Skip to content
This repository has been archived by the owner on Jan 23, 2021. It is now read-only.

Various fairly fast patches #304

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion about.php
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,16 @@
<p>
Your password is stored according to best practices, with a <a href="https://en.wikipedia.org/wiki/Salt_(cryptography)">salted</a> <a href="https://en.wikipedia.org/wiki/Cryptographic_hash_function">hash</a> stored with 10,000 of <a href="https://en.wikipedia.org/wiki/PBKDF2">PBKDF2</a>. Your data is physically located on servers at UC Berkeley.
</p>
<h3>GDPR Compliance</h3>
<p>
All personal information we collect about you, other than transient information like your last login IP address and time, is available from <a href="profile.php">your personal profile page</a>. If it's not visible on that page, we don't have that information about you.
</p>
<p>
Your basic contact data is visible to others to the extent configured on your profile page, and is searchable when adding collaborators or filtering projects.
</p>
<p>
Any new session irretrievably overwrites old transient data about you, and such transient data only reflects your current session (not historical). You may delete your account permanantly and irretrievably by visiting your dashboard, going to account settings, expanding the "more" button, and selecting "Remove Account".
</p>
<h2>Disclaimer</h2>
<h3>Use of Data</h3>
<p>
Expand All @@ -272,7 +282,7 @@
<p>
amphibiandisease.org has no regulatory authority, and
submitting data to it does not constitute an official
pathogen-reporting record.
pathogen-reporting record.
</p>
</div>
</section>
Expand Down
22 changes: 11 additions & 11 deletions admin-api.php
Original file line number Diff line number Diff line change
Expand Up @@ -1208,7 +1208,7 @@ function mintBcid($projectLink, $datasetRelativeUri = null, $datasetTitle, $addT
))."\r\n",
));
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsAuthUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsAuthUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 001 (No Response)"));
}
Expand Down Expand Up @@ -1245,7 +1245,7 @@ function mintBcid($projectLink, $datasetRelativeUri = null, $datasetTitle, $addT
$params['http']['header'] = $headers;
$params['http']['content'] = http_build_query($fimsMintData);
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsMintUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsMintUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 002 (No Response)"));
}
Expand Down Expand Up @@ -1359,7 +1359,7 @@ function associateBcidsWithExpeditions($projectLink, $fimsAuthCookiesAsString =
))."\r\n",
));
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsAuthUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsAuthUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 003 (No Response)"));
}
Expand Down Expand Up @@ -1402,7 +1402,7 @@ function associateBcidsWithExpeditions($projectLink, $fimsAuthCookiesAsString =
$tempAssociationData['bcid'] = $bcid;
$params['http']['content'] = http_build_query($tempAssociationData);
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsAssociateUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsAssociateUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 004 (No Response)"));
}
Expand Down Expand Up @@ -1515,7 +1515,7 @@ function mintExpedition($projectLink, $projectTitle, $publicProject = false, $as
'header' => implode("\r\n", $fimsDefaultHeaders)."\r\n",
));
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsAuthUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsAuthUrl, false, $ctx);
if ($rawResponse === false) {
error_log("POST login failed!! Sent post:\n\tTarget URL:\t".$fimsAuthUrl."\n\tParameters:\t".print_r($params, true)."\n\tFull Context:\t".print_r($ctx, True)."\n\nResponse: ".print_r($rawResponse, true));
throw(new Exception("Fatal FIMS communication error 005 (No Response)"));
Expand Down Expand Up @@ -1550,7 +1550,7 @@ function mintExpedition($projectLink, $projectTitle, $publicProject = false, $as
$params['http']['header'] = $header;
$params['http']['content'] = http_build_query($fimsMintData);
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsMintUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsMintUrl, false, $ctx);
$resp = null;
if ($rawResponse === false) {
$errorOut = true;
Expand Down Expand Up @@ -1583,7 +1583,7 @@ function mintExpedition($projectLink, $projectTitle, $publicProject = false, $as
'header' => implode("\r\n", $fimsDefaultHeaders)."\r\n",
));
$ctx = stream_context_create($params);
$rawReauthResponse = file_get_contents($fimsAuthUrl, false, $ctx);
$rawReauthResponse = file_get_contents_curl($fimsAuthUrl, false, $ctx);
if ($rawReauthResponse === false) {
error_log("POST reauth failed!! Sent post:\n\tTarget URL:\t".$fimsAuthUrl."\n\tParameters:\t".print_r($params, true)."\n\tFull Context:\t".print_r($ctx, True)."\n\nResponse: ".print_r($rawReauthResponse, true));
throw(new Exception("Fatal FIMS communication error 009 (No Response)"));
Expand Down Expand Up @@ -1667,7 +1667,7 @@ function mintExpedition($projectLink, $projectTitle, $publicProject = false, $as
$params["http"]["method"] = "GET";
unset($params["http"]["content"]);
$ctx = stream_context_create($params);
$rawResponse2 = file_get_contents($target, false, $ctx);
$rawResponse2 = file_get_contents_curl($target, false, $ctx);
$resp = json_decode($rawResponse2, true);
$rawResponse = array(
"original_response" => $rawResponse,
Expand Down Expand Up @@ -1748,11 +1748,11 @@ function validateDataset($dataPath, $projectLink, $fimsAuthCookiesAsString = nul
));
$params['http']['header'] .= "Cookie: ".$cookiesString."\r\n";
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsStatusUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsStatusUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 007 (No Response)"));
}
$rawResponse2 = file_get_contents($fimsContinueUrl, false, $ctx);
$rawResponse2 = file_get_contents_curl($fimsContinueUrl, false, $ctx);
$resp = json_decode($rawResponse, true);
$resp2 = json_decode($rawResponse2, true);

