Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-11-10 21:26:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed misc dev files, changed over to PDO, added more functionality to the message object, Fixed absolute path issue, Updated autosaving to use built in save function, Changed duplicating file to have the same filename with a number afterwards, Refactored keybindings file so that we can start adding more in, Changed yes-no to on-off for autocomplete, Removed deprecated password function allowing the application to handle all password encryption instead of a mix of application and database.

Browse Source
This commit is contained in:
xevidos 2019-02-04 16:42:12 -05:00
parent e2683fa5c7
commit 069a097c75
27 changed files with 664 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
common.php
View File

@ -5,6 +5,8 @@
* [root]/license.txt for more. This information must remain intact.
*/
$sql = null;
Common::startSession();
//////////////////////////////////////////////////////////////////
@ -93,6 +95,8 @@ class Common {
}
require_once( COMPONENTS . "/sql/class.sql.php" );
global $sql;
$sql = sql::get_instance();
}
//////////////////////////////////////////////////////////////////
@ -119,14 +123,12 @@ class Common {
//////////////////////////////////////////////////////////////////
public static function check_project_access( $project_path, $action ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
global $sql;
$query = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
$return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
if( ! empty( $return ) ) {
try {
@ -153,18 +155,19 @@ class Common {
public static function get_users( $return = "return", $exclude_current = false ) {
$sql = "SELECT `username` FROM `users`";
global $sql;
$query = "SELECT `username` FROM `users`";
$bind = "";
$bind_variables = array();
if( $exclude_current ) {
$sql .= " WHERE `username`!=?";
$query .= " WHERE `username`!=?";
$bind .= "s";
array_push( $bind_variables, $_SESSION["user"] );
}
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking users." ) );
$result = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking users." ) );
$user_list = array();
foreach( $result as $row ) {
@ -172,7 +175,7 @@ class Common {
array_push( $user_list, $row["username"] );
}
if( mysqli_num_rows( $result ) > 0 ) {
if( ! empty( $result ) ) {
switch( $return ) {
@ -195,12 +198,12 @@ class Common {
public static function is_admin() {
$sql = "SELECT * FROM `users` WHERE `username`=? AND `access`=?;";
$bind = "ss";
global $sql;
$query = "SELECT COUNT( * ) FROM `users` WHERE `username`=? AND `access`=?;";
$bind_variables = array( $_SESSION["user"], "admin" );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking user acess." ) );
$return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking user acess." ), 'fetchColumn' );
if( mysqli_num_rows( $return ) > 0 ) {
if( $return > 0 ) {
return( true );
} else {
@ -211,17 +214,20 @@ class Common {
public static function logout() {
$sql = "UPDATE `users` SET `token`=? WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( null, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
try {
if( isset( $_SESSION["user"] ) ) {
$json = json_decode( $return, true );
echo( $return );
} catch( exception $e ) {}
global $sql;
$query = "UPDATE `users` SET `token`=? WHERE `username`=?;";
$bind_variables = array( null, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error updating user information." ), 'fetchColumn' );
if( ! $return > 0 ) {
$json = json_decode( $return, true );
echo( $return );
}
}
session_unset();
session_destroy();
session_start();
@ -231,44 +237,37 @@ class Common {
// Search Users
//////////////////////////////////////////////////////////////////
public function search_users( $username, $return = "return", $exclude_current = false ) {
public static function search_users( $username, $return = "return", $exclude_current = false ) {
$sql = "SELECT `username` FROM `users` WHERE `username` LIKE ?";
$bind = "s";
global $sql;
$query = "SELECT username FROM users WHERE username LIKE ?";
$bind_variables = array( "%{$username}%" );
if( $exclude_current ) {
$sql .= " AND `username`!=?";
$bind .= "s";
$query .= " AND username != ?";
array_push( $bind_variables, $_SESSION["user"] );
}
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error selecting user information." ) );
$user_list = array();
$result = $sql->query( $query, $bind_variables, array() );
foreach( $result as $row ) {
array_push( $user_list, $row["username"] );
}
if( mysqli_num_rows( $result ) > 0 ) {
if( ! empty( $result ) ) {
switch( $return ) {
case( "exit" ):
exit( formatJSEND( "success", $user_list ) );
exit( formatJSEND( "success", $result ) );
break;
case( "json" ):
$return = json_encode( $user_list );
$return = json_encode( $result );
break;
case( "return" ):
$return = $user_list;
$return = $result;
break;
}
} else {
@ -465,14 +464,18 @@ class Common {
public static function checkSession() {
$pass = false;
$sql = "SELECT * FROM `users` WHERE `username`=? AND `token`=PASSWORD( ? );";
$bind = "ss";
$bind_variables = array( $_SESSION["user"], $_SESSION["token"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
if( isset( $_SESSION["token"] ) && isset( $_SESSION["user"] ) ) {
$pass = true;
global $sql;
$query = "SELECT COUNT( * ) FROM `users` WHERE `username`=? AND `token`=SHA1( ? );";
$bind_variables = array( $_SESSION["user"], $_SESSION["token"] );
$return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking access." ), "fetchColumn" );
if( $return > 0 ) {
$pass = true;
}
}
if( ! $pass ) {
@ -553,7 +556,7 @@ class Common {
} else {
// Error /////////////////////////////////////////////////
$jsend = '{"status":"error","message":"' . $data . '"' . $debug . '}';
$jsend = '{"status":"' . $status . '","message":"' . $data . '"' . $debug . '}';
}
// Return ////////////////////////////////////////////////
return $jsend;
@ -574,14 +577,12 @@ class Common {
public static function checkPath( $path ) {
$sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
$bind = "s";
global $sql;
$query = "SELECT * FROM projects WHERE LOCATE( path, ? ) > 0 LIMIT 1;";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
$result = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $result ) > 0 ) {
$result = mysqli_fetch_assoc( $result );
if( ! empty( $result ) ) {
try {
@ -626,7 +627,7 @@ class Common {
public static function isAbsPath( $path ) {
return( $path[0] === '/' || $path[1] === ':' ) ? true : false;
return( ( isset( $path[0] ) && $path[0] === '/' ) || ( isset( $path[1] ) && $path[1] === ':' ) ) ? true : false;
}
//////////////////////////////////////////////////////////////////

