[SASHA-Code] SF.net SVN: sasha:[84] trunk/SASHA
Brought to you by:
gphemsley
Menu
▾
▴
[SASHA-Code] SF.net SVN: sasha:[84] trunk/SASHA
|
From: <gph...@us...> - 2010-01-21 01:27:03
|
Revision: 84
http://sasha.svn.sourceforge.net/sasha/?rev=84&view=rev
Author: gphemsley
Date: 2010-01-21 01:26:56 +0000 (Thu, 21 Jan 2010)
Log Message:
-----------
Fix a slight security bug that caused the course selector to show every user's schedule items.
Only show registration errors in the proper contexts.
Properly sort courses on schedule list that aren't in the 'courses' table.
Show a message when leaving fields blank on the add schedule item page, instead of just failing silently. (Remember input, too.)
Prevent empty session hashes from being stored in the database.
Minor styling changes to improve usability and font selection on Windows.
Fix syntax error in SQL schema.
Modified Paths:
--------------
trunk/SASHA/inc/lib/lib.forms.php
trunk/SASHA/inc/lib/lib.schedule.php
trunk/SASHA/inc/lib/lib.sessions.php
trunk/SASHA/inc/lib/lib.user.php
trunk/SASHA/install/schema/mysql.sql
trunk/SASHA/style/default/screen.css
Modified: trunk/SASHA/inc/lib/lib.forms.php
===================================================================
--- trunk/SASHA/inc/lib/lib.forms.php 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/inc/lib/lib.forms.php 2010-01-21 01:26:56 UTC (rev 84)
@@ -390,7 +390,8 @@
*/
final private static function _create_instructor_selector( $selector_id, $current_instructor_ids = FALSE, $institution = FALSE )
{
- global $Database, $SASHA;
+ global $SASHA;
+ global $Database;
if( !is_array( $current_instructor_ids ) )
{
@@ -522,7 +523,8 @@
*/
final private static function _create_institution_selector( $selector_id, $institution = FALSE )
{
- global $Database, $SASHA;
+ global $SASHA;
+ global $Database;
$institution = ( $institution ) ? (string) $institution : $SASHA->institution;
@@ -618,7 +620,8 @@
*/
final private static function _create_course_selector( $selector_id, $current_schedule_id = FALSE, $semester = FALSE, $institution = FALSE )
{
- global $Database, $SASHA;
+ global $SASHA;
+ global $Database, $User;
$semester = ( $semester ) ? (string) $semester : $SASHA->semester;
@@ -628,7 +631,8 @@
FROM schedules s
LEFT JOIN ( institutions i )
ON ( s.institution = i.institution )
- WHERE s.semester = '$semester'
+ WHERE s.user_id = {$User->user_info['id']}
+ AND s.semester = '$semester'
$institution_where
ORDER BY i.name ASC, s.subject ASC, s.course ASC, s.section ASC, s.instructors ASC, s.days DESC";
Modified: trunk/SASHA/inc/lib/lib.schedule.php
===================================================================
--- trunk/SASHA/inc/lib/lib.schedule.php 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/inc/lib/lib.schedule.php 2010-01-21 01:26:56 UTC (rev 84)
@@ -82,6 +82,10 @@
{
print_message( 'good', 'Schedule for ' . $this->format_course( $this->subject, $this->course, $institution, ' ' ) . ' ' . $this->section . ' at ' . $this->format_institution( $institution ) . ' (' . $this->format_instructors( $this->instructors, '; ' ) . ' — ' . $this->format_schedule_type( $this->schedule_type ) . ': ' . $this->format_days( $this->schedule_days, 'array', 'html' ) . ') added successfully.', 'Addition successful.' );
}
+ else
+ {
+ print_message( 'bad', 'All fields in Step 1 are required. Check to see if you left any blank.', 'Addition failed.' );
+ }
}
elseif( $next )
{
@@ -118,7 +122,8 @@
'label' => 'Section Title',
'data' => array(
'size' => 75,
- 'maxlength' => 255
+ 'maxlength' => 255,
+ 'value' => $this->section_title
)
),
array(
@@ -316,7 +321,8 @@
'label' => 'Subject',
'data' => array(
