forked from UB-Mannheim/PalMA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
DBConnector.class.php
293 lines (254 loc) · 9.37 KB
/
DBConnector.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
<?php namespace palma;
// Copyright (C) 2014 Universitätsbibliothek Mannheim
// See file LICENSE for license details.
// Authors: Alexander Wagner, Stefan Weil
require_once('globals.php');
class DBConnector extends \SQLite3
{
const SQL_CREATE_TABLES = <<< eod
PRAGMA foreign_keys = ON;
CREATE TABLE IF NOT EXISTS setting (
key VARCHAR (10) PRIMARY KEY,
value VARCHAR (20)
);
INSERT OR IGNORE INTO setting VALUES ('layout', 'g1x1');
INSERT OR IGNORE INTO setting VALUES ('pin', '');
CREATE TABLE IF NOT EXISTS user (
userid INTEGER PRIMARY KEY,
name VARCHAR (30) UNIQUE,
count INTEGER,
enabled INTEGER
);
-- Table with user name, IP address and device type (laptop, tablet, mobile).
CREATE TABLE IF NOT EXISTS address (
userid INTEGER,
address VARCHAR (30),
device VARCHAR (6),
FOREIGN KEY(userid) REFERENCES user(userid)
);
-- TODO: Entry 'userid' in table 'window' should refer to user(userid):
-- userid INTEGER REFERENCES user(userid)
-- The software currently does not handle this correctly, so we had to remove
-- the reference because it fails with pragma foreign_keys.
CREATE TABLE IF NOT EXISTS window (
id INTEGER PRIMARY KEY,
win_id VARCHAR (3),
section INTEGER,
state VARCHAR (10),
file VARCHAR (255),
handler VARCHAR (255),
userid INTEGER,
date DATETIME
);
eod;
const SQL_RESET_TABLES = <<< eod
DROP TABLE address;
DROP TABLE setting;
DROP TABLE IF EXISTS settings;
DROP TABLE user;
DROP TABLE window;
eod;
// TODO: allow additional flags for constructor:
// $flags = SQLITE3_OPEN_READWRITE|SQLITE3_OPEN_CREATE
// $encryption_key
public function __construct($filename = false)
{
if (!$filename) {
$filename = 'palma.db';
}
trace("DBConnector db file = $filename");
parent::__construct($filename);
// Wait up to 10000 ms when the database is locked.
$this->busyTimeout(10000);
// Create any missing tables.
$this->exec(self::SQL_CREATE_TABLES);
}
public function resetTables()
{
$this->exec(self::SQL_RESET_TABLES . self::SQL_CREATE_TABLES);
}
public function countWindows()
{
$numRows = $this->querySingle('SELECT count(*) FROM window WHERE state="active"');
return $numRows;
}
public function nextID()
{
// Find the first unused monitor section and return its number.
$quadrant_ids = array(1, 2, 3, 4);
$window_db_ids = array();
$window_keys = @$this->query('SELECT DISTINCT(id) FROM window');
while ($row = $window_keys->fetchArray()) {
array_push($window_db_ids, $row['id']);
}
$window_keys->finalize();
//~ trace("ids in QD " . serialize($quadrant_ids));
//~ trace("ids in DB " . serialize($window_db_ids));
$next_ids = array_values(array_diff($quadrant_ids, $window_db_ids));
//~ trace("ids in NXT " . serialize($next_ids));
if (count($next_ids) > 0) {
$next = $next_ids[0];
} else {
$next = $this->querySingle('SELECT MAX(id) FROM window') + 1;
}
return $next;
}
public function ipAddress()
{
$ip = 'unknown';
if (isset($_SERVER['HTTP_X_FORWARED_FOR'])) {
// Server is hidden behind a proxy.
// Proxy for loopback ip might indicate spoofing
if (!in_array($_SERVER['HTTP_X_FORWARED_FOR'], array('127.0.0.1', '::1'))) {
$ip = $_SERVER['HTTP_X_FORWARED_FOR'];
}
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
// Client has direct access to the server.
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
public function checkPermission()
{
// Check whether the remote IP address is allowed to run commands.
// Only localhost or hosts of registered users are allowed.
$ip = $this->ipAddress();
// Currently PalMA also makes local connections.
$ip_list = array('127.0.0.1', '::1');
$rows = $this->query("SELECT address FROM address");
while ($row = $rows->fetchArray(SQLITE3_ASSOC)) {
array_push($ip_list, $row['address']);
}
$rows->finalize();
$allowed = in_array($ip, $ip_list);
return $allowed;
}
public function addUser($username, $address, $device = 'laptop')
{
// Add a new user with his/her address and the device to the database.
