From a143b2dd21fdcda340f13afd27b1943a616c2f54 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Wed, 26 Jul 2017 12:24:58 -0500 Subject: [PATCH] Progress: continued work on user and login, also miscellaneous fixes Be sure to write to the connection log only after the session information has been loaded so that a valid session expires value is used. The public user log table needs to have database-specific role and not standard role for insert access checks. Process the database password failure string on login. The table caption and caption tag code was not fully completed. Style cleanups. --- common/standard/classes/standard_database.php | 25 +++++--- common/standard/classes/standard_path.php | 84 ++++++++++++------------- common/standard/paths/u/login.php | 44 ++++++++++--- common/standard/paths/u/user_view.php | 4 +- common/theme/classes/theme_html.php | 6 ++ database/sql/reservation/order.install | 1 + database/sql/reservation/reservation-public.sql | 16 +++++ 7 files changed, 120 insertions(+), 60 deletions(-) create mode 100644 database/sql/reservation/reservation-public.sql diff --git a/common/standard/classes/standard_database.php b/common/standard/classes/standard_database.php index a50d4d4..a72bb66 100644 --- a/common/standard/classes/standard_database.php +++ b/common/standard/classes/standard_database.php @@ -35,19 +35,30 @@ class c_standard_database extends c_base_database { $query_parameters[8] = $response_code; if ($log_type === c_base_log::TYPE_CONNECT) { - $expires = NULL; - if (isset($data['expires']) && is_int($data['expires'])) { - $expires = $data['expires']; - } - $query_parameters[0] = "Logging in to the system."; $query_parameters[1] = c_base_log::TYPE_SESSION; $query_parameters[2] = c_base_log::TYPE_CONNECT; $query_parameters[3] = c_base_error::SEVERITY_INFORMATIONAL; $query_parameters[4] = c_base_defaults_global::LOG_FACILITY; - $query_parameters[9] = json_encode(array('expires' => $expires)); - unset($expires); + if ($response_code == c_base_http_status::FORBIDDEN) { + $user_name = NULL; + if (isset($data['user_name']) && is_string($data['user_name'])) { + $user_name = $data['user_name']; + } + + $query_parameters[9] = json_encode(array('user_name' => $user_name)); + unset($user_name); + } + else { + $expires = NULL; + if (isset($data['expires']) && is_int($data['expires'])) { + $expires = $data['expires']; + } + + $query_parameters[9] = json_encode(array('expires' => $expires)); + unset($expires); + } } elseif ($log_type === c_base_log::TYPE_DISCONNECT) { $query_parameters[0] = "Logging out of the system."; diff --git a/common/standard/classes/standard_path.php b/common/standard/classes/standard_path.php index 478a4a7..324959c 100644 --- a/common/standard/classes/standard_path.php +++ b/common/standard/classes/standard_path.php @@ -236,7 +236,6 @@ class c_standard_path extends c_base_path { return $path_parts; } - /** * Build the breadcrumb. * @@ -350,7 +349,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_section($headers = NULL, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_SECTION, self::CSS_AS_SECTION); + $classes = array($this->settings['base_css'] . self::CSS_AS_SECTION, self::CSS_AS_SECTION); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -388,7 +387,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_wrapper($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_WRAPPER, self::CSS_AS_WRAPPER); + $classes = array($this->settings['base_css'] . self::CSS_AS_WRAPPER, self::CSS_AS_WRAPPER); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -417,7 +416,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_break($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_BREAK, self::CSS_AS_BREAK); + $classes = array($this->settings['base_css'] . self::CSS_AS_BREAK, self::CSS_AS_BREAK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -450,7 +449,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_text($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT); + $classes = array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -492,7 +491,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_header($text, $header, $arguments = array(), $id = NULL, $extra_class = NULL, $prepend = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_HEADER, self::CSS_AS_HEADER, self::CSS_AS_HEADER . '-' . $header); + $classes = array($this->settings['base_css'] . self::CSS_AS_HEADER, self::CSS_AS_HEADER, self::CSS_AS_HEADER . '-' . $header); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -574,7 +573,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_headers($headers, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_HEADERS, self::CSS_AS_HEADERS); + $classes = array($this->settings['base_css'] . self::CSS_AS_HEADERS, self::CSS_AS_HEADERS); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -651,7 +650,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_paragraph($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH, self::CSS_AS_PARAGRAPH); + $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH, self::CSS_AS_PARAGRAPH); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -689,7 +688,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_text_block($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TEXT_BLOCK, self::CSS_AS_TEXT_BLOCK); + $classes = array($this->settings['base_css'] . self::CSS_AS_TEXT_BLOCK, self::CSS_AS_TEXT_BLOCK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -705,10 +704,10 @@ class c_standard_path extends c_base_path { if (!is_null($text)) { if (is_int($text)) { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_TEXT), $this->pr_get_text($text, $arguments)); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $this->pr_get_text($text, $arguments)); } else { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_TEXT), $text); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $text); } $block->set_tag($tag); @@ -740,7 +739,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_paragraph_block($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH_BLOCK, self::CSS_AS_PARAGRAPH_BLOCK); + $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH_BLOCK, self::CSS_AS_PARAGRAPH_BLOCK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -756,10 +755,10 @@ class c_standard_path extends c_base_path { if (!is_null($text)) { if (is_int($text)) { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_PARAGRAPH_BLOCK), $this->pr_get_text($text, $arguments)); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $this->pr_get_text($text, $arguments)); } else { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_PARAGRAPH_BLOCK), $text); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $text); } $block->set_tag($tag); @@ -796,7 +795,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_link($text, $tooltip, $destination, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_LINK, self::CSS_AS_LINK); + $classes = array($this->settings['base_css'] . self::CSS_AS_LINK, self::CSS_AS_LINK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -811,10 +810,10 @@ class c_standard_path extends c_base_path { unset($classes); if (is_int($text)) { - $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_A, NULL, $classes, $this->pr_get_text($text, $arguments)); + $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_A, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $this->pr_get_text($text, $arguments)); } else { - $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_A, NULL, $classes, $text); + $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_A, NULL, array($this->settings['base_css'] . self::CSS_AS_TEXT, self::CSS_AS_TEXT), $text); } if (is_array($destination)) { @@ -872,7 +871,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_link_block($text, $tooltip, $destination, $description, $arguments = array(), $header = 0, $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_LINK_BLOCK, self::CSS_AS_LINK_BLOCK); + $classes = array($this->settings['base_css'] . self::CSS_AS_LINK_BLOCK, self::CSS_AS_LINK_BLOCK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -891,7 +890,7 @@ class c_standard_path extends c_base_path { $wrapper = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_DIVIDER, NULL, array(self::CSS_AS_TEXT, self::CSS_AS_LINK_BLOCK_NAME)); } else { - $header_classes = array($this->settings['base_css'] . self::CSS_AS_HEADER, self::CSS_AS_HEADER, self::CSS_AS_HEADER . '-' . $header, self::CSS_AS_LINK_BLOCK_NAME); + $header_classes = array($this->settings['base_css'] . self::CSS_AS_HEADER, self::CSS_AS_HEADER, self::CSS_AS_HEADER . '-' . $header, self::CSS_AS_LINK_BLOCK_NAME); if ($header == 1) { $type = c_base_markup_tag::TYPE_H1; @@ -966,7 +965,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_fieldset($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH_BLOCK, self::CSS_AS_PARAGRAPH_BLOCK); + $classes = array($this->settings['base_css'] . self::CSS_AS_PARAGRAPH_BLOCK, self::CSS_AS_PARAGRAPH_BLOCK); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -982,10 +981,10 @@ class c_standard_path extends c_base_path { if (!is_null($text)) { if (is_int($text)) { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_FIELD_SET_LEGEND), $this->pr_get_text($text, $arguments)); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_FIELD_SET_LEGEND, self::CSS_AS_FIELD_SET_LEGEND), $this->pr_get_text($text, $arguments)); } else { - $tag = c_theme_html::s_create_tag($this->text_type, NULL, array(self::CSS_AS_FIELD_SET_LEGEND), $text); + $tag = c_theme_html::s_create_tag($this->text_type, NULL, array($this->settings['base_css'] . self::CSS_AS_FIELD_SET_LEGEND, self::CSS_AS_FIELD_SET_LEGEND), $text); } $block->set_tag($tag); @@ -1018,7 +1017,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_row($value = NULL, $arguments = array(), $id = NULL, $extra_class = NULL, $row = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_ROW, self::CSS_AS_ROW); + $classes = array($this->settings['base_css'] . self::CSS_AS_ROW, self::CSS_AS_ROW); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1074,7 +1073,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_field_row($field_name = NULL, $field_value = NULL, $arguments = array(), $id = NULL, $extra_class = NULL, $row = NULL, $spacer = FALSE) { - $classes = array($this->settings['base_css'] . self::CSS_AS_FIELD_ROW, self::CSS_AS_FIELD_ROW); + $classes = array($this->settings['base_css'] . self::CSS_AS_FIELD_ROW, self::CSS_AS_FIELD_ROW); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1092,7 +1091,7 @@ class c_standard_path extends c_base_path { $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_DIVIDER, $id, $classes); unset($classes); - $tag_text = $this->pr_create_tag_text($field_name, $arguments, $id, self::CSS_AS_FIELD_ROW_NAME); + $tag_text = $this->pr_create_tag_text($field_name, $arguments, NULL, self::CSS_AS_FIELD_ROW_NAME); $tag->set_tag($tag_text); unset($tag_text); @@ -1100,7 +1099,7 @@ class c_standard_path extends c_base_path { $this->pr_create_tag_spacer($tag); } - $tag_text = $this->pr_create_tag_text($field_value, $arguments, $id, self::CSS_AS_FIELD_ROW_VALUE); + $tag_text = $this->pr_create_tag_text($field_value, $arguments, NULL, self::CSS_AS_FIELD_ROW_VALUE); $tag->set_tag($tag_text); unset($tag_text); @@ -1130,7 +1129,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE, self::CSS_AS_TABLE); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE, self::CSS_AS_TABLE); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1141,21 +1140,21 @@ class c_standard_path extends c_base_path { unset($class); } - $table_tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_TABLE, $id, $classes); + $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_TABLE, $id, $classes); if (!is_null($text)) { if (is_int($text)) { - $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_CAPTION, $id, $classes, $this->pr_get_text($text, $arguments)); + $tag_text = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_CAPTION, NULL, array($this->settings['base_css'] . self::CSS_AS_TABLE_CAPTION, self::CSS_AS_TABLE_CAPTION), $this->pr_get_text($text, $arguments)); } else { - $tag = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_CAPTION, $id, $classes, $text); + $tag_text = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_CAPTION, NULL, array($this->settings['base_css'] . self::CSS_AS_TABLE_CAPTION, self::CSS_AS_TABLE_CAPTION), $text); } - $table_tag->set_tag($tag); - unset($tag); + $tag->set_tag($tag_text); + unset($tag_text); } - return $table_tag; + return $tag; } /** @@ -1179,7 +1178,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_caption($text, $arguments = array(), $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_CAPTION, self::CSS_AS_TABLE_CAPTION); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_CAPTION, self::CSS_AS_TABLE_CAPTION); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1216,7 +1215,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_column($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_COLUMN, self::CSS_AS_TABLE_COLUMN); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_COLUMN, self::CSS_AS_TABLE_COLUMN); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1245,7 +1244,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_column_group($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_COLUMN_GROUP, self::CSS_AS_TABLE_COLUMN_GROUP); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_COLUMN_GROUP, self::CSS_AS_TABLE_COLUMN_GROUP); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1274,7 +1273,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_header($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_HEADER, self::CSS_AS_TABLE_HEADER); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_HEADER, self::CSS_AS_TABLE_HEADER); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1307,7 +1306,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_header_cell($text, $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_HEADER_CELL, self::CSS_AS_TABLE_HEADER_CELL); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_HEADER_CELL, self::CSS_AS_TABLE_HEADER_CELL); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1344,7 +1343,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_body($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_BODY, self::CSS_AS_TABLE_BODY); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_BODY, self::CSS_AS_TABLE_BODY); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1373,7 +1372,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_row($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_ROW, self::CSS_AS_TABLE_ROW); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_ROW, self::CSS_AS_TABLE_ROW); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1406,7 +1405,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_cell($text, $id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_CELL, self::CSS_AS_TABLE_CELL); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_CELL, self::CSS_AS_TABLE_CELL); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1443,7 +1442,7 @@ class c_standard_path extends c_base_path { * The generated markup tag. */ protected function pr_create_tag_table_footer($id = NULL, $extra_class = NULL) { - $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_FOOTER, self::CSS_AS_TABLE_FOOTER); + $classes = array($this->settings['base_css'] . self::CSS_AS_TABLE_FOOTER, self::CSS_AS_TABLE_FOOTER); if (is_string($extra_class)) { $classes[] = $extra_class; } @@ -1504,7 +1503,6 @@ class c_standard_path extends c_base_path { return new c_base_return_true(); } - /** * Create an HTML primary id attributes. * diff --git a/common/standard/paths/u/login.php b/common/standard/paths/u/login.php index 24f1044..a56bb11 100644 --- a/common/standard/paths/u/login.php +++ b/common/standard/paths/u/login.php @@ -25,6 +25,8 @@ require_once('common/theme/classes/theme_html.php'); * This listens on: /u/login */ class c_standard_path_user_login extends c_standard_path { + public const SESSION_DATE_FORMAT = 'D, d-M-Y H:i:s T'; + protected const PATH_SELF = 'u/login'; protected const USER_PUBLIC = 'u_standard_public'; @@ -402,6 +404,9 @@ class c_standard_path_user_login extends c_standard_path { // it is a pity that postgresql doesn't differentiate the two. $access_denied = TRUE; } + elseif (preg_match('/password authentication failed for user /i', $details['arguments'][':{failure_reasons}'][0]['message']) > 0) { + $access_denied = TRUE; + } else { $problems[] = c_base_form_problem::s_create_error(NULL, 'Unable to login, reason: ' . $details['arguments'][':{failure_reasons}'][0]['message'] . '.'); unset($details); @@ -426,7 +431,6 @@ class c_standard_path_user_login extends c_standard_path { if ($database instanceof c_standard_database) { $database->do_log_user(c_base_log::TYPE_CREATE, c_base_http_status::OK, array('user_name' => $_POST['login_form-user_name'])); - $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::OK, array('expires' => $session->get_timeout_expire()->get_value_exact())); } } } @@ -465,6 +469,26 @@ class c_standard_path_user_login extends c_standard_path { } } unset($ensure_result); + + // report login attempt and failure using public user account. + if ($connected instanceof c_base_return_false && isset($settings['database_user_public']) && is_string($settings['database_user_public'])) { + $connection_string = $database->get_connection_string(); + $connection_string->set_user($settings['database_user_public']); + $connection_string->set_password(NULL); + + $database->set_connection_string($connection_string); + unset($connection_string); + + $connected = $database->do_connect(); + if ($connected instanceof c_base_return_true) { + c_standard_index::s_do_initialize_database($database); + + $result = $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::FORBIDDEN, array('user_name' => $_POST['login_form-user_name'])); + $database->do_disconnect(); + + $connected = new c_base_return_false(); + } + } } } else { @@ -480,10 +504,6 @@ class c_standard_path_user_login extends c_standard_path { $this->pr_update_user_data($database); } unset($ldap); - - if ($database instanceof c_standard_database) { - $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::OK, array('expires' => $session->get_timeout_expire()->get_value_exact())); - } } if (c_base_return::s_has_error($connected) || $connected instanceof c_base_return_false) { @@ -510,8 +530,13 @@ class c_standard_path_user_login extends c_standard_path { } unset($details); } - unset($access_denied); + + // connection was established but errors have occured. + if ($connected instanceof c_base_return_true && $database instanceof c_standard_database) { + $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::FORBIDDEN); + $database->do_disconnect(); + } unset($connected); if (empty($problems)) { @@ -576,7 +601,7 @@ class c_standard_path_user_login extends c_standard_path { $data = array( 'session_id' => $session->get_session_id()->get_value_exact(), - 'expire' => gmdate("D, d-M-Y H:i:s T", $session_expire), // unnecessary, but provided for debug purposes. + 