2014-12-07 18:27:14 +00:00
< ? php
/**
* @ file include / security . php
*
2016-10-01 22:41:25 +00:00
* @ brief Some security related functions .
2014-12-07 18:27:14 +00:00
*/
/**
* @ param int $user_record The account_id
2016-10-01 22:41:25 +00:00
* @ param array $channel
2014-12-07 18:27:14 +00:00
* @ param bool $login_initial default false
* @ param bool $interactive default false
* @ param bool $return
* @ param bool $update_lastlog
*/
2016-07-21 00:55:40 +00:00
function authenticate_success ( $user_record , $channel = null , $login_initial = false , $interactive = false , $return = false , $update_lastlog = false ) {
2012-01-12 23:46:39 +00:00
$_SESSION [ 'addr' ] = $_SERVER [ 'REMOTE_ADDR' ];
2016-01-18 00:29:32 +00:00
$lastlog_updated = false ;
2014-12-07 18:27:14 +00:00
if ( x ( $user_record , 'account_id' )) {
2016-03-31 23:06:03 +00:00
App :: $account = $user_record ;
2012-10-05 06:05:45 +00:00
$_SESSION [ 'account_id' ] = $user_record [ 'account_id' ];
2012-08-28 04:17:46 +00:00
$_SESSION [ 'authenticated' ] = 1 ;
2015-03-03 23:03:19 +00:00
2016-07-21 00:55:40 +00:00
if ( $channel )
$uid_to_load = $channel [ 'channel_id' ];
2012-01-12 23:46:39 +00:00
2021-03-09 01:51:41 +00:00
if ( ! isset ( $uid_to_load )) {
2016-10-01 22:41:25 +00:00
$uid_to_load = ((( x ( $_SESSION , 'uid' )) && ( intval ( $_SESSION [ 'uid' ])))
? intval ( $_SESSION [ 'uid' ])
2016-07-21 00:55:40 +00:00
: intval ( App :: $account [ 'account_default_channel' ])
);
}
2012-08-28 04:17:46 +00:00
if ( $uid_to_load ) {
2012-10-04 05:28:19 +00:00
change_channel ( $uid_to_load );
2012-09-04 11:28:38 +00:00
}
2012-01-27 20:56:36 +00:00
2021-03-09 01:51:41 +00:00
if (( $login_initial || $update_lastlog ) && ( ! ( isset ( $_SESSION [ 'sudo' ]) && $_SESSION [ 'sudo' ]))) {
2016-01-18 00:29:32 +00:00
q ( " update account set account_lastlog = '%s' where account_id = %d " ,
dbesc ( datetime_convert ()),
intval ( $_SESSION [ 'account_id' ])
);
2016-03-31 23:06:03 +00:00
App :: $account [ 'account_lastlog' ] = datetime_convert ();
2016-01-18 00:29:32 +00:00
$lastlog_updated = true ;
2016-03-31 23:06:03 +00:00
call_hooks ( 'logged_in' , App :: $account );
2016-01-18 00:29:32 +00:00
}
2012-01-27 00:52:12 +00:00
}
2013-01-16 23:51:21 +00:00
2016-01-18 00:29:32 +00:00
if (( $login_initial ) && ( ! $lastlog_updated )) {
2014-02-22 21:33:18 +00:00
2013-01-16 23:51:21 +00:00
call_hooks ( 'logged_in' , $user_record );
2014-02-22 21:33:18 +00:00
// might want to log success here
}
2012-08-28 04:17:46 +00:00
2014-12-07 18:27:14 +00:00
if ( $return || x ( $_SESSION , 'workflow' )) {
2012-08-28 04:17:46 +00:00
unset ( $_SESSION [ 'workflow' ]);
return ;
}
2016-03-31 23:06:03 +00:00
if (( App :: $module !== 'home' ) && x ( $_SESSION , 'login_return_url' ) && strlen ( $_SESSION [ 'login_return_url' ])) {
2012-08-30 06:03:03 +00:00
$return_url = $_SESSION [ 'login_return_url' ];
2014-09-12 06:01:58 +00:00
// don't let members get redirected to a raw ajax page update - this can happen
// if DHCP changes the IP address at an unfortunate time and paranoia is turned on
2020-02-24 23:40:20 +00:00
if ( strstr ( $return_url , 'update' ))
2014-09-12 06:01:58 +00:00
$return_url = '' ;
2012-08-30 06:03:03 +00:00
unset ( $_SESSION [ 'login_return_url' ]);
2016-03-31 05:13:24 +00:00
goaway ( z_root () . '/' . $return_url );
2012-08-28 04:56:13 +00:00
}
2012-01-12 23:46:39 +00:00
2014-02-21 02:38:52 +00:00
/* This account has never created a channel. Send them to new_channel by default */
2016-03-31 23:06:03 +00:00
if ( App :: $module === 'login' ) {
2015-06-16 00:28:52 +00:00
$r = q ( " select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0 " ,
2016-03-31 23:06:03 +00:00
