Main RocketGit repo
/tests/http.inc.php (01923e27996dcfbb466ebd338cd7720b30f96431) (6751 bytes) (mode 100644) (type blob)
<?php
if (!isset($test_ua))
$test_ua = "curl";
/*
* Data is an array
*/
function do_req($url, &$data, &$headers)
{
global $test_ua, $test_referer;
if (!is_array($data))
$data = array();
$data['rg_debug'] = 1;
if (!is_array($headers)) {
rg_log("Headers is not an array, reset it.");
$headers = array();
}
rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
. "headers=" . print_r($headers, TRUE));
$c = curl_init($url);
if (count($data) > 0) {
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $data);
} else {
if (!strstr($url, '?'))
$url .= '?rg_debug=1';
else
$url .= '&rg_debug=1';
}
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
// We cannot use this because we will not have a
// chance to capture the sid.
//curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_USERAGENT, $test_ua);
curl_setopt($c, CURLOPT_REFERER, $test_referer);
curl_setopt($c, CURLOPT_CERTINFO, TRUE);
curl_setopt($c, CURLOPT_VERBOSE, TRUE);
$err = @fopen('php://temp', 'w');
if ($err !== FALSE) {
curl_setopt($c, CURLOPT_STDERR, $err);
} else {
rg_log('Cannot open stderr redirection!');
}
$r = curl_exec($c);
if ($err !== FALSE) {
rewind($err);
$xerr = @fread($err, 16 * 4096);
fclose($err);
rg_log_ml($xerr);
}
if ($r === FALSE) {
rg_log_ml("Cannot load (url=$url), data: "
. print_r($data, TRUE));
rg_log("curl error: " . curl_error($c));
return FALSE;
}
$ret = array();
$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
$ret['header'] = substr($r, 0, $header_size);
$ret['body'] = substr($r, $header_size);
curl_close($c);
// Check for XSS
if (stristr($ret['body'], '<xss>')) {
file_put_contents('http_xss.out', $ret['body']);
rg_log("Found <xss> token! Check http_xss.out. Not good!");
exit(1);
}
// Check with tidy
if (!empty($ret['body'])) { // we may have a redirect
// some fixes
$ret['body'] = str_replace('autocomplete="off"', '', $ret['body']);
$ret['body'] = str_replace('<xss>', '|xss|', $ret['body']);
file_put_contents("http.tidy.in", $ret['body']);
$cmd = "tidy -errors -utf8 -file http.tidy.out http.tidy.in";
system($cmd, $ec);
if ($ec != 0) {
echo "tidy ec=$ec\n";
echo file_get_contents("http.tidy.out");
exit(1);
}
}
// Check if a '@@' is present
if (strstr($ret['body'], '@@')) {
$t = explode('@@', $ret['body']);
$t = explode('@@', $t[1]);
if (!strstr($t[0], ' ')) {
rg_log_ml("We have unresolved variables: [" . $t[0] . "]!");
exit(1);
}
}
// find sid
$x = preg_match('/Set-Cookie: sid=([a-zA-Z0-9]*)/', $ret['header'], $matches);
if (($x === FALSE) || (!isset($matches[1]))) {
$ret['sid'] = "";
//rg_log("CHECK: no sid found");
} else {
$ret['sid'] = $matches[1];
}
$ret['tokens'] = array();
$x = preg_match_all('/ name="token" value="([a-zA-Z0-9_:]*)"/',
$ret['body'], $matches);
//rg_log_ml('DEBUG: matches: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
//rg_log("CHECK: no token found");
} else {
foreach ($matches[1] as $m) {
$t = explode(':', $m);
if (!isset($t[1])) {
rg_log_ml('body: ' . print_r($ret['body'], TRUE));
rg_log_ml('matches: ' . print_r($matches[1], TRUE));
rg_log('Invalid debug token: ' . $m);
exit(1);
}
$ret['tokens'][$t[1]] = $t[0];
}
}
rg_log_ml('DEBUG ret[tokens]: ' . print_r($ret['tokens'], TRUE));
// find logout token
$x = preg_match('/logout\?token=([a-zA-Z0-9:]*)"/', $ret['body'], $matches);
//rg_log_ml('DEBUG: matches[logout]: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
$ret['tokens']['logout'] = '';
} else {
$t = explode(':', $matches[1]);
$ret['tokens']['logout'] = $t[0];
}
$x = preg_match_all('/ class="secret_token">([A-Z0-9]*)</', $ret['body'], $matches);
if (($x !== FALSE) && (isset($matches[1])) && isset($matches[1][0])) {
$ret['totp_secret'] = $matches[1][0];
rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
}
$x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
if ($x === 1) {
if (strncmp($url, "http://", 7) == 0)
$url = substr($url, 7);
$t = explode("/", $url, 2);
$new = "http://" . $t[0] . trim($matches[1]);
rg_log("Redirecting to $new...");
$data = array();
if (!empty($ret['sid']))