8
components/active/init.js
View File

@ -447,7 +447,7 @@
// Save active editor
//////////////////////////////////////////////////////////////////
save: function(path) {
save: function(path, alerts=true) {
/* Notify listeners. */
amplify.publish('active.onSave', path);
@ -487,17 +487,17 @@
if (success) {
codiad.filemanager.savePatch(path, patch, session.serverMTime, {
success: handleSuccess
});
}, alerts);
} else {
codiad.filemanager.saveFile(path, newContent, {
success: handleSuccess
});
}, alerts);
}
}, this);
} else {
codiad.filemanager.saveFile(path, newContent, {
success: handleSuccess
});
}, alert);
}
},

6
components/autosave/init.js
View File

@ -108,6 +108,7 @@
return;
}
/*
let tabs = document.getElementsByClassName( "tab-item" );
let path = codiad.active.getPath();
let content = codiad.editor.getContent();
@ -128,7 +129,10 @@
session.tabThumb.removeClass('changed');
}
}
}*/
let path = codiad.active.getPath();
codiad.active.save( path, false );
this.saving = false;
},

1
components/default_plugins.json
View File

@ -1 +0,0 @@
["https:\/\/github.com\/rafasashi\/Codiad-Archives","https:\/\/github.com\/Andr3as\/Codiad-AutoPrefixer","https:\/\/github.com\/Andr3as\/Codiad-CodeGit","https:\/\/github.com\/Fluidbyte\/Codiad-ColorPicker","https:\/\/github.com\/Andr3as\/Codiad-DragDrop","https:\/\/github.com\/Andr3as\/Codiad-Duplicate","https:\/\/github.com\/Andr3as\/Codiad-Permissions"]

5
components/editor/init.js
View File

@ -1514,9 +1514,8 @@
}
},
paste: function() {
//this works only in chrome
console.log( "this works only in chrome." );
paste: function( ) {
navigator.clipboard.readText().then(text => {codiad.editor.getActive().insert( text )});
},

24
components/filemanager/class.filemanager.php
View File

@ -107,10 +107,32 @@ class Filemanager extends Common {
$get['destination'] = Filemanager::cleanPath( $get['destination'] );
if ( $this->isAbsPath( $get['path'] ) ) {
$i = 1;
$this->destination = $get['destination'];
do {
if( ( is_file( $this->destination ) || is_dir( $this->destination ) ) ) {
$this->destination = $get['destination'] . " $i";
}
$i++;
echo var_dump( $this->destination );
} while( ( is_file( $this->destination ) || is_dir( $this->destination ) ) );
} else {
$this->destination = $this->root . $get['destination'];
$i = 1;
$this->destination = $get['destination'];
do {
if( ( is_file( $this->destination ) || is_dir( $this->destination ) ) ) {
$this->destination = $this->root . $get['destination'] . " $i";
}
$i++;
echo var_dump( $this->destination );
} while( ( is_file( $this->destination ) || is_dir( $this->destination ) ) );
}
}
}

12
components/filemanager/context_menu.json
View File

@ -137,6 +137,12 @@
"applies-to" : "editor-only",
"onclick": "document.execCommand( 'copy' );"
},
{
"title": "Cut",
"icon": "icon-pencil",
"applies-to" : "editor-only",
"onclick": "document.execCommand( 'cut' );"
},
{
"title": "Paste",
"icon": "icon-docs",
@ -151,13 +157,13 @@
},
{
"title": "Find",
"icon": "icon-docs",
"icon": "icon-search",
"applies-to" : "editor-only",
"onclick": "codiad.editor.openSearch('find');"
},
{
"title": "Replace",
"icon": "icon-docs",
"icon": "icon-pencil",
"applies-to" : "editor-only",
"onclick": "codiad.editor.openSearch('replace');"
},
@ -169,7 +175,7 @@
},
{
"title": "Sort",
"icon": "icon-docs",
"icon": "icon-box",
"applies-to" : "editor-only",
"onclick": "codiad.editor.openSort();"
}

12
components/filemanager/init.js
View File

@ -210,6 +210,7 @@
* away from the context menu to warrant a close.
*/
$('#file-manager, #editor-region').on( 'mousemove', codiad.filemanager.contextCheckMouse );
$('#context-menu, #editor-region').on( 'paste', codiad.editor.paste );
/* Notify listeners. */
amplify.publish('context-menu.onShow', {e: e, path: path, type: type});
@ -231,6 +232,7 @@
if( ( e.clientX > right || e.clientX < left ) || ( e.clientY > bottom || e.clientY < top ) ) {
$('#file-manager, #editor-region').off( 'mousemove', codiad.filemanager.contextCheckMouse );
$('#context-menu, #editor-region').off( 'paste', codiad.editor.paste );
codiad.filemanager.contextMenuHide();
}
},
@ -523,9 +525,9 @@
this.saveModifications(path, {content: content}, callbacks, save);
},
savePatch: function(path, patch, mtime, callbacks) {
savePatch: function(path, patch, mtime, callbacks, alerts) {
if (patch.length > 0)
this.saveModifications(path, {patch: patch, mtime: mtime}, callbacks);
this.saveModifications(path, {patch: patch, mtime: mtime}, callbacks, alerts);
else if (typeof callbacks.success === 'function'){
var context = callbacks.context || this;
callbacks.success.call(context, mtime);
@ -616,12 +618,10 @@
var _this = this;
var shortName = this.getShortName(this.clipboard);
var type = this.getType(this.clipboard);
if(duplicate){
shortName = "copy_of_"+shortName;
}
$.get(this.controller + '?action=duplicate&path=' +
encodeURIComponent(this.clipboard) + '&destination=' +
encodeURIComponent(path + '/' + shortName), function(data) {
encodeURIComponent(path + '/' + shortName) + '&duplicate=' + encodeURIComponent( duplicate ), function(data) {
var pasteResponse = codiad.jsend.parse(data);
if (pasteResponse != 'error') {
_this.createObject(path, path + '/' + shortName, type);

