PageRenderTime 19ms CodeModel.GetById 1ms app.highlight 13ms RepoModel.GetById 1ms app.codeStats 0ms

/mod/php-intro/crud-videos.php

https://github.com/arwhyte/tsugi
PHP | 285 lines | 228 code | 48 blank | 9 comment | 46 complexity | 0b3c56e5f328adf6480b811e51d6b455 MD5 | raw file
  1<?php
  2
  3require_once "../../config.php";
  4require_once "webauto.php";
  5use Goutte\Client;
  6
  7line_out("Grading PHP-Intro Video Application");
  8
  9$url = getUrl('http://www.php-intro.com/exam/mid-w14-videos');
 10if ( $url === false ) return;
 11$grade = 0;
 12
 13error_log("Videos ".$url);
 14line_out("Retrieving ".htmlent_utf8($url)."...");
 15flush();
 16
 17$client = new Client();
 18
 19$crawler = $client->request('GET', $url);
 20
 21// Yes, one gigantic unindented try/catch block
 22$passed = 0;
 23$titlefound = true;
 24try {
 25
 26$html = $crawler->html();
 27$OUTPUT->togglePre("Show retrieved page",$html);
 28
 29$retval = webauto_check_title($crawler);
 30if ( $retval !== true ) {
 31    error_out($retval);
 32    $titlefound = false;
 33}
 34
 35line_out("Looking for Add New link.");
 36$link = $crawler->selectLink('Add New')->link();
 37$url = $link->getURI();
 38line_out("Retrieving ".htmlent_utf8($url)."...");
 39
 40$crawler = $client->request('GET', $url);
 41$html = $crawler->html();
 42$OUTPUT->togglePre("Show retrieved page",$html);
 43$passed++;
 44
 45// Add new fail
 46line_out("Looking for the form with a 'Add New' submit button");
 47$form = $crawler->selectButton('Add New')->form();
 48line_out("-- this autograder expects the form field names to be:");
 49line_out("-- url, email, length, and rating");
 50line_out("-- if your fields do not match these, the next tests will fail.");
 51line_out("Causing Add error, leaving length and rating blank.");
 52$form->setValues(array("url" => "Sarah", "email" => "Anytown", "length" => "", "rating" => ""));
 53$crawler = $client->submit($form);
 54$passed++;
 55
 56$html = $crawler->html();
 57$OUTPUT->togglePre("Show retrieved page",$html);
 58checkPostRedirect($client);
 59
 60line_out("Expecting 'All values are required'");
 61if ( strpos(strtolower($html), 'are required') !== false ) {
 62    $passed++;
 63} else {
 64    error_out("Could not find 'All values are required'");
 65}
 66
 67line_out("Looking in add.php for an 'Add New' submit button");
 68$form = $crawler->selectButton('Add New')->form();
 69
 70line_out("Causing Add error, putting in bad email address.");
 71$form->setValues(array("url" => "http://www.php-intro.com", "email" => "PO Box 123", "length" => "12", "rating" => "6"));
 72$crawler = $client->submit($form);
 73$passed++;
 74
 75$html = $crawler->html();
 76$OUTPUT->togglePre("Show retrieved page",$html);
 77checkPostRedirect($client);
 78
 79line_out("Expecting 'Error in input data'");
 80if ( strpos(strtolower($html), 'error in') !== false ) {
 81    $passed++;
 82} else {
 83    error_out("Could not find 'Error in input data'");
 84}
 85
 86line_out("Looking for the form with a 'Add New' submit button");
 87$form = $crawler->selectButton('Add New')->form();
 88$url = 'http://www.php-intro.com/x.php?data='.sprintf("%03d",rand(1,100));
 89$email = "sarah@php-intro.com";
 90$length = rand(1,100);
 91$rating = rand(1,100);
 92line_out("Entering url=$url, email=$email, length=$length");
 93$form->setValues(array("url" => $url, "email" => $email, "length" => $length, "rating" => "12345"));
 94$crawler = $client->submit($form);
