diff --git a/api/autoload.php b/api/autoload.php index b4b7d7da..dbc64116 100644 --- a/api/autoload.php +++ b/api/autoload.php @@ -35,9 +35,11 @@ require_once(__DIR__ . '/businesslogic/security/BannedEmail.php'); require_once(__DIR__ . '/businesslogic/security/BannedIp.php'); // Exceptions +require_once(__DIR__ . '/businesslogic/exception/ApiFriendlyException.php'); require_once(__DIR__ . '/businesslogic/exception/InvalidAuthenticationTokenException.php'); require_once(__DIR__ . '/businesslogic/exception/MissingAuthenticationTokenException.php'); require_once(__DIR__ . '/businesslogic/exception/ValidationException.php'); +require_once(__DIR__ . '/core/SQLException.php'); hesk_load_api_database_functions(); diff --git a/api/businesslogic/exception/ApiFriendlyException.php b/api/businesslogic/exception/ApiFriendlyException.php new file mode 100644 index 00000000..f9fac53b --- /dev/null +++ b/api/businesslogic/exception/ApiFriendlyException.php @@ -0,0 +1,25 @@ +title = $title; + $this->httpResponseCode = $httpResponseCode; + + parent::__construct($message); + } + +} \ No newline at end of file diff --git a/api/businesslogic/exception/InvalidAuthenticationTokenException.php b/api/businesslogic/exception/InvalidAuthenticationTokenException.php index d4686332..c28ff8a0 100644 --- a/api/businesslogic/exception/InvalidAuthenticationTokenException.php +++ b/api/businesslogic/exception/InvalidAuthenticationTokenException.php @@ -2,10 +2,11 @@ namespace BusinessLogic\Exceptions; -use Exception; -class InvalidAuthenticationTokenException extends Exception { +class InvalidAuthenticationTokenException extends ApiFriendlyException { public function __construct() { - parent::__construct('The X-Auth-Token is invalid. The token must be for an active helpdesk user.'); + parent::__construct('The X-Auth-Token is invalid. The token must be for an active helpdesk user.', + 'Security Exception', + 401); } } \ No newline at end of file diff --git a/api/businesslogic/exception/MissingAuthenticationTokenException.php b/api/businesslogic/exception/MissingAuthenticationTokenException.php index 1e0ee1e9..596839ff 100644 --- a/api/businesslogic/exception/MissingAuthenticationTokenException.php +++ b/api/businesslogic/exception/MissingAuthenticationTokenException.php @@ -1,17 +1,11 @@ failingQuery = $failingQuery; + + parent::__construct('A SQL exception occurred. Check the logs for more information.'); + } +} \ No newline at end of file diff --git a/api/core/database.inc.php b/api/core/database.inc.php index 08a20ae2..d93a1389 100755 --- a/api/core/database.inc.php +++ b/api/core/database.inc.php @@ -112,30 +112,15 @@ function hesk_dbConnect() // Errors? if ( ! $hesk_db_link) { - if ($hesk_settings['debug_mode']) - { - $message = $hesklang['mysql_said'] . ': ' . mysql_error(); - } - else - { - $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email']; - } - //TODO Throw exception - //print_error($hesklang['cant_connect_db'], $message); + $message = $hesklang['mysql_said'] . ': ' . mysql_error(); + + throw new \Core\Exceptions\SQLException($message); } - if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) - { - if ($hesk_settings['debug_mode']) - { - $message = $hesklang['mysql_said'] . ': ' . mysql_error(); - } - else - { - $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email']; - } - //TODO Throw exception - //print_error($hesklang['cant_connect_db'], $message); + if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) { + $message = $hesklang['mysql_said'] . ': ' . mysql_error(); + + throw new \Core\Exceptions\SQLException($message); } // Check MySQL/PHP version and set encoding to utf8 @@ -168,21 +153,12 @@ function hesk_dbQuery($query) $hesk_last_query = $query; - if ($res = @mysql_query($query, $hesk_db_link)) - { + if ($res = @mysql_query($query, $hesk_db_link)) { return $res; } - elseif ($hesk_settings['debug_mode']) - { - $message = $hesklang['mysql_said'] . mysql_error(); - } - else - { - $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email']; - } - //TODO Throw exception - //print_error($hesklang['cant_sql'], $message); - return null; + + $message = $hesklang['mysql_said'] . mysql_error(); + throw new \Core\Exceptions\SQLException($message); } // END hesk_dbQuery() @@ -219,6 +195,7 @@ function hesk_dbInsertID() return $lastid; } + return null; } // END hesk_dbInsertID() diff --git a/api/core/database_mysqli.inc.php b/api/core/database_mysqli.inc.php index f25f3004..0734a2b5 100755 --- a/api/core/database_mysqli.inc.php +++ b/api/core/database_mysqli.inc.php @@ -120,17 +120,9 @@ function hesk_dbConnect() // Errors? if ( ! $hesk_db_link) { - if ($hesk_settings['debug_mode']) - { - $message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error(); - } - else - { - $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email']; - } + $message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error(); - //TODO Throw exception instead - //print_error($hesklang['cant_connect_db'], $message); + throw new \Core\Exceptions\SQLException($message); } // Check MySQL/PHP version and set encoding to utf8 @@ -169,18 +161,9 @@ function hesk_dbQuery($query) { return $res; } - elseif ($hesk_settings['debug_mode']) - { - $message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link); - } - else - { - $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email']; - } - //TODO Throw exception instead - //print_error($hesklang['cant_sql'], $message); - return null; + $message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link); + throw new \Core\Exceptions\SQLException($message); } // END hesk_dbQuery() diff --git a/api/dao/security/UserGateway.php b/api/dao/security/UserGateway.php index 95eb9dcf..1962f3ff 100644 --- a/api/dao/security/UserGateway.php +++ b/api/dao/security/UserGateway.php @@ -1,11 +1,4 @@ init(); $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "users` WHERE `id` = ( - SELECT `` + SELECT `user_id` FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "user_api_tokens` - WHERE `tokens`.`token` = " . hesk_dbEscape($hashedToken) . " + WHERE `token` = '" . hesk_dbEscape($hashedToken) . "' ) AND `active` = '1'"); if (hesk_dbNumRows($rs) === 0) { diff --git a/api/dao/ticket/TicketGateway.php b/api/dao/ticket/TicketGateway.php new file mode 100644 index 00000000..cb0f246e --- /dev/null +++ b/api/dao/ticket/TicketGateway.php @@ -0,0 +1,13 @@ +getMessage(), 400); - } elseif (exceptionIsOfType($exception, 'InvalidAuthenticationTokenException')) { - print_error("Security Exception", $exception->getMessage(), 401); + if (exceptionIsOfType($exception, 'ApiFriendlyException')) { + /* @var $castedException \BusinessLogic\Exceptions\ApiFriendlyException */ + $castedException = $exception; + + print_error($castedException->title, $castedException->getMessage(), $castedException->httpResponseCode); } else { - print_error("Fought an uncaught exception", sprintf("%s\n\n%s", $exception->getMessage(), $exception->getTraceAsString())); + if (exceptionIsOfType($exception, 'SQLException')) { + /* @var $castedException \Core\Exceptions\SQLException */ + $castedException = $exception; + print_error("Fought an uncaught exception", sprintf("%s\n\n%s", $castedException->failingQuery, $exception->getTraceAsString())); + } else { + print_error("Fought an uncaught exception", sprintf("%s\n\n%s", $exception->getMessage(), $exception->getTraceAsString())); + } + } // Log more stuff to logging table if possible; we'll catch any exceptions from this die(); diff --git a/api/testcategory.php b/api/testcategory.php deleted file mode 100644 index cd9592ab..00000000 --- a/api/testcategory.php +++ /dev/null @@ -1,11 +0,0 @@ -