Merge pull request #17 from AleksanderKoko/master

Added logger, addes some stuff on login that were needed by the rest api plugin

Author: samtuke

composer.json

@@ -14,9 +14,9 @@
 	"minimum-stability": "dev",
 	"require": {
 		"php": ">=5.4.0",
-                "symfony/dependency-injection": "~2.6",
-                "symfony/yaml": "~2.6",
-                "symfony/config": "~2.6",
+		"symfony/dependency-injection": "~2.6",
+        "symfony/yaml": "~2.6",
+        "symfony/config": "~2.6",
 		"phpmailer/phpmailer": "v5.2.7",
 		"psr/log": "1.0.0"
 	},

core/Admin.php

@@ -5,6 +5,7 @@
 use phpList\helper\Util;
 use phpList\Entity\AdminEntity;
 
+
 class Admin
 {
     public $id = 0;
@@ -277,12 +278,12 @@ function validateLogin( $plainPass, $username )
 
         // If an admin was found with that username
         if( $result ) {
-
             $adminEntity = $this->adminEntityFromArray( $result );
         }
 
         /*
          * TODO: this should not happen imo, can this be removed
+         * TODO: Aleksander Koko: I this should be removed
         #Password encryption verification.
         if(strlen($passwordDB)<$GLOBALS['hash_length']) { // Passwords are encrypted but the actual is not.
             #Encrypt the actual DB password before performing the validation below.
@@ -413,4 +414,17 @@ public function verifyToken($token)
         $result->execute(array(':token' => $token));
         return ($result->rowCount() > 0);
     }
+    
+    public function checkIfTheTokenIsValid($token){
+        return $this->adminModel->checkIfTheTokenIsValid($token);
+    }
+
+    public function setLoginToken($id){
+        $this->adminModel->setLoginToken($id);
+    }
+
+    public function getLoginToken($id){
+        return $this->adminModel->getLoginToken($id);
+    }
+    
 }

core/Model/AdminModel.php

@@ -1,6 +1,7 @@
 <?php
 namespace phpList\Model;
 
+use phpList\Admin;
 use phpList\Entity\SubscriberEntity;
 use phpList\helper\StringClass;
 
@@ -33,12 +34,12 @@ public function getAdminByUsername( $username )
     {
         $result = $this->db->query(
             sprintf(
-                'SELECT
+                "SELECT
                     *
                 FROM
                     %s
                 WHERE
-                    loginname = "%s"'
+                    loginname = '%s'"
                 , $this->config->getTableName( 'admin' )
                 // FIXME: string->sqlEscape removed from here
                 , $username
@@ -47,4 +48,69 @@ public function getAdminByUsername( $username )
 
         return $result->fetch( \PDO::FETCH_ASSOC );
     }
+
+
+    /**
+     * Check if the given token is valid
+     *
+     * @param $token
+     * @return bool
+     */
+    public function checkIfTheTokenIsValid( $token )
+    {
+
+        if (empty($token)) {
+            return false;
+        }
+
+        ## @@@TODO for now ignore the error. This will cause a block on editing admins if the table doesn't exist.
+        $result = $this->db->query(
+            sprintf(
+                "SELECT id FROM %s
+                WHERE value = '%s'
+                AND expires > CURRENT_TIMESTAMP",
+                $this->config->getTableName('admintoken'),
+                $token
+            )
+        );
+
+        if($result->fetch( \PDO::FETCH_ASSOC ) !== false)
+            return true;
+
+        return false;
+    }
+
+    public function setLoginToken($id){
+
+        $this->db->query(sprintf("delete from %s WHERE adminid = '%s'", $this->config->getTableName('admintoken'), $id));
+
+        $key = md5(time() . mt_rand(0, 10000));
+        $tokenResult = $this->db->query(
+            sprintf('insert into %s (adminid,value,entered,expires) values(%d,"%s",%d,date_add(now(),interval 1 hour))',
+                $this->config->getTableName('admintoken'), $id, $key, time()), 1);
+
+        ## keep the token table empty
+        $result = $this->db->query(sprintf('delete from %s where expires < now()', $this->config->getTableName('admintoken')));
+
+        if(count($result->fetch( \PDO::FETCH_ASSOC )) > 0)
+            return true;
+
+        return false;
+    }
+
+    public function getLoginToken($id){
+        $result = $this->db->query(sprintf("select * from %s WHERE adminid = '%s'", $this->config->getTableName('admintoken'), $id));
+        $result = $result->fetch();
+        if(count($result) > 0){
+            return $result['value'];
+        }
+
+    }
+
+    public function validateLogin($plainPass, $username){
+        $admin = new Admin($this, $plainPass);
+        return $admin->validateLogin($plainPass, $username);
+    }
+
+
 }

