gitphp 0.2.9.1 :: contractdashboard.git/commitdiff

Add openid security

23 files changed: (show all)
admin/agency2portfolio.php (deleted)
admin/fixoldamend.php
admin/import.php
admin/importUNSPSC.php
admin/linkAmendments.php
admin/partialdata/import.php
admin/partialdata/importamendments.php
admin/partialdata/scraper.txt
admin/setAgencyStatus.php (deleted)
admin/setAgencyURLABN.php (deleted)
displayContract.php
futureindex.php (deleted)
heuristics/metadataHeuristics.php
heuristics/runHeuristics.php
heuristics/viewHeuristicsDistribution.php
index.php (new)
lib/common.inc.php
lib/openid-php/Auth/OpenID/Consumer.php (new)
lib/openid-php/Auth/OpenID/Server.php (new)
lib/openid-php/Auth/OpenID/TrustRoot.php (new)
lib/openid-php/Auth/Yadis/Manager.php (new)
lib/openid-php/Auth/Yadis/XRDS.php (new)
lib/openid.php (new)

file:a/admin/agency2portfolio.php (deleted)

<?php

// Returns portfolio scraped live from directory.gov.au
// or null if can't find a portfolio
function agency2portfolio ($agency) {
static $cache = array();
if (isset($cache[$agency])) { return $cache[$agency]; }
$c = curl_init('http://www.directory.gov.au/searchres.php');
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_HEADER, false);
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_REFERER, 'http://www.directory.gov.au/adsearch.php');
curl_setopt($c, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3');
curl_setopt($c, CURLOPT_POSTFIELDS, array(
'advkeywordfield' => '',
'advorgunitfield' => $agency,
'advrolefield' => '',
'advsection' => 'All',
'advsurnamefield' => '',
'search' => 'Submit Query'
));
$results = curl_exec($c);

if (preg_match('#<span\s+class="standardlinks"><a\s+href="([^"]+)">#smi', $results, $m)) {
$nextURL = $m[1];
} else {
$cache[$agency] = false; return false;
}

curl_setopt($c, CURLOPT_URL, 'http://www.directory.gov.au' . $nextURL);
curl_setopt($c, CURLOPT_HTTPGET, true);
curl_setopt($c, CURLOPT_REFERER, 'http://www.directory.gov.au/searchres.php');
$results = curl_exec($c);
if (preg_match('#portfolios:\s+([^<]+)#ims', $results, $m)) {
$cache[$agency] = $m[1]; return $m[1];
} else {
$cache[$agency] = false; return false;
}
}

?>

file:a/admin/fixoldamend.php -> file:b/admin/fixoldamend.php

<?php	<?php
	if (php_sapi_name() != "cli") {
include_once("../lib/common.inc.php");
	include_once ("../lib/common.inc.php");
	auth();
$query = 'update contractnotice set "parentCN" = null where "parentCN" = \'0\'';	$query = 'update contractnotice set "parentCN" = null where "parentCN" = \'0\'';
$result = $conn->prepare($query);	$result = $conn->prepare($query);
$result->execute();	$result->execute();
$query = 'update contractnotice set "childCN" = null where "childCN" = \'0\'';	$query = 'update contractnotice set "childCN" = null where "childCN" = \'0\'';
$result = $conn->prepare($query);	$result = $conn->prepare($query);
$result->execute();	$result->execute();
$query = 'select "CNID","parentCN" from contractnotice where char_length("CNID") > 6 and "CNID" like \'%00_\' and "parentCN" is not null';	$query = 'select "CNID","parentCN" from contractnotice where char_length("CNID") > 6 and "CNID" like \'%00_\' and "parentCN" is not null';
// "CNID" not like '%-A%'	// "CNID" not like '%-A%'
//$query = 'select "CNID","parentCN" from contractnotice where char_length("CNID") > 8 and "CNID" like \'%00__\' and "parentCN" is not null';	//$query = 'select "CNID","parentCN" from contractnotice where char_length("CNID") > 8 and "CNID" like \'%00__\' and "parentCN" is not null';
$result = $conn->prepare($query);	$result = $conn->prepare($query);
$result->execute();	$result->execute();
foreach ($result->fetchAll() as $record) {	foreach ($result->fetchAll() as $record) {
$oldCN = $record['CNID'];	$oldCN = $record['CNID'];
$parentCN = substr($oldCN, 0, -3);	$parentCN = substr($oldCN, 0, -3);
//$parentCN = substr($oldCN, 0, -4);	//$parentCN = substr($oldCN, 0, -4);
if ($parentCN == $record['parentCN']) {	if ($parentCN == $record['parentCN']) {
$newCN = $parentCN . "-A" . substr($oldCN, -1);	$newCN = $parentCN . "-A" . substr($oldCN, -1);
//$newCN = $parentCN . "-A" . substr($oldCN, -2);	//$newCN = $parentCN . "-A" . substr($oldCN, -2);
$updateresult = $conn->exec('UPDATE contractnotice SET "CNID" = \'' . $newCN . '\' where "CNID" = \'' . $oldCN . '\';');	$updateresult = $conn->exec('UPDATE contractnotice SET "CNID" = \'' . $newCN . '\' where "CNID" = \'' . $oldCN . '\';');

