Mirror
/
codiad
mirror of https://github.com/xevidos/codiad.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.

This commit is contained in:
xevidos 2018-10-11 10:17:41 -04:00
parent 84cfb3d9ad
commit 42a87590ac
9 changed files with 603 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
common.php
View File

@ -108,11 +108,6 @@ class Common {
exit( $output );
break;
case( "json" ):
exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
break;
case( "return" ):
return( $output );
@ -129,10 +124,45 @@ class Common {
if( ! self::check_session() ) {
session_destroy();
self::return( "Access Denied", "json" );
self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
}
}
//////////////////////////////////////////////////////////////////
// Check access to a project
//////////////////////////////////////////////////////////////////
public static function check_project_access( $project_name, $project_path, $action ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
try {
$users = json_decode( $return["access"] );
} catch( exception $e ) {
$users = array();
}
if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
$return = true;
} else {
$return = false;
}
} else {
$return = false;
}
self::return( $return, $action );
}
//////////////////////////////////////////////////////////////////
@ -213,7 +243,7 @@ class Common {
session_save_path( SESSIONS_PATH );
session_start();
if(! defined( 'SESSION_ID' ) ) {
if( ! defined( 'SESSION_ID' ) ) {
define( "SESSION_ID", session_id() );
}
@ -410,26 +440,29 @@ class Common {
public static function checkPath( $path ) {
if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) {
$sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
$bind = "s";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
if( mysqli_num_rows( $result ) > 0 ) {
foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) {
$result = mysqli_fetch_assoc( $result );
try {
if ( strpos( $path, $data ) === 0) {
return true;
}
$users = json_decode( $result["access"] );
} catch( exception $e ) {
$users = array();
}
} else {
foreach( getJSON( 'projects.php' ) as $project => $data ) {
if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
if ( strpos( $path, $data['path'] ) === 0 ) {
return true;
}
return( true );
}
}
return false;
return( false );
}

10
components/filemanager/class.filemanager.php
View File

@ -405,7 +405,15 @@ class Filemanager extends Common {
//////////////////////////////////////////////////////////////////
public function delete( $keep_parent = false ) {
if( Common::checkPath( $path ) ) {
$this->status = "error";
$this->message = "No access.";
$this->respond();
return;
}
function rrmdir( $path, $follow, $keep_parent = false ) {
if ( is_file( $path ) ) {

84
components/project/class.project.php
View File

@ -42,24 +42,85 @@ class Project extends Common {
// NEW METHODS
//////////////////////////////////////////////////////////////////
public function add_project() {
public function add_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
return( $return );
}
public function delete_project() {
public function delete_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$owner = $_SESSION["user"];
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
try {
$json = json_decode( $return, true );
exit( $return );
} catch( exception $e ) {
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
}
}
public function get_projects() {
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
$bind = "s";
$bind_variables = array( $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
} else {
$return = formatJSEND( "error", "Error fetching projects." );
}
return( $return );
}
public function rename_project() {
public function rename_project( $old_name, $new_name, $path ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ssss";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
} else {
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
}
}
//////////////////////////////////////////////////////////////////
@ -234,10 +295,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
}
}
$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
$this->rename_project( $data['name'], );
// Response
echo formatJSEND("success", null);
}
@ -254,15 +318,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->delete_project( $data['name'], $data['path'] );
}
}
// Save array back to JSON
$this->delete_project( , );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Check Duplicate
//////////////////////////////////////////////////////////////////
@ -287,7 +349,7 @@ class Project extends Common {
public function SanitizePath() {
$sanitized = str_replace( " ", "_", $this->path );
return preg_replace( '/[^\w-]/', '', $sanitized );
return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
}
//////////////////////////////////////////////////////////////////
@ -335,4 +397,4 @@ class Project extends Common {
shell_exec( $this->command_exec );
}
}
}
}

