "update auth_user_md5 set password='$password' where user_id='$u_id'";
$db->query($query);
***************
*** 199,203 ****
## Update user information.
$permlist = addslashes(implode($perms,","));
! $query = "update auth_user_md5 set username='$username', password='$password', perms='$permlist' where user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
--- 224,233 ----
## Update user information.
$permlist = addslashes(implode($perms,","));
! if (!$new_password) {
! $password_query = "";
! } else {
! $password_query = "password='$password',";
! }
! $query = "update auth_user_md5 set username='$username', $password_query perms='$permlist' where user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
***************
*** 237,240 ****
--- 267,280 ----
?>
+ <script language="javascript">
+ <!--
+ function doHashPass(theForm) {
+ theForm.hashpass.value = MD5(theForm.password.value);
+ theForm.password.value = "";
+ return true;
+ }
+ // -->
+ </script>
+
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=2 cellpadding=4 width=540>
<tr valign=top align=left>
***************
*** 246,299 ****
<?php
! if ($perm->have_perm("admin")):
?>
<!-- create a new user -->
! <script language="javascript">
! <!--
! function doAddUser() {
! document.add.hashpass.value = MD5(document.add.password.value);
! document.add.password.value = "";
! document.add.submit();
! }
! // -->
! </script>
! <form name="add" method="post" action="<?php $sess->pself_url() ?>">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input onClick="doAddUser(); return true;" type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
- endif;
- ?>
-
- <script language="javascript">
- <!--
- function doEditUser() {
- document.edit.hashpass.value = MD5(document.edit.password.value);
- document.edit.password.value = "";
- document.edit.submit();
- }
- // -->
- </script>
-
- <?
## Traverse the result set
$db->query("select * from auth_user_md5 order by username");
! while ($db->next_record()):
?>
<!-- existing user -->
! <form name="edit" method="post" action="<?php $sess->pself_url() ?>">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")):
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 286,317 ----
<?php
! if ($perm->have_perm("admin")) {
?>
<!-- create a new user -->
! <form name="add" method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
+ } // end if admin
## Traverse the result set
$db->query("select * from auth_user_md5 order by username");
! while ($db->next_record()) {
?>
<!-- existing user -->
! <form method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")) {
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 303,311 ****
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
<?php
! elseif ($auth->auth["uname"] == $db->f("username")):
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 321,329 ----
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input type="submit" name="u_edit" value="Change">
</td>
<?php
! } elseif ($auth->auth["uname"] == $db->f("username")) {
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 313,319 ****
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
! <?php else: ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
--- 331,339 ----
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input type="submit" name="u_edit" value="Change">
</td>
! <?php
! } else {
! ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
***************
*** 321,330 ****
<td align=right> </td>
<?php
! endif;
! ?>
</tr>
</form>
<?php
! endwhile;
?>
</table>
--- 341,350 ----
<td align=right> </td>
<?php
! }
! ?>
</tr>
</form>
<?php
! } // while next record
?>
</table>
|
|
From: Guillaume D. <gde...@us...> - 2001-08-29 10:45:13
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv2033
Modified Files:
user4.inc
Log Message:
Cosmetic modification to ensure proper indent of source code
Index: user4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/user4.inc,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** user4.inc 2001/08/27 01:53:14 1.8
--- user4.inc 2001/08/29 10:45:10 1.9
***************
*** 161,166 ****
*/
function freeze() {
! if ($this->id == 'nobody')
! return;
if(!$this->that->ac_store($this->id, $this->name, $this->serialize()))
--- 161,166 ----
*/
function freeze() {
! if ($this->id == 'nobody')
! return;
if(!$this->that->ac_store($this->id, $this->name, $this->serialize()))
|
|
From: Guillaume D. <gde...@us...> - 2001-08-29 10:20:19
|
Update of /cvsroot/phplib/php-lib/php/auth
In directory usw-pr-cvs1:/tmp/cvs-serv27946
Modified Files:
auth4.inc
Log Message:
Add password_encode function that appears in auth/sql/auth.inc
Index: auth4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/auth/auth4.inc,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** auth4.inc 2001/08/12 04:58:36 1.2
--- auth4.inc 2001/08/29 10:20:16 1.3
***************
*** 256,259 ****
--- 256,285 ----
}
+ ## encode password
+ function password_encode($password, $method, $salt = "") {
+ switch($method) {
+ case "md5":
+ return md5($password);
+ break;
+
+ case "crypt":
+ if ($salt)
+ return crypt($password, $salt);
+ else
+ return crypt($password);
+ break;
+
+ case "base64":
+ return base64_encode($password);
+ break;
+
+ default:
+ return $password;
+ break;
+ }
+
+ return $password;
+ }
+
########################################################################
##
|
|
From: Richard A. <ric...@us...> - 2001-08-29 07:30:24
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv24687
Modified Files:
crcloginform.ihtml crloginform.ihtml loginform.ihtml
perminvalid.ihtml session.inc
Log Message:
Changes to prevent cross-site scripting attacks:
Encode dangerous characters in session URLs
Pass user input through htmlentities before output
Index: crcloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/crcloginform.ihtml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** crcloginform.ihtml 2000/04/17 16:40:08 1.1.1.1
--- crcloginform.ihtml 2001/08/29 07:30:21 1.2
***************
*** 54,58 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 54,58 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: crloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/crloginform.ihtml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** crloginform.ihtml 2000/04/17 16:40:08 1.1.1.1
--- crloginform.ihtml 2001/08/29 07:30:21 1.2
***************
*** 53,57 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 53,57 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: loginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/loginform.ihtml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** loginform.ihtml 2000/04/17 16:40:11 1.1.1.1
--- loginform.ihtml 2001/08/29 07:30:21 1.2
***************
*** 22,26 ****
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print $this->auth["uname"] ?>"
size=32 maxlength=32></td>
</tr>
--- 22,26 ----
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print htmlentities($this->auth["uname"]) ?>"
size=32 maxlength=32></td>
</tr>
Index: perminvalid.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/perminvalid.ihtml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** perminvalid.ihtml 2000/04/17 16:40:11 1.1.1.1
--- perminvalid.ihtml 2001/08/29 07:30:21 1.2
***************
*** 10,14 ****
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? $auth->auth["uname"] : "(unknown)";
?></b>.<p>
--- 10,14 ----
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? htmlentities($auth->auth["uname"]) : "(unknown)";
?></b>.<p>
Index: session.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session.inc,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** session.inc 2001/08/26 04:50:25 1.11
--- session.inc 2001/08/29 07:30:21 1.12
***************
*** 198,201 ****
--- 198,205 ----
break;
}
+
+ // Encode naughty characters in the URL
+ $url = str_replace(array("<", ">", " ", "\"", "'"),
+ array("%3C", "%3E", "+", "%22", "%27"), $url);
return $url;
}
|
|
From: Richard A. <ric...@us...> - 2001-08-29 07:26:49
|
Update of /cvsroot/phplib/php-lib/php/session
In directory usw-pr-cvs1:/tmp/cvs-serv22170/session
Modified Files:
session3.inc session4.inc
Log Message:
Changes to prevent cross-site scripting attacks:
Encode dangerous characters in session URLs
Pass user input through htmlentities before output
Index: session3.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/session/session3.inc,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** session3.inc 2001/08/26 04:50:40 1.7
--- session3.inc 2001/08/29 07:26:44 1.8
***************
*** 198,201 ****
--- 198,205 ----
break;
}
+
+ // Encode naughty characters in the URL
+ $url = str_replace(array("<", ">", " ", "\"", "'"),
+ array("%3C", "%3E", "+", "%22", "%27"), $url);
return $url;
}
Index: session4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/session/session4.inc,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** session4.inc 2001/05/30 14:37:05 1.13
--- session4.inc 2001/08/29 07:26:44 1.14
***************
*** 329,335 ****
return $url;
! $url = preg_replace("[&?]+$", "", $url);
! if (strstr($url, $this->name))
! return $url;
if (!$HTTP_COOKIE_VARS[$this->name]) {
--- 329,339 ----
return $url;
! // Remove existing session info from url
! $url = ereg_replace(
! "([&?])".quotemeta(urlencode($this->name))."=".$this->id."(&|$)",
! "\\1", $url);
!
