diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0270670 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.scannerwork \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100755 index 0000000..d6a386c --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,24 @@ +stages: + - build + - test + - deploy + +build: + stage: build + script: + - echo "Building the app this does nothing." + +test: + stage: test + script: + - echo "Testing the app." + - /home/xevidos/scripts/sonar-codiad.sh + only: + - development + +deploy_staging: + stage: deploy + script: + - echo "Deploy to staging server this does nothing." + only: + - master diff --git a/common.php b/common.php index f148ef4..4205de7 100755 --- a/common.php +++ b/common.php @@ -99,21 +99,7 @@ class Common { // New Methods ////////////////////////////////////////////////////////////////// - public static function return( $output, $action = "return" ) { - - switch( $action ) { - - case( "exit" ): - - exit( $output ); - break; - - case( "return" ): - - return( $output ); - break; - } - } + ////////////////////////////////////////////////////////////////// // Check access to application @@ -121,11 +107,11 @@ class Common { public static function check_access( $action = "return" ) { - if( ! self::check_session() ) { + /*if( ! self::check_session() ) { session_destroy(); self::return( formatJSEND( "error", "Error fetching project information." ), "exit" ); - } + }*/ } ////////////////////////////////////////////////////////////////// @@ -165,19 +151,73 @@ class Common { self::return( $return, $action ); } - ////////////////////////////////////////////////////////////////// - // Check Session / Key - ////////////////////////////////////////////////////////////////// - - public static function check_session( $action = "return" ) { + public static function get_users( $return = "return" ) { + $sql = "SELECT `username` FROM `users`;"; + $bind = ""; + $bind_variables = array(); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking users." ) ); + $user_list = array(); - if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) { + foreach( $result as $row ) { - //exit('{"status":"error","message":"Authentication Error"}'); - exit( '{"status":"error","message":"Authentication Error"}' ); + array_push( $user_list, $row["username"] ); } + + if( mysqli_num_rows( $result ) > 0 ) { + + switch( $return ) { + + case( "json" ): + + $return = json_encode( $user_list ); + break; + + case( "return" ): + + $return = $user_list; + break; + } + } else { + + $return = formatJSEND( "error", "Error selecting user information." ); + } + return( $return ); + } + + public static function is_admin() { + + $sql = "SELECT * FROM `users` WHERE `username`=? AND `access`=?;"; + $bind = "ss"; + $bind_variables = array( $_SESSION["user"], "admin" ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking user acess." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + return( true ); + } else { + + return( false ); + } + } + + public static function logout() { + + $sql = "UPDATE `users` SET `token`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( null, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + try { + + $json = json_decode( $return, true ); + echo( $return ); + } catch( exception $e ) {} + + session_unset(); + session_destroy(); + session_start(); } ////////////////////////////////////////////////////////////////// @@ -220,6 +260,22 @@ class Common { } } + public static function return( $output, $action = "return" ) { + + switch( $action ) { + + case( "exit" ): + + exit( $output ); + break; + + case( "return" ): + + return( $output ); + break; + } + } + ////////////////////////////////////////////////////////////////// // Old Methods ////////////////////////////////////////////////////////////////// @@ -333,17 +389,20 @@ class Common { public static function checkSession() { - // Set any API keys - $api_keys = array(); - // Check API Key or Session Authentication - $key = ""; - if( isset( $_GET['key'] ) ) { + $pass = false; + $sql = "SELECT * FROM `users` WHERE `username`=? AND `token`=PASSWORD( ? );"; + $bind = "ss"; + $bind_variables = array( $_SESSION["user"], $_SESSION["token"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking access." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { - $key = $_GET['key']; + $pass = true; } - if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) { + + if( ! $pass ) { - //exit('{"status":"error","message":"Authentication Error"}'); + logout(); exit( '{"status":"error","message":"Authentication Error"}' ); } } @@ -353,7 +412,7 @@ class Common { // Get JSON ////////////////////////////////////////////////////////////////// - public static function getJSON( $file, $namespace="" ) { + public static function getJSON( $file, $namespace = "" ) { $path = DATA . "/"; if( $namespace != "" ) { @@ -431,7 +490,7 @@ class Common { public static function checkAccess() { - return !file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ); + return self::is_admin(); } ////////////////////////////////////////////////////////////////// @@ -509,6 +568,7 @@ class Common { // Wrapper for old method names ////////////////////////////////////////////////////////////////// +function is_admin() { Common::is_admin(); } function debug($message) { Common::debug($message); } function i18n($key, $args = array()) { echo Common::i18n($key, $args); } function get_i18n($key, $args = array()) { return Common::get_i18n($key, $args); } @@ -519,4 +579,6 @@ function formatJSEND($status,$data=false){ return Common::formatJSEND($status,$d function checkAccess() { return Common::checkAccess(); } function checkPath($path) { return Common::checkPath($path); } function isAvailable($func) { return Common::isAvailable($func); } +function logout() { return Common::logout(); } +function get_users() { return Common::get_users(); } ?