[gentoo-commits] proj/bouncer:master commit in: php/lib/, php/, php/admin/

Tue, 30 Jan 2018 10:16:54 -0800 

commit:     0184aecdf36ab398ef3696e5211aff53b7239772
Author:     Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 14:53:01 2018 +0000
Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 14:53:01 2018 +0000
URL:        https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=0184aecd

Fix query errors and missing indexes; add error handling for user facing

 php/admin/mirror-list.php |  2 +-
 php/index-list.php        | 16 ++++++++++++----
 php/index.php             | 23 ++++++++++++++++-------
 php/lib/auth.php          |  2 +-
 4 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/php/admin/mirror-list.php b/php/admin/mirror-list.php
index e0876d4..29f6e9b 100644
--- a/php/admin/mirror-list.php
+++ b/php/admin/mirror-list.php
@@ -40,7 +40,7 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) {
             mirror_locations.product_id = ? AND
             mirror_location_mirror_map.location_active = '1' AND
             mirror_mirrors.mirror_active = '1'
-        ", PDO::FETCH_ASSOC, [$os_id, $product_id]);
+        ", PDO::FETCH_ASSOC, null, [$os_id, $product_id]);
 
     header("Content-type: text/plain;");
     foreach ($mirrors as $mirror) {

diff --git a/php/index-list.php b/php/index-list.php
index 1b158b7..861ba95 100644
--- a/php/index-list.php
+++ b/php/index-list.php
@@ -7,7 +7,9 @@
 require_once('./cfg/init.php');
 require_once(LIB.'/auth.php');  // auth functions
 require_once(LIB.'/forms.php'); // form library
-error_reporting(E_GET);
+ob_start();
+
+try{
 
 if (!empty($_GET['os'])&&!empty($_GET['product'])) {
     // clean in os and product strings
@@ -44,7 +46,7 @@ if (!empty($os_id)&&!empty($product_id)) {
             mirror_mirrors.mirror_active = '1'
                ORDER BY
                        mirror_rating DESC, mirror_baseurl
-        ", PDO::FETCH_ASSOC, [$os_id, $product_id]);
+        ", PDO::FETCH_ASSOC, null, [$os_id, $product_id]);
 
     header("Content-type: text/plain;");
     foreach ($mirrors as $mirror) {
@@ -68,15 +70,21 @@ if (!empty($os_id)&&!empty($product_id)) {
     echo '<div>';
     form_label('Product', 'product','label-small');
     
form_select('product_id','product','',Mirror::get_products_select(),$_GET['product_id']);
-    echo ' [<a href="./products.php">edit products</a>]';
+    echo ' [<a href="admin/products.php">edit products</a>]';
     echo '</div><br />';
 
     echo '<div>';
     form_label('OS', 'os','label-small');
     form_select('os_id','os','',Mirror::get_oss_select(),$_GET['os_id']);
-    echo ' [<a href="./os.php">edit operating systems</a>]';
+    echo ' [<a href="admin/os.php">edit operating systems</a>]';
     echo '</div><br />';
     form_submit('submit','','button1','Update');
     form_end();
     require_once(FOOTER);
 }
+
+} catch (Exception $ex) {
+       header("Status: 500", true, 500);
+       echo "An unexpected error has occurred.";
+       trigger_error($ex->getMessage() . ' ' . $ex->getTraceAsString(), 
E_USER_WARNING);
+}

diff --git a/php/index.php b/php/index.php
index 28b29b8..aeb7128 100644
--- a/php/index.php
+++ b/php/index.php
@@ -4,14 +4,14 @@
  *  @package mirror
  *     @subpackage pub
  */
-error_reporting(0);  // hide all errors
+ob_start();
 require_once('./cfg/config.php');  // config file that defines constants
 
 // if we don't have an os, make it windows, playing the odds
 if (empty($_GET['os'])) {
     $_GET['os'] = 'Any';
 }
-
+try{
 // do we even have an os or product?
 if (!empty($_GET['os'])&&!empty($_GET['product'])) {
     require_once(LIB.'/db.php');  // core mysql wrappers
@@ -27,19 +27,19 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {
 
     // do we have a valid os and product?
     if (!empty($os_id)&&!empty($product_id)) {
-        $location = DB::get_one("SELECT location_id,location_path FROM 
mirror_locations WHERE product_id={$product_id} AND os_id={$os_id}");
+        $location = DB::get_one("SELECT location_id,location_path FROM 
mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, 
[$product_id, $os_id]);
 
         // did we get a valid location?
         if (!empty($location)) {
-            $mirror = DB::get_one("SELECT 
mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors, 
mirror_location_mirror_map WHERE mirror_mirrors.mirror_id = 
mirror_location_mirror_map.mirror_id AND mirror_location_mirror_map.location_id 
= {$location['location_id']} AND mirror_active='1' AND location_active ='1' 
ORDER BY rand()*(1/mirror_rating)");
+            $mirror = DB::get_one("SELECT 
mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN 
mirror_location_mirror_map ON mirror_mirrors.mirror_id = 
mirror_location_mirror_map.mirror_id WHERE 
mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND 
location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, 
[$location['location_id']]);
 
             // did we get a valid mirror?
             if (!empty($mirror)) {
 
                 // if logging is enabled, insert log
                 if (LOGGING) {
-                    DB::query("UPDATE mirror_mirrors SET 
mirror_count=mirror_count+1 WHERE mirror_id={$mirror['mirror_id']}");
-                    DB::query("UPDATE mirror_products SET 
product_count=product_count+1 WHERE product_id={$product_id}");
+                    DB::query("UPDATE mirror_mirrors SET 
mirror_count=mirror_count+1 WHERE mirror_id=?", [$mirror['mirror_id']]);
+                    DB::query("UPDATE mirror_products SET 
product_count=product_count+1 WHERE product_id=?", [$product_id]);
                 }
 
                 // LANGUAGE HACK
@@ -51,7 +51,7 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {
                // BitTorrent HACK - robbat2
                if (!empty($_GET['extra'])) {
                        $extra = $_GET['extra'];
-                       $location['location_path'] .= 
ereg_replace('\?.*|&.*','',$extra);
+                       $location['location_path'] .= 
preg_replace('/\?.*|&.*/','',$extra);
                }
 
                 // if we are just testing, then just print and exit.
@@ -62,11 +62,20 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {
 
                 // otherwise, by default, redirect them and exit
                 header('Location: 
'.$mirror['mirror_baseurl'].$location['location_path']);
+               var_dump($mirror);
                 exit;
             }
         }
     }
 }
+}
+catch (Exception $ex) {
+        header("Status: 500", true, 500);
+        echo "An unexpected error has occurred.";
+        trigger_error($ex->getMessage() . ' ' . $ex->getTraceAsString(), 
E_USER_WARNING);
+       exit();
+}
+
 
 // if we get here, the request was invalid; redirect to Gentoo home
 header('Location: http://www.gentoo.org/');

diff --git a/php/lib/auth.php b/php/lib/auth.php
index eb6319c..68bf91a 100644
--- a/php/lib/auth.php
+++ b/php/lib/auth.php
@@ -62,7 +62,7 @@ public static function query($username,$password)
 
 private static function password_upgrade($userrow, $username, $password) {
        require_once(LIB.'/mirror.php'); //Upgrade password security
-       
Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['firstname'],$userrow['lastname'],$userrow['email']);
+       
Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['user_firstname'],$userrow['user_lastname'],$userrow['user_email']);
 }
 
 /**

Reply via email to