 95$passed++;
 96
 97$html = $crawler->html();
 98$OUTPUT->togglePre("Show retrieved page",$html);
 99checkPostRedirect($client);
100
101line_out("Looking '$url' entry");
102$pos = strpos($html, $url);
103$pos2 = strpos($html, "edit.php", $pos);
104$body = substr($html,$pos,$pos2-$pos);
105# echo "body=",htmlentities($body);
106line_out("Looking for email=$email and length=$length");
107if ( strpos($body,''.$email) < 1 || strpos($body,''.$length) < 1 ) {
108    error_out("Could not find email=$email and length=$length");
109} else {
110    $passed++;
111}
112
113line_out("Looking for edit.php link associated with '$url' entry");
114$pos3 = strpos($html, '"', $pos2);
115$editlink = substr($html,$pos2,$pos3-$pos2);
116line_out("Retrieving ".htmlent_utf8($editlink)."...");
117
118$crawler = $client->request('GET', $editlink);
119$html = $crawler->html();
120$OUTPUT->togglePre("Show retrieved page",$html);
121$passed++;
122
123line_out("Looking for the form with a 'Update' submit button");
124$form = $crawler->selectButton('Update')->form();
125$length = rand(1,100);
126$rating = rand(1,100);
127line_out("Editing url=$url, length=$length, rating=$rating");
128$form->setValues(array("url" => $url, "email" => $email, "length" => $length, "rating" => "12345"));
129$crawler = $client->submit($form);
130$html = $crawler->html();
131$OUTPUT->togglePre("Show retrieved page",$html);
132$passed++;
133checkPostRedirect($client);
134
135// Delete...
136line_out("Looking '$url' entry");
137$pos = strpos($html, $url);
138$pos2 = strpos($html, "delete.php", $pos);
139$body = substr($html,$pos,$pos2-$pos);
140# echo "body=",htmlentities($body);
141line_out("Looking for email=$email and length=$length");
142if ( strpos($body,''.$email) < 1 || strpos($body,''.$length) < 1 ) {
143    error_out("Could not find email=$email and length=$length");
144} else {
145    $passed++;
146}
147
148line_out("Looking for delete.php link associated with '$url' entry");
149$pos3 = strpos($html, '"', $pos2);
150$editlink = substr($html,$pos2,$pos3-$pos2);
151line_out("Retrieving ".htmlent_utf8($editlink)."...");
152
153$crawler = $client->request('GET', $editlink);
154$html = $crawler->html();
155$OUTPUT->togglePre("Show retrieved page",$html);
156$passed++;
157
158// Do the Delete
159line_out("Looking for the form with a 'Delete' submit button");
160$form = $crawler->selectButton('Delete')->form();
161$crawler = $client->submit($form);
162$html = $crawler->html();
163$OUTPUT->togglePre("Show retrieved page",$html);
164$passed++;
165checkPostRedirect($client);
166
167line_out("Making sure '$url' has been deleted");
168if ( strpos($html,$url) > 0 ) {
169    error_out("Entry '$url' not deleted");
170} else {
171    $passed++;
172}
173
174line_out("Cleaning up old records...");
175while (True ) {
176    $pos2 = strpos($html, "delete.php");
177    if ( $pos2 < 1 ) break;
178    $pos3 = strpos($html, '"', $pos2);
179    if ( $pos3 < 1 ) break;
180    $editlink = substr($html,$pos2,$pos3-$pos2);
181    line_out("Retrieving ".htmlent_utf8($editlink)."...");
182
183    $crawler = $client->request('GET', $editlink);
184    $html = $crawler->html();
185    $OUTPUT->togglePre("Show retrieved page",$html);
186
187    // Do the Delete
188    line_out("Looking for the form with a 'Delete' submit button");
189    $form = $crawler->selectButton('Delete')->form();
190    $crawler = $client->submit($form);
191    $html = $crawler->html();
