Mirror
/
codiad
mirror of https://github.com/xevidos/codiad.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactored user class, Users can now only see projects owned by \'nobody\' or themselves to get ready for permissions update.

This commit is contained in:
xevidos 2018-10-11 10:17:41 -04:00
parent 84cfb3d9ad
commit 42a87590ac
9 changed files with 603 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
common.php
View File

@ -108,11 +108,6 @@ class Common {
exit( $output ); exit( $output );
break; break;
case( "json" ):
exit( '{"status":"error","message":"' . $output . '<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant( 'BASE_URL' ) . '`</script>"}' );
break;
case( "return" ): case( "return" ):
return( $output ); return( $output );
@ -129,10 +124,45 @@ class Common {
if( ! self::check_session() ) { if( ! self::check_session() ) {
session_destroy(); session_destroy();
self::return( "Access Denied", "json" ); self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
}
}
//////////////////////////////////////////////////////////////////
// Check access to a project
//////////////////////////////////////////////////////////////////
public static function check_project_access( $project_name, $project_path, $action ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking project access." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
try {
$users = json_decode( $return["access"] );
} catch( exception $e ) {
$users = array();
}
if( $return["owner"] == 'nobody' || $return["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
$return = true;
} else {
$return = false;
}
} else {
$return = false;
} }
self::return( $return, $action );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -213,7 +243,7 @@ class Common {
session_save_path( SESSIONS_PATH ); session_save_path( SESSIONS_PATH );
session_start(); session_start();
if(! defined( 'SESSION_ID' ) ) { if( ! defined( 'SESSION_ID' ) ) {
define( "SESSION_ID", session_id() ); define( "SESSION_ID", session_id() );
} }
@ -410,26 +440,29 @@ class Common {
public static function checkPath( $path ) { public static function checkPath( $path ) {
if( file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ) ) { $sql = "SELECT * FROM `projects` WHERE LOCATE( `path`, ? ) > 0 LIMIT 1;";
$bind = "s";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
if( mysqli_num_rows( $result ) > 0 ) {
foreach ( getJSON( $_SESSION['user'] . '_acl.php' ) as $projects => $data ) { $result = mysqli_fetch_assoc( $result );
try {
if ( strpos( $path, $data ) === 0) { $users = json_decode( $result["access"] );
} catch( exception $e ) {
return true;
} $users = array();
} }
} else {
foreach( getJSON( 'projects.php' ) as $project => $data ) { if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
if ( strpos( $path, $data['path'] ) === 0 ) { return( true );
return true;
}
} }
} }
return false; return( false );
} }

10
components/filemanager/class.filemanager.php
View File

@ -405,7 +405,15 @@ class Filemanager extends Common {
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function delete( $keep_parent = false ) { public function delete( $keep_parent = false ) {
if( Common::checkPath( $path ) ) {
$this->status = "error";
$this->message = "No access.";
$this->respond();
return;
}
function rrmdir( $path, $follow, $keep_parent = false ) { function rrmdir( $path, $follow, $keep_parent = false ) {
if ( is_file( $path ) ) { if ( is_file( $path ) ) {