> diff --git a/components/active/init.js b/components/active/init.js index 0455852..7e725ab 100755 --- a/components/active/init.js +++ b/components/active/init.js @@ -49,6 +49,12 @@ }, open: function(path, content, mtime, inBackground, focus) { + + //if( this. ) { + + + //} + if (focus === undefined) { focus = true; } diff --git a/components/autosave/init.js b/components/autosave/init.js index 40991dd..c0b6ef8 100755 --- a/components/autosave/init.js +++ b/components/autosave/init.js @@ -13,9 +13,9 @@ curpath = path.split('/').slice(0, -1).join('/')+'/'; // Instantiates plugin - $(function() { + $( function() { - amplify.subscribe('settings.changed', async function() { + amplify.subscribe( 'settings.changed', function() { codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' ); codiad.auto_save.reload_interval(); @@ -25,7 +25,7 @@ }); codiad.auto_save = { - + // Allows relative `this.path` linkage auto_save_trigger: null, invalid_states: [ "", " ", null, undefined ], @@ -37,7 +37,7 @@ }, verbose: false, - init: async function() { + init: function() { codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' ); @@ -48,31 +48,33 @@ window.clearInterval( this.auto_save_trigger ); if( codiad.auto_save.verbose ) { + console.log( 'Auto save disabled' ); } return; } - $(window).focus(function() { + $( window ).focus( function() { - //Turn auto save off if the user leaves the tab. - codiad.auto_save.settings.toggle = false; + //Turn auto save on if the user comes back the tab. + codiad.auto_save.settings.toggle = true; if( codiad.auto_save.verbose ) { + console.log( 'Auto save resumed' ); } }); - $(window).blur(function() { + $( window ).blur( function() { //Turn auto save off if the user leaves the tab. codiad.auto_save.settings.toggle = false; if( codiad.auto_save.verbose ) { + console.log( 'Auto save paused' ); } }); console.log( 'Auto save Enabled' ); - //let editor = document.getElementsByClassName( 'ace_content' )[0]; this.auto_save_trigger = setInterval( this.auto_save, 256 ); }, @@ -103,15 +105,22 @@ let content = codiad.editor.getContent(); codiad.active.save; - codiad.filemanager.saveFile(path, content, localStorage.removeItem(path), false); + codiad.filemanager.saveFile( path, content, localStorage.removeItem( path ), false ); var session = codiad.active.sessions[path]; if( typeof session != 'undefined' ) { + session.untainted = content; session.serverMTime = session.serverMTime; - if (session.listThumb) session.listThumb.removeClass('changed'); - if (session.tabThumb) session.tabThumb.removeClass('changed'); + if ( session.listThumb ) { + + session.listThumb.removeClass('changed'); + } + + if ( session.tabThumb ) { + + session.tabThumb.removeClass('changed'); + } } - this.saving = false; }, @@ -129,4 +138,4 @@ } } }; -})(this, jQuery); \ No newline at end of file +})( this, jQuery ); \ No newline at end of file diff --git a/components/filemanager/class.filemanager.php b/components/filemanager/class.filemanager.php index f589e35..aca0d68 100755 --- a/components/filemanager/class.filemanager.php +++ b/components/filemanager/class.filemanager.php @@ -424,19 +424,19 @@ class Filemanager extends Common { $files = array_diff( scandir( $path ), array( '.', '..' ) ); foreach ( $files as $file ) { - if ( is_link( "$path/$file" ) ) { + if ( is_link( $path . "/" . $file ) ) { if ( $follow ) { - rrmdir("$path/$file", $follow, false); + rrmdir( $path . "/" . $file, $follow, false); } - unlink( "$path/$file" ); - } elseif ( is_dir( "$path/$file" ) ) { + unlink( $path . "/" . $file ); + } elseif ( is_dir( $path . "/" . $file ) ) { - rrmdir( "$path/$file", $follow, false ); + rrmdir( $path . "/" . $file, $follow, false ); } else { - unlink( "$path/$file" ); + unlink( $path . "/" . $file ); } } if( $keep_parent === false ) { @@ -501,7 +501,7 @@ class Filemanager extends Common { } else { // Change content - if ($this->content || $this->patch) { + if ( $this->content || $this->patch ) { if ( $this->content == ' ' ) { diff --git a/components/project/class.project.php b/components/project/class.project.php index d2049e2..e97cdfb 100755 --- a/components/project/class.project.php +++ b/components/project/class.project.php @@ -22,6 +22,7 @@ class Project extends Common { public $no_return = false; public $assigned = false; public $command_exec = ''; + public $public_project = false; ////////////////////////////////////////////////////////////////// // METHODS @@ -44,12 +45,12 @@ class Project extends Common { public function add_project( $project_name, $project_path, $owner = null ) { - if( $owner == null ) { - - $owner = $_SESSION["user"]; - } else { + if( $this->public_project ) { $owner = 'nobody'; + } else { + + $owner = $_SESSION["user"]; } $sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );"; @@ -60,30 +61,103 @@ class Project extends Common { return( $return ); } - public function delete_project( $project_name, $project_path, $owner = null ) { + public function check_owner( $path = null, $exclude_public = false ) { - if( $owner == null ) { + if( $path === null ) { - $owner = $_SESSION["user"]; + $path = $this->path; + } + $sql = "SELECT `owner` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + $return = false; + + if( mysqli_num_rows( $result ) > 0 ) { + + $owner = mysqli_fetch_assoc( $result )["owner"]; + if( $exclude_public ) { + + if( $owner == $_SESSION["user"] ) { + + $return = true; + } + } else { + + if( $owner == $_SESSION["user"] || $owner == 'nobody' ) { + + $return = true; + } + } + } + return( $return ); + } + + public function get_access( $path = null ) { + + if( $path === null ) { + + $path = $this->path; + } + $sql = "SELECT `access` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_assoc( $return )["access"]; } else { - $owner = 'nobody'; + $return = formatJSEND( "error", "Error fetching project info." ); } - $owner = $_SESSION["user"]; - $sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );"; - $bind = "sss"; - $bind_variables = array( $project_name, $project_path, $owner ); - $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) ); + return( $return ); + } + + public function get_owner( $path = null ) { - try { + if( $path === null ) { - $json = json_decode( $return, true ); - exit( $return ); - } catch( exception $e ) { - - exit( formatJSEND( "success", "Successfully deleted project $project_name." ) ); + $path = $this->path; } + $sql = "SELECT `owner` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_assoc( $return )["owner"]; + } else { + + $return = formatJSEND( "error", "Error fetching project info." ); + } + + return( $return ); + } + + public function get_project( $project = null ) { + + if( $project === null ) { + + $project = $this->path; + } + + $sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' ) ORDER BY `name`;"; + $bind = "ss"; + $bind_variables = array( $project, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_all( $return, MYSQLI_ASSOC )[0]; + } else { + + $return = formatJSEND( "error", "Error fetching projects." ); + } + + return( $return ); } public function get_projects() { @@ -169,18 +243,20 @@ class Project extends Common { public function Open() { - $pass = false; - foreach ( $this->projects as $project => $data ) { - - if ( $data['path'] == $this->path ) { - - $pass = true; - $this->name = $data['name']; - $_SESSION['project'] = $data['path']; - } - } - if ( $pass ) { + $sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + $return = mysqli_fetch_assoc( $return ); + $sql = "UPDATE `users` SET `project`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + $this->name = $return['name']; + $_SESSION['project'] = $return['path']; echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) ); } else { @@ -204,6 +280,11 @@ class Project extends Common { } if ( $this->path != '' ) { + if( ! $this->public_project ) { + + $this->path = $_SESSION["user"] . '/' . $this->path; + } + $pass = $this->checkDuplicate(); if ( $pass ) { @@ -312,16 +393,17 @@ class Project extends Common { public function Delete() { - $revised_array = array(); - foreach ( $this->projects as $project => $data ) { + $sql = "DELETE FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) ); + + if( sql::check_sql_error( $return ) ) { - if ( $data['path'] != $this->path ) { - - $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); - } else { - - $this->delete_project( $data['name'], $data['path'] ); - } + echo( formatJSEND( "success", "Successfully deleted $project_name." ) ); + } else { + + echo $return; } } diff --git a/components/project/controller.php b/components/project/controller.php index 0ae0f32..491f043 100755 --- a/components/project/controller.php +++ b/components/project/controller.php @@ -18,97 +18,149 @@ checkSession(); $Project = new Project(); -////////////////////////////////////////////////////////////////// -// Get Current Project -////////////////////////////////////////////////////////////////// - -$no_return = false; -if (isset($_GET['no_return'])) { -$no_return = true; -} - -if ($_GET['action']=='get_current') { - -if ( ! isset($_SESSION['project'])) { -// Load default/first project -if ($no_return) { -$Project->no_return = true; -} -$Project->GetFirst(); -} else { -// Load current -$Project->path = $_SESSION['project']; -$project_name = $Project->GetName(); -if (!$no_return) { -echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project'])); -} -} -} - -////////////////////////////////////////////////////////////////// -// Open Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='open') { -if (!checkPath($_GET['path'])) { -die(formatJSEND("error", "No Access to path " . $_GET['path'])); -} -$Project->path = $_GET['path']; -$Project->Open(); -} - ////////////////////////////////////////////////////////////////// // Create Project ////////////////////////////////////////////////////////////////// -if ($_GET['action']=='create') { -if (checkAccess()) { -$Project->name = $_GET['project_name']; -if ($_GET['project_path'] != '') { -$Project->path = $_GET['project_path']; -} else { -$Project->path = $_GET['project_name']; -} -// Git Clone? -if (!empty($_GET['git_repo'])) { -$Project->gitrepo = $_GET['git_repo']; -$Project->gitbranch = $_GET['git_branch']; -} -$Project->Create(); -} -} - -////////////////////////////////////////////////////////////////// -// Rename Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='rename') { -if (!checkPath($_GET['project_path'])) { -die(formatJSEND("error", "No Access")); -} -$Project->path = $_GET['project_path']; -$Project->Rename(); -} - -////////////////////////////////////////////////////////////////// -// Delete Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='delete') { -if (checkAccess()) { -$Project->path = $_GET['project_path']; -$Project->Delete(); -} +if( $_GET['action'] == 'create' ) { + + $Project->name = $_GET['project_name']; + + if( $_GET['public_project'] == 'true' ) { + + $Project->public_project = true; + } + + if( $_GET['project_path'] != '' ) { + + $Project->path = $_GET['project_path']; + } else { + + $Project->path = $_GET['project_name']; + } + // Git Clone? + if( ! empty( $_GET['git_repo'] ) ) { + + $Project->gitrepo = $_GET['git_repo']; + $Project->gitbranch = $_GET['git_branch']; + } + $Project->Create(); } ////////////////////////////////////////////////////////////////// // Return Current ////////////////////////////////////////////////////////////////// -if ($_GET['action']=='current') { -if (isset($_SESSION['project'])) { -echo formatJSEND("success", $_SESSION['project']); -} else { -echo formatJSEND("error", "No Project Returned"); +if( $_GET['action'] == 'current' ) { + + if( isset( $_SESSION['project'] ) ) { + + echo formatJSEND( "success", $_SESSION['project'] ); + } else { + + echo formatJSEND( "error", "No Project Returned" ); + } } + +////////////////////////////////////////////////////////////////// +// Delete Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'delete' ) { + + if( checkPath( $_GET['project_path'] ) ) { + + $Project->path = $_GET['project_path']; + $Project->Delete(); + } } + +////////////////////////////////////////////////////////////////// +// Get Project Access +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'get_access' ) { + + $Project->path = $_GET['project_path']; + $access = $Project->get_access( $_GET['project_path'] ); + echo formatJSEND( "success", $access ); +} + +////////////////////////////////////////////////////////////////// +// Get Current Project +////////////////////////////////////////////////////////////////// + +$no_return = false; +if( isset( $_GET['no_return'] ) ) { + + $no_return = true; +} + +if( $_GET['action'] == 'get_current' ) { + + if( ! isset( $_SESSION['project'] ) ) { + + // Load default/first project + if( $no_return ) { + + $Project->no_return = true; + } + $Project->GetFirst(); + } else { + + // Load current + $Project->path = $_SESSION['project']; + $project_name = $Project->GetName(); + if( ! $no_return ) { + + echo formatJSEND( "success", array( "name" => $project_name, "path" => $_SESSION['project'] ) ); + } + } +} + +////////////////////////////////////////////////////////////////// +// Check Project Owner +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'get_owner' ) { + + $Project->path = $_GET['project_path']; + $owner = $Project->get_owner(); + try { + + $return = json_decode( $owner ); + exit( formatJSEND( "error", null ) ); + } catch( exception $e ) { + + exit( formatJSEND( "success", array( "owner" => $owner ) ) ); + } +} + +////////////////////////////////////////////////////////////////// +// Open Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'open' ) { + + if( ! checkPath( $_GET['path'] ) ) { + + die( formatJSEND( "error", "No Access to path " . $_GET['path'] ) ); + } + $Project->path = $_GET['path']; + $Project->Open(); +} + +////////////////////////////////////////////////////////////////// +// Rename Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'rename' ) { + + if( ! checkPath( $_GET['project_path'] ) ) { + + die( formatJSEND( "error", "No Access" ) ); + } + $Project->path = $_GET['project_path']; + $Project->Rename(); +} + diff --git a/components/project/dialog.php b/components/project/dialog.php index f95ab15..1b019c1 100755 --- a/components/project/dialog.php +++ b/components/project/dialog.php @@ -65,7 +65,8 @@ switch( $_GET['action'] ) { - + +
@@ -86,19 +87,35 @@ switch( $_GET['action'] ) { get_owner( $data['path'] ); + if( $owner == 'nobody' ) { - if( $_SESSION['project'] == $data['path'] ) { - - ?> - - - - + + + + + + + + + + + @@ -109,8 +126,8 @@ switch( $_GET['action'] ) {
- - + + +
+ + + + + + +

Note: Everyone will have full access to public projects.

