NathanGibbs3 / BASE / 584

pending completion

Build # 584

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

20230412 Fix CI build breakage.
         Related Issue(s) #158

Run Details

2 of 2 new or added lines in 1 file covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

58.77

/includes/base_auth.inc.php

<?php
// Basic Analysis and Security Engine (BASE)
// Copyright (C) 2019-2023 Nathan Gibbs
// Copyright (C) 2004 BASE Project Team
// Copyright (C) 2000 Carnegie Mellon University
//
//   For license info: See the file 'base_main.php'
//
//       Project Lead: Nathan Gibbs
// Built upon work by: Kevin Johnson & the BASE Project Team
//                     Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
//
//            Purpose: User manangement object.
//                     Role management object.
//                     Access Authoriztion routines.
//                     If the variable $Use_Auth_System = 0 (zero), Access
//                     authorization checks always pass.
//
//          Author(s): Nathan Gibbs
//                     Kevin Johnson

// Ensure the conf file has been loaded. Prevent direct access to this file.
defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );

class BaseUser {
        var $db;

        function __construct() { // PHP 5+ constructor Shim.
                // Class/Method agnostic shim code.
                $SCname = get_class();
                if ( method_exists($this, $SCname) ) {
                        $SCargs = func_get_args();
                        call_user_func_array(array($this, $SCname), $SCargs);
                }else{
                        // @codeCoverageIgnoreStart
                        // Should never execute.
                        trigger_error( // Will need to add this message to the TD.
                                "Class: $SCname No Legacy Constructor.\n",
                                E_USER_ERROR
                        );
                        // @codeCoverageIgnoreEnd
                }
        }
        function BaseUser() { // PHP 4x constructor.
                GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,
                $alert_host, $alert_port, $alert_user, $alert_password;
                $db = NewBASEDBConnection($DBlib_path, $DBtype);
                $db->baseDBConnect(
                        $db_connect_method, $alert_dbname, $alert_host, $alert_port,
                        $alert_user, $alert_password, 1
                );
                $db->DB->SetFetchMode(ADODB_FETCH_BOTH);
                $this->db = $db;
        }
        // Core Authentication System.
        // Accepts a username and password.
        // Returns:
        //        0 if the username and pwd are correct.
        //        1 if the password is wrong.
        //        2 if the user is disabled.
        //        3 if the username doesn't exist
        function AuthenticateCore( $user = '', $pwd = '' ){
                GLOBAL $debug_mode, $et;
                $Ret = -1;
                if ( !LoadedString($user) ){ // Input Validation
                        $Ret = 3; // Needs User Name, default to nonexistent user.
                }else{
                        $db = $this->db;
                        $user = filterSql($user,1,$db); // Input sanitazation.
                        $pwd  = filterSql($pwd,1,$db);
                        $sql = "SELECT * from base_users where base_users.usr_login ='" . $user ."';";
                        $rs = $db->baseExecute($sql);
                        if (
                                $rs != false
                                && $db->baseErrorMessage() == ''
                                && $rs->baseRecordCount() > 0
                        ){ // Error Check
                                $result = $rs->baseFetchRow();
                                if ( $result['usr_enabled'] == 0 ){
                                        $Ret = 2; // User Account Disabled.
                                }else{
                                        if ( $result['usr_pwd'] == $this->cryptpassword($pwd) ){
                                                $Ret = 0; // Password OK
                                        }else{
                                                $Ret = 1; // Password Wrong
                                        }
                                }
                                $rs->baseFreeRows();
                        }else{
                                $Ret = 3;
                        }
                }
                if ( isset($et) && is_object($et) ){ // Need to TD this in Issue #11 branch.
                        $et->Mark('Authentication Check.');
                }
                return $Ret;
        }
        // Same inputs/returns as AuthenticateCore.
        // Sets the role cookie on success.
        function Authenticate( $user = '', $pwd = '' ){
                $Ret = $this->AuthenticateCore( $user, $pwd );
                if ( $Ret == 0 ){
                        $this->setRoleCookie($this->cryptpassword($pwd), $user);
                }
                return $Ret;
        }
        // Same inputs as AuthenticateCore.
        // returns "Failed" on failure or role_id on success.
        function AuthenticateNoCookie( $user = '', $pwd = '' ) {
                $Ret = $this->AuthenticateCore( $user, $pwd );
                if ( $Ret == 0 ){ // Get RoleID
                        $db = $this->db;
                        $user = filterSql($user,1,$db); // Input sanitazation.
                        $pwd  = filterSql($pwd,1,$db);
                        $sql = "SELECT role_id FROM base_users where usr_login='" . $user
                        . "' AND usr_pwd='".$this->cryptpassword($pwd)."';";
                        $rs = $db->baseExecute($sql);
                        if (
                                $rs != false
                                && $db->baseErrorMessage() == ''
                                && $rs->baseRecordCount() > 0
                        ){ // Error Check
                                $Ret = $rs->baseFetchRow();
                                $rs->baseFreeRows();
                                if ( isset($Ret[0]) ){
                                        $Ret = intval($Ret[0]);
                                }
                        }else{
                                $Ret = 'Failed';
                        }
                }else{
                        $Ret = 'Failed';
                }
                return $Ret;
        }
        // Accepts a username.
        // Returns true if user account is enabled, false otherwise.
        function isActive( $user = '' ){
                $Ret = false;
                if ( LoadedString($user) ){ // Input Validation
                        $db = $this->db;
                        $user = filterSql($user,1,$db); // Input sanitazation.
                        $sql = "SELECT usr_enabled FROM base_users WHERE usr_login ='"
                        .$user."';";
                        $rs = $db->baseExecute($sql);
                        if (
                                $rs != false
                                && $db->baseErrorMessage() == ''
                                && $rs->baseRecordCount() > 0
                        ){ // Error Check
                                $Active = $rs->baseFetchRow();
                                $rs->baseFreeRows();
                                if ( isset($Active[0]) ){
                                        if ( intval($Active[0]) == 1 ){
                                                $Ret = true;
                                        }
                                }
                        }
                }
                return $Ret;
        }
    function hasRole($roleNeeded)
    {
        // Checks which role the user has
        $role = $this->readRoleCookie();
        if (($role > $roleNeeded) || $role == 0)
        {
            // returns unauthorized
            return 0;
        }
        
        return 1;
        
