From 5099c71493abe193f23b7f0a7381e539bc67bb33 Mon Sep 17 00:00:00 2001
From: Liam McLoughlin <hexxeh@hexxeh.net>
Date: Wed, 27 Jul 2011 20:29:49 +0100
Subject: Moved to using mysqli and prepared statements

---
 client.php        |  19 ++++++----
 daemon.php        | 108 +++++++++++++++++++++++++++++++++++-------------------
 status.php        |  40 ++++++++++++--------
 web/config.php    |   2 +-
 web/process.php   |  60 +++++++++++++++++++-----------
 web/status.php    |  61 +++++++++++++++---------------
 web/testdrive.php |  39 ++++++++++++--------
 7 files changed, 200 insertions(+), 129 deletions(-)

diff --git a/client.php b/client.php
index e2284b4..56313ae 100644
--- a/client.php
+++ b/client.php
@@ -21,13 +21,16 @@
 
     echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n";
 
-    $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-    if (!$db) {
-        die("Could not connect to database ".mysql_error());
+    $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                     MYSQL_PASSWORD, MYSQL_DATABASE);
+    if (mysqli_connect_errno()) {
+       die("Could not connect to database ".mysqli_connect_error());
     }
-    mysql_select_db(MYSQL_DATABASE);
-    $query = "INSERT INTO builds (id, handle)".
-            ." VALUES('".$handlehash."','".$handle."')";
-    mysql_query($query);
-    echo "Job handle mapping added to database\n";
 
+    $query = "INSERT INTO builds (id, handle) VALUES(?, ?)";
+    $stmt = $db->prepare($query);
+    $stmt->bind_param("ss", $handlehash, $handle);
+    $stmt->execute();
+    $stmt->close();
+    $db->close();
+    echo "Job handle mapping added to database\n";
\ No newline at end of file
diff --git a/daemon.php b/daemon.php
index 1936864..5fa09b2 100644
--- a/daemon.php
+++ b/daemon.php
@@ -17,16 +17,22 @@
     {
         $result = trim($result);
         echo "A job finished with return code ".$returncode.": ".$result."\n";
-        $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-        if (!$db) {
-            die("Could not connect to database ".mysql_error());
+       
+        $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                         MYSQL_PASSWORD, MYSQL_DATABASE);
+        if (mysqli_connect_errno()) {
+           die("Could not connect to database ".mysqli_connect_error());
         }
-        mysql_select_db(MYSQL_DATABASE);
-        $result = mysql_real_escape_string($result);
-        $query = "UPDATE builds".
-        " SET result = '".$result."', returncode = '".$returncode.
-        "' WHERE handle = '".mysql_real_escape_string($handle)."'";
-        mysql_query($query);
+        
+        $query = "UPDATE builds SET result = ?, returncode = ? ".
+                 "WHERE handle = ?";
+        
+        $stmt = $db->prepare($query);
+        $stmt->bind_param("sds", $result, $returncode, $handle);
+        $stmt->execute();
+        $stmt->close();
+        $db->close();
+
         return serialize(array($returncode, $result));
     }
 
@@ -103,26 +109,42 @@
         $insert = false;
         $update = false;
         