$errors = $conn->errorInfo();	$errors = $conn->errorInfo();

if ($errors[1] == 7) {	if ($errors[1] == 7) {
echo "$oldCN => $newCN (from parent CN $parentCN) BUT already exists so deleting this record<br>\n";	echo "$oldCN => $newCN (from parent CN $parentCN) BUT already exists so deleting this record<br>\n";
$updateresult = $conn->exec('delete from contractnotice where "CNID" = \'' . $oldCN . '\';');	$updateresult = $conn->exec('delete from contractnotice where "CNID" = \'' . $oldCN . '\';');

}else if ($errors[1] == 0) {	}else if ($errors[1] == 0) {

echo "$oldCN => $newCN (from parent CN $parentCN) <br>\n";	echo "$oldCN => $newCN (from parent CN $parentCN) <br>\n";
}else	}else
print_r($errors);	print_r($errors);
} else {	} else {
echo "parent CN unexpected - $oldCN doesn't look like child of {$record['parentCN']}, rather the ID suggests child of $parentCN <br>\n";	echo "parent CN unexpected - $oldCN doesn't look like child of {$record['parentCN']}, rather the ID suggests child of $parentCN <br>\n";
}	}
}	}
	}

file:a/admin/import.php -> file:b/admin/import.php

<?php	<?php
	if (php_sapi_name() != "cli") {

include_once ("../lib/common.inc.php");	include_once ("../lib/common.inc.php");
	auth();
$contractNoticeFields = array(	$contractNoticeFields = array(
"importFile",	"importFile",
"agencyName",	"agencyName",
"parentCN",	"parentCN",
"CNID",	"CNID",
"publishDate",	"publishDate",
"amendDate",	"amendDate",
"contractStart",	"contractStart",
"contractEnd",	"contractEnd",
"value",	"value",
"description",	"description",
"agencyID",	"agencyID",
"category",	"category",
"procurementMethod",	"procurementMethod",
"atmID",	"atmID",
"SONID",	"SONID",
"confidentialityContract",	"confidentialityContract",
"confidentialityContractReason",	"confidentialityContractReason",
"confidentialityOutputs",	"confidentialityOutputs",
"confidentialityOutputsReason",	"confidentialityOutputsReason",
"consultancy",	"consultancy",
"consultancyReason",	"consultancyReason",
"amendmentReason",	"amendmentReason",
"supplierName",	"supplierName",
"supplierAddress",	"supplierAddress",
"supplierCity",	"supplierCity",
"supplierPostcode",	"supplierPostcode",
"supplierCountry",	"supplierCountry",
"supplierABNExempt",	"supplierABNExempt",
"supplierABN",	"supplierABN",
"contactBranch",	"contactBranch",
"contactDivision",	"contactDivision",
"contactPostcode"	"contactPostcode"
);	);

