RocketGit

catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)

Main RocketGit repo

Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit

/tests/http.inc.php (5db8725368aa15a0b8dd943766d65142889539a3) (5138 bytes) (mode 100644) (type blob)

<?php

if (!isset($test_ua))
	$test_ua = "curl";

/*
 * Data is an array
 */
function do_req($url, &$data, &$headers)
{
	global $test_ua, $test_referer;

	if (!is_array($data))
		$data = array();

	if (!is_array($headers)) {
		rg_log("Headers is not an array, reset it.");
		$headers = array();
	}

	rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
		. "headers=" . print_r($headers, TRUE));

	$c = curl_init($url);
	if (count($data) > 0) {
		curl_setopt($c, CURLOPT_POST, 1);
		curl_setopt($c, CURLOPT_POSTFIELDS, $data);
	}
	curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
	// We cannot use this because we will not have a
	// chance to capture the sid.
	//curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($c, CURLOPT_HEADER, 1);
	curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
	curl_setopt($c, CURLOPT_USERAGENT, $test_ua);
	curl_setopt($c, CURLOPT_REFERER, $test_referer);
	$r = curl_exec($c);
	if ($r === FALSE) {
		rg_log_ml("Cannot load (url=$url), data: "
			. print_r($data, TRUE));
		rg_log("curl error: " . curl_error($c));
		return FALSE;
	}

	$ret = array();
	$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
	$ret['header'] = substr($r, 0, $header_size);
	$ret['body'] = substr($r, $header_size);
	curl_close($c);

	// Check with tidy
	if (!empty($ret['body'])) { // we may have a redirect
		file_put_contents("http.tidy.in", $ret['body']);
		$cmd = "tidy -errors -utf8 -file http.tidy.out http.tidy.in";
		system($cmd, $ec);
		if ($ec != 0) {
			echo "tidy ec=$ec\n";
			echo file_get_contents("http.tidy.out");
			exit(1);
		}
	}

	// Check if a '@@' is present
	if (strstr($ret['body'], '@@')) {
		rg_log_ml("Bad @@! body=" . print_r($ret['body'], TRUE));
		exit(1);
	}

	// find sid
	$x = preg_match('/Set-Cookie: sid=([a-zA-Z0-9]*)/', $ret['header'], $matches);
	if (($x === FALSE) || (!isset($matches[1]))) {
		$ret['sid'] = "";
		//rg_log("CHECK: no sid found");
	} else {
		$ret['sid'] = $matches[1];
	}

	// Check for XSS
	if (strstr($ret['body'], '<xss>')) {
		file_put_contents('http_xss.out', $ret['body']);
		rg_log("Found <xss> token! Check http_xss.out. Not good!");
		exit(1);
	}

	// find token
	$x = preg_match('/ name="token" value="([a-zA-Z0-9]*)"/', $ret['body'], $matches);
	if (($x === FALSE) || (!isset($matches[1]))) {
		//rg_log("CHECK: no token found");
		$ret['token'] = "";
	} else {
               	$ret['token'] = $matches[1];
	}

	// find logout token
	$x = preg_match('/logout\?token=([a-zA-Z0-9]*)"/', $ret['body'], $matches);
	if (($x === FALSE) || (!isset($matches[1]))) {
		$ret['logout_token'] = "";
	} else {
               	$ret['logout_token'] = $matches[1];
	}

	$x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
	if ($x === 1) {
		if (strncmp($url, "http://", 7) == 0)
			$url = substr($url, 7);
		rg_log("redirect to url=$url");
		$t = explode("/", $url, 2);
		$new = "http://" . $t[0] . trim($matches[1]);
		//rg_log("Redirecting to $new...");
		$data = array();
		if (!empty($ret['sid']))
			$headers = array("Cookie: sid=" . $ret['sid']);
		$f = do_req($new, $data, $headers);
		if (empty($f['sid']))
			$f['sid'] = $ret['sid'];
		return $f;
	}

	return $ret;
}

/*
 * Helper function that will do the login and will return the good sid
 */
function test_login($url, $rg_ui, &$good_sid)
{
	global $test_ua;

	// First we need to load the form so we can get the token
	// We provide an old cookie to test if we generate a new pre-login one
	$data = array();
	$headers = array("Cookie: sid=d978671c2cd12fba05be218bb1653c1ce7bfb947");
	$r = do_req($url . "/op/login", $data, $headers);
	if ($r === FALSE) {
		echo "Cannot load login form.\n";
		return FALSE;
	}
	$good_sid = $r['sid'];
	$good_token = $r['token'];
	rg_log("good: sid=$good_sid token=$good_token");
	if (strncmp($good_sid, "X", 1) != 0) {
		rg_log("Seems we did not get a pre-login session!");
		return FALSE;
	}

