Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.

This commit is contained in:
xevidos 2018-10-11 10:17:41 -04:00
parent 84cfb3d9ad
commit 42a87590ac
9 changed files with 603 additions and 466 deletions

View file

@ -108,11 +108,6 @@ class Common {
exit( $output ); exit( $output );
break; break;
case( "json" ):
exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
break;
case( "return" ): case( "return" ):
return( $output ); return( $output );
@ -129,10 +124,45 @@ class Common {
if( ! self::check_session() ) { if( ! self::check_session() ) {
session_destroy(); session_destroy();
self::return( "Access Denied", "json" ); self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
}
} }
//////////////////////////////////////////////////////////////////
// Check access to a project
//////////////////////////////////////////////////////////////////
public static function check_project_access( $project_name, $project_path, $action ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
try {
$users = json_decode( $return["access"] );
} catch( exception $e ) {
$users = array();
}
if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
$return = true;
} else {
$return = false;
}
} else {
$return = false;
}
self::return( $return, $action );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -213,7 +243,7 @@ class Common {
session_save_path( SESSIONS_PATH ); session_save_path( SESSIONS_PATH );
session_start(); session_start();
if(! defined( 'SESSION_ID' ) ) { if( ! defined( 'SESSION_ID' ) ) {
define( "SESSION_ID", session_id() ); define( "SESSION_ID", session_id() );
} }
@ -410,26 +440,29 @@ class Common {
public static function checkPath( $path ) { public static function checkPath( $path ) {
if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) { $sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
$bind = "s";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) { if( mysqli_num_rows( $result ) > 0 ) {
if ( strpos( $path, $data ) === 0) { $result = mysqli_fetch_assoc( $result );
return true; try {
$users = json_decode( $result["access"] );
} catch( exception $e ) {
$users = array();
}
if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
return( true );
} }
} }
} else { return( false );
foreach( getJSON( 'projects.php' ) as $project => $data ) {
if ( strpos( $path, $data['path'] ) === 0 ) {
return true;
}
}
}
return false;
} }

View file

@ -406,6 +406,14 @@ class Filemanager extends Common {
public function delete( $keep_parent = false ) { public function delete( $keep_parent = false ) {
if( Common::checkPath( $path ) ) {
$this->status = "error";
$this->message = "No access.";
$this->respond();
return;
}
function rrmdir( $path, $follow, $keep_parent = false ) { function rrmdir( $path, $follow, $keep_parent = false ) {
if ( is_file( $path ) ) { if ( is_file( $path ) ) {

View file

@ -42,24 +42,85 @@ class Project extends Common {
// NEW METHODS // NEW METHODS
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function add_project() { public function add_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
} }
public function delete_project() { $sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
return( $return );
}
public function delete_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$owner = $_SESSION["user"];
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
try {
$json = json_decode( $return, true );
exit( $return );
} catch( exception $e ) {
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
}
} }
public function get_projects() { public function get_projects() {
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
$bind = "s";
$bind_variables = array( $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
} else {
$return = formatJSEND( "error", "Error fetching projects." );
} }
public function rename_project() { return( $return );
}
public function rename_project( $old_name, $new_name, $path ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ssss";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
} else {
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
}
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -234,10 +295,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
} }
} }
$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path ); $revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
$this->rename_project( $data['name'], );
// Response // Response
echo formatJSEND("success", null); echo formatJSEND("success", null);
} }
@ -254,14 +318,12 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} } else {
}
// Save array back to JSON
$this->delete_project( , );
// Response
echo formatJSEND( "success", null );
}
$this->delete_project( $data['name'], $data['path'] );
}
}
}
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Check Duplicate // Check Duplicate
@ -287,7 +349,7 @@ class Project extends Common {
public function SanitizePath() { public function SanitizePath() {
$sanitized = str_replace( " ", "_", $this->path ); $sanitized = str_replace( " ", "_", $this->path );
return preg_replace( '/[^\w-]/', '', $sanitized ); return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////