+ +
+ + + + + + + + + +
+ + +   + + +
+
+ + + + + +
+ -
- - - - - - -
- - - - - - - - - -
- - -   - - -
-
- - - - - - check_owner( $_GET["path"], true ) ) { + ?> + 
Error, you either do not own this project or it is a public project.
+ get_project( $path ); + $access = json_decode( $project["access"], true ); + $users = get_users(); + ?> + + + + + + + +

No users have been given access.

+ + + + + + + + +
+

+ 		+ +
+ +   + + - - - - -   - - + + + + +   + + - - - - 
 ,
- - - -
- - + + + + 
 ,
+ + + + + + + + + +
+
+ + diff --git a/components/project/init.js b/components/project/init.js index 3714fdb..b249633 100755 --- a/components/project/init.js +++ b/components/project/init.js @@ -1,259 +1,417 @@ /* - * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed - * as-is and without warranty under the MIT License. See - * [root]/license.txt for more. This information must remain intact. - */ +* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed +* as-is and without warranty under the MIT License. See +* [root]/license.txt for more. This information must remain intact. +*/ -(function(global, $){ - - var codiad = global.codiad; - - $(function() { - codiad.project.init(); - }); - - codiad.project = { - - controller: 'components/project/controller.php', - dialog: 'components/project/dialog.php', - - init: function() { - this.loadCurrent(); - this.loadSide(); - - var _this = this; - - $('#projects-create').click(function(){ - codiad.project.create('true'); - }); - - $('#projects-manage').click(function(){ - codiad.project.list(); - }); - - $('#projects-collapse').click(function(){ - if (!_this._sideExpanded) { - _this.projectsExpand(); - } else { - _this.projectsCollapse(); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Get Current Project - ////////////////////////////////////////////////////////////////// - - loadCurrent: function() { - $.get(this.controller + '?action=get_current', function(data) { - var projectInfo = codiad.jsend.parse(data); - if (projectInfo != 'error') { - $('#file-manager') - .html('') - .append(''); - codiad.filemanager.index(projectInfo.path); - codiad.user.project(projectInfo.path); - codiad.message.success(i18n('Project %{projectName}% Loaded', {projectName:projectInfo.name})); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Open Project - ////////////////////////////////////////////////////////////////// - - open: function(path) { - var _this = this; - codiad.finder.contractFinder(); - $.get(this.controller + '?action=open&path=' + encodeURIComponent(path), function(data) { - var projectInfo = codiad.jsend.parse(data); - if (projectInfo != 'error') { - _this.loadCurrent(); - codiad.modal.unload(); - codiad.user.project(path); - localStorage.removeItem("lastSearched"); - /* Notify listeners. */ - amplify.publish('project.onOpen', path); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Open the project manager dialog - ////////////////////////////////////////////////////////////////// - - list: function() { - $('#modal-content form') - .die('submit'); // Prevent form bubbling - codiad.modal.load(500, this.dialog + '?action=list'); - }, - - ////////////////////////////////////////////////////////////////// - // Load and list projects in the sidebar. - ////////////////////////////////////////////////////////////////// - loadSide: async function() { - $( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) ); - this._sideExpanded = true; - }, - - projectsExpand: function() { - this._sideExpanded = true; - $('#side-projects').css('height', 276+'px'); - $('.project-list-title').css('right', 0); - $('.sb-left-content').css('bottom', 276+'px'); - $('#projects-collapse') - .removeClass('icon-up-dir') - .addClass('icon-down-dir'); - }, - - projectsCollapse: function() { - this._sideExpanded = false; - $('#side-projects').css('height', 33+'px'); - $('.project-list-title').css('right', 0); - $('.sb-left-content').css('bottom', 33+'px'); - $('#projects-collapse') - .removeClass('icon-down-dir') - .addClass('icon-up-dir'); - }, - - ////////////////////////////////////////////////////////////////// - // Create Project - ////////////////////////////////////////////////////////////////// - - create: function(close) { - var _this = this; - create = true; - codiad.modal.load(500, this.dialog + '?action=create&close=' + close); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectName = $('#modal-content form input[name="project_name"]') - .val(), - projectPath = $('#modal-content form input[name="project_path"]') - .val(), - gitRepo = $('#modal-content form input[name="git_repo"]') - .val(), - gitBranch = $('#modal-content form input[name="git_branch"]') - .val(); - if(projectPath.indexOf('/') == 0) { - create = confirm('Do you really want to create project with absolute path "' + projectPath + '"?'); - } - if(create) { - $.get(_this.controller + '?action=create&project_name=' + encodeURIComponent(projectName) + '&project_path=' + encodeURIComponent(projectPath) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch, function(data) { - createResponse = codiad.jsend.parse(data); - if (createResponse != 'error') { - _this.open(createResponse.path); - codiad.modal.unload(); - _this.loadSide(); - /* Notify listeners. */ - amplify.publish('project.onCreate', {"name": projectName, "path": projectPath, "git_repo": gitRepo, "git_branch": gitBranch}); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Rename Project - ////////////////////////////////////////////////////////////////// - - rename: function(path,name) { - var _this = this; - codiad.modal.load(500, this.dialog + '?action=rename&path=' + encodeURIComponent(path) + '&name='+name); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectPath = $('#modal-content form input[name="project_path"]') - .val(); - var projectName = $('#modal-content form input[name="project_name"]') - .val(); - $.get(_this.controller + '?action=rename&project_path=' + encodeURIComponent(projectPath) + '&project_name=' + encodeURIComponent(projectName), function(data) { - renameResponse = codiad.jsend.parse(data); - if (renameResponse != 'error') { - codiad.message.success(i18n('Project renamed')); - _this.loadSide(); - $('#file-manager a[data-type="root"]').html(projectName); - codiad.modal.unload(); - /* Notify listeners. */ - amplify.publish('project.onRename', {"path": projectPath, "name": projectName}); - } - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Delete Project - ////////////////////////////////////////////////////////////////// - - delete: function(name, path) { - var _this = this; - codiad.modal.load(500, this.dialog + '?action=delete&name=' + encodeURIComponent(name) + '&path=' + encodeURIComponent(path)); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectPath = $('#modal-content form input[name="project_path"]') - .val(); - var deletefiles = $('input:checkbox[name="delete"]:checked').val(); - var followlinks = $('input:checkbox[name="follow"]:checked').val(); - var action = '?action=delete'; - if( typeof deletefiles !