! // Remove trailing ?/& if needed
! $url = ereg_replace("[&?]+$", "", $url);
if (!$HTTP_COOKIE_VARS[$this->name]) {
***************
*** 337,351 ****
}
return $url;
- /*
-
- $url .=(
- strpos ( $url,
- '?' ) ) ? chr (
- ord ( '&') & ord ( '?'
- ) ) : chr ( ord ( '&' )
- | ord ( '?')) .urlencode (
- $this->name). "=" .$this->id ;
- */
} // end func url
--- 341,348 ----
}
+ // Encode naughty characters in the URL
+ $url = str_replace(array("<", ">", " ", "\"", "'"),
+ array("%3C", "%3E", "+", "%22", "%27"), $url);
return $url;
} // end func url
|
|
From: Richard A. <ric...@us...> - 2001-08-29 07:26:49
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv22170
Modified Files:
crcloginform.ihtml crloginform.ihtml loginform.ihtml
perminvalid.ihtml registerform.ihtml
Log Message:
Changes to prevent cross-site scripting attacks:
Encode dangerous characters in session URLs
Pass user input through htmlentities before output
Index: crcloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crcloginform.ihtml,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** crcloginform.ihtml 1999/12/09 10:48:57 1.5
--- crcloginform.ihtml 2001/08/29 07:26:44 1.6
***************
*** 61,65 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 61,65 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: crloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crloginform.ihtml,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** crloginform.ihtml 1999/10/29 13:55:13 1.4
--- crloginform.ihtml 2001/08/29 07:26:44 1.5
***************
*** 53,57 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 53,57 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: loginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/loginform.ihtml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** loginform.ihtml 1999/10/29 11:18:40 1.3
--- loginform.ihtml 2001/08/29 07:26:44 1.4
***************
*** 23,27 ****
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print $this->auth["uname"] ?>"
size=32 maxlength=32></td>
</tr>
--- 23,27 ----
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print htmlentities($this->auth["uname"]) ?>"
size=32 maxlength=32></td>
</tr>
Index: perminvalid.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/perminvalid.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** perminvalid.ihtml 1999/04/27 18:04:43 1.2
--- perminvalid.ihtml 2001/08/29 07:26:44 1.3
***************
*** 10,14 ****
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? $auth->auth["uname"] : "(unknown)";
?></b>.<p>
--- 10,14 ----
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? htmlentities($auth->auth["uname"]) : "(unknown)";
?></b>.<p>
Index: registerform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/registerform.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** registerform.ihtml 1999/10/29 11:18:40 1.2
--- registerform.ihtml 2001/08/29 07:26:44 1.3
***************
*** 23,27 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print $auth->auth["uname"] ?>" size=32 maxlength=32></td>
</tr>
<tr valign=top align=left>
--- 23,27 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print htmlentities($auth->auth["uname"]) ?>" size=32 maxlength=32></td>
</tr>
<tr valign=top align=left>
|
|
From: Richard A. <ric...@us...> - 2001-08-27 10:16:43
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv8035
Modified Files:
ct_ldap.inc
Log Message:
Commit changes from Dimitry Gashinsky.
This is completely untested -- bug reports and patches welcome.
Dimitry wrote: I noticed that ct_ldap.inc container class was broken.
I fixed it and it works on my machine with horde and imp.
Index: ct_ldap.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/ct_ldap.inc,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** ct_ldap.inc 2000/04/13 13:28:45 1.5
--- ct_ldap.inc 2001/08/27 10:16:39 1.6
***************
*** 1,4 ****
<?
- ## NOTE: THESE FILES WILL MOVE!
##
## Copyright (c) 1999 Sascha Schumann <sa...@sc...>
--- 1,3 ----
***************
*** 15,20 ****
var $ldap_host = "localhost";
var $ldap_port = 389;
! var $basedn = "dc=your-domain, dc=com";
! var $rootdn = "cn=root, dc=your-domain, dc=com";
var $rootpw = "secret";
var $objclass = "phplibdata";
--- 14,19 ----
var $ldap_host = "localhost";
var $ldap_port = 389;
! var $basedn = "dc=comapny, dc=com";
! var $rootdn = "cn=root, dc=comapny, dc=com";
var $rootpw = "secret";
var $objclass = "phplibdata";
***************
*** 39,73 ****
}
function ac_store($id, $name, $str) {
! $dn = "cn=$id_$name, ".$this->basedn;
$entry = array(
! "cn" => "$id_$name",
"str" => $str,
! "objectclass" => $this->objclass
);
if(!@ldap_modify($this->ds, $dn, $entry)) {
if(!ldap_add($this->ds, $dn, $entry)) {
! $this->ac_halt("LDAP add failed");
}
}
}
function ac_delete($id, $name) {
! ldap_delete($this->ds, "cn=$id_$name, ".$this->basedn);
}
function ac_get_value($id, $name) {
! $sr = ldap_search($this->ds, $this->basedn, "cn=$id_$name");
! $inf = ldap_get_entries($this->ds, $sr);
! $str = $inf[0]["str"][0];
ldap_free_result($sr);
return $str;
}
! function ac_release_lock($name, $sid) {
}
! function ac_get_lock($name, $sid) {
}
--- 38,90 ----
}
+ function ac_gc($gc_time, $name) {
+ $timeout =time();
+ $ldapdate =date("YmdHis", $timeout - ($gc_time * 60));
+ $sr =ldap_search($this->ds, $this->basedn, "(&(cn=*_$name)(modifytimestamp<=$ldapdate))");
+ $inf =ldap_get_entries($this->ds, $sr);
+ for ($i=0; $i<$inf["count"];$i++) {
+ ldap_delete($this->ds, $inf[$i]["dn"]);
+ }
+ ldap_free_result($sr);
+ }
+
function ac_store($id, $name, $str) {
! $ret = true;
! $ldapdate =date("YmdHis", time());
! $dn = "cn=${id}_$name, ".$this->basedn;
$entry = array(
! "cn" => "${id}_$name",
"str" => $str,
! "objectclass" => $this->objclass,
! "modifytimestamp" => $ldapdate
);
if(!@ldap_modify($this->ds, $dn, $entry)) {
if(!ldap_add($this->ds, $dn, $entry)) {
! $ret =false;
}
}
+ return $ret;
}
function ac_delete($id, $name) {
! ldap_delete($this->ds, "cn=${id}_$name, ".$this->basedn);
}
function ac_get_value($id, $name) {
! $str ="";
! $sr =ldap_search($this->ds, $this->basedn, "cn=${id}_$name");
! $inf =ldap_get_entries($this->ds, $sr);
! if ($inf["count"] > 0 && $inf[0]["str"]["count"] > 0) {
! $str =$inf[0]["str"][0];
! }
ldap_free_result($sr);
return $str;
}
! function ac_release_lock() {
}
! function ac_get_lock() {
}
|
|
From: Richard A. <ric...@us...> - 2001-08-27 08:23:56
|
Update of /cvsroot/phplib/php-lib/php/db/mysql
In directory usw-pr-cvs1:/tmp/cvs-serv5781
Modified Files:
db_sql.inc
Log Message:
Some changes to make it easier to keep the various db_sql classes in sync
- remove mySQL references from comments
- clean up comments and whitespace
- add instance vars for the columns in the sequence table
Change the behaviour of connect() so that the PHPLIB DB is always selected.
