From ad1adc9cdd234ce4904a31f244469993a0f2cb7e Mon Sep 17 00:00:00 2001 From: "Matteo Nastasi (mop)" Date: Wed, 26 Mar 2014 07:46:31 +0100 Subject: [PATCH] add cmd unix socket with 'userauth' command implemented, incomplete usermgmt page added. --- TODO.txt | 3 + sql/sql.d/100-anagr.sql.devel | 3 +- web/Obj/sac-a-push.phh | 19 ++++- web/Obj/user.phh | 2 +- web/usermgmt.php | 155 ++++++++++++++++++++++++++++++++++ 5 files changed, 177 insertions(+), 5 deletions(-) create mode 100644 web/usermgmt.php diff --git a/TODO.txt b/TODO.txt index 3d779e3..96c8c24 100644 --- a/TODO.txt +++ b/TODO.txt @@ -32,6 +32,9 @@ DONE . manage disagreeding users investigation DONE . self guaranteed + DONE . userauth command works + DONE . use it by the usermgmt page + . finish to implement the user management system . email validation . account expiration diff --git a/sql/sql.d/100-anagr.sql.devel b/sql/sql.d/100-anagr.sql.devel index 6b3796a..d65f920 100644 --- a/sql/sql.d/100-anagr.sql.devel +++ b/sql/sql.d/100-anagr.sql.devel @@ -11,7 +11,8 @@ -- define(USER_FLAG_TY_DISABLE, 0x00800000); // done DELETE FROM #PFX#users WHERE code = 10101; -INSERT INTO #PFX#users (code, login, pass, email, type, guar_code) VALUES (10101, 'uno', md5('one'), 'uno@pluto.com', CAST (X'00020000' as integer), 10101); +DELETE FROM #PFX#users WHERE guar_code = 10101 AND code != 10101; +INSERT INTO #PFX#users (code, login, pass, email, type, guar_code) VALUES (10101, 'uno', md5('one'), 'uno@pluto.com', CAST (X'00410000' as integer), 10101); DELETE FROM #PFX#users WHERE code = 10102; INSERT INTO #PFX#users (code, login, pass, email, type, guar_code) VALUES (10102, 'due', md5('two'), 'due@pluto.com', CAST (X'00010000' as integer), 10101); DELETE FROM #PFX#users WHERE code = 10103; diff --git a/web/Obj/sac-a-push.phh b/web/Obj/sac-a-push.phh index 433ec45..b184fb4 100644 --- a/web/Obj/sac-a-push.phh +++ b/web/Obj/sac-a-push.phh @@ -937,17 +937,30 @@ class Sac_a_push { function direct_command($cmdstr) { + GLOBAL $G_alarm_passwd; + $cmd = cmd_deserialize($cmdstr); if (!isset($cmd['cmd'])) { return cmd_return(500, 'no cmd found'); } - // "cmd" => "userauth", "login" => 'mop', 'private' => 'it_must_be_correct', + // "cmd" => "userauth", "sess" => 'xxxxxxxxxxx', 'private' => 'it_must_be_correct', // 'the_end' => 'true' ); + // cmd=userauth&sess=52d796ac08c47&private=yourpasswd192.168.122.152d796ac08c47&the_end=true if ($cmd['cmd'] == 'userauth') { - if (!isset($cmd['login']) || !isset($cmd['private'])) { - return cmd_return(503, 'malformed cmd'); + if (!isset($cmd['sess']) || !isset($cmd['private'])) { + return cmd_return(401, 'malformed cmd'); } + $idx = -1; + if (($user = $this->app->get_user($cmd['sess'], &$idx)) == FALSE) + return cmd_return(402, 'user not found'); + + if (($user->flags & USER_FLAG_TY_ADMIN) == 0x00) + return cmd_return(403, 'permission denied'); + + if (md5($G_alarm_passwd.$user->ip.$user->sess) != $cmd['private']) + return cmd_return(404, 'authentication failed ['.$cmd['private'].']['.$G_alarm_passwd.$user->ip.