String 'NULL' eliminiert (2b7dc71) - webinterface.git

String 'NULL' eliminiert

Bernd Wurst commited on 2014-02-07 14:21:11
Zeige 7 geänderte Dateien mit 9 Einfügungen und 18 Löschungen.

certlogin/index.php 5c620af..8eec4cf
class/database.php d1b5b80..3f2db9b
modules/dns/include/dnsinclude.php 60ac711..1020d09
modules/email/include/vmail.php 4bcadba..174b0da
modules/index/include/x509.php c9068e8..3cd28fa
modules/mysql/include/mysql.php 0bbe1b2..a860fc3
session/checkuser.php 78ada4b..e49adbc

certlogin/index.php

@@ -114,6 +114,7 @@ else
       $uid = $ret[0]['username'];
       $role = find_role($uid, '', True);
       setup_session($role, $uid);
+      setcookie('CLIENTCERT_AUTOLOGIN', '1', time()+3600*24*365, '/');
       $destination = 'go/index/index';
       if (check_path($ret[0]['startpage']))
         $destination = $ret[0]['startpage'];

class/database.php

Zeige Datei @ 2b7dc71

@@ -42,6 +42,7 @@ class DB extends PDO {
       if (config("enable_debug")) {
         foreach (array_values($params) as $p) {
           if ($p === '') {
+            DEBUG("Potential bug, empty string found in database parameters");
             warning("Potential bug, empty string found in database parameters");
           }
         }
@@ -71,7 +72,7 @@ function db_escape_string($string)
 {
   if (config("enable_debug")) {
     $backtrace = debug_backtrace();
-    warning("call to db_escape_string() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
+    warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}");
   }
   global $_db;
   __ensure_connected();

modules/dns/include/dnsinclude.php

Zeige Datei @ 2b7dc71

@@ -60,9 +60,9 @@ function create_dyndns_account($handle, $password_http, $sshkey)
   $handle = filter_input_username($handle);
   $sshkey = filter_input_general($sshkey);
 
-  $pwhash = 'NULL';
+  $pwhash = NULL;
   if ($password_http)
-    $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
+    $pwhash = "{SHA}".base64_encode(sha1($password_http, true));
 
   db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
            "(:uid, :handle, :pwhash, :sshkey)",

modules/email/include/vmail.php

Zeige Datei @ 2b7dc71

@@ -335,7 +335,7 @@ function save_vmail_account($account)
   }  
 
   if ($account['quota_threshold'] == -1) {
-    $account['quota_threshold'] = 'NULL';
+    $account['quota_threshold'] = NULL;
   }
   else {
     $account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );

modules/index/include/x509.php

Zeige Datei @ 2b7dc71

@@ -19,18 +19,7 @@ require_once('inc/security.php');
 function do_ajax_cert_login() {
   global $prefix;
   require_once('inc/jquery.php');
-  html_header('
-<script type="text/javascript">
-  function redirect(status) {
-    if (status == "ok") {
-      window.location.reload();
-    } else {
-      window.location.href="../../certlogin/";
-    }
-  }
-  $.get("'.$prefix.'certlogin/ajax.php", redirect);
-</script>
-');
+  javascript('certlogin.js');
 }
 
 function get_logins_by_cert($cert) 

modules/mysql/include/mysql.php

Zeige Datei @ 2b7dc71

@@ -176,7 +176,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
     return NULL;
   }
   if (! in_array($server, additional_servers()) || ($server == my_server_id())) {
-    $server = 'NULL';
+    $server = NULL;
   }
   $args = array(":dbname" => $dbname,
                 ":uid" => $_SESSION['userinfo']['uid'],

session/checkuser.php

Zeige Datei @ 2b7dc71

@@ -36,7 +36,7 @@ function find_role($login, $password, $i_am_admin = False)
   // System-User?
   $uid = (int) $login;
   if ($uid == 0)
-    $uid = 'NULL';
+    $uid = NULL;
   $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
   if (@$result->rowCount() > 0)
   {


...	...	@@ -114,6 +114,7 @@ else
114	114	$uid = $ret[0]['username'];
115	115	$role = find_role($uid, '', True);
116	116	setup_session($role, $uid);
	117	+ setcookie('CLIENTCERT_AUTOLOGIN', '1', time()+360024365, '/');
117	118	$destination = 'go/index/index';
118	119	if (check_path($ret[0]['startpage']))
119	120	$destination = $ret[0]['startpage'];

...	...	@@ -335,7 +335,7 @@ function save_vmail_account($account)
335	335	}
336	336
337	337	if ($account['quota_threshold'] == -1) {
338		- $account['quota_threshold'] = 'NULL';
	338	+ $account['quota_threshold'] = NULL;
339	339	}
340	340	else {
341	341	$account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );

...	...	@@ -176,7 +176,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
176	176	return NULL;
177	177	}
178	178	if (! in_array($server, additional_servers()) \|\| ($server == my_server_id())) {
179		- $server = 'NULL';
	179	+ $server = NULL;
180	180	}
181	181	$args = array(":dbname" => $dbname,
182	182	":uid" => $_SESSION['userinfo']['uid'],

...	...	@@ -36,7 +36,7 @@ function find_role($login, $password, $i_am_admin = False)
36	36	// System-User?
37	37	$uid = (int) $login;
38	38	if ($uid == 0)
39		- $uid = 'NULL';
	39	+ $uid = NULL;
40	40	$result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
41	41	if (@$result->rowCount() > 0)
42	42	{
43	43

...	...	@@ -42,6 +42,7 @@ class DB extends PDO {
42	42	if (config("enable_debug")) {
43	43	foreach (array_values($params) as $p) {
44	44	if ($p === '') {
	45	+ DEBUG("Potential bug, empty string found in database parameters");
45	46	warning("Potential bug, empty string found in database parameters");
46	47	}
47	48	}
...	...	@@ -71,7 +72,7 @@ function db_escape_string($string)
71	72	{
72	73	if (config("enable_debug")) {
73	74	$backtrace = debug_backtrace();
74		- warning("call to db_escape_string() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
	75	+ warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}");
75	76	}
76	77	global $_db;
77	78	__ensure_connected();

...	...	@@ -60,9 +60,9 @@ function create_dyndns_account($handle, $password_http, $sshkey)
60	60	$handle = filter_input_username($handle);
61	61	$sshkey = filter_input_general($sshkey);
62	62
63		- $pwhash = 'NULL';
	63	+ $pwhash = NULL;
64	64	if ($password_http)
65		- $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
	65	+ $pwhash = "{SHA}".base64_encode(sha1($password_http, true));
66	66
67	67	db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
68	68	"(:uid, :handle, :pwhash, :sshkey)",

...	...	@@ -19,18 +19,7 @@ require_once('inc/security.php');
19	19	function do_ajax_cert_login() {
20	20	global $prefix;
21	21	require_once('inc/jquery.php');
22		- html_header('
23		-<script type="text/javascript">
24		- function redirect(status) {
25		- if (status == "ok") {
26		- window.location.reload();
27		- } else {
28		- window.location.href="../../certlogin/";
29		- }
30		- }
31		- $.get("'.$prefix.'certlogin/ajax.php", redirect);
32		-</script>
33		-');
	22	+ javascript('certlogin.js');
34	23	}
35	24
36	25	function get_logins_by_cert($cert)