Expand Down Expand Up @@ -1829,7 +1829,7 @@ function validateDataset($dataPath, $projectLink, $fimsAuthCookiesAsString = nul
))."\r\n",
));
$ctx = stream_context_create($params);
$rawResponse = file_get_contents($fimsAuthUrl, false, $ctx);
$rawResponse = file_get_contents_curl($fimsAuthUrl, false, $ctx);
if ($rawResponse === false) {
throw(new Exception("Fatal FIMS communication error 008 (No Response)"));
}
Expand Down
19 changes: 19 additions & 0 deletions admin/core/core.php
Original file line number Diff line number Diff line change
@@ -1,5 +1,24 @@
<?php

if (!function_exists('file_get_contents_curl')) {
# cURL replacement for file_get_contents
# https://gist.github.com/tigerhawkvok/794a725436ae0b29db3ab17812828818
function file_get_contents_curl($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);

# Actual fetch
$data = curl_exec($ch);
curl_close($ch);

return $data;
}
}

if (!class_exists('DBHelper')) {
require_once dirname(__FILE__).'/db/DBHelper.php';
}
Expand Down
32 changes: 16 additions & 16 deletions admin/handlers/login_functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,11 @@ public function __construct($username = null, $lookup_column = null, $db_params
}
}
}

/***
* Helper functions
***/

private function getSiteKey()
{
return $this->siteKey;
Expand Down Expand Up @@ -280,7 +280,7 @@ public function getUser($user_id = null)
* @param string|array $user_id Either a column/value pair or an ID for the default column
* @return array of the user result column
***/

if (empty($this->user) || !empty($user_id)) {
$this->setUser($user_id);
} elseif (empty($this->user)) {
Expand Down Expand Up @@ -523,7 +523,7 @@ public function canSMS($strict = true, $throw = true)
# If we're strict, the user only can SMS when the phone number is verified.
# Otherwise, we just return the status of the phone number itself.
$verified = $strict ? $userdata['phone_verified'] == true : self::isValidPhone($this->getPhone());

return $verified;
}

Expand All @@ -539,7 +539,7 @@ private static function cleanPhone($number)
if (substr($number, 0, 1) == '1') {
$number = substr($number, 1);
}

return $number;
}

Expand Down Expand Up @@ -695,7 +695,7 @@ public function makeTOTP($provider = null)
/* $iphone32 = str_replace("=","",$secret_part[1]); */
/* $iphone_uri = $secret_part[0]."secret=".$iphone32; #still no good */
$retarr = self::generateQR($iphone_uri);

