From d38bdf43ecd166c4518fbaa561479ccbfe313802 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Tue, 15 Feb 2005 22:29:32 +0000 Subject: [PATCH] *** empty log message *** svn path=/trunk/boinc/; revision=5435 --- checkin_notes | 21 ++++++++- html/inc/db.inc | 10 +++++ html/inc/util.inc | 9 ++++ html/user/confirm_email_change.php | 31 ++++++------- html/user/edit_email_action.php | 72 +++++++++++++++--------------- html/user/host_edit_form.php | 13 +++--- html/user/host_venue_action.php | 15 +++---- html/user/hosts_user.php | 9 ++-- html/user/result.php | 31 +++++++------ html/user/show_user.php | 18 ++++---- html/user/team_display.php | 12 ++--- html/user/team_quit_form.php | 19 ++++---- html/user/userw.php | 18 +++----- 13 files changed, 146 insertions(+), 132 deletions(-) diff --git a/checkin_notes b/checkin_notes index 991ed3dcc5..bacc70b8f8 100755 --- a/checkin_notes +++ b/checkin_notes @@ -24818,4 +24818,23 @@ Bruce 15 Feb 2005 sched_send.C server_types.h - +David 15 Feb 2005 + - User web: security-related PHP cleanup + Replace $_GET["id"] with getint("id) here and there. + Use lookup_x() instead of explicit SQL + + html/ + inc/ + db.inc + util.inc + user/ + confirm_email_change.php + edit_email_action.php + host_edit_form.php + host_venue_action.php + hosts_user.php + results.php + show_user.php + team_display.php + team_quit_form.php + userw.php diff --git a/html/inc/db.inc b/html/inc/db.inc index 5151e44982..10654dfe3a 100644 --- a/html/inc/db.inc +++ b/html/inc/db.inc @@ -75,6 +75,16 @@ function lookup_wu($id) { return null; } +function lookup_result($id) { + $result = mysql_query("select * from result where id=$id"); + if ($result) { + $r = mysql_fetch_object($result); + mysql_free_result($result); + return $r; + } + return null; +} + function lookup_app($id) { $result = mysql_query("select * from app where id=$id"); if ($result) { diff --git a/html/inc/util.inc b/html/inc/util.inc index 94ab054f82..2914717ba0 100644 --- a/html/inc/util.inc +++ b/html/inc/util.inc @@ -442,6 +442,15 @@ function get_str($name, $optional=false) { return $x; } +function get_venue($name) { + $x = $_GET[$name]; + if ($x == "") return $x; + if ($x == "home") return $x; + if ($x == "work") return $x; + if ($x == "school") return $x; + error_page("no such venue: $x"); +} + function post_str($name, $optional=false) { $x = $_POST[$name]; if (!$x && !optional) { diff --git a/html/user/confirm_email_change.php b/html/user/confirm_email_change.php index 5011fd250b..08fb03b975 100644 --- a/html/user/confirm_email_change.php +++ b/html/user/confirm_email_change.php @@ -9,30 +9,25 @@ $id = get_int("id"); $str = process_user_text(get_str("str")); - $user = null; - $result = mysql_query("select * from user where id=$id"); - if ($result) { - $user = mysql_fetch_object($result); + $user = lookup_user_id($id); + if (!$user) { + error_page("No such user"); } page_head("Verify email address change"); - if ($user) { - if (split_munged_email_addr($user->email_addr, $str, $new_email)) { - $new_email = trim(strtolower($new_email)); - $result = mysql_query("update user set email_addr='$new_email' where id=$user->id"); - if ($result) { - echo "Email address change verified"; - } else { - echo "Verification failed due to database error. Please try again later."; - } + if (split_munged_email_addr($user->email_addr, $str, $new_email)) { + $new_email = trim(strtolower($new_email)); + $result = mysql_query("update user set email_addr='$new_email' where id=$user->id"); + if ($result) { + echo "Email address change verified"; } else { - $user = null; + echo "Verification failed due to database error. Please try again later."; } } else { - echo "User not found"; - } - if (!