xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit c99a539501f24a82fb890a7ef59e2d97517246c5

Checkpoint
Author: Catalin(ux) M. BOIE
Author date (UTC): 2014-12-10 21:25
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2014-12-10 21:25
Parent(s): 408ea6e114460b413daca5e96d1551ef04080a04
Signing key:
Tree: d6afa8f50f07e7a6ba664e8a01a27f914b48d73e
File Lines added Lines deleted
TODO 14 46
inc/bug.inc.php 5 0
inc/cache.inc.php 45 13
inc/fixes.inc.php 2 2
inc/login/login.php 17 5
inc/plan.inc.php 10 0
inc/repo.inc.php 20 0
inc/sql.inc.php 1 2
inc/state.inc.php 15 4
inc/token.inc.php 150 47
inc/user.inc.php 28 8
inc/user/keys/keys.php 11 0
inc/user/pass/pass.php 5 0
inc/user/repo/bug/main.php 7 2
inc/user/repo/bug/show/add_note.php 5 0
inc/user/repo/bug/show/show.php 11 1
inc/user/settings.php 1 1
inc/util.inc.php 25 2
root/index.php 12 8
root/themes/default/ok.html 1 3
root/themes/default/suggestion_sent.html 1 3
root/themes/default/user/add_edit.html 1 1
root/themes/default/user/login.html 1 0
tests/Makefile 4 1
tests/hook_update_help.php 133 0
tests/http.inc.php 77 9
tests/http_create_account.php 54 0
tests/http_login.php 58 6
tests/http_settings.php 220 0
tests/tmp.php 25 0
tests/token.php 25 9
File TODO changed (mode: 100644) (index ce9e129..712afb2)
1 1 == Where I stopped last time == == Where I stopped last time ==
2 [ ] Seems I have to generate a sid, even if user is not logged in yet.
3 Else, create_account op is not working: no sid -> no token.
4 2 [ ] Creating an account is not working. We test for 'E' right and is not [ ] Creating an account is not working. We test for 'E' right and is not
5 3 present. We should not check for 'E' if uid is 0? present. We should not check for 'E' if uid is 0?
6 4 [ ] Decide what rights to inject for 'refs'. [ ] Decide what rights to inject for 'refs'.
7 5 [ ] Friends will need a way to register an account with a full account type. [ ] Friends will need a way to register an account with a full account type.
8 6 Find a way to distribute this code and a way to support it in rg. Find a way to distribute this code and a way to support it in rg.
9 7
10 CSRF login:
11 atacator fraiereste user-ul sa mearga pe o pagina controlata de el.
12 Acolo se face post automat la site-ul adevarat, cu datele atacatorului.
13 Se trimite cookie-ul?
14
15 Asta e form-ul de pe pagina atacatorului:
16
17 <body onload="document.getElementById('fm1').submit()">
18 <form id="fm1" action="http://yoursite/UserProfile/SubmitUpdate" method="post">
19 <input name="email" value="hacker@somewhere.evil" />
20 <input name="hobby" value="Defacing websites" />
21 </form>
22 </body>
23
24 Deci, se trimite cookie-ul. Ce nu se trimite este token-ul asociat cu sesiunea!
25 Atacatorul nu are acces la sesiune si nici la un token asociat cu sesiunea.
26
27 O solutie e sa ai si cookie si token si sa le verifici.
28
29 Cum pot valida token-urile fara sa le stochez in baza de date?
30 As putea sa trimit token1=random, sid, token2=hmac(token1,sid).
31 Cind user-ul face post, va trimite cele 3 chestii. fac hmac(token1,sid) si asa
32 validez token2-ul.
33 Daca atacatorul incearca sa schimbe token1 => token2 nu se mai verifica.
34 Atacatorulului cred ca ii este greu sa gaseasca un token1b astfel incit
35 hmac(token1b,sid) sa fie token2.
36 Hm. Se pare ca trebuie sa am un secret key care sa-l folosesc in hmac, altfel
37 atacatorul poate genera token2 din token1 si sid.
38 De fapt ce vreau eu? Sa demonstrez ca token1 este asociat cu sid-ul.
39 ???
40
41 Ar trebui sa validez si referer-ul. Si sa loghez pagina de pe care s-a facut
42 request-ul.
43
44 Acum, verific ca token-ul e asociat cu sesiunea.
45 De ce?
46 Ca sa impiedic CSRF-ul: js-ul de mai sus ma va forta sa trimit cookie-ul corect
47 dar nu va stii token1. va fi fortat sa puna unul gresit, eu verific in baza
48 de date si nu se pupa => eroare.
49
50 Dar, atacatorul se poate lega direct si sa forteze un cookie, token1 si token2.
51 Dar, server-ul le poate genera pentru el, deci, inutil.
52
53 8 == BEFORE NEXT RELEASE == == BEFORE NEXT RELEASE ==
9 [ ] Should we delete previous session when user calls login if the user is
10 already logged-in?
11 [ ] Talk in instalation about a php compiler?
12 [ ] In rg_token_valid, check User-Agent? pass $rg to rg_token_get and rg_token_valid?
13 [ ] cache_set should wait for an answer? Should we send an answer?
14 [ ] Add a http test for referer violation.
15 [ ] security_violation_no_exit -> security_violation? To not spend resources?
16 [ ] Ar trebui sa validez si referer-ul. Si sa loghez pagina de pe care s-a facut
17 request-ul.
18 [ ] CSRF for logout
19 [ ] We should be able to have multiple logins (think desktop and phone).
20 [ ] Test if cache is faster than postgres. If not, get rid of cache!
21 [ ] Investigate use of persistent prepared sessions.
22 [ ] What happends if we cvannot generate a form token?!
54 23 [ ] Add User-Agent to session (tokens?). [ ] Add User-Agent to session (tokens?).
55 24 [ ] Check "Content security policy" [ ] Check "Content security policy"
56 25 [ ] htmlspcialchars does not escape '/'. It may be dangerous: [ ] htmlspcialchars does not escape '/'. It may be dangerous:
 
... ... them after processing is done.
575 544 [ ] (Commercially) Provide OpenVPN tunnels to be sure you can push/fetch safely. [ ] (Commercially) Provide OpenVPN tunnels to be sure you can push/fetch safely.
576 545 [ ] Errors should signal what field is not ok. [ ] Errors should signal what field is not ok.
577 546 [ ] Also log errmsg[] array! [ ] Also log errmsg[] array!
578 [ ] Do we need subop=1 into login.html?
579 547 [ ] Add possibility to download the "CV" of a user. [ ] Add possibility to download the "CV" of a user.
580 548 [ ] Happy birthday for projects/users/etc. [ ] Happy birthday for projects/users/etc.
581 549 [ ] Check if we remove rocketgit, the repos stay! [ ] Check if we remove rocketgit, the repos stay!
File inc/bug.inc.php changed (mode: 100644) (index 472f151..f691c17)
... ... function rg_bug_edit_high_level($db, &$rg)
1253 1253 break; break;
1254 1254 } }
1255 1255
1256 if (!rg_valid_referer()) {
1257 $errmsg[] = "invalid referer; try again";
1258 break;
1259 }
1260
1256 1261 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1257 1262 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
1258 1263 break; break;
File inc/cache.inc.php changed (mode: 100644) (index 5c1557c..77c1962)
... ... $rg_cache = array();
20 20
21 21 $rg_cache_error = ""; $rg_cache_error = "";
22 22
23 if (!isset($rg_cache_debug))
24 $rg_cache_debug = TRUE; // TODO: production: FALSE
25
23 26 function rg_cache_set_error($str) function rg_cache_set_error($str)
24 27 { {
25 28 global $rg_cache_error; global $rg_cache_error;
 
... ... function rg_cache_core_unset($ns_var)
166 169
167 170 if (isset($tree[$var])) { if (isset($tree[$var])) {
168 171 unset($tree[$var]); unset($tree[$var]);
169 //rg_log_ml("CHECK: cache_core_unset: rg_cache=" . print_r($rg_cache, TRUE));
170 172 return TRUE; return TRUE;
171 173 } }
172 174
 
... ... function rg_cache_get($ns_var)
284 286 global $rg_cache_socket; global $rg_cache_socket;
285 287 global $rg_cache_timeout; global $rg_cache_timeout;
286 288 global $rg_cache_enable; global $rg_cache_enable;
289 global $rg_cache_debug;
287 290
288 291 rg_prof_start("cache_get"); rg_prof_start("cache_get");
289 rg_log_enter("cache_get($ns_var)");
292 if ($rg_cache_debug)
293 rg_log_enter("cache_get($ns_var)");
290 294
291 295 $ret = FALSE; $ret = FALSE;
292 296 while (1) { while (1) {
 
... ... function rg_cache_get($ns_var)
315 319 $x = trim(stripcslashes($t[1])); $x = trim(stripcslashes($t[1]));
316 320 $ret = @unserialize($x); $ret = @unserialize($x);
317 321 if ($ret === FALSE) { if ($ret === FALSE) {
318 file_put_contents("/tmp/rg_debug", $x);
322 rg_internal_error("Cannot userialize [$x]!");
319 323 break; break;
320 324 } }
321 325
 
... ... function rg_cache_get($ns_var)
324 328 break; break;
325 329 } }
326 330
327 rg_log_exit();
331 if ($rg_cache_debug) {
332 rg_log("ret=" . rg_array2string($ret));
333 rg_log_exit();
334 }
328 335 rg_prof_end("cache_get"); rg_prof_end("cache_get");
329 336 return $ret; return $ret;
330 337 } }
 