# Let's get a human-readable secret
$human_secret0 = str_replace('=', '', $secret);
$i = 0;
Expand Down Expand Up @@ -744,14 +744,14 @@ public function saveTOTP($code)
if ($r === false) {
$e = mysqli_error($l);
mysqli_query($l, 'ROLLBACK');

return array('status' => false,'error' => $e,'human_error' => 'Could not save secret','username' => $this->username);
}
$r = mysqli_query($l, $query2);
if ($r === false) {
$e = mysqli_error($l);
mysqli_query($l, 'ROLLBACK');

return array('status' => false,'error' => $e,'human_error' => 'Could not create backup code','username' => $this->username);
}
mysqli_query($l, 'COMMIT');
Expand Down Expand Up @@ -819,7 +819,7 @@ public function removeTOTP($username, $password, $code)
if ($r === false) {
return array('status' => false,'error' => mysqli_error($l),'human_error' => 'Server error verifying removal. Please try again.');
}

return array('status' => true,'query' => $query,'username' => $this->getUsername());
}

Expand All @@ -838,7 +838,7 @@ public function sendTOTPText()
$totp->setDigest($this->getDigest());
$message = 'Your authentication code for '.$this->getSiteName().' is: '.$totp->now().' . It is valid for 30 seconds.';
$this->textUser($message);

return true;
} catch (Exception $e) {
return false;
Expand Down Expand Up @@ -894,15 +894,15 @@ public static function generateQR($uri, $data_path = null, $identifier_path = nu
if (function_exists('ImageCreate')) {
QRcode::png($uri, $filename, QR_ECLEVEL_H, 8, 1);
}
$raw = base64_encode(file_get_contents($filename));
$raw = base64_encode(file_get_contents_curl($filename));
$raw = 'data:image/png;base64,'.$raw;
if (!$persistent) {
unlink($filename);
}
# As a final option, get a URL fallback
# https://developers.google.com/chart/infographics/docs/qr_codes?csw=1
$url = 'https://chart.googleapis.com/chart?cht=qr&chs=500x500&chld=H&chl='.$uri;

return array('status' => true,'uri' => $uri,'svg' => $svg,'raw' => $raw,'url' => $url);
} catch (Exception $e) {
return array('status' => false,'human_error' => 'Unable to generate QR code','error' => $e->getMessage(),'uri' => $uri,'identifier' => $identifier,'persistent' => $persistent);
Expand Down Expand Up @@ -1370,7 +1370,7 @@ public function sendEmailVerification($alternate = false) {

}

public function mailSuperusers($subject, $body)
public function mailSuperusers($subject, $body)
{
/***
* Send an email to site superusers
Expand Down Expand Up @@ -1402,8 +1402,8 @@ public function mailSuperusers($subject, $body)
"error" => $error,
);
}
public function isVerified($alternate = false)

