Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-12-22 13:52:16 +01:00
Code Issues Projects Releases Packages Wiki Activity

Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.

Browse source
This commit is contained in:
xevidos 2018-10-11 10:17:41 -04:00
parent 84cfb3d9ad
commit 42a87590ac
9 changed files with 603 additions and 466 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
common.php
View file

@ -108,11 +108,6 @@ class Common {
exit( $output ); exit( $output );
break; break;
case( "json" ):
exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
break;
case( "return" ): case( "return" ):
return( $output ); return( $output );
@ -129,10 +124,45 @@ class Common {
if( ! self::check_session() ) { if( ! self::check_session() ) {
session_destroy(); session_destroy();
self::return( "Access Denied", "json" ); self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
}
} }
//////////////////////////////////////////////////////////////////
// Check access to a project
//////////////////////////////////////////////////////////////////
public static function check_project_access( $project_name, $project_path, $action ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
try {
$users = json_decode( $return["access"] );
} catch( exception $e ) {
$users = array();
}
if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
$return = true;
} else {
$return = false;
}
} else {
$return = false;
}
self::return( $return, $action );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -410,26 +440,29 @@ class Common {
public static function checkPath( $path ) { public static function checkPath( $path ) {
if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) { $sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
$bind = "s";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) { if( mysqli_num_rows( $result ) > 0 ) {
if ( strpos( $path, $data ) === 0) { $result = mysqli_fetch_assoc( $result );
return true; try {
$users = json_decode( $result["access"] );
} catch( exception $e ) {
$users = array();
}
if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
return( true );
} }
} }
} else { return( false );
foreach( getJSON( 'projects.php' ) as $project => $data ) {
if ( strpos( $path, $data['path'] ) === 0 ) {
return true;
}
}
}
return false;
} }

8
components/filemanager/class.filemanager.php
View file

@ -406,6 +406,14 @@ class Filemanager extends Common {
public function delete( $keep_parent = false ) { public function delete( $keep_parent = false ) {
if( Common::checkPath( $path ) ) {
$this->status = "error";
$this->message = "No access.";
$this->respond();
return;
}
function rrmdir( $path, $follow, $keep_parent = false ) { function rrmdir( $path, $follow, $keep_parent = false ) {
if ( is_file( $path ) ) { if ( is_file( $path ) ) {

86
components/project/class.project.php
View file

@ -42,24 +42,85 @@ class Project extends Common {
// NEW METHODS // NEW METHODS
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function add_project() { public function add_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
} }
public function delete_project() { $sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
return( $return );
}
public function delete_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$owner = $_SESSION["user"];
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
try {
$json = json_decode( $return, true );
exit( $return );
} catch( exception $e ) {
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
}
} }
public function get_projects() { public function get_projects() {
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
$bind = "s";
$bind_variables = array( $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
} else {
$return = formatJSEND( "error", "Error fetching projects." );
} }
public function rename_project() { return( $return );
}
public function rename_project( $old_name, $new_name, $path ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ssss";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
} else {
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
}
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -234,10 +295,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
} }
} }
$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path ); $revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
$this->rename_project( $data['name'], );
// Response // Response
echo formatJSEND("success", null); echo formatJSEND("success", null);
} }
@ -254,14 +318,12 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} } else {
}
// Save array back to JSON
$this->delete_project( , );
// Response
echo formatJSEND( "success", null );
}
$this->delete_project( $data['name'], $data['path'] );
}
}
}
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Check Duplicate // Check Duplicate
@ -287,7 +349,7 @@ class Project extends Common {
public function SanitizePath() { public function SanitizePath() {
$sanitized = str_replace( " ", "_", $this->path ); $sanitized = str_replace( " ", "_", $this->path );
return preg_replace( '/[^\w-]/', '', $sanitized ); return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////

