mirror of
https://github.com/xevidos/codiad.git
synced 2024-12-22 05:42:17 +01:00
Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.
This commit is contained in:
parent
84cfb3d9ad
commit
42a87590ac
9 changed files with 603 additions and 466 deletions
75
common.php
75
common.php
|
@ -108,11 +108,6 @@ class Common {
|
|||
exit( $output );
|
||||
break;
|
||||
|
||||
case( "json" ):
|
||||
|
||||
exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
|
||||
break;
|
||||
|
||||
case( "return" ):
|
||||
|
||||
return( $output );
|
||||
|
@ -129,10 +124,45 @@ class Common {
|
|||
if( ! self::check_session() ) {
|
||||
|
||||
session_destroy();
|
||||
self::return( "Access Denied", "json" );
|
||||
self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Check access to a project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
public static function check_project_access( $project_name, $project_path, $action ) {
|
||||
|
||||
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
|
||||
$bind = "sss";
|
||||
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
|
||||
|
||||
if( mysqli_num_rows( $return ) > 0 ) {
|
||||
|
||||
$return = mysqli_fetch_assoc( $return );
|
||||
|
||||
try {
|
||||
|
||||
$users = json_decode( $return["access"] );
|
||||
} catch( exception $e ) {
|
||||
|
||||
$users = array();
|
||||
}
|
||||
|
||||
if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
|
||||
|
||||
$return = true;
|
||||
} else {
|
||||
|
||||
$return = false;
|
||||
}
|
||||
} else {
|
||||
|
||||
$return = false;
|
||||
}
|
||||
|
||||
|
||||
self::return( $return, $action );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -213,7 +243,7 @@ class Common {
|
|||
session_save_path( SESSIONS_PATH );
|
||||
session_start();
|
||||
|
||||
if(! defined( 'SESSION_ID' ) ) {
|
||||
if( ! defined( 'SESSION_ID' ) ) {
|
||||
|
||||
define( "SESSION_ID", session_id() );
|
||||
}
|
||||
|
@ -410,26 +440,29 @@ class Common {
|
|||
|
||||
public static function checkPath( $path ) {
|
||||
|
||||
if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) {
|
||||
$sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
|
||||
$bind = "s";
|
||||
$bind_variables = array( $path );
|
||||
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
|
||||
|
||||
if( mysqli_num_rows( $result ) > 0 ) {
|
||||
|
||||
foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) {
|
||||
$result = mysqli_fetch_assoc( $result );
|
||||
|
||||
try {
|
||||
|
||||
if ( strpos( $path, $data ) === 0) {
|
||||
|
||||
return true;
|
||||
}
|
||||
$users = json_decode( $result["access"] );
|
||||
} catch( exception $e ) {
|
||||
|
||||
$users = array();
|
||||
}
|
||||
} else {
|
||||
|
||||
foreach( getJSON( 'projects.php' ) as $project => $data ) {
|
||||
if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
|
||||
|
||||
if ( strpos( $path, $data['path'] ) === 0 ) {
|
||||
|
||||
return true;
|
||||
}
|
||||
return( true );
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return( false );
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -405,7 +405,15 @@ class Filemanager extends Common {
|
|||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function delete( $keep_parent = false ) {
|
||||
|
||||
|
||||
if( Common::checkPath( $path ) ) {
|
||||
|
||||
$this->status = "error";
|
||||
$this->message = "No access.";
|
||||
$this->respond();
|
||||
return;
|
||||
}
|
||||
|
||||
function rrmdir( $path, $follow, $keep_parent = false ) {
|
||||
|
||||
if ( is_file( $path ) ) {
|
||||
|
|
|
@ -42,24 +42,85 @@ class Project extends Common {
|
|||
// NEW METHODS
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function add_project() {
|
||||
public function add_project( $project_name, $project_path, $owner = null ) {
|
||||
|
||||
if( $owner == null ) {
|
||||
|
||||
$owner = $_SESSION["user"];
|
||||
} else {
|
||||
|
||||
$owner = 'nobody';
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
|
||||
$bind = "sss";
|
||||
$bind_variables = array( $project_name, $project_path, $owner );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
|
||||
|
||||
return( $return );
|
||||
}
|
||||
|
||||
public function delete_project() {
|
||||
public function delete_project( $project_name, $project_path, $owner = null ) {
|
||||
|
||||
if( $owner == null ) {
|
||||
|
||||
$owner = $_SESSION["user"];
|
||||
} else {
|
||||
|
||||
$owner = 'nobody';
|
||||
}
|
||||
|
||||
$owner = $_SESSION["user"];
|
||||
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
|
||||
$bind = "sss";
|
||||
$bind_variables = array( $project_name, $project_path, $owner );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
|
||||
|
||||
try {
|
||||
|
||||
$json = json_decode( $return, true );
|
||||
exit( $return );
|
||||
} catch( exception $e ) {
|
||||
|
||||
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
|
||||
}
|
||||
}
|
||||
|
||||
public function get_projects() {
|
||||
|
||||
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
|
||||
$bind = "s";
|
||||
$bind_variables = array( $_SESSION["user"] );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
|
||||
|
||||
