diff options
46 files changed, 504 insertions, 173 deletions
@@ -1,2 +1,16 @@ tools/boca-submit-run-root-wrapper tools/safeexec +debian/.debhelper/ +debian/boca-autojudge.substvars +debian/boca-autojudge/ +debian/boca-common.substvars +debian/boca-common/ +debian/boca-db.substvars +debian/boca-db/ +debian/boca-submission-tools/ +debian/boca-web.substvars +debian/boca-web/ +debian/boca.substvars +debian/boca/ +debian/debhelper-build-stamp +debian/files @@ -10,7 +10,7 @@ install-bocawww: cp -r src $(DESTDIR)/var/www/boca/ cp -r doc $(DESTDIR)/var/www/boca/ -install-bocaapache: install-bocawww +install-bocaapache: mkdir -p $(DESTDIR)/etc/apache2/sites-enabled/ cp tools/000-boca.conf $(DESTDIR)/etc/apache2/sites-enabled/000-boca.conf a2ensite default-ssl || echo a2ensite default-ssl FAILED @@ -20,17 +20,29 @@ install-bocaapache: install-bocawww install-scripts: mkdir -p $(DESTDIR)/usr/sbin/ install tools/dump.sh $(DESTDIR)/usr/sbin/boca-dump - install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail + +install-bocadb: + mkdir -p $(DESTDIR)/usr/sbin/ + mkdir -p $(DESTDIR)/etc + cp -r tools/postgresql $(DESTDIR)/etc install tools/boca-createdb.sh $(DESTDIR)/usr/sbin/boca-createdb - install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge + +install-bocacommon: install-bocawww + mkdir -p $(DESTDIR)/usr/sbin/ + mkdir -p $(DESTDIR)/etc/ + cp tools/boca.conf $(DESTDIR)/etc/ install tools/boca-config-dbhost.sh $(DESTDIR)/usr/sbin/boca-config-dbhost -install: install-bocawww install-bocaapache install-scripts tools/safeexec +install-bocaautojudge: tools/safeexec + mkdir -p $(DESTDIR)/usr/sbin/ mkdir -p $(DESTDIR)/usr/bin/ mkdir -p $(DESTDIR)/etc/ - cp tools/boca.conf $(DESTDIR)/etc/ install tools/safeexec $(DESTDIR)/usr/bin/safeexec chmod 4555 $(DESTDIR)/usr/bin/safeexec + install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail + install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge + +install: install-bocawww install-bocaapache install-bocadb install-bocacommon install-bocaautojudge install-scripts install-submission-tools: tools/boca-submit-run-root-wrapper mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin $(DESTDIR)/etc/cron.d @@ -40,10 +52,10 @@ install-submission-tools: tools/boca-submit-run-root-wrapper install tools/boca-submit-run-cron $(DESTDIR)/usr/bin/ install tools/boca-submit-run-aux $(DESTDIR)/usr/bin/ install tools/boca-submit-run-root $(DESTDIR)/usr/bin/ - install tools/boca-submit-logroot $(DESTDIR)/usr/sbin/boca-submit-logroot - install tools/cron-submit $(DESTDIR)/etc/cron.d/ - install tools/cron-fixssh $(DESTDIR)/etc/cron.d/ - install tools/cron-logroot $(DESTDIR)/etc/cron.d/ + install tools/boca-submit-log $(DESTDIR)/usr/sbin/boca-submit-log + install tools/cron-boca-submit $(DESTDIR)/etc/cron.d/ + install tools/cron-boca-fixssh $(DESTDIR)/etc/cron.d/ + install tools/cron-boca-log $(DESTDIR)/etc/cron.d/ install tools/boca-submit-run-root-wrapper $(DESTDIR)/usr/bin/ install tools/boca-outmanage $(DESTDIR)/usr/sbin/ install tools/boca-checkinternet $(DESTDIR)/usr/sbin/ diff --git a/debian/boca-autojudge.postinst b/debian/boca-autojudge.postinst new file mode 100644 index 0000000..37b144c --- /dev/null +++ b/debian/boca-autojudge.postinst @@ -0,0 +1,5 @@ +#!/bin/bash + +chmod 4555 /usr/bin/safeexec + +exit 0 diff --git a/debian/boca.conffiles b/debian/boca-common.conffiles index b004c7a..b004c7a 100644 --- a/debian/boca.conffiles +++ b/debian/boca-common.conffiles diff --git a/debian/boca-common.postinst b/debian/boca-common.postinst new file mode 100644 index 0000000..d28de8a --- /dev/null +++ b/debian/boca-common.postinst @@ -0,0 +1,50 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +priority=high + +case "$1" in + configure|reconfigure) + if [[ -e "/etc/boca.conf" ]]; then + . /etc/boca.conf + if [[ "$bdserver" != "" ]]; then + echo "If you want to reset DB configuration, please unset \"bdserver\" in /etc/boca.conf" + exit 0 + fi + fi + db_input high boca-common/dbhost || true + db_go || true + + db_get boca-common/dbhost || true + DBHOST="$RET" + + if [[ "x$DBHOST" == "x" ]]; then + DBHOST=localhost + fi + + db_input high boca-common/dbpassword || true + db_go || true + + db_get boca-common/dbpassword || true + PASSWORD="$RET" + + if [[ "x$PASSWORD" == "x" ]]; then + printf "Generating password with makepasswd" + PASSWORD="$(makepasswd --chars 20)" + echo . + fi + export PASSWD="$PASSWORD" + boca-config-dbhost $DBHOST + unset PASSWD + ;; + *) + ;; +esac + +chmod 600 /var/www/boca/src/private/conf.php +chown www-data.www-data /var/www/boca/src/private/conf.php + +exit 0 diff --git a/debian/boca-common.templates b/debian/boca-common.templates new file mode 100644 index 0000000..e993675 --- /dev/null +++ b/debian/boca-common.templates @@ -0,0 +1,10 @@ +Template: boca-common/dbhost +Type: string +Default: localhost +Description: Please provide a host within BOCA database: + +Template: boca-common/dbpassword +Type: password +Description: Please provide a password for BOCA database: + Please, do not forget this password. You will need it to provide it while + configuring boca-web and boca-autojudge. diff --git a/debian/boca-db.postinst b/debian/boca-db.postinst new file mode 100644 index 0000000..c4215df --- /dev/null +++ b/debian/boca-db.postinst @@ -0,0 +1,75 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +priority=high + +case "$1" in + configure|reconfigure) + + if [[ -e "/etc/boca.conf" ]]; then + . /etc/boca.conf + if [[ "$bdcreated" != "" ]]; then + echo "If you want to reset DB configuration, please unset \"bdcreated\" in /etc/boca.conf" + exit 0 + fi + fi + + #Assume DBHOST will be localhost, since this is the package that + #provides postgresql + #XXX future work make it work as a backup DB server + DBHOST=localhost + + db_get boca-common/dbpassword || true + PASSWORD="$RET" + + #If we don't have a password from boca-common 2 things could be + #happened + #1) dpkg cleaned the password already + #2) The user did not provide a password + #So we will ask for a password + if [[ "x$PASSWORD" == "x" ]]; then + db_input critical boca-db/dbpassword || true + db_go || true + db_get boca-db/dbpassword || true + PASSWORD="$RET" + db_reset boca-db/dbpassword + else + db_reset boca-common/dbpassword + fi + + if [[ "x$PASSWORD" == "x" ]]; then + printf "Generating password with makepasswd" + PASSWORD="$(makepasswd --chars 20)" + echo . + echo "Your DB password is '$PASSWORD' take care of it." + fi + export PASSWD="$PASSWORD" + boca-config-dbhost $DBHOST + unset PASSWD + postgresuser=postgres + su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" + su - $postgresuser -c "echo create user bocauser createdb password \'$PASSWORD\'| psql -d template1" + su - $postgresuser -c "echo alter user bocauser createdb password \'$PASSWORD\'| psql -d template1" + + db_input critical boca-db/createdb || true + db_go || true + + db_get boca-db/createdb || true + + if [[ "$RET" == "Yes" ]]; then + echo YES |php /var/www/boca/src/private/createdb.php + echo "bdcreated=y" >> /etc/boca.conf + fi + db_reset boca-db/createdb + + ;; + *) + ;; +esac + +service postgresql restart || true + +exit 0 diff --git a/debian/boca-db.templates b/debian/boca-db.templates new file mode 100644 index 0000000..895098d --- /dev/null +++ b/debian/boca-db.templates @@ -0,0 +1,11 @@ +Template: boca-db/dbpassword +Type: password +Description: Please provide a password for BOCA database: + Please, do not forget this password. You will need it to provide it while + configuring boca-web and boca-autojudge. + +Template: boca-db/createdb +Type: select +Choices: Yes, No +Description: Should a new DB be created for BOCA? + Warning: This operation will erase any existing previously created BOCA DB diff --git a/debian/boca-web.postinst b/debian/boca-web.postinst new file mode 100644 index 0000000..52071f4 --- /dev/null +++ b/debian/boca-web.postinst @@ -0,0 +1,24 @@ +#!/bin/bash + +. /usr/share/debconf/confmodule + +chown -R www-data.www-data /var/www/boca +chmod -R go-rwx /var/www/boca/src/private + +a2ensite default-ssl +a2enmod ssl +a2enmod socache_shmcb +a2enmod proxy_fcgi + +# Make sure embedded apache php module is not loaded +a2dismod php7.2 || true + +#enable php fpm instead +a2enconf php7.2-fpm + +service apache2 restart || true + +#remember to reset possible stored password from debconf +db_reset boca-common/dbpassword || true + +exit 0 diff --git a/debian/boca.postinst b/debian/boca.postinst deleted file mode 100644 index 18ce749..0000000 --- a/debian/boca.postinst +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -chown -R www-data.www-data /var/www/boca -chmod -R go-rwx /var/www/boca/src/private -chmod 4555 /usr/bin/safeexec - -a2ensite default-ssl -a2enmod ssl -a2enmod socache_shmcb - -service apache2 restart || true diff --git a/debian/compat b/debian/compat index 7f8f011..f599e28 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -7 +10 diff --git a/debian/control b/debian/control index fbac1f3..2b45da3 100644 --- a/debian/control +++ b/debian/control @@ -2,20 +2,63 @@ Source: boca Section: misc Priority: optional Maintainer: BOCA Development Team <bocasystem@gmail.com> +Uploaders: Cassio Polpo de Campos <cassiopc@gmail.com>, Bruno Cesar Ribas <brunoribas@gmail.com> Build-Depends: debhelper, build-essential -Package: maratona-boca +Package: boca Architecture: all -Depends: boca -Description: Virtual package that depends on BOCA +Depends: boca-common, boca-web, boca-db, boca-autojudge +Provides: maratona-boca +Description: BOCA is a software created to control a contest with the ACM ICPC rules. + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package install all boca related packages to run everything in one + single machine. -Package: boca +Package: boca-db +Architecture: all +Pre-depends: postgresql +Depends: boca-common +Description: BOCA - database + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package provides a full database to run a contest on. + +Package: boca-web +Architecture: all +Depends: boca-common, apache2, php-fpm, php +Description: BOCA - WEB files + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package provides only web contents. + +Package: boca-common +Architecture: all +Pre-Depends: debconf, makepasswd, coreutils, sharutils +Depends: php-zip, wget, php-cli, php-pgsql, php-gd, postgresql-client, php-xml, openssl, libany-uri-escape-perl +Description: BOCA - Common files + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package contains shared files with all BOCA packages. + +Package: boca-autojudge Architecture: amd64 -Depends: php-zip, debootstrap, schroot, quotatool, makepasswd, apache2, libapache2-mod-php, sharutils, wget, coreutils, php, php-cli, php-mcrypt, php-pgsql, php-gd, postgresql, postgresql-client, libany-uri-escape-perl, php-xml -Description: BOCA is a software created to control a contest with the ACM ICPC rules. +Depends: boca-common, debootstrap, schroot, quotatool, makepasswd +Description: BOCA - AutoJudge BOCA is a software created to control a contest with the ACM International Collegiate Programming Contest rules. It has been developed in PHP and the interaction between judges and the system is done through a web browser. + . + This package contains files to generate and run the autojudge system for + BOCA. Package: boca-submission-tools Architecture: amd64 @@ -23,3 +66,4 @@ Depends: sharutils, wget, coreutils, libany-uri-escape-perl, openssl, openssh-se Description: BOCA submission tools. This package provides tools to submit codes to a running boca server without using the web interface. + diff --git a/debian/postinst b/debian/postinst deleted file mode 100644 index 65e238f..0000000 --- a/debian/postinst +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -chown -R www-data.www-data /var/www/boca -chmod 4555 /usr/bin/safeexec - -service apache2 restart || true diff --git a/debian/rules b/debian/rules index 6c52a63..3453dd0 100755 --- a/debian/rules +++ b/debian/rules @@ -3,8 +3,14 @@ override_dh_auto_install: mkdir -p debian/boca-submission-tools make -j1 install-submission-tools DESTDIR=debian/boca-submission-tools - mkdir -p debian/boca - make -j1 install DESTDIR=debian/boca + mkdir -p debian/boca-web + make -j1 install-bocaapache DESTDIR=debian/boca-web + mkdir -p debian/boca-autojudge + make -j1 install-bocaautojudge DESTDIR=debian/boca-autojudge + mkdir -p debian/boca-db + make -j1 install-bocadb DESTDIR=debian/boca-db + mkdir -p debian/boca-common + make -j1 install-bocacommon DESTDIR=debian/boca-common %: dh $@ diff --git a/doc/INSTALL.txt b/doc/INSTALL.txt index 9c5fd57..d3a1248 100644 --- a/doc/INSTALL.txt +++ b/doc/INSTALL.txt @@ -21,9 +21,15 @@ Usually that is true if you have installed the following ubuntu/debian packages, as given by an apt-get example line: apt-get install \ +php-zip debootstrap schroot quotatool makepasswd apache2 \ +libapache2-mod-php sharutils wget coreutils php php-cli \ +php-pgsql php-gd postgresql postgresql-client \ +libany-uri-escape-perl php-xml openssl + + postgresql postgresql-contrib postgresql-client apache2 \ -libapache2-mod-php5 php5 php5-cli php5-cgi php5-gd \ -php5-mcrypt php5-pgsql +libapache2-mod-php php php-cli php-cgi php-gd openssl \ +php-pgsql It may be needed to configure some parameters in php.ini, postgresql.conf and pg_hba.conf files. The following lines diff --git a/src/.htaccess b/src/.htaccess index 7c89b5b..99fda17 100644 --- a/src/.htaccess +++ b/src/.htaccess @@ -1,5 +1,7 @@ -php_flag output_buffering on -php_value memory_limit 1024M -php_value post_max_size 128M -php_flag magic_quotes_gpc off -php_value upload_max_filesize 128M +<IfModule !mod_proxy_fcgi.c> + php_flag output_buffering on + php_value memory_limit 1024M + php_value post_max_size 128M + php_flag magic_quotes_gpc off + php_value upload_max_filesize 128M +</IfModule> diff --git a/src/admin/export.php b/src/admin/export.php index 2682c94..10a595d 100644 --- a/src/admin/export.php +++ b/src/admin/export.php @@ -51,7 +51,7 @@ if(isset($_POST["Submit"]) || isset($_POST['Submit1'])) { if(isset($_POST['nopassword']) && $_POST['nopassword']=='true') echo $xml; else - echo rawurlencode($_POST['challenge']) . " " . encryptData($xml,($_POST['password'])); + echo myrawurlencode($_POST['challenge']) . " " . encryptData($xml,($_POST['password'])); exit; } } diff --git a/src/admin/files.php b/src/admin/files.php index 16f0f2d..30ce320 100644 --- a/src/admin/files.php +++ b/src/admin/files.php @@ -59,7 +59,6 @@ for ($i=0; $i<count($run); $i++) { echo " <td nowrap>" . dateconvsimple($run[$i]["timestamp"]) . "</td>\n"; echo " <td nowrap>" . $run[$i]["usernumber"] . " (" . $run[$i]["usersitenumber"] . ")</td>\n"; - $if = rawurlencode($run[$i]["filename"]); if($run[$i]["status"]=="active") { echo "<td nowrap><a href=\"../filedownload.php?". filedownload($run[$i]["oid"],$run[$i]["filename"]) . "\">"; echo $run[$i]["filename"] . "</a>"; diff --git a/src/admin/problem.php b/src/admin/problem.php index a01bd35..33e887c 100644 --- a/src/admin/problem.php +++ b/src/admin/problem.php @@ -26,7 +26,7 @@ if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) if (isset($_GET["delete"]) && is_numeric($_GET["delete"]) && isset($_GET["input"])) { $param = array(); $param['number']=$_GET["delete"]; - $param['inputfilename']=$_GET["input"]; + $param['inputfilename']=myrawurldecode($_GET["input"]); if(!DBDeleteProblem ($_SESSION["usertable"]["contestnumber"], $param)) { MSGError('Error deleting problem'); LogError('Error deleting problem'); @@ -262,11 +262,11 @@ for ($i=0; $i<count($prob); $i++) { echo " <tr>\n"; if($prob[$i]["fake"]!='t') { if(strpos($prob[$i]["fullname"],"(DEL)") !== false) { - echo " <td nowrap><a href=\"javascript: conf3('problem.php?delete=" . $prob[$i]["number"] . "&input=" . rawurlencode($prob[$i]["inputfilename"]) . + echo " <td nowrap><a href=\"javascript: conf3('problem.php?delete=" . $prob[$i]["number"] . "&input=" . myrawurlencode($prob[$i]["inputfilename"]) . "')\">" . $prob[$i]["number"]; echo "(deleted)"; } else { - echo " <td nowrap><a href=\"javascript: conf2('problem.php?delete=" . $prob[$i]["number"] . "&input=" . rawurlencode($prob[$i]["inputfilename"]) . + echo " <td nowrap><a href=\"javascript: conf2('problem.php?delete=" . $prob[$i]["number"] . "&input=" . myrawurlencode($prob[$i]["inputfilename"]) . "')\">" . $prob[$i]["number"]; } echo "</a></td>\n"; diff --git a/src/fcontest.php b/src/fcontest.php index e61631b..9989931 100644 --- a/src/fcontest.php +++ b/src/fcontest.php @@ -125,7 +125,7 @@ CREATE TABLE \"sitetimetable\" ( $r = DBexec($c, "CREATE INDEX \"sitetimesite_index\" ON \"sitetimetable\" USING btree ". "(\"contestnumber\" int4_ops, \"sitenumber\" int4_ops)", "DBCreateSiteTimeTable(create site_index)"); } -// begin; update answertable set updatetime=EXTRACT(EPOCH FROM now()); +// begin; update answertable set updatetime=EXTRACT(EPOCH FROM now()); select * from answertable; // begin; update langtable set updatetime=EXTRACT(EPOCH FROM now()); select * from langtable; // begin; update problemtable set updatetime=EXTRACT(EPOCH FROM now()); select * from problemtable; diff --git a/src/filedownload.php b/src/filedownload.php index 6b56ca9..e1ef6b9 100644 --- a/src/filedownload.php +++ b/src/filedownload.php @@ -34,10 +34,10 @@ if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"] } $cf = globalconf(); -$fname = decryptData(rawurldecode($_GET["filename"]), session_id() . $cf["key"]); +$fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); if(isset($_GET["msg"])) - $p = myhash($_GET["oid"] . $fname . rawurldecode($_GET["msg"]) . session_id() . $cf["key"]); + $p = myhash($_GET["oid"] . $fname . myrawurldecode($_GET["msg"]) . session_id() . $cf["key"]); else $p = myhash($_GET["oid"] . $fname . session_id() . $cf["key"]); diff --git a/src/frun.php b/src/frun.php index 473c4a5..bc9dc2f 100644 --- a/src/frun.php +++ b/src/frun.php @@ -359,13 +359,14 @@ function DBGetRunToAnswerC($number,$site,$contest,$chief) { "r.runnumber=$number"; if ($chief != 1) { $sql .= " and (r.runstatus='openrun' or " . - "(r.runstatus='judged+' and r.runjudge is NULL) or " . - "((r.runstatus='judging' or r.runstatus='judged+') and " . - " (r.runjudge1 is null or r.runjudge2 is null or " . - " ((r.runjudge1=" . $_SESSION["usertable"]["usernumber"] . " and " . - " r.runjudgesite1=" . $_SESSION["usertable"]["usersitenumber"] . ") or " . - " (r.runjudge2=" . $_SESSION["usertable"]["usernumber"] . " and " . - " r.runjudgesite2=" . $_SESSION["usertable"]["usersitenumber"] . ")))))"; + "(r.runstatus='judged+' and r.runjudge is NULL) or " . + "((r.runstatus='judging' or r.runstatus='judged+') and " . + " (r.runjudge1 is null or " . + " (r.runjudge2 is null)" . // " and (" . $_SESSION["usertable"]["usernumber"] . ">=120000 or r.runjudge1>=120000))" . + " or ((r.runjudge1=" . $_SESSION["usertable"]["usernumber"] . " and " . + " r.runjudgesite1=" . $_SESSION["usertable"]["usersitenumber"] . ") or " . + " (r.runjudge2=" . $_SESSION["usertable"]["usernumber"] . " and " . + " r.runjudgesite2=" . $_SESSION["usertable"]["usersitenumber"] . ")))))"; $tx = "Judge"; } else $tx = "Chief"; $r = DBExec ($c, $sql . " for update", "DBGetRunToAnswerC(get run/prob/lang for update)"); diff --git a/src/getcode.php b/src/getcode.php index 407a00b..677aeeb 100644 --- a/src/getcode.php +++ b/src/getcode.php @@ -25,7 +25,13 @@ srand(make_seed()); function myhash($k) { return hash('sha256',$k); } -$iv = "1234567812345678"; +if(!function_exists('openssl_cipher_iv_length')) { + MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + return ""; +} +$clen = openssl_cipher_iv_length('aes-256-cbc'); +$iv = substr(myhash(openssl_random_pseudo_bytes($clen)),0,$clen); if(isset($_GET["name"]) && $_GET["name"] != "" ) { $name = $_GET["name"]; @@ -46,7 +52,7 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) { "chmod 600 /root/submissions/code\n"; if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; - echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), 1, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 + echo $iv . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); exit; } diff --git a/src/globals.php b/src/globals.php index fbbecce..f49d26b 100755 --- a/src/globals.php +++ b/src/globals.php @@ -32,12 +32,20 @@ function sanitizeVariables(&$item, $key) } } +function myrawurlencode($txt) { + return(rawurlencode(base64_encode($txt))); +} + +function myrawurldecode($txt) { + return(rawurldecode(base64_encode($txt))); +} + function filedownload($oid,$fname,$msg='') { $cf = globalconf(); - $if = rawurlencode(encryptData($fname, session_id() . $cf['key'],false)); + $if = myrawurlencode(encryptData($fname, session_id() . $cf['key'],false)); $p = myhash($oid . $fname . $msg . session_id() . $cf["key"]); $str = "oid=". $oid . "&filename=". $if . "&check=" . $p; - if($msg != '') $str .= "&msg=" . rawurlencode($msg); + if($msg != '') $str .= "&msg=" . myrawurlencode($msg); return $str; } function dirrec($dir, $user, $group, $dirPermissions, $filePermissions, $avoid=array()) { @@ -217,6 +225,8 @@ function sanitizeFilename($text) } function unsanitizeText($text) { + $text = str_replace("<", "<", $text); + $text = str_replace(">", ">", $text); $text = str_replace("&", "&", $text); return $text; } diff --git a/src/hex.php b/src/hex.php index 104b331..2062d69 100644 --- a/src/hex.php +++ b/src/hex.php @@ -15,7 +15,7 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// -// Last modified: 21/july/2012 by cassio@ime.usp.br +// Last modified: 22/aug/2018 by cassio@ime.usp.br function myshorthash($k) { return hash('sha1',$k); } @@ -27,26 +27,30 @@ function myhmac($k,$d) { } function encryptData($text,$key,$compress=true) { - if(!function_exists('mcrypt_get_iv_size')) { - MSGError("Encryption error -- mcrypt not installed -- contact an admin (" . getFunctionName() .")"); - LogError("Encryption error -- mcrypt not installed -- contact an admin (" . getFunctionName() .")"); + if(!function_exists('openssl_cipher_iv_length')) { + MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); return ""; } - $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); - $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); + $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $key = myhash($key . "123456789012345678901234567890"); // . myhash($key); $grade='##'; if($compress) { $text = zipstr($text); $grade = '@#'; } - $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key),0,32), $text . myshorthash($text) . $grade, MCRYPT_MODE_CBC, $iv); + $crypttext = openssl_encrypt($text . myshorthash($text) . $grade, 'aes-256-cbc', substr(pack("H*", $key),0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); return base64_encode($crypttext . $iv); } function decryptData($crypttext,$key,$txt='') { + if(!function_exists('openssl_cipher_iv_length')) { + MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + return ""; + } $crypttext = base64_decode($crypttext); - $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); + $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $test1=''; $test2='x'; $clen = strlen($crypttext); @@ -54,7 +58,8 @@ function decryptData($crypttext,$key,$txt='') { $iv = substr($crypttext, $clen-$iv_size, $iv_size); $crypttext = substr($crypttext, 0, $clen-$iv_size); $key = myhash($key . "123456789012345678901234567890"); // . myhash($key); - $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key),0,32), $crypttext, MCRYPT_MODE_CBC, $iv); + + $decrypttext = openssl_decrypt($crypttext, 'aes-256-cbc', substr(pack("H*", $key),0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); $pos = strrpos($decrypttext,"#"); $iscompressed=false; if(substr($decrypttext,$pos-1,1)=='@') $iscompressed=true; diff --git a/src/judge/clar.php b/src/judge/clar.php index a5d56ce..ee120ab 100644 --- a/src/judge/clar.php +++ b/src/judge/clar.php @@ -49,7 +49,7 @@ $clar = DBOpenClarsInSites($_SESSION["usertable"]["contestnumber"], $s["sitejudg for ($i=0; $i<count($clar); $i++) { echo " <tr>\n"; - if (strpos($clar[$i]["status"], "answered") === false) + if (strpos($clar[$i]["status"], "answered") === false) // && strpos($_SESSION["usertable"]['username'], "setter") !== false) echo " <td nowrap><a href=\"claredit.php?clarnumber=".$clar[$i]["number"]."&clarsitenumber=".$clar[$i]["site"] . "\">" . $clar[$i]["number"] . "</td>\n"; else diff --git a/src/judge/runedit.php b/src/judge/runedit.php index e53b3a3..c77f26e 100644 --- a/src/judge/runedit.php +++ b/src/judge/runedit.php @@ -101,8 +101,6 @@ $b = DBGetProblemData($_SESSION["usertable"]["contestnumber"], $a["problemnumber <td width="83%"> <?php for ($i=0;$i<count($b);$i++) { - $if = rawurlencode($b[$i]["inputfilename"]); - echo "<a href=\"../filedownload.php?". filedownload($b[$i]["inputoid"],$b[$i]["inputfilename"]) . "\">"; echo basename($b[$i]["inputfilename"]) . "</a>"; } diff --git a/src/judge/team.php b/src/judge/team.php index 745380a..13e3e4e 100644 --- a/src/judge/team.php +++ b/src/judge/team.php @@ -75,7 +75,7 @@ $redo = TRUE; if(!isset($_SESSION['forceredo']) || $_SESSION['forceredo']==false) { $actualdelay = 30; if(file_exists($runtmp)) { - if(isset($strtmp) || (($strtmp = file_get_contents($runtmp,FALSE,NULL,-1,1000000)) !== FALSE)) { + if(isset($strtmp) || (($strtmp = file_get_contents($runtmp,FALSE,NULL,0,1000000)) !== FALSE)) { list($d) = sscanf($strtmp,"%*s %d"); if($d > time() - $actualdelay) { $conf=globalconf(); diff --git a/src/scoretable.php b/src/scoretable.php index 3f785f3..2010bc1 100644 --- a/src/scoretable.php +++ b/src/scoretable.php @@ -91,7 +91,7 @@ if($ds=="") $ds = "/"; $scoretmp = $_SESSION["locr"] . $ds . "private" . $ds . "scoretmp" . $ds . $_SESSION["usertable"]["usertype"] . '-' . $_SESSION["usertable"]["username"] . ".php"; $redo = TRUE; if(file_exists($scoretmp)) { - if(($strtmp = file_get_contents($scoretmp,FALSE,NULL,-1,100000)) !== FALSE) { + if(($strtmp = file_get_contents($scoretmp,FALSE,NULL,0,5000000)) !== FALSE) { list($d) = sscanf($strtmp,"%*s %d"); if($d > time() - $actualdelay) { $redo = FALSE; @@ -398,11 +398,14 @@ if($redo) { if(isset($conf['doenc']) && $conf['doenc']) $strtmp = "<!-- " . time() . " --> <?php exit; ?>\n" . encryptData($strtmp,$conf["key"],false); else $strtmp = "<!-- " . time() . " --> <?php exit; ?>\n" . $strtmp; - if(file_put_contents($scoretmp, $strtmp,LOCK_EX)===FALSE) { + $randnum = session_id() . "_" . rand(); + if(file_put_contents($scoretmp . "_" . $randnum, $strtmp,LOCK_EX)===FALSE) { if($_SESSION["usertable"]["usertype"] == 'admin') { MSGError("Cannot write to the score cache file -- performance might be compromised"); } LOGError("Cannot write to the ".$_SESSION["usertable"]["usertype"]."-score cache file -- performance might be compromised"); + } else { + @rename($scoretmp . "_" . $randnum, $scoretmp); } $conf=globalconf(); if(isset($conf['doenc']) && $conf['doenc']) diff --git a/src/site/get.php b/src/site/get.php index 81ede0d..45efd68 100644 --- a/src/site/get.php +++ b/src/site/get.php @@ -46,7 +46,7 @@ if($ct["contestlocalsite"]==$ct["contestmainsite"]) { } if(isset($_POST) && isset($_POST['xml'])) { // $fp=fopen('/tmp/aaa',"w"); fwrite($fp,$_POST['xml']); fclose($fp); - $s = decryptData(rawurldecode($_POST['xml']),myhash($_SESSION["usertable"]["userpassword"])); + $s = decryptData($_POST['xml'],myhash($_SESSION["usertable"]["userpassword"])); // $fp=fopen('/tmp/aaa1',"w"); fwrite($fp,$s); fclose($fp); $ac=array(); diff --git a/src/system/importxml.php b/src/system/importxml.php index 5fcaef3..6e6107e 100644 --- a/src/system/importxml.php +++ b/src/system/importxml.php @@ -156,7 +156,7 @@ if(isset($_POST["Submit"])) { exit; } else - $id = rawurldecode(strtok($ar," \n\t")); + $id = myrawurldecode(strtok($ar," \n\t")); } } } else { diff --git a/src/team/header.php b/src/team/header.php index ec7352a..c02166b 100644 --- a/src/team/header.php +++ b/src/team/header.php @@ -60,7 +60,7 @@ $runtmp = $_SESSION["locr"] . $ds . "private" . $ds . "runtmp" . $ds . "run-cont "-site". $_SESSION["usertable"]["usersitenumber"] . "-user" . $_SESSION["usertable"]["usernumber"] . ".php"; $doslow=true; if(file_exists($runtmp)) { - if(($strtmp = file_get_contents($runtmp,FALSE,NULL,-1,1000000)) !