Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace deprecated mysql api #21

Open
wants to merge 8 commits into
base: release
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,5 @@

# Ignore file with the account data
/password.dat

/pages/index/feed.rss
17 changes: 0 additions & 17 deletions README

This file was deleted.

89 changes: 89 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# LibreSSL Documentation

(c) 2005-2020 by CAcert Inc. License: GNU-GPLv2

## System Requirements

* Linux/POSIX PHP and Webserver (i.e. Apache httpd)
* MySQL compatible database system


* GetText UFPDF - PDF generation library from http://acko.net/node/56
* OpenSSL - X.509 toolkit from http://www.openssl.org/
* openssl-vulnkey including blacklists for all common key sizes
* GnuPG - OpenPGP toolkit from http://www.gnupg.org/
* whois - whois client from http://www.linux.it/~md/software/
* XEnroll - Enrollment Active-X control for IE5/6 from Microsoft (search for xenroll.cab)
* CommModule - CAcert Communication Module

## Setup

### Create a database and database user

Create a new database with charset `latin1` and default collation
`latin1_swedish_ci`. These settings are used for historical reasons.

Create a user that has permissions on the database and has the global
[`FILE`](https://mariadb.com/kb/en/grant/#file) permission that is required to export files using
the `SELECT INTO OUTFILE` clause.

The SQL commands can be executed in a shell via the regular mysql or mariadb command:

```shell
sudo mysql mysql <<<-EOF
-- SQL commands
EOF
```

```sql
CREATE DATABASE cacert CHARSET latin1 COLLATE latin1_swedish_ci;
CREATE USER cacertmigration@localhost IDENTIFIED BY 'hardtoguesslongpassword';
GRANT ALL PRIVILEGES ON cacert.* TO cacertmigration@localhost;
GRANT FILE ON *.* TO cacertmigration@localhost;
```

It is a good idea to create a different user for the application that has only the necessary privileges:

```sql
CREATE USER cacertapplication@localhost IDENTIFIED BY 'anotherhardpassword';
GRANT CREATE TEMPORARY TABLES ON cacert.* TO cacertapplication@localhost;
GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO cacertapplication@localhost;
```

### Apply schema migrations

```shell
sh scripts/db_migrations/version0.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version1.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version2.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version3.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version4.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version5.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
sh scripts/db_migrations/version6.sh -h localhost -u cacertmigration -phardtoguesslongpassword cacert
```

### Configuration

The application is configured via a set of environment variables. The variables can be defined via
[`SetEnv` directives](https://httpd.apache.org/docs/current/mod/mod_env.html#setenv). The following environment
variables are used:

Variable | Description | Default value
---- | ---- | ----
`DEPLOYMENT_NAME` | name of the specific instance | `"CAcert.org Website"`
`CRT_DIRECTORY`* | directory where certificates are stored | none
`CSR_DIRECTORY`* | directory where CSRs are stored | none
`MYSQL_WEBDB_DATABASE`* | database name | none
`MYSQL_WEBDB_HOSTNAME`* | database hostname | none
`MYSQL_WEBDB_PASSWORD`* | database password | none
`MYSQL_WEBDB_USER`* | database user name | none
`RETURN_ADDRESS`* | return address (Errors-To header) for outgoing mails | none
`SMTP_HOST`* | mail server to use for outgoing mails | none
`SMTP_PORT` | port of the mail server | `25`
`INSECURE_PORT` | port to use for http | none (defaults to 80)
`SECURE_PORT` | port to use for https | none (default to 443)
`DEFAULT_HOSTNAME`* | hostname for the default URL | none
`SECURE_HOSTNAME`* | hostname for client certificate authentication | none
`TVERIFY_HOSTNAME`* | hostname for tverify | none

Environment variables marked with an asterisk (*) need to be defined explicitly.
30 changes: 30 additions & 0 deletions TODO.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Development to do list

## Modernization for PHP > 5 and newer OS

* change from deprecated mysql to mysqli ✅
* switch to supported PDF library ([tcpdf](https://tcpdf.org/))

## Maintainability

* rename numbered files to something more readable
* implement release automation
* implement automated tests

## Best practice implementation

* switch everything to UTF-8 (better i18n, support for international names, support for modern PDF library, ...)
* use redirect after POST for all form actions
* implement CSRF protection

## Code quality

* do not store request scoped objects in session
* unify formatting
* add copyright headers in all files
* remove dead code / commented sections

## Documentation

* add documentation for all request flows
* add documentation for the signer protocol
6 changes: 6 additions & 0 deletions changelog.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Change log

## _unreleased_

* switch from deprecated mysql_* APIs to [mysqli](https://www.php.net/manual/de/book.mysqli.php)
* add documentation for setup (in [README.md](README.md)) and [development to do list](TODO.md)
2 changes: 0 additions & 2 deletions includes/.cvsignore

This file was deleted.

1 change: 0 additions & 1 deletion includes/.gitignore

This file was deleted.

2 changes: 1 addition & 1 deletion includes/about_menu.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<li><a href="http://bugs.CAcert.org/"><?=_("Bug Database")?></a></li>
<? // <li><a href="/index.php?id=47">< = _ ("PR Materials" ) > </a></li> ?>
<? // <li><a href="/logos.php">< ? = _ ( " CAcert Logos " ) ? > </a></li> ?>
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?> <li><a href="/stats.php"><?=_("CAcert Statistics")?></a></li> <? } ?>
<? if($GLOBALS["db_conn"]) { ?> <li><a href="/stats.php"><?=_("CAcert Statistics")?></a></li> <? } ?>
<li><a href="http://blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li>
<? //- <li><a href="/index.php?id=7"> < ? = _ ( " Credits " ) ? > </a></li> ?>
<li><a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a></li>
Expand Down
Loading