192    $OUTPUT->togglePre("Show retrieved page",$html);
193
194    checkPostRedirect($client);
195    $passed--;  // Undo post redirect
196}
197
198line_out("Testing for HTML injection (proper use of htmlentities)...");
199line_out("Looking for Add New link.");
200$link = $crawler->selectLink('Add New')->link();
201$url = $link->getURI();
202line_out("Retrieving ".htmlent_utf8($url)."...");
203
204$crawler = $client->request('GET', $url);
205$html = $crawler->html();
206$OUTPUT->togglePre("Show retrieved page",$html);
207$passed++;
208
209line_out("Looking for the form with a 'Add New' submit button");
210$form = $crawler->selectButton('Add New')->form();
211$url = 'http://www.php-intro.com/x.php?>data='.sprintf("%03d",rand(1,100));
212$email = "Sarah_is_so_>@php-intro.com";
213$length = rand(1,100);
214line_out("Entering url=$url, email=$email, length=$length");
215$form->setValues(array("url" => $url, "email" => $email, "length" => $length, "rating" => "12345"));
216$crawler = $client->submit($form);
217$passed++;
218
219$html = $crawler->html();
220$OUTPUT->togglePre("Show retrieved page",$html);
221checkPostRedirect($client);
222
223if ( strpos($html, "_>@php") > 0 ) {
224    error_out("Found HTML Injection");
225    throw new Exception("Found HTML Injection");
226} else if ( strpos($html, "_&gt;@php") > 0 ) {
227    $passed+=2;
228    line_out("Passed HTML Injection test");
229} else {
230    error_out("Cannot find email address on page");
231}
232
233$pos = strpos($html,"Sarah");
234$pos2 = strpos($html, "delete.php", $pos);
235line_out("Looking for delete.php link associated with 'Sarah' entry");
236$pos3 = strpos($html, '"', $pos2);
237$editlink = substr($html,$pos2,$pos3-$pos2);
238line_out("Retrieving ".htmlent_utf8($editlink)."...");
239
240$crawler = $client->request('GET', $editlink);
241$html = $crawler->html();
242$OUTPUT->togglePre("Show retrieved page",$html);
243$passed++;
244
245if ( strpos($html, "x.php?>data") > 0 ) {
246    error_out("Found HTML Injection");
247    throw new Exception("Found HTML Injection");
248} else if ( strpos($html, "x.php?&gt;data") > 0 ) {
249    $passed+=2;
250    line_out("Passed HTML Injection test");
251} else {
252    error_out("Cannot find email address on page");
253}
254
255// $passed+=2;
256
257line_out("Looking for the form with a 'Delete' submit button");
258$form = $crawler->selectButton('Delete')->form();
259$crawler = $client->submit($form);
260$html = $crawler->html();
261$OUTPUT->togglePre("Show retrieved page",$html);
262$passed++;
263checkPostRedirect($client);
264
265
266} catch (Exception $ex) {
267    error_out("The autograder did not find something it was looking for in your HTML - test ended.");
268    error_log($ex->getMessage());
269    error_log($ex->getTraceAsString());
270    $detail = "This indicates the source code line where the test stopped.\n" .
271        "It may not make any sense without looking at the source code for the test.\n".
272        'Caught exception: '.$ex->getMessage()."\n".$ex->getTraceAsString()."\n";
273    $OUTPUT->togglePre("Internal error detail.",$detail);
274}
275
276// There is a maximum of 28 passes for this test
277$perfect = 28;
278$score = webauto_compute_effective_score($perfect, $passed, $penalty);
279
280if ( ! $titlefound ) {
281    error_out("These pages do not have proper titles so this grade is not official");
282    return;
283}
284
285if ( $score > 0.0 ) webauto_test_passed($score, $url);