From 70f6b3204ac398720d12d2892eecd405aaf9445f Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 19 Apr 2020 13:52:09 -0400
Subject: [PATCH] Introduce a cron system to run periodic work.

This moves the admin session expiration and deleting of inactive users
awaiting email confirmation to cron.
---
 admin/purge_inactive.php                      | 114 ------------------
 cron.php                                      |  86 +++++++++++++
 docs/schema_changes.sql                       |   4 +
 includes/class_admin_navigation.php           |   1 -
 includes/cron/admin_session.php               |  24 ++++
 includes/cron/awaiting_email_confirmation.php |  41 +++++++
 login.php                                     |   1 -
 templates/footer.tpl                          |   4 +-
 8 files changed, 158 insertions(+), 117 deletions(-)
 delete mode 100644 admin/purge_inactive.php
 create mode 100644 cron.php
 create mode 100644 includes/cron/admin_session.php
 create mode 100644 includes/cron/awaiting_email_confirmation.php

diff --git a/admin/purge_inactive.php b/admin/purge_inactive.php
deleted file mode 100644
index dcabe42..0000000
--- a/admin/purge_inactive.php
+++ /dev/null
@@ -1,114 +0,0 @@
-<?php
-/*=====================================================================*\
-|| ###################################################################
-|| # Bugdar
-|| # Copyright (c) 2010 Blue Static
-|| #
-|| # This program is free software; you can redistribute it and/or modify
-|| # it under the terms of the GNU General Public License as published by
-|| # the Free Software Foundation; version 2 of the License.
-|| #
-|| # This program is distributed in the hope that it will be useful, but
-|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-|| # more details.
-|| #
-|| # You should have received a copy of the GNU General Public License along
-|| # with this program; if not, write to the Free Software Foundation, Inc.,
-|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
-|| ###################################################################
-\*=====================================================================*/
-
-require_once('./global.php');
-require_once('./includes/api_user.php');
-require_once('./includes/class_api_error.php');
-
-APIError(array(new API_Error_Handler($admin), 'admin_error'));
-
-NavLinks::usersPages();
-$navigator->set_focus('tab', 'users', null);
-
-if (!can_perform('canadminusers'))
-{
-	admin_login();
-}
-
-$thirty_days_ago = time() - (60 * 60 * 24 * 30);
-$query = "
-	SELECT user.displayname, user.userid, user.email, useractivation.activator, useractivation.dateline FROM " . TABLE_PREFIX . "user AS user
-	LEFT JOIN " . TABLE_PREFIX . "useractivation AS useractivation
-		ON (user.userid = useractivation.userid)
-	WHERE user.usergroupid = 3
-	OR useractivation.dateline <= $thirty_days_ago";
-
-// ###################################################################
-
-if (empty($_REQUEST['do']))
-{
-	$_REQUEST['do'] = 'modify';
-}
-
-// ###################################################################
-
-if ($_REQUEST['do'] == 'kill')
-{
-	$users = $db->query($query);
-	while ($user = $db->fetch_array($users))
-	{
-		$data = new UserAPI($bugsys);
-		$data->set('userid',	$user['userid']);
-		$data->set_condition();
-		$data->delete();
-	}
-
-	$admin->redirect('purge_inactive.php');
-}
-
-// ###################################################################
-
-if ($_REQUEST['do'] == 'delete')
-{
-	$admin->page_confirm(T('Are you sure you want to remove all users who within the past thirty days have not verified their accounts via email?'), 'purge_inactive.php', 'kill', array());
-}
-
-// ###################################################################
-
-if ($_REQUEST['do'] == 'modify')
-{
-	NavLinks::usersAdd();
-
-	LoadPaginationFramework();
-	$pagination->setBitProcessor('AdminPageNavigatorBitCallback');