if( mysqli_num_rows( $return ) > 0 ) {
|
||||
|
||||
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
|
||||
} else {
|
||||
|
||||
$return = formatJSEND( "error", "Error fetching projects." );
|
||||
}
|
||||
|
||||
return( $return );
|
||||
}
|
||||
|
||||
public function rename_project() {
|
||||
public function rename_project( $old_name, $new_name, $path ) {
|
||||
|
||||
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
|
||||
$bind = "sss";
|
||||
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
|
||||
|
||||
if( mysqli_num_rows( $return ) > 0 ) {
|
||||
|
||||
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
|
||||
$bind = "ssss";
|
||||
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -234,10 +295,13 @@ class Project extends Common {
|
|||
if ( $data['path'] != $this->path ) {
|
||||
|
||||
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
|
||||
} else {
|
||||
|
||||
$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
|
||||
}
|
||||
}
|
||||
|
||||
$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
|
||||
$this->rename_project( $data['name'], );
|
||||
// Response
|
||||
echo formatJSEND("success", null);
|
||||
}
|
||||
|
@ -254,15 +318,13 @@ class Project extends Common {
|
|||
if ( $data['path'] != $this->path ) {
|
||||
|
||||
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
|
||||
} else {
|
||||
|
||||
$this->delete_project( $data['name'], $data['path'] );
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
$this->delete_project( , );
|
||||
// Response
|
||||
echo formatJSEND( "success", null );
|
||||
}
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Check Duplicate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -287,7 +349,7 @@ class Project extends Common {
|
|||
public function SanitizePath() {
|
||||
|
||||
$sanitized = str_replace( " ", "_", $this->path );
|
||||
return preg_replace( '/[^\w-]/', '', $sanitized );
|
||||
return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -335,4 +397,4 @@ class Project extends Common {
|
|||
shell_exec( $this->command_exec );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,113 +1,114 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
|
||||
* as-is and without warranty under the MIT License. See
|
||||
* [root]/license.txt for more. This information must remain intact.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
|
||||
* as-is and without warranty under the MIT License. See
|
||||
* [root]/license.txt for more. This information must remain intact.
|
||||
*/
|
||||
|
||||
|
||||
require_once('../../common.php');
|
||||
require_once('class.project.php');
|
||||
require_once('../../common.php');
|
||||
require_once('./class.project.php');
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Session or Key
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Session or Key
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
checkSession();
|
||||
checkSession();
|
||||
|
||||
$Project = new Project();
|
||||
$Project = new Project();
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Get Current Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Get Current Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
$no_return = false;
|
||||
$no_return = false;
|
||||
if (isset($_GET['no_return'])) {
|
||||
$no_return = true;
|
||||
$no_return = true;
|
||||
}
|
||||
|
||||
if ($_GET['action']=='get_current') {
|
||||
if (!isset($_SESSION['project'])) {
|
||||
// Load default/first project
|
||||
if ($no_return) {
|
||||
$Project->no_return = true;
|
||||
}
|
||||
$Project->GetFirst();
|
||||
} else {
|
||||
// Load current
|
||||
$Project->path = $_SESSION['project'];
|
||||
$project_name = $Project->GetName();
|
||||
if (!$no_return) {
|
||||
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! isset($_SESSION['project'])) {
|
||||
// Load default/first project
|
||||
if ($no_return) {
|
||||
$Project->no_return = true;
|
||||
}
|
||||
$Project->GetFirst();
|
||||
} else {
|
||||
// Load current
|
||||
$Project->path = $_SESSION['project'];
|
||||
$project_name = $Project->GetName();
|
||||
if (!$no_return) {
|
||||
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Open Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Open Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
if ($_GET['action']=='open') {
|
||||
if (!checkPath($_GET['path'])) {
|
||||
die(formatJSEND("error", "No Access"));
|
||||
}
|
||||
$Project->path = $_GET['path'];
|
||||
$Project->Open();
|
||||
if (!checkPath($_GET['path'])) {
|
||||
die(formatJSEND("error", "No Access to path " . $_GET['path']));
|
||||
}
|
||||
$Project->path = $_GET['path'];
|
||||
$Project->Open();
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Create Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Create Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
if ($_GET['action']=='create') {
|
||||
if (checkAccess()) {
|
||||
$Project->name = $_GET['project_name'];
|
||||
if ($_GET['project_path'] != '') {
|
||||
$Project->path = $_GET['project_path'];
|
||||
} else {
|
||||
$Project->path = $_GET['project_name'];
|
||||
}
|
||||
// Git Clone?