... ... function rg_cache_set($ns_var, $value)
346 353 global $rg_cache_socket; global $rg_cache_socket;
347 354 global $rg_cache_timeout; global $rg_cache_timeout;
348 355 global $rg_cache_enable; global $rg_cache_enable;
356 global $rg_cache_debug;
349 357
350 358 rg_prof_start("cache_set"); rg_prof_start("cache_set");
351 rg_log_ml_enter("cache_set: $ns_var = " . print_r($value, TRUE));
359 if ($rg_cache_debug)
360 rg_log_ml_enter("cache_set: $ns_var = " . print_r($value, TRUE));
352 361
353 362 $ret = FALSE; $ret = FALSE;
354 363 while (1) { while (1) {
 
... ... function rg_cache_set($ns_var, $value)
361 370 . rg_cache_prepare($value) . "\n", $rg_cache_timeout, 1); . rg_cache_prepare($value) . "\n", $rg_cache_timeout, 1);
362 371 if ($c === FALSE) { if ($c === FALSE) {
363 372 // Give up for the rest of the session // Give up for the rest of the session
373 if ($rg_cache_debug)
374 rg_log("Disable cache because of errors");
364 375 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
365 376 break; break;
366 377 } }
 
... ... function rg_cache_set($ns_var, $value)
372 383 break; break;
373 384 } }
374 385
375 rg_log_exit();
386 if ($rg_cache_debug)
387 rg_log_exit();
376 388 rg_prof_end("cache_set"); rg_prof_end("cache_set");
377 389 return $ret; return $ret;
378 390 } }
 
... ... function rg_cache_inc($ns_var)
385 397 global $rg_cache_socket; global $rg_cache_socket;
386 398 global $rg_cache_timeout; global $rg_cache_timeout;
387 399 global $rg_cache_enable; global $rg_cache_enable;
400 global $rg_cache_debug;
388 401
389 402 rg_prof_start("cache_inc"); rg_prof_start("cache_inc");
390 rg_log_enter("cache_inc($ns_var)");
403 if ($rg_cache_debug)
404 rg_log_enter("cache_inc($ns_var)");
391 405
392 406 $ret = FALSE; $ret = FALSE;
393 407 while (1) { while (1) {
 
... ... function rg_cache_inc($ns_var)
400 414 "INC " . $ns_var . "\n", $rg_cache_timeout, 1); "INC " . $ns_var . "\n", $rg_cache_timeout, 1);
401 415 if ($c === FALSE) { if ($c === FALSE) {
402 416 // Give up for the rest of the session // Give up for the rest of the session
417 if ($rg_cache_debug)
418 rg_log("Disable cache because of errors");
403 419 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
404 420 break; break;
405 421 } }
 
... ... function rg_cache_inc($ns_var)
415 431 break; break;
416 432 } }
417 433
418 rg_log_exit();
434 if ($rg_cache_debug)
435 rg_log_exit();
419 436 rg_prof_end("cache_inc"); rg_prof_end("cache_inc");
420 437 return $ret; return $ret;
421 438 } }
 
... ... function rg_cache_unset($ns_var)
428 445 global $rg_cache_socket; global $rg_cache_socket;
429 446 global $rg_cache_timeout; global $rg_cache_timeout;
430 447 global $rg_cache_enable; global $rg_cache_enable;
448 global $rg_cache_debug;
431 449
432 450 rg_prof_start("cache_unset"); rg_prof_start("cache_unset");
433 rg_log_enter("cache_unset($ns_var)");
451 if ($rg_cache_debug)
452 rg_log_enter("cache_unset($ns_var)"
453 . " enable=" . ($rg_cache_enable ? "true" : "false"));
434 454
435 455 $ret = FALSE; $ret = FALSE;
436 456 while (1) { while (1) {
 
... ... function rg_cache_unset($ns_var)
443 463 "UNSET " . $ns_var . "\n", $rg_cache_timeout, 1); "UNSET " . $ns_var . "\n", $rg_cache_timeout, 1);
444 464 if ($ret === FALSE) { if ($ret === FALSE) {
445 465 // Give up for the rest of the session // Give up for the rest of the session
466 if ($rg_cache_debug)
467 rg_log("Disable cache because of errors");
446 468 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
447 469 break; break;
448 470 } }
449 471
450 472 // TODO: return old value? // TODO: return old value?
451 if (strncmp($ret, "OK", 2) != 0)
473 if (strncmp($ret, "OK", 2) != 0) {
474 rg_internal_error("Invalid answer: $ret");
452 475 break; break;
476 }
453 477
454 478 $ret = TRUE; $ret = TRUE;
455 479 break; break;
456 480 } }
457 481
458 rg_log_exit();
482 if ($rg_cache_debug) {
483 rg_log($ret === TRUE ? "success" : "fail");
484 rg_log_exit();
485 }
459 486 rg_prof_end("cache_unset"); rg_prof_end("cache_unset");
460 487 return $ret; return $ret;
461 488 } }
 
... ... function rg_cache_merge($ns_var, $list)
468 495 global $rg_cache_socket; global $rg_cache_socket;
469 496 global $rg_cache_timeout; global $rg_cache_timeout;
470 497 global $rg_cache_enable; global $rg_cache_enable;
498 global $rg_cache_debug;
471 499
472 500 rg_prof_start("cache_merge"); rg_prof_start("cache_merge");
473 rg_log_ml_enter("cache_merge: $ns_var = " . print_r($list, TRUE));
501 if ($rg_cache_debug)
502 rg_log_ml_enter("cache_merge: $ns_var = " . print_r($list, TRUE));
474 503
475 504 $ret = FALSE; $ret = FALSE;
476 505 while (1) { while (1) {
 
... ... function rg_cache_merge($ns_var, $list)
483 512 . rg_cache_prepare($list) . "\n", $rg_cache_timeout, 1); . rg_cache_prepare($list) . "\n", $rg_cache_timeout, 1);
484 513 if ($c === FALSE) { if ($c === FALSE) {
485 514 // Give up for the rest of the session // Give up for the rest of the session
515 if ($rg_cache_debug)
516 rg_log("Disable cache because of errors");
486 517 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
487 518 break; break;
488 519 } }
 
... ... function rg_cache_merge($ns_var, $list)
494 525 break; break;
495 526 } }
496 527
497 rg_log_exit();
528 if ($rg_cache_debug)
529 rg_log_exit();
498 530 rg_prof_end("cache_merge"); rg_prof_end("cache_merge");
499 531 return $ret; return $ret;
500 532 } }
File inc/fixes.inc.php changed (mode: 100644) (index 023bb12..5a57ec0)
... ... function rg_fixes_needed($db)
344 344 if (empty($old)) if (empty($old))
345 345 $old = 0; $old = 0;
346 346
347 rg_log("DEBUG: old=$old new=$rg_fixes_ver");
347 //rg_log("DEBUG: old=$old new=$rg_fixes_ver");
348 348 if ($old == $rg_fixes_ver) { if ($old == $rg_fixes_ver) {
349 rg_log("DEBUG: fixes are up to date!");
349 //rg_log("DEBUG: fixes are up to date!");
350 350 break; break;
351 351 } }
352 352
File inc/login/login.php changed (mode: 100644) (index c1c195b..4c76425)
... ... $_login = "";
9 9
10 10 $errmsg = array(); $errmsg = array();
11 11
12 if ($rg['doit'] == 1) {
12 while ($rg['doit'] == 1) {
13 if (!rg_valid_referer()) {
14 $errmsg[] = "invalid referer; try again";
15 break;
16 }
17
18 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
19 $errmsg[] = "invalid token; try again";
20 break;
21 }
22
13 23 $r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, $r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip,
14 24 $rg['login_ui']); $rg['login_ui']);
15 25 if ($r === FALSE) { if ($r === FALSE) {
16 26 $errmsg[] = rg_user_error(); $errmsg[] = rg_user_error();
17 } else {
18 // redirect to home page
19 $url = rg_re_userpage($rg['login_ui']);
20 rg_redirect($url);
27 break;
21 28 } }
29
30 // redirect to home page
31 $url = rg_re_userpage($rg['login_ui']);
32 rg_redirect($url);
22 33 } }
23 34
24 35 $rg['user'] = $user; $rg['user'] = $user;
 
... ... $rg['pass'] = $pass;
26 37 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg); $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
27 38 $rg['forgot_send'] = rg_re_url("/op/forgot_send"); $rg['forgot_send'] = rg_re_url("/op/forgot_send");
28 39 $rg['create_account'] = rg_re_url("/op/create_account"); $rg['create_account'] = rg_re_url("/op/create_account");
40 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
29 41 $_login .= rg_template("user/login.html", $rg); $_login .= rg_template("user/login.html", $rg);
30 42 ?> ?>
File inc/plan.inc.php changed (mode: 100644) (index 0a406f5..4067072)
... ... function rg_plan_list_high_level($db, $rg)
245 245 if ($delete != 1) if ($delete != 1)
246 246 break; break;
247 247
248 if (!rg_valid_referer()) {
249 $errmsg[] = "invalid referer; try again";
250 break;
251 }
252
248 253 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
249 254 $del_errmsg[] = "Invalid token. Try again."; $del_errmsg[] = "Invalid token. Try again.";
250 255 break; break;
 