Changed all the connect() calls to return if the connect failed.
Make the p() function use f().
Streamline the metadata function -- may be a little slower but looks a lot nicer!
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/mysql/db_sql.inc,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** db_sql.inc 2001/08/21 02:20:52 1.8
--- db_sql.inc 2001/08/27 08:23:53 1.9
***************
*** 19,30 ****
/* public: configuration parameters */
! var $Auto_Free = 0; ## Set to 1 for automatic mysql_free_result()
! var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
! var $Seq_Table = "db_sequence";
/* public: result array and current row number */
var $Record = array();
! var $Row;
/* public: current error number and error text */
--- 19,32 ----
/* public: configuration parameters */
! var $Auto_Free = 0; ## Set to 1 to automatically free results
! var $Debug = 0; ## Set to 1 for debugging messages
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
! var $Seq_Table = "db_sequence"; ## Name of the sequence table
! var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Table
! var $Seq_Name_Col = "p_seq_name"; ## Name of the Sequence Name column in $Seq_Table
/* public: result array and current row number */
var $Record = array();
! var $Row = 0;
/* public: current error number and error text */
***************
*** 39,43 ****
var $Link_ID = 0;
var $Query_ID = 0;
-
--- 41,44 ----
***************
*** 70,74 ****
/* establish connection, select database */
if ( 0 == $this->Link_ID ) {
-
$this->Link_ID=mysql_pconnect($Host, $User, $Password);
if (!$this->Link_ID) {
--- 71,74 ----
***************
*** 76,84 ****
return 0;
}
! if (!@mysql_select_db($Database,$this->Link_ID)) {
! $this->halt("cannot use database ".$Database);
! return 0;
! }
}
--- 76,84 ----
return 0;
}
+ }
! if (!@mysql_select_db($Database,$this->Link_ID)) {
! $this->halt("cannot use database ".$Database);
! return 0;
}
***************
*** 104,108 ****
if (!$this->connect()) {
return 0; /* we already complained in connect() about that. */
! };
# New query, discard previous result.
--- 104,108 ----
if (!$this->connect()) {
return 0; /* we already complained in connect() about that. */
! }
# New query, discard previous result.
***************
*** 118,121 ****
--- 118,122 ----
$this->Errno = mysql_errno();
$this->Error = mysql_error();
+
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
***************
*** 167,171 ****
/* public: table locking */
function lock($table, $mode="write") {
! $this->connect();
$query="lock tables ";
--- 168,174 ----
/* public: table locking */
function lock($table, $mode="write") {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
$query="lock tables ";
***************
*** 191,195 ****
function unlock() {
! $this->connect();
$res = @mysql_query("unlock tables", $this->Link_ID);
--- 194,200 ----
function unlock() {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
$res = @mysql_query("unlock tables", $this->Link_ID);
***************
*** 227,246 ****
return $this->Record[$Name];
}
}
function p($Name) {
! if (isset($this->Record[$Name])) {
! print $this->Record[$Name];
! }
}
/* public: sequence numbers */
function nextid($seq_name) {
! $this->connect();
if ($this->lock($this->Seq_Table)) {
/* get sequence number (locked) and increment */
! $q = sprintf("select p_nextid from %s where p_seq_name = '%s'",
$this->Seq_Table,
$seq_name);
$id = @mysql_query($q, $this->Link_ID);
--- 232,254 ----
return $this->Record[$Name];
}
+ return "";
}
function p($Name) {
! print $this->f($Name);
}
/* public: sequence numbers */
function nextid($seq_name) {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
if ($this->lock($this->Seq_Table)) {
/* get sequence number (locked) and increment */
! $q = sprintf("select %s from %s where %s = '%s'",
! $this->Seq_ID_Col,
$this->Seq_Table,
+ $this->Seq_Name_Col,
$seq_name);
$id = @mysql_query($q, $this->Link_ID);
***************
*** 250,266 ****
if (!is_array($res)) {
$currentid = 0;
! $q = sprintf("insert into %s ( p_seq_name, p_nextid ) values('%s', %s)",
! $this->Seq_Table,
! $seq_name,
! $currentid);
$id = @mysql_query($q, $this->Link_ID);
} else {
! $currentid = $res["p_nextid"];
}
$nextid = $currentid + 1;
! $q = sprintf("update %s set p_nextid = '%s' where p_seq_name = '%s'",
! $this->Seq_Table,
! $nextid,
! $seq_name);
$id = @mysql_query($q, $this->Link_ID);
$this->unlock();
--- 258,278 ----
if (!is_array($res)) {
$currentid = 0;
! $q = sprintf("insert into %s ( %s, %s ) values('%s', %s)",
! $this->Seq_Table,
! $this->Seq_Name_Col,
! $this->Seq_ID_Col,
! $seq_name,
! $currentid);
$id = @mysql_query($q, $this->Link_ID);
} else {
! $currentid = $res[$this->Seq_ID_Col];
}
$nextid = $currentid + 1;
! $q = sprintf("update %s set %s = '%s' where %s = '%s'",
! $this->Seq_Table,
! $this->Seq_ID_Col,
! $nextid,
! $this->Seq_Name_Col,
! $seq_name);
$id = @mysql_query($q, $this->Link_ID);
$this->unlock();
***************
*** 281,287 ****
* Due to compatibility problems with Table we changed the behavior
* of metadata();
! * depending on $full, metadata returns the following values:
*
! * - full is false (default):
* $result[]:
* [0]["table"] table name
--- 293,299 ----
* Due to compatibility problems with Table we changed the behavior
* of metadata();
! * If $full is set, metadata returns additional information
*
! * This information is always returned:
* $result[]:
* [0]["table"] table name
***************
*** 291,314 ****
* [0]["flags"] field flags
*
! * - full is true
* $result[]:
* ["num_fields"] number of metadata records
! * [0]["table"] table name
! * [0]["name"] field name
! * [0]["type"] field type
! * [0]["len"] field length
! * [0]["flags"] field flags
! * [0]["php_type"] the correspondig PHP-type
* [0]["php_subtype"] the subtype of PHP-type
! * ["meta"][field name] index of field named "field name"
! * This last one could be used if you have a field name, but no index.
* Test: if (isset($result['meta']['myfield'])) { ...
* [unique] = field names which have an unique key, separated by space
*/
! // if no $table specified, assume that we are working with a query
! // result
if ($table) {
! $this->connect();
$id = @mysql_list_fields($this->Database, $table);
if (!$id) {
--- 303,322 ----
* [0]["flags"] field flags
*
! * If $full is set this information is also returned:
* $result[]:
* ["num_fields"] number of metadata records
! * [0]["php_type"] the corresponding PHP-type
* [0]["php_subtype"] the subtype of PHP-type
! * ["meta"][field name] index of field named "field name"
! * This one could be used if you have a field name, but no index.
* Test: if (isset($result['meta']['myfield'])) { ...