|
||||
if (!empty($_GET['git_repo'])) {
|
||||
$Project->gitrepo = $_GET['git_repo'];
|
||||
$Project->gitbranch = $_GET['git_branch'];
|
||||
}
|
||||
$Project->Create();
|
||||
}
|
||||
if (checkAccess()) {
|
||||
$Project->name = $_GET['project_name'];
|
||||
if ($_GET['project_path'] != '') {
|
||||
$Project->path = $_GET['project_path'];
|
||||
} else {
|
||||
$Project->path = $_GET['project_name'];
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Rename Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Git Clone?
|
||||
if (!empty($_GET['git_repo'])) {
|
||||
$Project->gitrepo = $_GET['git_repo'];
|
||||
$Project->gitbranch = $_GET['git_branch'];
|
||||
}
|
||||
$Project->Create();
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Rename Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
if ($_GET['action']=='rename') {
|
||||
if (!checkPath($_GET['project_path'])) {
|
||||
die(formatJSEND("error", "No Access"));
|
||||
}
|
||||
$Project->path = $_GET['project_path'];
|
||||
$Project->Rename();
|
||||
if (!checkPath($_GET['project_path'])) {
|
||||
die(formatJSEND("error", "No Access"));
|
||||
}
|
||||
$Project->path = $_GET['project_path'];
|
||||
$Project->Rename();
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Delete Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Delete Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
if ($_GET['action']=='delete') {
|
||||
if (checkAccess()) {
|
||||
$Project->path = $_GET['project_path'];
|
||||
$Project->Delete();
|
||||
}
|
||||
if (checkAccess()) {
|
||||
$Project->path = $_GET['project_path'];
|
||||
$Project->Delete();
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Return Current
|
||||
//////////////////////////////////////////////////////////////////
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Return Current
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
if ($_GET['action']=='current') {
|
||||
if (isset($_SESSION['project'])) {
|
||||
echo formatJSEND("success", $_SESSION['project']);
|
||||
} else {
|
||||
echo formatJSEND("error", "No Project Returned");
|
||||
}
|
||||
if (isset($_SESSION['project'])) {
|
||||
echo formatJSEND("success", $_SESSION['project']);
|
||||
} else {
|
||||
echo formatJSEND("error", "No Project Returned");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,12 +8,14 @@
|
|||
|
||||
|
||||
require_once('../../common.php');
|
||||
require_once('./class.project.php');
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Session or Key
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
checkSession();
|
||||
$Project = new Project;
|
||||
|
||||
switch( $_GET['action'] ) {
|
||||
|
||||
|
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
|
|||
case 'sidelist':
|
||||
|
||||
// Get projects data
|
||||
$projects = Project::get_projects();
|
||||
$projects = $Project->get_projects();
|
||||
?>
|
||||
<ul>
|
||||
<?php
|
||||
sort( $projects, SORT_NATURAL );
|
||||
//natcasesort( $projects );
|
||||
foreach( $projects as $project => $data ) {
|
||||
|
||||
if( $_GET['trigger'] == 'true' ) {
|
||||
|
@ -52,65 +54,64 @@ switch( $_GET['action'] ) {
|
|||
//////////////////////////////////////////////////////////////
|
||||
|
||||
case 'list':
|
||||
|
||||
// Get access control data
|
||||
$projects_assigned = false;
|
||||
if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
|
||||
$projects_assigned = getJSON($_SESSION['user'] . '_acl.php');
|
||||
}
|
||||
|
||||
?>
|
||||
<label><?php i18n("Project List"); ?></label>
|
||||
<div id="project-list">
|
||||
<table width="100%">
|
||||
<tr>
|
||||
<th width="70"><?php i18n("Open"); ?></th>
|
||||
<th width="150"><?php i18n("Project Name"); ?></th>
|
||||
<th width="250"><?php i18n("Path"); ?></th>
|
||||
<?php if(checkAccess()){ ?><th width="70"><?php i18n("Delete"); ?></th><?php } ?>
|
||||
</tr>
|
||||
</table>
|
||||
<div class="project-wrapper">
|
||||
<table width="100%" style="word-wrap: break-word;word-break: break-all;">
|
||||
<?php
|
||||
|
||||
// Get projects JSON data
|
||||
$projects = getJSON('projects.php');