... ... function rg_plan_edit_high_level($db, &$rg)
324 329 $pi['max_public_repos'] = rg_var_uint("pi.max_public_repos"); $pi['max_public_repos'] = rg_var_uint("pi.max_public_repos");
325 330 $pi['max_private_repos'] = rg_var_uint("pi.max_private_repos"); $pi['max_private_repos'] = rg_var_uint("pi.max_private_repos");
326 331
332 if (!rg_valid_referer()) {
333 $errmsg[] = "invalid referer; try again";
334 break;
335 }
336
327 337 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
328 338 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
329 339 break; break;
File inc/repo.inc.php changed (mode: 100644) (index 908a40c..0f1489e)
... ... function rg_repo_admin_delete_rights($db, $rg, $obj_id, &$errmsg)
1172 1172
1173 1173 $list = rg_var_str("rights_delete_ids"); $list = rg_var_str("rights_delete_ids");
1174 1174
1175 if (!rg_valid_referer()) {
1176 $errmsg[] = "invalid referer; try again";
1177 return;
1178 }
1179
1175 1180 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1176 1181 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
1177 1182 return; return;
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1263 1268 while ($grant == 1) { while ($grant == 1) {
1264 1269 $load_defaults = 0; $load_defaults = 0;
1265 1270
1271 if (!rg_valid_referer()) {
1272 $errmsg[] = "invalid referer; try again";
1273 break;
1274 }
1275
1266 1276 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1267 1277 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
1268 1278 break; break;
 
... ... function rg_repo_admin_delete($db, $rg)
1359 1369 break; break;
1360 1370 } }
1361 1371
1372 if (!rg_valid_referer()) {
1373 $errmsg[] = "invalid referer; try again";
1374 break;
1375 }
1376
1362 1377 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1363 1378 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
1364 1379 break; break;
 
... ... function rg_repo_edit_high_level($db, &$rg)
1419 1434 break; break;
1420 1435 } }
1421 1436
1437 if (!rg_valid_referer()) {
1438 $errmsg[] = "invalid referer; try again";
1439 break;
1440 }
1441
1422 1442 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1423 1443 // TODO: replace all of these with a template // TODO: replace all of these with a template
1424 1444 $errmsg[] = "invalid token; try again."; $errmsg[] = "invalid token; try again.";
File inc/sql.inc.php changed (mode: 100644) (index 3d481c0..49ce0b5)
... ... function rg_sql_query_params($h, $sql, $params)
227 227
228 228 $_s = microtime(TRUE); $_s = microtime(TRUE);
229 229 $res = @pg_query_params($db, $sql, $params2); $res = @pg_query_params($db, $sql, $params2);
230 $ret = rg_sql_query0($db, $sql, $res, $_s);
230 231 break; break;
231 232 } }
232 233
233 $ret = rg_sql_query0($db, $sql, $res, $_s);
234
235 234 if ($rg_sql_debug > 0) if ($rg_sql_debug > 0)
236 235 rg_log_exit(); rg_log_exit();
237 236 return $ret; return $ret;
File inc/state.inc.php changed (mode: 100644) (index e3f7fa8..c9eae14)
... ... require_once($INC . "/prof.inc.php");
5 5
6 6 $rg_state_error = ""; $rg_state_error = "";
7 7
8 if (!isset($rg_state_debug))
9 $rg_state_debug = FALSE;
10
8 11 function rg_state_set_error($str) function rg_state_set_error($str)
9 12 { {
10 13 global $rg_state_error; global $rg_state_error;
 
... ... function rg_state_error()
23 26 */ */
24 27 function rg_state_get($db, $var) function rg_state_get($db, $var)
25 28 { {
29 global $rg_state_debug;
30
26 31 rg_prof_start("state_get"); rg_prof_start("state_get");
27 rg_log_enter("state_get: var=$var");
32 if ($rg_state_debug)
33 rg_log_enter("state_get: var=$var");
28 34
29 35 $ret = FALSE; $ret = FALSE;
30 36 while (1) { while (1) {
 
... ... function rg_state_get($db, $var)
58 64 break; break;
59 65 } }
60 66
61 rg_log_exit();
67 if ($rg_state_debug)
68 rg_log_exit();
62 69 rg_prof_end("state_get"); rg_prof_end("state_get");
63 70 return $ret; return $ret;
64 71 } }
 
... ... function rg_state_get_uint($db, $var)
80 87 */ */
81 88 function rg_state_set($db, $var, $value) function rg_state_set($db, $var, $value)
82 89 { {
90 global $rg_state_debug;
91
83 92 rg_prof_start("state_set"); rg_prof_start("state_set");
84 rg_log_enter("state_set: $var = $value");
93 if ($rg_state_debug)
94 rg_log_enter("state_set: $var = $value");
85 95
86 96 $ret = FALSE; $ret = FALSE;
87 97 while (1) { while (1) {
 
... ... function rg_state_set($db, $var, $value)
106 116 break; break;
107 117 } }
108 118
109 rg_log_exit();
119 if ($rg_state_debug)
120 rg_log_exit();
110 121 rg_prof_end("state_set"); rg_prof_end("state_set");
111 122 return $ret; return $ret;
112 123 } }
File inc/token.inc.php changed (mode: 100644) (index 1cdf917..34c1069)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 3 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
4 require_once($INC . "/sql.inc.php");
4 5 require_once($INC . "/prof.inc.php"); require_once($INC . "/prof.inc.php");
5 require_once($INC . "/state.inc.php");
6
7 // The token is split in two parts: one is a random value and the second
8 // one is the HMAC(session, secret_key, first part of token).
9 // Partea aleatoare va fi de 16 caractere, hmac-ul cred ca ar fi mai bine
10 // sa nu-l trunchez.
11 // Problema mare e ca nu pot detecta double-post-uri!
12 6
13 7 $rg_token_error = ""; $rg_token_error = "";
14 8
 
... ... function rg_token_error()
26 20 } }
27 21
28 22 /* /*
29 * Generate master key if not present in db
23 * Delete a token
24 */
25 function rg_token_delete($db, $sid, $token)
26 {
27 rg_prof_start("token_delete");
28 rg_log_enter("token_delete: sid=$sid token=$token");
29
30 $ret = array();
31 $ret['ok'] = 0;
32 while (1) {
33 $params = array("sid" => $sid, "token" => $token);
34 $add_token = "";
35 if (!empty($token))
36 $add_token = " AND token = @@token@@";
37
38 $sql = "DELETE FROM tokens"
39 . " WHERE sid = @@sid@@"
40 . $add_token;
41 $res = rg_sql_query_params($db, $sql, $params);
42 if ($res === FALSE) {
43 rg_token_set_error("cannot delete token (" . rg_sql_error() . ")");
44 break;
45 }
46 rg_sql_free_result($res);
47
48 $ret['ok'] = 1;
49 break;
50 }
51
52 rg_log_exit();
53 rg_prof_end("token_delete");
54 return $ret;
55 }
56
57 /*
58 * This function will get the master key from db
30 59 */ */
31 60 function rg_token_get_master($db) function rg_token_get_master($db)
32 61 { {
 
