Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLiam McLoughlin <hexxeh@hexxeh.net>2011-07-27 20:29:49 +0100
committerLiam McLoughlin <hexxeh@hexxeh.net>2011-07-27 20:29:49 +0100
commit5099c71493abe193f23b7f0a7381e539bc67bb33 (patch)
tree7628542c989bace2895427d34959b5f3fcbd2150
parentAdded disk size cap (diff)
downloadgentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.tar.gz
gentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.tar.bz2
gentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.zip
Moved to using mysqli and prepared statements
Diffstat
-rw-r--r--client.php19
-rw-r--r--daemon.php108
-rw-r--r--status.php40
-rw-r--r--web/config.php2
-rw-r--r--web/process.php60
-rw-r--r--web/status.php61
-rw-r--r--web/testdrive.php39
7 files changed, 200 insertions, 129 deletions
diff --git a/client.php b/client.php
index e2284b4..56313ae 100644
--- a/client.php
+++ b/client.php
@@ -21,13 +21,16 @@
echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n";
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error());
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $query = "INSERT INTO builds (id, handle)".
- ." VALUES('".$handlehash."','".$handle."')";
- mysql_query($query);
- echo "Job handle mapping added to database\n";
+ $query = "INSERT INTO builds (id, handle) VALUES(?, ?)";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("ss", $handlehash, $handle);
+ $stmt->execute();
+ $stmt->close();
+ $db->close();
+ echo "Job handle mapping added to database\n"; \ No newline at end of file
diff --git a/daemon.php b/daemon.php
index 1936864..5fa09b2 100644
--- a/daemon.php
+++ b/daemon.php
@@ -17,16 +17,22 @@
{
$result = trim($result);
echo "A job finished with return code ".$returncode.": ".$result."\n";
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error());
+
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $result = mysql_real_escape_string($result);
- $query = "UPDATE builds".
- " SET result = '".$result."', returncode = '".$returncode.
- "' WHERE handle = '".mysql_real_escape_string($handle)."'";
- mysql_query($query);
+
+ $query = "UPDATE builds SET result = ?, returncode = ? ".
+ "WHERE handle = ?";
+
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("sds", $result, $returncode, $handle);
+ $stmt->execute();
+ $stmt->close();
+ $db->close();
+
return serialize(array($returncode, $result));
}
@@ -103,26 +109,42 @@
$insert = false;
$update = false;
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error());
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
+
+ $query = "UPDATE builds SET result = ?, returncode = ? ".
+ "WHERE handle = ?";
+
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("sds", $result, $returncode, $handle);
+ $stmt->execute();
+ $stmt->close();
+ $db->close();
+
$query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1";
- $result = mysql_query($query);
- if (mysql_num_rows($result) == 0) {
+ $stmt = $db->prepare($query);
+ $stmt->execute();
+ if ($stmt->num_rows == 0) {
// no ports! assign a new one
+ $stmt->close();
$port = LOW_PORT;
$insert = true;
echo "No ports! Assigning ".$port."\n";
} else {
// we have a port! let's check if our vm has one
- $ports = mysql_fetch_array($result);
- $lastport = $ports[0];
- $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'";
- $result = mysql_query($query);
- if (mysql_num_rows($result) == 0) {
+ $stmt->bind_result($lastport);
+ $stmt->fetch();
+ $stmt->close();
+ $query = "SELECT port, pid FROM ports WHERE id = ?";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ if ($stmt->num_rows == 0) {
// vm doesn't have one, assign one!
+ $stmt->close();
$port = $lastport+1;
if ($port > HIGH_PORT) {
$port = LOW_PORT;
@@ -131,18 +153,18 @@
echo "Assigning new port ".$port."\n";
} else {
// vm already has one, return it
- $ports = mysql_fetch_array($result);
- $port = $ports[0];
- $pid = $ports[1];
- $running = true;
- if (!check_pid($pid)) {
- $running = false;
- $update = true;
- echo "VM is not running, PID ".$pid." is dead!\n";
- } else {
- echo "VM is running on PID ".$pid."\n";
- }
- echo "VM already has port ".$port."\n";
+ $stmt->bind_result($port, $pid);
+ $stmt->fetch();
+ $stmt->close();
+ $running = true;
+ if (!check_pid($pid)) {
+ $running = false;
+ $update = true;
+ echo "VM is not running, PID ".$pid." is dead!\n";
+ } else {
+ echo "VM is running on PID ".$pid."\n";
+ }
+ echo "VM already has port ".$port."\n";
}
}
@@ -162,17 +184,27 @@
$pid = $pid + 2;
if ($insert) {
- $query = "DELETE FROM ports WHERE port = ".$port;
- $result = mysql_query($query);
- $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")";
- $result = mysql_query($query);
+ $query = "DELETE FROM ports WHERE port = ?";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("d", $port);
+ $stmt->execute();
+ $stmt->close();
+ $query = "INSERT INTO ports (id, port, pid) VALUES(?, ?, ?)";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("sdd", $buildID, $port, $pid);
+ $stmt->execute();
+ $stmt->close();
echo "Doing insert!\n";
} elseif ($update) {
- $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'";
- $result = mysql_query($query);
+ $query = "UPDATE ports SET pid = ? WHERE id = ?";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("ds", $pid, $buildID);
+ $stmt->execute();
+ $stmt->close();
echo "Doing update\n";
}
+ $db->close();
$port = $port+1000;
return serialize(array(EXTERNAL_HOST, $port));
}
diff --git a/status.php b/status.php
index 48f4dff..66d55f8 100644
--- a/status.php
+++ b/status.php
@@ -8,17 +8,21 @@
if (!isset($argv[1])) {
die("No handle hash given\n");
}
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error()."\n");
+
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $query = "SELECT handle FROM builds ".