* [unique] = field names which have an unique key, separated by space
*/
! // if no $table specified, assume that we are working with a query result
if ($table) {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
$id = @mysql_list_fields($this->Database, $table);
if (!$id) {
***************
*** 317,321 ****
}
} else {
! $id = $this->Query_ID;
if (!$id) {
$this->halt("No query specified.");
--- 325,329 ----
}
} else {
! $id = $this->Query_ID;
if (!$id) {
$this->halt("No query specified.");
***************
*** 323,348 ****
}
}
!
$count = @mysql_num_fields($id);
! // made this IF due to performance (one if is faster than $count if's)
! if (!$full) {
! for ($i=0; $i<$count; $i++) {
! $res[$i]["table"] = @mysql_field_table ($id, $i);
! $res[$i]["name"] = @mysql_field_name ($id, $i);
! $res[$i]["type"] = @mysql_field_type ($id, $i);
! $res[$i]["len"] = @mysql_field_len ($id, $i);
! $res[$i]["flags"] = @mysql_field_flags ($id, $i);
! }
! } else { // full
! $uniq=array();
! $res["num_fields"]= $count;
for ($i=0; $i<$count; $i++) {
- $res[$i]["table"] = @mysql_field_table ($id, $i);
- $res[$i]["name"] = @mysql_field_name ($id, $i);
- $res[$i]["type"] = @mysql_field_type ($id, $i);
- $res[$i]["len"] = @mysql_field_len ($id, $i);
- $res[$i]["flags"] = @mysql_field_flags ($id, $i);
$res["meta"][$res[$i]["name"]] = $i;
switch ($res[$i]["type"]) {
--- 331,350 ----
}
}
!
$count = @mysql_num_fields($id);
! for ($i=0; $i<$count; $i++) {
! $res[$i]["table"] = @mysql_field_table ($id, $i);
! $res[$i]["name"] = @mysql_field_name ($id, $i);
! $res[$i]["type"] = @mysql_field_type ($id, $i);
! $res[$i]["len"] = @mysql_field_len ($id, $i);
! $res[$i]["flags"] = @mysql_field_flags ($id, $i);
! }
!
! if ($full) {
! $uniq = array();
! $res["num_fields"] = $count;
for ($i=0; $i<$count; $i++) {
$res["meta"][$res[$i]["name"]] = $i;
switch ($res[$i]["type"]) {
***************
*** 390,394 ****
/* public: find available table names */
function table_names() {
! $this->connect();
$h = @mysql_query("show tables", $this->Link_ID);
$i = 0;
--- 392,399 ----
/* public: find available table names */
function table_names() {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
!
$h = @mysql_query("show tables", $this->Link_ID);
$i = 0;
|
|
From: Richard A. <ric...@us...> - 2001-08-27 07:08:22
|
Update of /cvsroot/phplib/php-lib/php/db/odbc
In directory usw-pr-cvs1:/tmp/cvs-serv23693
Modified Files:
db_sql.inc
Log Message:
Add pseudo-locking and sequence numbers.
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/odbc/db_sql.inc,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** db_sql.inc 2001/08/26 12:13:46 1.2
--- db_sql.inc 2001/08/27 07:08:18 1.3
***************
*** 22,27 ****
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
var $Seq_Table = "db_sequence"; ## Name of the sequence table
! var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Tab
! var $Seq_Name_Col = "p_seq_name"; ## Name of the Sequence Name column in $Seq_Tab
var $UseODBCCursor = 0; ## Set to 1 to enable execution of stored procedures on the server
--- 22,32 ----
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
var $Seq_Table = "db_sequence"; ## Name of the sequence table
! var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Table
! var $Seq_Name_Col = "p_seq_name"; ## Name of the Sequence Name column in $Seq_Table
! var $Lock_Table = "db_sequence"; ## Name of the lock table
! var $Lock_Name_Col = "p_seq_name"; ## Name of the lock Name column
! var $Lock_ID_Col = "p_nextid"; ## Name of the lock Name column
! var $Lock_Timeout = 5; ## Wait this long for a lock
! var $Lock_Override = 1; ## Set to 1 to override lock after $Lock_Timeout seconds
var $UseODBCCursor = 0; ## Set to 1 to enable execution of stored procedures on the server
***************
*** 115,119 ****
# $this->Query_Ok = odbc_execute($this->Query_ID);
! $this->Query_ID = odbc_exec($this->Link_ID,$Query_String);
$this->RowCount = -1; # reset num_rows() return value
$this->Row = 0;
--- 120,124 ----
# $this->Query_Ok = odbc_execute($this->Query_ID);
! $this->Query_ID = odbc_exec($this->Link_ID, $Query_String);
$this->RowCount = -1; # reset num_rows() return value
$this->Row = 0;
***************
*** 163,175 ****
}
/* public: table locking */
function lock($table, $mode="write") {
! $this->halt("Does " . $this->type ." have table locking functions?");
! return false;
}
! function unlock() {
! $this->halt("Does " . $this->type ." have table locking functions?");
! return false;
}
--- 168,315 ----
}
+ /* public: get the time in msecs */
+ function getmicrotime() {
+ list($usec, $sec) = explode(" ", microtime());
+ return (float)$usec + (float)$sec;
+ }
+
/* public: table locking */
+ /*
+ ODBC is not guaranteed do table locking natively. This function emulates
+ locking with certain constraints. The intention is to provide at least the
+ minimum functionality required to implement sequences via nextid().
+
+ This function maintains a list of locked tables in a lock table. To lock
+ a table it inserts a row into the lock table with the locked table name
+ suffixed with '_p_lock' as a primary key and with a value of 0.
+ The suffix and value are used so that the sequence table can be used as
+ the lock table if desired.
+ While this row exists a lock will not be granted to another process.
+ To protect against threads failing to release a lock, if a lock is not
+ obtained within $this->Lock_Timeout seconds the lock may be deleted.
+ The timeout value needs to be set to a reasonable length based on the
+ expected transaction time on the locked table.
+
+ This method will only be effective if the locked table is accessed
+ exclusively via this class. This is not a database-enforced lock and
+ there is nothing preventing other applications from modifying a table
+ while it is 'locked'.
+
+ The function uses microtime to prevent multiple threads all hitting the
+ table simultaneously on the tick of a second.
+
+ The function halt()s if a lock cannot be obtained.
+ */
function lock($table, $mode="write") {
!
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! };
!
! $getsql = sprintf("INSERT into %s (%s, %s) VALUES ('%s', 0)",
! $this->Lock_Table,
! $this->Lock_Name_Col,
! $this->Lock_ID_Col,
! strtolower($table)."_p_lock");
! $delsql = sprintf("DELETE FROM %s where %s='%s' AND %s=0",
! $this->Lock_Table,
! $this->Lock_Name_Col,
! strtolower($table)."_p_lock",
! $this->Lock_ID_Col);
! $selsql = sprintf("SELECT * FROM %s where %s='%s' AND %s=0",
! $this->Lock_Table,
! $this->Lock_Name_Col,
! strtolower($table)."_p_lock",
! $this->Lock_ID_Col);
! $timeout = $this->getmicrotime() + $this->Lock_Timeout;
! $got_lock = 0;
! $override = $this->Lock_Override;
! while (!$got_lock) {
! $got_lock = @odbc_exec($this->Link_ID, $getsql);
! if ($this->Debug && !$got_lock) {
! echo "missed lock... looping\n";
! flush();
! }
! $currtime = $this->getmicrotime();
! if (!$got_lock) {
! if ($timeout < $currtime) {
! if (!$override) {
! # try to select existing lock
! if (!@odbc_exec($this->Link_ID, $selsql)) {
! # lock select failed. Either the table does not exist or the lock was
! # released just this instant. Try to get a lock to see which...