36
components/install/process.php
View File

@ -88,12 +88,13 @@ if ( ! ( defined( "DBHOST" ) && defined( "DBNAME" ) && defined( "DBUSER" ) && de
}
$timezone = $_POST['timezone'];
$dbtype = $_POST['dbtype'];
$dbhost = $_POST['dbhost'];
$dbname = $_POST['dbname'];
$dbuser = $_POST['dbuser'];
$dbpass = $_POST['dbpass'];
$connection = mysqli_connect( $dbhost, $dbuser, $dbpass, $dbname ) or die ( 'Error connecting to mysql database. Please contact the website administrator.' );
$connection = new PDO( "{$dbtype}:host={$dbhost};dbname={$dbname}", $dbuser, $dbpass );
$bind_vars = array();
$bind = "";
$sql = "
@ -235,9 +236,15 @@ ALTER TABLE `user_options`
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
";
$result = mysqli_multi_query( $connection, $sql ) or die( "Error creating tables." );
try {
$result = $connection->exec($sql);
} catch( PDOException $e ) {
echo $e->getMessage();
die();
}
//////////////////////////////////////////////////////////////////
// Create Projects files
@ -246,7 +253,7 @@ ALTER TABLE `user_options`
$project_path = cleanPath( $project_path );
if ( ! isAbsPath( $project_path ) ) {
$project_path = str_replace( " ", "_", preg_replace( '/[^\w-\.]/', '', $project_path ) );
if( ! is_dir( $workspace . "/" . $project_path ) ) {
@ -274,17 +281,14 @@ ALTER TABLE `user_options`
}
}
$connection = mysqli_connect( $dbhost, $dbuser, $dbpass, $dbname ) or die ( 'Error connecting to mysql database. Please contact the website administrator.' );
$bind_vars = array(
$project_name,
$project_path,
$username
);
$bind = "sss";
$sql = "INSERT INTO `projects`(`name`, `path`, `owner`) VALUES (?,?,?);";
$result = mysqli_prepare( $connection, $sql ) or die( "Error inserting into projects." );
$result->bind_param( $bind, ...$bind_vars );
$result->execute();
$query = "INSERT INTO `projects`(`name`, `path`, `owner`) VALUES (?,?,?);";
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
$bind_vars = array(
"",
@ -297,11 +301,9 @@ ALTER TABLE `user_options`
"",
""
);
$bind = "sssssssss";
$sql = "INSERT INTO `users`(`first_name`, `last_name`, `username`, `password`, `email`, `project`, `access`, `groups`, `token`) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?)";
$result = mysqli_prepare( $connection, $sql ) or die( "Error inserting into users." );
$result->bind_param( $bind, ...$bind_vars );
$result->execute();
$query = "INSERT INTO `users`(`first_name`, `last_name`, `username`, `password`, `email`, `project`, `access`, `groups`, `token`) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?)";
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
@ -367,7 +369,7 @@ define( "DBHOST", "' . $_POST['dbhost'] . '" );
define( "DBNAME", "' . $_POST['dbname'] . '" );
define( "DBUSER", "' . $_POST['dbuser'] . '" );
define( "DBPASS", "' . $_POST['dbpass'] . '" );
define( "DBTYPE", "mysql" );
define( "DBTYPE", "' . $_POST['dbtype'] . '" );
//////////////////////////////////////////////////////////////////
// ** DO NOT EDIT CONFIG BELOW **

7
components/install/view.php
View File

@ -46,7 +46,7 @@ $autocomplete = array(
'dbname' => '',
'dbuser' => '',
'dbpass' => '',
'dbtype' => '',
'dbtype' => 'mysql',
);
if (!empty($query)) {
@ -165,6 +165,8 @@ if ($newrelic) {
<input type="text" name="dbuser" value="<?php echo($autocomplete['dbuser']); ?>">
<label><?php i18n("Database Pass"); ?></label>
<input type="text" name="dbpass" value="<?php echo($autocomplete['dbpass']); ?>">
<label><?php i18n("Database Type"); ?></label>
<input type="text" name="dbtype" value="<?php echo($autocomplete['dbtype']); ?>">
<hr>
<?php
$location = array(
@ -274,9 +276,6 @@ if ($newrelic) {
echo($timezones);
?>
</select>
<button><?php i18n("Install"); ?></button>
</form>
<?php