    }
    
    function addUser($user, $role, $password, $name)
    {
        //adds user
        $db = $this->db;
        $sql = "SELECT * FROM base_users WHERE usr_login = '" . $user . "'";
        $exists = $db->baseExecute($sql);
        if ( $exists->baseRecordCount() > 0)
        {
            return "User Already Exists";
        }
        $cryptpassword = $this->cryptpassword($password);
        $sql = "SELECT MAX(usr_id) FROM base_users;";
        $usercount = $db->baseExecute($sql);
        $usercnt = $usercount->baseFetchRow();
        $userid = $usercnt[0] + 1;
        $sql = "INSERT INTO base_users (usr_id, usr_login, usr_pwd, role_id, usr_name, usr_enabled)";
        $sql .= "VALUES (".$userid .", '".$user."','".$cryptpassword."',".$role.",'".$name."', 1);";
        $db->baseExecute($sql, -1, -1, false);
        return _ADDEDSF;
    }
    
    function disableUser($user)
    {
        //disables user
        $db = $this->db;
        $sql = "UPDATE base_users SET usr_enabled = '0' WHERE usr_id = '" . $user . "';";
        $disabled = $db->baseExecute($sql);
        return;
    }
    
    function deleteUser($user)
    {
        //deletes the user
        $db = $this->db;
        $sql = "DELETE FROM base_users WHERE usr_id = '" . $user . "';";
        $deleted = $db->baseExecute($sql);
        return;
    }

    function enableUser($user)
    {
        //enables user
        $db = $this->db;
        $sql = "UPDATE base_users SET usr_enabled = '1' WHERE usr_id = '" . $user . "';";
        $enabled = $db->baseExecute($sql);
        return;
    }
    
    function updateUser($userarray)
    {
        /* This function accepts an array in the following format
          $userarray[0] = $userid
          $userarray[1] = $fullname
          $userarray[2] = $roleid
        */
        $db = $this->db;
        $sql = "UPDATE base_users SET usr_name = '". $userarray[1] ."', role_id = '" . $userarray[2] . "' ";
        $sql = $sql . "WHERE usr_id = '" . $userarray[0] . "'";
        $enabled = $db->baseExecute($sql);
        return;
    }
    
    function changePassword($user, $oldpassword, $newpassword)
    {
        // Changes the user's password
        $db = $this->db;
        $sql = "SELECT usr_pwd from base_users where usr_login = '" . $user ."';";
        $userRS = $db->baseExecute($sql);
        if ( $db->baseErrorMessage() != "" )
        {
            // Generic SQL error
            $error = returnErrorMessage(_NOPWDCHANGE . $db->baseErrorMessage());
            return $error;
        } elseif ($userRS->baseRecordCount() == 0)
        {
            // User doesn't exist... Someone is playing with their cookie
            $error = returnErrorMessage(_NOUSER);
            return $error;
        }
        $row = $userRS->baseFetchRow();
        $cryptoldpasswd = $this->cryptpassword($oldpassword);
        if ($cryptoldpasswd != $row[0])
        {
            // Old password doesn't match record
            $error = returnErrorMessage(_OLDPWD);
            return $error;
        }
        // Finally... lets change the password
        $sql = "UPDATE base_users SET usr_pwd='" . $this->cryptpassword($newpassword);
        $sql = $sql . "' WHERE usr_login='". $user . "';";
        $chngpwd = $db->baseExecute($sql);
        if ( $db->baseErrorMessage() != "" )
        {
            // Generic SQL error
            $error = returnErrorMessage(_PWDCANT. $db->baseErrorMessage());
            return $error;
        }
        
        return _PWDDONE;
    }
        function returnUser(){ // returns user login from role cookie
                $user = '';
                if ( isset($_COOKIE['BASERole']) ){
                        $cookievalue = $_COOKIE['BASERole'];
                        $cookiearr = explode('|', $cookievalue);
                        $user = $cookiearr[1];
                }
                return $user;
        }
        function returnUserID($user){ // Returns uid of user, false on Error.
                $Ret = false;
                if ( LoadedString($user) ){ // Input Validation
                        $db = $this->db;
                        $sql = "SELECT usr_id FROM base_users WHERE usr_login = '" . $user . "';";
                        $rs = $db->baseExecute($sql);
                        if (
                                $rs != false
                                && $db->baseErrorMessage() == ''
                                && $rs->baseRecordCount() > 0
                        ){ // Error Check
                                $usrid = $rs->baseFetchRow();
                                $rs->baseFreeRows();
                                if ( isset($usrid[0]) ){
                                        $Ret = intval($usrid[0]);
                                }
                        }
                }
                return $Ret;
        }
        function returnUsers(){
        /* returns an array of all users info
         * each array item is formatted as
         * array[] = usr_id|usr_login|role_id|usr_name|usr_enabled
        */
        $userarray = NULL;
        $db = $this->db;
        $sql = "SELECT usr_id, usr_login, role_id, usr_name, usr_enabled ";
        $sql = $sql . "FROM base_users ORDER BY usr_id;";
        $result = $db->baseExecute($sql);
        
        $i = 0;
        while ( ($myrow = $result->baseFetchRow()) && ($i < $result->baseRecordCount()) )
        {
            $userarray[$i] = $myrow[0] . "|" . $myrow[1] . "|" . $myrow[2] . "|" . $myrow[3] . "|" . $myrow[4];
            ++$i;
        }
        $result->baseFreeRows();
        return $userarray;
    }
        function returnEditUser( $userid, $XSS = 1 ){
                // Returns an array of user's info.
                // Each array item is formatted as:
                // array[0] = usr_id|usr_login|role_id|usr_name|usr_enabled
                // Returns false on Error.
                $Ret = false;
                $userid = intval($userid); // Input Validation
                if ( $userid > 0 ){
                        if ( !is_numeric($XSS) ){
                                $XSS = 1;
                        }
                        $db = $this->db;
                        $sql = "SELECT usr_id, usr_login, role_id, usr_name, usr_enabled ";
                        $sql .= "FROM base_users WHERE usr_id = '" . $userid . "';";
                        $result = $db->baseExecute($sql);
                        if ( $result != false ){ // Error Check
                                $myrow = $result->baseFetchRow();
                                $result->baseFreeRows();
                                if ( $XSS > 0 ){ // Anti XSS Output Data
                                        $myrow = XSSPrintSafe($myrow);
                                }
                                $Ret = $myrow;
                        }
                }
                return $Ret;
        }
        function roleName( $roleID, $XSS = 1 ){
        // Returns name of roleID, false on Error.
                $Ret = false;
                $roleID = intval($roleID); // Input Validation
                if ( $roleID > 0 ){
                        if ( !is_numeric($XSS) ){
                                $XSS = 1;
                        }
                        $db = $this->db;
                        $sql = "SELECT role_name FROM base_roles WHERE role_id = '" . $roleID . "';";
                        $result = $db->baseExecute($sql);
                        if ( $result != false ){ // Error Check
                                $rolename = $result->baseFetchRow();
                                $result->baseFreeRows();
                                if ( isset($rolename[0]) ){
                                        $Ret = $rolename[0];
                                }
                                if ( $XSS > 0 ){ // Anti XSS Output Data
                                        $Ret = XSSPrintSafe($Ret);
                                }
                        }
                }
                return $Ret;
        }
        function returnRoleNamesDropDown($roleid){
                // Returns an HTML drop down list with all of the role names.
                // The passed $roleid will be selected if it exists.
                $db = $this->db;
                $sql = "SELECT role_id, role_name FROM base_roles;";
                $result = $db->baseExecute($sql);
                $tmpHTML = NLI("<select name='roleID'>",7);
                $i = 0;
                while (
                        ($myrow = $result->baseFetchRow())
                        && ($i < $result->baseRecordCount())
                ){
                        $tmp = "<option value='".$myrow[0]."'";
                        $tmp .= chk_select($roleid,$myrow[0]);
                        $tmp .= '>'.XSSPrintSafe($myrow[1]).'</option>';
                        $tmpHTML .= NLI($tmp,8);
                        ++$i;
                }
                $result->baseFreeRows();
                $tmpHTML .= NLI('</select>',7);
                return $tmpHTML;
        }
    function setRoleCookie($passwd, $user)
    {
        //sets a cookie with the md5 summed passwd embedded
        $hash = md5($passwd . $user . "BASEUserRole");
        $cookievalue = $passwd . "|" . $user . "|";
        setcookie('BASERole', $cookievalue);
    }
        function readRoleCookie(){ // Reads the roleCookie and returns the role id.
                $Ret = 0;
                if ( isset($_COOKIE['BASERole']) ){ // Check cookie sanity
                        $cookievalue = $_COOKIE['BASERole'];
                        $cookiearr = explode('|', $cookievalue);
                        $user = '';
                        $pwd = '';
                        if ( isset($cookiearr[0]) ){
                                $pwd = $cookiearr[0];
                        }
                        if ( isset($cookiearr[1]) ){
                                $user = $cookiearr[1];
                        }
                        $db = $this->db;
                        $user = filterSql($user,1,$db); // Input sanitazation.
                        $pwd  = filterSql($pwd,1,$db);
                        $sql = "SELECT role_id FROM base_users where usr_login='".$user
                        ."' AND usr_pwd='".$pwd."';";
                        $result = $this->db->baseExecute($sql);
                        // Error Check
                        if ( $result != false && is_array($result->row->fields) ){
                                $Ret = $result->row->fields['role_id'];
                        }
                }
                return $Ret;
        }
        // @codeCoverageIgnoreStart
        // Why write a unit test for a builtin function wrapper.
        function cryptpassword( $password ){
                // Returns the md5 hash of supplied password.
                // Security wise this is a bad idea.
                // Opened Issue #79 to track this.
                // https://github.com/NathanGibbs3/BASE/issues/79
                $cryptpwd = md5($password);
                return $cryptpwd;
        }
        // @codeCoverageIgnoreEnd
}

class BaseRole {
        var $db;

        function __construct() { // PHP 5+ constructor Shim.
                // Class/Method agnostic shim code.
                $SCname = get_class();
                if ( method_exists($this, $SCname) ) {
                        $SCargs = func_get_args();
                        call_user_func_array(array($this, $SCname), $SCargs);
                }else{
                        // @codeCoverageIgnoreStart
                        // Should never execute.
                        trigger_error( // Will need to add this message to the TD.
                                "Class: $SCname No Legacy Constructor.\n",
                                E_USER_ERROR
                        );
                        // @codeCoverageIgnoreEnd
                }
        }
        function BaseRole() { // PHP 4x constructor.
                GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,
                $alert_host, $alert_port, $alert_user, $alert_password;
                $db = NewBASEDBConnection($DBlib_path, $DBtype);
                $db->baseDBConnect(
                        $db_connect_method, $alert_dbname, $alert_host, $alert_port,
                        $alert_user, $alert_password, 1
                );
                $this->db = $db;
        }
    function addRole($roleid, $rolename, $desc)
    {
        //adds role
        $db = $this->db;
        $sql = "SELECT * FROM base_roles WHERE role_name = '" . $rolename . "'";
        $exists = $db->baseExecute($sql);
        if ( $exists->baseRecordCount() > 0)
        {
            return _ROLEEXIST;
        }
        $sql = "SELECT * FROM base_roles WHERE role_id = '" . $roleid . "'";
        $exists = $db->baseExecute($sql);
        if ( $exists->baseRecordCount() > 0)
        {
            return _ROLEIDEXIST;
        }
        $sql ="INSERT INTO base_roles (role_id, role_name, role_desc)";
        $sql = $sql . "VALUES (".$roleid .", '".$rolename ."','".$desc."');";
        $db->baseExecute($sql, -1, -1, false);
        return _ROLEADDED;
    }
        function returnEditRole( $roleid, $XSS = 1 ){
                // Returns an array of Role's info.
                // Each array item is formatted as:
                // array[0] = role_id|role_name|role_desc
                $Ret = false;
                $roleid = intval($roleid); // Input Validation
                if ( $roleid > 0 ){
                        if ( !is_numeric($XSS) ){
                                $XSS = 1;
                        }
                        $db = $this->db;
                        $sql = "SELECT role_id, role_name, role_desc ";
                        $sql .= "FROM base_roles WHERE role_id = '" . $roleid . "';";
                        $result = $db->baseExecute($sql);
                        if ( $result != false ){ // Error Check
                                $myrow = $result->baseFetchRow();
                                $result->baseFreeRows();
                                if ( $XSS == 1 ){ // Anti XSS Output Data
                                        $myrow = XSSPrintSafe($myrow);
                                }
                                $Ret = $myrow;
                        }
                }
                return $Ret;
        }
    function updateRole($rolearray)
    {
        /* This function accepts an array in the following format
          $rolearray[0] = $roleid
          $rolearray[1] = $role_name
          $rolearray[2] = $role_desc
        */
        $db = $this->db;
        $sql = "UPDATE base_roles SET role_name = '". $rolearray[1] ."', role_desc = '" . $rolearray[2] . "' ";
        $sql = $sql . "WHERE role_id = '" . $rolearray[0] . "'";
        $updated = $db->baseExecute($sql);
        return;
    }
    