intval ( App :: $account [ 'account_id' ])
2014-02-21 02:38:52 +00:00
);
if (( $r ) && ( ! $r [ 0 ][ 'total' ]))
goaway ( z_root () . '/new_channel' );
}
/* else just return */
2012-01-12 23:46:39 +00:00
}
2016-07-15 02:24:15 +00:00
function atoken_login ( $atoken ) {
2021-03-17 02:17:31 +00:00
if ( ! $atoken ) {
2016-07-15 02:24:15 +00:00
return false ;
2021-03-17 02:17:31 +00:00
}
if ( $App :: $cmd === 'channel' && argv ( 1 )) {
$channel = channelx_by_nick ( argv ( 1 ));
if ( perm_is_allowed ( $channel [ 'channel_id' ], $atoken [ 'xchan_hash' ], 'delegate' )) {
$_SESSION [ 'delegate_channel' ] = $channel [ 'channel_id' ];
$_SESSION [ 'delegate' ] = $atoken [ 'xchan_hash' ];
$_SESSION [ 'account_id' ] = intval ( $channel [ 'channel_account_id' ]);
change_channel ( $channel [ 'channel_id' ]);
return ;
}
}
2016-10-01 22:41:25 +00:00
2016-07-15 02:24:15 +00:00
$_SESSION [ 'authenticated' ] = 1 ;
2016-07-21 00:55:40 +00:00
$_SESSION [ 'visitor_id' ] = $atoken [ 'xchan_hash' ];
2016-07-15 02:24:15 +00:00
$_SESSION [ 'atoken' ] = $atoken [ 'atoken_id' ];
2020-02-24 23:40:20 +00:00
App :: set_observer ( $atoken );
2016-10-01 22:41:25 +00:00
2016-07-21 00:55:40 +00:00
return true ;
2016-07-15 02:24:15 +00:00
}
2016-10-01 22:41:25 +00:00
/**
* @ brief
*
* @ param array $atoken
* @ return array | null
*/
2016-07-15 02:24:15 +00:00
function atoken_xchan ( $atoken ) {
2016-07-15 04:28:17 +00:00
$c = channelx_by_n ( $atoken [ 'atoken_uid' ]);
if ( $c ) {
2016-07-21 00:55:40 +00:00
return [
2016-10-01 22:41:25 +00:00
'atoken_id' => $atoken [ 'atoken_id' ],
2021-04-10 22:32:14 +00:00
'xchan_hash' => substr ( $c [ 'channel_hash' ], 0 , 16 ) . '.' . $atoken [ 'atoken_guid' ],
2016-07-15 04:28:17 +00:00
'xchan_name' => $atoken [ 'atoken_name' ],
2021-04-12 00:55:54 +00:00
'xchan_addr' => 'guest:' . $atoken [ 'atoken_name' ] . '@' . App :: get_hostname (),
'xchan_network' => 'token' ,
2021-04-10 22:32:14 +00:00
'xchan_url' => z_root () . '/guest/' . substr ( $c [ 'channel_hash' ], 0 , 16 ) . '.' . $atoken [ 'atoken_guid' ],
2016-07-15 04:28:17 +00:00
'xchan_hidden' => 1 ,
2018-05-15 08:20:20 +00:00
'xchan_photo_mimetype' => 'image/png' ,
'xchan_photo_l' => z_root () . '/' . get_default_profile_photo ( 300 ),
'xchan_photo_m' => z_root () . '/' . get_default_profile_photo ( 80 ),
'xchan_photo_s' => z_root () . '/' . get_default_profile_photo ( 48 )
2016-07-15 04:28:17 +00:00
];
}
2016-10-01 22:41:25 +00:00
2016-07-21 00:55:40 +00:00
return null ;
2016-07-15 02:24:15 +00:00
}
2016-08-02 03:12:52 +00:00
function atoken_delete ( $atoken_id ) {
$r = q ( " select * from atoken where atoken_id = %d " ,
intval ( $atoken_id )
);
2021-04-11 01:40:39 +00:00
if ( ! $r ) {
2016-08-02 03:12:52 +00:00
return ;
2021-04-11 01:40:39 +00:00
}
2016-08-02 03:12:52 +00:00
$c = q ( " select channel_id, channel_hash from channel where channel_id = %d " ,
intval ( $r [ 0 ][ 'atoken_uid' ])
);
2021-04-11 01:40:39 +00:00
if ( ! $c ) {
2016-08-02 03:12:52 +00:00
return ;
2021-04-11 01:40:39 +00:00
}
2016-10-01 22:41:25 +00:00
2021-04-10 22:32:14 +00:00
$atoken_xchan = substr ( $c [ 0 ][ 'channel_hash' ], 0 , 16 ) . '.' . $r [ 0 ][ 'atoken_guid' ];
2016-08-02 03:12:52 +00:00
q ( " delete from atoken where atoken_id = %d " ,
intval ( $atoken_id )
);
2021-04-10 22:32:14 +00:00
q ( " delete from abook where abook_channel = %d and abook_xchan = '%s' " ,
intval ( $c [ 0 ][ 'channel_id' ]),
dbesc ( $atoken_xchan )
);
2016-08-02 03:12:52 +00:00
q ( " delete from abconfig where chan = %d and xchan = '%s' " ,
intval ( $c [ 0 ][ 'channel_id' ]),
dbesc ( $atoken_xchan )
);
}
2016-10-01 22:41:25 +00:00
/**
* @ brief
*
* In order for atoken logins to create content ( such as posts ) they need a stored xchan .