190
components/keybindings/init.js
View File

@ -1,91 +1,105 @@
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
/**
* Copyright (c) Codiad & Kent Safranski (codiad.com), Isaac Brown ( telaaedifex.com ),
* distributed as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
(function(global, $){
var codiad = global.codiad;
//////////////////////////////////////////////////////////////////////
// CTRL Key Bind
//////////////////////////////////////////////////////////////////////
$.ctrl = function(key, callback, args) {
$(document)
.keydown(function(e) {
if (!args) args = [];
if (e.keyCode == key && (e.ctrlKey || e.metaKey)) {
if (!(e.ctrlKey && e.altKey)) {
callback.apply(this, args);
return false;
}
}
});
};
$(function() {
codiad.keybindings.init();
});
//////////////////////////////////////////////////////////////////////
// Bindings
//////////////////////////////////////////////////////////////////////
codiad.keybindings = {
init: function() {
// Close Modals //////////////////////////////////////////////
$(document)
.keyup(function(e) {
if (e.keyCode == 27) {
codiad.modal.unload();
}
});
// Save [CTRL+S] /////////////////////////////////////////////
$.ctrl('83', function() {
codiad.active.save();
});
// Open in browser [CTRL+O] //////////////////////////////////
$.ctrl('79', function() {
codiad.active.openInBrowser();
});
// Find [CTRL+F] /////////////////////////////////////////////
$.ctrl('70', function() {
codiad.editor.openSearch('find');
});
// Replace [CTRL+R] //////////////////////////////////////////
$.ctrl('82', function() {
codiad.editor.openSearch('replace');
});
// Active List Previous [CTRL+UP] ////////////////////////////
$.ctrl('38', function() {
codiad.active.move('up');
});
// Active List Next [CTRL+DOWN] //////////////////////////////
$.ctrl('40', function() {
codiad.active.move('down');
});
// Autocomplete [CTRL+SPACE] /////////////////////////////////
$.ctrl('32', function() {
codiad.autocomplete.suggest();
});
$.ctrl('71', function(){
if (codiad.finder) {
codiad.finder.expandFinder();
}
});
}
};
(function( global, $ ) {
var codiad = global.codiad;
//////////////////////////////////////////////////////////////////////
// CTRL Key Bind
//////////////////////////////////////////////////////////////////////
$.ctrl = function(key, callback, args) {
$(document).keydown(function(e) {
if ( !args ) args = [];
if ( e.keyCode == key && ( e.ctrlKey || e.metaKey ) ) {
if ( ! ( e.ctrlKey && e.altKey ) ) {
callback.apply( this, args );
return false;
}
}
});
};
$(function() {
codiad.keybindings.init();
});
//////////////////////////////////////////////////////////////////////
// Bindings
//////////////////////////////////////////////////////////////////////
codiad.keybindings = {
init: function() {
// Active List Next [CTRL+DOWN] //////////////////////////////
$.ctrl( '40', function() {
codiad.active.move('down');
});
// Active List Previous [CTRL+UP] ////////////////////////////
$.ctrl( '38', function() {
codiad.active.move('up');
});
// Autocomplete [CTRL+SPACE] /////////////////////////////////
$.ctrl( '32', function() {
codiad.autocomplete.suggest();
});
// Close Modals //////////////////////////////////////////////
$( document ).keyup( function( e ) {
if( e.keyCode == 27 ) {
codiad.modal.unload();
}
});
// Find [CTRL+F] /////////////////////////////////////////////
$.ctrl( '70', function() {
codiad.editor.openSearch( 'find' );
});
// Open in browser [CTRL+O] //////////////////////////////////
$.ctrl( '79', function() {
codiad.active.openInBrowser();
});
// Replace [CTRL+R] //////////////////////////////////////////
$.ctrl( '82', function() {
codiad.editor.openSearch( 'replace' );
});
// Save [CTRL+S] /////////////////////////////////////////////
$.ctrl( '83', function() {
codiad.active.save();
});
// Search Files [CTRL+G] /////////////////////////////////////
$.ctrl( '71', function() {
if( codiad.finder ) {
codiad.finder.expandFinder();
}
});
}
};
})(this, jQuery);

