From 34997bdb9c23ab0028ee411c4b55961300dbd67b Mon Sep 17 00:00:00 2001
From: masashi <masashi@ms-n.com>
Date: Sat, 1 Mar 2014 22:16:00 +0900
Subject: [PATCH] user auth modifide 20140301

---
 database/postgres/grant_user.sql                |  9 ++++
 database/postgres/monitor_plan_table.sql        |  2 +-
 database/postgres/monitor_server_info_table.sql |  4 +-
 database/postgres/monitoring_table.sql          |  8 ++--
 database/postgres/user_auth_table.sql           | 16 ++++---
 ds-apollon/include/php/db.inc                   | 26 ++++------
 ds-apollon/include/php/session_start.inc        |  2 -
 ds-apollon/include/php/user_auth_db.inc         | 63 +++++++++++++++++++++++++
 ds-apollon/index.php                            | 18 +++----
 9 files changed, 108 insertions(+), 40 deletions(-)
 create mode 100644 database/postgres/grant_user.sql
 create mode 100644 ds-apollon/include/php/user_auth_db.inc

diff --git a/database/postgres/grant_user.sql b/database/postgres/grant_user.sql
new file mode 100644
index 0000000..dc49e4f
--- /dev/null
+++ b/database/postgres/grant_user.sql
@@ -0,0 +1,9 @@
+grant ALL on monitor_plan_table TO daemon ;
+grant ALL on monitor_plan_table_mpukey_in_seq TO daemon ;
+grant ALL on monitor_server_info_table TO daemon ;
+grant ALL on monitor_server_info_table_serverkey_in_seq TO daemon ;
+grant ALL on monitoring_table TO daemon ;
+grant ALL on monitoring_table_mukey_in_seq TO daemon ;
+grant ALL on user_auth_table TO daemon ;
+grant ALL on user_auth_table_uukey_in_seq TO daemon ;
+
diff --git a/database/postgres/monitor_plan_table.sql b/database/postgres/monitor_plan_table.sql
index 6ceef7d..a30c521 100644
--- a/database/postgres/monitor_plan_table.sql
+++ b/database/postgres/monitor_plan_table.sql
@@ -11,7 +11,7 @@ CREATE TABLE monitor_plan_table (
 	sosstat_in     int,
 	starttime_lin  bigint,
 	stoptime_lin   bigint,
-	modhost_ch1024 char[1024],
+	modhost_ch1024 varchar(1024),
 	mpukey_in      serial
 );
 
diff --git a/database/postgres/monitor_server_info_table.sql b/database/postgres/monitor_server_info_table.sql
index 18c406f..1fe77af 100644
--- a/database/postgres/monitor_server_info_table.sql
+++ b/database/postgres/monitor_server_info_table.sql
@@ -3,7 +3,7 @@ CREATE TABLE monitor_server_info_table (
 	serverip_inet   inet not null,
 	spnum_in        int  not null,
 	serverstat_in   int  not null,
-	serverinfo_tx   text,
+	serverinfo_ch1024   varchar(1024),
 	serverkey_in    serial
 );
 
@@ -11,7 +11,7 @@ COMMENT ON TABLE monitor_server_info_table IS 'monitoring server information.';
 COMMENT ON COLUMN monitor_server_info_table.serverip_inet IS 'server ip adress.';
 COMMENT ON COLUMN monitor_server_info_table.spnum_in IS 'server port number.';
 COMMENT ON COLUMN monitor_server_info_table.serverstat_in IS 'server status.';
-COMMENT ON COLUMN monitor_server_info_table.serverinfo_tx IS 'server information.';
+COMMENT ON COLUMN monitor_server_info_table.serverinfo_ch1024 IS 'server information.';
 COMMENT ON COLUMN monitor_server_info_table.serverkey_in IS 'monitoring server ID.';
 
 
diff --git a/database/postgres/monitoring_table.sql b/database/postgres/monitoring_table.sql
index 61de3cf..859b393 100644
--- a/database/postgres/monitoring_table.sql
+++ b/database/postgres/monitoring_table.sql
@@ -12,9 +12,9 @@ CREATE TABLE monitoring_table (
 	premsps_in     int,
 	moextime_lin   bigint,
 	expitime_lin   bigint,
-	modhost_ch1024 char[1024],
-	moptions_ch256 char[256],
-	moinfo_ch1024  char[1024],
+	modhost_ch1024 varchar(1024),
+	moptions_ch1024 varchar(1024),
+	moinfo_ch1024  varchar(1024),
 	mukey_in       serial
 );
 