$user) { - echo "We weren't expecting a verification of this account's email address. Please request the change again."; + echo " + We weren't expecting a verification of this account's email address. + Please request the change again. + "; } page_tail(); diff --git a/html/user/edit_email_action.php b/html/user/edit_email_action.php index 320dcf7977..811fbc3d7d 100644 --- a/html/user/edit_email_action.php +++ b/html/user/edit_email_action.php @@ -15,49 +15,49 @@ To confirm this change, please visit the following URL: ); } - db_init(); - $user = get_logged_in_user(); +db_init(); +$user = get_logged_in_user(); - $email_addr = process_user_text(post_str("email_addr")); +$email_addr = process_user_text(post_str("email_addr")); - page_head("Edit email address"); - if ($email_addr == "Verification pending") { - echo "You previously requested an email address change. - An email was sent to the new address, - containing a URL that you must visit to verify the new address. - "; - } else if (!is_valid_email_addr($email_addr)) { - echo "Invalid email address requested"; - } else if ($email_addr == $user->email_addr) { - echo "No change requested"; +page_head("Edit email address"); +if ($email_addr == "Verification pending") { + echo "You previously requested an email address change. + An email was sent to the new address, + containing a URL that you must visit to verify the new address. + "; +} else if (!is_valid_email_addr($email_addr)) { + echo "Invalid email address requested"; +} else if ($email_addr == $user->email_addr) { + echo "No change requested"; +} else { + $existing = null; + $result = mysql_query("select * from user where email_addr='$email_addr'"); + if ($result) { + $existing = mysql_fetch_object($result); + mysql_free_result($result); + } + if ($existing) { + echo "There's already an account with that email address"; } else { - $existing = null; - $result = mysql_query("select * from user where email_addr='$email_addr'"); + $x = random_string(); + $y = munge_email_addr($email_addr, $x); + $result = mysql_query("update user set email_addr='$y' where id=$user->id"); if ($result) { - $existing = mysql_fetch_object($result); - mysql_free_result($result); - } - if ($existing) { - echo "There's already an account with that email address"; + send_verify_email($user, $email_addr, $x); + echo " + An email has been sent to $email_addr, + containing a URL that you must visit to verify the address. + "; } else { - $x = random_string(); - $y = munge_email_addr($email_addr, $x); - $result = mysql_query("update user set email_addr='$y' where id=$user->id"); - if ($result) { - send_verify_email($user, $email_addr, $x); - echo " - An email has been sent to $email_addr, - containing a URL that you must visit to verify the address. - "; - } else { - echo " - We can't update your email address - due to a database problem. Please try again later. - "; - } + echo " + We can't update your email address + due to a database problem. Please try again later. + "; } } +} - page_tail(); +page_tail(); ?> diff --git a/html/user/host_edit_form.php b/html/user/host_edit_form.php index b8913232f7..651eae08f4 100644 --- a/html/user/host_edit_form.php +++ b/html/user/host_edit_form.php @@ -7,17 +7,14 @@ require_once("../inc/host.inc"); db_init(); $user = get_logged_in_user(); -page_head("Merge host"); - -$hostid = $_GET["hostid"]; -$result = mysql_query("select * from host where id=$hostid"); -$host = mysql_fetch_object($result); -mysql_free_result($result); +$hostid = get_int("hostid"); +$host = lookup_host($hostid); if (!$host || $host->userid != $user->id) { - echo "We have no record of that computer"; - exit(); + error_page("We have no record of that computer"); } +page_head("Merge host"); + $t = time_str($host->create_time); echo " Sometimes BOINC assigns separate identities to the same computer by mistake. diff --git a/html/user/host_venue_action.php b/html/user/host_venue_action.php index 85fefdccde..1363383eaf 100644 --- a/html/user/host_venue_action.php +++ b/html/user/host_venue_action.php @@ -6,20 +6,15 @@ $user = get_logged_in_user(); - $venue = $_GET["venue"]; - $hostid = $_GET["hostid"]; - - $result = mysql_query("select * from host where id = $hostid"); - $host = mysql_fetch_object($result); - mysql_free_result($result); + $venue = get_venue("venue"); + $hostid = get_int("hostid"); + $host = lookup_host($hostid); if (!