-        $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-        if (!$db) {
-            die("Could not connect to database ".mysql_error());
+        $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                         MYSQL_PASSWORD, MYSQL_DATABASE);
+        if (mysqli_connect_errno()) {
+           die("Could not connect to database ".mysqli_connect_error());
         }
-        mysql_select_db(MYSQL_DATABASE);
+        
+        $query = "UPDATE builds SET result = ?, returncode = ? ".
+                 "WHERE handle = ?";
+        
+        $stmt = $db->prepare($query);
+        $stmt->bind_param("sds", $result, $returncode, $handle);
+        $stmt->execute();
+        $stmt->close();
+        $db->close();
+        
         $query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1";
-        $result = mysql_query($query);
-        if (mysql_num_rows($result) == 0) {
+        $stmt = $db->prepare($query);
+        $stmt->execute();
+        if ($stmt->num_rows == 0) {
             // no ports! assign a new one
+            $stmt->close();
             $port = LOW_PORT;
             $insert = true;
             echo "No ports! Assigning ".$port."\n";
         } else {
             // we have a port! let's check if our vm has one
-            $ports = mysql_fetch_array($result);
-            $lastport = $ports[0];
-            $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'";
-            $result = mysql_query($query);
-            if (mysql_num_rows($result) == 0) {
+            $stmt->bind_result($lastport);
+            $stmt->fetch();
+            $stmt->close();
+            $query = "SELECT port, pid FROM ports WHERE id = ?";
+            $stmt = $db->prepare($query);
+            $stmt->bind_param("s", $buildID);
+            $stmt->execute();
+            if ($stmt->num_rows == 0) {
                 // vm doesn't have one, assign one!
+                $stmt->close();
                 $port = $lastport+1;
                 if ($port > HIGH_PORT) {
                     $port = LOW_PORT;
@@ -131,18 +153,18 @@
                 echo "Assigning new port ".$port."\n";
             } else {
                 // vm already has one, return it
-                $ports = mysql_fetch_array($result);
-                   $port = $ports[0];
-                   $pid = $ports[1];
-                   $running = true;
-                   if (!check_pid($pid)) {
-                       $running = false;
-                       $update = true;
-                       echo "VM is not running, PID ".$pid." is dead!\n";
-                   } else {
-                       echo "VM is running on PID ".$pid."\n";
-                   }
-                   echo "VM already has port ".$port."\n";
+                $stmt->bind_result($port, $pid);
+                $stmt->fetch();
+                $stmt->close();
+                $running = true;
+                if (!check_pid($pid)) {
+                   $running = false;
+                   $update = true;
+                   echo "VM is not running, PID ".$pid." is dead!\n";
+                } else {
+                   echo "VM is running on PID ".$pid."\n";
+                }
+                echo "VM already has port ".$port."\n";
             }
         }
         
@@ -162,17 +184,27 @@
         $pid = $pid + 2;
         
         if ($insert) {
-            $query = "DELETE FROM ports WHERE port = ".$port;
-            $result = mysql_query($query);
-            $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")";
-            $result = mysql_query($query);
+            $query = "DELETE FROM ports WHERE port = ?";
+            $stmt = $db->prepare($query);
+            $stmt->bind_param("d", $port);
+            $stmt->execute();
+            $stmt->close();
+            $query = "INSERT INTO ports (id, port, pid) VALUES(?, ?, ?)";
+            $stmt = $db->prepare($query);
+            $stmt->bind_param("sdd", $buildID, $port, $pid);
+            $stmt->execute();
+            $stmt->close();
             echo "Doing insert!\n";
         } elseif ($update) {
-               $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'";
-            $result = mysql_query($query);
+            $query = "UPDATE ports SET pid = ? WHERE id = ?";
+            $stmt = $db->prepare($query);
+            $stmt->bind_param("ds", $pid, $buildID);
+            $stmt->execute();
+            $stmt->close();
             echo "Doing update\n";
         }
         
