From 1f9a698521a0ec0a1bdc2c01732857bf538d3c96 Mon Sep 17 00:00:00 2001 From: milton alvarenga Date: Sat, 9 Feb 2019 17:12:17 +0000 Subject: [PATCH 1/7] Update class.update.php - Fixed mistyped on class attribute name --- components/update/class.update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/update/class.update.php b/components/update/class.update.php index 2089eed..853b55d 100755 --- a/components/update/class.update.php +++ b/components/update/class.update.php @@ -24,7 +24,7 @@ class Update { public $archive = ""; public $version = ""; public $protocol = ""; - public $update_fiile = ""; + public $update_file = ""; ////////////////////////////////////////////////////////////////// // METHODS From 34079d47b35b9e0ffc5134689569a548a1d8ce0d Mon Sep 17 00:00:00 2001 From: milton alvarenga Date: Sat, 9 Feb 2019 17:58:55 +0000 Subject: [PATCH 2/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bafcb40..edc2aad 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Codaid +Codiad This is the Telaaedifex team's custom version of Codiad. Codiad is a web-based IDE framework with a small footprint and minimal requirements. From 3d122eb296742b284ac412060d57baa47b817c64 Mon Sep 17 00:00:00 2001 From: xevidos Date: Sun, 10 Feb 2019 00:35:15 -0500 Subject: [PATCH 3/7] Updated ReadMe, Updated is admin check, Added initial change user access ability, Started updating update script for new sql methods, Reformatted user init.js indentation, Reformatted indentation on user dialog. --- README.md | 7 +- common.php | 14 +- components/update/update.php | 88 ++---- components/user/class.user.php | 5 + components/user/controller.php | 7 + components/user/dialog.php | 294 ++++++++++-------- components/user/init.js | 533 +++++++++++++++++---------------- 7 files changed, 486 insertions(+), 462 deletions(-) diff --git a/README.md b/README.md index edc2aad..3edd95e 100755 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Task List: * Add ability to login with LDAP * Add custom market -* Add in new admin interface +* Add in new admin interface ( Check admin-portal branch for progress ) - Group Management - Permissions Management - Plugin Management @@ -37,6 +37,7 @@ Task List: * Add if file could not be saved 5 times close the open file * Add multi level users. ( Projects for only certain groups, Permission levels ) * Add mobile compatibility +* Add support for more database systems and test ( MSSQL, Oracle, Postgre SQL, SQLite, etc ) * Clean up update script * Re Add the language recognition system after recode @@ -47,6 +48,10 @@ Completed: * Add ability to center bottom of code * Add updating script * Add site renaming +* Database Update + - Added Mysql Support. + - Project Updated to use PDO so future support for more database systems can be added. + - Updated to store program data ( Not project data ) in databases. * Fix JS errors already showing * Remove Codiad autocomplete in favor of Ace's * Updated for PHP 7.2 \ No newline at end of file diff --git a/common.php b/common.php index 63bb4bc..8d2b01c 100755 --- a/common.php +++ b/common.php @@ -201,15 +201,9 @@ class Common { global $sql; $query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;"; $bind_variables = array( $_SESSION["user"], "admin" ); - $return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking user acess." ), 'fetchColumn' ); - - if( $return > 0 ) { - - return( true ); - } else { - - return( false ); - } + $return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' ); + $admin = ( $return > 0 ); + return $admin; } public static function logout() { @@ -644,7 +638,7 @@ class Common { // Wrapper for old method names ////////////////////////////////////////////////////////////////// -function is_admin() { Common::is_admin(); } +function is_admin() { return Common::is_admin(); } function debug($message) { Common::debug($message); } function i18n($key, $args = array()) { echo Common::i18n($key, $args); } function get_i18n($key, $args = array()) { return Common::get_i18n($key, $args); } diff --git a/components/update/update.php b/components/update/update.php index f0aa6b4..427512e 100755 --- a/components/update/update.php +++ b/components/update/update.php @@ -56,69 +56,6 @@ class updater { /** * Constants */ - - const DEFAULT_OPTIONS = array( - array( - "name" => "codiad.editor.autocomplete", - "value" => "false", - ), - array( - "name" => "codiad.editor.fileManagerTrigger", - "value" => "false", - ), - array( - "name" => "codiad.editor.fontSize", - "value" => "14px", - ), - array( - "name" => "codiad.editor.highlightLine", - "value" => "true", - ), - array( - "name" => "codiad.editor.indentGuides", - "value" => "true", - ), - array( - "name" => "codiad.editor.overScroll", - "value" => "0.5", - ), - array( - "name" => "codiad.editor.persistentModal", - "value" => "true", - ), - array( - "name" => "codiad.editor.printMargin", - "value" => "true", - ), - array( - "name" => "codiad.editor.printMarginColumn", - "value" => "80", - ), - array( - "name" => "codiad.editor.rightSidebarTrigger", - "value" => "false", - ), - array( - "name" => "codiad.editor.softTabs", - "value" => "false", - ), - array( - "name" => "codiad.editor.tabSize", - "value" => "4", - ), - array( - "name" => "codiad.editor.theme", - "value" => "twilight", - ), - array( - "name" => "codiad.editor.wrapMode", - "value" => "false", - ), - array( - "name" => "codiad.settings.autosave", - "value" => "true", - ), - ); /** * Properties @@ -253,12 +190,12 @@ class updater { require_once('../../common.php'); require_once('../sql/class.sql.php'); + require_once('../settings/class.settings.php'); $user_settings_file = DATA . "/settings.php"; $projects_file = DATA . "/projects.php"; $users_file = DATA . "/users.php"; - - $sql = new sql(); + global $sql; $connection = $sql->connect(); $query = " @@ -485,7 +422,7 @@ DELETE FROM user_options; public function set_default_options() { - foreach( self::DEFAULT_OPTIONS as $id => $option ) { + foreach( Settings::DEFAULT_OPTIONS as $id => $option ) { $this->update_option( $option["name"], $option["value"], true ); } @@ -571,25 +508,32 @@ DELETE FROM user_options; public function update_option( $option, $value, $user_setting = null ) { + $sql = new sql(); $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );"; - $bind = "sss"; $bind_variables = array( $option, $this->username, $value, ); - $result = sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Error, Could not add user's settings." ) ); + $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); - if( $result !== true ) { + if( $result == 0 ) { $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;"; - $bind = "sss"; $bind_variables = array( $value, $option, $this->username, ); - $result = sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Error, Could not update user's settings." ) ); + $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); + } + + if( $result > 0 ) { + + echo formatJSEND( "success", null ); + } else { + + echo formatJSEND( "error", "Error, Could not update option $option" ); } } @@ -606,8 +550,10 @@ DELETE FROM user_options; if( isset( $_GET["action"] ) && $_GET["action"] !== '' ) { + global $sql; $updater = new updater(); $action = $_GET["action"]; + $sql = new sql(); switch( $action ) { diff --git a/components/user/class.user.php b/components/user/class.user.php index 6904263..e341981 100755 --- a/components/user/class.user.php +++ b/components/user/class.user.php @@ -10,6 +10,11 @@ require_once( "../settings/class.settings.php" ); class User { + const ACCESS = array( + "admin", + "user" + ); + ////////////////////////////////////////////////////////////////// // PROPERTIES ////////////////////////////////////////////////////////////////// diff --git a/components/user/controller.php b/components/user/controller.php index c03bfdc..87d54b3 100755 --- a/components/user/controller.php +++ b/components/user/controller.php @@ -142,3 +142,10 @@ if ($_GET['action']=='verify') { //$User->Verify(); checkSession(); } + + +if ( $_GET['action'] == 'update_access' ) { + + checkSession(); + echo json_encode( array( $_GET["username"], $_GET["access"] ) ); +} diff --git a/components/user/dialog.php b/components/user/dialog.php index d69160d..296ed3f 100755 --- a/components/user/dialog.php +++ b/components/user/dialog.php @@ -1,140 +1,176 @@ - -
- - - -
- - - - - - -
-
- - list_users(); - foreach( $users as $user => $data ) { - ?> - - - - - - - - - - -
-
-
- - - -
- - - - - - - +switch($_GET['action']){ + + ////////////////////////////////////////////////////////////// + // List Projects + ////////////////////////////////////////////////////////////// + + case 'list': + + $projects_assigned = false; + + if( ! checkAccess() ) { + + ?> + +
+ + + +
+ + + + + + + + + +
+
+ + list_users(); + foreach( $users as $user => $data ) { + ?> + + + + + + + + + + + + +
+ +
+
+
+ + + + + + + + + + + - - - - - -
- + + + + + +
+
- - - - - - - - + + + + + + + + - diff --git a/components/user/init.js b/components/user/init.js index f2be47f..02d5982 100755 --- a/components/user/init.js +++ b/components/user/init.js @@ -1,251 +1,282 @@ -/* - * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed - * as-is and without warranty under the MIT License. See - * [root]/license.txt for more. This information must remain intact. - */ - -(function(global, $){ - - var codiad = global.codiad; - - $(function() { - codiad.user.init(); - }); - - codiad.user = { - - loginForm: $('#login'), - controller: 'components/user/controller.php', - dialog: 'components/user/dialog.php', - - ////////////////////////////////////////////////////////////////// - // Initilization - ////////////////////////////////////////////////////////////////// - - init: async function() { - var _this = this; - this.loginForm.on('submit', function(e) { - e.preventDefault(); - _this.authenticate(); - }); - - // Get Theme - if( codiad.settings !== undefined ) { - - var theme = await codiad.settings.get_option( 'codiad.theme' ); - } else { - - var theme = 'default'; - } - $("#theme option").each(function() - { - if($(this).val() == theme) { - $(this).attr("selected","selected"); - } - }); - - // Get Language - if( codiad.settings !== undefined ) { - - var language = await codiad.settings.get_option('codiad.language'); - } else { - - var language = 'en'; - } - - $("#language option").each(function() - { - if($(this).val() == language) { - $(this).attr("selected","selected"); - } - }); - - // More Selector - $('.show-language-selector').click(function(){ - $(this).hide(); - $('.language-selector').animate({height:'toggle'}, "fast"); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Authenticate User - ////////////////////////////////////////////////////////////////// - - authenticate: function() { - $.post(this.controller + '?action=authenticate', this.loginForm.serialize(), function(data) { - parsed = codiad.jsend.parse(data); - if (parsed != 'error') { - // Session set, reload - window.location.reload(); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Logout - ////////////////////////////////////////////////////////////////// - - logout: function() { - var forcelogout = true; - if ($('#list-active-files li.changed').length > 0) { - forcelogout = confirm(i18n('You have unsaved files.')); - } - if(forcelogout) { - $('#list-active-files li.changed').each(function () { $(this).removeClass('changed')}); - amplify.publish('user.logout', {}); - codiad.settings.save(); - $.get(this.controller + '?action=logout', function() { - window.location.reload(); - }); - } - }, - - ////////////////////////////////////////////////////////////////// - // Open the user manager dialog - ////////////////////////////////////////////////////////////////// - - list: function() { - $('#modal-content form') - .die('submit'); // Prevent form bubbling - codiad.modal.load(400, this.dialog + '?action=list'); - }, - - ////////////////////////////////////////////////////////////////// - // Create User - ////////////////////////////////////////////////////////////////// - - createNew: function() { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=create'); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var pass = true; - var username = $('#modal-content form input[name="username"]') - .val(); - var password1 = $('#modal-content form input[name="password1"]') - .val(); - var password2 = $('#modal-content form input[name="password2"]') - .val(); - - // Check matching passwords - if (password1 != password2) { - codiad.message.error(i18n('Passwords Do Not Match')); - pass = false; - } - - // Check no spaces in username - if (!/^[a-z0-9]+$/i.test(username) || username.length===0) { - codiad.message.error(i18n('Username Must Be Alphanumeric String')); - pass = false; - } - - if (pass) { - $.post(_this.controller + '?action=create', {'username' : username , 'password' : password1 }, function(data) { - var createResponse = codiad.jsend.parse(data); - if (createResponse != 'error') { - codiad.message.success(i18n('User Account Created')) - _this.list(); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Delete User - ////////////////////////////////////////////////////////////////// - - delete: function(username) { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=delete&username=' + username); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - codiad.modal.show_loading(); - $.get(_this.controller + '?action=delete&username=' + username, function(data) { - var deleteResponse = codiad.jsend.parse(data); - if (deleteResponse != 'error') { - codiad.message.success(i18n('Account Deleted')) - _this.list(); - } - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - - projects: function(username) { - codiad.modal.load(400, this.dialog + '?action=projects&username=' + username); - var _this = this; - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - var accessLevel = $('#modal-content form select[name="access_level"]') - .val(); - var projects = new Array(); - $('input:checkbox[name="project"]:checked').each(function(){ - projects.push($(this).val()); - }); - if(accessLevel==0){ projects = 0; } - // Check and make sure if access level not full that at least on project is selected - if (accessLevel==1 && !projects) { - codiad.message.error(i18n('At Least One Project Must Be Selected')); - } else { - $.post(_this.controller + '?action=project_access&username=' + username,{projects: projects}, function(data) { - var projectsResponse = codiad.jsend.parse(data); - if (projectsResponse != 'error') { - codiad.message.success(i18n('Account Modified')); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Change Password - ////////////////////////////////////////////////////////////////// - - password: function(username) { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=password&username=' + username); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - var password1 = $('#modal-content form input[name="password1"]') - .val(); - var password2 = $('#modal-content form input[name="password2"]') - .val(); - if (password1 != password2) { - codiad.message.error(i18n('Passwords Do Not Match')); - } else { - $.post(_this.controller + '?action=password', {'username' : username , 'password' : password1 }, function(data) { - var passwordResponse = codiad.jsend.parse(data); - if (passwordResponse != 'error') { - codiad.message.success(i18n('Password Changed')); - codiad.modal.unload(); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Change Current Project - ////////////////////////////////////////////////////////////////// - - project: function(project) { - $.get(this.controller + '?action=project&project=' + project); - } - - }; - -})(this, jQuery); +/* + * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed + * as-is and without warranty under the MIT License. See + * [root]/license.txt for more. This information must remain intact. + */ +(function(global, $) { + + var codiad = global.codiad; + + $(function() { + codiad.user.init(); + }); + + codiad.user = { + + loginForm: $('#login'), + controller: 'components/user/controller.php', + dialog: 'components/user/dialog.php', + + ////////////////////////////////////////////////////////////////// + // Initilization + ////////////////////////////////////////////////////////////////// + + init: async function() { + var _this = this; + this.loginForm.on('submit', function(e) { + e.preventDefault(); + _this.authenticate(); + }); + + // Get Theme + if(codiad.settings !== undefined) { + + var theme = await codiad.settings.get_option('codiad.theme'); + } else { + + var theme = 'default'; + } + $("#theme option").each(function() { + if($(this).val() == theme) { + $(this).attr("selected", "selected"); + } + }); + + // Get Language + if(codiad.settings !