... ... function rg_token_get_master($db)
62 91 } }
63 92
64 93 /* /*
65 * Returns a token to be used on a form/url
66 * We generate only one per session.
94 * Returns TRUE if the token is valid
67 95 */ */
68 $rg_token = FALSE;
69 function rg_token_get($db, $sid)
96 function rg_token_valid($db, $sid, $token)
70 97 { {
71 global $rg_token;
98 rg_prof_start("token_valid");
99 rg_log_enter("token_valid: sid=$sid token=$token");
72 100
73 101 $ret = FALSE; $ret = FALSE;
74 102 while (1) { while (1) {
75 if (empty($sid))
103 if (strncmp($sid, "X", 1) == 0) {
104 // We have a pre-login session.
105 // This means that token contains a random value
106 // plus a signature baeed on sid
107
108 if (strlen($token) != 32) {
109 rg_token_set_error("length of the token is invalid");
110 break;
111 }
112
113 $key = rg_token_get_master($db);
114 if ($key === FALSE)
115 break;
116
117 $rand = substr($token, 0, 16);
118 $sign = substr($token, 16);
119
120 $hash = hash_hmac("sha1", $rand . "-" . $sid, $key);
121 if ($hash === FALSE) {
122 rg_token_set_error("cannot compute hmac");
123 break;
124 }
125
126 $hash = substr($hash, 0, 16);
127 if (strcmp($sign, $hash) != 0) {
128 rg_token_set_error("token invalid");
129 break;
130 }
131
132 $ret = TRUE;
76 133 break; break;
134 }
77 135
78 if ($rg_token !== FALSE) {
79 $ret = $rg_token;
136 $params = array("sid" => $sid, "token" => $token);
137 $sql = "SELECT 1 AS junk FROM tokens"
138 . " WHERE token = @@token@@"
139 . " AND sid = @@sid@@";
140 $res = rg_sql_query_params($db, $sql, $params);
141 if ($res === FALSE) {
142 rg_token_set_error("cannot get token (" . rg_sql_error() . ")");
80 143 break; break;
81 144 } }
82 145
83 $key = rg_token_get_master($db);
84 if ($key === FALSE)
146 $rows = rg_sql_num_rows($res);
147 rg_sql_free_result($res);
148 if ($rows == 0)
85 149 break; break;
86 150
87 $rand = rg_id(16);
88 $sign = hash_hmac("sha1", $rand, $key);
89 rg_log("rand=$rand (" . strlen($rand) . ") sign=$sign(" . strlen($sign) . ")");
90 $rg_token = rg_id(16) . $sign;
91 rg_log("token_get: strlen(rg_token)=" . strlen($rg_token));
92 $ret = $rg_token;
151 $ret = TRUE;
93 152 break; break;
94 153 } }
95 154
155 if ($ret === FALSE)
156 rg_security_violation_no_exit("invalid token");
157
158 rg_log_exit();
159 rg_prof_end("token_valid");
96 160 return $ret; return $ret;
97 161 } }
98 162
99 163 /* /*
100 * Returns TRUE if the token is valid
164 * Insert a token
101 165 */ */
102 function rg_token_valid($db, $sid, $token)
166 function rg_token_insert($db, $sid, $token)
103 167 { {
104 rg_prof_start("token_valid");
105 rg_log_enter("rg_token_valid: sid=$sid token=$token");
168 rg_prof_start("token_insert");
169 rg_log_enter("token_insert: sid=$sid token=$token");
170
171 $ret = array();
172 $ret['ok'] = 0;
173 while (1) {
174 $now = time();
175
176 $params = array("sid" => $sid,
177 "token" => $token,
178 "expire" => $now + 24 * 3600);
179 $sql = "INSERT INTO tokens (sid, token, expire)"
180 . " VALUES (@@sid@@, @@token@@, @@expire@@)";
181 $res = rg_sql_query_params($db, $sql, $params);
182 if ($res === FALSE) {
183 rg_token_set_error("cannot insert token (" . rg_sql_error() . ")!");
184 break;
185 }
186
187 $ret['ok'] = 1;
188 break;
189 }
190
191 rg_log_exit();
192 rg_prof_end("token_insert");
193 return $ret;
194 }
195
196 /*
197 * Returns a token to be used on a form/url
198 * We generate only one per session.
199 */
200 $rg_token = FALSE;
201 function rg_token_get($db, $sid)
202 {
203 global $rg_token;
204
205 rg_log_enter("token_get: sid=$sid");
106 206
107 207 $ret = FALSE; $ret = FALSE;
108 208 while (1) { while (1) {
109 209 if (empty($sid)) if (empty($sid))
110 210 break; break;
111 211
112 $len = strlen($token);
113 if ($len != 16 + 40) {
114 rg_token_set_error("token length != 16 + 40 ($len)");
212 if ($rg_token !== FALSE) {
213 $ret = $rg_token;
115 214 break; break;
116 215 } }
117 216
118 $key = rg_token_get_master($db);
119 if ($key === FALSE)
120 break;
121
122 $rand = substr($token, 0, 16);
123 $sign = substr($token, 16);
217 $token = rg_id(16);
124 218
125 $hash = hash_hmac("sha1", $rand, $key);
126 if ($hash === FALSE) {
127 rg_token_set_error("cannot compute hash");
128 break;
129 }
219 if (strncmp($sid, "X", 1) == 0) {
220 // we have a pre-login session
221 $key = rg_token_get_master($db);
222 if ($key === FALSE)
223 break;
130 224
131 if (strcmp($hash, $sign) != 0) {
132 rg_log("Sign does not match: $hash != $sign");
133 break;
225 $data = $token . '-' . $sid;
226 $sign = hash_hmac("sha1", $data, $key);
227 if ($sign === FALSE) {
228 rg_token_set_error("cannot compute hmac");
229 break;
230 }
231 $sign = substr($sign, 0, 16);
232 $token .= $sign;
233 } else {
234 $r = rg_token_insert($db, $sid, $token);
235 if ($r['ok'] != 1)
236 break;
134 237 } }
135 238
136 $ret = TRUE;
239 $rg_token = $token;
240 $ret = $token;
137 241 break; break;
138 242 } }
139 243
140 244 rg_log_exit(); rg_log_exit();
141 rg_prof_end("token_valid");
142 245 return $ret; return $ret;
143 246 } }
144 247
File inc/user.inc.php changed (mode: 100644) (index 718a525..2652c1e)
... ... function rg_user_edit($db, $d)
481 481 . ", is_admin = @@is_admin@@" . ", is_admin = @@is_admin@@"
482 482 . ", rights = @@rights@@" . ", rights = @@rights@@"
483 483 . ", session_time = @@session_time@@" . ", session_time = @@session_time@@"
484 . ", plan_id = @@plan_id@@"
484 485 . $salt_pass_add . $salt_pass_add
485 486 . " WHERE uid = @@uid@@" . " WHERE uid = @@uid@@"
486 487 . " RETURNING uid"; . " RETURNING uid";
 
... ... function rg_user_login_by_sid($db, &$rg)
664 665 if (empty($rg['sid'])) if (empty($rg['sid']))
665 666 break; break;
666 667
668 // Is a pre login sesison?
669 if (strncmp($rg['sid'], "X", 1) == 0)
670 break;
671
667 672 $sess = rg_sess_valid($db, $rg['sid']); $sess = rg_sess_valid($db, $rg['sid']);
668 673 if ($sess == FALSE) { if ($sess == FALSE) {
669 674 rg_log("session is not valid"); rg_log("session is not valid");
 
... ... function rg_user_pass_valid($db, $uid, $pass)
709 714 return FALSE; return FALSE;
710 715 } }
711 716
712 $sha1pass = rg_user_pass($ui['salt'], $pass);
713 if (strcmp($sha1pass, $ui['pass']) != 0) {
717 $pass_hash = rg_user_pass($ui['salt'], $pass);
718 if (strcmp($pass_hash, $ui['pass']) != 0) {
714 719 rg_user_set_error("password is not ok"); rg_user_set_error("password is not ok");
715 720 return FALSE; return FALSE;
716 721 } }
 
... ... function rg_user_pass_valid($db, $uid, $pass)
724 729 */ */
725 730 function rg_user_set_session_cookie($db, $uid, $sess_time, $lock_ip) function rg_user_set_session_cookie($db, $uid, $sess_time, $lock_ip)
726 731 { {
732 rg_log_enter("user_set_session_cookie: uid=$uid");
733
727 734 $secure = FALSE; $secure = FALSE;
728 735 if (isset($_SERVER['HTTPS'])) if (isset($_SERVER['HTTPS']))
729 736 $secure = TRUE; $secure = TRUE;
730 737
731 738 $sid = rg_id(40); $sid = rg_id(40);
732 rg_sess_add($db, $uid, $sid, $sess_time, $lock_ip);
739 if ($uid > 0)
740 rg_sess_add($db, $uid, $sid, $sess_time, $lock_ip);
741 else
742 $sid = "X" . $sid;
733 743 setcookie("sid", $sid, 0, "/", $_SERVER['SERVER_NAME'], setcookie("sid", $sid, 0, "/", $_SERVER['SERVER_NAME'],
734 744 $secure, TRUE /* httponly */); $secure, TRUE /* httponly */);
735 745
746 rg_log_exit();
736 747 return $sid; return $sid;
737 748 } }
738 749
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, &$ui)
809 820 break; break;
810 821 } }
811 822
812 $sha1pass = rg_user_pass($ui0['salt'], $pass);
813 if (strcmp($sha1pass, $ui0['pass']) != 0) {
823 $pass_hash = rg_user_pass($ui0['salt'], $pass);
824 if (strcmp($pass_hash, $ui0['pass']) != 0) {
814 825 rg_user_set_error("invalid user or pass"); rg_user_set_error("invalid user or pass");
815 rg_log("pass mismatch");
826 rg_log("pass mismatch db:" . $ui0['pass'] . " computed=$pass_hash");
816 827 break; break;
817 828 } }
818 829
 
... ... function rg_user_forgot_pass_destroy($db, $uid)
1205 1216 return $ret; return $ret;
1206 1217 } }
1207 1218
1219 /*
1220 * Change the password of a user
1221 */
1208 1222 function rg_user_set_pass($db, $uid, $pass) function rg_user_set_pass($db, $uid, $pass)
1209 1223 { {
1210 1224 rg_log("user_set_pass: uid=$uid pass=$pass"); rg_log("user_set_pass: uid=$uid pass=$pass");
 
... ... function rg_user_set_pass($db, $uid, $pass)
1228 1242 } }
1229 1243 rg_sql_free_result($res); rg_sql_free_result($res);
1230 1244
1231 // Invalidate cache.
1232 rg_cache_unset("user::" . $uid);
1245 // Update cache
1246 $_m = array("salt" => $salt, "pass" => $pass);
1247 rg_cache_merge("user::$uid", $_m);
1233 1248
1234 1249 $ret = TRUE; $ret = TRUE;
1235 1250 break; break;
 
... ... function rg_user_edit_high_level($db, &$rg)
1410 1425 if ($rg['doit'] != 1) if ($rg['doit'] != 1)
1411 1426 break; break;
1412 1427
1428 if (!rg_valid_referer()) {
1429 $errmsg[] = "invalid referer; try again";
1430 break;
1431 }
1432
1413 1433 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1414 1434 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
1415 1435 break; break;
File inc/user/keys/keys.php changed (mode: 100644) (index d52d03a..b9376c7)
... ... $del_errmsg = array();
7 7 $_keys = ""; $_keys = "";
8 8
9 9 $key = rg_var_str("key"); $key = rg_var_str("key");
10 // TODO: should we accept UTF-8 chars?
10 11 $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key); $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key);
11 12 $key_id = rg_var_uint("key_id"); $key_id = rg_var_uint("key_id");
12 13 $key_delete_ids = rg_var_str("key_delete_ids"); $key_delete_ids = rg_var_str("key_delete_ids");
 