    function deleteRole($role)
    {
        //deletes the role
        $db = $this->db;
        $sql = "DELETE FROM base_roles WHERE role_id = '" . $role . "';";
        $deleted = $db->baseExecute($sql);
        return;
    }
    
    function returnRoles()
    {
        /* returns an array of all Roles info
         * each array item is formatted as
         * array[] = role_id|role_name|role_desc
        */
        
        $db = $this->db;
        $sql = "SELECT role_id, role_name, role_desc ";
        $sql = $sql . "FROM base_roles ORDER BY role_id;";
        $result = $db->baseExecute($sql);
        
        $i = 0;
        while ( ($myrow = $result->baseFetchRow()) && ($i < $result->baseRecordCount()) )
        {
            $rolearray[$i] = $myrow[0] . "|" . $myrow[1] . "|" . $myrow[2];
            ++$i;
        }
        $result->baseFreeRows();
        return $rolearray;
    }
}
// Returns true if the role of current user is authorized.
// Redirect if valid header is given.
function AuthorizedRole( $roleneeded = 1, $header = '' ){
        GLOBAL $BASE_urlpath, $Use_Auth_System, $et;
        $Ret = false;
        if ( $Use_Auth_System != 1 ){ // Auth system off, always pass.
                $Ret = true;
        }else{ // Check role and possibly redirect.
                $BUser = new BaseUser();
                $user = $BUser->returnUser(); // User
                $UAE = $BUser->isActive($user); // User Account Enabled.
                $URN = $BUser->hasRole($roleneeded); // User role needed.
                if ( $URN == 0 || $UAE == false ){ // Not Authorized
                        $msg = ' user access';
                        if ( $user == '' ){
                                $msg = "Unauthenticated$msg";
                        }else{
                                $msg = "Unauthorized$msg: $user";
                        }
                        trigger_error($msg);
                        if ( $roleneeded >= 10000 ){ // Lock redirect :-)
                                error_log('Redirect Lock Engaged');
                                $header = 'base_denied';
                        }
                        if ( $header != '' ){
                                $ReqRE = "(base_(denied|main)|index)";
                                if ( preg_match("/^" . $ReqRE ."$/", $header) ){
                                        // Redirect to allowed locations only.
                                        error_log('Attempt Redirect');
                                        base_header("Location: $BASE_urlpath/$header.php");
                                        error_log('Redirect failed');
                                }
                        }
                }else{
                        $Ret = true;
                }
        }
        if ( is_object($et) ){ // Need to TD this in Issue #11 branch.
                $et->Mark('Authorization Check.');
        }
        return $Ret;
}
// Returns true if the passed value is part of the running script name.
function AuthorizedPage( $page = '' ){
        GLOBAL $BASE_urlpath;
        $Ret = false;
        $sc = DIRECTORY_SEPARATOR; // Issue #161
        $ReqRE = preg_quote("$BASE_urlpath$sc",'/')."$page\.php";
        if ( preg_match("/^" . $ReqRE ."$/", $_SERVER['SCRIPT_NAME']) ){
                $Ret = true;
        }
        return $Ret;
}
// Returns true if URI is set & matches URL path & running script name.
function AuthorizedURI(){
        GLOBAL $BASE_urlpath;
        $Ret = false;
        if (isset($_SERVER["REQUEST_URI"])){
                $URI = $_SERVER["REQUEST_URI"];
                $ReqRE = preg_quote($BASE_urlpath.$_SERVER['SCRIPT_NAME'],'/');
                if ( preg_match("/^" . $ReqRE ."/", $URI) ){
                        $Ret = true;
                }
        }
        return $Ret;
}
?>