== undefined) { + + var language = await codiad.settings.get_option('codiad.language'); + } else { + + var language = 'en'; + } + + $("#language option").each(function() { + if($(this).val() == language) { + $(this).attr("selected", "selected"); + } + }); + + // More Selector + $('.show-language-selector').click(function() { + $(this).hide(); + $('.language-selector').animate({ + height: 'toggle' + }, "fast"); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Authenticate User + ////////////////////////////////////////////////////////////////// + + authenticate: function() { + $.post(this.controller + '?action=authenticate', this.loginForm.serialize(), function(data) { + parsed = codiad.jsend.parse(data); + if(parsed != 'error') { + // Session set, reload + window.location.reload(); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Logout + ////////////////////////////////////////////////////////////////// + + logout: function() { + var forcelogout = true; + if($('#list-active-files li.changed').length > 0) { + forcelogout = confirm(i18n('You have unsaved files.')); + } + if(forcelogout) { + $('#list-active-files li.changed').each(function() { + $(this).removeClass('changed') + }); + amplify.publish('user.logout', {}); + codiad.settings.save(); + $.get(this.controller + '?action=logout', function() { + window.location.reload(); + }); + } + }, + + ////////////////////////////////////////////////////////////////// + // Open the user manager dialog + ////////////////////////////////////////////////////////////////// + + list: function() { + $('#modal-content form') + .die('submit'); // Prevent form bubbling + codiad.modal.load(600, this.dialog + '?action=list'); + }, + + ////////////////////////////////////////////////////////////////// + // Create User + ////////////////////////////////////////////////////////////////// + + createNew: function() { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=create'); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var pass = true; + var username = $('#modal-content form input[name="username"]') + .val(); + var password1 = $('#modal-content form input[name="password1"]') + .val(); + var password2 = $('#modal-content form input[name="password2"]') + .val(); + + // Check matching passwords + if(password1 != password2) { + codiad.message.error(i18n('Passwords Do Not Match')); + pass = false; + } + + // Check no spaces in username + if(!/^[a-z0-9]+$/i.test(username) || username.length === 0) { + codiad.message.error(i18n('Username Must Be Alphanumeric String')); + pass = false; + } + + if(pass) { + $.post(_this.controller + '?action=create', { + 'username': username, + 'password': password1 + }, function(data) { + var createResponse = codiad.jsend.parse(data); + if(createResponse != 'error') { + codiad.message.success(i18n('User Account Created')) + _this.list(); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Delete User + ////////////////////////////////////////////////////////////////// + + delete: function(username) { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=delete&username=' + username); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + codiad.modal.show_loading(); + $.get(_this.controller + '?action=delete&username=' + username, function(data) { + var deleteResponse = codiad.jsend.parse(data); + if(deleteResponse != 'error') { + codiad.message.success(i18n('Account Deleted')) + _this.list(); + } + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Set Project Access + ////////////////////////////////////////////////////////////////// + + projects: function(username) { + codiad.modal.load(400, this.dialog + '?action=projects&username=' + username); + var _this = this; + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + var accessLevel = $('#modal-content form select[name="access_level"]') + .val(); + var projects = new Array(); + $('input:checkbox[name="project"]:checked').each(function() { + projects.push($(this).val()); + }); + if(accessLevel == 0) { + projects = 0; + } + // Check and make sure if access level not full that at least on project is selected + if(accessLevel == 1 && !projects) { + codiad.message.error(i18n('At Least One Project Must Be Selected')); + } else { + $.post(_this.controller + '?action=project_access&username=' + username, { + projects: projects + }, function(data) { + var projectsResponse = codiad.jsend.parse(data); + if(projectsResponse != 'error') { + codiad.message.success(i18n('Account Modified')); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Change Password + ////////////////////////////////////////////////////////////////// + + password: function(username) { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=password&username=' + username); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + var password1 = $('#modal-content form input[name="password1"]') + .val(); + var password2 = $('#modal-content form input[name="password2"]') + .val(); + if(password1 != password2) { + codiad.message.error(i18n('Passwords Do Not Match')); + } else { + $.post(_this.controller + '?action=password', { + 'username': username, + 'password': password1 + }, function(data) { + var passwordResponse = codiad.jsend.parse(data); + if(passwordResponse != 'error') { + codiad.message.success(i18n('Password Changed')); + codiad.modal.unload(); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Change Current Project + ////////////////////////////////////////////////////////////////// + + project: function(project) { + $.get(this.controller + '?action=project&project=' + project); + }, + + update_access: function( e, username=null ) { + + let access = ""; + + if( ( typeof e ) == "string" ) { + + access = e; + } else { + + access = e.target.value; + } + + $.