View file

@ -1,113 +1,114 @@
<?php <?php
/* /*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See * as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact. * [root]/license.txt for more. This information must remain intact.
*/ */
require_once('../../common.php'); require_once('../../common.php');
require_once('class.project.php'); require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
checkSession(); checkSession();
$Project = new Project(); $Project = new Project();
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Get Current Project // Get Current Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
$no_return = false; $no_return = false;
if (isset($_GET['no_return'])) { if (isset($_GET['no_return'])) {
$no_return = true; $no_return = true;
} }
if ($_GET['action']=='get_current') { if ($_GET['action']=='get_current') {
if (!isset($_SESSION['project'])) {
// Load default/first project if ( ! isset($_SESSION['project'])) {
if ($no_return) { // Load default/first project
$Project->no_return = true; if ($no_return) {
} $Project->no_return = true;
$Project->GetFirst(); }
} else { $Project->GetFirst();
// Load current } else {
$Project->path = $_SESSION['project']; // Load current
$project_name = $Project->GetName(); $Project->path = $_SESSION['project'];
if (!$no_return) { $project_name = $Project->GetName();
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project'])); if (!$no_return) {
} echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
} }
}
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Open Project // Open Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='open') { if ($_GET['action']=='open') {
if (!checkPath($_GET['path'])) { if (!checkPath($_GET['path'])) {
die(formatJSEND("error", "No Access")); die(formatJSEND("error", "No Access to path " . $_GET['path']));
} }
$Project->path = $_GET['path']; $Project->path = $_GET['path'];
$Project->Open(); $Project->Open();
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Create Project // Create Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='create') { if ($_GET['action']=='create') {
if (checkAccess()) { if (checkAccess()) {
$Project->name = $_GET['project_name']; $Project->name = $_GET['project_name'];
if ($_GET['project_path'] != '') { if ($_GET['project_path'] != '') {
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
} else { } else {
$Project->path = $_GET['project_name']; $Project->path = $_GET['project_name'];
} }
// Git Clone? // Git Clone?
if (!empty($_GET['git_repo'])) { if (!empty($_GET['git_repo'])) {
$Project->gitrepo = $_GET['git_repo']; $Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch']; $Project->gitbranch = $_GET['git_branch'];
} }
$Project->Create(); $Project->Create();
} }
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Rename Project // Rename Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='rename') { if ($_GET['action']=='rename') {
if (!checkPath($_GET['project_path'])) { if (!checkPath($_GET['project_path'])) {
die(formatJSEND("error", "No Access")); die(formatJSEND("error", "No Access"));
} }
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
$Project->Rename(); $Project->Rename();
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Delete Project // Delete Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='delete') { if ($_GET['action']=='delete') {
if (checkAccess()) { if (checkAccess()) {
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
$Project->Delete(); $Project->Delete();
} }
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Return Current // Return Current
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='current') { if ($_GET['action']=='current') {
if (isset($_SESSION['project'])) { if (isset($_SESSION['project'])) {
echo formatJSEND("success", $_SESSION['project']); echo formatJSEND("success", $_SESSION['project']);
} else { } else {
echo formatJSEND("error", "No Project Returned"); echo formatJSEND("error", "No Project Returned");
} }
} }

View file

@ -8,12 +8,14 @@
require_once('../../common.php'); require_once('../../common.php');
require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
checkSession(); checkSession();
$Project = new Project;
switch( $_GET['action'] ) { switch( $_GET['action'] ) {
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
case 'sidelist': case 'sidelist':
// Get projects data // Get projects data
$projects = Project::get_projects(); $projects = $Project->get_projects();
?> ?>
<ul> <ul>
<?php <?php
sort( $projects, SORT_NATURAL ); //natcasesort( $projects );
foreach( $projects as $project => $data ) { foreach( $projects as $project => $data ) {
if( $_GET['trigger'] == 'true' ) { if( $_GET['trigger'] == 'true' ) {
@ -53,48 +55,48 @@ switch( $_GET['action'] ) {
case 'list': case 'list':
// Get access control data //Get projects data
$projects_assigned = false; $projects = $Project->get_projects();
if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){
$projects_assigned = getJSON($_SESSION['user'] . '_acl.php');
}
?> ?>
<label><?php i18n("Project List"); ?></label> <label><?php i18n("Project List"); ?></label>
<div id="project-list"> <div id="project-list">
<table width="100%"> <table width="100%">
<tr> <tr>
<th width="70"><?php i18n("Open"); ?></th> <th width="70"><?php i18n( "Open");?></th>
<th width="150"><?php i18n("Project Name"); ?></th> <th width="150"><?php i18n( "Project Name" );?></th>
<th width="250"><?php i18n("Path"); ?></th> <th width="250"><?php i18n( "Path" );?></th>
<?php if(checkAccess()){ ?><th width="70"><?php i18n("Delete"); ?></th><?php } ?> <?php if( checkAccess() ) { ?><th width="70"><?php i18n("Delete");?></th><?php } ?>
</tr> </tr>
</table> </table>
<div class="project-wrapper"> <div class="project-wrapper">
<table width="100%" style="word-wrap: break-word;word-break: break-all;"> <table width="100%" style="word-wrap: break-word;word-break: break-all;">
<?php <?php
foreach( $projects as $project => $data ) {
// Get projects JSON data
$projects = getJSON('projects.php');
sort($projects);
foreach($projects as $project=>$data){
$show = true; $show = true;
if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; } if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
if($show){
$show = false;
}
if( $show ) {
?> ?>
<tr> <tr>
<td width="70"><a onclick="codiad.project.open('<?php echo($data['path']); ?>');" class="icon-folder bigger-icon"></a></td> <td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
<td width="150"><?php echo($data['name']); ?></td> <td width="150"><?php echo($data['name']);?></td>
<td width="250"><?php echo($data['path']); ?></td> <td width="250"><?php echo($data['path']);?></td>
<?php <?php
if(checkAccess()){ if( checkAccess() ) {
if($_SESSION['project'] == $data['path']){
if( $_SESSION['project'] == $data['path'] ) {
?> ?>
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td> <td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
<?php <?php
}else{ } else {
?> ?>
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']); ?>','<?php echo($data['path']); ?>');" class="icon-cancel-circled bigger-icon"></a></td> <td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php <?php
} }
} }
@ -110,7 +112,6 @@ switch( $_GET['action'] ) {
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?> <?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button> <button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<?php <?php
break; break;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////

View file

@ -57,7 +57,7 @@ class Settings {
if( $user_setting == null ) { if( $user_setting == null ) {
$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;"; $sql = "SELECT `value` FROM `options` WHERE `name`=?;";
$bind = "s"; $bind = "s";
$bind_variables = array( $option ); $bind_variables = array( $option );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -71,7 +71,7 @@ class Settings {
} }
} else { } else {
$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;"; $sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
$bind = "ss"; $bind = "ss";
$bind_variables = array( $option, $this->username ); $bind_variables = array( $option, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -130,7 +130,7 @@ class Settings {
public function update_option( $option, $value, $user_setting = null ) { public function update_option( $option, $value, $user_setting = null ) {
$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );"; $query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$option, $option,
@ -141,7 +141,7 @@ class Settings {
if( $result !== true ) { if( $result !== true ) {
$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;"; $query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$value, $value,

View file

@ -6,7 +6,7 @@ error_reporting(E_ALL);
require_once('../../common.php'); require_once('../../common.php');
require_once('../settings/class.settings.php'); require_once('../settings/class.settings.php');
require_once('../project/class.project.php');
checkSession(); checkSession();
if ( ! checkAccess() ) { if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad."; echo "Error, you do not have access to update Codiad.";
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
} }
$user_settings_file = DATA . "/settings.php"; $user_settings_file = DATA . "/settings.php";
$projects_file = DATA . "/projects.php";
$projects_file = DATA . "/users.php";
$system_settings_file = null; $system_settings_file = null;
$Settings = new Settings(); $Settings = new Settings();
$Common = new Common();
$Project = new Project();
if( file_exists( $user_settings_file ) ) { if( file_exists( $user_settings_file ) ) {
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
$Settings->username = $user; $Settings->username = $user;
foreach( $settings as $setting => $value ) { foreach( $settings as $setting => $value ) {
//echo var_dump( $setting, $value ); $Settings->update_option( $setting, $value, true );
$Settings->add_option( $setting, $value, true );
} }
} }
unlink( $user_settings_file ); unlink( $user_settings_file );
} }
if( file_exists( $projects_file ) ) {
$projects = getJSON( 'projects.php' );
foreach( $projects as $project => $data ) {
$Project->add_project( $data["name"], $data["path"], true );
}
unlink( $projects_file );
}

View file

@ -6,8 +6,7 @@
* [root]/license.txt for more. This information must remain intact. * [root]/license.txt for more. This information must remain intact.
*/ */
class User class User {
{
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// PROPERTIES // PROPERTIES
@ -32,20 +31,19 @@ class User
// Construct // Construct
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function __construct() public function __construct() {
{
$this->users = getJSON('users.php'); $this->users = getJSON( 'users.php' );
$this->actives = getJSON('active.php'); $this->actives = getJSON( 'active.php' );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Authenticate // Authenticate
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Authenticate() public function Authenticate() {
{
if ( ! is_dir( SESSIONS_PATH ) ) { if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 ); mkdir( SESSIONS_PATH, 00755 );
} }
@ -59,13 +57,11 @@ class User
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 ); $sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) ); $sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
if ( ! ( $sessions_owner === $server_user ) ) { if( ! ( $sessions_owner === $server_user ) ) {
try { try {
chown( SESSIONS_PATH, $server_user ); chown( SESSIONS_PATH, $server_user );
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. The sessions folder owner has been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) ); echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
@ -73,13 +69,11 @@ class User
} }
} }
if ( ! in_array( $sessions_permissions, $permissions ) ) { if( ! in_array( $sessions_permissions, $permissions ) ) {
try { try {
chmod( SESSIONS_PATH, 00755 ); chmod( SESSIONS_PATH, 00755 );
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. The sessions folder permissions have been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) ); echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
@ -88,10 +82,12 @@ class User
} }
$pass = false; $pass = false;
$this->EncryptPassword(); $this->EncryptPassword();
$users = getJSON('users.php'); $users = getJSON('users.php');
foreach ($users as $user) { foreach( $users as $user ) {
if ($user['username']==$this->username && $user['password']==$this->password) {
if( $user['username'] == $this->username && $user['password'] == $this->password ) {
$pass = true; $pass = true;
$_SESSION['id'] = SESSION_ID; $_SESSION['id'] = SESSION_ID;
@ -100,7 +96,8 @@ class User
$_SESSION['theme'] = $this->theme; $_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true; $_SESSION["login_session"] = true;
if ($user['project']!='') { if($user['project']!='') {
$_SESSION['project'] = $user['project']; $_SESSION['project'] = $user['project'];
} }
@ -108,11 +105,12 @@ class User
} }
} }
if ($pass) { if( $pass ) {
echo formatJSEND("success", array("username"=>$this->username)); echo formatJSEND( "success", array( "username" => $this->username ) );
} else { } else {
echo formatJSEND("error", "Incorrect Username or Password");
echo formatJSEND( "error", "Incorrect Username or Password" );
} }
} }
@ -127,20 +125,15 @@ class User
public static function checkDuplicateSessions( $username ) { public static function checkDuplicateSessions( $username ) {
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
session_write_close(); session_write_close();
$all_sessions = array(); $all_sessions = array();
$sessions = glob( SESSIONS_PATH . "/*" ); $sessions = glob( SESSIONS_PATH . "/*" );
session_id( SESSION_ID ); session_id( SESSION_ID );
// session_save_path( SESSIONS_PATH );
foreach( $sessions as $session ) { foreach( $sessions as $session ) {
//echo var_dump( $session ) . "\n\n"; if( strpos( $session, "sess_") == false ) {
if ( strpos( $session, "sess_") == false ) {
continue; continue;
} }
@ -154,7 +147,7 @@ class User
$_SESSION["id"] = $session; $_SESSION["id"] = $session;
array_push( $all_sessions, $_SESSION ); array_push( $all_sessions, $_SESSION );
if ( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) { if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
session_destroy(); session_destroy();
} else { } else {
@ -163,8 +156,6 @@ class User
} }
} }
} }
//echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
session_id( SESSION_ID ); session_id( SESSION_ID );
session_start(); session_start();
} }
@ -173,16 +164,18 @@ class User
// Create Account // Create Account
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Create() public function Create() {
{
$this->EncryptPassword(); $this->EncryptPassword();
$pass = $this->checkDuplicate(); $pass = $this->checkDuplicate();
if ($pass) { if( $pass ) {
$this->users[] = array("username"=>$this->username,"password"=>$this->password,"project"=>"");
saveJSON('users.php', $this->users); $this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
echo formatJSEND("success", array("username"=>$this->username)); saveJSON( 'users.php', $this->users );
echo formatJSEND( "success", array( "username" => $this->username ) );
} else { } else {
echo formatJSEND("error", "The Username is Already Taken");
echo formatJSEND( "error", "The Username is Already Taken" );
} }
} }
@ -190,105 +183,121 @@ class User
// Delete Account // Delete Account
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Delete() public function Delete() {
{
// Remove User // Remove User
$revised_array = array(); $revised_array = array();
foreach ($this->users as $user => $data) { foreach( $this->users as $user => $data ) {
if ($data['username']!=$this->username) {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']); if( $data['username'] != $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
// Save array back to JSON // Save array back to JSON
saveJSON('users.php', $revised_array); saveJSON( 'users.php', $revised_array );
// Remove any active files // Remove any active files
foreach ($this->actives as $active => $data) { foreach( $this->actives as $active => $data ) {
if ($this->username==$data['username']) {
unset($this->actives[$active]); if( $this->username == $data['username'] ) {
unset( $this->actives[$active] );
} }
} }
saveJSON('active.php', $this->actives); saveJSON( 'active.php', $this->actives );
// Remove access control list (if exists) // Remove access control list (if exists)
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) { if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
} }
// Response // Response
echo formatJSEND("success", null); echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Change Password // Change Password
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Password() public function Password() {
{
$this->EncryptPassword(); $this->EncryptPassword();
$revised_array = array(); $revised_array = array();
foreach ($this->users as $user => $data) { foreach( $this->users as $user => $data ) {
if ($data['username']==$this->username) {
$revised_array[] = array("username"=>$data['username'],"password"=>$this->password,"project"=>$data['project']); if( $data['username'] == $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
} else { } else {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
// Save array back to JSON // Save array back to JSON
saveJSON('users.php', $revised_array); saveJSON( 'users.php', $revised_array );
// Response // Response
echo formatJSEND("success", null); echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Set Project Access // Set Project Access
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Project_Access() public function Project_Access() {
{
// Access set to all projects // Access set to all projects
if ($this->projects==0) { if( $this->projects == 0 ) {
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
}
// Access set to restricted list // Access set to restricted list
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
}
} else { } else {
// Save array back to JSON // Save array back to JSON
saveJSON($this->username . '_acl.php', $this->projects); saveJSON( $this->username . '_acl.php', $this->projects );
} }
// Response // Response
echo formatJSEND("success", null); echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Set Current Project // Set Current Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Project() public function Project() {
{
$revised_array = array(); $revised_array = array();
foreach ($this->users as $user => $data) { foreach( $this->users as $user => $data ) {
if ($this->username==$data['username']) {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$this->project); if( $this->username == $data['username'] ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
} else { } else {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
} }
} }
// Save array back to JSON // Save array back to JSON
saveJSON('users.php', $revised_array); saveJSON( 'users.php', $revised_array );
// Response // Response
echo formatJSEND("success", null); echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Check Duplicate // Check Duplicate
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function CheckDuplicate() public function CheckDuplicate() {
{
$pass = true; $pass = true;
foreach ($this->users as $user => $data) { foreach( $this->users as $user => $data ) {
if ($data['username']==$this->username) {
if( $data['username'] == $this->username ) {
$pass = false; $pass = false;
} }
} }
@ -299,32 +308,34 @@ class User
// Verify Account Exists // Verify Account Exists
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function Verify() public function Verify() {
{
$pass = 'false'; $pass = 'false';
foreach ($this->users as $user => $data) { foreach( $this->users as $user => $data ) {
if ($this->username==$data['username']) {
if( $this->username == $data['username'] ) {
$pass = 'true'; $pass = 'true';
} }
} }
echo($pass); echo( $pass );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Encrypt Password // Encrypt Password
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
private function EncryptPassword() private function EncryptPassword() {
{
$this->password = sha1(md5($this->password)); $this->password = sha1( md5( $this->password ) );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Clean username // Clean username
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public static function CleanUsername($username) public static function CleanUsername( $username ) {
{
return preg_replace('#[^A-Za-z0-9'.preg_quote('-_@. ').']#', '', $username); return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
} }
} }

View file

@ -183,7 +183,14 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
// AUTHENTICATED // AUTHENTICATED
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
}else{ } else {
define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
if( ! is_dir( USER_WORKSPACE ) ) {
mkdir( USER_WORKSPACE, 0755 );
}
?> ?>