84
components/project/class.project.php
View File

@ -42,24 +42,85 @@ class Project extends Common {
// NEW METHODS // NEW METHODS
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public function add_project() { public function add_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error creating project $project_name." ) );
return( $return );
} }
public function delete_project() { public function delete_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
$owner = 'nobody';
}
$owner = $_SESSION["user"];
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
try {
$json = json_decode( $return, true );
exit( $return );
} catch( exception $e ) {
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
}
} }
public function get_projects() { public function get_projects() {
$sql = "SELECT * FROM `projects` WHERE `owner`=? OR `owner`='nobody' ORDER BY `name`;";
$bind = "s";
$bind_variables = array( $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC );
} else {
$return = formatJSEND( "error", "Error fetching projects." );
}
return( $return );
} }
public function rename_project() { public function rename_project( $old_name, $new_name, $path ) {
$sql = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$sql = "UPDATE `projects` SET `name`=? WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ssss";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error renaming project." ) );
} else {
exit( formatJSEND( "error", "Error renaming project, could not find specified project." ) );
}
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -234,10 +295,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->rename_project( $data['name'], $_GET['project_name'], $data['path'] );
} }
} }
$revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path ); $revised_array[] = $this->projects[] = array( "name" => $_GET['project_name'], "path" => $this->path );
$this->rename_project( $data['name'], );
// Response // Response
echo formatJSEND("success", null); echo formatJSEND("success", null);
} }
@ -254,15 +318,13 @@ class Project extends Common {
if ( $data['path'] != $this->path ) { if ( $data['path'] != $this->path ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
} else {
$this->delete_project( $data['name'], $data['path'] );
} }
} }
// Save array back to JSON
$this->delete_project( , );
// Response
echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Check Duplicate // Check Duplicate
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -287,7 +349,7 @@ class Project extends Common {
public function SanitizePath() { public function SanitizePath() {
$sanitized = str_replace( " ", "_", $this->path ); $sanitized = str_replace( " ", "_", $this->path );
return preg_replace( '/[^\w-]/', '', $sanitized ); return preg_replace( '/[^\w-]/', '', strtolower( $sanitized ) );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
@ -335,4 +397,4 @@ class Project extends Common {
shell_exec( $this->command_exec ); shell_exec( $this->command_exec );
} }
} }
} }

161
components/project/controller.php
View File

@ -1,113 +1,114 @@
<?php <?php
/* /*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See * as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact. * [root]/license.txt for more. This information must remain intact.
*/ */
require_once('../../common.php'); require_once('../../common.php');
require_once('class.project.php'); require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
checkSession(); checkSession();
$Project = new Project(); $Project = new Project();
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Get Current Project // Get Current Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
$no_return = false; $no_return = false;
if (isset($_GET['no_return'])) { if (isset($_GET['no_return'])) {
$no_return = true; $no_return = true;
} }
if ($_GET['action']=='get_current') { if ($_GET['action']=='get_current') {
if (!isset($_SESSION['project'])) {
// Load default/first project if ( ! isset($_SESSION['project'])) {
if ($no_return) { // Load default/first project
$Project->no_return = true; if ($no_return) {
} $Project->no_return = true;
$Project->GetFirst(); }
} else { $Project->GetFirst();
// Load current } else {
$Project->path = $_SESSION['project']; // Load current
$project_name = $Project->GetName(); $Project->path = $_SESSION['project'];
if (!$no_return) { $project_name = $Project->GetName();
echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project'])); if (!$no_return) {
} echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project']));
} }
}
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Open Project // Open Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='open') { if ($_GET['action']=='open') {
if (!checkPath($_GET['path'])) { if (!checkPath($_GET['path'])) {
die(formatJSEND("error", "No Access")); die(formatJSEND("error", "No Access to path " . $_GET['path']));
} }
$Project->path = $_GET['path']; $Project->path = $_GET['path'];
$Project->Open(); $Project->Open();
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Create Project // Create Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='create') { if ($_GET['action']=='create') {
if (checkAccess()) { if (checkAccess()) {
$Project->name = $_GET['project_name']; $Project->name = $_GET['project_name'];
if ($_GET['project_path'] != '') { if ($_GET['project_path'] != '') {
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
} else { } else {
$Project->path = $_GET['project_name']; $Project->path = $_GET['project_name'];
}
// Git Clone?
if (!empty($_GET['git_repo'])) {
$Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
} }
// Git Clone?
////////////////////////////////////////////////////////////////// if (!empty($_GET['git_repo'])) {
// Rename Project $Project->gitrepo = $_GET['git_repo'];
////////////////////////////////////////////////////////////////// $Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
}
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='rename') { if ($_GET['action']=='rename') {
if (!checkPath($_GET['project_path'])) { if (!checkPath($_GET['project_path'])) {
die(formatJSEND("error", "No Access")); die(formatJSEND("error", "No Access"));
} }
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
$Project->Rename(); $Project->Rename();
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Delete Project // Delete Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='delete') { if ($_GET['action']=='delete') {
if (checkAccess()) { if (checkAccess()) {
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
$Project->Delete(); $Project->Delete();
} }
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Return Current // Return Current
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ($_GET['action']=='current') { if ($_GET['action']=='current') {
if (isset($_SESSION['project'])) { if (isset($_SESSION['project'])) {
echo formatJSEND("success", $_SESSION['project']); echo formatJSEND("success", $_SESSION['project']);
} else { } else {
echo formatJSEND("error", "No Project Returned"); echo formatJSEND("error", "No Project Returned");
} }
} }