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) { + + let response = codiad.jsend.parse( data ); + if( response != 'error' ) { + + codiad.message.success( i18n( 'Access Updated' ) ); + } + }); + }, + }; +})(this, jQuery); From 4298962b1400a5428d1db6c15385427b2d7994bf Mon Sep 17 00:00:00 2001 From: xevidos Date: Sun, 10 Feb 2019 18:10:21 -0500 Subject: [PATCH 4/7] Finished user access switch in users panel. --- components/user/class.user.php | 16 + components/user/controller.php | 15 +- components/user/init.js | 564 ++++++++++++++++----------------- 3 files changed, 312 insertions(+), 283 deletions(-) diff --git a/components/user/class.user.php b/components/user/class.user.php index e341981..1db7e28 100755 --- a/components/user/class.user.php +++ b/components/user/class.user.php @@ -410,6 +410,22 @@ class User { } } + public function update_access() { + + global $sql; + $query = "UPDATE users SET access=? WHERE username=?;"; + $bind_variables = array( $this->access, $this->username ); + $return = $sql->query( $query, $bind_variables, 0, "rowCount" ); + + if( $return > 0 ) { + + echo formatJSEND( "success", "Updated access for {$this->username}" ); + } else { + + echo formatJSEND( "error", "Error updating project" ); + } + } + ////////////////////////////////////////////////////////////////// // Verify Account Exists ////////////////////////////////////////////////////////////////// diff --git a/components/user/controller.php b/components/user/controller.php index 87d54b3..50bf11c 100755 --- a/components/user/controller.php +++ b/components/user/controller.php @@ -147,5 +147,18 @@ if ($_GET['action']=='verify') { if ( $_GET['action'] == 'update_access' ) { checkSession(); - echo json_encode( array( $_GET["username"], $_GET["access"] ) ); + + if ( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) { + + die( formatJSEND( "error", "Could not update access." ) ); + } + + if( ! is_admin() ) { + + die( formatJSEND( "error", "You do not have permission to update access." ) ); + } + + $User->username = $_GET["username"]; + $User->access = $_GET["access"]; + $User->update_access(); } diff --git a/components/user/init.js b/components/user/init.js index 02d5982..9490068 100755 --- a/components/user/init.js +++ b/components/user/init.js @@ -1,282 +1,282 @@ -/* - * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed - * as-is and without warranty under the MIT License. See - * [root]/license.txt for more. This information must remain intact. - */ -(function(global, $) { - - var codiad = global.codiad; - - $(function() { - codiad.user.init(); - }); - - codiad.user = { - - loginForm: $('#login'), - controller: 'components/user/controller.php', - dialog: 'components/user/dialog.php', - - ////////////////////////////////////////////////////////////////// - // Initilization - ////////////////////////////////////////////////////////////////// - - init: async function() { - var _this = this; - this.loginForm.on('submit', function(e) { - e.preventDefault(); - _this.authenticate(); - }); - - // Get Theme - if(codiad.settings !== undefined) { - - var theme = await codiad.settings.get_option('codiad.theme'); - } else { - - var theme = 'default'; - } - $("#theme option").each(function() { - if($(this).val() == theme) { - $(this).attr("selected", "selected"); - } - }); - - // Get Language - if(codiad.settings !== undefined) { - - var language = await codiad.settings.get_option('codiad.language'); - } else { - - var language = 'en'; - } - - $("#language option").each(function() { - if($(this).val() == language) { - $(this).attr("selected", "selected"); - } - }); - - // More Selector - $('.show-language-selector').click(function() { - $(this).hide(); - $('.language-selector').animate({ - height: 'toggle' - }, "fast"); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Authenticate User - ////////////////////////////////////////////////////////////////// - - authenticate: function() { - $.post(this.controller + '?action=authenticate', this.loginForm.serialize(), function(data) { - parsed = codiad.jsend.parse(data); - if(parsed != 'error') { - // Session set, reload - window.location.reload(); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Logout - ////////////////////////////////////////////////////////////////// - - logout: function() { - var forcelogout = true; - if($('#list-active-files li.changed').length > 0) { - forcelogout = confirm(i18n('You have unsaved files.')); - } - if(forcelogout) { - $('#list-active-files li.changed').each(function() { - $(this).removeClass('changed') - }); - amplify.publish('user.logout', {}); - codiad.settings.save(); - $.get(this.controller + '?action=logout', function() { - window.location.reload(); - }); - } - }, - - ////////////////////////////////////////////////////////////////// - // Open the user manager dialog - ////////////////////////////////////////////////////////////////// - - list: function() { - $('#modal-content form') - .die('submit'); // Prevent form bubbling - codiad.modal.load(600, this.dialog + '?action=list'); - }, - - ////////////////////////////////////////////////////////////////// - // Create User - ////////////////////////////////////////////////////////////////// - - createNew: function() { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=create'); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var pass = true; - var username = $('#modal-content form input[name="username"]') - .val(); - var password1 = $('#modal-content form input[name="password1"]') - .val(); - var password2 = $('#modal-content form input[name="password2"]') - .val(); - - // Check matching passwords - if(password1 != password2) { - codiad.message.error(i18n('Passwords Do Not Match')); - pass = false; - } - - // Check no spaces in username - if(!