== 'undefined' ) { - if( typeof followlinks !== 'undefined' ) { - action += '&follow=true&path=' + encodeURIComponent(projectPath); - } else { - action += '&path=' + encodeURIComponent(projectPath); - } - } - $.get(codiad.filemanager.controller + action, function(d) { - $.get(_this.controller + '?action=delete&project_path=' + encodeURIComponent(projectPath), function(data) { - deleteResponse = codiad.jsend.parse(data); - if (deleteResponse != 'error') { - codiad.message.success(i18n('Project Deleted')); - _this.list(); - _this.loadSide(); - // Remove any active files that may be open - $('#active-files a') - .each(function() { - var curPath = $(this) - .attr('data-path'); - if (curPath.indexOf(projectPath) == 0) { - codiad.active.remove(curPath); - } - }); - /* Notify listeners. */ - amplify.publish('project.onDelete', {"path": projectPath, "name": name}); - } - }); - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Check Absolute Path - ////////////////////////////////////////////////////////////////// - - isAbsPath: function(path) { - if ( path.indexOf("/") == 0 ) { - return true; - } else { - return false; - } - }, - - ////////////////////////////////////////////////////////////////// - // Get Current (Path) - ////////////////////////////////////////////////////////////////// - - getCurrent: function() { - var _this = this; - var currentResponse = null; - $.ajax({ - url: _this.controller + '?action=current', - async: false, - success: function(data) { - currentResponse = codiad.jsend.parse(data); - } - }); - return currentResponse; - } - }; -})(this, jQuery); +( function( global, $ ) { + + var codiad = global.codiad; + + $( function() { + + codiad.project.init(); + }); + + codiad.project = { + + controller: 'components/project/controller.php', + dialog: 'components/project/dialog.php', + + init: function() { + + this.loadCurrent(); + this.loadSide(); + + var _this = this; + + $( '#projects-create' ).click( function() { + + codiad.project.create('true'); + }); + + $( '#projects-manage' ).click( function() { + + codiad.project.list(); + }); + + $('#projects-collapse').click( function() { + + if ( ! _this._sideExpanded ) { + + _this.projectsExpand(); + } else { + + _this.projectsCollapse(); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Add user access + ////////////////////////////////////////////////////////////////// + + add_user: function( user ) { + + var _this = this; + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + + ////////////////////////////////////////////////////////////////// + // Create Project + ////////////////////////////////////////////////////////////////// + + create: function( close ) { + + var _this = this; + create = true; + codiad.modal.load( 500, this.dialog + '?action=create&close=' + close ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + + e.preventDefault(); + var projectName = $( '#modal-content form input[name="project_name"]' ) + .val(), + projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(), + gitRepo = $( '#modal-content form input[name="git_repo"]' ) + .val(), + gitBranch = $( '#modal-content form input[name="git_branch"]' ) + .val(); + public_project = $( '#modal-content form select[name="public_project"]' ) + .val(); + if( projectPath.indexOf( '/' ) == 0 ) { + + create = confirm( 'Do you really want to create project with absolute path "' + projectPath + '"?' ); + } + if( create ) { + + $.get( _this.controller + '?action=create&project_name=' + encodeURIComponent( projectName ) + '&project_path=' + encodeURIComponent( projectPath ) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch + '&public_project=' + public_project, function( data ) { + + createResponse = codiad.jsend.parse( data ); + if ( createResponse != 'error' ) { + + _this.open( createResponse.path ); + codiad.modal.unload(); + _this.loadSide(); + /* Notify listeners. */ + amplify.publish( 'project.onCreate', {"name": projectName, "path": projectPath, "git_repo": gitRepo, "git_branch": gitBranch} ); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Delete Project + ////////////////////////////////////////////////////////////////// + + delete: function( name, path ) { + + var _this = this; + codiad.modal.load( 500, this.dialog + '?action=delete&name=' + encodeURIComponent( name ) + '&path=' + encodeURIComponent( path ) ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + + e.preventDefault(); + var projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(); + var deletefiles = $( 'input:checkbox[name="delete"]:checked' ).val(); + var followlinks = $( 'input:checkbox[name="follow"]:checked' ).val(); + var action = '?action=delete'; + if( typeof deletefiles !== 'undefined' ) { + + if( typeof followlinks !== 'undefined' ) { + + action += '&follow=true&path=' + encodeURIComponent( projectPath ); + } else { + + action += '&path=' + encodeURIComponent( projectPath ); + } + } + $.get(codiad.filemanager.controller + action, function( d ) { + + $.get(_this.controller + '?action=delete&project_path=' + encodeURIComponent( projectPath ), function( data ) { + + deleteResponse = codiad.jsend.parse( data ); + if ( deleteResponse != 'error' ) { + + codiad.message.success( i18n( 'Project Deleted' ) ); + _this.list(); + _this.loadSide(); + // Remove any active files that may be open + $( '#active-files a' ) + .each(function() { + + var curPath = $( this ) + .attr( 'data-path' ); + if ( curPath.indexOf( projectPath ) == 0 ) { + + codiad.active.remove( curPath ); + } + }); + /* Notify listeners. */ + amplify.publish( 'project.onDelete', {"path": projectPath, "name": name} ); + } + }); + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Get Access + ////////////////////////////////////////////////////////////////// + + get_access: function( path, generate_table = false ) { + + var _this = this; + $.get( _this.controller + '?action=get_access&project_path=' + encodeURIComponent( path ), function( data ) { + + return codiad.jsend.parse( data ); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Get Current (Path) + ////////////////////////////////////////////////////////////////// + + getCurrent: function() { + + var _this = this; + var currentResponse = null; + $.ajax({ + + url: _this.controller + '?action=current', + async: false, + success: function( data ) { + + currentResponse = codiad.jsend.parse( data ); + } + }); + return currentResponse; + }, + + ////////////////////////////////////////////////////////////////// + // Check Absolute Path + ////////////////////////////////////////////////////////////////// + + isAbsPath: function( path ) { + + if ( path.indexOf( "/" ) == 0 ) { + + return true; + } else { + + return false; + } + }, + + ////////////////////////////////////////////////////////////////// + // Open the project manager dialog + ////////////////////////////////////////////////////////////////// + + list: function() { + + $( '#modal-content form' ).die( 'submit' ); // Prevent form bubbling + codiad.modal.load( 500, this.dialog + '?action=list' ); + }, + + /** + * Turn the access array into a table. + */ + load_access: function() { + + var _this = this; + var access = _this.get_access(); + + //If the access is not null then build a table from the data. + if( access !