-	$pagination->setNavigatorProcessor('AdminPageNavigatorCallback');
-
-	$admin->page_start(T('Inactive Users'));
-	$admin->table_start();
-	$admin->table_head(T('Users Awaiting Email Confirmation for more than 30 Days'), 4);
-	$admin->table_column_head(array(T('Display Name'), T('Email'), T('User ID'), T('Actions')));
-
-	$count = $db->query_first("SELECT COUNT(*) AS count FROM ($query) AS inactive");
-	$pagination->setTotal($count['count']);
-	$pagination->splitPages();
-
-	$users = $db->query("
-		$query
-		ORDER BY userid ASC LIMIT " . $pagination->fetchLimit($pagination->getPage() - 1) . ", " . $pagination->getPerPage()
-	);
-	while ($user = $db->fetch_array($users))
-	{
-		$admin->row_multi_item(array(
-			$user['displayname'] => 'l',
-			$user['email'] => 'c',
-			$user['userid'] => 'c',
-			'<a href="user.php?do=edit&amp;userid=' . $user['userid'] . '">[' . T('Edit') . ']</a>' => 'c'
-		));
-	}
-
-	$admin->row_tfoot('<a href="purge_inactive.php?do=delete">[Remove All]</a>', 4);
-
-	$admin->table_end();
-
-	$admin->page_code($pagination->constructPageNav('purge_inactive.php'));
-
-	$admin->page_end();
-}
diff --git a/cron.php b/cron.php
new file mode 100644
index 0000000..07362cc
--- /dev/null
+++ b/cron.php
@@ -0,0 +1,86 @@
+<?php
+/*=====================================================================*\
+|| ###################################################################
+|| # Bugdar
+|| # Copyright (c)2020 Blue Static
+|| # This program is free software; you can redistribute it and/or modify
+|| # it under the terms of the GNU General Public License as published by
+|| # the Free Software Foundation; version 2 of the License.
+|| #
+|| # This program is distributed in the hope that it will be useful, but
+|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+|| # more details.
+|| #
+|| # You should have received a copy of the GNU General Public License along
+|| # with this program; if not, write to the Free Software Foundation, Inc.,
+|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+|| ###################################################################
+\*=====================================================================*/
+
+define('NO_TEMPLATES', true);
+
+require_once('./global.php');
+
+$jobs = [
+	'admin_session' => [
+		'time'		=> 60 * 60 * 1.5,
+		'function'	=> 'CronAdminSession',
+	],
+	'awaiting_email_confirmation' => [
+		'time'		=> 60 * 60 * 24 * 3,
+		'function'	=> 'CronPurgeInactiveUsers',
+	],
+];
+
+// List of cron jobs to remove.
+$remove = [];
+
+$update_query = bugdar::$db->prepare("
+	INSERT INTO " . TABLE_PREFIX . "cron
+		(name, lastrun)
+	VALUES
+		(:name, :lastrun)
+	ON DUPLICATE KEY
+	UPDATE lastrun = :lastrun
+");
+
+// Filter the |$jobs| array, removing jobs that do not need to run.
+$last_runs = bugdar::$db->query("SELECT * FROM " . TABLE_PREFIX . "cron");
+while ($last_run = $last_runs->fetch()) {
+	$name = $last_run['name'];
+	if (!isset($jobs[$name])) {
+		$remove[] = $name;
+		continue;
+	}
+
+	$earliest_run_time = TIMENOW - $jobs[$name]['time'];
+	if ($earliest_run_time < $last_run['lastrun']) {
+		unset($jobs[$name]);
+	}
+}
+
+// Run the jobs.
+$jobs_run = 0;
+foreach ($jobs as $name => $job) {
+	require("./includes/cron/$name.php");
+	$job['function']();
+
+	$update_query->execute([
+		'name' => $name,
+		'lastrun' => TIMENOW,
+	]);
+
+	++$jobs_run;
+}
+
+// Remove stale jobs.
+if (count($remove)) {
+    $remove_query = bugdar::$db->prepare("DELETE FROM " . TABLE_PREFIX . "cron WHERE name = ?");
+    foreach ($remove as $remove) {
+		$remove_query->execute([ $remove ]);
+    }
+}
+
+header('Content-Type: application/json');
+echo '(' . json_encode([ 'jobsRun' => $jobs_run ]) . ')';
diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql
index 9de1d44..8de5a21 100644
--- a/docs/schema_changes.sql
+++ b/docs/schema_changes.sql
@@ -1,2 +1,6 @@
 ## SVN $Id$
 