	// Now, post login form
	rg_log("Do the real login post request");
	$data = array(
		"doit" => 1,
		"token" => $good_token,
		"user" => $rg_ui['username'],
		"pass" => $rg_ui['pass'],
		"lock_ip" => 1
	);
	$headers = array("Cookie: sid=" . $good_sid);
	$r = do_req($url . "/op/login", $data, $headers);
	if ($r === FALSE) {
		rg_log_ml("Cannot login: " . print_r($r, TRUE));
		return FALSE;
	}
	$good_sid = $r['sid'];

	if (strstr($r['body'], "invalid user or pass")) {
		rg_log_ml(print_r($r, TRUE));
		rg_log("Login invalid. Check above!");
		return FALSE;
	}

	return $r;
}

/*
 * Restore password aaaa for user catab
 */
function test_restore($db)
{
	$salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
	$pass = 'aaaa';
	$pass = rg_user_pass($salt, $pass);
	$sql = "UPDATE users SET salt = '$salt'"
		. ", pass = '$pass'"
		. ", session_time = 3600"
		. " WHERE username = 'catab'";
	$res = rg_sql_query($db, $sql);
	if ($res == FALSE) {
		rg_log("Cannot update (" . rg_sql_error() . ")!");
		exit(1);
	}
	rg_sql_free_result($res);

	rg_cache_unset("user::4");
}

/*
 * Set user agent
 */
function test_set_ua($s)
{
	global $test_ua;

	$test_ua = $s;
}

/*
 * Set referer
 */
function test_set_referer($s)
{
	global $test_referer;

	$test_referer = $s;
}

?>

Mode	Type	Size	Ref	File
100644	blob	9	f3c7a7c5da68804a1bdf391127ba34aed33c3cca	.exclude
100644	blob	102	eaeb7d777062c60a55cdd4b5734902cdf6e1790c	.gitignore
100644	blob	212	e14603f109924434b214855ecc649e0dbfeaa851	AUTHORS
100644	blob	1132	dd65951315f3de6d52d52a82fca59889d1d95187	Certs.txt
100644	blob	690	3da7297405c644e08475a0fdb89545a0375077a0	Compare.txt
100644	blob	202	76ae4b68b254d7b2fcc199dec13830136927826a	History.txt
100644	blob	35147	94a9ed024d3859793618152ea559a168bbcbb5e2	LICENSE
100644	blob	2193	7528f3903e2d8dfcb629e1dc04ab71dd518834d9	Makefile.in
100644	blob	3785	ceed2aac739967b1c911c5e406da0092c4086121	README
100644	blob	56597	a520351da9f98a0ffa57b59b79f6a74508a3ed53	TODO
100644	blob	1294	f22911eb777f0695fcf81ad686eac133eb11fcc4	TODO-plans
040000	tree	-	21928e906ad2907a55c2e81c2a8b0502b586b8a0	artwork
100755	blob	30	92c4bc48245c00408cd7e1fd89bc1a03058f4ce4	configure
040000	tree	-	f67d3605efbd6422a8acdd953578991139266391	docs
100755	blob	13704	87c4881d7f32f8179d29d86ee17ddbe0f6254c57	duilder
100644	blob	291	f0325432b870466d46eb17a175946437ec39ca1e	duilder.conf
040000	tree	-	753d466d716ad54ef3826c94084eec85c5d4ff03	hooks
040000	tree	-	2b0ef78b6af3d3e9425f09f2788f297e81866c52	inc
100644	blob	3505	b8d149b6a6678d2c42aa238e10f5669f0f7abee9	rocketgit.spec.in
040000	tree	-	d4c453d7efffea96e57eb6088ac53425cea5e16e	root
040000	tree	-	4dc3f75586b6d4b7872c0c5a0f5785c1ff1aea80	samples
040000	tree	-	8d2bb87ca318d8a3cc60df6c8602b3f6e98eb0fd	scripts
040000	tree	-	67d785c5d4bbc0b48e1408281b91b40b981013b4	selinux
100755	blob	242	bfcfb00931a643571fec9082e3308c6b68ca9189	spell_check.sh
040000	tree	-	c5e213ce469edc206ac10a4a7b73bf9c54b89458	tests

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:

git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main