== '' ) { + + access = JSON.parse( access ); + } + }, + + ////////////////////////////////////////////////////////////////// + // Get Current Project + ////////////////////////////////////////////////////////////////// + + loadCurrent: function() { + + $.get( this.controller + '?action=get_current', function( data ) { + + var projectInfo = codiad.jsend.parse( data ); + if ( projectInfo != 'error' ) { + + $( '#file-manager' ) + .html( '' ) + .append( '' ); + codiad.filemanager.index( projectInfo.path ); + codiad.user.project( projectInfo.path ); + codiad.message.success( i18n( 'Project %{projectName}% Loaded', {projectName:projectInfo.name} ) ); + } + }); + }, + + + ////////////////////////////////////////////////////////////////// + // Load and list projects in the sidebar. + ////////////////////////////////////////////////////////////////// + loadSide: async function() { + + $( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) ); + this._sideExpanded = true; + }, + + ////////////////////////////////////////////////////////////////// + // Manage access + ////////////////////////////////////////////////////////////////// + + manage_access: function( path ) { + + var _this = this; + + $( '#modal-content form' ) + .die( 'submit' ); // Prevent form bubbling + codiad.modal.load( 500, this.dialog + '?action=manage_access&path=' + path ); + }, + + ////////////////////////////////////////////////////////////////// + // Open Project + ////////////////////////////////////////////////////////////////// + + open: function( path ) { + + var _this = this; + codiad.finder.contractFinder(); + $.get( this.controller + '?action=open&path=' + encodeURIComponent( path ), function( data ) { + + var projectInfo = codiad.jsend.parse(data); + if ( projectInfo != 'error' ) { + + _this.loadCurrent(); + codiad.modal.unload(); + codiad.user.project( path ); + localStorage.removeItem( "lastSearched" ); + /* Notify listeners. */ + amplify.publish( 'project.onOpen', path ); + } + }); + }, + + projectsExpand: function() { + + this._sideExpanded = true; + $( '#side-projects' ).css( 'height', 276 + 'px' ); + $( '.project-list-title' ).css( 'right', 0 ); + $( '.sb-left-content' ).css( 'bottom', 276 + 'px' ); + $( '#projects-collapse' ) + .removeClass( 'icon-up-dir' ) + .addClass( 'icon-down-dir' ); + }, + + projectsCollapse: function() { + + this._sideExpanded = false; + $( '#side-projects' ).css( 'height', 33 + 'px' ); + $( '.project-list-title' ).css( 'right', 0 ); + $( '.sb-left-content' ).css( 'bottom', 33 + 'px' ); + $( '#projects-collapse' ) + .removeClass( 'icon-down-dir' ) + .addClass( 'icon-up-dir' ); + }, + + ////////////////////////////////////////////////////////////////// + // Remove User access + ////////////////////////////////////////////////////////////////// + + remove_user: function( user ) { + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Rename Project + ////////////////////////////////////////////////////////////////// + + rename: function( path, name ) { + + var _this = this; + codiad.modal.load( 500, this.dialog + '?action=rename&path=' + encodeURIComponent( path ) + '&name=' + name ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + e.preventDefault(); + var projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(); + var projectName = $( '#modal-content form input[name="project_name"]' ) + .val(); + $.get( _this.controller + '?action=rename&project_path=' + encodeURIComponent( projectPath ) + '&project_name=' + encodeURIComponent( projectName ), function( data ) { + + renameResponse = codiad.jsend.parse( data ); + if ( renameResponse != 'error' ) { + + codiad.message.success( i18n( 'Project renamed' ) ); + _this.loadSide(); + $( '#file-manager a[data-type="root"]' ).html( projectName ); + codiad.modal.unload(); + /* Notify listeners. */ + amplify.publish( 'project.onRename', {"path": projectPath, "name": projectName} ); + } + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Save User access + ////////////////////////////////////////////////////////////////// + + save_access: function() { + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + + search_users: function() { + + var _this = this; + var current_response = null; + var select_list = document.getElementById( 'user_list' ); + var search_box = document.getElementById( 'search_users' ); + var search_term = search_box.value; + $.ajax({ + + url: codiad.user.controller + '?action=search_users&search_term=' + search_term, + async: false, + success: function( data ) { + + current_response = codiad.jsend.parse( data ); + } + }); + + select_list.innerHTML = ``; + + if ( current_response != 'error' ) { + + for( let i = current_response.length; i--; ) { + + let optionElement = document.createElement( 'option' ); + optionElement.innerText = current_response[i]; + select_list.appendChild( optionElement ); + } + } + }, + }; +})( this, jQuery ); diff --git a/components/sql/class.sql.php b/components/sql/class.sql.php index fcdc457..422d46e 100755 --- a/components/sql/class.sql.php +++ b/components/sql/class.sql.php @@ -8,6 +8,18 @@ class sql { } + public static function check_sql_error( $sql ) { + + $return = false; + $result = json_decode( $sql ); + + if ( json_last_error() !