161
components/project/controller.php
View File

@ -1,113 +1,114 @@
<?php
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
require_once('../../common.php');
require_once('class.project.php');
require_once('../../common.php');
require_once('./class.project.php');
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
checkSession();
checkSession();
$Project = new Project();
$Project = new Project();
//////////////////////////////////////////////////////////////////
// Get Current Project
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Get Current Project
//////////////////////////////////////////////////////////////////
$no_return = false;
$no_return = false;
if (isset($_GET['no_return'])) {
$no_return = true;
$no_return = true;
}
if ($_GET['action']=='get_current') {
if (!isset($_SESSION['project'])) {
// Load default/first project
if ($no_return) {
$Project->no_return = true;
}
$Project->GetFirst();
} else {
// Load current
$Project->path = $_SESSION['project'];
$project_name = $Project->GetName();
if (!$no_return) {
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
}
}
if ( ! isset($_SESSION['project'])) {
// Load default/first project
if ($no_return) {
$Project->no_return = true;
}
$Project->GetFirst();
} else {
// Load current
$Project->path = $_SESSION['project'];
$project_name = $Project->GetName();
if (!$no_return) {
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
}
}
}
//////////////////////////////////////////////////////////////////
// Open Project
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Open Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='open') {
if (!checkPath($_GET['path'])) {
die(formatJSEND("error", "No Access"));
}
$Project->path = $_GET['path'];
$Project->Open();
if (!checkPath($_GET['path'])) {
die(formatJSEND("error", "No Access to path " . $_GET['path']));
}
$Project->path = $_GET['path'];
$Project->Open();
}
//////////////////////////////////////////////////////////////////
// Create Project
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Create Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='create') {
if (checkAccess()) {
$Project->name = $_GET['project_name'];
if ($_GET['project_path'] != '') {
$Project->path = $_GET['project_path'];
} else {
$Project->path = $_GET['project_name'];
}
// Git Clone?
if (!empty($_GET['git_repo'])) {
$Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
if (checkAccess()) {
$Project->name = $_GET['project_name'];
if ($_GET['project_path'] != '') {
$Project->path = $_GET['project_path'];
} else {
$Project->path = $_GET['project_name'];
}
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
// Git Clone?
if (!empty($_GET['git_repo'])) {
$Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
}
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='rename') {
if (!checkPath($_GET['project_path'])) {
die(formatJSEND("error", "No Access"));
}
$Project->path = $_GET['project_path'];
$Project->Rename();
if (!checkPath($_GET['project_path'])) {
die(formatJSEND("error", "No Access"));
}
$Project->path = $_GET['project_path'];
$Project->Rename();
}
//////////////////////////////////////////////////////////////////
// Delete Project
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Delete Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='delete') {
if (checkAccess()) {
$Project->path = $_GET['project_path'];
$Project->Delete();
}
if (checkAccess()) {
$Project->path = $_GET['project_path'];
$Project->Delete();
}
}
//////////////////////////////////////////////////////////////////
// Return Current
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Return Current
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='current') {
if (isset($_SESSION['project'])) {
echo formatJSEND("success", $_SESSION['project']);
} else {
echo formatJSEND("error", "No Project Returned");
}
if (isset($_SESSION['project'])) {
echo formatJSEND("success", $_SESSION['project']);
} else {
echo formatJSEND("error", "No Project Returned");
}
}

123
components/project/dialog.php
View File

@ -8,12 +8,14 @@
require_once('../../common.php');
require_once('./class.project.php');
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
checkSession();
$Project = new Project;
switch( $_GET['action'] ) {
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
case 'sidelist':
// Get projects data
$projects = Project::get_projects();
$projects = $Project->get_projects();
?>
<ul>
<?php
sort( $projects, SORT_NATURAL );
//natcasesort( $projects );
foreach( $projects as $project => $data ) {
if( $_GET['trigger'] == 'true' ) {
@ -52,65 +54,64 @@ switch( $_GET['action'] ) {
//////////////////////////////////////////////////////////////
case 'list':
// Get access control data
$projects_assigned = false;
if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
$projects_assigned = getJSON($_SESSION['user'] . '_acl.php');
}
?>
<label><?php i18n("Project List"); ?></label>
<div id="project-list">
<table width="100%">
<tr>
<th width="70"><?php i18n("Open"); ?></th>
<th width="150"><?php i18n("Project Name"); ?></th>
<th width="250"><?php i18n("Path"); ?></th>
<?php if(checkAccess()){ ?><th width="70"><?php i18n("Delete"); ?></th><?php } ?>
</tr>
</table>
<div class="project-wrapper">
<table width="100%" style="word-wrap: break-word;word-break: break-all;">
<?php
// Get projects JSON data
$projects = getJSON('projects.php');
sort($projects);
foreach($projects as $project=>$data){
$show = true;
if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; }
if($show){
?>
<tr>
<td width="70"><a onclick="codiad.project.open('<?php echo($data['path']); ?>');" class="icon-folder bigger-icon"></a></td>
<td width="150"><?php echo($data['name']); ?></td>
<td width="250"><?php echo($data['path']); ?></td>
<?php
if(checkAccess()){
if($_SESSION['project'] == $data['path']){
?>
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
<?php
}else{
?>
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']); ?>','<?php echo($data['path']); ?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php
}
}
?>
</tr>
<?php
}
}
?>
</table>
</div>
</div>
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<?php
//Get projects data
$projects = $Project->get_projects();
?>
<label><?php i18n("Project List"); ?></label>
<div id="project-list">
<table width="100%">
<tr>
<th width="70"><?php i18n( "Open");?></th>
<th width="150"><?php i18n( "Project Name" );?></th>
<th width="250"><?php i18n( "Path" );?></th>
<?php if( checkAccess() ) { ?><th width="70"><?php i18n("Delete");?></th><?php } ?>
</tr>
</table>
<div class="project-wrapper">
<table width="100%" style="word-wrap: break-word;word-break: break-all;">
<?php
foreach( $projects as $project => $data ) {
$show = true;
if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
$show = false;
}
if( $show ) {
?>
<tr>
<td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
<td width="150"><?php echo($data['name']);?></td>
<td width="250"><?php echo($data['path']);?></td>
<?php
if( checkAccess() ) {
if( $_SESSION['project'] == $data['path'] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
<?php
} else {
?>
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php
}
}
?>
</tr>
<?php
}
}
?>
</table>
</div>
</div>
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<?php
break;
//////////////////////////////////////////////////////////////////////