167
components/project/class.project.php
View File

@ -1,8 +1,8 @@
<?php
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* Copyright (c) Codiad & Kent Safranski (codiad.com), Isaac Brown
* distributed as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
@ -45,6 +45,7 @@ class Project extends Common {
public function add_project( $project_name, $project_path, $owner = null ) {
global $sql;
if( $this->public_project ) {
$owner = 'nobody';
@ -53,24 +54,29 @@ class Project extends Common {
$owner = $_SESSION["user"];
}
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$query = "INSERT INTO projects( name, path, owner ) VALUES ( ?, ?, ? );";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
return( $return );
if( $return > 0 ) {
formatJSEND( "success", "Created project $project_name" );
} else {
formatJSEND( "error", "Error creating project $project_name" );
}
}
public function add_user() {
$sql = "SELECT `access` FROM `projects` WHERE `path`=? AND `owner`=?";
$bind = "ss";
global $sql;
$query = "SELECT access FROM projects WHERE path=? AND owner=?";
$bind_variables = array( $this->path, $_SESSION["user"] );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$result = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $result ) > 0 ) {
if( ! empty( $result ) ) {
$access = json_decode( mysqli_fetch_assoc( $result )["access"] );
$access = json_decode( $result["access"] );
if( is_array( $access ) ) {
@ -86,17 +92,20 @@ class Project extends Common {
}
$access = json_encode( $access );
$sql = "UPDATE `projects` SET `access`=? WHERE `path`=? AND `owner`=?;";
$bind = "sss";
$query = "UPDATE projects SET access=? WHERE path=? AND owner=?;";
$bind_variables = array( $access, $this->path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error setting access for project." ) );
if( sql::check_sql_error( $return ) ) {
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result > 0 ) {
echo( formatJSEND( "success", "Successfully added {$this->user}." ) );
} else {
echo $return;
echo formatJSEND( "error", "Error setting access for project." );
}
} else {
echo formatJSEND( "error", "Error fetching projects." );
}
}
@ -106,15 +115,15 @@ class Project extends Common {
$path = $this->path;
}
$sql = "SELECT `owner` FROM `projects` WHERE `path`=?";
$bind = "s";
global $sql;
$query = "SELECT owner FROM projects WHERE path=?";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$result = $sql->query( $query, $bind_variables, array() )[0];
$return = false;
if( mysqli_num_rows( $result ) > 0 ) {
if( ! empty( $result ) ) {
$owner = mysqli_fetch_assoc( $result )["owner"];
$owner = $result["owner"];
if( $exclude_public ) {
if( $owner == $_SESSION["user"] ) {
@ -138,14 +147,14 @@ class Project extends Common {
$path = $this->path;
}
$sql = "SELECT `access` FROM `projects` WHERE `path`=?";
$bind = "s";
global $sql;
$query = "SELECT access FROM projects WHERE path=?";
$bind_variables = array( $path );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $return ) > 0 ) {
if( ! empty( $return ) ) {
$return = mysqli_fetch_assoc( $return )["access"];
$return = $return["access"];
} else {
$return = formatJSEND( "error", "Error fetching project info." );
@ -160,14 +169,14 @@ class Project extends Common {
$path = $this->path;
}
$sql = "SELECT `owner` FROM `projects` WHERE `path`=?";
$bind = "s";
global $sql;
$query = "SELECT owner FROM projects WHERE path=?";
$bind_variables = array( $path );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $return ) > 0 ) {
if( ! empty( $return ) ) {
$return = mysqli_fetch_assoc( $return )["owner"];
$return = $return["owner"];
} else {
$return = formatJSEND( "error", "Error fetching project info." );
@ -182,15 +191,13 @@ class Project extends Common {
$project = $this->path;
}
$sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' ) ORDER BY `name`;";
$bind = "ss";
global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $return ) > 0 ) {
if( ! empty( $return ) ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC )[0];
} else {
$return = formatJSEND( "error", "Error fetching projects." );
@ -201,15 +208,12 @@ class Project extends Common {
public function get_projects() {
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' OR `access` LIKE ? ORDER BY `name`;";
$bind = "ss";
global $sql;
$query = "SELECT * FROM projects WHERE owner=? OR owner='nobody' OR access LIKE ? ORDER BY name;";
$bind_variables = array( $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = $sql->query( $query, $bind_variables, array() );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
} else {
if( empty( $return ) ) {
$return = formatJSEND( "error", "Error fetching projects." );
}
@ -219,14 +223,14 @@ class Project extends Common {
public function remove_user() {
$sql = "SELECT `access` FROM `projects` WHERE `path`=? AND `owner`=?";
$bind = "ss";
global $sql;
$query = "SELECT access FROM projects WHERE path=? AND owner=?";
$bind_variables = array( $this->path, $_SESSION["user"] );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$result = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $result ) > 0 ) {
if( ! empty( $result ) ) {
$access = json_decode( mysqli_fetch_assoc( $result )["access"] );
$access = json_decode( $result["access"] );
if( is_array( $access ) ) {
@ -242,36 +246,46 @@ class Project extends Common {
}
$access = json_encode( $access );
$sql = "UPDATE `projects` SET `access`=? WHERE `path`=? AND `owner`=?;";
$bind = "sss";
$query = "UPDATE projects SET access=? WHERE path=? AND owner=?;";
$bind_variables = array( $access, $this->path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error setting access for project." ) );
if( sql::check_sql_error( $return ) ) {
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
echo( formatJSEND( "success", "Successfully removed {$this->user}." ) );
} else {
echo $return;
echo formatJSEND( "error", "Error setting access for project." );
}
} else {
echo formatJSEND( "error", "Error fetching projects." );
}
}
public function rename_project( $old_name, $new_name, $path ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
global $sql;
$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = $sql->query( $query, $bind_variables, array() );
if( mysqli_num_rows( $return ) > 0 ) {
if( ! empty( $return ) ) {
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ssss";
$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
if( $return > 0 ) {
echo( formatJSEND( "success", "Renamed " . htmlentities( $old_name ) . " to " . htmlentities( $new_name ) ) );
} else {
echo( formatJSEND( "error", "Error renaming project." ) );
}
} else {
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
echo( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
}
}
@ -321,20 +335,19 @@ class Project extends Common {
public function Open() {
$sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' OR `access` LIKE ? );";
$bind = "sss";
global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' OR access LIKE ? );";
$bind_variables = array( $this->path, $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( mysqli_num_rows( $return ) > 0 ) {
if( ! empty( $return ) ) {
$return = mysqli_fetch_assoc( $return );
$sql = "UPDATE `users` SET `project`=? WHERE `username`=?;";
$bind = "ss";
$query = "UPDATE users SET project=? WHERE username=?;";
$bind_variables = array( $this->path, $_SESSION["user"] );
sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
} else {
@ -358,7 +371,7 @@ class Project extends Common {
}
if ( $this->path != '' ) {
if( ! $this->public_project ) {
if( ! $this->public_project && ! $this->isAbsPath( $this->path ) ) {
$this->path = $_SESSION["user"] . '/' . $this->path;
}
@ -471,17 +484,17 @@ class Project extends Common {
public function Delete() {
$sql = "DELETE FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ss";
global $sql;
$query = "DELETE FROM projects WHERE path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $this->path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
echo( formatJSEND( "success", "Successfully deleted $project_name." ) );
echo( formatJSEND( "success", "Successfully deleted $project_name" ) );
} else {
echo $return;
echo formatJSEND( "error", "Error deleting project $project_name" );
}
}

4
components/project/dialog.php
View File

@ -75,10 +75,6 @@ switch( $_GET['action'] ) {
foreach( $projects as $project => $data ) {
$show = true;
if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
$show = false;
}
if( $show ) {
?>

3
components/project/init.js
View File

@ -422,6 +422,7 @@
async: false,
success: function( data ) {
console.log( data );
current_response = codiad.jsend.parse( data );
}
});
@ -433,7 +434,7 @@
for( let i = current_response.length; i--; ) {
let optionElement = document.createElement( 'option' );
optionElement.innerText = current_response[i];
optionElement.innerText = current_response[i].username;
select_list.appendChild( optionElement );
}
}