1	<?php
2	// Basic Analysis and Security Engine (BASE)
3	// Copyright (C) 2019-2023 Nathan Gibbs
4	// Copyright (C) 2004 BASE Project Team
5	// Copyright (C) 2000 Carnegie Mellon University
6	//
7	// For license info: See the file 'base_main.php'
8	//
9	// Project Lead: Nathan Gibbs
10	// Built upon work by: Kevin Johnson & the BASE Project Team
11	// Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	//
13	// Purpose: User manangement object.
14	// Role management object.
15	// Access Authoriztion routines.
16	// If the variable $Use_Auth_System = 0 (zero), Access
17	// authorization checks always pass.
18	//
19	// Author(s): Nathan Gibbs
20	// Kevin Johnson
21
22	// Ensure the conf file has been loaded. Prevent direct access to this file.
23	defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );
24
25	class BaseUser {
26	var $db;
27
28	function __construct() { // PHP 5+ constructor Shim.
29	// Class/Method agnostic shim code.
30	$SCname = get_class();	260✔
31	if ( method_exists($this, $SCname) ) {	260✔
32	$SCargs = func_get_args();	260✔
33	call_user_func_array(array($this, $SCname), $SCargs);	260✔
34	}else{	78✔
35	// @codeCoverageIgnoreStart
36	// Should never execute.
37	trigger_error( // Will need to add this message to the TD.
38	"Class: $SCname No Legacy Constructor.\n",
39	E_USER_ERROR
40	);
41	// @codeCoverageIgnoreEnd
42	}
43	}	182✔
44	function BaseUser() { // PHP 4x constructor.
45	GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,	182✔
46	$alert_host, $alert_port, $alert_user, $alert_password;	104✔
47	$db = NewBASEDBConnection($DBlib_path, $DBtype);	260✔
48	$db->baseDBConnect(	260✔
49	$db_connect_method, $alert_dbname, $alert_host, $alert_port,	182✔
50	$alert_user, $alert_password, 1	182✔
51	);	78✔
52	$db->DB->SetFetchMode(ADODB_FETCH_BOTH);	260✔
53	$this->db = $db;	260✔
54	}	182✔
55	// Core Authentication System.
56	// Accepts a username and password.
57	// Returns:
58	// 0 if the username and pwd are correct.
59	// 1 if the password is wrong.
60	// 2 if the user is disabled.
61	// 3 if the username doesn't exist
62	function AuthenticateCore( $user = '', $pwd = '' ){
63	GLOBAL $debug_mode, $et;	80✔
64	$Ret = -1;	110✔
65	if ( !LoadedString($user) ){ // Input Validation	110✔
66	$Ret = 3; // Needs User Name, default to nonexistent user.	22✔
67	}else{	8✔
68	$db = $this->db;	88✔
69	$user = filterSql($user,1,$db); // Input sanitazation.	88✔
70	$pwd = filterSql($pwd,1,$db);	88✔
71	$sql = "SELECT * from base_users where base_users.usr_login ='" . $user ."';";	88✔
72	$rs = $db->baseExecute($sql);	88✔
73	if (
74	$rs != false	40✔
75	&& $db->baseErrorMessage() == ''	88✔
76	&& $rs->baseRecordCount() > 0	88✔
77	){ // Error Check	32✔
78	$result = $rs->baseFetchRow();	66✔
79	if ( $result['usr_enabled'] == 0 ){	66✔
80	$Ret = 2; // User Account Disabled.	22✔
81	}else{	8✔
82	if ( $result['usr_pwd'] == $this->cryptpassword($pwd) ){	44✔
83	$Ret = 0; // Password OK	22✔
84	}else{	8✔
85	$Ret = 1; // Password Wrong	22✔
86	}
87	}
88	$rs->baseFreeRows();	66✔
89	}else{	24✔
90	$Ret = 3;	22✔
91	}
92	}
93	if ( isset($et) && is_object($et) ){ // Need to TD this in Issue #11 branch.	110✔
94	$et->Mark('Authentication Check.');	×
95	}
96	return $Ret;	110✔
97	}
98	// Same inputs/returns as AuthenticateCore.
99	// Sets the role cookie on success.
100	function Authenticate( $user = '', $pwd = '' ){
101	$Ret = $this->AuthenticateCore( $user, $pwd );	×
102	if ( $Ret == 0 ){	×
103	$this->setRoleCookie($this->cryptpassword($pwd), $user);	×
104	}
105	return $Ret;	×
106	}
107	// Same inputs as AuthenticateCore.
108	// returns "Failed" on failure or role_id on success.
109	function AuthenticateNoCookie( $user = '', $pwd = '' ) {
110	$Ret = $this->AuthenticateCore( $user, $pwd );	×
111	if ( $Ret == 0 ){ // Get RoleID	×
112	$db = $this->db;	×
113	$user = filterSql($user,1,$db); // Input sanitazation.	×
114	$pwd = filterSql($pwd,1,$db);	×
115	$sql = "SELECT role_id FROM base_users where usr_login='" . $user
116	. "' AND usr_pwd='".$this->cryptpassword($pwd)."';";	×
117	$rs = $db->baseExecute($sql);	×
118	if (
119	$rs != false
120	&& $db->baseErrorMessage() == ''	×
121	&& $rs->baseRecordCount() > 0	×
122	){ // Error Check
123	$Ret = $rs->baseFetchRow();	×
124	$rs->baseFreeRows();	×
125	if ( isset($Ret[0]) ){	×
126	$Ret = intval($Ret[0]);	×
127	}
128	}else{
129	$Ret = 'Failed';	×
130	}
131	}else{
132	$Ret = 'Failed';	×
133	}
134	return $Ret;	×
135	}
136	// Accepts a username.
137	// Returns true if user account is enabled, false otherwise.
138	function isActive( $user = '' ){
139	$Ret = false;	128✔
140	if ( LoadedString($user) ){ // Input Validation	128✔
141	$db = $this->db;	106✔
142	$user = filterSql($user,1,$db); // Input sanitazation.	106✔
143	$sql = "SELECT usr_enabled FROM base_users WHERE usr_login ='"	20✔
144	.$user."';";	76✔
145	$rs = $db->baseExecute($sql);	106✔
146	if (
147	$rs != false	50✔
148	&& $db->baseErrorMessage() == ''	106✔
149	&& $rs->baseRecordCount() > 0	106✔
150	){ // Error Check	36✔
151	$Active = $rs->baseFetchRow();	84✔
152	$rs->baseFreeRows();	84✔
153	if ( isset($Active[0]) ){	84✔
154	if ( intval($Active[0]) == 1 ){	84✔
155	$Ret = true;	62✔
156	}	20✔
157	}	28✔
158	}	28✔
159	}	36✔
