dbcheck.php3 10.7 KB
Newer Older
1
2
<?php
#
3
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23
#
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Stuff to support checking field data before we insert it into the DB.
#
define("TBDB_CHECKDBSLOT_NOFLAGS",	0x0);
define("TBDB_CHECKDBSLOT_WARN",		0x1);
define("TBDB_CHECKDBSLOT_ERROR",	0x2);

$DBFieldData   = 0;
$DBFieldErrstr = "";
function TBFieldErrorString() { global $DBFieldErrstr; return $DBFieldErrstr; }

#
# Download all data from the DB and store in hash for latter access.
# 
function TBGrabFieldData()
{
    global $DBFieldData;

    $DBFieldData = array();
    
    $query_result =
	DBQueryFatal("select * from table_regex");

    while ($row = mysql_fetch_assoc($query_result)) {
	$table_name  = $row["table_name"];
	$column_name = $row["column_name"];

	$DBFieldData[$table_name . ":" . $column_name] =
	    array("check"       => $row["check"],
		  "check_type"  => $row["check_type"],
		  "column_type" => $row["column_type"],
		  "min"         => $row["min"],
		  "max"         => $row["max"]);
    }
}

#
# Return the field data for a specific table/slot. If none, return the default
# entry.
#
function TBFieldData($table, $column, $flag = 0)
{
    global $DBFieldData;
66
    global $DBFieldErrstr;
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
    
    if (! $DBFieldData) {
	TBGrabFieldData();
    }
    $key = $table . ":" . $column;
    unset($toplevel);
    unset($fielddate);

    while (isset($DBFieldData[$key])) {
	$fielddata = $DBFieldData[$key];

	#
	# See if a redirect to another entry. 
	#
	if ($fielddata["check_type"] == "redirect") {
	    if (!isset($toplevel))
		$toplevel = $fielddata;
	    
	    $key = $fielddata["check"];
	    continue;
	}
	break;
    }
    if (!isset($fielddata)) {
	if ($flag) {
	    if ($flag & TBDB_CHECKDBSLOT_WARN) {
                # Warn TBOPS
		TBERROR("TBFieldData: No slot data for $table/$column!", 0);
	    }
96
97
98
99
	    if ($flag & TBDB_CHECKDBSLOT_ERROR) {
		$DBFieldErrstr = "Internal Error";
		return array(null, null);
	    }
100
101
102
	}
	$fielddata = $DBFieldData["default:default"];
    }
103
    # Return both values.
104
105
    if (isset($toplevel) &&
	($toplevel["min"] || $toplevel["max"])) {
106
	return array($fielddata, $toplevel);
107
    }
108
    return array($fielddata, NULL);
109
110
111
112
113
114
115
116
117
118
}

#
# Generic wrapper to check a slot. It is unfortunate that PHP
# does not allow pass by reference args to be optional. 
#
function TBcheck_dbslot($token, $table, $column, $flag = 0)
{
    global $DBFieldErrstr;

119
    list ($fielddata, $toplevel) = TBFieldData($table, $column, $flag);
120
121
122
123
124
125
126
127

    if (! $fielddata) {
	return 0;
    }
	
    $check       = $fielddata["check"];
    $check_type  = $fielddata["check_type"];
    $column_type = $fielddata["column_type"];
128
129
130
131
    $min         = (empty($toplevel) ? $fielddata["min"] : $toplevel["min"]);
    $max         = (empty($toplevel) ? $fielddata["max"] : $toplevel["max"]);
    $min = intval($min);
    $max = intval($max);
132
133
134
135
136
137
138
139
140

    #
    # Functional checks not implemented yet. 
    #
    if ($check_type == "function") {
	TBERROR("Functional DB checks not implemented! ".
		"$token, $table, $column", 1);
    }

141
142
143
144
145
146
147
    # Make sure the regex is anchored. Its a mistake not to be!
    if (substr($check, 0, 1) != "^")
	$check = "^" . $check;

    if (substr($check, -1, 1) != "\$")
	$check = $check . "\$";
    
148
149
150
151
152
153
154
    if (!preg_match("/$check/", "$token")) {
	$DBFieldErrstr = "Illegal characters";
	return 0;
    }

    switch ($column_type) {
        case "text":
155
	    if ((!$min && !$max) ||
156
157
158
159
160
161
162
		(strlen("$token") >= $min && strlen("$token") <= $max))
		return 1;
	    break;
	    
        case "int":
        case "float":
	    # If both min/max are zero, then skip check; allow anything. 
163
	    if ((!$min && !$max) || ($token >= $min && $token <= $max))
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
		return 1;
	    break;
	    
        default:
	    TBERROR("TBcheck_dbslot: Unrecognized column_type $column_type", 1);
    }

