1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<?php
/**
* FusionForge form management
*
* Copyright 2005, GForge, LLC
* Copyright 2009, Roland Mas
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software
* Foundation; either version 2 of the Licence, or (at your option)
* any later version.
*
* FusionForge is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with FusionForge; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* form_generate_key() - Returns a new key, and registers it in the db.
*
* @return int A new identifier.
*
*/
function form_generate_key() {
$is_new=false;
db_begin();
// there's about 99.999999999% probability this loop will run only once :)
while(!$is_new) {
$key = md5(microtime() + util_randbytes() + $_SERVER["REMOTE_ADDR"]);
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1', array ($key));
if (!db_numrows($res)) {
$is_new=true;
}
}
$res = db_query_params('INSERT INTO form_keys (key,is_used,creation_date) VALUES ($1, 0, $2)', array ($key,time()));
if (!$res) {
db_rollback();
return false;
}
db_commit();
return $key;
}
/**
* form_key_is_valid() - Checks the db to see if the given key is already used. In case it's not already used
* it updates the db.
*
* @param int $key The key.
* @return boolean True if the given key is already used. False if not.
*
*/
function form_key_is_valid($key) {
// Fail back mode if key is empty. This can happen when there is
// a problem with the generation. In this case, it may be better
// to disable this check instead of blocking all the application.
if (empty($key))
return true;
db_begin();
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1 and is_used=0 FOR UPDATE', array ($key));
if (!$res || !db_numrows($res)) {
db_rollback();
return false;
}
$res = db_query_params ('UPDATE form_keys SET is_used=1 WHERE key=$1', array ($key));
if (!$res) {
db_rollback();
return false;
}
db_commit();
return true;
}
/**
* form_release_key() - Releases the given key if it is already used. If the given key it's not in the db, it returns false.
*
* @param int $key The key.
* @return boolean True if the given key is successfully released. False if not.
*
*/
function form_release_key($key) {
db_begin();
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1 FOR UPDATE', array ($key));
if (!$res || !db_numrows($res)) {
db_rollback();
return false;
}
$res = db_query_params ('UPDATE form_keys SET is_used=0 WHERE key=$1', array ($key));
if (!$res) {
db_rollback();
return false;
}
db_commit();
return true;
}
// Local Variables:
// mode: php
// c-file-style: "bsd"
// End:
|