public function isVerified($alternate = false)
{
$key = $alternate ? "alternate_email_verified" : "email_verified";
$colCheck = array(
Expand Down Expand Up @@ -1690,7 +1690,7 @@ public function setImageAsUserPicture($image, $path = null) {
$image = str_replace($path, "", $image);
}
$sourceImage = $path . $image;
$imageData = file_get_contents($sourceImage);
$imageData = file_get_contents_curl($sourceImage);
$iParts = explode(".", $image);
$extension = array_pop($iParts);
$imgUri = $path.$this->getHardlink().'.'.$extension;
Expand Down
10 changes: 6 additions & 4 deletions api.php
Original file line number Diff line number Diff line change
Expand Up @@ -367,6 +367,7 @@ function doCartoSqlApiPush($get)
"insert" => "EDIT",
"insertinto" => "EDIT",
"update" => "EDIT",
"ifexists(\nselect1\nfrominformation_schema.tables\nwhere\n)drop" => "EDIT",
);
$unrestrictedActions = array(
"create" => true,
Expand Down Expand Up @@ -399,6 +400,7 @@ function doCartoSqlApiPush($get)
$checkedTablePermissions[] = $cartoTable;
$cartoTableJson = str_replace('_', '&#95;', $cartoTable);
$accessListLookupQuery = 'SELECT `project_id`, `author`, `access_data`, `public` FROM `'.$db->getTable()."` WHERE `carto_id` LIKE '%".$cartoTableJson."%' OR `carto_id` LIKE '%".$cartoTable."%'";
//#' # Syntax highlight helper
$l = $db->openDB();
$r = mysqli_query($l, $accessListLookupQuery);
$row = mysqli_fetch_assoc($r);
Expand Down Expand Up @@ -552,7 +554,7 @@ function doCartoSqlApiPush($get)
),
);
$context = stream_context_create($opts);
$response = file_get_contents($cartoFullUrl, false, $context);
$response = file_get_contents_curl($cartoFullUrl, false, $context);
$responses[] = $response;
$decoded = json_decode($response, true);
$decoded["query"] = $statement;
Expand All @@ -575,7 +577,7 @@ function doCartoSqlApiPush($get)
),
);
$context = stream_context_create($opts);
$response = file_get_contents($cartoFullUrl, false, $context);
$response = file_get_contents_curl($cartoFullUrl, false, $context);
$responses[] = $response;
$decoded = json_decode($response, true);
$decoded["query"] = $sqlQuery;
Expand Down Expand Up @@ -659,7 +661,7 @@ function doAWebValidate($get)
# How old is our copy?
if (filemtime($localAWebTarget) + $dayOffset < time()) {
# Fetch a new copy
$aWebList = file_get_contents($amphibiaWebListTarget);
$aWebList = file_get_contents_curl($amphibiaWebListTarget);
if (strlen($aWebList) > 0) {
$h = fopen($localAWebTarget, 'w+');
$bytes = fwrite($h, $aWebList);
Expand All @@ -674,7 +676,7 @@ function doAWebValidate($get)
}
$response['aweb_list_age'] = time() - filemtime($localAWebTarget);
$response['aweb_list_max_age'] = $dayOffset;
//$aWebList = file_get_contents($localAWebTarget);
//$aWebList = file_get_contents_curl($localAWebTarget);
$aWebListArray = array_map('tsvHelper', file($localAWebTarget));
/*
* For a given row, we have this numeric key to real id mapping:
Expand Down
8 changes: 7 additions & 1 deletion coffee/admin-editor.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -1031,7 +1031,10 @@ showAddUserDialog = (refAccessList) ->
for uid in toAddUids
user = toAddEmails[i]
console.info "Adding", user
userName = $(user).text()
try
userName = user.text()
catch
userName = $(user).text()
++i
html = """
<tr class="user-permission-list-row" data-user="#{uid}">
Expand Down Expand Up @@ -2107,6 +2110,9 @@ revalidateAndUpdateData = (newFilePath = false, skipCallback = false, testOnly =
# Finalizing callback
finalize = ->
# Save it
# Update the file downloader link
$("#download-project-file").attr("data-href", correctedPath)
console.info "Raw data download repointed to", correctedPath
_adp.skipRead = true
_adp.dataBu = _adp.projectData
if skipSave is true
Expand Down
22 changes: 21 additions & 1 deletion core/core.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,26 @@
parse_str($_SERVER['QUERY_STRING'], $_REQUEST);
}

if (!function_exists('file_get_contents_curl')) {
# cURL replacement for file_get_contents
# https://gist.github.com/tigerhawkvok/794a725436ae0b29db3ab17812828818
function file_get_contents_curl($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);

# Actual fetch
$data = curl_exec($ch);
curl_close($ch);

return $data;
}
}


if (!function_exists('microtime_float')) {
function microtime_float()
{
Expand Down Expand Up @@ -290,7 +310,7 @@ function get_redirect_url($url) {
/**
* get_redirect_url()
* Gets the address that the provided URL redirects to,
* or FALSE if there's no redirect.
* or FALSE if there's no redirect.
*
* @param string $url
* @return string
Expand Down
Loading