123
components/project/dialog.php
View File

@ -8,12 +8,14 @@
require_once('../../common.php'); require_once('../../common.php');
require_once('./class.project.php');
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
checkSession(); checkSession();
$Project = new Project;
switch( $_GET['action'] ) { switch( $_GET['action'] ) {
@ -23,11 +25,11 @@ switch( $_GET['action'] ) {
case 'sidelist': case 'sidelist':
// Get projects data // Get projects data
$projects = Project::get_projects(); $projects = $Project->get_projects();
?> ?>
<ul> <ul>
<?php <?php
sort( $projects, SORT_NATURAL ); //natcasesort( $projects );
foreach( $projects as $project => $data ) { foreach( $projects as $project => $data ) {
if( $_GET['trigger'] == 'true' ) { if( $_GET['trigger'] == 'true' ) {
@ -52,65 +54,64 @@ switch( $_GET['action'] ) {
////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////
case 'list': case 'list':
// Get access control data //Get projects data
$projects_assigned = false; $projects = $Project->get_projects();
if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){ ?>
$projects_assigned = getJSON($_SESSION['user'] . '_acl.php'); <label><?php i18n("Project List"); ?></label>
} <div id="project-list">
<table width="100%">
?> <tr>
<label><?php i18n("Project List"); ?></label> <th width="70"><?php i18n( "Open");?></th>
<div id="project-list"> <th width="150"><?php i18n( "Project Name" );?></th>
<table width="100%"> <th width="250"><?php i18n( "Path" );?></th>
<tr> <?php if( checkAccess() ) { ?><th width="70"><?php i18n("Delete");?></th><?php } ?>
<th width="70"><?php i18n("Open"); ?></th> </tr>
<th width="150"><?php i18n("Project Name"); ?></th> </table>
<th width="250"><?php i18n("Path"); ?></th> <div class="project-wrapper">
<?php if(checkAccess()){ ?><th width="70"><?php i18n("Delete"); ?></th><?php } ?> <table width="100%" style="word-wrap: break-word;word-break: break-all;">
</tr> <?php
</table> foreach( $projects as $project => $data ) {
<div class="project-wrapper">
<table width="100%" style="word-wrap: break-word;word-break: break-all;"> $show = true;
<?php if( $projects_assigned && ! in_array( $data['path'], $projects_assigned ) ) {
// Get projects JSON data $show = false;
$projects = getJSON('projects.php'); }
sort($projects); if( $show ) {
foreach($projects as $project=>$data){
$show = true; ?>
if($projects_assigned && !in_array($data['path'],$projects_assigned)){ $show=false; } <tr>
if($show){ <td width="70"><a onclick="codiad.project.open('<?php echo( $data['path'] );?>');" class="icon-folder bigger-icon"></a></td>
?> <td width="150"><?php echo($data['name']);?></td>
<tr> <td width="250"><?php echo($data['path']);?></td>
<td width="70"><a onclick="codiad.project.open('<?php echo($data['path']); ?>');" class="icon-folder bigger-icon"></a></td> <?php
<td width="150"><?php echo($data['name']); ?></td> if( checkAccess() ) {
<td width="250"><?php echo($data['path']); ?></td>
<?php if( $_SESSION['project'] == $data['path'] ) {
if(checkAccess()){
if($_SESSION['project'] == $data['path']){ ?>
?> <td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td>
<td width="70"><a onclick="codiad.message.error(i18n('Active Project Cannot Be Removed'));" class="icon-block bigger-icon"></a></td> <?php
<?php } else {
}else{
?> ?>
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']); ?>','<?php echo($data['path']); ?>');" class="icon-cancel-circled bigger-icon"></a></td> <td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php <?php
} }
} }
?> ?>
</tr> </tr>
<?php <?php
} }
} }
?> ?>
</table> </table>
</div> </div>
</div> </div>
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?> <?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button> <button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<?php <?php
break; break;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////