* we 'll create one on the first atoken_login; it can' t really ever go away but perhaps
* @ fixme we should set xchan_deleted if it ' s expired or removed
*
* @ param array $xchan
* @ return void | boolean
*/
2016-08-02 03:12:52 +00:00
function atoken_create_xchan ( $xchan ) {
$r = q ( " select xchan_hash from xchan where xchan_hash = '%s' " ,
dbesc ( $xchan [ 'xchan_hash' ])
);
2021-04-10 22:32:14 +00:00
if ( $r ) {
2016-08-02 03:12:52 +00:00
return ;
2021-04-10 22:32:14 +00:00
}
2017-01-28 23:01:19 +00:00
$xchan [ 'xchan_guid' ] = $xchan [ 'xchan_hash' ];
$store = [];
2021-04-10 22:32:14 +00:00
foreach ( $xchan as $k => $v ) {
if ( strpos ( $k , 'xchan_' ) === 0 ) {
2017-01-28 23:01:19 +00:00
$store [ $k ] = $v ;
}
}
$r = xchan_store_lowlevel ( $store );
2016-08-02 03:12:52 +00:00
return true ;
}
2016-08-01 01:08:41 +00:00
function atoken_abook ( $uid , $xchan_hash ) {
if ( substr ( $xchan_hash , 16 , 1 ) != '.' )
return false ;
$r = q ( " select channel_hash from channel where channel_id = %d limit 1 " ,
intval ( $uid )
);
if ( ! $r )
return false ;
2021-04-10 22:32:14 +00:00
$x = q ( " select * from atoken where atoken_uid = %d and atoken_guid = '%s' " ,
2016-08-01 01:08:41 +00:00
intval ( $uid ),
dbesc ( substr ( $xchan_hash , 17 ))
);
if ( $x ) {
$xchan = atoken_xchan ( $x [ 0 ]);
$xchan [ 'abook_blocked' ] = 0 ;
$xchan [ 'abook_ignored' ] = 0 ;
$xchan [ 'abook_pending' ] = 0 ;
return $xchan ;
}
return false ;
}
2016-07-15 02:24:15 +00:00
2016-08-02 03:12:52 +00:00
function pseudo_abook ( $xchan ) {
2016-10-01 22:41:25 +00:00
if ( ! $xchan )
2016-08-02 03:12:52 +00:00
return false ;
// set abook_pseudo to flag that we aren't really connected.
$xchan [ 'abook_pseudo' ] = 1 ;
$xchan [ 'abook_blocked' ] = 0 ;
$xchan [ 'abook_ignored' ] = 0 ;
$xchan [ 'abook_pending' ] = 0 ;
2016-10-01 22:41:25 +00:00
2016-08-02 03:12:52 +00:00
return $xchan ;
}
2014-12-07 18:27:14 +00:00
/**
* @ brief Change to another channel with current logged - in account .
*
* @ param int $change_channel The channel_id of the channel you want to change to
*
* @ return bool | array false or channel record of the new channel
*/
2012-10-02 02:04:21 +00:00
function change_channel ( $change_channel ) {
2012-10-04 05:28:19 +00:00
$ret = false ;
2012-10-02 02:04:21 +00:00
if ( $change_channel ) {
2015-12-11 03:18:55 +00:00
2015-06-16 00:28:52 +00:00
$r = q ( " select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1 " ,
2012-10-02 02:04:21 +00:00
intval ( $change_channel ),
2015-06-16 00:28:52 +00:00
intval ( get_account_id ())
2012-10-02 02:04:21 +00:00
);
2014-01-25 23:06:44 +00:00
2014-09-15 02:59:04 +00:00
// It's not there. Is this an administrator, and is this the sys channel?
2014-12-07 18:27:14 +00:00
if ( is_developer ()) {
if ( ! $r ) {
if ( is_site_admin ()) {
2015-06-16 00:28:52 +00:00
$r = q ( " select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_system = 1 and channel_removed = 0 limit 1 " ,
intval ( $change_channel )
2014-12-07 18:27:14 +00:00
);
}
2014-09-15 02:59:04 +00:00
}
}
2014-01-26 10:58:03 +00:00
if ( $r ) {
2012-10-04 05:28:19 +00:00
$hash = $r [ 0 ][ 'channel_hash' ];
2012-10-02 02:04:21 +00:00
$_SESSION [ 'uid' ] = intval ( $r [ 0 ][ 'channel_id' ]);
2016-03-31 23:06:03 +00:00
App :: set_channel ( $r [ 0 ]);
2012-10-02 02:04:21 +00:00
$_SESSION [ 'theme' ] = $r [ 0 ][ 'channel_theme' ];
2015-01-29 04:56:04 +00:00
$_SESSION [ 'mobile_theme' ] = get_pconfig ( local_channel (), 'system' , 'mobile_theme' );
2017-11-08 03:34:00 +00:00
$_SESSION [ 'cloud_tiles' ] = get_pconfig ( local_channel (), 'system' , 'cloud_tiles' );
2012-10-02 02:04:21 +00:00
date_default_timezone_set ( $r [ 0 ][ 'channel_timezone' ]);
2018-04-17 04:40:43 +00:00
// Update the active timestamp at most once a day
2021-03-11 23:05:16 +00:00
if ( substr ( $r [ 0 ][ 'channel_active' ], 0 , 10 ) !== substr ( datetime_convert (), 0 , 10 ) && ( ! ( isset ( $_SESSION [ 'sudo' ]) && $_SESSION [ 'sudo' ]))) {
2018-04-17 04:40:43 +00:00
$z = q ( " UPDATE channel SET channel_active = '%s' WHERE channel_id = %d " ,
dbesc ( datetime_convert ()),
intval ( $r [ 0 ][ 'channel_id' ])
);
}
2012-10-04 05:28:19 +00:00
$ret = $r [ 0 ];
2012-10-02 02:04:21 +00:00
}
2018-06-04 00:49:48 +00:00
$x = xchan_match ([ 'xchan_hash' => $hash ]);
2012-10-29 01:50:35 +00:00
if ( $x ) {
2018-06-04 00:49:48 +00:00
$_SESSION [ 'my_url' ] = $x [ 'xchan_url' ];
2016-09-21 22:28:37 +00:00
$_SESSION [ 'my_address' ] = channel_reddress ( $r [ 0 ]);
2012-11-09 03:07:19 +00:00
2018-06-04 00:49:48 +00:00
App :: set_observer ( $x );
2016-03-31 23:06:03 +00:00
App :: set_perms ( get_all_perms ( local_channel (), $hash ));
2012-10-29 01:50:35 +00:00
}
2014-01-11 20:58:00 +00:00
if ( ! is_dir ( 'store/' . $r [ 0 ][ 'channel_address' ]))
2014-07-16 08:07:00 +00:00
@ os_mkdir ( 'store/' . $r [ 0 ][ 'channel_address' ], STORAGE_DEFAULT_PERMISSIONS , true );
2016-07-11 20:46:06 +00:00
$arr = [ 'channel_id' => $change_channel , 'chanx' => $ret ];
call_hooks ( 'change_channel' , $arr );
2012-10-02 02:04:21 +00:00
}
2012-10-04 05:28:19 +00:00
return $ret ;
2012-10-02 02:04:21 +00:00
}
2014-12-07 18:27:14 +00:00
/**
2015-12-11 03:18:55 +00:00
* @ brief Creates an additional SQL where statement to check permissions .