    #
    # Else fill in error string.
    # 
    switch ($column_type) {
        case "text":
	    if (strlen($token) < $min)
		$DBFieldErrstr = "too short - $min chars minimum";
	    else 
		$DBFieldErrstr = "too long - $max chars maximum";
	    break;
	    
        case "int":
        case "float":
	    if ($token < $min)
185
		$DBFieldErrstr = "too small - $min minimum value";
186
187
	    else 
		$DBFieldErrstr = "too large - $max maximum value";
188
	    break;
189
190
191
192
193
194
195
	    
        default:
	    TBERROR("TBcheck_dbslot: Unrecognized column_type $column_type", 1);
    }
    return 0;
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
196
197
198
199
200
201
# Handy default wrapper.
function TBvalid_slot($token, $table, $slot) {
    return TBcheck_dbslot($token, $table, $slot,
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}

202
203
204
205
206
# Handy wrappers for checking various fields.
function TBvalid_uid($token) {
    return TBcheck_dbslot($token, "users", "uid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
207
208
209
function TBvalid_uididx($token) {
    return TBvalid_integer($token);
}
210
211
212
#
# Used to allow _ (underscore), but no more.
# 
213
214
215
216
function TBvalid_pid($token) {
    return TBcheck_dbslot($token, "projects", "pid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
217
218
219
220
221
222
223
#
# So, *new* projects disallow it, but old projects need the above test.
#
function TBvalid_newpid($token) {
    return TBcheck_dbslot($token, "projects", "newpid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
function TBvalid_gid($token) {
    return TBcheck_dbslot($token, "groups", "gid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_eid($token) {
    return TBcheck_dbslot($token, "experiments", "eid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_phone($token) {
    return TBcheck_dbslot($token, "users", "usr_phone",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_usrname($token) {
    return TBcheck_dbslot($token, "users", "usr_name",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
240
241
242
243
function TBvalid_wikiname($token) {
    return TBcheck_dbslot($token, "users", "wikiname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
244
245
246
247
248
249
250
251
252
253
254
255
256
257
function TBvalid_email($token) {
    return TBcheck_dbslot($token, "users", "usr_email",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_userdata($token) {
    return TBcheck_dbslot($token, "default", "tinytext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_title($token) {
    return TBvalid_userdata($token);
}
function TBvalid_affiliation($token) {
    return TBvalid_userdata($token);
}
258
259
260
261
function TBvalid_affiliation_abbreviation($token) {
    return TBcheck_dbslot($token, "users", "usr_affil_abbrev",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
function TBvalid_addr($token) {
    return TBvalid_userdata($token);
}
function TBvalid_city($token) {
    return TBvalid_userdata($token);
}
function TBvalid_state($token) {
    return TBvalid_userdata($token);
}
function TBvalid_zip($token) {
    return TBvalid_userdata($token);
}
function TBvalid_country($token) {
    return TBvalid_userdata($token);
}
function TBvalid_description($token) {
    return TBvalid_userdata($token);
}
280
281
282
283
function TBvalid_why($token) {
    return TBcheck_dbslot($token, "projects", "why",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
284
285
286
function TBvalid_integer($token) {
    return TBcheck_dbslot($token, "default", "int",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
287
}
288
289
290
291
292
293
294
295
296
297
298
299
function TBvalid_tinyint($token) {
    return TBcheck_dbslot($token, "default", "tinyint",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_boolean($token) {
    return TBcheck_dbslot($token, "default", "boolean",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_float($token) {
    return TBcheck_dbslot($token, "default", "float",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
function TBvalid_num_members($token) {
    return TBcheck_dbslot($token, "projects", "num_members",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_pcs($token) {
    return TBcheck_dbslot($token, "projects", "num_pcs",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_pcplab($token) {
    return TBcheck_dbslot($token, "projects", "num_pcplab",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_ron($token) {
    return TBcheck_dbslot($token, "projects", "num_ron",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
316
317
318
319
function TBvalid_osid($token) {
    return TBcheck_dbslot($token, "os_info", "osid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
320
321
322
323
function TBvalid_node_id($token) {
    return TBcheck_dbslot($token, "nodes", "node_id",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
324
325
326
327
function TBvalid_vnode_id($token) {
    return TBcheck_dbslot($token, "virt_nodes", "vname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
328
329
330
331
332
333
334
335
function TBvalid_imageid($token) {
    return TBcheck_dbslot($token, "images", "imageid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_imagename($token) {
    return TBcheck_dbslot($token, "images", "imagename",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
336
337
338
339
function TBvalid_linklanname($token) {
    return TBcheck_dbslot($token, "virt_lans", "vname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
340
341
342
343
function TBvalid_mailman_listname($token) {
    return TBcheck_dbslot($token, "mailman_listnames", "listname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
344
345
346
347
function TBvalid_fulltext($token) {
    return TBcheck_dbslot($token, "default", "fulltext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
348
349
350
351
function TBvalid_html_fulltext($token) {
    return TBcheck_dbslot($token, "default", "html_fulltext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
352
353
354
355
356
357
358
359
function TBvalid_archive_tag($token) {
    return TBcheck_dbslot($token, "archive_tags", "tag",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_archive_message($token) {
    return TBcheck_dbslot($token, "archive_tags", "description",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
360
361
362
363
364
365
366
367
function TBvalid_IP($token) {
    return TBcheck_dbslot($token, "virt_lans", "ip",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_node_type($token) {
    return TBcheck_dbslot($token, "virt_nodes", "type",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
368
?>