== FALSE) { + if(($strtmp = file_get_contents($runtmp,FALSE,NULL,0,1000000)) !== FALSE) { $postab=strpos($strtmp,"\t"); $conf=globalconf(); $strcolors = decryptData(substr($strtmp,$postab+1,strpos($strtmp,"\n")-$postab-1),$conf['key'],''); diff --git a/src/team/run.php b/src/team/run.php index 077b76c..32c0d25 100644 --- a/src/team/run.php +++ b/src/team/run.php @@ -291,11 +291,13 @@ $redo = TRUE; if(!isset($_SESSION['forceredo']) || $_SESSION['forceredo']==false) { $actualdelay = 15; if(file_exists($runtmp)) { - if(isset($strtmp) || (($strtmp = file_get_contents($runtmp,FALSE,NULL,-1,1000000)) !== FALSE)) { + if(isset($strtmp) || (($strtmp = file_get_contents($runtmp,FALSE,NULL,0,1000000)) !== FALSE)) { list($d) = sscanf($strtmp,"%*s %d"); if($d > time() - $actualdelay) { $conf=globalconf(); - $strtmp = decryptData(substr($strtmp,strpos($strtmp,"\n")+1),$conf["key"],'runtmp'); + if(isset($conf['doenc']) && $conf['doenc']) + $strtmp = decryptData(substr($strtmp,strpos($strtmp,"\n")+1),$conf["key"],'runtmp'); + else $strtmp = substr($strtmp,strpos($strtmp,"\n")+1); if($strtmp !== false) $redo = FALSE; } @@ -416,7 +418,10 @@ if($redo) { "</form>\n"; } $conf=globalconf(); - $strtmp1 = "<!-- " . time() . " --> <?php exit; ?>\t" . encryptData($strcolors,$conf["key"],false) . "\n" . encryptData($strtmp,$conf["key"],false); + if(isset($conf['doenc']) && $conf['doenc']) + $strtmp1 = "<!-- " . time() . " --> <?php exit; ?>\t" . encryptData($strcolors,$conf["key"],false) . "\n" . encryptData($strtmp,$conf["key"],false); + else + $strtmp1 = "<!-- " . time() . " --> <?php exit; ?>\t" . $strcolors . "\n" . $strtmp; $randnum = session_id() . "_" . rand(); if(file_put_contents($runtmp . "_" . $randnum, $strtmp1,LOCK_EX)===FALSE) { if(!isset($_SESSION['writewarn'])) { diff --git a/src/version b/src/version index e466e5e..99637e4 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -boca-1.5.13 +boca-1.5.14 diff --git a/src/versionnum.php b/src/versionnum.php index a833695..fc9810f 100644 --- a/src/versionnum.php +++ b/src/versionnum.php @@ -1,5 +1,5 @@ <?php -$BOCAVERSION='boca-1.5.13'; -$YEAR='2017'; +$BOCAVERSION='boca-1.5.14'; +$YEAR='2018'; ?> diff --git a/tools/000-boca.conf b/tools/000-boca.conf index 66c62fe..2ea68d9 100644 --- a/tools/000-boca.conf +++ b/tools/000-boca.conf @@ -1,15 +1,21 @@ -<Directory /var/www/boca/src> - AllowOverride Options AuthConfig Limit - Order Allow,Deny - Allow from all - AddDefaultCharset utf-8 -</Directory> -<Directory /var/www/boca/src/private> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -<Directory /var/www/boca> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -Alias /boca /var/www/boca/src +<VirtualHost *:80> + + ServerAdmin boca@bombonera.org + DocumentRoot /var/www/boca + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src + +</VirtualHost> diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs index b6f7881..111d285 100755 --- a/tools/boca-auth-runs +++ b/tools/boca-auth-runs @@ -56,9 +56,14 @@ if [ "$?" == "0" ]; then exit 3 else a="" - for ((i=0;i<16;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done - openssl enc -d -aes-256-cbc -nosalt -in "$temp" -out "${temp}.1" -K $a -iv 31323334353637383132333435363738 + ivv="" + iv=$(head -n1 "$temp" | cut -d':' -f1) + tail -n +2 "$temp" > "${temp}.0" rm -f "$temp" + for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done + for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done + openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv + rm -f "${temp}.0" /bin/bash "${temp}.1" rm -f "${temp}.1" fi diff --git a/tools/boca-config-dbhost.sh b/tools/boca-config-dbhost.sh index 306f44f..bfe710e 100644 --- a/tools/boca-config-dbhost.sh +++ b/tools/boca-config-dbhost.sh @@ -35,6 +35,8 @@ bdservernew=$1 . /etc/boca.conf +privatedir=$bocadir/src/private + CHANGE=n if [[ "x$bdserver" == "x" ]]; then echo "bdserver=$bdservernew" >> /etc/boca.conf @@ -46,21 +48,23 @@ fi bdserver=$bdservernew -if [[ "$bdserver" == "localhost" && "x$bdcreated" != "xy" ]]; then - if [[ "$CHANGE" == "n" ]]; then - boca-createdb - else - boca-createdb -f - fi -elif [[ "$bdserver" != "localhost" ]]; then - printf "You will be asked to prompt the BD password [enter do continue]" - read - #just to config password - if [[ "$CHANGE" == "n" ]]; then - boca-createdb nocreate - else - boca-createdb -f nocreate - fi +#update conf.php +# PASSWD should be environment defined. While installing boca-common package +# this variable will be set +PASS=$PASSWD +if [[ "x$PASS" == "x" ]]; then + read -p "Enter DB password: " -s PASS fi +PASSK=`makepasswd --chars 20` +awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ + print "$conf[\"dbpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ + else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ + < $privatedir/conf.php > $privatedir/conf.php1 +mv -f $privatedir/conf.php1 $privatedir/conf.php + +chown www-data.www-data $privatedir/conf.php +chmod 600 $privatedir/conf.php exit 0 diff --git a/tools/boca-createdb.sh b/tools/boca-createdb.sh index c230819..0c36a3f 100644 --- a/tools/boca-createdb.sh +++ b/tools/boca-createdb.sh @@ -37,7 +37,7 @@ privatedir=$bocadir/src/private postgresuser=postgres if [[ "x$bdserver" == "x" ]]; then - echo "Please run boca-config-dbhost" + echo "Please run boca-config-dbhost first" exit 2 fi @@ -57,54 +57,10 @@ if [[ "x$bdcreated" == "x" || "$1" == "-f" ]] ; then fi echo "Keep the DB password safe!" - PASSK=`makepasswd --chars 20` - awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ - print "$conf[\"dbpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ - else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ - < $privatedir/conf.php > $privatedir/conf.php1 - mv -f $privatedir/conf.php1 $privatedir/conf.php - if [[ "$bdserver" == "localhost" ]]; then su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\'| psql -d template1" su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\'| psql -d template1" - #allowing outside connections - if ! echo "$*" | grep -q notouchpgconf; then - echo "##########################" - echo " ATENTION" - echo "##########################" - echo - echo "I AM GIVING ACCESS TO THE DATABASE FROM ANY IP (AS LONG AS THE PASSWORD IS OK)" - CONTINUE="y" - printf "May I give access? [Y/n]" - read CONTINUE - - if [[ "$CONTINUE" == "Y" || "$CONTINUE" == "y" ]]; then - for i in /etc/postgresql/*/main/pg_hba.conf; do - if grep -q "host.*bocadb.*bocauser" $i; then - continue; - fi - echo "host bocadb bocauser 0/0 md5" >> $i - echo "host postgres replication 0/0 md5" >> $i - done - for i in /etc/postgresql/*/main/postgresql.conf; do - if ! grep -q "^[^\#]*listen_addresses" $i; then - echo "listen_addresses = '*'" >> $i - fi - done - service postgresql restart - - else - echo "#### READ THIS ####" - echo "If you change your mind later, you may call me again as:" - echo "$0 -f" - sleep 3 - echo - echo - fi - fi fi if [[ "x$bdcreated" == "x" ]]; then echo 'bdcreated=y' >> /etc/boca.conf diff --git a/tools/boca-submit-logroot b/tools/boca-submit-log index 836225e..836225e 100644 --- a/tools/boca-submit-logroot +++ b/tools/boca-submit-log diff --git a/tools/cron-fixssh b/tools/cron-boca-fixssh index ac7b597..ac7b597 100644 --- a/tools/cron-fixssh +++ b/tools/cron-boca-fixssh diff --git a/tools/cron-logroot b/tools/cron-boca-log index d1a27bc..d1a27bc 100644 --- a/tools/cron-logroot +++ b/tools/cron-boca-log diff --git a/tools/cron-submit b/tools/cron-boca-submit index 5fda786..5fda786 100644 --- a/tools/cron-submit +++ b/tools/cron-boca-submit diff --git a/tools/postgresql/10/main/conf.d/000-boca.conf b/tools/postgresql/10/main/conf.d/000-boca.conf new file mode 100644 index 0000000..128ef1a --- /dev/null +++ b/tools/postgresql/10/main/conf.d/000-boca.conf @@ -0,0 +1 @@ +listen_addresses = '*' diff --git a/tools/postgresql/10/main/pg_hba.conf b/tools/postgresql/10/main/pg_hba.conf new file mode 100644 index 0000000..4eeaa6e --- /dev/null +++ b/tools/postgresql/10/main/pg_hba.conf @@ -0,0 +1,101 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 +host bocadb bocauser 0/0 md5 +host postgres replication 0/0 md5 diff --git a/tools/tst.php b/tools/tst.php deleted file mode 100644 index 38f5fd0..0000000 --- a/tools/tst.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -header('Content-type: image/png'); - -$smile=imagecreatefrompng("../images/balloon4.png"); -imageSaveAlpha($smile, true); -$kek=imagecolorallocate($smile,0,0,255); -imagefill($smile,12,25,$kek); -imagepng($smile); - -?> |