... ... $rg['HTML:status'] = "";
18 19
19 20 if (rg_var_uint("add") == 1) { if (rg_var_uint("add") == 1) {
20 21 while (1) { while (1) {
22 if (!rg_valid_referer()) {
23 $add_errmsg[] = "invalid referer; try again";
24 break;
25 }
26
21 27 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
22 28 $add_errmsg[] = "Invalid token. Try again."; $add_errmsg[] = "Invalid token. Try again.";
23 29 break; break;
 
... ... if (rg_var_uint("add") == 1) {
30 36 } }
31 37 } else if (rg_var_uint("delete") == 1) { } else if (rg_var_uint("delete") == 1) {
32 38 while (1) { while (1) {
39 if (!rg_valid_referer()) {
40 $errmsg[] = "invalid referer; try again";
41 break;
42 }
43
33 44 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
34 45 $del_errmsg[] = "Invalid token. Try again."; $del_errmsg[] = "Invalid token. Try again.";
35 46 break; break;
File inc/user/pass/pass.php changed (mode: 100644) (index ca6f37d..68a2690)
... ... while (1) {
14 14 if ($rg['doit'] != 1) if ($rg['doit'] != 1)
15 15 break; break;
16 16
17 if (!rg_valid_referer()) {
18 $errmsg[] = "invalid referer; try again";
19 break;
20 }
21
17 22 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
18 23 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
19 24 break; break;
File inc/user/repo/bug/main.php changed (mode: 100644) (index d8dafbb..3d2f189)
... ... case 'list':
22 22
23 23 // Somebody pressed "Remove" (search) button? // Somebody pressed "Remove" (search) button?
24 24 if (rg_var_uint("remove") == 1) { if (rg_var_uint("remove") == 1) {
25 if (!rg_valid_referer()) {
26 $_bug_body .= rg_warning("Error: invalid referer; try again");
27 break;
28 }
29
25 30 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
26 $_bug_body .= rg_warning("Error: invalid token. Try again."); // TODO
27 exit(1); // security_violation?!
31 $_bug_body .= rg_warning("Error: invalid token; try again."); // TODO
32 exit(1);
28 33 } }
29 34
30 35 $_search_name = rg_var_str("name"); $_search_name = rg_var_str("name");
File inc/user/repo/bug/show/add_note.php changed (mode: 100644) (index 0cd16a0..eac3f61)
... ... while (1) {
13 13
14 14 $note = rg_var_str("note"); $note = rg_var_str("note");
15 15
16 if (!rg_valid_referer()) {
17 $note_errmsg[] = "invalid referer; try again";
18 break;
19 }
20
16 21 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
17 22 $note_errmsg[] = "Invalid token. Try again."; $note_errmsg[] = "Invalid token. Try again.";
18 23 break; break;
File inc/user/repo/bug/show/show.php changed (mode: 100644) (index 47d3e5e..b0d6e7c)
... ... while (1) {
63 63 } }
64 64 } }
65 65
66 if (!rg_valid_referer()) {
67 $close_reopen_error = "Invalid referer; try again";
68 break;
69 }
70
66 71 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
67 72 $close_reopen_error = "Invalid token. Try again."; $close_reopen_error = "Invalid token. Try again.";
68 73 break; break;
 
... ... while (1) {
147 152 break; break;
148 153 } }
149 154
155 if (!rg_valid_referer()) {
156 $delete_error = "Invalid referer; try again";
157 break;
158 }
159
150 160 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) { if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
151 $delete_error = "Invalid token. Try again.";
161 $delete_error = "Invalid token; try again.";
152 162 break; break;
153 163 } }
154 164
File inc/user/settings.php changed (mode: 100644) (index 009ea25..0543651)
... ... rg_log("FILE: /inc/user/settings");
4 4 $_settings = ""; $_settings = "";
5 5
6 6 if ($rg['login_ui']['uid'] == 0) { if ($rg['login_ui']['uid'] == 0) {
7 $_settings .= rg_warning("Error: Not logged in.");
7 $_settings .= rg_warning("Error: not logged in.");
8 8 return; return;
9 9 } }
10 10
File inc/util.inc.php changed (mode: 100644) (index 57643d2..e362d7b)
... ... function rg_socket_recv_wait($socket, $wait, $timeout)
1255 1255 rg_log("Cannot receive(" . socket_strerror(socket_last_error()) . ")!"); rg_log("Cannot receive(" . socket_strerror(socket_last_error()) . ")!");
1256 1256 break; break;
1257 1257 } }
1258 rg_log("Received [$buf]");
1258 //rg_log("Received [$buf]");
1259 1259 $ret_buf .= $buf; $ret_buf .= $buf;
1260 1260
1261 1261 $pos = strpos($buf, $wait); $pos = strpos($buf, $wait);
 
... ... function rg_socket_send($socket, $buf)
1285 1285 rg_log("Could not send (" . socket_strerror(socket_last_error()) . ")!"); rg_log("Could not send (" . socket_strerror(socket_last_error()) . ")!");
1286 1286 break; break;
1287 1287 } }
1288 rg_log("Sent $r bytes (" . substr($buf, $off, $r) . ").");
1288 //rg_log("Sent $r bytes (" . substr($buf, $off, $r) . ").");
1289 1289
1290 1290 $len -= $r; $off += $r; $len -= $r; $off += $r;
1291 1291 if ($len == 0) { if ($len == 0) {
 
... ... function rg_socket($path, $buf, $timeout, $tries)
1356 1356 return $ret; return $ret;
1357 1357 } }
1358 1358
1359 /*
1360 * Check if referer mathces current website
1361 */
1362 function rg_valid_referer()
1363 {
1364 $ref0 = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
1365
1366 // If not provided, we can do nothing about
1367 if (empty($ref0))
1368 return TRUE;
1369
1370 $ref = preg_replace('|http(s)?://|', '', $ref0);
1371 $ref = preg_replace('|/.*|', '', $ref);
1372
1373 $we = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : "";
1374
1375 if (strcasecmp($we, $ref) == 0)
1376 return TRUE;
1377
1378 rg_security_violation_no_exit("invalid referer for form submission [$ref0]");
1379 return FALSE;
1380 }
1381
1359 1382 ?> ?>
File root/index.php changed (mode: 100644) (index 808ef8f..93f40b8)
... ... if (strcmp($_t, "op") == 0) {
62 62
63 63 $rg['doit'] = rg_var_uint("doit"); $rg['doit'] = rg_var_uint("doit");
64 64 $rg['sid'] = rg_var_re("sid", "/[^A-Za-z0-9]/"); $rg['sid'] = rg_var_re("sid", "/[^A-Za-z0-9]/");
65 if (empty($rg['sid']))
66 $rg['sid'] = rg_user_set_session_cookie($db, 0, 600, FALSE);
67 65 $rg['token'] = rg_var_re("token", "/[^A-Za-z0-9]/"); $rg['token'] = rg_var_re("token", "/[^A-Za-z0-9]/");
68 66 $user = ""; $repo = ""; $organization = 0; // TODO: those are really used? $user = ""; $repo = ""; $organization = 0; // TODO: those are really used?
69 67
70 rg_log_ml("rg: " . print_r($rg, TRUE));
68 //rg_log_ml("rg: " . print_r($rg, TRUE));
71 69
70 $rg['ua'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
72 71 $rg['ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; $rg['ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
73 rg_log("IP: " . $rg['ip']);
74 rg_log("_REQUEST: " . rg_array2string($_REQUEST));
75 rg_log("_COOKIE: " . rg_array2string($_COOKIE));
76 rg_log("Start! ver=$rocketgit_version");
72 rg_log("DEBUG: _REQUEST: " . rg_array2string($_REQUEST));
73 rg_log("DEBUG: _COOKIE: " . rg_array2string($_COOKIE));
74 rg_log($rg['ip'] . " ver=$rocketgit_version");
77 75
78 76
79 77 $good = 0; $good = 0;
 
... ... if ($good == 0) {
105 103
106 104 rg_user_login_by_sid($db, $rg); rg_user_login_by_sid($db, $rg);
107 105 rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui'])); rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui']));
108
106 // If user provided an old/expired sid, we generate a new one, pre-login
107 if (($rg['login_ui']['uid'] == 0) && (strncmp($rg['sid'], "X", 1) != 0))
108 $rg['sid'] = "";
109 if (empty($rg['sid'])) {
110 $rg['sid'] = rg_user_set_session_cookie($db, 0 /*uid*/, 600, FALSE);
111 rg_log("User has no sid, generate one [" . $rg['sid'] . "]");
112 }
109 113
110 114 $body = ""; $body = "";
111 115
File root/themes/default/ok.html changed (mode: 100644) (index 54b2283..061a39c)
1 <div class="ok">
2 @@msg@@
3 </div>
1 <div class="ok">@@msg@@</div>
File root/themes/default/suggestion_sent.html changed (mode: 100644) (index eea9e80..8881c85)
1 <div class="ok">
2 Suggestion sent. Thank you very much!
3 </div>
1 <div class="ok">Suggestion sent. Thank you very much!</div>
File root/themes/default/user/add_edit.html changed (mode: 100644) (index c7d1dac..7969027)
47 47 <br /> <br />
48 48 }} }}
49 49
50 <label for="plan" class="form_item_title">Plan</label><br />
50 <label for="plan_id" class="form_item_title">Plan</label><br />
51 51 @@select_plan@@ @@select_plan@@
52 52 <br /> <br />
53 53 <br /> <br />
File root/themes/default/user/login.html changed (mode: 100644) (index 7ae9168..9dad729)
6 6
7 7 <form method="post" action="/op/login"> <form method="post" action="/op/login">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 <input type="hidden" name="token" value="@@rg_form_token@@" />
9 10
10 11 <label for="username" class="form_item_title">Username</label><br /> <label for="username" class="form_item_title">Username</label><br />
11 12 <input type="text" name="user" value="@@user@@" /><br /> <input type="text" name="user" value="@@user@@" /><br />
File tests/Makefile changed (mode: 100644) (index af4d9db..edf1cf0)
1 1 tests := token util log state cache prof db event rights keys user repo git bug \ tests := token util log state cache prof db event rights keys user repo git bug \
2 hook_update http_create_account
2 hook_update http_create_account http_settings
3 3 .PHONY: $(tests) .PHONY: $(tests)
4 4
5 5 all: $(tests) all: $(tests)
 
