dbcheck.php3 10.7 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23
#
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
# Stuff to support checking field data before we insert it into the DB.
#
define("TBDB_CHECKDBSLOT_NOFLAGS",	0x0);
define("TBDB_CHECKDBSLOT_WARN",		0x1);
define("TBDB_CHECKDBSLOT_ERROR",	0x2);

$DBFieldData   = 0;
$DBFieldErrstr = "";
function TBFieldErrorString() { global $DBFieldErrstr; return $DBFieldErrstr; }

#
# Download all data from the DB and store in hash for latter access.
# 
function TBGrabFieldData()
{
    global $DBFieldData;

    $DBFieldData = array();
    
    $query_result =
	DBQueryFatal("select * from table_regex");

    while ($row = mysql_fetch_assoc($query_result)) {
	$table_name  = $row["table_name"];
	$column_name = $row["column_name"];

	$DBFieldData[$table_name . ":" . $column_name] =
	    array("check"       => $row["check"],
		  "check_type"  => $row["check_type"],
		  "column_type" => $row["column_type"],
		  "min"         => $row["min"],
		  "max"         => $row["max"]);
    }
}

#
# Return the field data for a specific table/slot. If none, return the default
# entry.
#
function TBFieldData($table, $column, $flag = 0)
{
    global $DBFieldData;
66
    global $DBFieldErrstr;
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
    
    if (! $DBFieldData) {
	TBGrabFieldData();
    }
    $key = $table . ":" . $column;
    unset($toplevel);
    unset($fielddate);

    while (isset($DBFieldData[$key])) {
	$fielddata = $DBFieldData[$key];

	#
	# See if a redirect to another entry. 
	#
	if ($fielddata["check_type"] == "redirect") {
	    if (!isset($toplevel))
		$toplevel = $fielddata;
	    
	    $key = $fielddata["check"];
	    continue;
	}
	break;
    }
    if (!isset($fielddata)) {
	if ($flag) {
	    if ($flag & TBDB_CHECKDBSLOT_WARN) {
                # Warn TBOPS
		TBERROR("TBFieldData: No slot data for $table/$column!", 0);
	    }
96 97 98 99
	    if ($flag & TBDB_CHECKDBSLOT_ERROR) {
		$DBFieldErrstr = "Internal Error";
		return array(null, null);
	    }
100 101 102
	}
	$fielddata = $DBFieldData["default:default"];
    }
103
    # Return both values.
104 105
    if (isset($toplevel) &&
	($toplevel["min"] || $toplevel["max"])) {
106
	return array($fielddata, $toplevel);
107
    }
108
    return array($fielddata, NULL);
109 110 111 112 113 114 115 116 117 118
}

#
# Generic wrapper to check a slot. It is unfortunate that PHP
# does not allow pass by reference args to be optional. 
#
function TBcheck_dbslot($token, $table, $column, $flag = 0)
{
    global $DBFieldErrstr;

119
    list ($fielddata, $toplevel) = TBFieldData($table, $column, $flag);
120 121 122 123 124 125 126 127

    if (! $fielddata) {
	return 0;
    }
	
    $check       = $fielddata["check"];
    $check_type  = $fielddata["check_type"];
    $column_type = $fielddata["column_type"];
128 129 130 131
    $min         = (empty($toplevel) ? $fielddata["min"] : $toplevel["min"]);
    $max         = (empty($toplevel) ? $fielddata["max"] : $toplevel["max"]);
    $min = intval($min);
    $max = intval($max);
132 133 134 135 136 137 138 139 140

    #
    # Functional checks not implemented yet. 
    #
    if ($check_type == "function") {
	TBERROR("Functional DB checks not implemented! ".
		"$token, $table, $column", 1);
    }

141 142 143 144 145 146 147
    # Make sure the regex is anchored. Its a mistake not to be!
    if (substr($check, 0, 1) != "^")
	$check = "^" . $check;

    if (substr($check, -1, 1) != "\$")
	$check = $check . "\$";
    
148 149 150 151 152 153 154
    if (!preg_match("/$check/", "$token")) {
	$DBFieldErrstr = "Illegal characters";
	return 0;
    }

    switch ($column_type) {
        case "text":
155
	    if ((!$min && !$max) ||
156 157 158 159 160 161 162
		(strlen("$token") >= $min && strlen("$token") <= $max))
		return 1;
	    break;
	    
        case "int":
        case "float":
	    # If both min/max are zero, then skip check; allow anything. 
163
	    if ((!$min && !$max) || ($token >= $min && $token <= $max))
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
		return 1;
	    break;
	    
        default:
	    TBERROR("TBcheck_dbslot: Unrecognized column_type $column_type", 1);
    }

    #
    # Else fill in error string.
    # 
    switch ($column_type) {
        case "text":
	    if (strlen($token) < $min)
		$DBFieldErrstr = "too short - $min chars minimum";
	    else 
		$DBFieldErrstr = "too long - $max chars maximum";
	    break;
	    
        case "int":
        case "float":
	    if ($token < $min)
185
		$DBFieldErrstr = "too small - $min minimum value";
186 187
	    else 
		$DBFieldErrstr = "too large - $max maximum value";
188
	    break;
189 190 191 192 193 194 195
	    
        default:
	    TBERROR("TBcheck_dbslot: Unrecognized column_type $column_type", 1);
    }
    return 0;
}