! $got_lock = @odbc_exec($this->Link_ID, $getsql);
! if (!$got_lock) {
! $this->halt("Lock select failed. Does the table $this->Lock_Table exist?");
! }
! return $got_lock;
! }
! $this->halt("lock() failed.");
! return 0;
! } else {
! # delete existing lock
! if ($this->Debug) {
! echo "overriding lock\n";
! }
!
! if (!@odbc_exec($this->Link_ID, $delsql)) {
! # lock override failed. Either the table does not exist or the lock was
! # released just this instant. Try to get a lock to see which...
! $got_lock = @odbc_exec($this->Link_ID, $getsql);
! if (!$got_lock) {
! $this->halt("Lock override failed. Does the table $this->Lock_Table exist?");
! }
! return $got_lock;
! } else {
! # just deleted the lock so try to get it straight away
! $got_lock = @odbc_exec($this->Link_ID, $getsql);
! $timeout = $currtime + $this->Lock_Timeout; # reset the timer
! $override = 0; # override once only
! # fall through to wait loop
! }
! }
! }
! }
!
! if (!$got_lock) {
! $waittime = $currtime + 0.5;
! while ($waittime > $this->getmicrotime()) {
! ;
! }
! }
! }
! if ($this->Debug && !$got_lock) {
! echo "missed lock... bug!\n";
! } else {
! echo "got lock\n";
! flush();
! }
! return $got_lock;
}
! function unlock($table = "") {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! };
!
! # Note: this unlocks ALL tables if $table is blank!
! if ($table == "") {
! $delsql = sprintf("DELETE FROM %s where %s LIKE '%%_p_lock' AND %s=0",
! $this->Lock_Table,
! $this->Lock_Name_Col,
! $this->Lock_ID_Col);
! } else {
! $delsql = sprintf("DELETE FROM %s where %s='%s' AND %s=0",
! $this->Lock_Table,
! $this->Lock_Name_Col,
! strtolower($table)."_p_lock",
! $this->Lock_ID_Col);
! }
!
! $res = @odbc_exec($this->Link_ID, $delsql);
! if (!$res) {
! $this->halt("unlock() failed.");
! }
! return $res;
}
***************
*** 246,251 ****
/* public: sequence numbers */
function nextid($seq_name) {
! $this->halt("Sequence numbers require locking. Does " . $this->type ." have table locking functions?");
! return false;
}
--- 386,437 ----
/* public: sequence numbers */
function nextid($seq_name) {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! };
!
! if ($this->lock($this->Seq_Table)) {
! /* get sequence number (locked) and increment */
! $q = sprintf("select %s from %s where %s = '%s'",
! $this->Seq_ID_Col,
! $this->Seq_Table,
! $this->Seq_Name_Col,
! $seq_name);
! $id = odbc_exec($this->Link_ID, $q);
! $res = 0;
! if (odbc_fetch_row($id, 1)) {
! $res = array();
! $count = odbc_num_fields($id);
! for ($i=1; $i<=$count; $i++) {
! $res[strtolower(odbc_field_name($id, $i))] = odbc_result($id, $i);
! }
! }
!
! /* No current value, make one */
! if (!is_array($res)) {
! $currentid = 0;
! $q = sprintf("insert into %s ( %s, %s ) values('%s', %s)",
! $this->Seq_Table,
! $this->Seq_Name_Col,
! $this->Seq_ID_Col,
! $seq_name,
! $currentid);
! $id = odbc_exec($this->Link_ID, $q);
! } else {
! $currentid = $res[$this->Seq_ID_Col];
! }
! $nextid = $currentid + 1;
! $q = sprintf("update %s set %s = '%s' where %s = '%s'",
! $this->Seq_Table,
! $this->Seq_ID_Col,
! $nextid,
! $this->Seq_Name_Col,
! $seq_name);
! $id = odbc_exec($this->Link_ID, $q);
! $this->unlock();
! } else {
! $this->halt("cannot lock ".$this->Seq_Table." - has it been created?");
! return 0;
! }
! return $nextid;
}
***************
*** 310,313 ****
--- 496,500 ----
$res["num_fields"] = $count;
+ # ODBC result set starts at 1
for ($i=1; $i<=$count; $i++) {
$res["meta"][$res[$i]["name"]] = $i;
|
|
From: Richard A. <ric...@us...> - 2001-08-26 12:13:49
|
Update of /cvsroot/phplib/php-lib/php/db/odbc
In directory usw-pr-cvs1:/tmp/cvs-serv12719
Modified Files:
db_sql.inc
Log Message:
Major overhaul to the ODBC abstraction class.
Brings the style up to date with the MySQL driver.
Table locking and sequence numbers are still not implemented.
Fixes numerous bugs, especially in num_rows.
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/odbc/db_sql.inc,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** db_sql.inc 2000/04/13 13:06:59 1.1
--- db_sql.inc 2001/08/26 12:13:46 1.2
***************
*** 3,7 ****
* Session Management for PHP3
*
! * Copyright (c) 1998,1999 Cameron Taggart (cam...@wo...)
* Modified by Guarneri carmelo (ca...@me...)
*
--- 3,7 ----
* Session Management for PHP3
*
! * Copyright (c) 1998-2000 Cameron Taggart (cam...@wo...)
* Modified by Guarneri carmelo (ca...@me...)
*
***************
*** 10,43 ****
class DB_Sql {
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";
- var $UseODBCCursor = 0;
! var $Link_ID = 0;
! var $Query_ID = 0;
var $Record = array();
var $Row = 0;
!
var $Errno = 0;
var $Error = "";
! var $Auto_Free = 0; ## set this to 1 to automatically free results
! function connect() {
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=odbc_pconnect($this->Database, $this->User, $this->Password, $this->UseODBCCursor);
if (!$this->Link_ID) {
! $this->halt("Link-ID == false, odbc_pconnect failed");
}
}
}
!
function query($Query_String) {
! $this->connect();
!
! # printf("<br>Debug: query = %s<br>\n", $Query_String);
# re...@ne... suggested that we use this instead of the odbc_exec().
# He is on NT, connecting to a Unix MySQL server with ODBC. -- KK
--- 10,113 ----
class DB_Sql {
+
+ /* public: connection parameters */
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";
! /* public: configuration parameters */
! var $Auto_Free = 0; ## Set to 1 to automatically free results
! var $Debug = 0; ## Set to 1 for debugging messages
! var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
! var $Seq_Table = "db_sequence"; ## Name of the sequence table
! var $Seq_ID_Col = "p_nextid"; ## Name of the Sequence ID column in $Seq_Tab
! var $Seq_Name_Col = "p_seq_name"; ## Name of the Sequence Name column in $Seq_Tab
! var $UseODBCCursor = 0; ## Set to 1 to enable execution of stored procedures on the server
!
! /* public: result array and current row number */
var $Record = array();
var $Row = 0;
! var $RowCount = -1; ## used to remember num_rows() return value
!
! /* public: current error number and error text */
var $Errno = 0;
var $Error = "";
! /* public: this is an api revision, not a CVS revision. */
! var $type = "odbc";
! var $revision = "1.2";
! /* private: link and query handles */
! var $Link_ID = 0;
! var $Query_ID = 0;
!
!
! /* public: constructor */
! function DB_Sql($query = "") {
! $this->query($query);
! }
!