@@ -32,7 +32,7 @@ COMMENT ON COLUMN monitoring_table.premsps_in IS 'Monitoring the status of the p
 COMMENT ON COLUMN monitoring_table.moextime_lin IS 'monitor excution time.';
 COMMENT ON COLUMN monitoring_table.expitime_lin IS 'expiration date.';
 COMMENT ON COLUMN monitoring_table.modhost_ch1024 IS 'monitoring destination host.';
-COMMENT ON COLUMN monitoring_table.moptions_ch256 IS 'monitoring options.';
+COMMENT ON COLUMN monitoring_table.moptions_ch1024 IS 'monitoring options.';
 COMMENT ON COLUMN monitoring_table.moinfo_ch1024 IS 'monitoring infomations.';
 COMMENT ON COLUMN monitoring_table.mukey_in IS 'monitor unique key.';
 
diff --git a/database/postgres/user_auth_table.sql b/database/postgres/user_auth_table.sql
index 561b893..958fccd 100644
--- a/database/postgres/user_auth_table.sql
+++ b/database/postgres/user_auth_table.sql
@@ -4,16 +4,18 @@ CREATE TABLE user_auth_table (
 	cnum_in       int not null,
 	eoa1_in       int not null,
 	eoa2_in       int not null,
+	loginstat_in  int,
 	soip_inet     inet,
 	starttime_lin bigint,
 	stoptime_lin  bigint,
 	lltime_lin    bigint,
+	lotime_lin    bigint,
 	detime_lin    bigint,
-	fmaddr_ch256  char[256] not null,
-	uname_ch128   char[128] not null,
-	pass_ch256    char[256] not null,
-	sesid_ch256   char[256],
-	makeys_ch256  char[256],
+	fmaddr_ch256  varchar(256) not null,
+	uname_ch256   varchar(256) not null,
+	pass_ch256    varchar(256) not null,
+	sesid_ch256   varchar(256),
+	makeys_ch256  varchar(256),
 	uukey_in      serial
 );
 
@@ -22,13 +24,15 @@ COMMENT ON COLUMN user_auth_table.aastat_in IS 'accunt authentication status.';
 COMMENT ON COLUMN user_auth_table.cnum_in IS 'class number.';
 COMMENT ON COLUMN user_auth_table.eoa1_in IS 'element of the associative(1).';
 COMMENT ON COLUMN user_auth_table.eoa2_in IS 'element of the associative(ï¼).';
+COMMENT ON COLUMN user_auth_table.loginstat_in IS 'Login status.';
 COMMENT ON COLUMN user_auth_table.soip_inet IS 'source ip address.';
 COMMENT ON COLUMN user_auth_table.starttime_lin IS 'services start time.';
 COMMENT ON COLUMN user_auth_table.stoptime_lin IS 'services stop time.';
 COMMENT ON COLUMN user_auth_table.lltime_lin IS 'last login time.';
+COMMENT ON COLUMN user_auth_table.lotime_lin IS 'last logout time.';
 COMMENT ON COLUMN user_auth_table.detime_lin IS 'deadline time.';
 COMMENT ON COLUMN user_auth_table.fmaddr_ch256 IS 'first mail address.';
-COMMENT ON COLUMN user_auth_table.uname_ch128 IS 'user name.';
+COMMENT ON COLUMN user_auth_table.uname_ch256 IS 'user name.';
 COMMENT ON COLUMN user_auth_table.pass_ch256 IS 'password.';
 COMMENT ON COLUMN user_auth_table.sesid_ch256 IS 'session id.';
 COMMENT ON COLUMN user_auth_table.makeys_ch256 IS 'mail authentication key.';
diff --git a/ds-apollon/include/php/db.inc b/ds-apollon/include/php/db.inc
index c348612..294f371 100644
--- a/ds-apollon/include/php/db.inc
+++ b/ds-apollon/include/php/db.inc
@@ -3,7 +3,7 @@
 