- "WHERE id = '".mysql_real_escape_string($argv[1])."'";
- $result = mysql_query($query);
- if (mysql_num_rows($result) == 1) {
- $handles = mysql_fetch_array($result);
- $handle = $handles[0];
+
+ $query = "SELECT handle FROM builds WHERE id = ?";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("s", $argv[1]);
+ $stmt->execute();
+ $stmt->store_result();
+ if ($stmt->num_rows == 1) {
+ $stmt->bind_result($handle);
+ $stmt->close();
$client = new GearmanClient();
$client->addServer();
@@ -33,11 +37,14 @@
}
} else {
$query = "SELECT returncode, result FROM builds ".
- "WHERE id = '".mysql_real_escape_string($argv[1])."'";
- $result = mysql_query($query);
- $jobres = mysql_fetch_array($result);
- if ($jobres[0] !== null) {
- echo "Job returned with code ".$jobres[0].": ".$jobres[1]."\n";
+ "WHERE id = ?";
+ $stmt = $db->prepare($query);
+ $stmt->bind_param("s", $argv[1]);
+ $stmt->execute();
+ $stmt->bind_result($returncode, $result);
+ $stmt->fetch();
+ if ($returncode !== null) {
+ echo "Job returned with code ".$returncode.": ".$result."\n";
} else {
echo "Job failed\n";
}
@@ -45,4 +52,5 @@
} else {
echo "Invalid handle hash\n";
}
-
+
+ $db->close(); \ No newline at end of file
diff --git a/web/config.php b/web/config.php
index 6d5735c..30d6aa4 100644
--- a/web/config.php
+++ b/web/config.php
@@ -16,6 +16,6 @@
define("MYSQL_DATABASE", "gentoaster");
// Set the RECAPTCHA keys that should be used, if enabled
- define("RECAPTCHA_ENABLED", true);
+ define("RECAPTCHA_ENABLED", false);
define("RECAPTCHA_PUBLIC_KEY","REPLACE_ME");
define("RECAPTCHA_PRIVATE_KEY", "REPLACE_ME"); \ No newline at end of file
diff --git a/web/process.php b/web/process.php
index 43827b9..238e843 100644
--- a/web/process.php
+++ b/web/process.php
@@ -8,27 +8,42 @@
if (RECAPTCHA_ENABLED) {
require_once "recaptcha.php";
+ $remoteAddress = filter_input(INPUT_SERVER,
+ "remote_addr",
+ FILTER_VALIDATE_IP);
+ $challenge = filter_input(INPUT_POST,
+ "recaptcha_challenge_field",
+ FILTER_UNSAFE_RAW);
+ $response = filter_input(INPUT_POST,
+ "recaptcha_response_field",
+ FILTER_UNSAFE_RAW);
+
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY,
- $_SERVER["REMOTE_ADDR"],
- $_POST["recaptcha_challenge_field"],
- $_POST["recaptcha_response_field"]);
+ $remoteAddress,
+ $challenge,
+ $response);
if (!$resp->is_valid) {
die("CAPTCHA was incorrect");
}
}
+ function sanitize_shellarg($arg) {
+ return escapeshellarg($arg);
+ }
+ define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg"));
+
$buildID = uniqid();
- $bootMegabytes = intval($_POST["boot_size"]);
- $swapMegabytes = intval($_POST["swap_size"]);
- $rootMegabytes = intval($_POST["root_size"]);
- $timezone = escapeshellarg($_POST["timezone"]);
- $hostname = escapeshellarg($_POST["hostname"]);
- $username = escapeshellarg($_POST["username"]);
- $password = escapeshellarg($_POST["password"]);
- $rootPassword = escapeshellarg($_POST["rootpassword"]);
- $packagesList = escapeshellarg($_POST["packages"]);
- $outputFormat = escapeshellarg($_POST["format"]);
+ $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT);
+ $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT);
+ $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT);
+ $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL);
+ $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL);
+ $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL);
+ $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL);
+ $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL);
+ $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL);
+ $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL);
$packagesList = str_replace("\r\n", " ", $packagesList);
$packagesList = str_replace("\n", " ", $packagesList);
@@ -41,7 +56,7 @@ SWAP_MEGABYTES='$swapMegabytes'
ROOT_MEGABYTES='$rootMegabytes'
TIMEZONE=$timezone
HOSTNAME=$hostname
-ROOT_PASSWORD=$rootPassword
+ROOT_PASSWORD=$rootPass
DEFAULT_USERNAME=$username
DEFAULT_PASSWORD=$password
USE_FLAGS=''
@@ -55,13 +70,16 @@ OUTPUT_FORMAT=$outputFormat";
$client->addServer();
$handle = $client->doBackground("invoke_image_build", $iniString);
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error());
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $query = "INSERT INTO builds (id, handle) ".