+        $db->close();
         $port = $port+1000;
         return serialize(array(EXTERNAL_HOST, $port));
     }
diff --git a/status.php b/status.php
index 48f4dff..66d55f8 100644
--- a/status.php
+++ b/status.php
@@ -8,17 +8,21 @@
     if (!isset($argv[1])) {
         die("No handle hash given\n");
     }
-    $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-    if (!$db) {
-        die("Could not connect to database ".mysql_error()."\n");
+
+    $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                     MYSQL_PASSWORD, MYSQL_DATABASE);
+    if (mysqli_connect_errno()) {
+       die("Could not connect to database ".mysqli_connect_error());
     }
-    mysql_select_db(MYSQL_DATABASE);
-    $query = "SELECT handle FROM builds ".
-             "WHERE id = '".mysql_real_escape_string($argv[1])."'";
-    $result = mysql_query($query);
-    if (mysql_num_rows($result) == 1) {
-        $handles = mysql_fetch_array($result);
-        $handle = $handles[0];
+
+    $query = "SELECT handle FROM builds WHERE id = ?";
+    $stmt = $db->prepare($query);
+    $stmt->bind_param("s", $argv[1]);
+    $stmt->execute();
+    $stmt->store_result();
+    if ($stmt->num_rows == 1) {
+        $stmt->bind_result($handle);
+        $stmt->close();
         $client = new GearmanClient();
         $client->addServer();
 
@@ -33,11 +37,14 @@
             }
         } else {
             $query = "SELECT returncode, result FROM builds ".
-                     "WHERE id = '".mysql_real_escape_string($argv[1])."'";
-            $result = mysql_query($query);
-            $jobres = mysql_fetch_array($result);
-            if ($jobres[0] !== null) {
-                echo "Job returned with code ".$jobres[0].": ".$jobres[1]."\n";
+                     "WHERE id = ?";
+            $stmt = $db->prepare($query);
+            $stmt->bind_param("s", $argv[1]);
+            $stmt->execute();
+            $stmt->bind_result($returncode, $result);
+            $stmt->fetch();
+            if ($returncode !== null) {
+                echo "Job returned with code ".$returncode.": ".$result."\n";
             } else {
                 echo "Job failed\n";
             }
@@ -45,4 +52,5 @@
     } else {
         echo "Invalid handle hash\n";
     }
-
+    
+    $db->close();
\ No newline at end of file
diff --git a/web/config.php b/web/config.php
index 6d5735c..30d6aa4 100644
--- a/web/config.php
+++ b/web/config.php
@@ -16,6 +16,6 @@
     define("MYSQL_DATABASE", "gentoaster");
     
     // Set the RECAPTCHA keys that should be used, if enabled
-    define("RECAPTCHA_ENABLED", true);
+    define("RECAPTCHA_ENABLED", false);
     define("RECAPTCHA_PUBLIC_KEY","REPLACE_ME");
     define("RECAPTCHA_PRIVATE_KEY", "REPLACE_ME");
\ No newline at end of file
diff --git a/web/process.php b/web/process.php
index 43827b9..238e843 100644
--- a/web/process.php
+++ b/web/process.php
@@ -8,27 +8,42 @@
     if (RECAPTCHA_ENABLED) {
         require_once "recaptcha.php";
     
+        $remoteAddress = filter_input(INPUT_SERVER,
+                                      "remote_addr",
+                                      FILTER_VALIDATE_IP);
+        $challenge = filter_input(INPUT_POST,
+                                  "recaptcha_challenge_field",
+                                  FILTER_UNSAFE_RAW);
+        $response = filter_input(INPUT_POST, 
+                                 "recaptcha_response_field",
+                                 FILTER_UNSAFE_RAW);
+        
         $resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY,
-                                    $_SERVER["REMOTE_ADDR"],
-                                    $_POST["recaptcha_challenge_field"],
-                                    $_POST["recaptcha_response_field"]);
+                                       $remoteAddress,
+                                       $challenge,
+                                       $response);
                                     
         if (!$resp->is_valid) {
             die("CAPTCHA was incorrect");
         }
     }
 
+    function sanitize_shellarg($arg) {
+        return escapeshellarg($arg);
+    }
+    define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg"));
+
     $buildID = uniqid();
-    $bootMegabytes = intval($_POST["boot_size"]);
-    $swapMegabytes = intval($_POST["swap_size"]);
-    $rootMegabytes = intval($_POST["root_size"]);
-    $timezone = escapeshellarg($_POST["timezone"]);
-    $hostname = escapeshellarg($_POST["hostname"]);
-    $username =  escapeshellarg($_POST["username"]);
-    $password = escapeshellarg($_POST["password"]);
-    $rootPassword = escapeshellarg($_POST["rootpassword"]);
-    $packagesList = escapeshellarg($_POST["packages"]);
-    $outputFormat = escapeshellarg($_POST["format"]);
+    $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT);
+    $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT);
+    $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT);
+    $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL);
+    $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL);
+    $username =  filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL);
+    $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL);
+    $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL);
+    $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL);
+    $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL);
 