 function db_connect()
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    $conn = Pg_connect($__pgsql_data);
@@ -24,7 +24,7 @@ return $conn;
 
 function db_querym($conn, $sql)
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    $result = pg_query($conn, $sql);
@@ -42,7 +42,7 @@ return $result;
 
 function db_query($conn, $sql)
 {
-require("../config.inc");
+require("include/config.inc");
 
 $htco = $_SERVER["HTTP_COOKIE"];
 $htac = $_SERVER['HTTP_ACCEPT'];
@@ -78,9 +78,8 @@ if(($fp = fopen($logfile, "a+"))==NULL){
    }
 
 $alldata = $udate . "\t" . $htco . "\t" . $htac . "\t" . $htcon . "\t" . $htho . "\t" . $read . "\t" . $reho . "\t" . $htre . "\t" . $qust . "\t" . $htus . "\t" . $sql . "\n";
-   fwrite($fp, $alldata);
-   fclose($fp);
-   }
+fwrite($fp, $alldata);
+fclose($fp);
 
 if(0 == strcmp($__database, "POSTGRES")){
    $result = pg_query($conn, $sql);
@@ -92,6 +91,7 @@ else if(0 == strcmp($__database, "MYSQL")){
    }
 else{
    }
+
 return $result;
 }
 
@@ -100,7 +100,7 @@ return $result;
 
 function db_num_rows($result)
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    $num = pg_num_rows($result);
@@ -119,7 +119,7 @@ return 0;
 
 function db_fetch_Result($result, $row, $field)
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    $reso = pg_fetch_Result($result, $row, $field);
@@ -142,7 +142,7 @@ else if(0 == strcmp($__database, "MYSQL")){
 
 function db_free_result($result)
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    pg_free_result($result);
@@ -159,7 +159,7 @@ else if(0 == strcmp($__database, "MYSQL")){
 
 function db_Close($conn)
 {
-require("../config.inc");
+require("include/config.inc");
 
 if(0 == strcmp($__database, "POSTGRES")){
    pg_Close($conn);
@@ -173,10 +173,4 @@ else if(0 == strcmp($__database, "MYSQL")){
 }
 
 
-
-
 ?>
-
-
-
-
diff --git a/ds-apollon/include/php/session_start.inc b/ds-apollon/include/php/session_start.inc
index 220bb13..e61a2e8 100644
--- a/ds-apollon/include/php/session_start.inc
+++ b/ds-apollon/include/php/session_start.inc
@@ -1,5 +1,4 @@
 <?php
-
 session_start();
 