== JSON_ERROR_NONE || $sql == NULL ) { + + $return = true; + } + return( $return ); + } + public static function connect() { $host = DBHOST; @@ -30,7 +42,7 @@ class sql { if( $connection->error ) { - $return = $connection->error; + $return = formatJSEND( "error", $connection->error ); } $connection->close(); diff --git a/components/update/convert.php b/components/update/convert.php index e033abc..a7309d0 100755 --- a/components/update/convert.php +++ b/components/update/convert.php @@ -7,6 +7,7 @@ error_reporting(E_ALL); require_once('../../common.php'); require_once('../settings/class.settings.php'); require_once('../project/class.project.php'); +require_once('../user/class.user.php'); checkSession(); if ( ! checkAccess() ) { echo "Error, you do not have access to update Codiad."; @@ -15,12 +16,13 @@ if ( ! checkAccess() ) { $user_settings_file = DATA . "/settings.php"; $projects_file = DATA . "/projects.php"; -$projects_file = DATA . "/users.php"; +$users_file = DATA . "/users.php"; $system_settings_file = null; $Settings = new Settings(); $Common = new Common(); $Project = new Project(); +$User = new User(); if( file_exists( $user_settings_file ) ) { @@ -44,4 +46,16 @@ if( file_exists( $projects_file ) ) { $Project->add_project( $data["name"], $data["path"], true ); } unlink( $projects_file ); +} + +if( file_exists( $users_file ) ) { + + $users = getJSON( 'users.php' ); + foreach( $users as $user ) { + + $User->username = $user["username"]; + $User->password = $user["password"]; + $User->add_user(); + } + unlink( $users_file ); } \ No newline at end of file diff --git a/components/user/class.user.php b/components/user/class.user.php index 8b9a484..e347003 100755 --- a/components/user/class.user.php +++ b/components/user/class.user.php @@ -12,6 +12,7 @@ class User { // PROPERTIES ////////////////////////////////////////////////////////////////// + public $access = 'user'; public $username = ''; public $password = ''; public $project = ''; @@ -33,10 +34,51 @@ class User { public function __construct() { - $this->users = getJSON( 'users.php' ); $this->actives = getJSON( 'active.php' ); } + public function add_user() { + + $sql = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, PASSWORD( ? ), ?, ? );"; + $bind = "ssss"; + $bind_variables = array( $this->username, $this->password, $this->access, null ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error that username is already taken." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", array( "username" => $this->username ) ); + } else { + + echo formatJSEND( "error", "The Username is Already Taken" ); + } + } + + public function get_user( $username ) { + + $sql = "SELECT * FROM `users` WHERE `username`=?"; + $bind = "s"; + $bind_variables = array( $username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select user." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", $return ); + } else { + + echo $return; + } + } + + public function list_users() { + + $sql = "SELECT * FROM `users`"; + $bind = ""; + $bind_variables = array( $this->username, $this->password, $this->access, null ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select users." ) ); + + return( $return ); + } + ////////////////////////////////////////////////////////////////// // Authenticate ////////////////////////////////////////////////////////////////// @@ -82,27 +124,35 @@ class User { } $pass = false; - $this->EncryptPassword(); - $users = getJSON('users.php'); - foreach( $users as $user ) { + $sql = "SELECT * FROM `users` WHERE `username`=? AND `password`=PASSWORD( ? );"; + $bind = "ss"; + $bind_variables = array( $this->username, $this->password ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching user information." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { - if( $user['username'] == $this->username && $user['password'] == $this->password ) { + $pass = true; + $token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) ); + $_SESSION['id'] = SESSION_ID; + $_SESSION['user'] = $this->username; + $_SESSION['token'] = $token; + $_SESSION['lang'] = $this->lang; + $_SESSION['theme'] = $this->theme; + $_SESSION["login_session"] = true; + $user = mysqli_fetch_assoc( $return ); + + $sql = "UPDATE `users` SET `token`=PASSWORD( ? ) WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $token, $this->username ); + sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( $user['project'] != '' ) { - $pass = true; - $_SESSION['id'] = SESSION_ID; - $_SESSION['user'] = $this->username; - $_SESSION['lang'] = $this->lang; - $_SESSION['theme'] = $this->theme; - $_SESSION["login_session"] = true; - - if($user['project']!='') { - - $_SESSION['project'] = $user['project']; - } - - $this->checkDuplicateSessions( $this->username ); + $_SESSION['project'] = $user['project']; } + + $this->checkDuplicateSessions( $this->username ); } if( $pass ) { @@ -160,133 +210,6 @@ class User { session_start(); } - ////////////////////////////////////////////////////////////////// - // Create Account - ////////////////////////////////////////////////////////////////// - - public function Create() { - - $this->EncryptPassword(); - $pass = $this->checkDuplicate(); - if( $pass ) { - - $this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" ); - saveJSON( 'users.php', $this->users ); - echo formatJSEND( "success", array( "username" => $this->username ) ); - } else { - - echo formatJSEND( "error", "The Username is Already Taken" ); - } - } - - ////////////////////////////////////////////////////////////////// - // Delete Account - ////////////////////////////////////////////////////////////////// - - public function Delete() { - - // Remove User - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $data['username'] != $this->username ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - - // Remove any active files - foreach( $this->actives as $active => $data ) { - - if( $this->username == $data['username'] ) { - - unset( $this->actives[$active] ); - } - } - saveJSON( 'active.php', $this->actives ); - - // Remove access control list (if exists) - if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { - - unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); - } - - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Change Password - ////////////////////////////////////////////////////////////////// - - public function Password() { - - $this->EncryptPassword(); - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $data['username'] == $this->username ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] ); - } else { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - - public function Project_Access() { - - // Access set to all projects - if( $this->projects == 0 ) { - - // Access set to restricted list - if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { - - unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' ); - } - } else { - - // Save array back to JSON - saveJSON( $this->username . '_acl.php', $this->projects ); - } - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Set Current Project - ////////////////////////////////////////////////////////////////// - - public function Project() { - - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $this->username == $data['username'] ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project ); - } else { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - // Response - echo formatJSEND( "success", null ); - } - ////////////////////////////////////////////////////////////////// // Check Duplicate ////////////////////////////////////////////////////////////////// @@ -304,6 +227,154 @@ class User { return $pass; } + ////////////////////////////////////////////////////////////////// + // Clean username + ////////////////////////////////////////////////////////////////// + + public static function CleanUsername( $username ) { + + return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ); + } + + ////////////////////////////////////////////////////////////////// + // Create Account + ////////////////////////////////////////////////////////////////// + + public function Create() { + + $this->EncryptPassword(); + $this->add_user(); + } + + ////////////////////////////////////////////////////////////////// + // Delete Account + ////////////////////////////////////////////////////////////////// + + public function Delete() { + + $sql = "DELETE FROM `users` WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->username, $this->password ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", null ); + } else { + + echo $return; + } + } + + ////////////////////////////////////////////////////////////////// + // Encrypt Password + ////////////////////////////////////////////////////////////////// + + private function EncryptPassword() { + + $this->password = sha1( md5( $this->password ) ); + } + + ////////////////////////////////////////////////////////////////// + // Change Password + ////////////////////////////////////////////////////////////////// + + public function Password() { + + $this->EncryptPassword(); + $sql = "UPDATE `users` SET `password`=PASSWORD( ? ) WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->password, $this->username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + } else { + + echo formatJSEND( "success", null ); + } + } + + ////////////////////////////////////////////////////////////////// + // Set Current Project + ////////////////////////////////////////////////////////////////// + + public function Project() { + + $sql = "UPDATE `users` SET `project`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->project, $this->username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", null ); + } else { + + echo( $return ); + } + } + + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + + public function search_users( $username, $return = "return" ) { + + $sql = "SELECT `username` FROM `users` WHERE `username` LIKE ?;"; + $bind = "s"; + $bind_variables = array( "%{$username}%" ); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error selecting user information." ) ); + $user_list = array(); + + foreach( $result as $row ) { + + array_push( $user_list, $row["username"] ); + } + + if( mysqli_num_rows( $result ) > 0 ) { + + switch( $return ) { + + case( "exit" ): + + exit( formatJSEND( "success", $user_list ) ); + break; + + case( "json" ): + + $return = json_encode( $user_list ); + break; + + case( "return" ): + + $return = $user_list; + break; + } + } else { + + switch( $return ) { + + case( "exit" ): + + exit( formatJSEND( "error", "Error selecting user information." ) ); + break; + + case( "json" ): + + $return = formatJSEND( "error", "Error selecting user information." ); + break; + + case( "return" ): + + $return = null; + break; + } + } + + return( $return ); + } + ////////////////////////////////////////////////////////////////// // Verify Account Exists ////////////////////////////////////////////////////////////////// @@ -320,22 +391,4 @@ class User { } echo( $pass ); } - - ////////////////////////////////////////////////////////////////// - // Encrypt Password - ////////////////////////////////////////////////////////////////// - - private function EncryptPassword() { - - $this->password = sha1( md5( $this->password ) ); - } - - ////////////////////////////////////////////////////////////////// - // Clean username - ////////////////////////////////////////////////////////////////// - - public static function CleanUsername( $username ) { - - return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ); - } } diff --git a/components/user/controller.php b/components/user/controller.php index e9d6b16..9c214c9 100755 --- a/components/user/controller.php +++ b/components/user/controller.php @@ -54,9 +54,8 @@ if ($_GET['action']=='authenticate') { ////////////////////////////////////////////////////////////////// if ($_GET['action']=='logout') { - session_unset(); - session_destroy(); - session_start(); + + logout(); } ////////////////////////////////////////////////////////////////// @@ -90,27 +89,6 @@ if ($_GET['action']=='delete') { } } - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='project_access') { - if (checkAccess()) { - if (!isset($_GET['username'])) { - die(formatJSEND("error", "Missing username")); - } - $User->username = $_GET['username']; - - //No project selected - if (isset($_POST['projects'])) { - $User->projects = $_POST['projects']; - } else { - $User->projects = array(); - } - $User->Project_Access(); - } -} - ////////////////////////////////////////////////////////////////// // Change Password ////////////////////////////////////////////////////////////////// @@ -141,11 +119,26 @@ if ($_GET['action']=='project') { $User->Project(); } + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + +if ( $_GET['action'] == 'search_users' ) { + + if ( ! isset( $_GET['search_term'] ) ) { + + die( formatJSEND( "error", "Missing search term" ) ); + } + $User->search_users( $_GET['search_term'], "exit" ); +} + ////////////////////////////////////////////////////////////////// // Verify User Account ////////////////////////////////////////////////////////////////// if ($_GET['action']=='verify') { + $User->username = $_SESSION['user']; - $User->Verify(); + //$User->Verify(); + checkSession(); } diff --git a/components/user/dialog.php b/components/user/dialog.php index e1fcd48..f4a51eb 100755 --- a/components/user/dialog.php +++ b/components/user/dialog.php @@ -5,9 +5,9 @@ * as-is and without warranty under the MIT License. See * [root]/license.txt for more. This information must remain intact. */ - - require_once('../../common.php'); - + require_once('../../common.php'); + require_once('./class.user.php'); + $User = new User(); ////////////////////////////////////////////////////////////////// // Verify Session or Key ////////////////////////////////////////////////////////////////// @@ -23,7 +23,7 @@ case 'list': $projects_assigned = false; - if(!checkAccess()){ + if( ! checkAccess() ){ ?>
@@ -44,13 +44,12 @@ $data){ + $users = $User->list_users(); + foreach( $users as $user => $data ){ ?> - @@ -96,45 +95,6 @@ - - - - -
> - - $data){ - $sel = ''; - if($projects_assigned && in_array($data['path'],$projects_assigned)){ $sel = 'checked="checked"'; } - echo(''); - } - ?> -
'.$data['name'].'
-
- - -

"> - + "> - +