'expire' => gmdate(self::SESSION_DATE_FORMAT, $session_expire), // unnecessary, but provided for debug purposes. ); $cookie_login->set_value($data); @@ -588,6 +613,11 @@ class c_standard_path_user_login extends c_standard_path { unset($pushed); } unset($result); + + // now that any session/cookie information is loaded and processed, log any login connections. + if ($connected instanceof c_base_return_true && $database instanceof c_standard_database) { + $database->do_log_user(c_base_log::TYPE_CONNECT, c_base_http_status::OK, array('expires' => $session->get_timeout_expire()->get_value_exact())); + } unset($connected); if (empty($problems)) { diff --git a/common/standard/paths/u/user_view.php b/common/standard/paths/u/user_view.php index 8cdb605..1a38eb6 100644 --- a/common/standard/paths/u/user_view.php +++ b/common/standard/paths/u/user_view.php @@ -520,8 +520,6 @@ class c_standard_path_user_view extends c_standard_path { $fieldset = $this->pr_create_tag_fieldset(15, array(), self::CLASS_USER_VIEW_PERSONAL, self::CLASS_USER_VIEW_PERSONAL); $content = c_theme_html::s_create_tag(c_base_markup_tag::TYPE_DIVIDER, self::CSS_AS_FIELD_SET_CONTENT, array(self::CSS_AS_FIELD_SET_CONTENT)); - #($count & 2 == 0) ? c_standard_path::CSS_AS_ROW_EVEN : c_standard_path::CSS_AS_ROW_ODD) - $content->set_tag($this->pr_create_tag_field_row(37, '' . $user->get_name_human()->get_prefix()->get_value(), array(), NULL, c_standard_path::CSS_AS_ROW_EVEN, 0, TRUE)); $content->set_tag($this->pr_create_tag_field_row(38, '' . $user->get_name_human()->get_first()->get_value(), array(), NULL, c_standard_path::CSS_AS_ROW_ODD, 1, TRUE)); $content->set_tag($this->pr_create_tag_field_row(39, '' . $user->get_name_human()->get_middle()->get_value(), array(), NULL, c_standard_path::CSS_AS_ROW_EVEN, 2, TRUE)); @@ -585,7 +583,7 @@ class c_standard_path_user_view extends c_standard_path { // @todo: implement code for processing and generating a table/list of history, with the ability to navigate additional entries. - $query_result = $this->database->do_query('select id, id_user, log_title, log_type, log_type_sub, log_severity, log_facility, log_details, log_date, request_client, response_code from v_log_users_self limit 10'); + $query_result = $this->database->do_query('select id, id_user, log_title, log_type, log_type_sub, log_severity, log_facility, log_details, log_date, request_client, response_code from v_log_users_self order by id desc limit 10'); if (c_base_return::s_has_error($query_result)) { if (is_null($errors)) { diff --git a/common/theme/classes/theme_html.php b/common/theme/classes/theme_html.php index 5bef696..d638926 100644 --- a/common/theme/classes/theme_html.php +++ b/common/theme/classes/theme_html.php @@ -1710,6 +1710,12 @@ class c_theme_html extends c_base_return { $markup .= $child_markup; $markup .= ''; } + elseif ($type === c_base_markup_tag::TYPE_CAPTION) { + $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; + $markup .= $tag->get_text()->get_value_exact(); + $markup .= $child_markup; + $markup .= ''; + } elseif ($type === c_base_markup_tag::TYPE_CHECKBOX) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'checkbox') . $this->p_render_markup_attributes_event_handler($tag) . '>'; $markup .= $tag->get_text()->get_value_exact(); diff --git a/database/sql/reservation/order.install b/database/sql/reservation/order.install index 568e79e..06ead66 100644 --- a/database/sql/reservation/order.install +++ b/database/sql/reservation/order.install @@ -10,6 +10,7 @@ standard-log_groups standard-log_problems standard-log_users standard-statistics +reservation-public reservation-dates reservation-fields reservation-associations diff --git a/database/sql/reservation/reservation-public.sql b/database/sql/reservation/reservation-public.sql new file mode 100644 index 0000000..e862b0f --- /dev/null +++ b/database/sql/reservation/reservation-public.sql @@ -0,0 +1,16 @@ +/** Reservation SQL Structure - Public **/ +/** This depends on: reservation-main.sql **/ + +/* Replaces references to r_standard_public with r_reservation_public. */ +start transaction; + +/** public users should be able to insert, but should never be able to view the logs that they insert. **/ +drop view public.v_log_users_self_insert; + +create view public.v_log_users_self_insert with (security_barrier=true) as + select log_title, log_type, log_type_sub, log_severity, log_facility, log_details, request_client, response_code from s_tables.t_log_users + where 'r_reservation_public' in (select pr.rolname from pg_auth_members pam inner join pg_roles pr on (pam.roleid = pr.oid) inner join pg_roles pr_u on (pam.member = pr_u.oid) where pr_u.rolname = current_user and pr.rolname = 'r_reservation_public') + with check option; + + +commit transaction; -- 1.8.3.1