// TODO: Support more than one address for a given username.
$this->exec("INSERT OR IGNORE INTO user VALUES (NULL, '$username', 1, 0)");
$usercount = $this->querySingle("SELECT COUNT(*) FROM user");
$userid = $this->querySingle("SELECT userid from user where name='".$username."'");
$this->exec("INSERT INTO address VALUES ('$userid', '$address', '$device')");
trace("user $username connected with $device, $usercount user(s) now connected");
if ($usercount == 1) {
// First user connected. Always enable this person.
$this->enableUser($username);
}
}
public function delUser($username, $address)
{
// Remove an existing user with his/her address from the database.
// TODO: Support more than one address for a given username.
$ip = $this->ipAddress();
$userid = $this->querySingle("SELECT userid from user where name='$username'");
// Kill VNC connection associated with the user
$this->deleteVNCWindow($userid);
$this->exec("DELETE FROM address WHERE userid = '$userid' AND address = '$ip'");
// TODO: Remove user only when no address refers to it.
$this->exec("DELETE FROM user WHERE userid = '$userid'");
$usercount = $this->querySingle("SELECT COUNT(*) FROM user");
trace("user $username disconnected, $usercount user(s) now connected");
if ($usercount == 0) {
// Last user disconnected.
// Clean some tables, just to be sure that nothing is left.
$this->exec("DELETE FROM address; DELETE FROM window;");
}
}
public function enableUser($username)
{
$state = $this->exec("UPDATE user SET enabled=1 WHERE name='$username'");
if (!$state) {
trace("enableUser($username) failed");
}
}
public function getUsers()
{
$users = array();
$rows = $this->query("SELECT name FROM user");
while ($row = $rows->fetchArray(SQLITE3_ASSOC)) {
array_push($users, $row['name']);
}
$rows->finalize();
return $users;
}
public function getWindows()
{
// Get list of all windows, ordered by their section.
$window_objs = array();
$windows = @$this->query('SELECT * FROM window ORDER BY section ASC');
while ($row = $windows->fetchArray()) {
array_push($window_objs, $row);
}
$windows->finalize();
return $window_objs;
}
public function getWindowIDBySection($section)
{
$id = $this->querySingle("SELECT win_id FROM window WHERE section='$section'");
return $id;
}
public function getVNCClientInfo()
{
$info = array();
$i = @$this->query('SELECT * FROM window WHERE handler="vnc"');
while ($row = $i->fetchArray()) {
array_push($info, $row);
}
$i->finalize();
return $info;
}
/*
public function getVNC_ClientWindowIDs() {
$ids = array();
$rows = @$this->query('SELECT win_id FROM window WHERE handler="vnc"');
while ($row = $rows->fetchArray()) {
array_push($ids, $row['win_id']);
}
$rows->finalize();
return $ids;
}
*/
public function getWindowState($window_id)
{
$state = @$this->querySingle('SELECT state FROM window WHERE win_id="'.$window_id.'"');
return $state;
}
public function setWindowState($window_id, $state)
{
$this->exec('UPDATE window SET state="'.$state.'" WHERE win_id="'.$window_id.'"');
}
public function insertWindow($window)
{
// transfer ob complete window object/array necessary
$sql = 'INSERT INTO window (id, win_id, section, state, file, handler, userid, date) ' .
'VALUES ' . '("' .
$window[0] . '", "' . $window[1] . '", "' .
$window[2] . '", "' . $window[3] . '", "' .
$window[4] . '", "' . $window[5] . '", "' .
$window[6] . '", "' . $window[7] . '")';
$new = $this->exec($sql);
trace("insertWindow sql=$sql, result=$new");
}
public function deleteWindow($window_id)
{
$this->exec('DELETE FROM window WHERE win_id="'.$window_id.'"');
}
public function deleteVNCWindow($userid)
{
$winid = $this->querySingle('SELECT win_id FROM window WHERE handler="vnc" AND userid="'.$userid.'"');
require_once('control.php');
wmClose($winid);
$this->deleteWindow($winid);
//$this->exec('DELETE FROM window WHERE handler="vnc" AND userid="'.$userid.'"');
}
public function deleteDebug($table, $id, $gt)
{
$this->exec('DELETE FROM '.$table.' WHERE '.$id.' >"'.$gt.'"');
}
public function updateWindow($window_id, $field, $value)
{
$this->exec('UPDATE window SET '.$field.'="'.$value.'" WHERE win_id="'.$window_id.'"');
}
}