... ... hook_update:
52 52 http_create_account: http_create_account:
53 53 php http_create_account.php php http_create_account.php
54 54
55 http_settings:
56 php http_settings.php
57
55 58 .PHONY: clean .PHONY: clean
56 59 clean: clean:
57 60 @rm -f *.log *.strace *.strace.* *.out *.lock err-* @rm -f *.log *.strace *.strace.* *.out *.lock err-*
File tests/hook_update_help.php added (mode: 100644) (index 0000000..688b407)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3 ini_set("track_errors", "On");
4
5 $rg_cache_socket = "rg_cache_socket.sock";
6
7 $INC = dirname(__FILE__) . "/../inc";
8 require_once(dirname(__FILE__) . "/config.php");
9 require_once($INC . "/init.inc.php");
10 require_once($INC . "/repo.inc.php");
11 require_once($INC . "/sql.inc.php");
12 require_once($INC . "/struct.inc.php");
13 require_once($INC . "/fixes.inc.php");
14
15 rg_log_set_file(dirname(__FILE__) . "/hook_update_help.log");
16
17 rg_log("Starting");
18
19 require_once("common.php");
20
21 $rg_sql_debug = 1;
22
23 $op = $_SERVER['argv'][1];
24 $repo_id = getenv("ROCKETGIT_REPO_ID");
25 if ($repo_id === FALSE)
26 $repo_id = 5678;
27 $repo_uid = getenv("ROCKETGIT_REPO_UID");
28 if ($repo_uid === FALSE)
29 $repo_uid = 22;
30 $uid = getenv("ROCKETGIT_LOGIN_UID");
31 if ($uid === FALSE)
32 $uid = 1234;
33 $rights = getenv("ROCKETGIT_REPO_RIGHTS");
34 if ($rights === FALSE)
35 $rights = "";
36 rg_log("repo_id=$repo_id repo_uid=$repo_uid uid=$uid rights=$rights");
37
38 $rg_ui = array("uid" => $uid,
39 "username" => "user-hook-update",
40 "email" => "hook_update_help@embedromix.ro",
41 "organization" => 0);
42
43 $a = array();
44 $a['right_id'] = 100;
45 $a['obj_id'] = $repo_id;
46 $a['who'] = 400;
47 $a['uid'] = $uid;
48 $a['rights'] = $rights;
49 $a['prio'] = 13;
50 $a['ip'] = "";
51 $a['misc'] = "";
52 $a['description'] = "desc <>";
53
54 rg_log("op=$op");
55 if (strcmp($op, "init") == 0) {
56 rg_log("Cleaning...");
57 $sql = "DELETE FROM users WHERE uid = $uid";
58 $res = rg_sql_query($db, $sql);
59 rg_sql_free_result($res);
60 $sql = "DELETE FROM repos WHERE repo_id = $repo_id";
61 $res = rg_sql_query($db, $sql);
62 rg_sql_free_result($res);
63 $sql = "DELETE FROM rights WHERE obj_id = $repo_id";
64 $res = rg_sql_query($db, $sql);
65 rg_sql_free_result($res);
66 $sql = "INSERT INTO rights (right_id, type, uid, obj_id, rights, prio, itime, who)"
67 . " VALUES (100, 'repo_refs', $uid, $repo_id, '', 100, 1, $repo_uid)";
68 $res = rg_sql_query($db, $sql);
69 if ($res === FALSE) {
70 rg_log("Cannot add first right!");
71 exit(1);
72 }
73 rg_sql_free_result($res);
74
75 rg_log("Inserting a fake user uid=$uid");
76 $sql = "INSERT INTO users (uid, username, realname, salt, pass, email"
77 . ", itime, suspended, rights)"
78 . " VALUES ($uid, 'user-$uid', 'realname-$uid', '', '', ''"
79 . ", $uid, 0, '')";
80 $res = rg_sql_query($db, $sql);
81 if ($res === FALSE) {
82 rg_log("Cannot insert user uid $uid (" . rg_sql_error() . ")!");
83 exit(1);
84 }
85 rg_sql_free_result($res);
86
87 rg_log("Creating a repo");
88 $new = array();
89 $new['uid'] = $repo_uid;
90 $new['repo_id'] = 0;
91 $new['master'] = 0;
92 $new['name'] = "A";
93 $new['max_commit_size'] = 0;
94 $new['description'] = "desc";
95 $new['git_dir_done'] = 0;
96 $new['public'] = 0;
97 $r = rg_repo_edit($db, $rg_ui, $new);
98 if ($r === FALSE) {
99 rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
100 exit(1);
101 }
102
103 $sql = "UPDATE repos SET repo_id = $repo_id"
104 . " WHERE repo_id = " . $new['repo_id'];
105 $res = rg_sql_query($db, $sql);
106 if ($res === FALSE) {
107 rg_log("Cannot switch repo_id (" . rg_sql_error() . ")!");
108 exit(1);
109 }
110 rg_sql_free_result($res);
111 } else if (strcmp($op, "repo") == 0) {
112 $v = rg_rights_set($db, "repo", $a);
113 if ($v === FALSE) {
114 rg_log("Cannot give rights (1)!");
115 exit(1);
116 }
117 } else if (strcmp($op, "refs") == 0) {
118 $v = rg_rights_set($db, "repo_refs", $a);
119 if ($v === FALSE) {
120 rg_log("Cannot give rights (1)!");
121 exit(1);
122 }
123 } else if (strcmp($op, "path") == 0) {
124 $v = rg_rights_set($db, "repo_path", $a);
125 if ($v === FALSE) {
126 rg_log("Cannot give rights (1)!");
127 exit(1);
128 }
129 }
130
131 rg_sql_close($db);
132
133 ?>
File tests/http.inc.php changed (mode: 100644) (index 4e7c1d8..a800d2e)
5 5 */ */
6 6 function do_req($url, $data, $headers) function do_req($url, $data, $headers)
7 7 { {
8 rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
9 . "headers=" . print_r($headers, TRUE));
8 //rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
9 // . "headers=" . print_r($headers, TRUE));
10 10
11 11 //$sdata = http_build_query($data); //$sdata = http_build_query($data);
12 12
 
... ... function do_req($url, $data, $headers)
38 38 $x = preg_match('/Set-Cookie: sid=([a-zA-Z0-9]*)/', $ret['header'], $matches); $x = preg_match('/Set-Cookie: sid=([a-zA-Z0-9]*)/', $ret['header'], $matches);
39 39 if (($x === FALSE) || (!isset($matches[1]))) { if (($x === FALSE) || (!isset($matches[1]))) {
40 40 $ret['sid'] = ""; $ret['sid'] = "";
41 //rg_log("CHECK: no sid found");
41 42 } else { } else {
42 43 $ret['sid'] = $matches[1]; $ret['sid'] = $matches[1];
43 if (strlen($ret['sid']) != 40)
44 $ret['sid'] = "";
45 44 } }
46 45
47 46 // find token // find token
48 47 $x = preg_match('/ name="token" value="([a-zA-Z0-9]*)"/', $ret['body'], $matches); $x = preg_match('/ name="token" value="([a-zA-Z0-9]*)"/', $ret['body'], $matches);
49 48 if (($x === FALSE) || (!isset($matches[1]))) { if (($x === FALSE) || (!isset($matches[1]))) {
49 //rg_log("CHECK: no token found");
50 50 $ret['token'] = ""; $ret['token'] = "";
51 51 } else { } else {
52 52 $ret['token'] = $matches[1]; $ret['token'] = $matches[1];
53 if (strlen($ret['token']) != 16)
54 $ret['token'] = "";
55 53 } }
56 54
57 55 $x = preg_match('/Location: (.*)\s/', $ret['header'], $matches); $x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
58 56 if ($x > 0) { if ($x > 0) {
59 57 if (strncmp($url, "http://", 7) == 0) if (strncmp($url, "http://", 7) == 0)
60 58 $url = substr($url, 7); $url = substr($url, 7);
61 rg_log("url=$url");
59 //rg_log("url=$url");
62 60 $t = explode("/", $url, 2); $t = explode("/", $url, 2);
63 $new = "http://" . $t[0] . $matches[1];
64 rg_log("Redirecting to $new...");
61 $new = "http://" . $t[0] . trim($matches[1]);
62 //rg_log("Redirecting to $new...");
65 63 $data = array(); $data = array();
66 64 $headers = array("Cookie: sid=" . $ret['sid']); $headers = array("Cookie: sid=" . $ret['sid']);
67 65 $f = do_req($new, $data, $headers); $f = do_req($new, $data, $headers);
 
... ... function do_req($url, $data, $headers)
73 71 return $ret; return $ret;
74 72 } }
75 73
74 /*
75 * Helper function
76 */
77 function test_login($url, &$good_sid)
78 {
79 // First we need to load the form so we can get the token
80 // We provide an old cookie to test if we generate a new pre-login one
81 $data = array();
82 $headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
83 $r = do_req($url . "/op/login", $data, $headers);
84 if ($r === FALSE) {
85 echo "Cannot load login form.\n";
86 return FALSE;
87 }
88 $good_sid = $r['sid'];
89 $good_token = $r['token'];
90 rg_log("good: sid=$good_sid token=$good_token");
91 if (strncmp($good_sid, "X", 1) != 0) {
92 rg_log("Seems we did not generated a pre-login session!");
93 return FALSE;
94 }
95
96 // Now, post login form
97 rg_log("Do the real login post request");
98 $data = array(
99 "doit" => 1,
100 "token" => $good_token,
101 "user" => "catab",
102 "pass" => "aaaa",
103 "lock_ip" => 1
104 );
105 $headers = array("Cookie: sid=" . $good_sid);
106 $r = do_req($url . "/op/login", $data, $headers);
107 if ($r === FALSE) {
108 rg_log_ml("Cannot login: " . print_r($r, TRUE));
109 return FALSE;
110 }
111 $good_sid = $r['sid'];
112
113 file_put_contents("http_login.log", print_r($r, TRUE));
114 if (strstr($r['body'], "invalid user or pass")) {
115 rg_log("Login invalid. Check http_login.log!");
116 return FALSE;
117 }
118
119 return $r;
120 }
121
122 /*
123 * Restore password aaaa for user catab
124 */
125 function test_restore($db)
126 {
127 $salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
128 $pass = 'aaaa';
129 $pass = rg_user_pass($salt, $pass);
130 $sql = "UPDATE users SET salt = '$salt'"
131 . ", pass = '$pass'"
132 . ", session_time = 3600"
133 . " WHERE username = 'catab'";
134 $res = rg_sql_query($db, $sql);
135 if ($res == FALSE) {
136 rg_log("Cannot update (" . rg_sql_error() . ")!");
137 exit(1);
138 }
139 rg_sql_free_result($res);
140
141 rg_cache_unset("user::4");
142 }
143
76 144 ?> ?>
File tests/http_create_account.php added (mode: 100644) (index 0000000..0579b85)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3 ini_set("track_errors", "On");
4
5 $INC = dirname(__FILE__) . "/../inc";
6 require_once(dirname(__FILE__) . "/config.php");
7 require_once($INC . "/init.inc.php");
8 require_once($INC . "/util.inc.php");
9 require_once("http.inc.php");
10
11 rg_log_set_file("http_create_account.log");
12
13 $rg_no_db = TRUE;
14 require_once("common.php");
15
16 rg_log("Test create account");
17 // First we need to load the form so we can get the token
18 $data = array();
19 $headers = array();
20 $r = do_req($test_url . "/op/create_account", $data, $headers);
21 file_put_contents("http_create_account-load.log", print_r($r, TRUE));
22 if ($r === FALSE) {
23 rg_log("Cannot load create_account page!");
24 exit(1);
25 }
26 $good_sid = $r['sid'];
27 $good_token = $r['token'];
28
29 $uniq = time();
30
31 // Second, do the request
32 $data = array(
33 "uid" => 0,
34 "doit" => 1,
35 "token" => $good_token,
36 "username" => "http1-$uniq",
37 "realname" => "http1-$uniq's real name",
38 "email" => "a fake email $uniq",
39 "pass" => "cucurigu",
40 "pass2" => "cucurigu",
41 "plan_id" => 9,
42 "session_time" => 60
43 );
44 $headers = array("Cookie: sid=" . $good_sid);
45 $r = do_req($test_url . "/op/create_account", $data, $headers);
46 file_put_contents("http_create_account-add.log", print_r($r, TRUE));
47 if (!strstr($r['body'], "Your account was created")) {
48 rg_log("Cannot create account");
49 exit(1);
50 }
51
52
53 rg_log("Done!");
54 ?>
File tests/http_login.php changed (mode: 100644) (index 34308a6..d97b155)
... ... require_once("common.php");
15 15
16 16 rg_log("Test login operation"); rg_log("Test login operation");
17 17 // First we need to load the form so we can get the token // First we need to load the form so we can get the token
18 // We provide an old cookie to test if we generate a new pre-login one
19 $data = array();
20 $headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
21 $r = do_req($test_url . "/op/login", $data, $headers);
22 if ($r === FALSE) {
23 echo "Cannot load login form.\n";
24 exit(1);
25 }
26 $good_sid = $r['sid'];
27 $good_token = $r['token'];
28 rg_log("good: sid=$good_sid token=$good_token");
29 if (strncmp($good_sid, "X", 1) != 0) {
30 rg_log("Seems we did not generated a pre-login session!");
31 exit(1);
32 }
33
34
35 rg_log("Sending wrong token, because bad guy cannot control it");
36 // we need a valid token, so we do a new request
18 37 $data = array(); $data = array();
19 38 $headers = array(); $headers = array();
20 39 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
 