     $packagesList = str_replace("\r\n", " ", $packagesList);
     $packagesList = str_replace("\n", " ", $packagesList);
@@ -41,7 +56,7 @@ SWAP_MEGABYTES='$swapMegabytes'
 ROOT_MEGABYTES='$rootMegabytes'
 TIMEZONE=$timezone
 HOSTNAME=$hostname
-ROOT_PASSWORD=$rootPassword
+ROOT_PASSWORD=$rootPass
 DEFAULT_USERNAME=$username
 DEFAULT_PASSWORD=$password
 USE_FLAGS=''
@@ -55,13 +70,16 @@ OUTPUT_FORMAT=$outputFormat";
     $client->addServer();
     $handle = $client->doBackground("invoke_image_build", $iniString);
 
-    $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-    if (!$db) {
-       die("Could not connect to database ".mysql_error());
+    $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                     MYSQL_PASSWORD, MYSQL_DATABASE);
+    if (mysqli_connect_errno()) {
+       die("Could not connect to database ".mysqli_connect_error());
     }
-    mysql_select_db(MYSQL_DATABASE);
-    $query = "INSERT INTO builds (id, handle) ".
-             "VALUES('".$buildID."','".$handle."')";
-    mysql_query($query);
+
+    $stmt = $db->prepare("INSERT INTO builds (id, handle) VALUES(?, ?)");
+    $stmt->bind_param("ss", $buildID, $handle);
+    $stmt->execute();
+    $stmt->close();
+    $db->close();
 
     header("Location: finished.php?uuid=".$buildID);
\ No newline at end of file
diff --git a/web/status.php b/web/status.php
index 86e7e0e..719afe6 100644
--- a/web/status.php
+++ b/web/status.php
@@ -5,22 +5,24 @@
 
     require_once "config.php";
 
-    $buildID = $_GET["uuid"];
+    $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
     $buildresult = "Unknown!";
     $inprogress = false;
     $builddone = false;
 
-    $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-    if (!$db) {
-        die("Could not connect to database ".mysql_error()."\n");
+    $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                     MYSQL_PASSWORD, MYSQL_DATABASE);
+    if (mysqli_connect_errno()) {
+       die("Could not connect to database ".mysqli_connect_error());
     }
-    mysql_select_db(MYSQL_DATABASE);
-    $query = "SELECT handle FROM builds ".
-             "WHERE id = '".mysql_real_escape_string($buildID)."'";
-    $result = mysql_query($query);
-    if (mysql_num_rows($result) == 1) {
-            $handles = mysql_fetch_array($result);
-            $handle = $handles[0];
+
+    $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
+    $stmt->bind_param("s", $buildID);
+    $stmt->execute();
+    if ($stmt->num_rows == 1) {
+            $stmt->bind_result($handle);
+            $stmt->fetch();
+            $stmt->close();
             $client = new GearmanClient();
             $client->addServer();
 
