From c9d71b422a01d0b56530f6e53a372761a8106595 Mon Sep 17 00:00:00 2001 From: Miguel Nogueira Date: Fri, 8 Jun 2018 15:38:27 +0000 Subject: [PATCH] Database crentials were incorrect. Also wrapped database logic inside the correct try catch block to prevent further mishaps and information leakages. Fixes #6. --- php_errors.log | 34 ++++++++++++++++++++++++++++++++++ source/config.php | 10 +++++----- source/dbtools/Application.php | 27 +++++++++++++++++++++++---- 3 files changed, 62 insertions(+), 9 deletions(-) diff --git a/php_errors.log b/php_errors.log index 907fa10..ef9ae09 100644 --- a/php_errors.log +++ b/php_errors.log @@ -227,3 +227,37 @@ Stack trace: [12-Apr-2018 12:48:43 UTC] PHP Warning: Xdebug MUST be loaded as a Zend extension in Unknown on line 0 [12-Apr-2018 12:48:45 UTC] PHP Warning: Xdebug MUST be loaded as a Zend extension in Unknown on line 0 [12-Apr-2018 12:48:51 UTC] PHP Warning: Xdebug MUST be loaded as a Zend extension in Unknown on line 0 +[08-Jun-2018 15:24:44 UTC] PHP Notice: Undefined variable: database in /home/ubuntu/workspace/source/dbtools/Application.php on line 25 +[08-Jun-2018 15:24:44 UTC] PHP Stack trace: +[08-Jun-2018 15:24:44 UTC] PHP 1. {main}() /home/ubuntu/workspace/public/index.php:0 +[08-Jun-2018 15:24:44 UTC] PHP 2. Slim\App->run() /home/ubuntu/workspace/public/index.php:27 +[08-Jun-2018 15:24:44 UTC] PHP 3. Slim\App->process() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:296 +[08-Jun-2018 15:24:44 UTC] PHP 4. Slim\App->callMiddlewareStack() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:388 +[08-Jun-2018 15:24:44 UTC] PHP 5. Slim\App->__invoke() /home/ubuntu/workspace/vendor/slim/slim/Slim/MiddlewareAwareTrait.php:117 +[08-Jun-2018 15:24:44 UTC] PHP 6. Slim\Route->run() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:495 +[08-Jun-2018 15:24:44 UTC] PHP 7. Slim\Route->callMiddlewareStack() /home/ubuntu/workspace/vendor/slim/slim/Slim/Route.php:313 +[08-Jun-2018 15:24:44 UTC] PHP 8. Slim\Route->__invoke() /home/ubuntu/workspace/vendor/slim/slim/Slim/MiddlewareAwareTrait.php:117 +[08-Jun-2018 15:24:44 UTC] PHP 9. Slim\Route->resolveCallable() /home/ubuntu/workspace/vendor/slim/slim/Slim/Route.php:330 +[08-Jun-2018 15:24:44 UTC] PHP 10. Slim\CallableResolver->resolve() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolverAwareTrait.php:45 +[08-Jun-2018 15:24:44 UTC] PHP 11. Slim\CallableResolver->resolveCallable() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolver.php:67 +[08-Jun-2018 15:24:44 UTC] PHP 12. Hookmanager->__construct() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolver.php:93 +[08-Jun-2018 15:24:44 UTC] PHP 13. Customer->__construct() /home/ubuntu/workspace/source/defs/Hookmanager/Hookmanager.php:51 +[08-Jun-2018 15:24:44 UTC] PHP 14. Customer->__construct() /home/ubuntu/workspace/source/dbtools/Customer.php:10 +[08-Jun-2018 15:24:44 UTC] PHP 15. Customer->instDB() /home/ubuntu/workspace/source/dbtools/Application.php:19 +[08-Jun-2018 15:37:50 UTC] PHP Notice: Undefined variable: connection in /home/ubuntu/workspace/source/dbtools/Application.php on line 48 +[08-Jun-2018 15:37:50 UTC] PHP Stack trace: +[08-Jun-2018 15:37:50 UTC] PHP 1. {main}() /home/ubuntu/workspace/public/index.php:0 +[08-Jun-2018 15:37:50 UTC] PHP 2. Slim\App->run() /home/ubuntu/workspace/public/index.php:27 +[08-Jun-2018 15:37:50 UTC] PHP 3. Slim\App->process() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:296 +[08-Jun-2018 15:37:50 UTC] PHP 4. Slim\App->callMiddlewareStack() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:388 +[08-Jun-2018 15:37:50 UTC] PHP 5. Slim\App->__invoke() /home/ubuntu/workspace/vendor/slim/slim/Slim/MiddlewareAwareTrait.php:117 +[08-Jun-2018 15:37:50 UTC] PHP 6. Slim\Route->run() /home/ubuntu/workspace/vendor/slim/slim/Slim/App.php:495 +[08-Jun-2018 15:37:50 UTC] PHP 7. Slim\Route->callMiddlewareStack() /home/ubuntu/workspace/vendor/slim/slim/Slim/Route.php:313 +[08-Jun-2018 15:37:50 UTC] PHP 8. Slim\Route->__invoke() /home/ubuntu/workspace/vendor/slim/slim/Slim/MiddlewareAwareTrait.php:117 +[08-Jun-2018 15:37:50 UTC] PHP 9. Slim\Route->resolveCallable() /home/ubuntu/workspace/vendor/slim/slim/Slim/Route.php:330 +[08-Jun-2018 15:37:50 UTC] PHP 10. Slim\CallableResolver->resolve() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolverAwareTrait.php:45 +[08-Jun-2018 15:37:50 UTC] PHP 11. Slim\CallableResolver->resolveCallable() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolver.php:67 +[08-Jun-2018 15:37:50 UTC] PHP 12. Hookmanager->__construct() /home/ubuntu/workspace/vendor/slim/slim/Slim/CallableResolver.php:93 +[08-Jun-2018 15:37:50 UTC] PHP 13. Customer->__construct() /home/ubuntu/workspace/source/defs/Hookmanager/Hookmanager.php:51 +[08-Jun-2018 15:37:50 UTC] PHP 14. Customer->__construct() /home/ubuntu/workspace/source/dbtools/Customer.php:10 +[08-Jun-2018 15:37:50 UTC] PHP 15. Customer->instDB() /home/ubuntu/workspace/source/dbtools/Application.php:23 diff --git a/source/config.php b/source/config.php index b10cf92..f9de827 100644 --- a/source/config.php +++ b/source/config.php @@ -16,11 +16,11 @@ return [ [ "database" => [ - "username" => "", - "password" => "password", - "hostname" => "hostname", - "port" => "port", - "dbname" => "db" + "username" => "spacejewel", + "password" => "zwNUECRSy1DVZneq", + "hostname" => "spacejewel.ga", + "port" => "3306", + "dbname" => "billing" ], "virtualmin" => [ diff --git a/source/dbtools/Application.php b/source/dbtools/Application.php index e21fd12..a234ea6 100644 --- a/source/dbtools/Application.php +++ b/source/dbtools/Application.php @@ -1,5 +1,7 @@ getConfig(); + + $this->database['username'] = $cConfigArray['core']['database']['username']; $this->database['password'] = $cConfigArray['core']['database']['password']; $this->database['hostname'] = $cConfigArray['core']['database']['hostname']; @@ -21,15 +25,30 @@ class Application } protected function instDB() - { + {// ConstructorFailed + - return \ParagonIE\EasyDB\Factory::create( + try + { + + $connection = \ParagonIE\EasyDB\Factory::create( 'mysql:host=' . $this->database['hostname'] . ';dbname=' . $this->database['dbname'], $this->database['username'], $this->database['password'] - ); + ); + + } + catch (ConstructorFailed $Ex) + { + header("HTTP/1.1 500 Internal Server Error"); + exit("An error has ocurred and therefore we are unable to fulfill your request for information. Sorry."); + } + finally + { + return $connection; + } } - // + public function Exists($Table, $IDRowColumnName, $SearchValue) { $exists = $db->cell(