8
components/settings/class.settings.php
View File

@ -57,7 +57,7 @@ class Settings {
if( $user_setting == null ) {
$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;";
$sql = "SELECT `value` FROM `options` WHERE `name`=?;";
$bind = "s";
$bind_variables = array( $option );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -71,7 +71,7 @@ class Settings {
}
} else {
$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;";
$sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
$bind = "ss";
$bind_variables = array( $option, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -130,7 +130,7 @@ class Settings {
public function update_option( $option, $value, $user_setting = null ) {
$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$bind_variables = array(
$option,
@ -141,7 +141,7 @@ class Settings {
if( $result !== true ) {
$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;";
$query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
$bind = "sss";
$bind_variables = array(
$value,

20
components/update/convert.php
View File

@ -6,7 +6,7 @@ error_reporting(E_ALL);
require_once('../../common.php');
require_once('../settings/class.settings.php');
require_once('../project/class.project.php');
checkSession();
if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad.";
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
}
$user_settings_file = DATA . "/settings.php";
$projects_file = DATA . "/projects.php";
$projects_file = DATA . "/users.php";
$system_settings_file = null;
$Settings = new Settings();
$Common = new Common();
$Project = new Project();
if( file_exists( $user_settings_file ) ) {
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
$Settings->username = $user;
foreach( $settings as $setting => $value ) {
//echo var_dump( $setting, $value );
$Settings->add_option( $setting, $value, true );
$Settings->update_option( $setting, $value, true );
}
}
unlink( $user_settings_file );
}
if( file_exists( $projects_file ) ) {
$projects = getJSON( 'projects.php' );
foreach( $projects as $project => $data ) {
$Project->add_project( $data["name"], $data["path"], true );
}
unlink( $projects_file );
}