160	return $Ret;	128✔
161	}
162	function hasRole($roleNeeded)
163	{
164	// Checks which role the user has
165	$role = $this->readRoleCookie();	40✔
166	if (($role > $roleNeeded) \|\| $role == 0)	40✔
167	{	12✔
168	// returns unauthorized
169	return 0;	×
170	}
171
172	return 1;	40✔
173
174	}
175
176	function addUser($user, $role, $password, $name)
177	{
178	//adds user
179	$db = $this->db;	×
180	$sql = "SELECT * FROM base_users WHERE usr_login = '" . $user . "'";	×
181	$exists = $db->baseExecute($sql);	×
182	if ( $exists->baseRecordCount() > 0)	×
183	{
184	return "User Already Exists";	×
185	}
186	$cryptpassword = $this->cryptpassword($password);	×
187	$sql = "SELECT MAX(usr_id) FROM base_users;";	×
188	$usercount = $db->baseExecute($sql);	×
189	$usercnt = $usercount->baseFetchRow();	×
190	$userid = $usercnt[0] + 1;	×
191	$sql = "INSERT INTO base_users (usr_id, usr_login, usr_pwd, role_id, usr_name, usr_enabled)";	×
192	$sql .= "VALUES (".$userid .", '".$user."','".$cryptpassword."',".$role.",'".$name."', 1);";	×
193	$db->baseExecute($sql, -1, -1, false);	×
194	return _ADDEDSF;	×
195	}
196
197	function disableUser($user)
198	{
199	//disables user
200	$db = $this->db;	×
201	$sql = "UPDATE base_users SET usr_enabled = '0' WHERE usr_id = '" . $user . "';";	×
202	$disabled = $db->baseExecute($sql);	×
203	return;	×
204	}
205
206	function deleteUser($user)
207	{
208	//deletes the user
209	$db = $this->db;	×
210	$sql = "DELETE FROM base_users WHERE usr_id = '" . $user . "';";	×
211	$deleted = $db->baseExecute($sql);	×
212	return;	×
213	}
214
215	function enableUser($user)
216	{
217	//enables user
218	$db = $this->db;	×
219	$sql = "UPDATE base_users SET usr_enabled = '1' WHERE usr_id = '" . $user . "';";	×
220	$enabled = $db->baseExecute($sql);	×
221	return;	×
222	}
223
224	function updateUser($userarray)
225	{
226	/* This function accepts an array in the following format
227	$userarray[0] = $userid
228	$userarray[1] = $fullname
229	$userarray[2] = $roleid
230	*/
231	$db = $this->db;	×
232	$sql = "UPDATE base_users SET usr_name = '". $userarray[1] ."', role_id = '" . $userarray[2] . "' ";	×
233	$sql = $sql . "WHERE usr_id = '" . $userarray[0] . "'";	×
234	$enabled = $db->baseExecute($sql);	×
235	return;	×
236	}
237
238	function changePassword($user, $oldpassword, $newpassword)
239	{
240	// Changes the user's password
241	$db = $this->db;	×
242	$sql = "SELECT usr_pwd from base_users where usr_login = '" . $user ."';";	×
243	$userRS = $db->baseExecute($sql);	×
244	if ( $db->baseErrorMessage() != "" )	×
245	{
246	// Generic SQL error
247	$error = returnErrorMessage(_NOPWDCHANGE . $db->baseErrorMessage());	×
248	return $error;	×
249	} elseif ($userRS->baseRecordCount() == 0)	×
250	{
251	// User doesn't exist... Someone is playing with their cookie
252	$error = returnErrorMessage(_NOUSER);	×
253	return $error;	×
254	}
255	$row = $userRS->baseFetchRow();	×
256	$cryptoldpasswd = $this->cryptpassword($oldpassword);	×
257	if ($cryptoldpasswd != $row[0])	×
258	{
259	// Old password doesn't match record
260	$error = returnErrorMessage(_OLDPWD);	×
261	return $error;	×
262	}
263	// Finally... lets change the password
264	$sql = "UPDATE base_users SET usr_pwd='" . $this->cryptpassword($newpassword);	×
265	$sql = $sql . "' WHERE usr_login='". $user . "';";	×
266	$chngpwd = $db->baseExecute($sql);	×
267	if ( $db->baseErrorMessage() != "" )	×
268	{
269	// Generic SQL error
270	$error = returnErrorMessage(_PWDCANT. $db->baseErrorMessage());	×
271	return $error;	×
272	}
273
274	return _PWDDONE;	×
275	}
276	function returnUser(){ // returns user login from role cookie
277	$user = '';	84✔
278	if ( isset($_COOKIE['BASERole']) ){	84✔
279	$cookievalue = $_COOKIE['BASERole'];	62✔
280	$cookiearr = explode('\|', $cookievalue);	62✔
281	$user = $cookiearr[1];	62✔
282	}	20✔
283	return $user;	84✔
284	}
285	function returnUserID($user){ // Returns uid of user, false on Error.
286	$Ret = false;	154✔
287	if ( LoadedString($user) ){ // Input Validation	154✔
288	$db = $this->db;	132✔
289	$sql = "SELECT usr_id FROM base_users WHERE usr_login = '" . $user . "';";	132✔
290	$rs = $db->baseExecute($sql);	132✔
291	if (
292	$rs != false	60✔
293	&& $db->baseErrorMessage() == ''	132✔
294	&& $rs->baseRecordCount() > 0	132✔
295	){ // Error Check	48✔
296	$usrid = $rs->baseFetchRow();	110✔
297	$rs->baseFreeRows();	110✔
298	if ( isset($usrid[0]) ){	110✔
299	$Ret = intval($usrid[0]);	110✔
300	}	40✔
301	}	40✔
302	}	48✔
303	return $Ret;	154✔
304	}
305	function returnUsers(){
306	/* returns an array of all users info
307	* each array item is formatted as
308	* array[] = usr_id\|usr_login\|role_id\|usr_name\|usr_enabled
309	*/
310	$userarray = NULL;	×
311	$db = $this->db;	×
312	$sql = "SELECT usr_id, usr_login, role_id, usr_name, usr_enabled ";	×
313	$sql = $sql . "FROM base_users ORDER BY usr_id;";	×
314	$result = $db->baseExecute($sql);	×
315
316	$i = 0;	×
317	while ( ($myrow = $result->baseFetchRow()) && ($i < $result->baseRecordCount()) )	×
318	{
319	$userarray[$i] = $myrow[0] . "\|" . $myrow[1] . "\|" . $myrow[2] . "\|" . $myrow[3] . "\|" . $myrow[4];	×
320	++$i;	×
321	}
322	$result->baseFreeRows();	×
323	return $userarray;	×
324	}