$contractNoticeInsertQ = 'INSERT INTO contractnotice ("' . implode('" , "', $contractNoticeFields) . '") VALUES ( ';	$contractNoticeInsertQ = 'INSERT INTO contractnotice ("' . implode('" , "', $contractNoticeFields) . '") VALUES ( ';
foreach ($contractNoticeFields as $key => $f) {	foreach ($contractNoticeFields as $key => $f) {
$contractNoticeInsertQ.= ($key == 0 ? "" : ", ") . "?";	$contractNoticeInsertQ.= ($key == 0 ? "" : ", ") . "?";
}	}
$contractNoticeInsertQ.= ");";	$contractNoticeInsertQ.= ");";
$contractNoticeInsertQ = $conn->prepare($contractNoticeInsertQ);	$contractNoticeInsertQ = $conn->prepare($contractNoticeInsertQ);

function processFile($fpath) {	function processFile($fpath) {
global $conn, $contractNoticeFields, $contractNoticeInsertQ;	global $conn, $contractNoticeFields, $contractNoticeInsertQ;
$row = 1;	$row = 1;
$handle = fopen($fpath, "r");	$handle = fopen($fpath, "r");
//"t" mode string translates windows line breaks to unix	//"t" mode string translates windows line breaks to unix
$datamapping0712 = array(	$datamapping0712 = array(
"Agency" => "agencyName",	"Agency" => "agencyName",
"Parent CN ID" => "parentCN",	"Parent CN ID" => "parentCN",
"CN ID" => "CNID",	"CN ID" => "CNID",
"Publish Date" => "publishDate",	"Publish Date" => "publishDate",
"Amendment Date" => "amendDate",	"Amendment Date" => "amendDate",
"Status" => "",	"Status" => "",
"StartDate" => "contractStart",	"StartDate" => "contractStart",
"EndDate" => "contractEnd",	"EndDate" => "contractEnd",
"Value" => "value",	"Value" => "value",
"Description" => "description",	"Description" => "description",
"Agency Ref Id" => "agencyID",	"Agency Ref Id" => "agencyID",
"Agency Ref. ID" => "agencyID",	"Agency Ref. ID" => "agencyID",
"Category" => "category",	"Category" => "category",
"Procurement Method" => "procurementMethod",	"Procurement Method" => "procurementMethod",
"ATM ID" => "atmID",	"ATM ID" => "atmID",
"SON ID" => "SONID",	"SON ID" => "SONID",
"Confidentiality - Contract" => "confidentialityContract",	"Confidentiality - Contract" => "confidentialityContract",
"Confidentiality - Contract Reason(s)" => "confidentialityContractReason",	"Confidentiality - Contract Reason(s)" => "confidentialityContractReason",
"Confidentiality - Outputs" => "confidentialityOutputs",	"Confidentiality - Outputs" => "confidentialityOutputs",
"Confidentiality - Outputs Reason(s)" => "confidentialityOutputsReason",	"Confidentiality - Outputs Reason(s)" => "confidentialityOutputsReason",
"Consultancy" => "consultancy",	"Consultancy" => "consultancy",
"Consultancy Reason(s)" => "consultancyReason",	"Consultancy Reason(s)" => "consultancyReason",
"Amendment Reason" => "amendmentReason",	"Amendment Reason" => "amendmentReason",
"Supplier Name" => "supplierName",	"Supplier Name" => "supplierName",
"Supplier Address" => "supplierAddress",	"Supplier Address" => "supplierAddress",
"Supplier City" => "supplierCity",	"Supplier City" => "supplierCity",
"Supplier Postcode" => "supplierPostcode",	"Supplier Postcode" => "supplierPostcode",
"Supplier Country" => "supplierCountry",	"Supplier Country" => "supplierCountry",
"Supplier ABNExempt" => "supplierABNExempt",	"Supplier ABNExempt" => "supplierABNExempt",
"Supplier ABN" => "supplierABN",	"Supplier ABN" => "supplierABN",
"Agency Branch" => "contactBranch",	"Agency Branch" => "contactBranch",
"Agency Divison" => "contactDivision",	"Agency Divison" => "contactDivision",
"Agency Postcode" => "contactPostcode",	"Agency Postcode" => "contactPostcode",
"" => ""	"" => ""
);	);