|
||||
sort($projects);
|
||||
foreach($projects as $project=>$data){
|
||||
$show = true;
|
||||
if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; }
|
||||
if($show){
|
||||
?>
|
||||
<tr>
|
||||
<td width="70"><a onclick="codiad.project.open('<?php echo($data['path']); ?>');" class="icon-folder bigger-icon"></a></td>
|
||||
<td width="150"><?php echo($data['name']); ?></td>
|
||||
<td width="250"><?php echo($data['path']); ?></td>
|
||||
<?php
|
||||
if(checkAccess()){
|
||||
if($_SESSION['project'] == $data['path']){
|
||||
?>
|
||||
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
|
||||
<?php
|
||||
}else{
|
||||
?>
|
||||
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']); ?>','<?php echo($data['path']); ?>');" class="icon-cancel-circled bigger-icon"></a></td>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
|
||||
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
|
||||
<?php
|
||||
|
||||
|
||||
//Get projects data
|
||||
$projects = $Project->get_projects();
|
||||
?>
|
||||
<label><?php i18n("Project List"); ?></label>
|
||||
<div id="project-list">
|
||||
<table width="100%">
|
||||
<tr>
|
||||
<th width="70"><?php i18n( "Open");?></th>
|
||||
<th width="150"><?php i18n( "Project Name" );?></th>
|
||||
<th width="250"><?php i18n( "Path" );?></th>
|
||||
<?php if( checkAccess() ) { ?><th width="70"><?php i18n("Delete");?></th><?php } ?>
|
||||
</tr>
|
||||
</table>
|
||||
<div class="project-wrapper">
|
||||
<table width="100%" style="word-wrap: break-word;word-break: break-all;">
|
||||
<?php
|
||||
foreach( $projects as $project => $data ) {
|
||||
|
||||
$show = true;
|
||||
if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
|
||||
|
||||
$show = false;
|
||||
}
|
||||
if( $show ) {
|
||||
|
||||
?>
|
||||
<tr>
|
||||
<td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
|
||||
<td width="150"><?php echo($data['name']);?></td>
|
||||
<td width="250"><?php echo($data['path']);?></td>
|
||||
<?php
|
||||
if( checkAccess() ) {
|
||||
|
||||
if( $_SESSION['project'] == $data['path'] ) {
|
||||
|
||||
?>
|
||||
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
|
||||
<?php
|
||||
} else {
|
||||
|
||||
?>
|
||||
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
|
||||
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
|
||||
<?php
|
||||
break;
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
|
|
@ -57,7 +57,7 @@ class Settings {
|
|||
|
||||
if( $user_setting == null ) {
|
||||
|
||||
$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;";
|
||||
$sql = "SELECT `value` FROM `options` WHERE `name`=?;";
|
||||
$bind = "s";
|
||||
$bind_variables = array( $option );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
|
||||
|
@ -71,7 +71,7 @@ class Settings {
|
|||
}
|
||||
} else {
|
||||
|
||||
$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;";
|
||||
$sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
|
||||
$bind = "ss";
|
||||
$bind_variables = array( $option, $this->username );
|
||||
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
|
||||
|
@ -130,7 +130,7 @@ class Settings {
|
|||
|
||||
public function update_option( $option, $value, $user_setting = null ) {
|
||||
|
||||
$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );";
|
||||
$query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
|
||||
$bind = "sss";
|
||||
$bind_variables = array(
|
||||
$option,
|
||||
|
@ -141,7 +141,7 @@ class Settings {
|
|||
|
||||
if( $result !== true ) {
|
||||
|
||||
$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;";
|
||||
$query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
|
||||
$bind = "sss";
|
||||
$bind_variables = array(
|
||||
$value,
|
||||
|
|
|
@ -6,7 +6,7 @@ error_reporting(E_ALL);
|
|||
|
||||
require_once('../../common.php');
|
||||
require_once('../settings/class.settings.php');
|
||||
|
||||
require_once('../project/class.project.php');
|
||||
checkSession();
|
||||
if ( ! checkAccess() ) {
|
||||
echo "Error, you do not have access to update Codiad.";
|
||||
|
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
|
|||
}
|
||||
|
||||
$user_settings_file = DATA . "/settings.php";
|
||||
$projects_file = DATA . "/projects.php";
|
||||
$projects_file = DATA . "/users.php";
|
||||
|
||||
$system_settings_file = null;
|
||||
$Settings = new Settings();
|
||||
$Common = new Common();
|
||||
$Project = new Project();
|
||||
|
||||
if( file_exists( $user_settings_file ) ) {
|
||||
|
||||
|
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
|
|||
$Settings->username = $user;
|
||||
foreach( $settings as $setting => $value ) {
|
||||
|
||||
//echo var_dump( $setting, $value );
|
||||
$Settings->add_option( $setting, $value, true );
|
||||
$Settings->update_option( $setting, $value, true );
|
||||
}
|
||||
}
|
||||
unlink( $user_settings_file );
|
||||
}
|
||||
|
||||
if( file_exists( $projects_file ) ) {
|
||||
|
||||
$projects = getJSON( 'projects.php' );
|
||||
foreach( $projects as $project => $data ) {
|
||||
|
||||
$Project->add_project( $data["name"], $data["path"], true );
|
||||
}
|
||||
unlink( $projects_file );
|
||||
}
|
|
@ -6,46 +6,44 @@
|
|||
* [root]/license.txt for more. This information must remain intact.
|
||||
*/
|
||||
|
||||
class User
|
||||
{
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// PROPERTIES
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public $username = '';
|
||||
public $password = '';
|
||||
public $project = '';
|
||||
public $projects = '';
|
||||
public $users = '';
|
||||
public $actives = '';
|
||||
public $lang = '';
|
||||
public $theme = '';
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// METHODS
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
// -----------------------------||----------------------------- //
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Construct
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->users = getJSON('users.php');
|
||||
$this->actives = getJSON('active.php');
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Authenticate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Authenticate()
|
||||
{
|
||||
class User {
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// PROPERTIES
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public $username = '';
|
||||
public $password = '';
|
||||
public $project = '';
|
||||
public $projects = '';
|
||||
public $users = '';
|
||||
public $actives = '';
|
||||
public $lang = '';
|
||||
public $theme = '';
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// METHODS
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
// -----------------------------||----------------------------- //
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Construct
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function __construct() {
|
||||
|
||||
if ( ! is_dir( SESSIONS_PATH ) ) {
|
||||
$this->users = getJSON( 'users.php' );
|
||||
$this->actives = getJSON( 'active.php' );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Authenticate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Authenticate() {
|
||||
|
||||
if( ! is_dir( SESSIONS_PATH ) ) {
|
||||
|
||||
mkdir( SESSIONS_PATH, 00755 );
|
||||
}
|
||||
|
@ -59,13 +57,11 @@ class User
|
|||
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
|
||||
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
|
||||
|
||||
if ( ! ( $sessions_owner === $server_user ) ) {
|
||||
if( ! ( $sessions_owner === $server_user ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chown( SESSIONS_PATH, $server_user );
|
||||
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. The sessions folder owner has been sucessfully changed. Please log in again." ) );
|
||||
return;
|
||||
} catch( Exception $e ) {
|
||||
|
||||
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
|
||||
|
@ -73,13 +69,11 @@ class User
|
|||
}
|
||||
}
|
||||
|
||||
if ( ! in_array( $sessions_permissions, $permissions ) ) {
|
||||
if( ! in_array( $sessions_permissions, $permissions ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chmod( SESSIONS_PATH, 00755 );
|
||||