325	function returnEditUser( $userid, $XSS = 1 ){
326	// Returns an array of user's info.
327	// Each array item is formatted as:
328	// array[0] = usr_id\|usr_login\|role_id\|usr_name\|usr_enabled
329	// Returns false on Error.
330	$Ret = false;	132✔
331	$userid = intval($userid); // Input Validation	132✔
332	if ( $userid > 0 ){	132✔
333	if ( !is_numeric($XSS) ){	110✔
334	$XSS = 1;	22✔
335	}	8✔
336	$db = $this->db;	110✔
337	$sql = "SELECT usr_id, usr_login, role_id, usr_name, usr_enabled ";	110✔
338	$sql .= "FROM base_users WHERE usr_id = '" . $userid . "';";	110✔
339	$result = $db->baseExecute($sql);	110✔
340	if ( $result != false ){ // Error Check	110✔
341	$myrow = $result->baseFetchRow();	110✔
342	$result->baseFreeRows();	110✔
343	if ( $XSS > 0 ){ // Anti XSS Output Data	110✔
344	$myrow = XSSPrintSafe($myrow);	88✔
345	}	32✔
346	$Ret = $myrow;	110✔
347	}	40✔
348	}	40✔
349	return $Ret;	132✔
350	}
351	function roleName( $roleID, $XSS = 1 ){
352	// Returns name of roleID, false on Error.
353	$Ret = false;	132✔
354	$roleID = intval($roleID); // Input Validation	132✔
355	if ( $roleID > 0 ){	132✔
356	if ( !is_numeric($XSS) ){	110✔
357	$XSS = 1;	22✔
358	}	8✔
359	$db = $this->db;	110✔
360	$sql = "SELECT role_name FROM base_roles WHERE role_id = '" . $roleID . "';";	110✔
361	$result = $db->baseExecute($sql);	110✔
362	if ( $result != false ){ // Error Check	110✔
363	$rolename = $result->baseFetchRow();	110✔
364	$result->baseFreeRows();	110✔
365	if ( isset($rolename[0]) ){	110✔
366	$Ret = $rolename[0];	88✔
367	}	32✔
368	if ( $XSS > 0 ){ // Anti XSS Output Data	110✔
369	$Ret = XSSPrintSafe($Ret);	88✔
370	}	32✔
371	}	40✔
372	}	40✔
373	return $Ret;	132✔
374	}
375	function returnRoleNamesDropDown($roleid){
376	// Returns an HTML drop down list with all of the role names.
377	// The passed $roleid will be selected if it exists.
378	$db = $this->db;	110✔
379	$sql = "SELECT role_id, role_name FROM base_roles;";	110✔
380	$result = $db->baseExecute($sql);	110✔
381	$tmpHTML = NLI("<select name='roleID'>",7);	110✔
382	$i = 0;	110✔
383	while (
384	($myrow = $result->baseFetchRow())	110✔
385	&& ($i < $result->baseRecordCount())	110✔
386	){	40✔
387	$tmp = "<option value='".$myrow[0]."'";	110✔
388	$tmp .= chk_select($roleid,$myrow[0]);	110✔
389	$tmp .= '>'.XSSPrintSafe($myrow[1]).'</option>';	110✔
390	$tmpHTML .= NLI($tmp,8);	110✔
391	++$i;	110✔
392	}	40✔
393	$result->baseFreeRows();	110✔
394	$tmpHTML .= NLI('</select>',7);	110✔
395	return $tmpHTML;	110✔
396	}
397	function setRoleCookie($passwd, $user)
398	{
399	//sets a cookie with the md5 summed passwd embedded
400	$hash = md5($passwd . $user . "BASEUserRole");	×
401	$cookievalue = $passwd . "\|" . $user . "\|";	×
402	setcookie('BASERole', $cookievalue);	×
403	}
404	function readRoleCookie(){ // Reads the roleCookie and returns the role id.
405	$Ret = 0;	194✔
406	if ( isset($_COOKIE['BASERole']) ){ // Check cookie sanity	194✔
407	$cookievalue = $_COOKIE['BASERole'];	150✔
408	$cookiearr = explode('\|', $cookievalue);	150✔
409	$user = '';	150✔
410	$pwd = '';	150✔
411	if ( isset($cookiearr[0]) ){	150✔
412	$pwd = $cookiearr[0];	150✔
413	}	52✔
414	if ( isset($cookiearr[1]) ){	150✔
415	$user = $cookiearr[1];	128✔
416	}	44✔
417	$db = $this->db;	150✔
418	$user = filterSql($user,1,$db); // Input sanitazation.	150✔
419	$pwd = filterSql($pwd,1,$db);	150✔
420	$sql = "SELECT role_id FROM base_users where usr_login='".$user	98✔
421	."' AND usr_pwd='".$pwd."';";	108✔
422	$result = $this->db->baseExecute($sql);	150✔
423	// Error Check
424	if ( $result != false && is_array($result->row->fields) ){	150✔
425	$Ret = $result->row->fields['role_id'];	62✔
426	}	20✔
427	}	52✔
428	return $Ret;	194✔
429	}
430	// @codeCoverageIgnoreStart
431	// Why write a unit test for a builtin function wrapper.
432	function cryptpassword( $password ){
433	// Returns the md5 hash of supplied password.
434	// Security wise this is a bad idea.
435	// Opened Issue #79 to track this.
436	// https://github.com/NathanGibbs3/BASE/issues/79
437	$cryptpwd = md5($password);
438	return $cryptpwd;
439	}
440	// @codeCoverageIgnoreEnd
441	}
442
443	class BaseRole {
444	var $db;
445
446	function __construct() { // PHP 5+ constructor Shim.
447	// Class/Method agnostic shim code.
448	$SCname = get_class();	×
449	if ( method_exists($this, $SCname) ) {	×
450	$SCargs = func_get_args();	×
451	call_user_func_array(array($this, $SCname), $SCargs);	×
452	}else{
453	// @codeCoverageIgnoreStart
454	// Should never execute.
455	trigger_error( // Will need to add this message to the TD.
456	"Class: $SCname No Legacy Constructor.\n",
457	E_USER_ERROR
458	);
459	// @codeCoverageIgnoreEnd
460	}
461	}
462	function BaseRole() { // PHP 4x constructor.
463	GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname,
464	$alert_host, $alert_port, $alert_user, $alert_password;
465	$db = NewBASEDBConnection($DBlib_path, $DBtype);	×
466	$db->baseDBConnect(	×
467	$db_connect_method, $alert_dbname, $alert_host, $alert_port,
468	$alert_user, $alert_password, 1
469	);
470	$this->db = $db;	×
471	}
472	function addRole($roleid, $rolename, $desc)
473	{
474	//adds role
475	$db = $this->db;	×
476	$sql = "SELECT * FROM base_roles WHERE role_name = '" . $rolename . "'";	×