core/Pass.php

@@ -23,7 +23,7 @@ public function __construct( Config $config )
      * @param string $desiredAlgo Name of desiresd algo
      * @return string $encPass Encrypted password
      */
-    public function encrypt( $plainPass, $desiredAlgo = NULL )
+    public function encrypt( $plainPass, $desiredAlgo = "sha256" )
     {
         // If no password was supplied, return empty
         // FIXME: Either log this event, or throw an exception, so client code
@@ -56,6 +56,8 @@ public function encrypt( $plainPass, $desiredAlgo = NULL )
             }
             // Hash the password using desired algo
             $encPass = hash( $algo, $plainPass );
+            //var_dump($encPass);
+            //die;
         } else {
             //. Hash the password using a fallback default
             $encPass = md5( $plainPass );

core/helper/Logger.php

@@ -1,51 +1,24 @@
 <?php
 namespace phpList\helper;
 
+use phpList\helper\Logger\LoggerWriterAbstractFactory;
+use phpList\helper\Logger\NotSuchWriterException;
 use Psr\Log\LoggerInterface;
 use Psr\Log\LogLevel;
 
 class Logger implements LoggerInterface
 {
-    private $report;
 
-    public function __construct(){}
+    private $logger;
 
-    private function logToDatabase($message, $page = 'unknown page')
+    public function __construct(LoggerWriterAbstractFactory $factory)
     {
-        $this->logToFile($message, $page);
-        /* TODO: logger can't depend on database which depends on logger
-        @$this->db->query(
-            sprintf(
-                'INSERT INTO %s (entered,page,entry)
-                VALUES(CURRENT_TIMESTAMP, "%s", "%s")',
-                $this->config->getTableName('eventlog', $page, $message)
-            ),
-            1
-        );*/
-    }
-
-    private function logToFile($message, $page = 'unknown page')
-    {
-        //todo: change to config var?
-        $logfile = './debug.log';
-        $fp = @fopen($logfile, 'a');
-        $line = '[' . date('d M Y, H:i:s') . '] ' . $page . ' - ' . $message . "\n";
-        @fwrite($fp, $line);
-        @fclose($fp);
-    }
-
-    //todo: remove below functions
-    public function addToReport($text)
-    {
-        $this->report .= "\n$text";
-    }
+        try{
+            $this->logger = $factory->getLoggerWriter();
+        }catch (NotSuchWriterException $e){}
 
-    public function getReport()
-    {
-        return $this->report;
     }
 
-
     /**
      * System is unusable.
      *
@@ -55,7 +28,7 @@ public function getReport()
      */
     public function emergency($message, array $context = array())
     {
-        $this->log(LogLevel::EMERGENCY, $context);
+        $this->log(LogLevel::EMERGENCY, $message, $context);
     }
 
     /**
@@ -70,7 +43,7 @@ public function emergency($message, array $context = array())
      */
     public function alert($message, array $context = array())
     {
-        $this->log(LogLevel::ALERT, $context);
+        $this->log(LogLevel::ALERT, $message, $context);
     }
 