2014-12-07 18:27:14 +00:00
*
* @ param int $owner_id
2016-10-01 22:41:25 +00:00
* @ param bool $remote_observer ( optional ) use current observer if unset
* @ param $table ( optional )
2014-12-07 18:27:14 +00:00
*
* @ return string additional SQL where statement
*/
2019-03-11 23:05:02 +00:00
2019-10-15 23:41:54 +00:00
function permissions_sql ( $owner_id , $remote_observer = null , $table = '' , $token = EMPTY_STR ) {
2011-07-01 00:35:35 +00:00
2015-01-29 04:56:04 +00:00
$local_channel = local_channel ();
2011-07-01 00:35:35 +00:00
2012-03-07 01:52:00 +00:00
/**
* Construct permissions
*
* default permissions - anonymous user
*/
2019-03-11 23:05:02 +00:00
if ( $table )
2016-02-25 02:54:52 +00:00
$table .= '.' ;
2016-10-01 22:41:25 +00:00
$sql = " AND { $table } allow_cid = ''
AND { $table } allow_gid = ''
AND { $table } deny_cid = ''
AND { $table } deny_gid = ''
2012-03-07 01:52:00 +00:00
" ;
/**
* Profile owner - everything is visible
*/
2019-03-11 23:05:02 +00:00
if (( $local_channel ) && ( $local_channel == $owner_id )) {
return EMPTY_STR ;
2012-03-07 01:52:00 +00:00
}
2019-10-15 23:41:54 +00:00
2012-03-07 01:52:00 +00:00
/**
2019-03-11 23:05:02 +00:00
* Authenticated visitor .
2012-03-07 01:52:00 +00:00
*/
2012-12-16 11:38:04 +00:00
else {
2019-03-11 23:05:02 +00:00
2016-01-31 23:55:27 +00:00
$observer = (( ! is_null ( $remote_observer )) ? $remote_observer : get_observer_hash ());
2013-07-31 02:43:46 +00:00
2019-03-11 23:05:02 +00:00
if ( $observer ) {
$sec = get_security_ids ( $owner_id , $observer );
2020-02-02 23:12:20 +00:00
if ( $token ) {
if ( ! array_key_exists ( 'allow_cid' , $sec )) {
$sec [ 'allow_cid' ] = [];
}
$sec [ 'allow_cid' ][] = 'token:' . $token ;
}
2019-03-11 23:05:02 +00:00
// always allow the channel owner, even if authenticated as a visitor
if ( $sec [ 'channel_id' ]) {
foreach ( $sec [ 'channel_id' ] as $ch ) {
if ( $observer === $ch ) {
return EMPTY_STR ;
}
}
}
2013-07-31 02:43:46 +00:00
2019-03-11 23:05:02 +00:00
if ( is_array ( $sec [ 'allow_cid' ]) && count ( $sec [ 'allow_cid' ])) {
$ca = [];
foreach ( $sec [ 'allow_cid' ] as $c ) {
$ca [] = '<' . $c . '>' ;
}
$cs = implode ( '|' , $ca );
}
else {
$cs = '<<>>' ; // should be impossible to match
}
if ( is_array ( $sec [ 'allow_gid' ]) && count ( $sec [ 'allow_gid' ])) {
$ga = [];
foreach ( $sec [ 'allow_gid' ] as $g ) {
$ga [] = '<' . $g . '>' ;
}
$gs = implode ( '|' , $ga );
2015-03-03 23:03:19 +00:00
}
2019-03-11 23:05:02 +00:00
else {
$gs = '<<>>' ; // should be impossible to match
}
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$regexop = db_getfunc ( 'REGEXP' );
2013-07-31 02:43:46 +00:00
$sql = sprintf (
2019-03-12 10:44:26 +00:00
" AND ( NOT ( { $table } deny_cid $regexop '%s' OR { $table } deny_gid $regexop '%s')
AND ( { $table } allow_cid $regexop '%s' OR { $table } allow_gid $regexop '%s' OR ( { $table } allow_cid = '' AND { $table } allow_gid = '' ) )
2013-07-31 02:43:46 +00:00
)
" ,
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-07-31 02:43:46 +00:00
dbesc ( $gs ),
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-07-31 02:43:46 +00:00
dbesc ( $gs )
);
}
2020-02-02 23:12:20 +00:00
/*
* OCAP token access
*/
elseif ( $token ) {
$sql = " and ( { $table } allow_cid like ' " . protect_sprintf ( '%<token:' . $token . '>%' ) .
" ' OR ( { $table } allow_cid = '' AND { $table } allow_gid = '' AND { $table } deny_cid = '' AND { $table } deny_gid = '' ) ) " ;
}
2012-03-07 01:52:00 +00:00
}
2013-07-31 02:43:46 +00:00
2012-03-07 01:52:00 +00:00
return $sql ;
}
2014-12-07 18:27:14 +00:00
/**
2018-08-22 04:38:10 +00:00
* @ brief Creates an additional SQL where statement to check permissions for an item .