577
components/user/class.user.php
View File

@ -6,46 +6,44 @@
* [root]/license.txt for more. This information must remain intact.
*/
class User
{
//////////////////////////////////////////////////////////////////
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $username = '';
public $password = '';
public $project = '';
public $projects = '';
public $users = '';
public $actives = '';
public $lang = '';
public $theme = '';
//////////////////////////////////////////////////////////////////
// METHODS
//////////////////////////////////////////////////////////////////
// -----------------------------||----------------------------- //
//////////////////////////////////////////////////////////////////
// Construct
//////////////////////////////////////////////////////////////////
public function __construct()
{
$this->users = getJSON('users.php');
$this->actives = getJSON('active.php');
}
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate()
{
class User {
//////////////////////////////////////////////////////////////////
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $username = '';
public $password = '';
public $project = '';
public $projects = '';
public $users = '';
public $actives = '';
public $lang = '';
public $theme = '';
//////////////////////////////////////////////////////////////////
// METHODS
//////////////////////////////////////////////////////////////////
// -----------------------------||----------------------------- //
//////////////////////////////////////////////////////////////////
// Construct
//////////////////////////////////////////////////////////////////
public function __construct() {
if ( ! is_dir( SESSIONS_PATH ) ) {
$this->users = getJSON( 'users.php' );
$this->actives = getJSON( 'active.php' );
}
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate() {
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 );
}
@ -59,13 +57,11 @@ class User
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
if ( ! ( $sessions_owner === $server_user ) ) {
if( ! ( $sessions_owner === $server_user ) ) {
try {
chown( SESSIONS_PATH, $server_user );
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. The sessions folder owner has been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
@ -73,13 +69,11 @@ class User
}
}
if ( ! in_array( $sessions_permissions, $permissions ) ) {
if( ! in_array( $sessions_permissions, $permissions ) ) {
try {
chmod( SESSIONS_PATH, 00755 );
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. The sessions folder permissions have been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
@ -87,244 +81,261 @@ class User
}
}
$pass = false;
$this->EncryptPassword();
$users = getJSON('users.php');
foreach ($users as $user) {
if ($user['username']==$this->username && $user['password']==$this->password) {
$pass = true;
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
if ($user['project']!='') {
$_SESSION['project'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );
}
}
$pass = false;
if ($pass) {
echo formatJSEND("success", array("username"=>$this->username));
} else {
echo formatJSEND("error", "Incorrect Username or Password");
}
}
/**
* Check duplicate sessions
*
* This function checks to see if the user is currently logged in
* on any other machine and if they are then log them off. This
* will fix the issue with the new auto save attempting to save both
* users at the same time.
*/
public static function checkDuplicateSessions( $username ) {
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
session_write_close();
$all_sessions = array();
$sessions = glob( SESSIONS_PATH . "/*" );
session_id( SESSION_ID );
// session_save_path( SESSIONS_PATH );
foreach( $sessions as $session ) {
//echo var_dump( $session ) . "\n\n";
if ( strpos( $session, "sess_") == false ) {
continue;
}
$session = str_replace( "sess_", "", $session );
$session = str_replace( SESSIONS_PATH . "/", "", $session );
//This skips temp files that aren't sessions
if( strpos( $session, "." ) == false ) {
session_id( $session );
session_start();
$_SESSION["id"] = $session;
array_push( $all_sessions, $_SESSION );
if ( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
session_destroy();
} else {
session_abort();
}
}
}
//echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
session_id( SESSION_ID );
session_start();
}
$this->EncryptPassword();
$users = getJSON('users.php');
foreach( $users as $user ) {
if( $user['username'] == $this->username && $user['password'] == $this->password ) {
$pass = true;
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
if($user['project']!='') {
$_SESSION['project'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );
}
}
if( $pass ) {
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "Incorrect Username or Password" );
}
}
//////////////////////////////////////////////////////////////////
// Create Account
//////////////////////////////////////////////////////////////////
public function Create()
{
$this->EncryptPassword();
$pass = $this->checkDuplicate();
if ($pass) {
$this->users[] = array("username"=>$this->username,"password"=>$this->password,"project"=>"");
saveJSON('users.php', $this->users);
echo formatJSEND("success", array("username"=>$this->username));
} else {
echo formatJSEND("error", "The Username is Already Taken");
}
}
//////////////////////////////////////////////////////////////////
// Delete Account
//////////////////////////////////////////////////////////////////
public function Delete()
{
// Remove User
$revised_array = array();
foreach ($this->users as $user => $data) {
if ($data['username']!=$this->username) {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
}
}
// Save array back to JSON
saveJSON('users.php', $revised_array);
// Remove any active files
foreach ($this->actives as $active => $data) {
if ($this->username==$data['username']) {
unset($this->actives[$active]);
}
}
saveJSON('active.php', $this->actives);
// Remove access control list (if exists)
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
}
// Response
echo formatJSEND("success", null);
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
public function Password()
{
$this->EncryptPassword();
$revised_array = array();
foreach ($this->users as $user => $data) {
if ($data['username']==$this->username) {
$revised_array[] = array("username"=>$data['username'],"password"=>$this->password,"project"=>$data['project']);
} else {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
}