... ... if ($r === FALSE) {
22 41 echo "Cannot load login form.\n"; echo "Cannot load login form.\n";
23 42 exit(1); exit(1);
24 43 } }
25 rg_log_ml("After loading login form, r: " . print_r($r, TRUE));
44 //rg_log_ml("After loading attacker login form, r: " . print_r($r, TRUE));
45 $bad_sid = $r['sid'];
46 $bad_token = $r['token'];
47 rg_log("bad: sid=$bad_sid token=$bad_token");
26 48
27 // Second, do the request
49 rg_log("Now we can attack, we use attacker token but user cookie...");
28 50 $data = array( $data = array(
29 51 "doit" => 1, "doit" => 1,
30 "token" => $r['token'],
52 "token" => $bad_token,
31 53 "user" => "catab", "user" => "catab",
32 54 "pass" => "aaaa", "pass" => "aaaa",
33 55 "lock_ip" => 1 "lock_ip" => 1
34 56 ); );
35 $headers = array("Cookie: sid=" . $r['sid']);
57 $headers = array("Cookie: sid=" . $good_sid);
58 $r = do_req($test_url . "/op/login", $data, $headers);
59 if ($r === FALSE) {
60 rg_log_ml("Cannot do the request: " . print_r($r, TRUE));
61 exit(1);
62 }
63 file_put_contents("http_login_attack.log", print_r($r, TRUE));
64 if (!strstr($r['body'], "invalid token")) {
65 rg_log("We sould get an invalid token error message. Check http_login_attack.log!");
66 exit(1);
67 }
68
69 rg_log("Do the real login post request");
70 $data = array(
71 "doit" => 1,
72 "token" => $good_token,
73 "user" => "catab",
74 "pass" => "aaaa",
75 "lock_ip" => 1
76 );
77 $headers = array("Cookie: sid=" . $good_sid);
36 78 $r = do_req($test_url . "/op/login", $data, $headers); $r = do_req($test_url . "/op/login", $data, $headers);
37 79 if ($r === FALSE) { if ($r === FALSE) {
38 80 rg_log_ml("Cannot login: " . print_r($r, TRUE)); rg_log_ml("Cannot login: " . print_r($r, TRUE));
39 81 exit(1); exit(1);
40 82 } }
41 rg_log_ml("After doing login, r: " . print_r($r, TRUE));
83 file_put_contents("http_login_good.log", print_r($r, TRUE));
42 84 if (strstr($r['body'], "invalid user or pass")) { if (strstr($r['body'], "invalid user or pass")) {
43 rg_log("Login invalid: " . print_r($r, TRUE));
85 rg_log("Login invalid. Check http_login_good.log!");
44 86 exit(1); exit(1);
45 87 } }
46 88
89
90 rg_log("Check what happens if we are logged in and want to login again");
91 $r = test_login($test_url, $good_sid);
92 if ($r === FALSE) {
93 rg_log("Seems we cannot login again if we are already login!");
94 exit(1);
95 }
96
97
98 rg_log("Done!");
47 99 ?> ?>
File tests/http_settings.php added (mode: 100644) (index 0000000..1374426)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3 ini_set("track_errors", "On");
4
5 $rg_cache_debug = TRUE;
6
7 $INC = dirname(__FILE__) . "/../inc";
8 require_once(dirname(__FILE__) . "/config.php");
9 require_once($INC . "/init.inc.php");
10 require_once($INC . "/util.inc.php");
11 require_once("http.inc.php");
12
13 rg_log_set_file("http_settings.log");
14
15 $rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
16 $rg_no_db = TRUE;
17 require_once("common.php");
18
19 $rg_cache_enable = TRUE;
20
21 $now = time();
22
23 rg_log("Test if caching works cache_enable=" . ($rg_cache_enable ? "true" : "false"));
24 rg_cache_set("test::a", "1");
25 $r = rg_cache_get("test::a");
26 if (strcmp($r, "1") != 0) {
27 rg_log("Main cache (set) is not working!");
28 exit(1);
29 }
30 rg_cache_unset("test::a");
31 $r = rg_cache_get("test::a");
32 if ($r !== FALSE) {
33 rg_log("Main cache (unset) is not working!");
34 exit(1);
35 }
36
37 test_restore($db);
38
39 $r = test_login($test_url, $good_sid);
40 if ($r === FALSE) {
41 rg_log("Cannot login!");
42 exit(1);
43 }
44
45 rg_log("Loading change pass form");
46 $data = array();
47 $headers = array("Cookie: sid=" . $good_sid);
48 $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
49 if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
50 file_put_contents("http_settings_change_pass.log", $r['body']);
51 rg_log_ml("Cannot load change pass form!");
52 exit(1);
53 }
54 $good_token = $r['token'];
55
56 rg_log("Posting change pass form");
57 $data = array(
58 "doit" => 1,
59 "token" => $good_token,
60 "old_pass" => "aaaa",
61 "pass1" => "bbbb",
62 "pass2" => "bbbb"
63 );
64 $headers = array("Cookie: sid=" . $good_sid);
65 $r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers);
66 if (!strstr($r['body'], "Password was updated with success")) {
67 file_put_contents("http_settings_change_pass.log", $r['body']);
68 rg_log_ml("Cannot change pass!");
69 exit(1);
70 }
71
72
73 rg_log("Now, try to login with the old password");
74 $r2 = test_login($test_url, $junk);
75 if ($r2 !== FALSE) {
76 rg_log_ml("Seems we were able to login with the old password!");
77 exit(1);
78 }
79
80
81 rg_log("Change back the password");
82 $data = array();
83 $headers = array("Cookie: sid=" . $good_sid);
84 $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers);
85 if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) {
86 file_put_contents("http_settings_change_pass.log", $r['body']);
87 rg_log_ml("Cannot load change pass form!");
88 exit(1);
89 }
90 $good_token = $r['token'];
91 $data = array(
92 "doit" => 1,
93 "token" => $good_token,
94 "old_pass" => "bbbb",
95 "pass1" => "aaaa",
96 "pass2" => "aaaa"
97 );
98 $headers = array("Cookie: sid=" . $good_sid);
99 $r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers);
100 if ($r === FALSE) {
101 file_put_contents("http_settings_change_back.log", $r['body']);
102 rg_log_ml("Cannot change back the pass to aaaa!");
103 exit(1);
104 }
105
106
107 rg_log("Testing edit info section");
108
109 rg_log("Loading edit info form");
110 $data = array();
111 $headers = array("Cookie: sid=" . $good_sid);
112 $r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers);
113 if ($r === FALSE) {
114 rg_log_ml("Cannot load form!");
115 exit(1);
116 }
117
118 rg_log("Posting edit info form");
119 $realname = "Catalin(ux) M. BOIE ($now)";
120 $session_time = intval($now / 393956);
121 $data = array(
122 "doit" => 1,
123 "token" => $r['token'],
124 "uid" => 4,
125 "username" => "catab",
126 "realname" => $realname,
127 "plan_id" => 5,
128 "session_time" => $session_time
129 );
130 $headers = array("Cookie: sid=" . $good_sid);
131 $r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers);
132 if (!strstr($r['body'], "Information was updated with success")) {
133 file_put_contents("http_settings_edit_info.log", $r['body']);
134 rg_log_ml("Cannot change back the pass to aaaa: " . print_r($r, TRUE));
135 exit(1);
136 }
137
138 rg_log("Verify against database");
139 $sql = "SELECT * FROM users WHERE username = 'catab'";
140 $res = rg_sql_query($db, $sql);
141 $row = rg_sql_fetch_array($res);
142 rg_sql_free_result($res);
143 if (strcmp($realname, $row['realname']) != 0) {
144 file_put_contents("http_settings_edit_info.log", $r['body']);
145 rg_log_ml("realname was not changed: " . print_r($row, TRUE));
146 exit(1);
147 }
148 if ($row['plan_id'] != 5) {
149 file_put_contents("http_settings_edit_info.log", $r['body']);
150 rg_log_ml("plan_id was not changed: " . print_r($row, TRUE));
151 exit(1);
152 }
153 if ($row['session_time'] != $session_time) {
154 file_put_contents("http_settings_edit_info.log", $r['body']);
155 rg_log_ml("session_time was not changed: " . print_r($row, TRUE));
156 exit(1);
157 }
158
159
160 rg_log("Testing SSH keys");
161 rg_log("Loading ssh keys form");
162 $data = array();
163 $headers = array("Cookie: sid=" . $good_sid);
164 $r = do_req($test_url . "/op/settings/keys?t=load_key_form_add", $data, $headers);
165 if ($r === FALSE) {
166 rg_log_ml("Cannot load form!");
167 exit(1);
168 }
169 rg_log("Posting keys form");
170 $key = "ssh-dss YWFh comment";
171 $data = array("add" => 1, "token" => $r['token'], "key" => $key);
172 $headers = array("Cookie: sid=" . $good_sid);
173 $r = do_req($test_url . "/op/settings/keys?t=post_key_form_add", $data, $headers);
174 if ($r === FALSE) {
175 file_put_contents("http_settings_key.log", $r['body']);
176 rg_log_ml("Cannot upload key: " . print_r($r, TRUE));
177 exit(1);
178 }
179 $sql = "SELECT * FROM keys WHERE key = '$key'";
180 $res = rg_sql_query($db, $sql);
181 $rows = rg_sql_num_rows($res);
182 if ($rows > 0)
183 $row = rg_sql_fetch_array($res);
184 rg_sql_free_result($res);
185 if ($rows == 0) {
186 rg_log("Key was not uploaded!");
187 exit(1);
188 }
189 $key_id = $row['key_id'];
190
191 rg_log("Now, testing deletion: key_id=$key_id");
192 rg_log("Loading ssh keys form");
193 $data = array();
194 $headers = array("Cookie: sid=" . $good_sid);
195 $r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers);
196 if ($r === FALSE) {
197 rg_log_ml("Cannot load form: " . print_r($r, TRUE));
198 exit(1);
199 }
200 rg_log("Posting delete keys form");
201 $key = "ssh-dss YWFh comment";
202 $data = array("delete" => 1, "token" => $r['token'], "key_delete_ids[$key_id]" => "on");
203 $headers = array("Cookie: sid=" . $good_sid);
204 $r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);
205 if (!strstr($r['body'], "Selected keys were removed with success.")) {
206 file_put_contents("http_settings_key_del.log", $r['body']);
207 rg_log_ml("Cannot delete key!");
208 exit(1);
209 }
210 $sql = "SELECT * FROM keys WHERE key_id = $key_id";
211 $res = rg_sql_query($db, $sql);
212 $rows = rg_sql_num_rows($res);
213 rg_sql_free_result($res);
214 if ($rows == 1) {
215 rg_log_ml("key $key_id was not deleted!");
216 exit(1);
217 }
218
219 rg_log("Done!");
220 ?>
File tests/tmp.php added (mode: 100644) (index 0000000..101186a)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3 ini_set("track_errors", "On");
4
5 $INC = dirname(__FILE__) . "/../inc";
6 require_once(dirname(__FILE__) . "/config.php");
7 require_once($INC . "/init.inc.php");
8 require_once($INC . "/util.inc.php");
9 require_once($INC . "/keys.inc.php");
10 require_once($INC . "/sql.inc.php");
11 require_once($INC . "/struct.inc.php");
12 require_once($INC . "/fixes.inc.php");
13
14 rg_log_set_file("tmp.log");
15
16 require_once("common.php");
17
18 $rg_sql_debug = 1;
19
20 $sql = "SELECT * FROM rights";
21 $res = rg_sql_query($db, $sql);
22 $row = rg_sql_fetch_array($res);
23 print_r($row);
24
25 ?>
File tests/token.php changed (mode: 100644) (index 2d72466..7379a69)
... ... if ($token === FALSE) {
22 22 } }
23 23 rg_log("Correct token: $token"); rg_log("Correct token: $token");
24 24
25 $bad_len = substr($token, 0, 16 + 40 - 1) . "invalidlen";
26 $r = rg_token_valid($db, $sid, $bad_len);
27 if ($r !== FALSE) {
28 rg_log("Invalid length token must return error!");
25 $r = rg_token_valid($db, $sid, $token);
26 if ($r === FALSE) {
27 rg_log("Validating a correct token must work (" . rg_token_error() . ")!");
29 28 exit(1); exit(1);
30 29 } }
31 30
32 $copy = substr($token, 0, 16 + 40 - 1) . "z";
33 $r = rg_token_valid($db, $sid, $copy);
31 $r = rg_token_delete($db, $sid, $token);
32 if ($r['ok'] != 1) {
33 rg_log("We should be able to delete a token!");
34 exit(1);
35 }
36
37 $r = rg_token_valid($db, $sid, $token);
34 38 if ($r !== FALSE) { if ($r !== FALSE) {
35 rg_log("Altering a token must return error!");
39 rg_log("Token should not be available after delete!");
36 40 exit(1); exit(1);
37 41 } }
38 42
39 $r = rg_token_valid($db, $sid . "Z", $token);
43
44 rg_log("Now, test pre-login sessions...");
45 $rg_token = FALSE; /* we must remove it from memory */
46 $sid = "Xsession2";
47 $token = rg_token_get($db, $sid);
48 if ($token === FALSE) {
49 rg_log("Generating a token should not fail (" . rg_token_error() . ")!");
50 exit(1);
51 }
52 rg_log("Correct token: $token");
53
54 $copy = "y" . substr($token, 1);
55 $r = rg_token_valid($db, $sid, $copy);
40 56 if ($r !== FALSE) { if ($r !== FALSE) {
41 rg_log("Altering a sid must return error!");
57 rg_log("An altered token must return error!");
42 58 exit(1); exit(1);
43 59 } }
44 60
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master