2014-12-07 18:27:14 +00:00
*
* @ param int $owner_id
2016-10-01 22:41:25 +00:00
* @ param bool $remote_observer ( optional ) use current observer if unset
2014-12-07 18:27:14 +00:00
*
* @ return string additional SQL where statement
*/
2019-03-11 23:05:02 +00:00
2015-05-21 01:46:23 +00:00
function item_permissions_sql ( $owner_id , $remote_observer = null ) {
2012-03-07 01:52:00 +00:00
2015-01-29 04:56:04 +00:00
$local_channel = local_channel ();
2012-03-07 01:52:00 +00:00
2011-07-01 00:35:35 +00:00
/**
* Construct permissions
*
* default permissions - anonymous user
*/
2015-05-21 01:46:23 +00:00
$sql = " AND item_private = 0 " ;
2011-07-01 00:35:35 +00:00
/**
* Profile owner - everything is visible
*/
2015-01-29 04:56:04 +00:00
if (( $local_channel ) && ( $local_channel == $owner_id )) {
2016-10-01 22:41:25 +00:00
$sql = '' ;
2011-07-01 00:35:35 +00:00
}
/**
2019-03-11 23:05:02 +00:00
* Authenticated visitor .
2011-07-01 00:35:35 +00:00
*/
2012-12-16 11:38:04 +00:00
else {
2013-07-31 02:43:46 +00:00
2019-03-11 23:05:02 +00:00
$observer = (( $remote_observer ) ? $remote_observer : get_observer_hash ());
2015-09-29 02:45:57 +00:00
2019-03-11 23:05:02 +00:00
if ( $observer ) {
2013-07-31 02:43:46 +00:00
2019-03-11 23:05:02 +00:00
$sec = get_security_ids ( $owner_id , $observer );
2013-07-31 02:43:46 +00:00
2019-03-11 23:05:02 +00:00
// always allow the channel owner, even if authenticated as a visitor
if ( $sec [ 'channel_id' ]) {
foreach ( $sec [ 'channel_id' ] as $ch ) {
if ( $observer === $ch ) {
return EMPTY_STR ;
}
}
}
if ( is_array ( $sec [ 'allow_cid' ]) && count ( $sec [ 'allow_cid' ])) {
$ca = [];
foreach ( $sec [ 'allow_cid' ] as $c ) {
$ca [] = '<' . $c . '>' ;
}
$cs = implode ( '|' , $ca );
}
else {
$cs = '<<>>' ; // should be impossible to match
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
}
2019-03-11 23:05:02 +00:00
if ( is_array ( $sec [ 'allow_gid' ]) && count ( $sec [ 'allow_gid' ])) {
$ga = [];
foreach ( $sec [ 'allow_gid' ] as $g ) {
$ga [] = '<' . $g . '>' ;
}
$gs = implode ( '|' , $ga );
}
else {
$gs = '<<>>' ; // should be impossible to match
}
2019-10-17 00:52:40 +00:00
// This function is often called without an $owner_id in places where this could not be
// determined in advance. The ACL fields will usually not contain the original author or owner
// so we will also check for author_xchan and owner_xchan to account for this ACL deficiency.
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$regexop = db_getfunc ( 'REGEXP' );
2013-07-31 02:43:46 +00:00
$sql = sprintf (
2019-10-17 00:52:40 +00:00
" AND ( author_xchan = '%s' OR owner_xchan = '%s' OR
(( NOT ( deny_cid $regexop '%s' OR deny_gid $regexop '%s' )
AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
)))
2013-07-31 02:43:46 +00:00
" ,
2019-10-17 00:52:40 +00:00
dbesc ( $observer ),
dbesc ( $observer ),
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-07-31 02:43:46 +00:00
dbesc ( $gs ),
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-07-31 02:43:46 +00:00
dbesc ( $gs )
);
}
2011-07-01 00:35:35 +00:00
}
2014-12-07 18:27:14 +00:00
2011-07-01 00:35:35 +00:00
return $sql ;
2012-03-07 01:52:00 +00:00
}
2014-12-07 18:27:14 +00:00
/**
* @ param string $observer_hash
*
* @ return string additional SQL where statement
*/
2019-03-11 23:05:02 +00:00
2013-02-10 12:55:29 +00:00
function public_permissions_sql ( $observer_hash ) {
2019-03-11 23:05:02 +00:00
$owner_id = 0 ;
2013-02-10 12:55:29 +00:00
2019-03-11 23:05:02 +00:00
if ( $observer_hash ) {
$sec = get_security_ids ( $owner_id , $observer_hash );
if ( is_array ( $sec [ 'allow_cid' ]) && count ( $sec [ 'allow_cid' ])) {
$ca = [];
foreach ( $sec [ 'allow_cid' ] as $c ) {
$ca [] = '<' . $c . '>' ;
}
$cs = implode ( '|' , $ca );
}
else {
$cs = '<<>>' ; // should be impossible to match
}
if ( is_array ( $sec [ 'allow_gid' ]) && count ( $sec [ 'allow_gid' ])) {
$ga = [];
foreach ( $sec [ 'allow_gid' ] as $g ) {
$ga [] = '<' . $g . '>' ;
}
$gs = implode ( '|' , $ga );
}
else {
$gs = '<<>>' ; // should be impossible to match
}
2013-02-10 12:55:29 +00:00
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$regexop = db_getfunc ( 'REGEXP' );
2013-09-23 05:52:48 +00:00
$sql = sprintf (
2019-03-12 10:44:26 +00:00
" AND ( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s')
AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) )
2019-03-11 23:05:02 +00:00
)
2013-09-23 05:52:48 +00:00
" ,
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-09-23 05:52:48 +00:00
dbesc ( $gs ),
2019-03-11 23:05:02 +00:00
dbesc ( $cs ),
2013-09-23 05:52:48 +00:00
dbesc ( $gs )
);
}
2019-03-11 23:05:02 +00:00
else {
2020-04-17 07:00:49 +00:00
$sql = " and item_private = 0 " ;
2019-03-11 23:05:02 +00:00
}
2013-02-10 12:55:29 +00:00
return $sql ;
}
2012-03-07 01:52:00 +00:00
2012-03-12 20:17:37 +00:00
/*
* Functions used to protect against Cross - Site Request Forgery
* The security token has to base on at least one value that an attacker can 't know - here it' s the session ID and the private key .
