From 504cefec4a93a9b52fa9d25d6f353a4676485c43 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sat, 16 Mar 2013 22:00:48 +0100
Subject: drop privileges on server startup

---
 src/main.vala | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/main.vala b/src/main.vala
index 67f00ff..a9e24e3 100644
--- a/src/main.vala
+++ b/src/main.vala
@@ -69,6 +69,26 @@ public static int main(string[] args) {
 		return 1;
 	}
 
+	if(Posix.getuid() == 0) {
+		try {
+			string user;
+			unowned Posix.Passwd pwd;
+
+			user = cfg.get_string("SYSTEM", "user");
+			if((pwd = Posix.getpwnam(user)) != null) {
+				if(Posix.setuid(pwd.pw_uid) != 0)
+					throw new IOError.FAILED("Failed to set uid");
+				if(Posix.setgid(pwd.pw_gid) != 0)
+					throw new IOError.FAILED("Failed to set gid");
+				if(Posix.setuid(0) != -1)
+					throw new IOError.FAILED("Failed to set uid/gid entirely");
+			}
+		} catch(Error e) {
+			stderr.puts(e.message + "\n");
+			return 1;
+		}
+	}
+
 	dev   = new Device(devicefile, 9600, 8, 1);
 	db    = new Database("shop.db");
 	audio = new AudioPlayer();
-- 
cgit v1.2.3


From ca7bbb46ce4c5a903f91c056fc117925310d7dd8 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sun, 17 Mar 2013 00:25:43 +0100
Subject: changed the string to a price object

---
 src/db.vala  | 14 ++++----------
 src/web.vala |  4 ++--
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/db.vala b/src/db.vala
index dc1c834..f938cc8 100644
--- a/src/db.vala
+++ b/src/db.vala
@@ -19,8 +19,8 @@ public struct StockEntry {
 	public string id;
 	public string name;
 	public int amount;
-	public string memberprice;
-	public string guestprice;
+	public Price memberprice;
+	public Price guestprice;
 }
 
 public struct PriceEntry {
@@ -350,16 +350,10 @@ public class Database {
 				statements["stock_status"].column_text(0),
 				statements["stock_status"].column_text(1),
 				statements["stock_status"].column_int(2),
-				null,
-				null
+				statements["stock_status"].column_int(3),
+				statements["stock_status"].column_int(4)
 			};
 
-			Price mprice = statements["stock_status"].column_int(3);
-			Price gprice = statements["stock_status"].column_int(4);
-
-			entry.memberprice = @"$mprice";
-			entry.guestprice  = @"$gprice";
-
 			result.add(entry);
 		}
 
diff --git a/src/web.vala b/src/web.vala
index 7140c22..c61c8b9 100644
--- a/src/web.vala
+++ b/src/web.vala
@@ -440,8 +440,8 @@ public class WebServer {
 
 			string table = "";
 			foreach(var e in db.get_stock()) {
-				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>%s€</td><td>%s€</td></tr>".printf(
-					e.id, e.id, e.id, e.name, e.amount, e.memberprice, e.guestprice
+				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>f%€</td><td>%f€</td></tr>".printf(
+					e.id, e.id, e.id, e.name, e.amount, e.memberprice / 100, e.guestprice / 100
 				);
 			}
 
-- 
cgit v1.2.3


From 6a777182a36f3f58653127d57ced26e2dddd2680 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sun, 17 Mar 2013 00:30:11 +0100
Subject: reduced precision

---
 src/web.vala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/web.vala b/src/web.vala
index c61c8b9..7823d35 100644
--- a/src/web.vala
+++ b/src/web.vala
@@ -440,8 +440,8 @@ public class WebServer {
 
 			string table = "";
 			foreach(var e in db.get_stock()) {
-				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>f%€</td><td>%f€</td></tr>".printf(
-					e.id, e.id, e.id, e.name, e.amount, e.memberprice / 100, e.guestprice / 100
+				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>%.2f€</td><td>%.2f€</td></tr>".printf(
+					e.id, e.id, e.id, e.name, e.amount, e.memberprice / 100.0, e.guestprice / 100.0
 				);
 			}
 
-- 
cgit v1.2.3


From 5232fbdec277de3cf3851a914890907d95e57706 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sun, 17 Mar 2013 00:37:31 +0100
Subject: use built-in to_string

---
 src/web.vala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/web.vala b/src/web.vala
index 7823d35..2731386 100644
--- a/src/web.vala
+++ b/src/web.vala
@@ -440,8 +440,8 @@ public class WebServer {
 
 			string table = "";
 			foreach(var e in db.get_stock()) {
-				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>%.2f€</td><td>%.2f€</td></tr>".printf(
-					e.id, e.id, e.id, e.name, e.amount, e.memberprice / 100.0, e.guestprice / 100.0
+				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>%s€</td><td>%s€</td></tr>".printf(
+					e.id, e.id, e.id, e.name, e.amount, e.memberprice.to_string(), e.guestprice.to_string()
 				);
 			}
 
-- 
cgit v1.2.3


From 2ebf7bd03166249bac3aaaec76892d3cc03a6c13 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sun, 17 Mar 2013 00:40:22 +0100
Subject: use string templates instead

---
 src/web.vala | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/web.vala b/src/web.vala
index 2731386..ad619f4 100644
--- a/src/web.vala
+++ b/src/web.vala
@@ -440,9 +440,7 @@ public class WebServer {
 
 			string table = "";
 			foreach(var e in db.get_stock()) {
-				table += "<tr><td><a href=\"/products/%s\">%s</a></td><td><a href=\"/products/%s\">%s</a></td><td>%d</td><td>%s€</td><td>%s€</td></tr>".printf(
-					e.id, e.id, e.id, e.name, e.amount, e.memberprice.to_string(), e.guestprice.to_string()
-				);
+				table += @"<tr><td><a href=\"/products/$(e.id)\">$(e.id)</a></td><td><a href=\"/products/$(e.id)\">$(e.name)</a></td><td>$(e.amount)</td><td>$(e.memberprice)€</td><td>$(e.guestprice)€</td></tr>";
 			}
 
 			t.replace("DATA", table);
-- 
cgit v1.2.3