     /**
@@ -84,7 +57,7 @@ public function alert($message, array $context = array())
      */
     public function critical($message, array $context = array())
     {
-        $this->log(LogLevel::CRITICAL, $context);
+        $this->log(LogLevel::CRITICAL, $message, $context);
     }
 
     /**
@@ -97,7 +70,7 @@ public function critical($message, array $context = array())
      */
     public function error($message, array $context = array())
     {
-        $this->log(LogLevel::ERROR, $context);
+        $this->log(LogLevel::ERROR, $message, $context);
     }
 
     /**
@@ -112,7 +85,7 @@ public function error($message, array $context = array())
      */
     public function warning($message, array $context = array())
     {
-        $this->log(LogLevel::WARNING, $context);
+        $this->log(LogLevel::WARNING, $message, $context);
     }
 
     /**
@@ -124,13 +97,7 @@ public function warning($message, array $context = array())
      */
     public function notice($message, array $context = array())
     {
-        if(isset($context['page'])){
-            $this->logToDatabase($message, $context['page']);
-        }else{
-            $this->logToDatabase($message);
-        }
-
-        //$this->log(LogLevel::NOTICE, $context);
+        $this->log(LogLevel::NOTICE, $message, $context);
     }
 
     /**
@@ -144,7 +111,7 @@ public function notice($message, array $context = array())
      */
     public function info($message, array $context = array())
     {
-        $this->log(LogLevel::INFO, $context);
+        $this->log(LogLevel::INFO, $message, $context);
     }
 
     /**
@@ -156,12 +123,7 @@ public function info($message, array $context = array())
      */
     public function debug($message, array $context = array())
     {
-        if(isset($context['page'])){
-            $this->logToFile($message, $context['page']);
-        }else{
-            $this->logToFile($message);
-        }
-        //$this->log(LogLevel::DEBUG, $context);
+        $this->log(LogLevel::DEBUG, $message, $context);
     }
 
     /**
@@ -174,10 +136,6 @@ public function debug($message, array $context = array())
      */
     public function log($level, $message, array $context = array())
     {
-        if(isset($context['page'])){
-            $this->logToFile($message, $context['page']);
-        }else{
-            $this->logToFile($message);
-        }
+        $this->logger->log($level, $message, $context);
     }
 }

core/helper/Logger/DatabaseWriter.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace phpList\helper\Logger;
+
+
+use phpList\Config;
+
+class DatabaseWriter
+{
+
+    public function __construct(Config $config)
+    {
+        //
+    }
+
+    public function log($level, $message, array $context = array())
+    {
+        @$fp = fopen($this->logfile, 'a');
+
+        $line = '[' . date('d M Y, H:i:s') . '] ' . $message;
+        foreach ($context as $key => $item){
+            $line = $line . " | {$key} -  {$item} | ";
+        }
+        $line = $line . "\n";
+
+        @fwrite($fp, $line);
+        @fclose($fp);
+    }
+}

core/helper/Logger/FileWriter.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace phpList\helper\Logger;
+
+
+use phpList\Config;
+
+class FileWriter implements LoggerWriter
+{
+
+    private $logfile = "/tmp/phplist.log";
+
+    /**
+     * FileWriter constructor.
+     * @param Config $config
+     */
+    public function __construct(Config $config)
+    {
+        if($config->get("LOG_FOLDER") && $config->get("LOG_FILENAME"))
+            $this->logfile = $config->get("LOG_FOLDER") . $config->get("LOG_FILENAME");
+    }
+
+    public function log($level, $message, array $context = array())
+    {
+        @$fp = fopen($this->logfile, 'a');
+
+        $line = '[' . date('d M Y, H:i:s') . '] ' . $message;
+        foreach ($context as $key => $item){
+            $line = $line . " | {$key} -  {$item} | ";
+        }
+        $line = $line . "\n";
+
+        @fwrite($fp, $line);
+        @fclose($fp);
+    }
+}