<?php error_reporting(E_ALL | E_STRICT); ini_set("track_errors", "On"); $rg_cache_debug = TRUE; $INC = dirname(__FILE__) . "/../inc"; require_once(dirname(__FILE__) . "/config.php"); require_once($INC . "/init.inc.php"); require_once($INC . "/util.inc.php"); require_once("helpers.inc.php"); require_once("http.inc.php"); rg_log_set_file("http_settings.log"); $rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10"; $rg_no_db = TRUE; require_once("common.php"); $_testns = 'http_settings'; $rg_cache_enable = TRUE; $now = time(); rg_log("Testing if caching works: cache_enable=" . ($rg_cache_enable ? "true" : "false")); rg_cache_set("test::a", "1", 0); rg_cache_core_unset("test::a"); // to force "network" access = bypass mem cache $r = rg_cache_get("test::a"); if (strcmp($r, "1") != 0) { rg_log("Main cache (set) is not working!"); exit(1); } rg_cache_unset("test::a", RG_SOCKET_NO_WAIT); rg_cache_core_unset("test::a"); // to force "network" access = bypass mem cache $r = rg_cache_get("test::a"); if ($r !== FALSE) { rg_log("Main cache (unset) is not working!"); exit(1); } test_restore($db); rg_test_create_user($db, $rg_ui); $r = test_login($test_url, $rg_ui, $good_sid); if ($r === FALSE) { rg_log("Cannot login!"); exit(1); } rg_log(''); rg_log("Loading change pass form"); $data = array(); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers); if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot load change pass form!"); exit(1); } $good_token = $r['tokens']['set_pass']; rg_log(''); rg_log("Posting change pass form"); $data = array( "doit" => 1, "token" => $good_token, "old_pass" => $rg_ui['pass'], "pass1" => "bbbb", "pass2" => "bbbb" ); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/change_pass?t=post_change_pass_form", $data, $headers); if (!strstr($r['body'], "Password has been successfully updated")) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot change pass!"); exit(1); } rg_log(''); rg_log("Now, try to login with the old password"); $r2 = test_login($test_url, $rg_ui, $junk); if ($r2 !== FALSE) { rg_log("Seems we were able to login with the old password!"); exit(1); } rg_log(''); rg_log("Change back the password"); $data = array(); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/change_pass?t=load_change_pass_form", $data, $headers); if (!strstr($r['body'], "action=\"/op/settings/change_pass\"")) { rg_log("Cannot load change pass form!"); exit(1); } $good_token = $r['tokens']['set_pass']; $data = array( "doit" => 1, "token" => $good_token, "old_pass" => "bbbb", "pass1" => $rg_ui['pass'], "pass2" => $rg_ui['pass'] ); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/change_pass?t=change_back_the_password", $data, $headers); if ($r === FALSE) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot change back the pass to aaaa!"); exit(1); } rg_log(''); rg_log("Testing edit info section"); rg_log(''); rg_log("Loading edit info form"); $data = array(); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/edit_info?t=load_edit_info_form", $data, $headers); if ($r === FALSE) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot load form!"); exit(1); } rg_log(''); rg_log("Posting edit info form"); $session_time = intval($now / 393956); $data = array( "doit" => 1, "token" => $r['tokens']['user_edit_hl'], "uid" => 4, "username" => $rg_ui['username'], "realname" => $rg_ui['realname'], "plan_id" => 5, "session_time" => $session_time ); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/edit_info?t=post_edit_info_form", $data, $headers); if (!strstr($r['body'], "Information has been successfully updated")) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot change account info!"); exit(1); } rg_log(''); rg_log("Verify against database"); $sql = "SELECT * FROM users WHERE username = '" . $rg_ui['username'] . "'"; $res = rg_sql_query($db, $sql); $row = rg_sql_fetch_array($res); rg_sql_free_result($res); if (strcmp($rg_ui['realname'], $row['realname']) != 0) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml("realname has not been changed: " . print_r($row, TRUE)); exit(1); } if ($row['plan_id'] != 5) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml("plan_id has not been changed: " . print_r($row, TRUE)); exit(1); } if ($row['session_time'] != $session_time) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log_ml("session_time has not been changed: " . print_r($row, TRUE)); exit(1); } rg_log(''); rg_log("Testing SSH keys"); rg_log("Loading ssh keys form"); $data = array(); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/keys?t=load_key_form_add", $data, $headers); if ($r === FALSE) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot load form!"); exit(1); } if (empty($r['tokens']['keys'])) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("token not found!"); exit(1); } rg_log("Posting keys form"); $comment = "<xss>" . $rg_ui['uid']; $key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+2OHaQiZzdwV4HQF9pCBbSQFaoM5Q0YmmRYDL8BUCjwClDgOLp9lQVN5XksoBx2t9INj6XrobjNc/GUF60c1Ald0FtjRl7nIZdYvKDutlxHcGUy6MHsVnCDviXQJD9Hm9fyuBLdy3/oadSCAaQYE/Tcf9rWt1NmhQ7560bCGmh4pw8N+XXAz2nQBCqvIK8VDoBbOOgFa/HOwBrKCgaGmcTGs5wRWHbw3+h6CO1vqEYcSCSqBPMG1JOMfMTuJ0aTXXEkSNPF+TVva85L4qrQslyHbn2JU1t7/HQsFnGtgF1o2AglIR2RbyMmr6axI51Srf20EB9/c9T3auYQipbw85"; $data = array("add" => 1, "token" => $r['tokens']['keys'], "key" => $key . ' ' . $comment); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/keys?t=post_key_form_add", $data, $headers); if ($r === FALSE) { rg_log("Cannot upload key!"); exit(1); } // the key upload stuff will change < and > to empty. $sql = "SELECT * FROM keys WHERE key = '" . $key . " " . $comment . "'"; $res = rg_sql_query($db, $sql); $rows = rg_sql_num_rows($res); if ($rows > 0) $row = rg_sql_fetch_array($res); rg_sql_free_result($res); if ($rows == 0) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Key has not been uploaded!"); exit(1); } $key_id = $row['key_id']; rg_log(''); rg_log("Now, testing deletion: key_id=$key_id"); rg_log("Loading ssh keys form"); $data = array(); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/keys?t=load_key_form_del", $data, $headers); if ($r === FALSE) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot load ssh key form!"); exit(1); } rg_log("Posting delete keys form"); $data = array("delete" => 1, "token" => $r['tokens']['keys'], "key_delete_ids[$key_id]" => "on"); $headers = array("Cookie: sid=" . $good_sid); $r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers); if (!strstr($r['body'], "Selected keys were removed with success.")) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("Cannot delete key!"); exit(1); } $sql = "SELECT * FROM keys WHERE key_id = $key_id"; $res = rg_sql_query($db, $sql); $rows = rg_sql_num_rows($res); rg_sql_free_result($res); if ($rows == 1) { rg_log_ml('r: ' . print_r($r, TRUE)); rg_log("key $key_id has not been deleted!"); exit(1); } rg_log("OK!"); ?>