94
components/settings/class.settings.php
View File

@ -104,60 +104,58 @@ class Settings {
public function __construct() {
}
public function delete_option( $option, $username = null ) {
public function delete_option( $option, $username ) {
global $sql;
if( $username == null ) {
$query = "DELETE FROM options WHERE `name`=?";
$bind = "s";
$query = "DELETE FROM options WHERE name=?";
$bind_variables = array(
$option,
);
sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Could not delete setting: $option" ) );
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
} else {
$query = "DELETE FROM options WHERE `name`=? AND `username`=?";
$bind = "ss";
$query = "DELETE FROM options WHERE name=? AND username=?";
$bind_variables = array(
$option,
$this->username,
);
sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Could not delete setting: $option" ) );
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
if( $result > 0 ) {
echo formatJSEND( "success", null );
} else {
echo formatJSEND( "error", "Could not delete option: $option" );
}
}
public function get_option( $option, $user_setting = null, $action = "return" ) {
public function get_option( $option, $user_setting, $action = "return" ) {
global $sql;
if( $user_setting == null ) {
$sql = "SELECT `value` FROM `options` WHERE `name`=?;";
$bind = "s";
$query = "SELECT value FROM options WHERE name=?;";
$bind_variables = array( $option );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return )["value"];
} else {
$return = null;
}
$return = $sql->query( $query, $bind_variables, array() )[0];
} else {
$sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
$bind = "ss";
$query = "SELECT value FROM user_options WHERE name=? AND username=?;";
$bind_variables = array( $option, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
$return = $sql->query( $query, $bind_variables, array() )[0];
}
if( ! empty( $return ) ) {
$return = $return["value"];
} else {
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return )["value"];
} else {
$return = null;
}
$return = null;
}
switch( $action ) {
@ -180,11 +178,11 @@ class Settings {
public function Save() {
global $sql;
foreach( $this->settings as $option => $value ) {
$this->update_option( $option, $value, $this->username );
}
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
@ -193,37 +191,51 @@ class Settings {
public function Load() {
$query = "SELECT DISTINCT * FROM user_options WHERE `username`=?;";
$bind = "s";
global $sql;
$query = "SELECT DISTINCT * FROM user_options WHERE username=?;";
$bind_variables = array(
$this->username
);
$options = sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Error, Could not load user's settings." ) );
echo formatJSEND( "success", $options );
$options = $sql->query( $query, $bind_variables, array() );
if( ! empty( $options ) ) {
echo formatJSEND( "success", $options );
} else {
echo formatJSEND( "error", "Error, Could not load user's settings." );
}
}
public function update_option( $option, $value, $user_setting = null ) {
$query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$bind = "sss";
global $sql;
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$bind_variables = array(
$option,
$this->username,
$value,
);
$result = sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Error, Could not load user's settings." ) );
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result !== true ) {
if( $result == 0 ) {
$query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
$bind = "sss";
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$bind_variables = array(
$value,
$option,
$this->username,
);
$result = sql::sql( $query, $bind, $bind_variables, formatJSEND( "error", "Error, Could not load user's settings." ) );
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
if( $result > 0 ) {
echo formatJSEND( "success", null );
} else {
echo formatJSEND( "error", "Error, Could not update option $option" );
}
}
}

8
components/settings/init.js
View File

@ -67,7 +67,13 @@
$.post( this.controller + '?action=save', {settings: JSON.stringify( settings )}, function( data ) {
parsed = codiad.jsend.parse( data );
data = data.replace(/},/gi, ",").split(",");
length = data.length;
for( i = 0;i < length; i++ ) {
parsed = codiad.jsend.parse( data );
}
});
/* Notify listeners */

4
components/settings/settings.editor.php
View File

@ -191,8 +191,8 @@
<td>
<select class="setting" data-setting="codiad.editor.autocomplete">
<option value="false" selected><?php i18n("No"); ?></option>
<option value="true"><?php i18n("Yes"); ?></option>
<option value="false" selected><?php i18n("Off"); ?></option>
<option value="true"><?php i18n("On"); ?></option>
</select>
</td>

104
components/sql/class.sql.php
View File

@ -1,51 +1,105 @@
<?php
class sql {
public $connection = null;
public $identifier_character = null;
protected static $instance = null;
public function __construct() {
}
public static function check_sql_error( $sql ) {
public function close() {
$this->connection = null;
}
public function connect() {
if( $this->connection == null ) {
$host = DBHOST;
$dbname = DBNAME;
$dbtype = DBTYPE;
$username = DBUSER;
$password = DBPASS;
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password );
}
return( $this->connection );
}
public static function escape_identifier( $i ) {
$i = preg_replace('/[^A-Za-z0-9_]+/', '', $i );
$i = $i;
}
public static function is_not_error( $i ) {
$return = false;
$result = json_decode( $sql );
$result = json_decode( $i );
if ( json_last_error() !== JSON_ERROR_NONE || $sql == NULL ) {
if ( json_last_error() !== JSON_ERROR_NONE || ( ! $i == NULL && ! $i["status"] == "error" ) ) {
$return = true;
}
return( $return );
}
public static function connect() {
public static function get_instance() {
$host = DBHOST;
$dbname = DBNAME;
$username = DBUSER;
$password = DBPASS;
$connection = mysqli_connect( $host, $username, $password, $dbname ) or die ( formatJSEND( "error", 'Error connecting to mysql database. Please contact the website administrator.' ) );
return( $connection );
}
public static function sql( $sql, $bind, $bind_variables, $error ) {
$connection = self::connect();
$result = mysqli_prepare( $connection, $sql ) or die( $error );
$result->bind_param( $bind, ...$bind_variables );
$result->execute();
$return = $result->get_result();
if( $connection->error ) {
// If the single instance hasn't been set, set it now.
if ( null == self::$instance ) {
$return = formatJSEND( "error", $connection->error );
self::$instance = new self;
}
$connection->close();
return self::$instance;
}
public function query( $query, $bind_variables, $default, $action='fetchAll' ) {
$connection = $this->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
switch( $action ) {
case( 'rowCount' ):
$return = $statement->rowCount();
break;
case( 'fetchAll' ):
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
case( 'fetchColumn' ):
$return = $statement->fetchColumn();
break;
default:
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
}
$error = $statement->errorInfo();
if( ! $error[0] == "00000" ) {
echo var_export( $return, $error );
$return = $default;
}
$this->close();
return( $return );
}
}