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. The sessions folder permissions have been sucessfully changed. Please log in again." ) );
|
||||
return;
|
||||
} catch( Exception $e ) {
|
||||
|
||||
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
|
||||
|
@ -87,244 +81,261 @@ class User
|
|||
}
|
||||
}
|
||||
|
||||
$pass = false;
|
||||
$this->EncryptPassword();
|
||||
$users = getJSON('users.php');
|
||||
foreach ($users as $user) {
|
||||
if ($user['username']==$this->username && $user['password']==$this->password) {
|
||||
|
||||
$pass = true;
|
||||
$_SESSION['id'] = SESSION_ID;
|
||||
$_SESSION['user'] = $this->username;
|
||||
$_SESSION['lang'] = $this->lang;
|
||||
$_SESSION['theme'] = $this->theme;
|
||||
$_SESSION["login_session"] = true;
|
||||
|
||||
if ($user['project']!='') {
|
||||
$_SESSION['project'] = $user['project'];
|
||||
}
|
||||
|
||||
$this->checkDuplicateSessions( $this->username );
|
||||
}
|
||||
}
|
||||
$pass = false;
|
||||
|
||||
if ($pass) {
|
||||
|
||||
echo formatJSEND("success", array("username"=>$this->username));
|
||||
} else {
|
||||
echo formatJSEND("error", "Incorrect Username or Password");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check duplicate sessions
|
||||
*
|
||||
* This function checks to see if the user is currently logged in
|
||||
* on any other machine and if they are then log them off. This
|
||||
* will fix the issue with the new auto save attempting to save both
|
||||
* users at the same time.
|
||||
*/
|
||||
|
||||
public static function checkDuplicateSessions( $username ) {
|
||||
|
||||
//ini_set('display_errors', 1);
|
||||
//ini_set('display_startup_errors', 1);
|
||||
//error_reporting(E_ALL);
|
||||
session_write_close();
|
||||
$all_sessions = array();
|
||||
$sessions = glob( SESSIONS_PATH . "/*" );
|
||||
session_id( SESSION_ID );
|
||||
// session_save_path( SESSIONS_PATH );
|
||||
|
||||
foreach( $sessions as $session ) {
|
||||
|
||||
//echo var_dump( $session ) . "\n\n";
|
||||
|
||||
if ( strpos( $session, "sess_") == false ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$session = str_replace( "sess_", "", $session );
|
||||
$session = str_replace( SESSIONS_PATH . "/", "", $session );
|
||||
//This skips temp files that aren't sessions
|
||||
if( strpos( $session, "." ) == false ) {
|
||||
|
||||
session_id( $session );
|
||||
session_start();
|
||||
$_SESSION["id"] = $session;
|
||||
array_push( $all_sessions, $_SESSION );
|
||||
|
||||
if ( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
|
||||
|
||||
session_destroy();
|
||||
} else {
|
||||
|
||||
session_abort();
|
||||
}
|
||||
}
|
||||
}
|
||||
//echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
|
||||
|
||||
session_id( SESSION_ID );
|
||||
session_start();
|
||||
}
|
||||
$this->EncryptPassword();
|
||||
$users = getJSON('users.php');
|
||||
foreach( $users as $user ) {
|
||||
|
||||
if( $user['username'] == $this->username && $user['password'] == $this->password ) {
|
||||
|
||||
$pass = true;
|
||||
$_SESSION['id'] = SESSION_ID;
|
||||
$_SESSION['user'] = $this->username;
|
||||
$_SESSION['lang'] = $this->lang;
|
||||
$_SESSION['theme'] = $this->theme;
|
||||
$_SESSION["login_session"] = true;
|
||||
|
||||
if($user['project']!='') {
|
||||
|
||||
$_SESSION['project'] = $user['project'];
|
||||
}
|
||||
|
||||
$this->checkDuplicateSessions( $this->username );
|
||||
}
|
||||
}
|
||||
|
||||
if( $pass ) {
|
||||
|
||||
echo formatJSEND( "success", array( "username" => $this->username ) );
|
||||
} else {
|
||||
|
||||
echo formatJSEND( "error", "Incorrect Username or Password" );
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Create Account
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Create()
|
||||
{
|
||||
$this->EncryptPassword();
|
||||
$pass = $this->checkDuplicate();
|
||||
if ($pass) {
|
||||
$this->users[] = array("username"=>$this->username,"password"=>$this->password,"project"=>"");
|
||||
saveJSON('users.php', $this->users);
|
||||
echo formatJSEND("success", array("username"=>$this->username));
|
||||
} else {
|
||||