}
// Save array back to JSON
saveJSON('users.php', $revised_array);
// Response
echo formatJSEND("success", null);
}
//////////////////////////////////////////////////////////////////
// Set Project Access
//////////////////////////////////////////////////////////////////
public function Project_Access()
{
// Access set to all projects
if ($this->projects==0) {
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
}
// Access set to restricted list
} else {
// Save array back to JSON
saveJSON($this->username . '_acl.php', $this->projects);
}
// Response
echo formatJSEND("success", null);
}
//////////////////////////////////////////////////////////////////
// Set Current Project
//////////////////////////////////////////////////////////////////
public function Project()
{
$revised_array = array();
foreach ($this->users as $user => $data) {
if ($this->username==$data['username']) {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$this->project);
} else {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
}
}
// Save array back to JSON
saveJSON('users.php', $revised_array);
// Response
echo formatJSEND("success", null);
}
//////////////////////////////////////////////////////////////////
// Check Duplicate
//////////////////////////////////////////////////////////////////
public function CheckDuplicate()
{
$pass = true;
foreach ($this->users as $user => $data) {
if ($data['username']==$this->username) {
$pass = false;
}
}
return $pass;
}
//////////////////////////////////////////////////////////////////
// Verify Account Exists
//////////////////////////////////////////////////////////////////
public function Verify()
{
$pass = 'false';
foreach ($this->users as $user => $data) {
if ($this->username==$data['username']) {
$pass = 'true';
}
}
echo($pass);
}
//////////////////////////////////////////////////////////////////
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword()
{
$this->password = sha1(md5($this->password));
}
//////////////////////////////////////////////////////////////////
// Clean username
//////////////////////////////////////////////////////////////////
public static function CleanUsername($username)
{
return preg_replace('#[^A-Za-z0-9'.preg_quote('-_@. ').']#', '', $username);
}
/**
* Check duplicate sessions
*
* This function checks to see if the user is currently logged in
* on any other machine and if they are then log them off. This
* will fix the issue with the new auto save attempting to save both
* users at the same time.
*/
public static function checkDuplicateSessions( $username ) {
session_write_close();
$all_sessions = array();
$sessions = glob( SESSIONS_PATH . "/*" );
session_id( SESSION_ID );
foreach( $sessions as $session ) {
if( strpos( $session, "sess_") == false ) {
continue;
}
$session = str_replace( "sess_", "", $session );
$session = str_replace( SESSIONS_PATH . "/", "", $session );
//This skips temp files that aren't sessions
if( strpos( $session, "." ) == false ) {
session_id( $session );
session_start();
$_SESSION["id"] = $session;
array_push( $all_sessions, $_SESSION );
if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
session_destroy();
} else {
session_abort();
}
}
}
session_id( SESSION_ID );
session_start();
}
//////////////////////////////////////////////////////////////////
// Create Account
//////////////////////////////////////////////////////////////////
public function Create() {
$this->EncryptPassword();
$pass = $this->checkDuplicate();
if( $pass ) {
$this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
saveJSON( 'users.php', $this->users );
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "The Username is Already Taken" );
}
}
//////////////////////////////////////////////////////////////////
// Delete Account
//////////////////////////////////////////////////////////////////
public function Delete() {
// Remove User
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $data['username'] != $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Remove any active files
foreach( $this->actives as $active => $data ) {
if( $this->username == $data['username'] ) {
unset( $this->actives[$active] );
}
}
saveJSON( 'active.php', $this->actives );
// Remove access control list (if exists)
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
}
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
public function Password() {
$this->EncryptPassword();
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
} else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Set Project Access
//////////////////////////////////////////////////////////////////
public function Project_Access() {
// Access set to all projects
if( $this->projects == 0 ) {
// Access set to restricted list
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
}
} else {
// Save array back to JSON
saveJSON( $this->username . '_acl.php', $this->projects );
}
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Set Current Project
//////////////////////////////////////////////////////////////////
public function Project() {
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
} else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Check Duplicate
//////////////////////////////////////////////////////////////////
public function CheckDuplicate() {
$pass = true;
foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) {
$pass = false;
}
}
return $pass;
}
//////////////////////////////////////////////////////////////////
// Verify Account Exists
//////////////////////////////////////////////////////////////////
public function Verify() {
$pass = 'false';
foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) {
$pass = 'true';
}
}
echo( $pass );
}
//////////////////////////////////////////////////////////////////
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
$this->password = sha1( md5( $this->password ) );
}
//////////////////////////////////////////////////////////////////
// Clean username
//////////////////////////////////////////////////////////////////
public static function CleanUsername( $username ) {
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
}
}

11
index.php
View File

@ -183,8 +183,15 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
// AUTHENTICATED
//////////////////////////////////////////////////////////////////
}else{
} else {
define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
if( ! is_dir( USER_WORKSPACE ) ) {
mkdir( USER_WORKSPACE, 0755 );
}
?>
<div id="workspace">