$headers;	$headers;

while (($data = fgetcsv($handle, 1000, "\t")) !== false) {	while (($data = fgetcsv($handle, 1000, "\t")) !== false) {
$num = count($data);	$num = count($data);
if ($row == 3) {	if ($row == 3) {
$headers = $data;	$headers = $data;
} elseif ($row > 3) {	} elseif ($row > 3) {
if ($num > count($datamapping0712)) {	if ($num > count($datamapping0712)) {
die("<font color=red>Error in data import; data mapping fields out of bounds or changed</font><br>" . $fname . print_r($data));	die("<font color=red>Error in data import; data mapping fields out of bounds or changed</font><br>" . $fname . print_r($data));
}	}
$contractNoticeInsert = Array();	$contractNoticeInsert = Array();
$supplierInsert = Array();	$supplierInsert = Array();
$agencyInsert = Array();	$agencyInsert = Array();
$contractNoticeInsert[] = $fpath;	$contractNoticeInsert[] = $fpath;
$keys = array_keys($datamapping0712);	$keys = array_keys($datamapping0712);
for ($c = 0; $c < $num; $c++) {	for ($c = 0; $c < $num; $c++) {
$data[$c] = trim($data[$c], "=");	$data[$c] = trim($data[$c], "=");
$data[$c] = trim($data[$c], "\"");	$data[$c] = trim($data[$c], "\"");
if (in_array(($datamapping0712[$headers[$c]]), $contractNoticeFields)) {	if (in_array(($datamapping0712[$headers[$c]]), $contractNoticeFields)) {
if (($datamapping0712[$headers[$c]]) == "parentCN" \|\| ($datamapping0712[$headers[$c]]) == "CNID") {	if (($datamapping0712[$headers[$c]]) == "parentCN" \|\| ($datamapping0712[$headers[$c]]) == "CNID") {
$data[$c] = substr($data[$c], 2); // take off the "CN" prefix	$data[$c] = substr($data[$c], 2); // take off the "CN" prefix
if ($data[$c] > 0 && $data[$c] != '0') {	if ($data[$c] > 0 && $data[$c] != '0') {
$contractNoticeInsert[] = $data[$c];	$contractNoticeInsert[] = $data[$c];
} else {	} else {
$contractNoticeInsert[] = null;	$contractNoticeInsert[] = null;
}	}
} elseif (($datamapping0712[$headers[$c]]) == "supplierABN") {	} elseif (($datamapping0712[$headers[$c]]) == "supplierABN") {
if ($data[$c] > 0 && $data[$c] != '0') {	if ($data[$c] > 0 && $data[$c] != '0') {
$contractNoticeInsert[] = $data[$c];	$contractNoticeInsert[] = $data[$c];
} else {	} else {
$contractNoticeInsert[] = null;	$contractNoticeInsert[] = null;
}	}
} elseif (($datamapping0712[$headers[$c]]) == "amendDate" \|\| ($datamapping0712[$headers[$c]]) == "publishDate" \|\| ($datamapping0712[$headers[$c]]) == "contractStart" \|\| ($datamapping0712[$headers[$c]]) == "contractEnd") {	} elseif (($datamapping0712[$headers[$c]]) == "amendDate" \|\| ($datamapping0712[$headers[$c]]) == "publishDate" \|\| ($datamapping0712[$headers[$c]]) == "contractStart" \|\| ($datamapping0712[$headers[$c]]) == "contractEnd") {
$contractNoticeInsert[] = date('Y-m-d H:i:s', strtotime($data[$c]));	$contractNoticeInsert[] = date('Y-m-d H:i:s', strtotime($data[$c]));
} else {	} else {
if (strstr("\" =", $data[$c] > 0)) {	if (strstr("\" =", $data[$c] > 0)) {
die("Invalid Description field" . $contractNoticeInsert);	die("Invalid Description field" . $contractNoticeInsert);
}	}
$colvalue = preg_replace('/[^[:print:]]/', '', utf8_encode($data[$c]));	$colvalue = preg_replace('/[^[:print:]]/', '', utf8_encode($data[$c]));