@@ -35,13 +37,14 @@
                             $buildresult = "Task has not yet been processed";
                     }
             } else {
-                    $cleanBuildID = mysql_real_escape_string($buildID);
-                    $query = "SELECT returncode, result FROM builds ".
-                             "WHERE id = '".$cleanBuildID."'";
-                    $result = mysql_query($query);
-                    $jobres = mysql_fetch_array($result);
-                    if ($jobres[0] !== null) {
-                            if ($jobres[0] == 0) {
+                    $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
+                    $stmt->bind_param("s", $buildID);
+                    $stmt->execute();
+                    $stmt->bind_result($returncode, $result);
+                    $stmt->fetch();
+                    $stmt->close();
+                    if ($returncode !== null) {
+                            if ($returncode == 0) {
                                 $buildresult = "Your build is complete! ".
                                                "What would you like to do now?".
                                                "<br /><br /><center>".
@@ -56,16 +59,24 @@
                                                "</table></center>";
                                 $builddone = true;
                             } else {
-                                $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1];
+                                $buildresult = "Job returned with code ".$returncode.": ".$result;
                             }
                     } else {
                             $buildresult = "Job failed";
                     }
             }
     } else {
+            $stmt->close();
             $buildresult = "Invalid handle hash";
     }
 
+    $db->close();
+    
+    if (!$builddone) {
+        $titleString = "How's things?";
+    } else {
+        $titleString = "It's showtime!";
+    }
 ?>
 <html>
     <head>
@@ -90,17 +101,7 @@
             <div id="content">
                 <div id="main">
                     <div id="status" class="step">
-                        <?php
-                            if (!$builddone) {
-                        ?>
-                            <h1>How's things?</h1>
-                        <?php
-                            } else {
-                        ?>
-                            <h1>It's showtime!</h1>
-                        <?php
-                            }
-                        ?>
+                        <h1><?php echo $titleString; ?></h1>
                         <p>
                             <?php echo $buildresult; ?>
                             <div id="progressbar"></div>
diff --git a/web/testdrive.php b/web/testdrive.php
index 066dd4c..8f3c718 100644
--- a/web/testdrive.php
+++ b/web/testdrive.php
@@ -5,19 +5,24 @@
 
     require_once "config.php";
 
-    $buildID = $_GET["uuid"];
+    $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
     $buildresult = "Unknown!";
     $inprogress = false;
 
-    $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
-    if (!$db) {
-        die("Could not connect to database ".mysql_error()."\n");
+    $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+                     MYSQL_PASSWORD, MYSQL_DATABASE);
+    if (mysqli_connect_errno()) {
+       die("Could not connect to database ".mysqli_connect_error());
     }
-    mysql_select_db(MYSQL_DATABASE);
-    $result = mysql_query("SELECT handle FROM builds WHERE id = '".mysql_real_escape_string($buildID)."'");
-    if (mysql_num_rows($result) == 1) {
-            $handles = mysql_fetch_array($result);
-            $handle = $handles[0];
+
+    $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
+    $stmt->bind_param("s", $buildID);
+    $stmt->execute();
+
+    if ($stmt->num_rows == 1) {
+            $stmt->bind_result($handle);
+            $stmt->fetch();
+            $stmt->close();
             $client = new GearmanClient();
             $client->addServer();
 
@@ -25,12 +30,14 @@
             if ($status[0]) {
                     header("Location: status.php?uuid=".$buildID);
             } else {
-                    $cleanBuildID = mysql_real_escape_string($buildID);
-                    $query = "SELECT returncode, result FROM builds WHERE id = '".$cleanBuildID."'";
-                    $result = mysql_query();
-                    $jobres = mysql_fetch_array($result);
-                    if ($jobres[0] !== null) {
-                            if ($jobres[0] == 0) {
+                    $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
+                    $stmt->bind_param("s", $buildID);
+                    $stmt->execute();
+                    $stmt->bind_result($returncode, $result);
+                    $stmt->fetch();
+                    $stmt->close();
+                    if ($returncode !== null) {
+                            if ($returncode == 0) {
                                 // we're built, let's do this
                                 $client = new GearmanClient();
                                 $client->addServer();
@@ -44,9 +51,11 @@
                     }
             }
     } else {
+            $stmt->close();
             die("Invalid handle hash");
     }
 
+    $db->close();
 ?>
 <html>
     <head>
-- 
cgit v1.2.3-65-gdbad