5
components/project/controller.php
View file

@ -8,7 +8,7 @@
require_once('../../common.php'); require_once('../../common.php');
require_once('class.project.php'); require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
@ -28,6 +28,7 @@ if (isset($_GET['no_return'])) {
} }
if ($_GET['action']=='get_current') { if ($_GET['action']=='get_current') {
if ( ! isset($_SESSION['project'])) { if ( ! isset($_SESSION['project'])) {
// Load default/first project // Load default/first project
if ($no_return) { if ($no_return) {
@ -50,7 +51,7 @@ if ($_GET['action']=='get_current') {
if ($_GET['action']=='open') { if ($_GET['action']=='open') {
if (!checkPath($_GET['path'])) { if (!checkPath($_GET['path'])) {
die(formatJSEND("error", "No Access")); die(formatJSEND("error", "No Access to path " . $_GET['path']));
} }
$Project->path = $_GET['path']; $Project->path = $_GET['path'];
$Project->Open(); $Project->Open();

29
components/project/dialog.php
View file

@ -8,12 +8,14 @@
require_once('../../common.php'); require_once('../../common.php');
require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
checkSession(); checkSession();
$Project = new Project;
switch( $_GET['action'] ) { switch( $_GET['action'] ) {
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
case 'sidelist': case 'sidelist':
// Get projects data // Get projects data
$projects = Project::get_projects(); $projects = $Project->get_projects();
?> ?>
<ul> <ul>
<?php <?php
sort( $projects, SORT_NATURAL ); //natcasesort( $projects );
foreach( $projects as $project => $data ) { foreach( $projects as $project => $data ) {
if( $_GET['trigger'] == 'true' ) { if( $_GET['trigger'] == 'true' ) {
@ -53,12 +55,8 @@ switch( $_GET['action'] ) {
case 'list': case 'list':
// Get access control data //Get projects data
$projects_assigned = false; $projects = $Project->get_projects();
if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
$projects_assigned = getJSON($_SESSION['user'] . '_acl.php');
}
?> ?>
<label><?php i18n("Project List"); ?></label> <label><?php i18n("Project List"); ?></label>
<div id="project-list"> <div id="project-list">
@ -73,14 +71,15 @@ switch( $_GET['action'] ) {
<div class="project-wrapper"> <div class="project-wrapper">
<table width="100%" style="word-wrap: break-word;word-break: break-all;"> <table width="100%" style="word-wrap: break-word;word-break: break-all;">
<?php <?php
// Get projects JSON data
$projects = getJSON('projects.php');
sort($projects);
foreach( $projects as $project => $data ) { foreach( $projects as $project => $data ) {
$show = true; $show = true;
if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; } if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
$show = false;
}
if( $show ) { if( $show ) {
?> ?>
<tr> <tr>
<td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td> <td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
@ -88,11 +87,14 @@ switch( $_GET['action'] ) {
<td width="250"><?php echo($data['path']);?></td> <td width="250"><?php echo($data['path']);?></td>
<?php <?php
if( checkAccess() ) { if( checkAccess() ) {
if( $_SESSION['project'] == $data['path'] ) { if( $_SESSION['project'] == $data['path'] ) {
?> ?>
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td> <td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
<?php <?php
} else { } else {
?> ?>
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td> <td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php <?php
@ -110,7 +112,6 @@ switch( $_GET['action'] ) {
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?> <?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button> <button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<?php <?php
break; break;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////

8
components/settings/class.settings.php
View file

@ -57,7 +57,7 @@ class Settings {
if( $user_setting == null ) { if( $user_setting == null ) {
$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;"; $sql = "SELECT `value` FROM `options` WHERE `name`=?;";
$bind = "s"; $bind = "s";
$bind_variables = array( $option ); $bind_variables = array( $option );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -71,7 +71,7 @@ class Settings {
} }
} else { } else {
$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;"; $sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
$bind = "ss"; $bind = "ss";
$bind_variables = array( $option, $this->username ); $bind_variables = array( $option, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -130,7 +130,7 @@ class Settings {
public function update_option( $option, $value, $user_setting = null ) { public function update_option( $option, $value, $user_setting = null ) {
$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );"; $query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$option, $option,
@ -141,7 +141,7 @@ class Settings {
if( $result !== true ) { if( $result !== true ) {
$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;"; $query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$value, $value,