echo formatJSEND("error", "The Username is Already Taken");
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Delete Account
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Delete()
|
||||
{
|
||||
// Remove User
|
||||
$revised_array = array();
|
||||
foreach ($this->users as $user => $data) {
|
||||
if ($data['username']!=$this->username) {
|
||||
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON('users.php', $revised_array);
|
||||
|
||||
// Remove any active files
|
||||
foreach ($this->actives as $active => $data) {
|
||||
if ($this->username==$data['username']) {
|
||||
unset($this->actives[$active]);
|
||||
}
|
||||
}
|
||||
saveJSON('active.php', $this->actives);
|
||||
|
||||
// Remove access control list (if exists)
|
||||
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) {
|
||||
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
|
||||
}
|
||||
|
||||
// Response
|
||||
echo formatJSEND("success", null);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Change Password
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Password()
|
||||
{
|
||||
$this->EncryptPassword();
|
||||
$revised_array = array();
|
||||
foreach ($this->users as $user => $data) {
|
||||
if ($data['username']==$this->username) {
|
||||
$revised_array[] = array("username"=>$data['username'],"password"=>$this->password,"project"=>$data['project']);
|
||||
} else {
|
||||
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON('users.php', $revised_array);
|
||||
// Response
|
||||
echo formatJSEND("success", null);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Set Project Access
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Project_Access()
|
||||
{
|
||||
// Access set to all projects
|
||||
if ($this->projects==0) {
|
||||
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) {
|
||||
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
|
||||
}
|
||||
// Access set to restricted list
|
||||
} else {
|
||||
// Save array back to JSON
|
||||
saveJSON($this->username . '_acl.php', $this->projects);
|
||||
}
|
||||
// Response
|
||||
echo formatJSEND("success", null);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Set Current Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Project()
|
||||
{
|
||||
$revised_array = array();
|
||||
foreach ($this->users as $user => $data) {
|
||||
if ($this->username==$data['username']) {
|
||||
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$this->project);
|
||||
} else {
|
||||
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON('users.php', $revised_array);
|
||||
// Response
|
||||
echo formatJSEND("success", null);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Check Duplicate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function CheckDuplicate()
|
||||
{
|
||||
$pass = true;
|
||||
foreach ($this->users as $user => $data) {
|
||||
if ($data['username']==$this->username) {
|
||||
$pass = false;
|
||||
}
|
||||
}
|
||||
return $pass;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Account Exists
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Verify()
|
||||
{
|
||||
$pass = 'false';
|
||||
foreach ($this->users as $user => $data) {
|
||||
if ($this->username==$data['username']) {
|
||||
$pass = 'true';
|
||||
}
|
||||
}
|
||||
echo($pass);
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Encrypt Password
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
private function EncryptPassword()
|
||||
{
|
||||
$this->password = sha1(md5($this->password));
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Clean username
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public static function CleanUsername($username)
|
||||
{
|
||||
return preg_replace('#[^A-Za-z0-9'.preg_quote('-_@. ').']#', '', $username);
|
||||
}
|
||||
/**
|
||||
* Check duplicate sessions
|
||||
*
|
||||
* This function checks to see if the user is currently logged in
|
||||
* on any other machine and if they are then log them off. This
|
||||
* will fix the issue with the new auto save attempting to save both
|
||||
* users at the same time.