'size' => 5,
- 'maxlength' => 5
+ 'maxlength' => 5,
+ 'value' => $this->subject
)
),
array(
@@ -325,7 +331,9 @@
'label' => 'Course',
'data' => array(
'size' => 4,
- 'maxlength' => 4
+ 'maxlength' => 4,
+ 'value' => $this->course
+
)
),
array(
@@ -334,7 +342,9 @@
'label' => 'Section',
'data' => array(
'size' => 5,
- 'maxlength' => 5
+ 'maxlength' => 5,
+ 'value' => $this->section
+
)
),
array(
@@ -351,6 +361,62 @@
),
array(
'type' => 'hidden',
+ 'name' => 'parent_schedule_id',
+ 'data' => array(
+ 'value' => $this->parent_schedule_id
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[0]',
+ 'data' => array(
+ 'value' => $this->instructors[0]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[1]',
+ 'data' => array(
+ 'value' => $this->instructors[1]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[2]',
+ 'data' => array(
+ 'value' => $this->instructors[2]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[3]',
+ 'data' => array(
+ 'value' => $this->instructors[3]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[4]',
+ 'data' => array(
+ 'value' => $this->instructors[4]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'instructors[5]',
+ 'data' => array(
+ 'value' => $this->instructors[5]
+ )
+ ),
+ array(
+ 'type' => 'hidden',
+ 'name' => 'section_title',
+ 'data' => array(
+ 'value' => $this->section_title
+ )
+ ),
+ array(
+ 'type' => 'hidden',
'name' => 'step',
'data' => array(
'value' => 1
@@ -386,6 +452,14 @@
$semester = ( exists( $_POST['semester'] ) ) ? ( ( is_array( $_POST['semester'] ) ) ? $_POST['semester']['year'] . $_POST['semester']['season'] : $_POST['semester'] ) : $semester;
$this_step = ( exists( $_POST['step'] ) ) ? (int) $_POST['step'] : 1;
+
+ if( ( $this_step > 1 ) && ( empty( $this->subject ) || empty( $this->course ) || empty( $this->section ) ) )
+ {
+ print_message( 'bad', 'All fields in Step 1 are required. Do not leave any blank.', 'Addition failed.' );
+
+ $this_step = 1;
+ }
+
$prev_step = ( $this_step ) ? (int) ( $this_step - 1 ) : 0;
$next_step = ( $this_step ) ? (int) ( $this_step + 1 ) : 0;
@@ -423,6 +497,10 @@
return;
}
+ else
+ {
+ print_message( 'bad', 'Check all fields and try again.', 'Addition failed.' );
+ }
$form_data = array();
break;
@@ -749,15 +827,17 @@
$sql = "SELECT s.*, c.course_title
FROM schedules s
- LEFT JOIN ( institutions i, courses c )
- ON ( i.institution = c.institution
+ LEFT JOIN ( institutions i1 )
+ ON ( s.institution = i1.institution )
+ LEFT JOIN ( institutions i2, courses c )
+ ON ( i2.institution = c.institution
AND s.institution = c.institution
AND s.subject = c.subject
AND s.course = c.course )
WHERE s.user_id = {$User->user_info['id']}
AND s.semester = '$semester'
$institution_where
- ORDER BY s.semester ASC, i.name ASC, s.days DESC, s.start_time ASC, s.end_time ASC, s.subject ASC, s.course ASC, s.section ASC";
+ ORDER BY s.semester ASC, i1.name ASC, s.days DESC, s.start_time ASC, s.end_time ASC, s.subject ASC, s.course ASC, s.section ASC";
$result = $Database->query( $sql );
Modified: trunk/SASHA/inc/lib/lib.sessions.php
===================================================================
--- trunk/SASHA/inc/lib/lib.sessions.php 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/inc/lib/lib.sessions.php 2010-01-21 01:26:56 UTC (rev 84)
@@ -129,6 +129,20 @@
}
$session_hash = $this->generate_hash();
+
+ // Check to make sure we actually got a good hash.
+ if( empty( $session_hash ) || !$this->validate_hash( $session_hash ) )
+ {
+ // If we don't have a good hash, try again.
+ $session_hash = $this->generate_hash();
+
+ // If we still don't have a good hash, don't attempt to create the session.
+ if( empty( $session_hash ) || !$this->validate_hash( $session_hash ) )
+ {
+ return FALSE;
+ }
+ }
+
$time_now = time();
$time_then = ( $user_id <= USER_ANONYMOUS ) ? $time_now + DAT_WEEK : $time_now + DAT_MONTH;
Modified: trunk/SASHA/inc/lib/lib.user.php
===================================================================
--- trunk/SASHA/inc/lib/lib.user.php 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/inc/lib/lib.user.php 2010-01-21 01:26:56 UTC (rev 84)
@@ -203,7 +203,7 @@
$error = FALSE;
// Make sure username is valid.
- if( !$this->_validate_username( $username ) )
+ if( empty( $username ) || !$this->_validate_username( $username ) )
{
print_message( 'bad', 'Please enter a valid username. Usernames may only contain letters, numbers, hyphens, and underscores.', 'Invalid username.' );
@@ -211,7 +211,7 @@
}
// Make sure username is available.
- if( !$this->_check_username_availability( $username ) )
+ if( !empty( $username ) && !$this->_check_username_availability( $username ) )
{
print_message( 'bad', 'Sorry, that username is taken. Please choose a different username.', 'Username taken.' );
@@ -227,7 +227,7 @@
}
// Make sure password is strong enough.
- if( !$this->_check_password_strength( $password ) )
+ if( empty( $password ) || !$this->_check_password_strength( $password ) )
{
print_message( 'bad', 'Please enter a stronger password, with at least 6 characters. It is recommended that you use uppercase and lowercase letters, numbers, and symbols for the best security.', 'Weak password.' );
@@ -235,7 +235,7 @@
}
// Make sure e-mail address is valid.
- if( !$this->_validate_email_address( $email_address ) )
+ if( empty( $email_address ) || !$this->_validate_email_address( $email_address ) )
{
print_message( 'bad', 'Please enter a valid e-mail address.', 'Invalid e-mail address.' );
@@ -243,7 +243,7 @@
}
// Make sure e-mail address is available.
- if( !$this->_check_email_address_availability( $email_address ) )
+ if( !empty( $email_address ) && !$this->_check_email_address_availability( $email_address ) )
{
print_message( 'bad', 'Sorry, that e-mail address is already in use. Please use a different e-mail address.', 'E-mail address in use.' );
@@ -251,7 +251,7 @@
}
// Make sure institution is valid.
- if( !$SASHA->validate_institution( $default_institution ) )
+ if( empty( $default_institution ) || !$SASHA->validate_institution( $default_institution ) )
{
print_message( 'bad', 'Please select a valid institution.', 'Invalid institution.' );
Modified: trunk/SASHA/install/schema/mysql.sql
===================================================================
--- trunk/SASHA/install/schema/mysql.sql 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/install/schema/mysql.sql 2010-01-21 01:26:56 UTC (rev 84)
@@ -38,7 +38,7 @@
`subject` varchar(5) NOT NULL,
course smallint(4) unsigned zerofill NOT NULL,
course_title varchar(255) NOT NULL,
- PRIMARY KEY (institution,`subject`,course),
+ PRIMARY KEY (institution,`subject`,course)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
# ############################
Modified: trunk/SASHA/style/default/screen.css
===================================================================
--- trunk/SASHA/style/default/screen.css 2010-01-20 05:26:26 UTC (rev 83)
+++ trunk/SASHA/style/default/screen.css 2010-01-21 01:26:56 UTC (rev 84)
@@ -15,7 +15,7 @@
body {
background-color: #FFEEFF;
color: black;
- font-family: "Lucida Grande", "Lucida Sans Unicode", "Lucida Sans", "Trebuchet MS", Verdana, Helvetica, Tahoma, "Arial Unicode MS", Arial, sans-serif;
+ font-family: "Lucida Grande", "Trebuchet MS", "Lucida Sans Unicode", "Lucida Sans", Verdana, Helvetica, Tahoma, "Arial Unicode MS", Arial, sans-serif;
font-size: 10pt; /* 12pt; */
}
@@ -59,14 +59,14 @@
h2 {
background-color: inherit;
- color: #660066;
+ color: #770077;
font-size: 133.333%; /* 16pt; */
- text-decoration: underline;
+/* text-decoration: underline;*/
}
h3 {
background-color: inherit;
- color: #990099;
+ color: #AA00AA;
font-size: 116.667%; /* 14pt;*/
}
@@ -101,6 +101,10 @@
text-transform: capitalize;
}
+p.message a {
+ font-weight: bolder;
+}
+
p.message.good {
background-color: #C0FFCB; /* green counterpart of pink */
color: black;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