20
components/update/convert.php
View file

@ -6,7 +6,7 @@ error_reporting(E_ALL);
require_once('../../common.php'); require_once('../../common.php');
require_once('../settings/class.settings.php'); require_once('../settings/class.settings.php');
require_once('../project/class.project.php');
checkSession(); checkSession();
if ( ! checkAccess() ) { if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad."; echo "Error, you do not have access to update Codiad.";
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
} }
$user_settings_file = DATA . "/settings.php"; $user_settings_file = DATA . "/settings.php";
$projects_file = DATA . "/projects.php";
$projects_file = DATA . "/users.php";
$system_settings_file = null; $system_settings_file = null;
$Settings = new Settings(); $Settings = new Settings();
$Common = new Common();
$Project = new Project();
if( file_exists( $user_settings_file ) ) { if( file_exists( $user_settings_file ) ) {
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
$Settings->username = $user; $Settings->username = $user;
foreach( $settings as $setting => $value ) { foreach( $settings as $setting => $value ) {
//echo var_dump( $setting, $value ); $Settings->update_option( $setting, $value, true );
$Settings->add_option( $setting, $value, true );
} }
} }
unlink( $user_settings_file ); unlink( $user_settings_file );
} }
if( file_exists( $projects_file ) ) {
$projects = getJSON( 'projects.php' );
foreach( $projects as $project => $data ) {
$Project->add_project( $data["name"], $data["path"], true );
}
unlink( $projects_file );
}

85
components/user/class.user.php
View file

@ -6,8 +6,7 @@
* [root]/license.txt for more. This information must remain intact. * [root]/license.txt for more. This information must remain intact.
*/ */
class User class User {
{
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// PROPERTIES // PROPERTIES
@ -32,8 +31,8 @@ class User
// Construct // Construct
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function __construct() public function __construct() {
{
$this->users = getJSON( 'users.php' ); $this->users = getJSON( 'users.php' );
$this->actives = getJSON( 'active.php' ); $this->actives = getJSON( 'active.php' );
} }
@ -42,8 +41,7 @@ class User
// Authenticate // Authenticate
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Authenticate() public function Authenticate() {
{
if( ! is_dir( SESSIONS_PATH ) ) { if( ! is_dir( SESSIONS_PATH ) ) {
@ -64,8 +62,6 @@ class User
try { try {
chown( SESSIONS_PATH, $server_user ); chown( SESSIONS_PATH, $server_user );
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. The sessions folder owner has been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) ); echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
@ -78,8 +74,6 @@ class User
try { try {
chmod( SESSIONS_PATH, 00755 ); chmod( SESSIONS_PATH, 00755 );
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. The sessions folder permissions have been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) ); echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
@ -88,9 +82,11 @@ class User
} }
$pass = false; $pass = false;
$this->EncryptPassword(); $this->EncryptPassword();
$users = getJSON('users.php'); $users = getJSON('users.php');
foreach( $users as $user ) { foreach( $users as $user ) {
if( $user['username'] == $this->username && $user['password'] == $this->password ) { if( $user['username'] == $this->username && $user['password'] == $this->password ) {
$pass = true; $pass = true;
@ -101,6 +97,7 @@ class User
$_SESSION["login_session"] = true; $_SESSION["login_session"] = true;
if($user['project']!='') { if($user['project']!='') {
$_SESSION['project'] = $user['project']; $_SESSION['project'] = $user['project'];
} }
@ -112,6 +109,7 @@ class User
echo formatJSEND( "success", array( "username" => $this->username ) ); echo formatJSEND( "success", array( "username" => $this->username ) );
} else { } else {
echo formatJSEND( "error", "Incorrect Username or Password" ); echo formatJSEND( "error", "Incorrect Username or Password" );
} }
} }
@ -127,20 +125,15 @@ class User
public static function checkDuplicateSessions( $username ) { public static function checkDuplicateSessions( $username ) {
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
session_write_close(); session_write_close();
$all_sessions = array(); $all_sessions = array();
$sessions = glob( SESSIONS_PATH . "/*" ); $sessions = glob( SESSIONS_PATH . "/*" );
session_id( SESSION_ID ); session_id( SESSION_ID );
// session_save_path( SESSIONS_PATH );
foreach( $sessions as $session ) { foreach( $sessions as $session ) {
//echo var_dump( $session ) . "\n\n";
if( strpos( $session, "sess_") == false ) { if( strpos( $session, "sess_") == false ) {
continue; continue;
} }
@ -163,8 +156,6 @@ class User
} }
} }
} }
//echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
session_id( SESSION_ID ); session_id( SESSION_ID );
session_start(); session_start();
} }
@ -173,15 +164,17 @@ class User
// Create Account // Create Account
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Create() public function Create() {
{
$this->EncryptPassword(); $this->EncryptPassword();
$pass = $this->checkDuplicate(); $pass = $this->checkDuplicate();
if( $pass ) { if( $pass ) {
$this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" ); $this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
saveJSON( 'users.php', $this->users ); saveJSON( 'users.php', $this->users );
echo formatJSEND( "success", array( "username" => $this->username ) ); echo formatJSEND( "success", array( "username" => $this->username ) );
} else { } else {
echo formatJSEND( "error", "The Username is Already Taken" ); echo formatJSEND( "error", "The Username is Already Taken" );
} }
} }
@ -190,12 +183,14 @@ class User
// Delete Account // Delete Account
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Delete() public function Delete() {
{
// Remove User // Remove User
$revised_array = array(); $revised_array = array();
foreach( $this->users as $user => $data ) { foreach( $this->users as $user => $data ) {
if( $data['username'] != $this->username ) { if( $data['username'] != $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
@ -204,7 +199,9 @@ class User
// Remove any active files // Remove any active files
foreach( $this->actives as $active => $data ) { foreach( $this->actives as $active => $data ) {
if( $this->username == $data['username'] ) { if( $this->username == $data['username'] ) {
unset( $this->actives[$active] ); unset( $this->actives[$active] );
} }
} }
@ -212,6 +209,7 @@ class User
// Remove access control list (if exists) // Remove access control list (if exists)
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
} }
@ -223,14 +221,17 @@ class User
// Change Password // Change Password
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Password() public function Password() {
{
$this->EncryptPassword(); $this->EncryptPassword();
$revised_array = array(); $revised_array = array();
foreach( $this->users as $user => $data ) { foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) { if( $data['username'] == $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] ); $revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
} else { } else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
@ -244,15 +245,18 @@ class User
// Set Project Access // Set Project Access
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Project_Access() public function Project_Access() {
{
// Access set to all projects // Access set to all projects
if( $this->projects == 0 ) { if( $this->projects == 0 ) {
// Access set to restricted list
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' ); unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
} }
// Access set to restricted list
} else { } else {
// Save array back to JSON // Save array back to JSON
saveJSON( $this->username . '_acl.php', $this->projects ); saveJSON( $this->username . '_acl.php', $this->projects );
} }
@ -264,13 +268,16 @@ class User
// Set Current Project // Set Current Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Project() public function Project() {
{
$revised_array = array(); $revised_array = array();
foreach( $this->users as $user => $data ) { foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) { if( $this->username == $data['username'] ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project ); $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
} else { } else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
@ -284,11 +291,13 @@ class User
// Check Duplicate // Check Duplicate
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function CheckDuplicate() public function CheckDuplicate() {
{
$pass = true; $pass = true;
foreach( $this->users as $user => $data ) { foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) { if( $data['username'] == $this->username ) {
$pass = false; $pass = false;
} }
} }
@ -299,11 +308,13 @@ class User
// Verify Account Exists // Verify Account Exists
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Verify() public function Verify() {
{
$pass = 'false'; $pass = 'false';
foreach( $this->users as $user => $data ) { foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) { if( $this->username == $data['username'] ) {
$pass = 'true'; $pass = 'true';
} }
} }
@ -314,8 +325,8 @@ class User
// Encrypt Password // Encrypt Password
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
private function EncryptPassword() private function EncryptPassword() {
{
$this->password = sha1( md5( $this->password ) ); $this->password = sha1( md5( $this->password ) );
} }
@ -323,8 +334,8 @@ class User
// Clean username // Clean username
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public static function CleanUsername($username) public static function CleanUsername( $username ) {
{
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ); return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
} }
} }

7
index.php
View file

@ -185,6 +185,13 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
} else { } else {
define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
if( ! is_dir( USER_WORKSPACE ) ) {
mkdir( USER_WORKSPACE, 0755 );
}
?> ?>
<div id="workspace"> <div id="workspace">