|
||||
*/
|
||||
|
||||
public static function checkDuplicateSessions( $username ) {
|
||||
|
||||
session_write_close();
|
||||
$all_sessions = array();
|
||||
$sessions = glob( SESSIONS_PATH . "/*" );
|
||||
session_id( SESSION_ID );
|
||||
|
||||
foreach( $sessions as $session ) {
|
||||
|
||||
if( strpos( $session, "sess_") == false ) {
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
$session = str_replace( "sess_", "", $session );
|
||||
$session = str_replace( SESSIONS_PATH . "/", "", $session );
|
||||
//This skips temp files that aren't sessions
|
||||
if( strpos( $session, "." ) == false ) {
|
||||
|
||||
session_id( $session );
|
||||
session_start();
|
||||
$_SESSION["id"] = $session;
|
||||
array_push( $all_sessions, $_SESSION );
|
||||
|
||||
if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
|
||||
|
||||
session_destroy();
|
||||
} else {
|
||||
|
||||
session_abort();
|
||||
}
|
||||
}
|
||||
}
|
||||
session_id( SESSION_ID );
|
||||
session_start();
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Create Account
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Create() {
|
||||
|
||||
$this->EncryptPassword();
|
||||
$pass = $this->checkDuplicate();
|
||||
if( $pass ) {
|
||||
|
||||
$this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
|
||||
saveJSON( 'users.php', $this->users );
|
||||
echo formatJSEND( "success", array( "username" => $this->username ) );
|
||||
} else {
|
||||
|
||||
echo formatJSEND( "error", "The Username is Already Taken" );
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Delete Account
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Delete() {
|
||||
|
||||
// Remove User
|
||||
$revised_array = array();
|
||||
foreach( $this->users as $user => $data ) {
|
||||
|
||||
if( $data['username'] != $this->username ) {
|
||||
|
||||
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON( 'users.php', $revised_array );
|
||||
|
||||
// Remove any active files
|
||||
foreach( $this->actives as $active => $data ) {
|
||||
|
||||
if( $this->username == $data['username'] ) {
|
||||
|
||||
unset( $this->actives[$active] );
|
||||
}
|
||||
}
|
||||
saveJSON( 'active.php', $this->actives );
|
||||
|
||||
// Remove access control list (if exists)
|
||||
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
|
||||
|
||||
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
|
||||
}
|
||||
|
||||
// Response
|
||||
echo formatJSEND( "success", null );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Change Password
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Password() {
|
||||
|
||||
$this->EncryptPassword();
|
||||
$revised_array = array();
|
||||
foreach( $this->users as $user => $data ) {
|
||||
|
||||
if( $data['username'] == $this->username ) {
|
||||
|
||||
$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
|
||||
} else {
|
||||
|
||||
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON( 'users.php', $revised_array );
|
||||
// Response
|
||||
echo formatJSEND( "success", null );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Set Project Access
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Project_Access() {
|
||||
|
||||
// Access set to all projects
|
||||
if( $this->projects == 0 ) {
|
||||
|
||||
// Access set to restricted list
|
||||
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
|
||||
|
||||
unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
|
||||
}
|
||||
} else {
|
||||
|
||||
// Save array back to JSON
|
||||
saveJSON( $this->username . '_acl.php', $this->projects );
|
||||
}
|
||||
// Response
|
||||
echo formatJSEND( "success", null );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Set Current Project
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Project() {
|
||||
|
||||
$revised_array = array();
|
||||
foreach( $this->users as $user => $data ) {
|
||||
|
||||
if( $this->username == $data['username'] ) {
|
||||
|
||||
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
|
||||
} else {
|
||||
|
||||
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
|
||||
}
|
||||
}
|
||||
// Save array back to JSON
|
||||
saveJSON( 'users.php', $revised_array );
|
||||
// Response
|
||||
echo formatJSEND( "success", null );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Check Duplicate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function CheckDuplicate() {
|
||||
|
||||
$pass = true;
|
||||
foreach( $this->users as $user => $data ) {
|
||||
|
||||
if( $data['username'] == $this->username ) {
|
||||
|
||||
$pass = false;
|
||||
}
|
||||
}
|
||||
return $pass;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Account Exists
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Verify() {
|
||||
|
||||
$pass = 'false';
|
||||
foreach( $this->users as $user => $data ) {
|
||||
|
||||
if( $this->username == $data['username'] ) {
|
||||
|
||||
$pass = 'true';
|
||||
}
|
||||
}
|
||||
echo( $pass );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Encrypt Password
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
private function EncryptPassword() {
|
||||
|
||||
$this->password = sha1( md5( $this->password ) );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Clean username
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public static function CleanUsername( $username ) {
|
||||
|
||||
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
|
||||
}
|
||||
}
|
||||
|
|
11
index.php
11
index.php
|
@ -183,8 +183,15 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
|
|||
// AUTHENTICATED
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
}else{
|
||||
|
||||
} else {
|
||||
|
||||
define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
|
||||
|
||||
if( ! is_dir( USER_WORKSPACE ) ) {
|
||||
|
||||
mkdir( USER_WORKSPACE, 0755 );
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<div id="workspace">
|
||||
|
|
Loading…
Reference in a new issue