! /* public: some trivial reporting */
! function link_id() {
! return $this->Link_ID;
! }
!
! function query_id() {
! return $this->Query_ID;
! }
!
! /* public: connection management */
! function connect($Database = "", $Host = "", $User = "", $Password = "") {
! /* Handle defaults */
! if ("" == $Database)
! $Database = $this->Database;
! if ("" == $Host)
! $Host = $this->Host;
! if ("" == $User)
! $User = $this->User;
! if ("" == $Password)
! $Password = $this->Password;
!
! /* establish connection, select database */
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=odbc_pconnect($Database, $User, $Password, $this->UseODBCCursor);
if (!$this->Link_ID) {
! $this->halt("odbc_pconnect failed");
! return 0;
}
}
+
+ return $this->Link_ID;
}
!
! /* public: discard the query result */
! function free() {
! odbc_free_result($this->Query_ID);
! $this->Query_ID = 0;
! }
!
! /* public: perform a query */
function query($Query_String) {
! /* No empty queries, please, since PHP4 chokes on them. */
! if ($Query_String == "")
! /* The empty query string is passed on from the constructor,
! * when calling the class without a query, e.g. in situations
! * like these: '$db = new DB_Sql_Subclass;'
! */
! return 0;
!
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! };
!
! # New query, discard previous result.
! if ($this->Query_ID) {
! $this->free();
! }
+ if ($this->Debug)
+ printf("Debug: query = %s<br>\n", $Query_String);
+
# re...@ne... suggested that we use this instead of the odbc_exec().
# He is on NT, connecting to a Unix MySQL server with ODBC. -- KK
***************
*** 46,117 ****
$this->Query_ID = odbc_exec($this->Link_ID,$Query_String);
! $this->Row = 0;
odbc_binmode($this->Query_ID, 1);
odbc_longreadlen($this->Query_ID, 4096);
if (!$this->Query_ID) {
- $this->Errno = 1;
- $this->Error = "General Error (The ODBC interface cannot return detailed error messages).";
$this->halt("Invalid SQL: ".$Query_String);
}
return $this->Query_ID;
}
!
function next_record() {
$this->Record = array();
! $stat = odbc_fetch_into($this->Query_ID, ++$this->Row, &$this->Record);
if (!$stat) {
if ($this->Auto_Free) {
! odbc_free_result($this->Query_ID);
! $this->Query_ID = 0;
! };
} else {
- // add to Record[<key>]
$count = odbc_num_fields($this->Query_ID);
! for ($i=1; $i<=$count; $i++)
! $this->Record[strtolower(odbc_field_name ($this->Query_ID, $i)) ] = $this->Record[ $i - 1 ];
}
return $stat;
}
!
! function seek($pos) {
$this->Row = $pos;
}
! function metadata($table) {
! $count = 0;
! $id = 0;
! $res = array();
!
! $this->connect();
! $id = odbc_exec($this->Link_ID, "select * from $table");
! if (!$id) {
! $this->Errno = 1;
! $this->Error = "General Error (The ODBC interface cannot return detailed error messages).";
! $this->halt("Metadata query failed.");
! }
! $count = odbc_num_fields($id);
!
! for ($i=1; $i<=$count; $i++) {
! $res[$i]["table"] = $table;
! $name = odbc_field_name ($id, $i);
! $res[$i]["name"] = $name;
! $res[$i]["type"] = odbc_field_type ($id, $name);
! $res[$i]["len"] = 0; // can we determine the width of this column?
! $res[$i]["flags"] = ""; // any optional flags to report?
! }
!
! odbc_free_result($id);
! return $res;
}
function affected_rows() {
return odbc_num_rows($this->Query_ID);
}
!
function num_rows() {
# Many ODBC drivers don't support odbc_num_rows() on SELECT statements.
$num_rows = odbc_num_rows($this->Query_ID);
- //printf ($num_rows."<br>");
# This is a workaround. It is intended to be ugly.
--- 116,193 ----
$this->Query_ID = odbc_exec($this->Link_ID,$Query_String);
! $this->RowCount = -1; # reset num_rows() return value
! $this->Row = 0;
! $this->Errno = 0;
! $this->Error = "";
odbc_binmode($this->Query_ID, 1);
odbc_longreadlen($this->Query_ID, 4096);
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
}
+
+ # Will return nada if it fails. That's fine.
return $this->Query_ID;
}
!
! /* public: walk result set */
function next_record() {
+ if (!$this->Query_ID) {
+ $this->halt("next_record called with no query pending.");
+ return 0;
+ }
+
$this->Record = array();
! $this->Row += 1;
! $stat = odbc_fetch_row($this->Query_ID, $this->Row);
! $this->Errno = 0;
! $this->Error = "";
!
if (!$stat) {
if ($this->Auto_Free) {
! $this->free();
! }
} else {
$count = odbc_num_fields($this->Query_ID);
! for ($i=1; $i<=$count; $i++) {
! $this->Record[strtolower(odbc_field_name($this->Query_ID, $i))] = odbc_result($this->Query_ID, $i);
! }
}
return $stat;
}
!
! /* public: position in result set */
! function seek($pos = 0) {
$this->Row = $pos;
+ return 1;
}
! /* public: table locking */
! function lock($table, $mode="write") {
! $this->halt("Does " . $this->type ." have table locking functions?");
! return false;
}
+ function unlock() {
+ $this->halt("Does " . $this->type ." have table locking functions?");
+ return false;
+ }
+
+ /* public: evaluate the result (size, width) */
function affected_rows() {
return odbc_num_rows($this->Query_ID);
}
!
function num_rows() {
+ # Due to a strange problem with the odbc_fetch_row function it is only
+ # possible to walk through the result set once. By storing the row count
+ # this problem is avoided.
+ # Once the number of rows has been calculated it is stored in $RowCount.
+ if ($this->RowCount != -1) {
+ return $this->RowCount;
+ }
+
# Many ODBC drivers don't support odbc_num_rows() on SELECT statements.
$num_rows = odbc_num_rows($this->Query_ID);
# This is a workaround. It is intended to be ugly.
***************
*** 139,172 ****
}
return $num_rows;
}
!
function num_fields() {
return count($this->Record)/2;
}
function nf() {
return $this->num_rows();
}
!
function np() {
print $this->num_rows();
}
!
! function f($Field_Name) {
! return $this->Record[strtolower($Field_Name)];
}
!
! function p($Field_Name) {
! print $this->f($Field_Name);
}
!
function halt($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg);
printf("<b>ODBC Error</b>: %s (%s)<br>\n",
$this->Errno,
$this->Error);
- die("Session halted.");
}
}
?>
--- 215,394 ----
}
+ $this->RowCount = $num_rows;
return $num_rows;
}
!
function num_fields() {
+ # NOTE: this only works after next_record has been called!
return count($this->Record)/2;
}
+ /* public: shorthand notation */
function nf() {
return $this->num_rows();
}
!
function np() {
print $this->num_rows();
}
!
! function f($Name) {
! if (isset($this->Record[$Name])) {
! return $this->Record[strtolower($Name)];
! }
! return "";
}
!
! function p($Name) {
! print $this->f($Name);
}
!
! /* public: sequence numbers */
! function nextid($seq_name) {
! $this->halt("Sequence numbers require locking. Does " . $this->type ." have table locking functions?");
! return false;
! }
!
! /* public: return table metadata */
! function metadata($table = "", $full = false) {
! $count = 0;
! $id = 0;
! $res = array();
!