$host) { - echo "Couldn't find host."; - exit(); + error_page("No such host"); } if ($host->userid != $user->id) { - echo "Not your host\n"; - exit(); + error_page("Not your host"); } $retval = mysql_query("update host set venue='$venue' where id = $hostid"); diff --git a/html/user/hosts_user.php b/html/user/hosts_user.php index 1e716cc5a4..9430bc129e 100644 --- a/html/user/hosts_user.php +++ b/html/user/hosts_user.php @@ -8,14 +8,15 @@ require_once("../inc/cache.inc"); db_init(); - $userid = $_GET["userid"]; + $userid = get_int("userid", true); if ($userid) { + $user = lookup_user_id($userid); + if (!$user) { + error_page("No such user"); + } $cache_args = "userid=$userid"; $caching=true; start_cache(USER_PAGE_TTL, $cache_args); - $result = mysql_query("select * from user where id=$userid"); - $user = mysql_fetch_object($result); - mysql_free_result($result); if ($user->show_hosts) { page_head("Computers belonging to $user->name"); user_host_table_start(false); diff --git a/html/user/result.php b/html/user/result.php index 01f9b27925..1c5295cf07 100644 --- a/html/user/result.php +++ b/html/user/result.php @@ -1,20 +1,19 @@ diff --git a/html/user/show_user.php b/html/user/show_user.php index 9f1a7ee1fe..1d1e798da4 100644 --- a/html/user/show_user.php +++ b/html/user/show_user.php @@ -4,20 +4,22 @@ $id = get_int("userid"); $format = get_str("format", true); - $cache_args = "userid=$id"; - if ($format=="xml") { - $cache_args .= "&format=xml"; - } - start_cache(USER_PAGE_TTL, $cache_args); require_once("../inc/db.inc"); require_once("../inc/user.inc"); require_once("../inc/forum.inc"); db_init(); - $result = mysql_query("select * from user where id = $id"); - $user = mysql_fetch_object($result); - mysql_free_result($result); + $user = lookup_user_id($id); + if (!$user) { + error_page("no such user"); + } + + $cache_args = "userid=$id"; + if ($format=="xml") { + $cache_args .= "&format=xml"; + } + start_cache(USER_PAGE_TTL, $cache_args); $user = getForumPreferences($user); diff --git a/html/user/team_display.php b/html/user/team_display.php index 04cf28a52b..4bfb307445 100644 --- a/html/user/team_display.php +++ b/html/user/team_display.php @@ -3,9 +3,9 @@ require_once("../inc/cache.inc"); $sort_by = $_GET["sort_by"]; if (!$sort_by) $sort_by = "expavg_credit"; -$offset = $_GET["offset"]; +$offset = get_int("offset", true); if (!$offset) $offset=0; -$teamid = $_GET["teamid"]; +$teamid = get_int("teamid"); if ($offset > 1000) { page_head("Limit exceeded"); @@ -24,13 +24,9 @@ require_once("../inc/team.inc"); db_init(); $user = get_logged_in_user(false); -$result = mysql_query("select * from team where id=$teamid"); -if ($result) { - $team = mysql_fetch_object($result); -} +$team = lookup_team($teamid); if (!$team) { - echo ("Can't find team in database"); - exit(); + error_page("No such team"); } display_team_page($team, $offset, $sort_by); diff --git a/html/user/team_quit_form.php b/html/user/team_quit_form.php index d560eac259..de0a360ee2 100644 --- a/html/user/team_quit_form.php +++ b/html/user/team_quit_form.php @@ -1,4 +1,4 @@ -teamid; -$result = mysql_query("select * from team where id=$id"); -if ($result) { - $team = mysql_fetch_object($result); - mysql_free_result($result); +$team = lookup_team($user->teamid); +if (!$team) { + error_page("No such team"); } -$team_name = $team->name; -$team_id = $team->id; -page_head("Quit $team_name"); + +page_head("Quit $team->name"); echo " Please note before quitting a team:

- + id>
"; page_tail(); -} ?> +?> diff --git a/html/user/userw.php b/html/user/userw.php index c20eb76c1e..1dab208f35 100644 --- a/html/user/userw.php +++ b/html/user/userw.php @@ -2,20 +2,14 @@ require_once("../inc/util.inc"); require_once("../inc/userw.inc"); require_once("../inc/db.inc"); - // require_once("../inc/trickle.inc"); require_once("../inc/wap.inc"); - // show the home page of app user from envvar - - $userid = $_GET['id']; - if (!$userid) { - echo "User id (userw.php?id=###) missing!"; - exit(); // can't do much without a userid! - } - + $userid = get_int('id'); db_init(); - $res = mysql_query("select * from user where id = $userid") or die("error in query"); - $user = mysql_fetch_object($res) or die("error in fetch_object"); + + $user = lookup_user_id($userid); + if (!$user) { + error_page("No such user"); + } show_user_wap($user); - mysql_free_result($res); ?>