8
components/settings/class.settings.php
View File

@ -57,7 +57,7 @@ class Settings {
if( $user_setting == null ) { if( $user_setting == null ) {
$sql = "SELECT `value` FROM `options` WHERE `option_name`=?;"; $sql = "SELECT `value` FROM `options` WHERE `name`=?;";
$bind = "s"; $bind = "s";
$bind_variables = array( $option ); $bind_variables = array( $option );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -71,7 +71,7 @@ class Settings {
} }
} else { } else {
$sql = "SELECT `value` FROM `user_options` WHERE `option_name`=? AND `username`=?;"; $sql = "SELECT `value` FROM `user_options` WHERE `name`=? AND `username`=?;";
$bind = "ss"; $bind = "ss";
$bind_variables = array( $option, $this->username ); $bind_variables = array( $option, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) ); $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching option: $option" ) );
@ -130,7 +130,7 @@ class Settings {
public function update_option( $option, $value, $user_setting = null ) { public function update_option( $option, $value, $user_setting = null ) {
$query = "INSERT INTO user_options ( `option_name`, `username`, `value` ) VALUES ( ?, ?, ? );"; $query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$option, $option,
@ -141,7 +141,7 @@ class Settings {
if( $result !== true ) { if( $result !== true ) {
$query = "UPDATE user_options SET `value`=? WHERE `option_name`=? AND `username`=?;"; $query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;";
$bind = "sss"; $bind = "sss";
$bind_variables = array( $bind_variables = array(
$value, $value,

20
components/update/convert.php
View File

@ -6,7 +6,7 @@ error_reporting(E_ALL);
require_once('../../common.php'); require_once('../../common.php');
require_once('../settings/class.settings.php'); require_once('../settings/class.settings.php');
require_once('../project/class.project.php');
checkSession(); checkSession();
if ( ! checkAccess() ) { if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad."; echo "Error, you do not have access to update Codiad.";
@ -14,8 +14,13 @@ if ( ! checkAccess() ) {
} }
$user_settings_file = DATA . "/settings.php"; $user_settings_file = DATA . "/settings.php";
$projects_file = DATA . "/projects.php";
$projects_file = DATA . "/users.php";
$system_settings_file = null; $system_settings_file = null;
$Settings = new Settings(); $Settings = new Settings();
$Common = new Common();
$Project = new Project();
if( file_exists( $user_settings_file ) ) { if( file_exists( $user_settings_file ) ) {
@ -25,9 +30,18 @@ if( file_exists( $user_settings_file ) ) {
$Settings->username = $user; $Settings->username = $user;
foreach( $settings as $setting => $value ) { foreach( $settings as $setting => $value ) {
//echo var_dump( $setting, $value ); $Settings->update_option( $setting, $value, true );
$Settings->add_option( $setting, $value, true );
} }
} }
unlink( $user_settings_file ); unlink( $user_settings_file );
}
if( file_exists( $projects_file ) ) {
$projects = getJSON( 'projects.php' );
foreach( $projects as $project => $data ) {
$Project->add_project( $data["name"], $data["path"], true );
}
unlink( $projects_file );
} }

577
components/user/class.user.php
View File

@ -6,46 +6,44 @@
* [root]/license.txt for more. This information must remain intact. * [root]/license.txt for more. This information must remain intact.
*/ */
class User class User {
{
//////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////// // PROPERTIES
// PROPERTIES //////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
public $username = '';
public $username = ''; public $password = '';
public $password = ''; public $project = '';
public $project = ''; public $projects = '';
public $projects = ''; public $users = '';
public $users = ''; public $actives = '';
public $actives = ''; public $lang = '';
public $lang = ''; public $theme = '';
public $theme = '';
//////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////// // METHODS
// METHODS //////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// -----------------------------||----------------------------- //
// -----------------------------||----------------------------- //
//////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////// // Construct
// Construct //////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
public function __construct() {
public function __construct()
{
$this->users = getJSON('users.php');
$this->actives = getJSON('active.php');
}
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate()
{
if ( ! is_dir( SESSIONS_PATH ) ) { $this->users = getJSON( 'users.php' );
$this->actives = getJSON( 'active.php' );
}
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate() {
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 ); mkdir( SESSIONS_PATH, 00755 );
} }
@ -59,13 +57,11 @@ class User
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 ); $sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) ); $sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
if ( ! ( $sessions_owner === $server_user ) ) { if( ! ( $sessions_owner === $server_user ) ) {
try { try {
chown( SESSIONS_PATH, $server_user ); chown( SESSIONS_PATH, $server_user );
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. The sessions folder owner has been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) ); echo( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
@ -73,13 +69,11 @@ class User
} }
} }
if ( ! in_array( $sessions_permissions, $permissions ) ) { if( ! in_array( $sessions_permissions, $permissions ) ) {
try { try {
chmod( SESSIONS_PATH, 00755 ); chmod( SESSIONS_PATH, 00755 );
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. The sessions folder permissions have been sucessfully changed. Please log in again." ) );
return;
} catch( Exception $e ) { } catch( Exception $e ) {
echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) ); echo( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
@ -87,244 +81,261 @@ class User
} }
} }
$pass = false; $pass = false;
$this->EncryptPassword();
$users = getJSON('users.php');
foreach ($users as $user) {
if ($user['username']==$this->username && $user['password']==$this->password) {
$pass = true;
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
if ($user['project']!='') {
$_SESSION['project'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );
}
}
if ($pass) { $this->EncryptPassword();
$users = getJSON('users.php');
echo formatJSEND("success", array("username"=>$this->username)); foreach( $users as $user ) {
} else {
echo formatJSEND("error", "Incorrect Username or Password"); if( $user['username'] == $this->username && $user['password'] == $this->password ) {
}
} $pass = true;
$_SESSION['id'] = SESSION_ID;
/** $_SESSION['user'] = $this->username;
* Check duplicate sessions $_SESSION['lang'] = $this->lang;
* $_SESSION['theme'] = $this->theme;
* This function checks to see if the user is currently logged in $_SESSION["login_session"] = true;
* on any other machine and if they are then log them off. This
* will fix the issue with the new auto save attempting to save both if($user['project']!='') {
* users at the same time.
*/ $_SESSION['project'] = $user['project'];
}
public static function checkDuplicateSessions( $username ) {
$this->checkDuplicateSessions( $this->username );
//ini_set('display_errors', 1); }
//ini_set('display_startup_errors', 1); }
//error_reporting(E_ALL);
session_write_close(); if( $pass ) {
$all_sessions = array();
$sessions = glob( SESSIONS_PATH . "/*" ); echo formatJSEND( "success", array( "username" => $this->username ) );
session_id( SESSION_ID ); } else {
// session_save_path( SESSIONS_PATH );
echo formatJSEND( "error", "Incorrect Username or Password" );
foreach( $sessions as $session ) { }
}
//echo var_dump( $session ) . "\n\n";
if ( strpos( $session, "sess_") == false ) {
continue;
}
$session = str_replace( "sess_", "", $session );
$session = str_replace( SESSIONS_PATH . "/", "", $session );
//This skips temp files that aren't sessions
if( strpos( $session, "." ) == false ) {
session_id( $session );
session_start();
$_SESSION["id"] = $session;
array_push( $all_sessions, $_SESSION );
if ( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
session_destroy();
} else {
session_abort();
}
}
}
//echo '{"status":"error","message":"' . print_r( $all_sessions ) . '"}';
session_id( SESSION_ID );
session_start();
}
////////////////////////////////////////////////////////////////// /**
// Create Account * Check duplicate sessions
////////////////////////////////////////////////////////////////// *
* This function checks to see if the user is currently logged in
public function Create() * on any other machine and if they are then log them off. This
{ * will fix the issue with the new auto save attempting to save both
$this->EncryptPassword(); * users at the same time.
$pass = $this->checkDuplicate(); */
if ($pass) {
$this->users[] = array("username"=>$this->username,"password"=>$this->password,"project"=>""); public static function checkDuplicateSessions( $username ) {
saveJSON('users.php', $this->users);
echo formatJSEND("success", array("username"=>$this->username)); session_write_close();
} else { $all_sessions = array();
echo formatJSEND("error", "The Username is Already Taken"); $sessions = glob( SESSIONS_PATH . "/*" );
} session_id( SESSION_ID );
}
foreach( $sessions as $session ) {
//////////////////////////////////////////////////////////////////
// Delete Account if( strpos( $session, "sess_") == false ) {
//////////////////////////////////////////////////////////////////
continue;
public function Delete() }
{
// Remove User $session = str_replace( "sess_", "", $session );
$revised_array = array(); $session = str_replace( SESSIONS_PATH . "/", "", $session );
foreach ($this->users as $user => $data) { //This skips temp files that aren't sessions
if ($data['username']!=$this->username) { if( strpos( $session, "." ) == false ) {
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
} session_id( $session );
} session_start();
// Save array back to JSON $_SESSION["id"] = $session;
saveJSON('users.php', $revised_array); array_push( $all_sessions, $_SESSION );
// Remove any active files if( isset( $_SESSION["user"] ) && $_SESSION["user"] === $username && isset( $_SESSION["login_session"] ) && $_SESSION["login_session"] === true && SESSION_ID !== session_id() ) {
foreach ($this->actives as $active => $data) {
if ($this->username==$data['username']) { session_destroy();
unset($this->actives[$active]); } else {
}
} session_abort();
saveJSON('active.php', $this->actives); }
}
// Remove access control list (if exists) }
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) { session_id( SESSION_ID );
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); session_start();
} }
// Response //////////////////////////////////////////////////////////////////
echo formatJSEND("success", null); // Create Account
} //////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////// public function Create() {
// Change Password
////////////////////////////////////////////////////////////////// $this->EncryptPassword();
$pass = $this->checkDuplicate();
public function Password() if( $pass ) {
{
$this->EncryptPassword(); $this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
$revised_array = array(); saveJSON( 'users.php', $this->users );
foreach ($this->users as $user => $data) { echo formatJSEND( "success", array( "username" => $this->username ) );
if ($data['username']==$this->username) { } else {
$revised_array[] = array("username"=>$data['username'],"password"=>$this->password,"project"=>$data['project']);
} else { echo formatJSEND( "error", "The Username is Already Taken" );
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']); }
} }
}
// Save array back to JSON //////////////////////////////////////////////////////////////////
saveJSON('users.php', $revised_array); // Delete Account
// Response //////////////////////////////////////////////////////////////////
echo formatJSEND("success", null);
} public function Delete() {
////////////////////////////////////////////////////////////////// // Remove User
// Set Project Access $revised_array = array();
////////////////////////////////////////////////////////////////// foreach( $this->users as $user => $data ) {
public function Project_Access() if( $data['username'] != $this->username ) {
{
// Access set to all projects $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
if ($this->projects==0) { }
if (file_exists(BASE_PATH . "/data/" . $this->username . '_acl.php')) { }
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); // Save array back to JSON
} saveJSON( 'users.php', $revised_array );
// Access set to restricted list
} else { // Remove any active files
// Save array back to JSON foreach( $this->actives as $active => $data ) {
saveJSON($this->username . '_acl.php', $this->projects);
} if( $this->username == $data['username'] ) {
// Response
echo formatJSEND("success", null); unset( $this->actives[$active] );
} }
}
////////////////////////////////////////////////////////////////// saveJSON( 'active.php', $this->actives );
// Set Current Project
////////////////////////////////////////////////////////////////// // Remove access control list (if exists)
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
public function Project()
{ unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
$revised_array = array(); }
foreach ($this->users as $user => $data) {
if ($this->username==$data['username']) { // Response
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$this->project); echo formatJSEND( "success", null );
} else { }
$revised_array[] = array("username"=>$data['username'],"password"=>$data['password'],"project"=>$data['project']);
} //////////////////////////////////////////////////////////////////
} // Change Password
// Save array back to JSON //////////////////////////////////////////////////////////////////
saveJSON('users.php', $revised_array);
// Response public function Password() {
echo formatJSEND("success", null);
} $this->EncryptPassword();
$revised_array = array();
////////////////////////////////////////////////////////////////// foreach( $this->users as $user => $data ) {
// Check Duplicate
////////////////////////////////////////////////////////////////// if( $data['username'] == $this->username ) {
public function CheckDuplicate() $revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
{ } else {
$pass = true;
foreach ($this->users as $user => $data) { $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
if ($data['username']==$this->username) { }
$pass = false; }
} // Save array back to JSON
} saveJSON( 'users.php', $revised_array );
return $pass; // Response
} echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Verify Account Exists //////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////// // Set Project Access
//////////////////////////////////////////////////////////////////
public function Verify()
{ public function Project_Access() {
$pass = 'false';
foreach ($this->users as $user => $data) { // Access set to all projects
if ($this->username==$data['username']) { if( $this->projects == 0 ) {
$pass = 'true';
} // Access set to restricted list
} if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
echo($pass);
} unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
}
////////////////////////////////////////////////////////////////// } else {
// Encrypt Password
////////////////////////////////////////////////////////////////// // Save array back to JSON
saveJSON( $this->username . '_acl.php', $this->projects );
private function EncryptPassword() }
{ // Response
$this->password = sha1(md5($this->password)); echo formatJSEND( "success", null );
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Clean username // Set Current Project
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
public static function CleanUsername($username) public function Project() {
{
return preg_replace('#[^A-Za-z0-9'.preg_quote('-_@. ').']#', '', $username); $revised_array = array();
} foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
} else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Check Duplicate
//////////////////////////////////////////////////////////////////
public function CheckDuplicate() {
$pass = true;
foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) {
$pass = false;
}
}
return $pass;
}
//////////////////////////////////////////////////////////////////
// Verify Account Exists
//////////////////////////////////////////////////////////////////
public function Verify() {
$pass = 'false';
foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) {
$pass = 'true';
}
}
echo( $pass );
}
//////////////////////////////////////////////////////////////////
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
$this->password = sha1( md5( $this->password ) );
}
//////////////////////////////////////////////////////////////////
// Clean username
//////////////////////////////////////////////////////////////////
public static function CleanUsername( $username ) {
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
}
} }

11
index.php
View File

@ -183,8 +183,15 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
// AUTHENTICATED // AUTHENTICATED
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
}else{ } else {
define( "USER_WORKSPACE", WORKSPACE . "/" . $_SESSION["user"] );
if( ! is_dir( USER_WORKSPACE ) ) {
mkdir( USER_WORKSPACE, 0755 );
}
?> ?>
<div id="workspace"> <div id="workspace">