 if(empty($_SESSION['count'])) {
@@ -24,4 +23,3 @@ else{
    }
 
 ?>
-
diff --git a/ds-apollon/include/php/user_auth_db.inc b/ds-apollon/include/php/user_auth_db.inc
new file mode 100644
index 0000000..103283b
--- /dev/null
+++ b/ds-apollon/include/php/user_auth_db.inc
@@ -0,0 +1,63 @@
+<?php
+
+function user_auth_db($login_user, $login_pass)
+{
+
+$conn = db_connect();
+if(!$conn){
+   return -1;
+   }
+
+$result = db_query($conn, "select * from user_auth_table where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+if(!$result){
+   return -2;
+   }
+$num = db_num_rows($result);
+if($num == 1){
+   $uutime = time();
+   $limtime = $uutime + 31536000;
+   $result_2 = db_query($conn, "update user_auth_table set lltime_lin = '$uutime' where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+   $result_3 = db_query($conn, "update user_auth_table set detime_lin = '$limtime' where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+   $result_4 = db_query($conn, "update user_auth_table set loginstat_in = '1' where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+
+   db_free_result($result);
+   db_free_result($result_2);
+   db_free_result($result_3);
+   db_free_result($result_4);
+   return 0;
+   }
+else{
+   db_free_result($result);
+   return -3;
+   }
+return 0;
+}
+
+
+
+function user_logout($login_user, $login_pass)
+{
+
+$conn = db_connect();
+if(!$conn){
+   return -1;
+   }
+
+$uutime = time();
+$result = db_query($conn, "update user_auth_table set lotime_lin = '$uutime' where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+if(!$result){
+   return -2;
+   }
+else{
+   $result_2 = db_query($conn, "update user_auth_table set loginstat_in = '2' where uname_ch256='$login_user' and pass_ch256='$login_pass';");
+   db_free_result($result);
+   db_free_result($result_2);
+   return -3;
+   }
+
+return 0;
+}
+
+
+
+?>
diff --git a/ds-apollon/index.php b/ds-apollon/index.php
index f44c255..b5c7378 100644
--- a/ds-apollon/index.php
+++ b/ds-apollon/index.php
@@ -1,6 +1,6 @@
 <?php
 // --- ã³ã³ãã£ã°ã¬ã¼ã·ã§ã³ ---
-include './include/php/config.inc';
+include './include/config.inc';
 
 // --- time zone set ---
 date_default_timezone_set($__timezone);
@@ -12,21 +12,21 @@ $_pass_word ="";
 $_session = 0;
 
 // ---  é¢æ°ã®ã¤ã³ã¯ã«ã¼ã ---
-include './include/php/auth_db.inc';
+include './include/php/user_auth_db.inc';
+include './include/php/enco.inc';
+include './include/php/db.inc';
 
 
 // --- POST ãã¼ã¿ã®å¦ç ---
 if (!empty($_POST)){
-   $SET = htmlspecialchars((int)$_POST["SET"]);
+   $SET = cmd_replace(htmlspecialchars((int)$_POST["SET"]));
    if(preg_match("/^[0-9]+$/", $SET)){ $_set = $SET; } else{ $_set = 0; }
 
-   $_login_name = htmlspecialchars($_POST["LOGIN_NAME"]);
-   $_pass_word = htmlspecialchars($_POST["PASS_WORD"]);
+   $_login_name = cmd_replace(htmlspecialchars($_POST["LOGIN_NAME"]));
+   $_pass_word = cmd_replace(htmlspecialchars($_POST["PASS_WORD"]));
    }
 
 
-echo "== index.php ======= _set= $_set _login_name= $_login_name _pass_word= $_pass_word =====<br>\n";
-
 // --- ç»é¢å¦ç ---
 // --- _set0 åæ LOGIN ---
 if( $_set == 0 ){
@@ -36,8 +36,7 @@ if( $_set == 0 ){
 
 // --- _set1 èªè¨¼ç¢ºèª ---
 else if( $_set == 1 ){
-//   if(0 == strcmp("masashi@ms-n.com", $_login_name) && 0 == strcmp("1234567890", $_pass_word)){    // ã¯ããã®èªè¨¼è¨­å®
-   if(0 == user_auth_db($_login_name, $_pass_word)){            // ã¯ããã®èªè¨¼è¨­å®
+   if(0 == user_auth_db($_login_name, $_pass_word)){            // èªè¨¼è¨­å®
       include './include/php/session_start.inc';                // ã»ãã·ã§ã³ éå§å¦ç
       $_set = 3;
       include './include/html/html_list.inc';                   // ã­ã°ã¤ã³å®äºç»é¢ã«é£ã¶
@@ -69,6 +68,7 @@ else if( $_set == 3 ){
 
 // --- _set4 ã­ã°ã¢ã¦ãå®äºç»é¢---
 else if( $_set == 4 ){
+   user_logout($_login_name, $_pass_word);                   // èªè¨¼è¨­å®
    include './include/php/session_destroy.inc';               // ã»ãã·ã§ã³ç ´å£å¦ç
    $_set = 0;
    include './include/html/html_logout.inc';
-- 
2.11.0