+CREATE TABLE cron (
+    name VARCHAR(255) PRIMARY KEY,
+    lastrun int
+);
diff --git a/includes/class_admin_navigation.php b/includes/class_admin_navigation.php
index 8d7105d..2f92076 100644
--- a/includes/class_admin_navigation.php
+++ b/includes/class_admin_navigation.php
@@ -342,7 +342,6 @@ class NavLinks
 		$navigator->add_component('link', 'users-pages-users', 'users-pages', T('Users'), 'user.php');
 		$navigator->add_component('link', 'users-pages-usergroups', 'users-pages', T('Usergroups'), 'usergroup.php');
 		$navigator->add_component('link', 'users-pages-permissions', 'users-pages', T('Product-Level Permissions'), 'permission.php');
-		$navigator->add_component('link', 'users-pages-purge', 'users-pages', T('Purge Inactive Users'), 'purge_inactive.php');
 	}
 
 	// ###################################################################
diff --git a/includes/cron/admin_session.php b/includes/cron/admin_session.php
new file mode 100644
index 0000000..26724d1
--- /dev/null
+++ b/includes/cron/admin_session.php
@@ -0,0 +1,24 @@
+<?php
+/*=====================================================================*\
+|| ###################################################################
+|| # Bugdar
+|| # Copyright (c)2020 Blue Static
+|| # This program is free software; you can redistribute it and/or modify
+|| # it under the terms of the GNU General Public License as published by
+|| # the Free Software Foundation; version 2 of the License.
+|| #
+|| # This program is distributed in the hope that it will be useful, but
+|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+|| # more details.
+|| #
+|| # You should have received a copy of the GNU General Public License along
+|| # with this program; if not, write to the Free Software Foundation, Inc.,
+|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+|| ###################################################################
+\*=====================================================================*/
+
+function CronAdminSession()
+{
+	bugdar::$db->exec("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
+}
diff --git a/includes/cron/awaiting_email_confirmation.php b/includes/cron/awaiting_email_confirmation.php
new file mode 100644
index 0000000..a83856c
--- /dev/null
+++ b/includes/cron/awaiting_email_confirmation.php
@@ -0,0 +1,41 @@
+<?php
+/*=====================================================================*\
+|| ###################################################################
+|| # Bugdar
+|| # Copyright (c)2020 Blue Static
+|| # This program is free software; you can redistribute it and/or modify
+|| # it under the terms of the GNU General Public License as published by
+|| # the Free Software Foundation; version 2 of the License.
+|| #
+|| # This program is distributed in the hope that it will be useful, but
+|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+|| # more details.
+|| #
+|| # You should have received a copy of the GNU General Public License along
+|| # with this program; if not, write to the Free Software Foundation, Inc.,
+|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+|| ###################################################################
+\*=====================================================================*/
+
+require_once('./includes/api_user.php');
+
+function CronPurgeInactiveUsers()
+{
+	$thirty_days_ago = TIMENOW - (60 * 60 * 24 * 30);
+	$inactive_users = bugdar::$db->query("
+		SELECT user.displayname, user.userid, user.email,
+			useractivation.activator, useractivation.dateline
+		FROM " . TABLE_PREFIX . "user AS user
+		LEFT JOIN " . TABLE_PREFIX . "useractivation AS useractivation
+			ON (user.userid = useractivation.userid)
+		WHERE user.usergroupid = 3
+		AND useractivation.dateline <= $thirty_days_ago
+	");
+	while ($user = $inactive_users->fetch()) {
+		$data = new UserAPI($bugsys);
+		$data->set('userid', $user['userid']);
+		$data->set_condition();
+		$data->delete();
+	}
+}
diff --git a/login.php b/login.php
index 95c9fdf..223fbbe 100644
--- a/login.php
+++ b/login.php
@@ -72,7 +72,6 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
 		if ($_POST['do'] == 'cplogin')
 		{
 			$hash = $funct->rand(90);
-			$db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
 			$db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
 			$funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
 		}
diff --git a/templates/footer.tpl b/templates/footer.tpl
index 139f555..67d2511 100644
--- a/templates/footer.tpl
+++ b/templates/footer.tpl
@@ -4,6 +4,8 @@
 	<div>{@"Powered by Bugdar"}, {@"Copyright"} &copy;2002 - $year Blue Static</div>
 </div>
 
+<script src="cron.php" async></script>
+
 </body>
 
-</html>
\ No newline at end of file
+</html>
-- 
2.22.5