10
components/update/class.update.php
View File

@ -168,6 +168,16 @@ class Update {
}
}
public function check_for_update() {
$vars = json_decode( $this->Check(), true );
if( $vars[0]['data']['currentversion'] < $vars[0]['data']['remoteversion'] ) {
echo formatJSEND( "notice", "An update for Codiad is available" );
}
}
//////////////////////////////////////////////////////////////////
// Get Local Version
//////////////////////////////////////////////////////////////////

9
components/update/controller.php
View File

@ -18,6 +18,15 @@
$update = new Update();
//////////////////////////////////////////////////////////////////
// check
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='check_for_update') {
$update->check_for_update();
}
//////////////////////////////////////////////////////////////////
// Set Initial Version
//////////////////////////////////////////////////////////////////

14
components/update/init.js
View File

@ -11,6 +11,11 @@
$(window)
.load(function() {
codiad.update.init();
$( document ).ready( function() {
codiad.update.check_for_update();
});
});
codiad.update = {
@ -39,6 +44,15 @@
$('#modal-content').html('<div id="modal-loading"></div><div align="center">' + i18n("Contacting GitHub...") + '</div><br>');
},
check_for_update: function () {
var _this = this;
$.get( _this.controller + '?action=check_for_update', function( data ) {
response = codiad.jsend.parse( data );
});
},
//////////////////////////////////////////////////////////////////
// Download Archive
//////////////////////////////////////////////////////////////////

26
components/update/update.php
View File

@ -261,7 +261,7 @@ class updater {
$sql = new sql();
$connection = $sql->connect();
$sql = "
$query = "
CREATE TABLE IF NOT EXISTS `options`(
`id` INT(11) NOT NULL,
`name` VARCHAR(255) NOT NULL,
@ -300,11 +300,17 @@ ALTER TABLE `options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
ALTER TABLE `projects` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
ALTER TABLE `users` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
ALTER TABLE `user_options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
DELETE FROM options;
DELETE FROM projects;
DELETE FROM users;
DELETE FROM user_options;
";
if ( $connection->multi_query( $sql ) !== TRUE ) {
if ( $connection->exec( $query ) === false ) {
$this->restore();
exit( $connection->error );
exit( $connection->errorInfo() );
}
if( file_exists( $user_settings_file ) ) {
@ -318,12 +324,11 @@ ALTER TABLE `user_options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
foreach( $projects as $project => $data ) {
$owner = 'nobody';
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$query = "INSERT INTO projects( name, path, owner ) VALUES ( ?, ?, ? );";
$bind_variables = array( $data["name"], $data["path"], $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
} else {
$this->restore();
@ -345,12 +350,11 @@ ALTER TABLE `user_options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
$access = "user";
}
$sql = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, PASSWORD( ? ), ?, ? );";
$bind = "ssss";
$query = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, ?, ?, ? );";
$bind_variables = array( $user["username"], $user["password"], $access, null );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error that username is already taken." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
$this->username = $user["username"];
$this->set_default_options();

112
components/user/class.user.php
View File

@ -41,12 +41,12 @@ class User {
public function add_user() {
$sql = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, PASSWORD( ? ), ?, ? );";
$bind = "ssss";
global $sql;
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error that username is already taken." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
$this->set_default_options();
echo formatJSEND( "success", array( "username" => $this->username ) );
@ -58,55 +58,60 @@ class User {
public function delete_user() {
$sql = "DELETE FROM `user_options` WHERE `username`=?;";
$bind = "s";
global $sql;
$query = "DELETE FROM user_options WHERE username=?;";
$bind_variables = array( $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting user information." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
$sql = "DELETE FROM `users` WHERE `username`=?;";
$bind = "s";
$query = "DELETE FROM users WHERE username=?;";
$bind_variables = array( $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting user information." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
echo formatJSEND( "success", null );
} else {
echo $return;
echo formatJSEND( "error", "Error deleting user information." );
}
} else {
echo $return;
echo formatJSEND( "error", "Error deleting user information." );
}
}
public function get_user( $username ) {
$sql = "SELECT * FROM `users` WHERE `username`=?";
$bind = "s";
global $sql;
$query = "SELECT * FROM users WHERE username=?";
$bind_variables = array( $username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select user." ) );
$return = $sql->query( $query, $bind_variables, array() );
if( sql::check_sql_error( $return ) ) {
if( ! empty( $return ) ) {
echo formatJSEND( "success", $return );
} else {
echo $return;
echo formatJSEND( "error", "Could not select user." );
}
}
public function list_users() {
$sql = "SELECT * FROM `users`";
$bind = "";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select users." ) );
global $sql;
$query = "SELECT * FROM users";
$return = $sql->query( $query, array(), array() );
return( $return );
if( ! empty( $return ) ) {
return $return;
} else {
echo formatJSEND( "error", "Error can not select users." );
return array();
}
}
public function set_default_options() {
@ -163,14 +168,32 @@ class User {
}
}
global $sql;
$pass = false;
$this->EncryptPassword();
$sql = "SELECT * FROM `users` WHERE `username`=? AND `password`=PASSWORD( ? );";
$bind = "ss";
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $this->username, $this->password );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching user information." ) );
$return = $sql->query( $query, $bind_variables, array() );
if( mysqli_num_rows( $return ) > 0 ) {
/**
* Check and make sure the user is not using the old encryption.
*/
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
$bind_variables = array( $this->username, $this->password );
$return = $sql->query( $query, $bind_variables, array() );
if( ! empty( $return ) ) {
$query = "UPDATE users SET password=? WHERE username=?;";
$bind_variables = array( $this->password, $this->username );
$return = $sql->query( $query, $bind_variables, array() );
}
}
if( ! empty( $return ) ) {
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
@ -180,14 +203,13 @@ class User {
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$user = mysqli_fetch_assoc( $return );
$user = $return;
$sql = "UPDATE `users` SET `token`=PASSWORD( ? ) WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $token, $this->username );
sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username );
$sql->query( $query, $bind_variables, 0, 'rowCount' );
if( $user['project'] != '' ) {
if( isset( $user['project'] ) && $user['project'] != '' ) {
$_SESSION['project'] = $user['project'];
}
@ -310,18 +332,18 @@ class User {
public function Password() {
global $sql;
$this->EncryptPassword();
$sql = "UPDATE `users` SET `password`=PASSWORD( ? ) WHERE `username`=?;";
$bind = "ss";
$query = "UPDATE users SET password=? WHERE username=?;";
$bind_variables = array( $this->password, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
echo formatJSEND( "success", null );
echo formatJSEND( "success", "Password changed" );
} else {
echo( $return );
echo formatJSEND( "error", "Error changing password" );
}
}
@ -331,17 +353,17 @@ class User {
public function Project() {
$sql = "UPDATE `users` SET `project`=? WHERE `username`=?;";
$bind = "ss";
global $sql;
$query = "UPDATE users SET project=? WHERE username=?;";
$bind_variables = array( $this->project, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( sql::check_sql_error( $return ) ) {
if( $return > 0 ) {
echo formatJSEND( "success", null );
} else {
echo( $return );
echo formatJSEND( "error", "Error updating project" );
}
}

2
components/user/dialog.php
View File

@ -129,7 +129,7 @@
<input type="password" name="password1" autofocus="autofocus">
<label><?php i18n("Confirm Password"); ?></label>
<input type="password" name="password2">
<button class="btn-left"><?php i18n("Change %{username}%&apos;s Password", array("username" => ucfirst($username))) ?></button>
<button class="btn-left"><?php i18n("Change %{username}%&apos;s Password", array("username" => ucfirst($username))) ?></button>
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n("Cancel"); ?></button>
<?php
break;

2
index.php
View File

@ -1,6 +1,6 @@
<?php
require_once('common.php');
require_once( 'common.php' );
// Context Menu
$context_menu = file_get_contents(COMPONENTS . "/filemanager/context_menu.json");

72
js/jsend.js
View File

@ -1,38 +1,48 @@
(function(global, $){
( function( global, $ ) {
var codiad = global.codiad;
//////////////////////////////////////////////////////////////////////
// Parse JSEND Formatted Returns
//////////////////////////////////////////////////////////////////////
codiad.jsend = {
parse: function(d) {
// (Data)
var obj = $.parseJSON(d);
var codiad = global.codiad;
//////////////////////////////////////////////////////////////////////
// Parse JSEND Formatted Returns
//////////////////////////////////////////////////////////////////////
codiad.jsend = {
parse: function( d ) {
// (Data)
var obj = $.parseJSON( d );
if ( obj === undefined || obj === null ) {
return 'error';
}
if (obj !== undefined && obj !== null && Array.isArray(obj.debug)) {
var debug = obj.debug.join('\nDEBUG: ');
if(debug !== '') {
debug = 'DEBUG: ' + debug;
}
console.log(debug);
}
if ( obj.status == 'error' ) {
codiad.message.error(obj.message);
return 'error';
} else {
return obj.data;
}
}
};
if ( obj !== undefined && obj !== null && Array.isArray( obj.debug ) ) {
var debug = obj.debug.join('\nDEBUG: ');
if( debug !== '' ) {
debug = 'DEBUG: ' + debug;
}
console.log( debug );
}
if ( obj.status == 'error' ) {
codiad.message.error( obj.message );
return 'error';
} else if( obj.status == 'warning' ) {
codiad.message.warning( obj.message );
return 'warning';
} else if( obj.status == 'notice' ) {
codiad.message.notice( obj.message );
return 'notice';
} else {
return obj.data;
}
}
};
})(this, jQuery);

79
js/message.js
View File

@ -1,36 +1,47 @@
(function(global, $){
( function( global, $ ) {
var codiad = global.codiad;
var codiad = global.codiad;
//////////////////////////////////////////////////////////////////////
// User Alerts / Messages
//////////////////////////////////////////////////////////////////////
codiad.message = {
init: function() {},
_showMessage: function(toastType, message, options) {
options = options || {};
options.text = message;
options.type = toastType
$().toastmessage('showToast', options);
},
success: function( m, options ) {
this._showMessage('success', m, options);
},
error: function( m, options ) {
this._showMessage('error', m, options);
},
warning: function( m, options ) {
this._showMessage('warning', m, options);
},
notice: function( m, options ) {
this._showMessage('notice', m, options);
},
hide: function() {
$(".toast-item-wrapper").remove();
}
};
//////////////////////////////////////////////////////////////////////
// User Alerts / Messages
//////////////////////////////////////////////////////////////////////
codiad.message = {
init: function() {},
_showMessage: function(toastType, message, options){
options = options || {};
options.text = message;
options.type = toastType
$().toastmessage('showToast', options);
},
success: function(m, options) {
this._showMessage('success', m, options);
},
error: function(m, options) {
this._showMessage('error', m, options);
},
warning: function(m, options) {
this._showMessage('warning', m, options);
},
notice: function(m, options){
this._showMessage('notice', m, options);
},
hide: function() {
$(".toast-item-wrapper").remove();
}
};
})(this, jQuery);
})( this, jQuery );