- "VALUES('".$buildID."','".$handle."')";
- mysql_query($query);
+
+ $stmt = $db->prepare("INSERT INTO builds (id, handle) VALUES(?, ?)");
+ $stmt->bind_param("ss", $buildID, $handle);
+ $stmt->execute();
+ $stmt->close();
+ $db->close();
header("Location: finished.php?uuid=".$buildID); \ No newline at end of file
diff --git a/web/status.php b/web/status.php
index 86e7e0e..719afe6 100644
--- a/web/status.php
+++ b/web/status.php
@@ -5,22 +5,24 @@
require_once "config.php";
- $buildID = $_GET["uuid"];
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
$buildresult = "Unknown!";
$inprogress = false;
$builddone = false;
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error()."\n");
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $query = "SELECT handle FROM builds ".
- "WHERE id = '".mysql_real_escape_string($buildID)."'";
- $result = mysql_query($query);
- if (mysql_num_rows($result) == 1) {
- $handles = mysql_fetch_array($result);
- $handle = $handles[0];
+
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ if ($stmt->num_rows == 1) {
+ $stmt->bind_result($handle);
+ $stmt->fetch();
+ $stmt->close();
$client = new GearmanClient();
$client->addServer();
@@ -35,13 +37,14 @@
$buildresult = "Task has not yet been processed";
}
} else {
- $cleanBuildID = mysql_real_escape_string($buildID);
- $query = "SELECT returncode, result FROM builds ".
- "WHERE id = '".$cleanBuildID."'";
- $result = mysql_query($query);
- $jobres = mysql_fetch_array($result);
- if ($jobres[0] !== null) {
- if ($jobres[0] == 0) {
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ $stmt->bind_result($returncode, $result);
+ $stmt->fetch();
+ $stmt->close();
+ if ($returncode !== null) {
+ if ($returncode == 0) {
$buildresult = "Your build is complete! ".
"What would you like to do now?".
"<br /><br /><center>".
@@ -56,16 +59,24 @@
"</table></center>";
$builddone = true;
} else {
- $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1];
+ $buildresult = "Job returned with code ".$returncode.": ".$result;
}
} else {
$buildresult = "Job failed";
}
}
} else {
+ $stmt->close();
$buildresult = "Invalid handle hash";
}
+ $db->close();
+
+ if (!$builddone) {
+ $titleString = "How's things?";
+ } else {
+ $titleString = "It's showtime!";
+ }
?>
<html>
<head>
@@ -90,17 +101,7 @@
<div id="content">
<div id="main">
<div id="status" class="step">
- <?php
- if (!$builddone) {
- ?>
- <h1>How's things?</h1>
- <?php
- } else {
- ?>
- <h1>It's showtime!</h1>
- <?php
- }
- ?>
+ <h1><?php echo $titleString; ?></h1>
<p>
<?php echo $buildresult; ?>
<div id="progressbar"></div>
diff --git a/web/testdrive.php b/web/testdrive.php
index 066dd4c..8f3c718 100644
--- a/web/testdrive.php
+++ b/web/testdrive.php
@@ -5,19 +5,24 @@
require_once "config.php";
- $buildID = $_GET["uuid"];
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
$buildresult = "Unknown!";
$inprogress = false;
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error()."\n");
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $result = mysql_query("SELECT handle FROM builds WHERE id = '".mysql_real_escape_string($buildID)."'");
- if (mysql_num_rows($result) == 1) {
- $handles = mysql_fetch_array($result);
- $handle = $handles[0];
+
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+
+ if ($stmt->num_rows == 1) {
+ $stmt->bind_result($handle);
+ $stmt->fetch();
+ $stmt->close();
$client = new GearmanClient();
$client->addServer();
@@ -25,12 +30,14 @@
if ($status[0]) {
header("Location: status.php?uuid=".$buildID);
} else {
- $cleanBuildID = mysql_real_escape_string($buildID);
- $query = "SELECT returncode, result FROM builds WHERE id = '".$cleanBuildID."'";
- $result = mysql_query();
- $jobres = mysql_fetch_array($result);
- if ($jobres[0] !== null) {
- if ($jobres[0] == 0) {
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ $stmt->bind_result($returncode, $result);
+ $stmt->fetch();
+ $stmt->close();
+ if ($returncode !== null) {
+ if ($returncode == 0) {
// we're built, let's do this
$client = new GearmanClient();
$client->addServer();
@@ -44,9 +51,11 @@
}
}
} else {
+ $stmt->close();
die("Invalid handle hash");
}
+ $db->close();
?>
<html>
<head>