477	$exists = $db->baseExecute($sql);	×
478	if ( $exists->baseRecordCount() > 0)	×
479	{
480	return _ROLEEXIST;	×
481	}
482	$sql = "SELECT * FROM base_roles WHERE role_id = '" . $roleid . "'";	×
483	$exists = $db->baseExecute($sql);	×
484	if ( $exists->baseRecordCount() > 0)	×
485	{
486	return _ROLEIDEXIST;	×
487	}
488	$sql ="INSERT INTO base_roles (role_id, role_name, role_desc)";	×
489	$sql = $sql . "VALUES (".$roleid .", '".$rolename ."','".$desc."');";	×
490	$db->baseExecute($sql, -1, -1, false);	×
491	return _ROLEADDED;	×
492	}
493	function returnEditRole( $roleid, $XSS = 1 ){
494	// Returns an array of Role's info.
495	// Each array item is formatted as:
496	// array[0] = role_id\|role_name\|role_desc
497	$Ret = false;	132✔
498	$roleid = intval($roleid); // Input Validation	132✔
499	if ( $roleid > 0 ){	132✔
500	if ( !is_numeric($XSS) ){	110✔
501	$XSS = 1;	22✔
502	}	8✔
503	$db = $this->db;	110✔
504	$sql = "SELECT role_id, role_name, role_desc ";	110✔
505	$sql .= "FROM base_roles WHERE role_id = '" . $roleid . "';";	110✔
506	$result = $db->baseExecute($sql);	110✔
507	if ( $result != false ){ // Error Check	110✔
508	$myrow = $result->baseFetchRow();	110✔
509	$result->baseFreeRows();	110✔
510	if ( $XSS == 1 ){ // Anti XSS Output Data	110✔
511	$myrow = XSSPrintSafe($myrow);	88✔
512	}	32✔
513	$Ret = $myrow;	110✔
514	}	40✔
515	}	40✔
516	return $Ret;	132✔
517	}
518	function updateRole($rolearray)
519	{
520	/* This function accepts an array in the following format
521	$rolearray[0] = $roleid
522	$rolearray[1] = $role_name
523	$rolearray[2] = $role_desc
524	*/
525	$db = $this->db;	×
526	$sql = "UPDATE base_roles SET role_name = '". $rolearray[1] ."', role_desc = '" . $rolearray[2] . "' ";	×
527	$sql = $sql . "WHERE role_id = '" . $rolearray[0] . "'";	×
528	$updated = $db->baseExecute($sql);	×
529	return;	×
530	}
531
532	function deleteRole($role)
533	{
534	//deletes the role
535	$db = $this->db;	×
536	$sql = "DELETE FROM base_roles WHERE role_id = '" . $role . "';";	×
537	$deleted = $db->baseExecute($sql);	×
538	return;	×
539	}
540
541	function returnRoles()
542	{
543	/* returns an array of all Roles info
544	* each array item is formatted as
545	* array[] = role_id\|role_name\|role_desc
546	*/
547
548	$db = $this->db;	×
549	$sql = "SELECT role_id, role_name, role_desc ";	×
550	$sql = $sql . "FROM base_roles ORDER BY role_id;";	×
551	$result = $db->baseExecute($sql);	×
552
553	$i = 0;	×
554	while ( ($myrow = $result->baseFetchRow()) && ($i < $result->baseRecordCount()) )	×
555	{
556	$rolearray[$i] = $myrow[0] . "\|" . $myrow[1] . "\|" . $myrow[2];	×
557	++$i;	×
558	}
559	$result->baseFreeRows();	×
560	return $rolearray;	×
561	}
562	}
563	// Returns true if the role of current user is authorized.
564	// Redirect if valid header is given.
565	function AuthorizedRole( $roleneeded = 1, $header = '' ){
566	GLOBAL $BASE_urlpath, $Use_Auth_System, $et;	156✔
567	$Ret = false;	216✔
568	if ( $Use_Auth_System != 1 ){ // Auth system off, always pass.	216✔
569	$Ret = true;	22✔
570	}else{ // Check role and possibly redirect.	8✔
571	$BUser = new BaseUser();	194✔
572	$user = $BUser->returnUser(); // User	194✔
573	$UAE = $BUser->isActive($user); // User Account Enabled.	194✔
574	$URN = $BUser->hasRole($roleneeded); // User role needed.	194✔
575	if ( $URN == 0 \|\| $UAE == false ){ // Not Authorized	194✔
576	$msg = ' user access';	132✔
577	if ( $user == '' ){	132✔
578	$msg = "Unauthenticated$msg";	44✔
579	}else{	16✔
580	$msg = "Unauthorized$msg: $user";	88✔
581	}
582	trigger_error($msg);	132✔
583	if ( $roleneeded >= 10000 ){ // Lock redirect :-)	88✔
584	error_log('Redirect Lock Engaged');	22✔
585	$header = 'base_denied';	22✔
586	}	8✔
587	if ( $header != '' ){	88✔
588	$ReqRE = "(base_(denied\|main)\|index)";	22✔
589	if ( preg_match("/^" . $ReqRE ."$/", $header) ){	22✔
590	// Redirect to allowed locations only.
591	error_log('Attempt Redirect');	22✔
592	base_header("Location: $BASE_urlpath/$header.php");	22✔
593	error_log('Redirect failed');	64✔
594	}	8✔
595	}	8✔
596	}else{	32✔
597	$Ret = true;	62✔
598	}
599	}
600	if ( is_object($et) ){ // Need to TD this in Issue #11 branch.	172✔
601	$et->Mark('Authorization Check.');	20✔
602	}	6✔
603	return $Ret;	172✔
604	}
605	// Returns true if the passed value is part of the running script name.
606	function AuthorizedPage( $page = '' ){
607	GLOBAL $BASE_urlpath;	158✔
608	$Ret = false;	224✔
609	$sc = DIRECTORY_SEPARATOR; // Issue #161	224✔
610	$ReqRE = preg_quote("$BASE_urlpath$sc",'/')."$page\.php";	224✔
611	if ( preg_match("/^" . $ReqRE ."$/", $_SERVER['SCRIPT_NAME']) ){	224✔
612	$Ret = true;	22✔
613	}	8✔
614	return $Ret;	224✔
615	}
616	// Returns true if URI is set & matches URL path & running script name.
617	function AuthorizedURI(){
618	GLOBAL $BASE_urlpath;	48✔
619	$Ret = false;	66✔
620	if (isset($_SERVER["REQUEST_URI"])){	66✔
621	$URI = $_SERVER["REQUEST_URI"];	44✔
622	$ReqRE = preg_quote($BASE_urlpath.$_SERVER['SCRIPT_NAME'],'/');	44✔
623	if ( preg_match("/^" . $ReqRE ."/", $URI) ){	44✔
624	$Ret = true;	22✔
625	}	8✔
626	}	16✔
627	return $Ret;	66✔
628	}
629	?>

NathanGibbs3 / BASE / 584

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous