NathanGibbs3 / BASE / 624

pending completion

Build # 624

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'devel'

Run Details

562 of 562 new or added lines in 28 files covered. (100.0%)

3145 of 17504 relevant lines covered (17.97%)

23.22 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_user.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: User Preferences page
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/

$sc = DIRECTORY_SEPARATOR;
require_once("includes$sc" . 'base_krnl.php');
include_once("$BASE_path/includes/base_include.inc.php");
include_once("$BASE_path/base_db_common.php");
include_once("$BASE_path/base_stat_common.php");

AuthorizedRole(10000);
$page_body='';
$cs = new CriteriaState("base_user.php");
$cs->ReadState();
$userprefs = new BaseUserPrefs();
$userobj = new BaseUser();
$username = $userobj->returnUser();
$page_title = _BASEUSERTITLE;
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);

$Action = 'display'; // Default Action.
if ( isset($_GET['action']) ){
        $Action = filterSql($_GET['action']);
}
// This is where the processing of this page happens.
switch ( $Action ){
        case "change": //call auth.inc
        if (($_POST['newpasswd1'] == $_POST['newpasswd2']) && ($_POST['newpasswd1'] != ""))
        {
          $pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1']));
          $page_body = $pwdresponse;
          break;
        } else
        {
          $page_body = _BASEUSERERRPWD;
        }
      
      case "changepassword":
        $form = "<form action='base_user.php?action=change' Method='POST'>";
        $form = $form . "<table border=1 class='query'>";
        $form = $form . "<tr><td width='25%' align='right'>"._BASEUSEROLDPWD."</td>";
        $form = $form . "<td align='left'><input type='password' name='oldpasswd'></td></tr>";
        $form = $form . "<tr><td width='25%' align='right'>"._BASEUSERNEWPWD."</td>";
        $form = $form . "<td align='left'><input type='password' name='newpasswd1'></td></tr>";
        $form = $form . "<tr><td width='25%' align='right'>"._BASEUSERNEWPWDAGAIN."</td>";
        $form = $form . "<td align='left'><input type='password' name='newpasswd2'></td></tr>";
        $form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit'></td>";
        $form = $form . "</tr></table>";
        $page_body = $page_body . $form;
        break;
      
      case "display":
        $user = new BaseUser();
        $userlogin = $user->returnUser();
        $userid = $user->returnUserID($userlogin);
                        $userinfo = $user->returnEditUser($userid); // Anti XSS by default.

//                        TODO: Need to build a generic table builder that works like DDT.
//                        $DD = array(_FRMUID, _FRMLOGIN, _FRMFULLNAME, _FRMROLE);
//                        $DI = array(
//                                $userinfo[0], $userinfo[1], $userinfo[3],
//                                $user->roleName($userinfo[2])
//                        );
//                        DDT($DI, $DD, _USERPREF, '', 12, 1);

        $form = "<table border=1 class='query'>";
        $form = $form . "<tr><td width='25%' align='right'>"._FRMUID."</td>";
        $form = $form . "<td align='left'>". $userinfo[0] ."</td></tr>";
        $form = $form . "<tr><td width='25%' align='right'>"._FRMLOGIN."</td>";
        $form = $form . "<td align='left'>". $userinfo[1] ."</td></tr>";
        $form = $form . "<tr><td width='25%' align='right'>"._FRMFULLNAME."</td>";
        $form = $form . "<td align='left'>". $userinfo[3] ."</td></tr>";
        $form = $form . "<tr><td width='25%' align='right'>"._FRMROLE."</td>";
        $form = $form . "<td align='left'>" . $user->roleName($userinfo[2]) ."</td></tr>";
        $form = $form . "</tr></table>";
       
        $page_body = $form;
        break;
        
      default:
        $page_body = $page_body . " ";
    }

// Design barrowed from PrintBASEAdminMenuHeader();
$menu = NLI("<div>",2);
$menu .= NLI("<div class='mainheadermenu' style='float: left; width: 15%;'>",3);
$menu .= NLI(_USERPREF ."<hr/>",4);
// Html Templates
$Hrst = "<a href='base_user.php?action="; // Href tag start.
$Hrsp = " class='menuitem'>"; // Href tag end.
$menu .= NLI($Hrst . "changepassword'" . $Hrsp . _CHNGPWD . "</a><br>",4);
$menu .= NLI($Hrst . "display'" . $Hrsp . _DISPLAYU . "</a><br>",4);
$menu .= NLI("</div>",3);
$menu .= NLI("<div style='padding-left: 10px; width: auto;'>",3);
print $menu;
print $page_body;
PrintBASEAdminMenuFooter();
PrintBASESubFooter();
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: User Preferences page
14	********************************************************************************
15	** Authors:
16	********************************************************************************
17	** Kevin Johnson <kjohnson@secureideas.net
18	**
19	********************************************************************************
20	*/
21
22	$sc = DIRECTORY_SEPARATOR;	×
23	require_once("includes$sc" . 'base_krnl.php');	×
24	include_once("$BASE_path/includes/base_include.inc.php");	×
25	include_once("$BASE_path/base_db_common.php");	×
26	include_once("$BASE_path/base_stat_common.php");	×
27
28	AuthorizedRole(10000);	×
29	$page_body='';	×
30	$cs = new CriteriaState("base_user.php");	×
31	$cs->ReadState();	×
32	$userprefs = new BaseUserPrefs();	×
33	$userobj = new BaseUser();	×
34	$username = $userobj->returnUser();	×
35	$page_title = _BASEUSERTITLE;	×
36	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);	×
37
38	$Action = 'display'; // Default Action.	×
39	if ( isset($_GET['action']) ){	×
40	$Action = filterSql($_GET['action']);	×
41	}
42	// This is where the processing of this page happens.
43	switch ( $Action ){	×
44	case "change": //call auth.inc	×
45	if (($_POST['newpasswd1'] == $_POST['newpasswd2']) && ($_POST['newpasswd1'] != ""))	×
46	{
47	$pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1']));	×
48	$page_body = $pwdresponse;	×
49	break;	×
50	} else	×
51	{
52	$page_body = _BASEUSERERRPWD;	×
53	}
54
55	case "changepassword":	×
56	$form = "<form action='base_user.php?action=change' Method='POST'>";	×
57	$form = $form . "<table border=1 class='query'>";	×
58	$form = $form . "<tr><td width='25%' align='right'>"._BASEUSEROLDPWD."</td>";	×
59	$form = $form . "<td align='left'><input type='password' name='oldpasswd'></td></tr>";	×
60	$form = $form . "<tr><td width='25%' align='right'>"._BASEUSERNEWPWD."</td>";	×
61	$form = $form . "<td align='left'><input type='password' name='newpasswd1'></td></tr>";	×
62	$form = $form . "<tr><td width='25%' align='right'>"._BASEUSERNEWPWDAGAIN."</td>";	×
63	$form = $form . "<td align='left'><input type='password' name='newpasswd2'></td></tr>";	×
64	$form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit'></td>";	×
65	$form = $form . "</tr></table>";	×
66	$page_body = $page_body . $form;	×
67	break;	×
68
69	case "display":	×
70	$user = new BaseUser();	×
71	$userlogin = $user->returnUser();	×
72	$userid = $user->returnUserID($userlogin);	×
73	$userinfo = $user->returnEditUser($userid); // Anti XSS by default.	×
74
75	// TODO: Need to build a generic table builder that works like DDT.
76	// $DD = array(_FRMUID, _FRMLOGIN, _FRMFULLNAME, _FRMROLE);
77	// $DI = array(
78	// $userinfo[0], $userinfo[1], $userinfo[3],
79	// $user->roleName($userinfo[2])
80	// );
81	// DDT($DI, $DD, _USERPREF, '', 12, 1);
82
83	$form = "<table border=1 class='query'>";	×
84	$form = $form . "<tr><td width='25%' align='right'>"._FRMUID."</td>";	×
85	$form = $form . "<td align='left'>". $userinfo[0] ."</td></tr>";	×
86	$form = $form . "<tr><td width='25%' align='right'>"._FRMLOGIN."</td>";	×
87	$form = $form . "<td align='left'>". $userinfo[1] ."</td></tr>";	×
88	$form = $form . "<tr><td width='25%' align='right'>"._FRMFULLNAME."</td>";	×
89	$form = $form . "<td align='left'>". $userinfo[3] ."</td></tr>";	×
90	$form = $form . "<tr><td width='25%' align='right'>"._FRMROLE."</td>";	×
91	$form = $form . "<td align='left'>" . $user->roleName($userinfo[2]) ."</td></tr>";	×
92	$form = $form . "</tr></table>";	×
93
94	$page_body = $form;	×
95	break;	×
96
97	default:	×
98	$page_body = $page_body . " ";	×
99	}
100
101	// Design barrowed from PrintBASEAdminMenuHeader();
102	$menu = NLI("<div>",2);	×
103	$menu .= NLI("<div class='mainheadermenu' style='float: left; width: 15%;'>",3);	×
104	$menu .= NLI(_USERPREF ."<hr/>",4);	×
105	// Html Templates
106	$Hrst = "<a href='base_user.php?action="; // Href tag start.	×
107	$Hrsp = " class='menuitem'>"; // Href tag end.	×
108	$menu .= NLI($Hrst . "changepassword'" . $Hrsp . _CHNGPWD . "</a><br>",4);	×
109	$menu .= NLI($Hrst . "display'" . $Hrsp . _DISPLAYU . "</a><br>",4);	×
110	$menu .= NLI("</div>",3);	×
111	$menu .= NLI("<div style='padding-left: 10px; width: auto;'>",3);	×
112	print $menu;	×
113	print $page_body;	×
114	PrintBASEAdminMenuFooter();	×
115	PrintBASESubFooter();	×
116	?>

NathanGibbs3 / BASE / 624

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous