void MOverview::updateEvents()
{
- QList<MOEvent>evl;
- try{
- evl=req->queryGetAllEvents().getevents();
- }catch(WException e){
- qDebug("Error getting all events (%s): %s",e.component().toAscii().data(),e.error().toAscii().data());
+ MTGetAllEvents gae=req->queryGetAllEvents();
+ if(gae.stage()!=gae.Success){
+ qDebug("Error getting all events (%s): %s",gae.errorType().toAscii().data(),gae.errorString().toAscii().data());
return;
}
+ QList<MOEvent>evl=gae.getevents();
eventmodel->clear();
eventmodel->insertColumns(0,6);
eventmodel->setHorizontalHeaderLabels(QStringList()<<tr("Start Time")<<tr("Title")<<tr("Free")<<tr("Reserved")<<tr("Sold")<<tr("Capacity"));
}
void MOverview::setMyPassword()
-{/*TODO
+{
MPasswordChange pc(this);
if(pc.exec()==QDialog::Accepted){
- QString e=req->changeMyPassword(pc.oldPassword(),pc.newPassword());
- if(e!="")
- QMessageBox::warning(this,tr("Warning"),tr("Error setting password: %1").arg(e));
- }*/
+ MTChangeMyPassword cmp=MTChangeMyPassword::query(pc.oldPassword(),pc.newPassword());
+ if(cmp.hasError())
+ QMessageBox::warning(this,tr("Warning"),tr("Error setting password: %1").arg(cmp.errorString()));
+ }
}
void MOverview::setUserPassword()
{/*TODO
int gens=set.value("backupgenerations",3).toInt();
//get data
MTBackup bc;
- try{bc=MTBackup::query();}catch(WException e){
- QMessageBox::warning(this,tr("Warning"),tr("Error while executing backup (%1): %2").arg(e.component()).arg(e.error()));
- return;
- }
+ bc=MTBackup::query();
if(bc.stage()!=bc.Success){
QMessageBox::warning(this,tr("Warning"),tr("Backup failed with error (%2): %1").arg(bc.errorString()).arg(bc.errorType()));
return;
if(loglvl>WInterface::LogMinimal)
log=QString("Request %3 with header:\n%1\n\nRequest Body:\n%2\n<---->\n").arg(hrh.toString()).arg(esc(data)).arg(m_httpid);
qDebug("started req %i",m_httpid);
+
+ /////////////////////////////////////////////////////////////////////
//start loop
QTimer tmr;
tmr.setSingleShot(true);tmr.start(iface->webTimeout()*1000);
connect(&tmr,SIGNAL(timeout()),this,SLOT(webTimeout()));
loop.exec();
tmr.stop();tmr.disconnect(SIGNAL(timeout()),this,SLOT(webTimeout()));
+ /////////////////////////////////////////////////////////////////////
+
//process result
if(m_stage==Error && m_errtype=="_timeout"){
//it did not finish yet, caught a timeout.
return QByteArray();
}
QHttpResponseHeader rsph=req.lastResponse();
+ m_wobstatus=rsph.value("X-WobResponse-Status");
+ m_wobstatus=m_wobstatus.replace("\"","").trimmed().toLower();
//check for high level error
if(rsph.statusCode()!=200){
m_errstr="HTTP Error, return code "+QString::number(rsph.statusCode())+" "+rsph.reasonPhrase();
void webFinished();
protected:
Stage m_stage;
- QString m_errtype,m_errstr,m_iface;
+ QString m_errtype,m_errstr,m_iface,m_wobstatus;
int m_httpid;
};
<Var name="oldpassword" type="string"/>
<Var name="newpassword" type="string"/>
</Input>
+ <Call lang="php" method="Session::instance()->setMyPasswd($this);"/>
<Output/>
</Transaction>
QString code="\t/*start of output encoding*/\n";
code+="\ttry{\n\t\t$xml=new DOMDocument;\n";
code+="\t\t$root=$xml->createElement(\"WobResponse\");\n";
- code+="\t\t$root->setAttribute(\"status\",$this->statusString());\n";
for(int i=0;i<sl.size();i++){
QString t=trn.outputType(sl[i]);
if(trn.isAttributeType(t)){
code+="\t\tm_stage=Error;m_errtype=\"_iface\";m_errstr=QString(\"XML result parser error line %1 col %2: %3\").arg(eln).arg(ecl).arg(emsg);\n\t}\n";
code+="\troot=doc.documentElement();\n";
//decide where to go, error handling
- code+="\tQString stat=root.attribute(\"status\");\n";
- code+="\tif(stat!=\"ok\"){\n\t\tm_stage=Error;m_errtype=\"_server\";m_errstr=\"server error\";\n";
+ code+="\tif(m_wobstatus!=\"ok\"){\n\t\tm_stage=Error;m_errtype=\"_server\";m_errstr=\"unknown server error\";\n";
code+="\t\tQDomNodeList nl=root.elementsByTagName(\"Error\");\n";
code+="\t\tif(nl.size()==0)return;\n";
code+="\t\ttmp=nl.at(0).toElement();\n";
if(trn.isListType(t)){
code+="\tfor(int i=0;i<nl.size();i++){\n";
if(trn.isObjectType(t)){
- code+="\t\tout_"+sl[i]+".append("+qtobjtype(trn,sl[i],Out)+"(nl.at(i).toElement()));\n";
+ code+="\t\ttry{out_"+sl[i]+".append("+qtobjtype(trn,sl[i],Out)+"(nl.at(i).toElement()));}catch(WException e){m_stage=Error;m_errtype=e.component();m_errstr=e.error();}\n";
}else if(trn.isIntType(t)){
code+="\t\tout_"+sl[i]+".append(nl.at(i).toElement().text().toInt());\n";
}else if(trn.isBoolType(t)){
}else{
code+="\tif(nl.size()>0){\n";
if(trn.isObjectType(t)){
- code+="\t\tout_"+sl[i]+"="+qtobjtype(trn,sl[i],Out)+"(nl.at(0).toElement());\n";
+ code+="\t\ttry{out_"+sl[i]+"="+qtobjtype(trn,sl[i],Out)+"(nl.at(0).toElement());}catch(WException e){m_stage=Error;m_errtype=e.component();m_errstr=e.error();}\n";
}else{//can only be string
code+="\t\tout_"+sl[i]+"=nl.at(0).toElement().text();\n";
}
}
/**set my own password*/
- public function setMyPasswd($txt)
+ public function setMyPasswd($trans)
{
- //check whether I really can do that
- if(!$this->isAuthenticated()){
- header("X-MagicSmoke-Status: Unauthenticated");
- die(tr("Not authenticated. Can't change password."));
- }
- //parse XML
- $dom=new DOMDocument;
- if(!$dom->loadXML($txt)){
- header("X-MagicSmoke-Status: SyntaxError");
- die(tr("unable to parse XML data"));
- }
- $nl=$dom->getElementsByTagName("SetMyPasswd");
- if($nl->length!=1){
- header("X-MagicSmoke-Status: SyntaxError");
- die(tr("expected exactly one passwd element"));
- }
- $spw=$nl->item(0);
- $old=$spw->getAttribute("oldpwd");
- $nwp=$spw->getAttribute("newpwd");
+ $old=$trans->getoldpassword();
+ $nwp=$trans->getnewpassword();
//sanity check
- if($nwp==""){
- header("X-MagicSmoke-Status: SyntaxError");
- die(tr("cannot set an empty password"));
- }
+ if($nwp=="")$trans->abortWithError(tr("cannot set an empty password"));
//check old password
global $db;
- $res=$db->select("users","passwd","uname=".$db->escapeString($this->user));
- if(count($res)!=1){
- header("X-MagicSmoke-Status: Error");
- die(tr("Ooops. Unable to find user. You have been deleted."));
- }
- if($old!=$res[0]["passwd"]){
- header("X-MagicSmoke-Status: Error");
- deleteSession();
- die(tr("Wrong password. Session hijacked, terminating it."));
+ $res=$db->select("user","passwd","uname=".$db->escapeString($this->user));
+ if(count($res)!=1)
+ $trans->abortWithError(tr("Ooops. Unable to find user. You have been deleted."));
+ $splt=explode(" ",$res[0]["passwd"]);
+ if(count($splt)!=2)
+ $trans->abortWithError(tr("Ooops. Internal storage error - cannot verify old password."));
+ $vrfy=sha1($splt[0].$old);
+ if($vrfy!=$splt[1]){
+ $trans->abortWithError(tr("Wrong password. Request denied."));
}
//set new password
- $db->update("users",array("passwd"=>$nwp),"uname=".$db->escapeString($this->user));
- header("X-MagicSmoke-Status: Ok");
+ $salt=getSalt();
+ $pwh=sha1($salt.$nwp);
+ $db->update("user",array("passwd"=>($salt." ".$pwh)),"uname=".$db->escapeString($this->user));
}
/**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/
protected $tinput;
protected $aoutput;
protected $toutput;
- protected $astatus=0;
- protected $aerror;
-
- const Ok=0;
- const Error=1;
/**called to determine the correct transaction, aborts the script if there is none.*/
static public function getTransactionName(){
}
/**called to abort a transactions flow*/
- public function abortWithError($type,$text){
+ public function abortWithError($type,$text=""){
+ if($text==""){$text=$type;$type="server";}
header("X-WobResponse-Status: Error");
print("<WobResponse status=\"error\"><Error type=\"".xq($type)."\">".xq($text)."</Error></WobResponse>\n");
exit();
}
-
- /**returns the status of the transaction as string*/
- public function statusString()
- {
- switch($this->astatus){
- case Ok:return "ok";
- case Error:return "error";
- default:return "unknown";
- }
- }
-
- /**sets the status of the transaction*/
- public function setStatus($s)
- {
- if($s<0 && $s>1)throw Exception("Illegal Status Code ".$s);
- $this->astatus=$s;
- }
-
- /**returns the status of the transaction*/
- public function status(){return $this->astatus;}
};
?>
\ No newline at end of file
projects / web/konrad/smoke.git / commitdiff