! /*
! * Due to compatibility problems with Table we changed the behavior
! * of metadata();
! * If $full is set, metadata returns additional information
! *
! * This information is always returned:
! * $result[]:
! * [0]["table"] table name
! * [0]["name"] field name
! * [0]["type"] field type
! * [0]["len"] field length
! * [0]["flags"] field flags
! *
! * If $full is set this information is also returned:
! * $result[]:
! * ["num_fields"] number of metadata records
! * [0]["php_type"] the corresponding PHP-type
! * [0]["php_subtype"] the subtype of PHP-type
! * ["meta"][field name] index of field named "field name"
! * This one could be used if you have a field name, but no index.
! * Test: if (isset($result['meta']['myfield'])) { ...
! * [unique] = field names which have an unique key, separated by space
! */
!
! // if no $table specified, assume that we are working with a query result
! if ($table) {
! $this->connect();
! $id = odbc_exec($this->Link_ID, "select * from $table");
! if (!$id) {
! $this->halt("Metadata query failed.");
! return false;
! }
! } else {
! $id = $this->Query_ID;
! if (!$id) {
! $this->halt("No query specified.");
! return false;
! }
! }
!
! $count = odbc_num_fields($id);
!
! for ($i=1; $i<=$count; $i++) {
! $res[$i]["table"] = $table;
! $res[$i]["name"] = odbc_field_name ($id, $i);
! $res[$i]["type"] = odbc_field_type ($id, $i);
! $res[$i]["len"] = odbc_field_len ($id, $i);
! $res[$i]["flags"] = ""; // any optional flags to report?
! }
!
! if ($full) {
! $uniq = array();
! $res["num_fields"] = $count;
!
! for ($i=1; $i<=$count; $i++) {
! $res["meta"][$res[$i]["name"]] = $i;
! switch ($res[$i]["type"]) {
! case "var string":
! case "string" :
! case "char" :
! $res[$i]["php_type"]="string";
! $res[$i]["php_subtype"]="";
! break;
! case "timestamp" :
! case "datetime" :
! case "date" :
! case "time" :
! $res[$i]["php_type"]="string";
! $res[$i]["php_subtype"]="date";
! break;
! case "blob" :
! $res[$i]["php_type"]="string";
! $res[$i]["php_subtype"]="blob";
! break;
! case "real" :
! $res[$i]["php_type"]="double";
! $res[$i]["php_subtype"]="";
! break;
! case "long" :
! default :
! $res[$i]["php_type"]="int";
! $res[$i]["php_subtype"]="";
! break;
! }
! if ( ereg("(unique_key|primary_key)",$res[$i]["flags"]) ) {
! $uniq[]=$res[$i]["name"];
! }
! }
! $res["unique"]=join(" ",$uniq);
! }
!
! // free the result only if we were called on a table
! if ($table) {
! odbc_free_result($id);
! }
! return $res;
! }
!
! /* public: find available table names */
! function table_names() {
! $this->connect();
! $h = odbc_tables($this->Link_ID);
! $i = 0;
! while(odbc_fetch_row($h)) {
! if (odbc_result($h, 4) == "TABLE") {
! $return[$i]["table_name"] = odbc_result($h, 3);
! $return[$i]["tablespace_name"] = odbc_result($h, 1);
! $return[$i]["database"] = odbc_result($h, 1);
! $i += 1;
! }
! }
! odbc_free_result($h);
! return $return;
! }
!
! /* private: error handling */
function halt($msg) {
+ $this->Errno = 1;
+ $this->Error = "General Error (The ODBC interface cannot return detailed error messages).";
+ if ($this->Halt_On_Error == "no")
+ return;
+
+ $this->haltmsg($msg);
+
+ if ($this->Halt_On_Error != "report")
+ die("Session halted.");
+ }
+
+ function haltmsg($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg);
printf("<b>ODBC Error</b>: %s (%s)<br>\n",
$this->Errno,
$this->Error);
}
+
}
?>
|
|
From: Richard A. <ric...@us...> - 2001-08-26 04:56:18
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv10542
Modified Files:
oohforms.inc
Log Message:
Fix a typo - bug ID #450640
Index: oohforms.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/oohforms.inc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** oohforms.inc 2000/04/17 16:40:15 1.1.1.1
--- oohforms.inc 2001/08/26 04:56:13 1.2
***************
*** 276,280 ****
$el = $this->elements[$name]["ob"];
! if (true == $falg_nametranslation)
$el->name = $org_name;
--- 276,280 ----
$el = $this->elements[$name]["ob"];
! if (true == $flag_nametranslation)
$el->name = $org_name;
|
|
From: Richard A. <ric...@us...> - 2001-08-26 04:50:42
|
Update of /cvsroot/phplib/php-lib/php/session
In directory usw-pr-cvs1:/tmp/cvs-serv10352
Modified Files:
session3.inc
Log Message:
fix the call-time-pass-by-reference bug in PHP4
Index: session3.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/session/session3.inc,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** session3.inc 2001/08/18 09:47:19 1.6
--- session3.inc 2001/08/26 04:50:40 1.7
***************
*** 285,289 ****
while ( "array" == $l ) {
## Structural recursion
! $this->serialize($var."['".ereg_replace("([\\'])", "\\\\1", $k)."']", &$str);
eval("\$l = gettype(list(\$k)=each(\$$var));");
}
--- 285,289 ----
while ( "array" == $l ) {
## Structural recursion
! $this->serialize($var."['".ereg_replace("([\\'])", "\\\\1", $k)."']", $str);
eval("\$l = gettype(list(\$k)=each(\$$var));");
}
***************
*** 301,305 ****
reset($'.$var.');
while ( list($k) = each($'.$var.') ) {
! $this->serialize( "${var}->".$k, &$str );
}
}
--- 301,305 ----
reset($'.$var.');
while ( list($k) = each($'.$var.') ) {
! $this->serialize( "${var}->".$k, $str );
}
}
***************
*** 340,345 ****
$str="";
! $this->serialize("this->in",&$str);
! $this->serialize("this->pt",&$str);
reset($this->pt);
--- 340,345 ----
$str="";
! $this->serialize("this->in", $str);
! $this->serialize("this->pt", $str);
reset($this->pt);
***************
*** 347,351 ****
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']",&$str);
}
}
--- 347,351 ----
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']", $str);
}
}
|
|
From: Richard A. <ric...@us...> - 2001-08-26 04:50:28
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv10155
Modified Files:
session.inc
Log Message:
fix the call-time-pass-by-reference bug in PHP4
Index: session.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session.inc,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** session.inc 2001/08/18 09:42:59 1.10
--- session.inc 2001/08/26 04:50:25 1.11
***************
*** 268,272 ****
while ( "array" == $l ) {
## Structural recursion
! $this->serialize($var."['".ereg_replace("([\\'])", "\\\\1", $k)."']", &$str);
eval("\$l = gettype(list(\$k)=each(\$$var));");
}
--- 268,272 ----
while ( "array" == $l ) {
## Structural recursion
! $this->serialize($var."['".ereg_replace("([\\'])", "\\\\1", $k)."']", $str);
eval("\$l = gettype(list(\$k)=each(\$$var));");
}
***************
*** 279,283 ****
while ( $l ) {
## Structural recursion.
! $this->serialize($var."->".$l,&$str);
eval("\$l = next(\$${var}->persistent_slots);");
}
--- 279,283 ----
while ( $l ) {
## Structural recursion.
! $this->serialize($var."->".$l, $str);
eval("\$l = next(\$${var}->persistent_slots);");
}
***************
*** 308,313 ****
$str="";
! $this->serialize("this->in",&$str);
! $this->serialize("this->pt",&$str);
reset($this->pt);
--- 308,313 ----
$str="";
! $this->serialize("this->in", $str);
! $this->serialize("this->pt", $str);
reset($this->pt);
***************
*** 315,319 ****
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']",&$str);
}
}
--- 315,319 ----
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']", $str);
}
}
|
|
From: Richard A. <ric...@us...> - 2001-08-21 12:58:49
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv7482
Modified Files:
local.inc
Log Message:
Add comments from -devel local.inc
fix a few typos
add new menu.inc demo from documentation
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/local.inc,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** local.inc 2001/08/15 22:29:15 1.6
--- local.inc 2001/08/21 12:58:45 1.7
***************
*** 8,11 ****
--- 8,15 ----
* $Id$
*
+ * All functions in this file are example classes, which can be used
+ * by your application to get you going. Once you get the hang of it,
+ * you should backup this file and start over with a clean local.inc
+ * which contains only your own classes and only the classes you need.