$user->sess.']'); + return cmd_return(200, 'success'); } diff --git a/web/Obj/user.phh b/web/Obj/user.phh index 4754969..3e6c4a1 100644 --- a/web/Obj/user.phh +++ b/web/Obj/user.phh @@ -60,7 +60,7 @@ define('USER_FLAG_TY_SUPER', 0x020000); // done define('USER_FLAG_TY_CERT', 0x040000); // done // ... other usefull status ... define('USER_FLAG_TY_FIRONLY', 0x200000); // done -// define('USER_FLAG_TY_free-to-use', 0x400000); // done +define('USER_FLAG_TY_ADMIN', 0x400000); // done define('USER_FLAG_TY_DISABLE', 0x800000); // done // ... reasons for disabling account ... diff --git a/web/usermgmt.php b/web/usermgmt.php new file mode 100644 index 0000000..79ba9b1 --- /dev/null +++ b/web/usermgmt.php @@ -0,0 +1,155 @@ + array( 'it' => 'Partite normali', + 'en' => 'Normal matches' ), + 'special match' => array( 'it' => 'Partite speciali', + 'en' => 'Special matches'), + + 'info_total'=> array( 'it' => 'totali', + 'en' => 'En totali') + ); + +ini_set("max_execution_time", "240"); + +require_once($G_base."Obj/brisk.phh"); +require_once($G_base."Obj/user.phh"); +require_once($G_base."Obj/auth.phh"); +require_once($G_base."Obj/dbase_${G_dbasetype}.phh"); +require_once($G_base."briskin5/Obj/briskin5.phh"); +require_once($G_base."briskin5/Obj/placing.phh"); +require_once($G_base."spush/brisk-spush.phh"); + +function check_auth() +{ + GLOBAL $G_alarm_passwd, $sess, $_POST, $_SERVER; + + $socket = FALSE; + $ret = FALSE; + $ip = $_SERVER["REMOTE_ADDR"]; + + $private = md5($G_alarm_passwd.$ip.$sess); + $cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true"); + $cmd_ser = cmd_serialize($cmd); + $cmd_len = mb_strlen($cmd_ser, "ASCII"); + + do { + if (($socket = stream_socket_client("unix://".USOCK_PATH."2")) == FALSE) + break; + if (($rwr = fwrite($socket, $cmd_ser, $cmd_len)) == FALSE + || $rwr != $cmd_len) + break; + fflush($socket); + if (($buf = fread($socket, 4096)) == FALSE) + break; + $res = cmd_deserialize($buf); + if (!isset($res['val']) || $res['val'] != 200) + break; + $ret = TRUE; + } while (0); + if ($socket != FALSE) + fclose($socket); + + return ($ret); +} + +function main($action) { + GLOBAL $G_dbpfx, $G_alarm_passwd, $f_mailusers, $sess, $_POST, $_SERVER; + + if (check_auth() == FALSE) { + echo "Authentication failed"; + exit; + } + + if (isset($f_mailusers)) { + $action = "listnew"; + } + + if ($action == "listnew") { + echo "pippo"; + } + else { + do { + + if (($bdb = BriskDB::create()) == FALSE) { + log_crit("stat-day: database connection failed"); + break; + } + + // retrieve list of active tournaments + $usr_sql = sprintf(" +SELECT usr.*, guar.login AS guar_login + FROM %susers AS usr + JOIN %susers AS guar ON guar.code = usr.guar_code + WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) ) + AND usr.disa_reas = %d;", + $G_dbpfx, $G_dbpfx, + USER_FLAG_TY_ALL, USER_FLAG_TY_DISABLE, + USER_DIS_REA_NU_TOBECHK); + if (($usr_pg = pg_query($bdb->dbconn->db(), $usr_sql)) == FALSE) { + log_crit("stat-day: select from tournaments failed"); + break; + } + + $usr_n = pg_numrows($usr_pg); + printf("Number of tournaments: %d\n", $usr_n); + + $tab_lines = ""; + // loop on tournaments + for ($i = 0 ; $i < $usr_n ; $i++) { + // log_crit("stat-day: LOOP i"); + $usr_obj = pg_fetch_object($usr_pg, $i); + + $tab_lines .= sprintf("%s\n", + $usr_obj->code, eschtml($usr_obj->login), eschtml($usr_obj->guar_login)); + } + ?> + + +
" method="POST"> + + +
+ +
+ + + \ No newline at end of file -- 2.17.1