$contractNoticeInsert[] = $colvalue;	$contractNoticeInsert[] = $colvalue;
}	}
}	}
}	}
flush();	flush();
$contractNoticeInsertQ->execute($contractNoticeInsert);	$contractNoticeInsertQ->execute($contractNoticeInsert);
$errors = $conn->errorInfo();	$errors = $conn->errorInfo();
if ($errors[1] == 7 && strpos($errors[2], "duplicate key")) {	if ($errors[1] == 7 && strpos($errors[2], "duplicate key")) {

} elseif ($errors[1] == 0) {	} elseif ($errors[1] == 0) {
$success++;	$success++;
} else {	} else {
foreach ($contractNoticeFields as $key => $cnf) {	foreach ($contractNoticeFields as $key => $cnf) {
echo var_dump($contractNoticeInsert[$key]) . $cnf . "<br>";	echo var_dump($contractNoticeInsert[$key]) . $cnf . "<br>";
}	}
echo $data[2] . " failed CN insert.<br>" . print_r($errors, true) . "<br> row $row <br><br>\n";	echo $data[2] . " failed CN insert.<br>" . print_r($errors, true) . "<br> row $row <br><br>\n";
}	}

flush();	flush();
//echo "<hr>\n";	//echo "<hr>\n";
}	}
$row++;	$row++;
}	}
fclose($handle);	fclose($handle);
$contractNoticeInsertQ->closeCursor();	$contractNoticeInsertQ->closeCursor();

return $success;	return $success;
}	}

$path = 'data/';	$path = 'data/';
if ($_REQUEST["fname"] == "") {	if ($_REQUEST["fname"] == "") {
echo "Get files from: https://www.tenders.gov.au/?event=public.reports.list<br>";	echo "Get files from: https://www.tenders.gov.au/?event=public.reports.list<br>";
$dhandle = opendir($path);	$dhandle = opendir($path);
// define an array to hold the files	// define an array to hold the files
$files = array();	$files = array();
if ($dhandle) {	if ($dhandle) {
// loop through all of the files	// loop through all of the files
while (false !== ($fname = readdir($dhandle))) {	while (false !== ($fname = readdir($dhandle))) {
if (($fname != '.') && ($fname != '..')) {	if (($fname != '.') && ($fname != '..')) {
$files[date("c", filemtime($path . $fname)) . md5($fname)] = $fname;	$files[date("c", filemtime($path . $fname)) . md5($fname)] = $fname;
}	}
}	}
}	}
ksort($files);	ksort($files);
foreach ($files as $date => $fname) {	foreach ($files as $date => $fname) {
echo "<a href=\"import.php?fname=$fname\">$fname</a> " . filesize($path . $fname) . " " . $date . "<br/>";	echo "<a href=\"import.php?fname=$fname\">$fname</a> " . filesize($path . $fname) . " " . $date . "<br/>";
}	}
} else {	} else {
$success = 0;	$success = 0;
$fname = $_REQUEST["fname"];	$fname = $_REQUEST["fname"];
echo " ============== $fname ============== <br>";	echo " ============== $fname ============== <br>";
flush();	flush();
$success+= processFile($path . $fname, "contractnotice");	$success+= processFile($path . $fname, "contractnotice");
$success+= processFile($path . $fname, "agency");	$success+= processFile($path . $fname, "agency");
$success+= processFile($path . $fname, "supplier");	$success+= processFile($path . $fname, "supplier");
echo "<br> $success records successfully created";	echo "<br> $success records successfully created";

flush();	flush();
// run post import data processing	// run post import data processing
// cn	// cn
echo "link amend<br>";	echo "link amend<br>";
include ("linkAmendments.php");	include ("linkAmendments.php");
echo "update UNSPSC<br>";	echo "update UNSPSC<br>";
include ("updateUNSPSC.php");	include ("updateUNSPSC.php");
// agency	// agency
//include ("setAgencyStatus.php");	//include ("setAgencyStatus.php");
//include ("setAgencyURLABN.php");	//include ("setAgencyURLABN.php");
}	}
	}
?>	?>

file:a/admin/importUNSPSC.php -> file:b/admin/importUNSPSC.php

<?php	<?php
include_once("../lib/common.inc.php");	if (php_sapi_name() != "cli") {

	include_once ("../lib/common.inc.php");
	auth();