* In this implementation , a security token is reusable ( if the user submits a form , goes back and resubmits the form , maybe with small changes ;
* or if the security token is used for ajax - calls that happen several times ), but only valid for a certain amout of time ( 3 hours ) .
* The " typename " seperates the security tokens of different types of forms . This could be relevant in the following case :
2016-08-02 03:12:52 +00:00
* A security token is used to protekt a link from CSRF ( e . g . the " delete this profile " - link ) .
2012-03-12 20:17:37 +00:00
* If the new page contains by any chance external elements , then the used security token is exposed by the referrer .
* Actually , important actions should not be triggered by Links / GET - Requests at all , but somethimes they still are ,
* so this mechanism brings in some damage control ( the attacker would be able to forge a request to a form of this type , but not to forms of other types ) .
2016-10-01 22:41:25 +00:00
*/
2012-03-19 07:37:09 +00:00
function get_form_security_token ( $typename = '' ) {
2015-03-03 23:03:19 +00:00
2012-03-12 20:17:37 +00:00
$timestamp = time ();
2016-04-01 03:15:47 +00:00
$sec_hash = hash ( 'whirlpool' , App :: $observer [ 'xchan_guid' ] . (( local_channel ()) ? App :: $channel [ 'channel_prvkey' ] : '' ) . session_id () . $timestamp . $typename );
2014-01-20 11:12:40 +00:00
2012-03-19 07:37:09 +00:00
return $timestamp . '.' . $sec_hash ;
2012-03-12 20:17:37 +00:00
}
2012-03-19 07:37:09 +00:00
function check_form_security_token ( $typename = '' , $formname = 'form_security_token' ) {
2012-03-12 20:17:37 +00:00
if ( ! x ( $_REQUEST , $formname )) return false ;
$hash = $_REQUEST [ $formname ];
2015-03-03 23:03:19 +00:00
2012-03-12 20:17:37 +00:00
$max_livetime = 10800 ; // 3 hours
2015-03-03 23:03:19 +00:00
2012-03-19 07:37:09 +00:00
$x = explode ( '.' , $hash );
2012-03-12 20:17:37 +00:00
if ( time () > ( IntVal ( $x [ 0 ]) + $max_livetime )) return false ;
2015-03-03 23:03:19 +00:00
2016-04-01 03:15:47 +00:00
$sec_hash = hash ( 'whirlpool' , App :: $observer [ 'xchan_guid' ] . (( local_channel ()) ? App :: $channel [ 'channel_prvkey' ] : '' ) . session_id () . $x [ 0 ] . $typename );
2015-03-03 23:03:19 +00:00
2012-03-12 20:17:37 +00:00
return ( $sec_hash == $x [ 1 ]);
}
function check_form_security_std_err_msg () {
2012-04-14 20:24:35 +00:00
return t ( 'The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before submitting it.' ) . EOL ;
2012-03-12 20:17:37 +00:00
}
2012-03-19 07:37:09 +00:00
function check_form_security_token_redirectOnErr ( $err_redirect , $typename = '' , $formname = 'form_security_token' ) {
2012-03-12 20:17:37 +00:00
if ( ! check_form_security_token ( $typename , $formname )) {
2016-04-01 03:15:47 +00:00
logger ( 'check_form_security_token failed: user ' . App :: $observer [ 'xchan_name' ] . ' - form element ' . $typename );
2012-03-19 07:37:09 +00:00
logger ( 'check_form_security_token failed: _REQUEST data: ' . print_r ( $_REQUEST , true ), LOGGER_DATA );
2012-03-12 20:17:37 +00:00
notice ( check_form_security_std_err_msg () );
2016-03-31 05:13:24 +00:00
goaway ( z_root () . $err_redirect );
2012-03-12 20:17:37 +00:00
}
}
2012-03-19 07:37:09 +00:00