$headers = array("Cookie: sid=" . $ret['sid']);
$f = do_req($new, $data, $headers);
if (empty($f['sid']))
$f['sid'] = $ret['sid'];
return $f;
}
@rename('http-last.out', 'http-prev.out');
file_put_contents('http-last.out', $ret['body']);
return $ret;
}
/*
* Helper function that will do the login and will return the good sid
*/
function test_login($url, $rg_ui, &$good_sid)
{
global $test_ua;
// First we need to load the form so we can get the token
// We provide an old cookie to test if we generate a new pre-login one
$data = array();
$headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
$r = do_req($url . "/op/login", $data, $headers);
if ($r === FALSE) {
echo "Cannot load login form.\n";
return FALSE;
}
$good_sid = $r['sid'];
$good_token = $r['tokens']['login'];
rg_log("good: sid=$good_sid token=$good_token");
if (strncmp($good_sid, "X", 1) != 0) {
rg_log("Seems we did not get a pre-login session!");
return FALSE;
}
// Now, post login form
rg_log("Do the real login post request");
$data = array(
"doit" => 1,
"token" => $good_token,
"user" => $rg_ui['username'],
"pass" => $rg_ui['pass'],
"lock_ip" => 1
);
$headers = array("Cookie: sid=" . $good_sid);
$r = do_req($url . "/op/login", $data, $headers);
if ($r === FALSE) {
rg_log_ml("Cannot login: " . print_r($r, TRUE));
return FALSE;
}
$good_sid = $r['sid'];
if (empty($good_sid)) {
rg_log('Empty good_sid!');
return FALSE;
}
if (strstr($r['body'], "invalid user")) {
rg_log_ml(print_r($r, TRUE));
rg_log("Login invalid. Check above!");
return FALSE;
}
return $r;
}
/*
* Restore password aaaa for user catab
*/
function test_restore($db)
{
$salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
$pass = 'aaaa';
$pass = rg_user_pass($salt, $pass);
$sql = "UPDATE users SET salt = '$salt'"
. ", pass = '$pass'"
. ", session_time = 3600"
. " WHERE username = 'catab'";
$res = rg_sql_query($db, $sql);
if ($res == FALSE) {
rg_log("Cannot update (" . rg_sql_error() . ")!");
exit(1);
}
rg_sql_free_result($res);
rg_cache_unset('user::4::info', RG_SOCKET_NO_WAIT);
}
/*
* Set user agent
*/
function test_set_ua($s)
{
global $test_ua;
$test_ua = $s;
}
/*
* Set referer
*/
function test_set_referer($s)
{
global $test_referer;
$test_referer = $s;
}
?>
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 102 | eaeb7d777062c60a55cdd4b5734902cdf6e1790c | .gitignore |
| 100644 | blob | 289 | fabbff669e768c05d6cfab4d9aeb651bf623e174 | AUTHORS |
| 100644 | blob | 1132 | dd65951315f3de6d52d52a82fca59889d1d95187 | Certs.txt |
| 100644 | blob | 1339 | 6ef73b238cddfb5bd83fe344a186e48f12e9da2c | Compare.txt |
| 100644 | blob | 549 | 41c3bdbba8ec2523fe24b84bdd46777fc13e8345 | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 2695 | 994656805a9db0ea31cf9be1e5776182efbefecc | Makefile.in |
| 100644 | blob | 4788 | eb8fa578df718b058ebbde968998718c669984cd | README |
| 100644 | blob | 100438 | 17de6db8f4fc99c18991fb346451c50d91c8bdff | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 373 | ca2fd2e49069f5d13d557928e0bf53135782530f | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 788c57f7b8b4a17ab4e6903b044addae9617da09 | debian |
| 040000 | tree | - | 681465a8d96259004db092e8aab5111ad18900f1 | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 16711 | 924262b2f8dbf3bbe02358e7f404175732e970d1 | duilder |
| 100644 | blob | 536 | db9185faa969a77379e8d949b1943b95c92f2600 | duilder.conf |
| 040000 | tree | - | b0cc8cc0386eddf4373339a7860e46e8f74e0202 | hooks |
| 040000 | tree | - | 3d0ce82f618b8a7ea674b0bbbb375da6f45bd1fd | inc |
| 100644 | blob | 3881 | 074e596bfc98db0f5ea8368ba9839659629bb814 | rocketgit.spec.in |
| 040000 | tree | - | 7fb729ee5d25ac107e8f357d3911da8f6a64bd1a | root |
| 040000 | tree | - | 429d043eb48791f798eeca03636a43dedd6b442a | samples |
| 040000 | tree | - | a400a14155cebfc40cf6323af694b5135ec57b6e | scripts |
| 040000 | tree | - | 162702b941f66ce024967308ea694eae46506304 | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 | techdocs |
| 040000 | tree | - | 5e4e7da913966f00733b01a18e7e4972a44e91b1 | tests |
| 040000 | tree | - | d39824f9d9ba0f8b2f00f4a101f5cd5aeebc2f83 | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!