196 197 198 199 200 201
# Handy default wrapper.
function TBvalid_slot($token, $table, $slot) {
    return TBcheck_dbslot($token, $table, $slot,
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}

202 203 204 205 206
# Handy wrappers for checking various fields.
function TBvalid_uid($token) {
    return TBcheck_dbslot($token, "users", "uid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
207 208 209
function TBvalid_uididx($token) {
    return TBvalid_integer($token);
}
210 211 212
#
# Used to allow _ (underscore), but no more.
# 
213 214 215 216
function TBvalid_pid($token) {
    return TBcheck_dbslot($token, "projects", "pid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
217 218 219 220 221 222 223
#
# So, *new* projects disallow it, but old projects need the above test.
#
function TBvalid_newpid($token) {
    return TBcheck_dbslot($token, "projects", "newpid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
function TBvalid_gid($token) {
    return TBcheck_dbslot($token, "groups", "gid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_eid($token) {
    return TBcheck_dbslot($token, "experiments", "eid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_phone($token) {
    return TBcheck_dbslot($token, "users", "usr_phone",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_usrname($token) {
    return TBcheck_dbslot($token, "users", "usr_name",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
240 241 242 243
function TBvalid_wikiname($token) {
    return TBcheck_dbslot($token, "users", "wikiname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
244 245 246 247 248 249 250 251 252 253 254 255 256 257
function TBvalid_email($token) {
    return TBcheck_dbslot($token, "users", "usr_email",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_userdata($token) {
    return TBcheck_dbslot($token, "default", "tinytext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_title($token) {
    return TBvalid_userdata($token);
}
function TBvalid_affiliation($token) {
    return TBvalid_userdata($token);
}
258 259 260 261
function TBvalid_affiliation_abbreviation($token) {
    return TBcheck_dbslot($token, "users", "usr_affil_abbrev",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279
function TBvalid_addr($token) {
    return TBvalid_userdata($token);
}
function TBvalid_city($token) {
    return TBvalid_userdata($token);
}
function TBvalid_state($token) {
    return TBvalid_userdata($token);
}
function TBvalid_zip($token) {
    return TBvalid_userdata($token);
}
function TBvalid_country($token) {
    return TBvalid_userdata($token);
}
function TBvalid_description($token) {
    return TBvalid_userdata($token);
}
280 281 282 283
function TBvalid_why($token) {
    return TBcheck_dbslot($token, "projects", "why",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
284 285 286
function TBvalid_integer($token) {
    return TBcheck_dbslot($token, "default", "int",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
287
}
288 289 290 291 292 293 294 295 296 297 298 299
function TBvalid_tinyint($token) {
    return TBcheck_dbslot($token, "default", "tinyint",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_boolean($token) {
    return TBcheck_dbslot($token, "default", "boolean",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_float($token) {
    return TBcheck_dbslot($token, "default", "float",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
function TBvalid_num_members($token) {
    return TBcheck_dbslot($token, "projects", "num_members",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_pcs($token) {
    return TBcheck_dbslot($token, "projects", "num_pcs",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_pcplab($token) {
    return TBcheck_dbslot($token, "projects", "num_pcplab",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_num_ron($token) {
    return TBcheck_dbslot($token, "projects", "num_ron",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
316 317 318 319
function TBvalid_osid($token) {
    return TBcheck_dbslot($token, "os_info", "osid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
Leigh Stoller's avatar
Leigh Stoller committed
320 321 322 323
function TBvalid_node_id($token) {
    return TBcheck_dbslot($token, "nodes", "node_id",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
324 325 326 327
function TBvalid_vnode_id($token) {
    return TBcheck_dbslot($token, "virt_nodes", "vname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
328 329 330 331 332 333 334 335
function TBvalid_imageid($token) {
    return TBcheck_dbslot($token, "images", "imageid",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_imagename($token) {
    return TBcheck_dbslot($token, "images", "imagename",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
336 337 338 339
function TBvalid_linklanname($token) {
    return TBcheck_dbslot($token, "virt_lans", "vname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
340 341 342 343
function TBvalid_mailman_listname($token) {
    return TBcheck_dbslot($token, "mailman_listnames", "listname",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
344 345 346 347
function TBvalid_fulltext($token) {
    return TBcheck_dbslot($token, "default", "fulltext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
348 349 350 351
function TBvalid_html_fulltext($token) {
    return TBcheck_dbslot($token, "default", "html_fulltext",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
352 353 354 355 356 357 358 359
function TBvalid_archive_tag($token) {
    return TBcheck_dbslot($token, "archive_tags", "tag",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_archive_message($token) {
    return TBcheck_dbslot($token, "archive_tags", "description",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
360 361 362 363 364 365 366 367
function TBvalid_IP($token) {
    return TBcheck_dbslot($token, "virt_lans", "ip",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_node_type($token) {
    return TBcheck_dbslot($token, "virt_nodes", "type",
			  TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
368
?>