*/
***************
*** 17,20 ****
--- 21,30 ----
}
+ ##
+ ## Session needs to use a storage container (ct).
+ ## Select exactly one of the following and set $that_class
+ ## in Example_Session appropriately.
+ ##
+
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
***************
*** 22,29 ****
}
#class Example_CT_Split_Sql extends CT_Split_Sql {
# var $database_class = "DB_Example"; ## Which database to connect...
# var $database_table = "active_sessions_split"; ## and find our session data in this table.
! # var $split_length = 4096 ## Split rows every 4096 bytes
#}
--- 32,50 ----
}
+ ##
+ ## An example of Split_Sql container usage
+ ## You may need it if you expect significant amount of session-registered
+ ## data and there are restrictions on tuple size in your database
+ ## engine (e.g. like in Postgres)
+ ##
+ ## NB: session table name is different only for illustrative purposes,
+ ## so you wouldn't absent-mindedly confuse split session data and non-split
+ ## table structure is the same - if you are sure you won;t be switching
+ ## back and forth between containers, just use active_sessions
+
#class Example_CT_Split_Sql extends CT_Split_Sql {
# var $database_class = "DB_Example"; ## Which database to connect...
# var $database_table = "active_sessions_split"; ## and find our session data in this table.
! # var $split_length = 4096; ## Split rows every 4096 bytes
#}
***************
*** 55,60 ****
var $fallback_mode = "get";
var $lifetime = 0; ## 0 = do session cookies, else minutes
! var $that_class = "Example_CT_Sql"; ## name of data storage container
var $gc_probability = 5;
}
--- 76,82 ----
var $fallback_mode = "get";
var $lifetime = 0; ## 0 = do session cookies, else minutes
! var $that_class = "Example_CT_Sql"; ## name of data storage container class
var $gc_probability = 5;
+ var $allowcache = "no"; ## "public", "private", or "no"
}
***************
*** 63,67 ****
var $magic = "Abracadabra"; ## ID seed
! var $that_class = "Example_CT_Sql"; ## data storage container
}
--- 85,89 ----
var $magic = "Abracadabra"; ## ID seed
! var $that_class = "Example_CT_Sql"; ## name of data storage container class
}
***************
*** 69,73 ****
var $classname = "Example_Auth";
! var $lifetime = 15;
var $database_class = "DB_Example";
--- 91,95 ----
var $classname = "Example_Auth";
! var $lifetime = 15;
var $database_class = "DB_Example";
***************
*** 88,92 ****
}
-
$uid = false;
--- 110,113 ----
***************
*** 113,116 ****
--- 134,143 ----
}
+ # A variation of Example_Auth which uses a Challenge-Response
+ # Authentication. The password never crosses the net in clear,
+ # if the remote system supports JavaScript. Please read the
+ # Documentation section about CR Authentication to understand
+ # what is going on.
+
class Example_Challenge_Auth extends Auth {
var $classname = "Example_Challenge_Auth";
***************
*** 149,153 ****
$pass = $this->db->f("password");
}
! $exspected_response = md5("$username:$pass:$challenge");
## True when JS is disabled
--- 176,180 ----
$pass = $this->db->f("password");
}
! $expected_response = md5("$username:$pass:$challenge");
## True when JS is disabled
***************
*** 162,166 ****
## Response is set, JS is enabled
! if ($exspected_response != $response) {
return false;
} else {
--- 189,193 ----
## Response is set, JS is enabled
! if ($expected_response != $response) {
return false;
} else {
***************
*** 172,175 ****
--- 199,206 ----
##
+ ## Another variation of Challenge-Response authentication,
+ ## done slightly differently. This one does not keep cleartext
+ ## passwords in your database table.
+ ##
## Example_Challenge_Crypt_Auth: Keep passwords in md5 hashes rather
## than cleartext in database
***************
*** 210,214 ****
$pass = $this->db->f("password"); ## Password is stored as a md5 hash
}
! $exspected_response = md5("$username:$pass:$challenge");
## True when JS is disabled
--- 241,245 ----
$pass = $this->db->f("password"); ## Password is stored as a md5 hash
}
! $expected_response = md5("$username:$pass:$challenge");
## True when JS is disabled
***************
*** 223,227 ****
## Response is set, JS is enabled
! if ($exspected_response != $response) {
return false;
} else {
--- 254,258 ----
## Response is set, JS is enabled
! if ($expected_response != $response) {
return false;
} else {
***************
*** 232,235 ****
--- 263,270 ----
}
+ ## An example implementation of a Perm subclass, implementing
+ ## a few atomic permissions. You want to read up on Permission
+ ## schemata design in the documentation.
+
class Example_Perm extends Perm {
var $classname = "Example_Perm";
***************
*** 253,263 ****
##
## Example_Menu may extend Menu.
! ## If you name this class differently, you must also
! ## rename its constructor function - this is a PHP language
! ## design stupidity.
##
## To use this, you must enable the require statement for
## menu.inc in prepend.php3.
##
# class Example_Menu extends Menu {
--- 288,302 ----
##
## Example_Menu may extend Menu.
! ## Remember that in PHP 3 a class's constructor function must have the
! ## same name as the class. To make it easier to extend this class we
! ## have a real constructor function called setup(). When you create an
! ## extension of this class, create your constructor function which only
! ## needs to call setup().
##
## To use this, you must enable the require statement for
## menu.inc in prepend.php3.
##
+ ## See /pages/menu for an example application of Example_Menu.
+ ##
# class Example_Menu extends Menu {
***************
*** 289,293 ****
# "/2" => array("title" => "Text 2"),
# "/2/1" => array("title" => "Text 2.1"),
! # "/2/2" => array("title" => "Text 2.2"),
# "/2/2/1"=> array("title" => "Text 2.2.1"),
# "/2/2/2"=> array("title" => "Text 2.2.2"),
--- 328,332 ----
# "/2" => array("title" => "Text 2"),
# "/2/1" => array("title" => "Text 2.1"),
! # "/2/2" => array("title" => "Text 2.2", "pseudo" => true),
# "/2/2/1"=> array("title" => "Text 2.2.1"),
# "/2/2/2"=> array("title" => "Text 2.2.2"),
***************
*** 295,299 ****
# "/2/4" => array("title" => "Text 2.4")
# );
! #
# function Example_Menu() {
# $this->setup();
--- 334,338 ----
# "/2/4" => array("title" => "Text 2.4")
# );
! #
# function Example_Menu() {
# $this->setup();
|