/^[a-z0-9]+$/i.test(username) || username.length === 0) { - codiad.message.error(i18n('Username Must Be Alphanumeric String')); - pass = false; - } - - if(pass) { - $.post(_this.controller + '?action=create', { - 'username': username, - 'password': password1 - }, function(data) { - var createResponse = codiad.jsend.parse(data); - if(createResponse != 'error') { - codiad.message.success(i18n('User Account Created')) - _this.list(); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Delete User - ////////////////////////////////////////////////////////////////// - - delete: function(username) { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=delete&username=' + username); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - codiad.modal.show_loading(); - $.get(_this.controller + '?action=delete&username=' + username, function(data) { - var deleteResponse = codiad.jsend.parse(data); - if(deleteResponse != 'error') { - codiad.message.success(i18n('Account Deleted')) - _this.list(); - } - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - - projects: function(username) { - codiad.modal.load(400, this.dialog + '?action=projects&username=' + username); - var _this = this; - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - var accessLevel = $('#modal-content form select[name="access_level"]') - .val(); - var projects = new Array(); - $('input:checkbox[name="project"]:checked').each(function() { - projects.push($(this).val()); - }); - if(accessLevel == 0) { - projects = 0; - } - // Check and make sure if access level not full that at least on project is selected - if(accessLevel == 1 && !projects) { - codiad.message.error(i18n('At Least One Project Must Be Selected')); - } else { - $.post(_this.controller + '?action=project_access&username=' + username, { - projects: projects - }, function(data) { - var projectsResponse = codiad.jsend.parse(data); - if(projectsResponse != 'error') { - codiad.message.success(i18n('Account Modified')); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Change Password - ////////////////////////////////////////////////////////////////// - - password: function(username) { - var _this = this; - codiad.modal.load(400, this.dialog + '?action=password&username=' + username); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var username = $('#modal-content form input[name="username"]') - .val(); - var password1 = $('#modal-content form input[name="password1"]') - .val(); - var password2 = $('#modal-content form input[name="password2"]') - .val(); - if(password1 != password2) { - codiad.message.error(i18n('Passwords Do Not Match')); - } else { - $.post(_this.controller + '?action=password', { - 'username': username, - 'password': password1 - }, function(data) { - var passwordResponse = codiad.jsend.parse(data); - if(passwordResponse != 'error') { - codiad.message.success(i18n('Password Changed')); - codiad.modal.unload(); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Change Current Project - ////////////////////////////////////////////////////////////////// - - project: function(project) { - $.get(this.controller + '?action=project&project=' + project); - }, - - update_access: function( e, username=null ) { - - let access = ""; - - if( ( typeof e ) == "string" ) { - - access = e; - } else { - - access = e.target.value; - } - - $.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) { - - let response = codiad.jsend.parse( data ); - if( response != 'error' ) { - - codiad.message.success( i18n( 'Access Updated' ) ); - } - }); - }, - }; -})(this, jQuery); +/* + * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed + * as-is and without warranty under the MIT License. See + * [root]/license.txt for more. This information must remain intact. + */ +(function(global, $) { + + var codiad = global.codiad; + + $(function() { + codiad.user.init(); + }); + + codiad.user = { + + loginForm: $('#login'), + controller: 'components/user/controller.php', + dialog: 'components/user/dialog.php', + + ////////////////////////////////////////////////////////////////// + // Initilization + ////////////////////////////////////////////////////////////////// + + init: async function() { + var _this = this; + this.loginForm.on('submit', function(e) { + e.preventDefault(); + _this.authenticate(); + }); + + // Get Theme + if(codiad.settings !== undefined) { + + var theme = await codiad.settings.get_option('codiad.theme'); + } else { + + var theme = 'default'; + } + $("#theme option").each(function() { + if($(this).val() == theme) { + $(this).attr("selected", "selected"); + } + }); + + // Get Language + if(codiad.settings !== undefined) { + + var language = await codiad.settings.get_option('codiad.language'); + } else { + + var language = 'en'; + } + + $("#language option").each(function() { + if($(this).val() == language) { + $(this).attr("selected", "selected"); + } + }); + + // More Selector + $('.show-language-selector').click(function() { + $(this).hide(); + $('.language-selector').animate({ + height: 'toggle' + }, "fast"); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Authenticate User + ////////////////////////////////////////////////////////////////// + + authenticate: function() { + $.post(this.controller + '?action=authenticate', this.loginForm.serialize(), function(data) { + parsed = codiad.jsend.parse(data); + if(parsed != 'error') { + // Session set, reload + window.location.reload(); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Logout + ////////////////////////////////////////////////////////////////// + + logout: function() { + var forcelogout = true; + if($('#list-active-files li.changed').length > 0) { + forcelogout = confirm(i18n('You have unsaved files.')); + } + if(forcelogout) { + $('#list-active-files