function check_form_security_token_ForbiddenOnErr ( $typename = '' , $formname = 'form_security_token' ) {
2012-03-18 15:44:33 +00:00
if ( ! check_form_security_token ( $typename , $formname )) {
2016-04-01 03:15:47 +00:00
logger ( 'check_form_security_token failed: user ' . App :: $observer [ 'xchan_name' ] . ' - form element ' . $typename );
2012-03-19 07:37:09 +00:00
logger ( 'check_form_security_token failed: _REQUEST data: ' . print_r ( $_REQUEST , true ), LOGGER_DATA );
2012-03-18 15:44:33 +00:00
header ( 'HTTP/1.1 403 Forbidden' );
killme ();
}
2012-04-14 20:24:35 +00:00
}
2012-10-22 00:23:21 +00:00
2014-12-07 18:27:14 +00:00
2015-12-11 03:18:55 +00:00
// Returns an array of group hash id's on this entire site (across all channels) that this connection is a member of.
// var $contact_id = xchan_hash of connection
2012-10-22 00:23:21 +00:00
function init_groups_visitor ( $contact_id ) {
2017-02-12 23:56:33 +00:00
$groups = [];
// physical groups this channel is a member of
2018-09-26 00:47:43 +00:00
$r = q ( " SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan = '%s' " ,
2013-01-22 03:56:39 +00:00
dbesc ( $contact_id )
2012-10-22 00:23:21 +00:00
);
2016-03-10 23:43:59 +00:00
if ( $r ) {
2012-10-22 00:23:21 +00:00
foreach ( $r as $rr )
2013-11-22 19:52:38 +00:00
$groups [] = $rr [ 'hash' ];
2012-10-22 00:23:21 +00:00
}
return $groups ;
2015-12-11 03:18:55 +00:00
}
2012-10-22 00:23:21 +00:00
2019-03-11 23:05:02 +00:00
function get_security_ids ( $channel_id , $ob_hash ) {
$ret = [
'channel_id' => [],
'allow_cid' => [],
'allow_gid' => []
];
if ( $channel_id ) {
$ch = q ( " select channel_hash from channel where channel_id = %d " ,
intval ( $channel_id )
);
if ( $ch ) {
$ret [ 'channel_id' ][] = $ch [ 0 ][ 'channel_hash' ];
}
}
$groups = [];
$x = q ( " select * from xchan where xchan_hash = '%s' " ,
dbesc ( $ob_hash )
);
if ( $x ) {
// include xchans for all zot-like networks
2020-09-22 00:26:27 +00:00
$xchans = q ( " select xchan_hash, xchan_network from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) " ,
2019-03-11 23:05:02 +00:00
dbesc ( $ob_hash ),
dbesc ( $x [ 0 ][ 'xchan_guid' ]),
dbesc ( $x [ 0 ][ 'xchan_pubkey' ])
);
if ( $xchans ) {
$ret [ 'allow_cid' ] = ids_to_array ( $xchans , 'xchan_hash' );
$hashes = ids_to_querystr ( $xchans , 'xchan_hash' , true );
// physical groups this identity is a member of
$r = q ( " SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf ( $hashes ) . " ) " );
if ( $r ) {
foreach ( $r as $rv ) {
$groups [] = $rv [ 'hash' ];
}
}
2020-09-22 00:26:27 +00:00
// virtual groups this identity is a member of
$r = q ( " select channel_hash from channel left join abook on channel_id = abook_channel where abook_xchan in ( " . protect_sprintf ( $hashes ) . " ) and abook_self = 0 and abook_pending = 0 and abook_archived = 0 " );
if ( $r ) {
foreach ( $r as $rv ) {
$groups [] = 'connections:' . $rv [ 'channel_hash' ];
if ( $xchans [ 0 ][ 'xchan_network' ] === 'zot6' ) {
$groups [] = 'zot:' . $rv [ 'channel_hash' ];
}
if ( $xchans [ 0 ][ 'xchan_network' ] === 'activitypub' ) {
$groups [] = 'activitypub:' . $rv [ 'channel_hash' ];
}
}
}
2019-03-11 23:05:02 +00:00
$ret [ 'allow_gid' ] = $groups ;
}
}
return $ret ;
}