li.changed').each(function() { + $(this).removeClass('changed') + }); + amplify.publish('user.logout', {}); + codiad.settings.save(); + $.get(this.controller + '?action=logout', function() { + window.location.reload(); + }); + } + }, + + ////////////////////////////////////////////////////////////////// + // Open the user manager dialog + ////////////////////////////////////////////////////////////////// + + list: function() { + $('#modal-content form') + .die('submit'); // Prevent form bubbling + codiad.modal.load(600, this.dialog + '?action=list'); + }, + + ////////////////////////////////////////////////////////////////// + // Create User + ////////////////////////////////////////////////////////////////// + + createNew: function() { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=create'); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var pass = true; + var username = $('#modal-content form input[name="username"]') + .val(); + var password1 = $('#modal-content form input[name="password1"]') + .val(); + var password2 = $('#modal-content form input[name="password2"]') + .val(); + + // Check matching passwords + if(password1 != password2) { + codiad.message.error(i18n('Passwords Do Not Match')); + pass = false; + } + + // Check no spaces in username + if(!/^[a-z0-9]+$/i.test(username) || username.length === 0) { + codiad.message.error(i18n('Username Must Be Alphanumeric String')); + pass = false; + } + + if(pass) { + $.post(_this.controller + '?action=create', { + 'username': username, + 'password': password1 + }, function(data) { + var createResponse = codiad.jsend.parse(data); + if(createResponse != 'error') { + codiad.message.success(i18n('User Account Created')) + _this.list(); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Delete User + ////////////////////////////////////////////////////////////////// + + delete: function(username) { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=delete&username=' + username); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + codiad.modal.show_loading(); + $.get(_this.controller + '?action=delete&username=' + username, function(data) { + var deleteResponse = codiad.jsend.parse(data); + if(deleteResponse != 'error') { + codiad.message.success(i18n('Account Deleted')) + _this.list(); + } + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Set Project Access + ////////////////////////////////////////////////////////////////// + + projects: function(username) { + codiad.modal.load(400, this.dialog + '?action=projects&username=' + username); + var _this = this; + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + var accessLevel = $('#modal-content form select[name="access_level"]') + .val(); + var projects = new Array(); + $('input:checkbox[name="project"]:checked').each(function() { + projects.push($(this).val()); + }); + if(accessLevel == 0) { + projects = 0; + } + // Check and make sure if access level not full that at least on project is selected + if(accessLevel == 1 && !projects) { + codiad.message.error(i18n('At Least One Project Must Be Selected')); + } else { + $.post(_this.controller + '?action=project_access&username=' + username, { + projects: projects + }, function(data) { + var projectsResponse = codiad.jsend.parse(data); + if(projectsResponse != 'error') { + codiad.message.success(i18n('Account Modified')); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Change Password + ////////////////////////////////////////////////////////////////// + + password: function(username) { + var _this = this; + codiad.modal.load(400, this.dialog + '?action=password&username=' + username); + $('#modal-content form') + .live('submit', function(e) { + e.preventDefault(); + var username = $('#modal-content form input[name="username"]') + .val(); + var password1 = $('#modal-content form input[name="password1"]') + .val(); + var password2 = $('#modal-content form input[name="password2"]') + .val(); + if(password1 != password2) { + codiad.message.error(i18n('Passwords Do Not Match')); + } else { + $.post(_this.controller + '?action=password', { + 'username': username, + 'password': password1 + }, function(data) { + var passwordResponse = codiad.jsend.parse(data); + if(passwordResponse != 'error') { + codiad.message.success(i18n('Password Changed')); + codiad.modal.unload(); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Change Current Project + ////////////////////////////////////////////////////////////////// + + project: function(project) { + $.get(this.controller + '?action=project&project=' + project); + }, + + update_access: function( e, username=null ) { + + let access = ""; + + if( ( typeof e ) == "string" ) { + + access = e; + } else { + + access = e.target.value; + } + + $.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) { + + let response = codiad.jsend.parse( data ); + if( response != 'error' ) { + + codiad.message.success( i18n( 'Access Updated' ) ); + } + }); + }, + }; +})(this, jQuery); From 2307466e7b2411395dffea8cb53aa54c6985f5f4 Mon Sep 17 00:00:00 2001 From: xevidos Date: Sun, 10 Feb 2019 22:49:20 -0500 Subject: [PATCH 5/7] Updated update option function to support non user options. --- components/settings/class.settings.php | 46 +++++++++++++++++++------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/components/settings/class.settings.php b/components/settings/class.settings.php index 57b423b..344a0d7 100755 --- a/components/settings/class.settings.php +++ b/components/settings/class.settings.php @@ -208,26 +208,48 @@ class Settings { } } - public function update_option( $option, $value, $user_setting = null ) { + public function update_option( $option, $value, $user_setting = true ) { global $sql; - $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );"; - $bind_variables = array( - $option, - $this->username, - $value, - ); - $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); - if( $result == 0 ) { + if( $user_setting == null ) { - $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;"; + $query = "INSERT INTO options ( name, username, value ) VALUES ( ?, ? );"; $bind_variables = array( - $value, $option, - $this->username, + $value, ); $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); + + if( $result == 0 ) { + + $query = "UPDATE options SET value=? WHERE name=?;"; + $bind_variables = array( + $value, + $option, + ); + $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); + } + } else { + + $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );"; + $bind_variables = array( + $option, + $this->username, + $value, + ); + $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); + + if( $result == 0 ) { + + $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;"; + $bind_variables = array( + $value, + $option, + $this->username, + ); + $result = $sql->query( $query, $bind_variables, 0, "rowCount" ); + } } if( $result > 0 ) { From b4f42db8fa3c2da33b495615b6f42d079d2996e2 Mon Sep 17 00:00:00 2001 From: xevidos Date: Wed, 13 Feb 2019 12:08:51 -0500 Subject: [PATCH 6/7] Attempt at fix for response headers too big on some servers, --- common.php | 15 +-------------- components/filemanager/init.js | 4 ++-- components/settings/class.settings.php | 2 +- 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/common.php b/common.php index 8d2b01c..8d3ba9e 100755 --- a/common.php +++ b/common.php @@ -32,8 +32,7 @@ class Common { ////////////////////////////////////////////////////////////////// public static function construct() { - - global $cookie_lifetime; + $path = str_replace( "index.php", "", $_SERVER['SCRIPT_FILENAME'] ); foreach ( array( "components", "plugins" ) as $folder ) { @@ -295,12 +294,6 @@ class Common { public static function start_session() { Common::construct(); - global $cookie_lifetime; - - if( isset( $cookie_lifetime ) && $cookie_lifetime != "" ) { - - ini_set( "session.cookie_lifetime", $cookie_lifetime ); - } //Set a Session Name session_name( md5( BASE_PATH ) ); @@ -355,12 +348,6 @@ class Common { public static function startSession() { Common::construct(); - global $cookie_lifetime; - - if( isset( $cookie_lifetime ) && $cookie_lifetime != "" ) { - - ini_set( "session.cookie_lifetime", $cookie_lifetime ); - } //Set a Session Name session_name( md5( BASE_PATH ) ); diff --git a/components/filemanager/init.js b/components/filemanager/init.js index 0271620..ae3828a 100755 --- a/components/filemanager/init.js +++ b/components/filemanager/init.js @@ -69,7 +69,7 @@ if( option != codiad.filemanager.auto_reload ) { //codiad.auto_save.reload_interval(); - window.location.reload(); + window.location.reload( true ); } }); @@ -509,7 +509,7 @@ codiad.editor.getActive().removeEventListener( "change", _this.refreshPreview ); return; } - _this.preview.location.reload(); + _this.preview.location.reload( true ); } catch( e ) { console.log( e ); diff --git a/components/settings/class.settings.php b/components/settings/class.settings.php index 344a0d7..1722d6a 100755 --- a/components/settings/class.settings.php +++ b/components/settings/class.settings.php @@ -151,7 +151,7 @@ class Settings { } if( ! empty( $return ) ) { - + $return = $return["value"]; } else { From 53026ba69e06b24be9ff0b36d6abd7b0869a109c Mon Sep 17 00:00:00 2001 From: xevidos Date: Wed, 13 Feb 2019 13:42:43 -0500 Subject: [PATCH 7/7] Added exits instead of echo returns. --- components/user/class.user.php | 13 +++++++------ components/user/init.js | 21 ++++++++++++++++----- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/components/user/class.user.php b/components/user/class.user.php index 1db7e28..d631276 100755 --- a/components/user/class.user.php +++ b/components/user/class.user.php @@ -167,10 +167,13 @@ class User { public function Authenticate() { + ini_set('display_errors', 1); + ini_set('display_startup_errors', 1); + error_reporting(E_ALL); + if( $this->username == "" || $this->password == "" ) { - echo( formatJSEND( "error", "Username or password can not be blank." ) ); - return; + exit( formatJSEND( "error", "Username or password can not be blank." ) ); } if( ! is_dir( SESSIONS_PATH ) ) { @@ -194,8 +197,7 @@ class User { chown( SESSIONS_PATH, $server_user ); } catch( Exception $e ) { - echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) ); - return; + exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) ); } } @@ -206,8 +208,7 @@ class User { chmod( SESSIONS_PATH, 00755 ); } catch( Exception $e ) { - echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) ); - return; + exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) ); } } diff --git a/components/user/init.js b/components/user/init.js index 9490068..345e82a 100755 --- a/components/user/init.js +++ b/components/user/init.js @@ -71,11 +71,22 @@ ////////////////////////////////////////////////////////////////// authenticate: function() { - $.post(this.controller + '?action=authenticate', this.loginForm.serialize(), function(data) { - parsed = codiad.jsend.parse(data); - if(parsed != 'error') { - // Session set, reload - window.location.reload(); + + $.ajax({ + type: "POST", + url: this.controller + '?action=authenticate', + data: this.loginForm.serialize(), + success: function( data ) { + + parsed = codiad.jsend.parse(data); + if( parsed != 'error' ) { + // Session set, reload + window.location.reload(); + } + }, + error: function( XMLHttpRequest, textStatus, errorThrown ) { + + console.log( XMLHttpRequest, textStatus, errorThrown ); } }); },