From 574eb29b8e79f34bf42f40c4a1c2ffea1190a05a Mon Sep 17 00:00:00 2001 From: xevidos Date: Sat, 10 Nov 2018 00:41:28 -0500 Subject: [PATCH] SQL errors now return as formatted json errors, added sql result error check, removed admin requirement from project management, removed old access system dialog, added get user and get users functions, added common functions to global functions, testing change that will hopefully fix the inability to rename or delete strangely named files, refactored project init.js --- .gitignore | 1 + .gitlab-ci.yml | 24 + common.php | 132 +++- components/active/init.js | 6 + components/autosave/init.js | 37 +- components/filemanager/class.filemanager.php | 14 +- components/project/class.project.php | 160 +++-- components/project/controller.php | 216 +++--- components/project/dialog.php | 250 +++++-- components/project/init.js | 672 ++++++++++++------- components/sql/class.sql.php | 14 +- components/update/convert.php | 16 +- components/user/class.user.php | 379 ++++++----- components/user/controller.php | 43 +- components/user/dialog.php | 52 +- components/user/init.js | 18 +- index.php | 4 +- 17 files changed, 1290 insertions(+), 748 deletions(-) create mode 100644 .gitignore create mode 100755 .gitlab-ci.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0270670 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.scannerwork \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100755 index 0000000..d6a386c --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,24 @@ +stages: + - build + - test + - deploy + +build: + stage: build + script: + - echo "Building the app this does nothing." + +test: + stage: test + script: + - echo "Testing the app." + - /home/xevidos/scripts/sonar-codiad.sh + only: + - development + +deploy_staging: + stage: deploy + script: + - echo "Deploy to staging server this does nothing." + only: + - master diff --git a/common.php b/common.php index f148ef4..4205de7 100755 --- a/common.php +++ b/common.php @@ -99,21 +99,7 @@ class Common { // New Methods ////////////////////////////////////////////////////////////////// - public static function return( $output, $action = "return" ) { - - switch( $action ) { - - case( "exit" ): - - exit( $output ); - break; - - case( "return" ): - - return( $output ); - break; - } - } + ////////////////////////////////////////////////////////////////// // Check access to application @@ -121,11 +107,11 @@ class Common { public static function check_access( $action = "return" ) { - if( ! self::check_session() ) { + /*if( ! self::check_session() ) { session_destroy(); self::return( formatJSEND( "error", "Error fetching project information." ), "exit" ); - } + }*/ } ////////////////////////////////////////////////////////////////// @@ -165,19 +151,73 @@ class Common { self::return( $return, $action ); } - ////////////////////////////////////////////////////////////////// - // Check Session / Key - ////////////////////////////////////////////////////////////////// - - public static function check_session( $action = "return" ) { + public static function get_users( $return = "return" ) { + $sql = "SELECT `username` FROM `users`;"; + $bind = ""; + $bind_variables = array(); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking users." ) ); + $user_list = array(); - if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) { + foreach( $result as $row ) { - //exit('{"status":"error","message":"Authentication Error"}'); - exit( '{"status":"error","message":"Authentication Error"}' ); + array_push( $user_list, $row["username"] ); } + + if( mysqli_num_rows( $result ) > 0 ) { + + switch( $return ) { + + case( "json" ): + + $return = json_encode( $user_list ); + break; + + case( "return" ): + + $return = $user_list; + break; + } + } else { + + $return = formatJSEND( "error", "Error selecting user information." ); + } + return( $return ); + } + + public static function is_admin() { + + $sql = "SELECT * FROM `users` WHERE `username`=? AND `access`=?;"; + $bind = "ss"; + $bind_variables = array( $_SESSION["user"], "admin" ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking user acess." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + return( true ); + } else { + + return( false ); + } + } + + public static function logout() { + + $sql = "UPDATE `users` SET `token`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( null, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + try { + + $json = json_decode( $return, true ); + echo( $return ); + } catch( exception $e ) {} + + session_unset(); + session_destroy(); + session_start(); } ////////////////////////////////////////////////////////////////// @@ -220,6 +260,22 @@ class Common { } } + public static function return( $output, $action = "return" ) { + + switch( $action ) { + + case( "exit" ): + + exit( $output ); + break; + + case( "return" ): + + return( $output ); + break; + } + } + ////////////////////////////////////////////////////////////////// // Old Methods ////////////////////////////////////////////////////////////////// @@ -333,17 +389,20 @@ class Common { public static function checkSession() { - // Set any API keys - $api_keys = array(); - // Check API Key or Session Authentication - $key = ""; - if( isset( $_GET['key'] ) ) { + $pass = false; + $sql = "SELECT * FROM `users` WHERE `username`=? AND `token`=PASSWORD( ? );"; + $bind = "ss"; + $bind_variables = array( $_SESSION["user"], $_SESSION["token"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking access." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { - $key = $_GET['key']; + $pass = true; } - if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) { + + if( ! $pass ) { - //exit('{"status":"error","message":"Authentication Error"}'); + logout(); exit( '{"status":"error","message":"Authentication Error"}' ); } } @@ -353,7 +412,7 @@ class Common { // Get JSON ////////////////////////////////////////////////////////////////// - public static function getJSON( $file, $namespace="" ) { + public static function getJSON( $file, $namespace = "" ) { $path = DATA . "/"; if( $namespace != "" ) { @@ -431,7 +490,7 @@ class Common { public static function checkAccess() { - return !file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' ); + return self::is_admin(); } ////////////////////////////////////////////////////////////////// @@ -509,6 +568,7 @@ class Common { // Wrapper for old method names ////////////////////////////////////////////////////////////////// +function is_admin() { Common::is_admin(); } function debug($message) { Common::debug($message); } function i18n($key, $args = array()) { echo Common::i18n($key, $args); } function get_i18n($key, $args = array()) { return Common::get_i18n($key, $args); } @@ -519,4 +579,6 @@ function formatJSEND($status,$data=false){ return Common::formatJSEND($status,$d function checkAccess() { return Common::checkAccess(); } function checkPath($path) { return Common::checkPath($path); } function isAvailable($func) { return Common::isAvailable($func); } +function logout() { return Common::logout(); } +function get_users() { return Common::get_users(); } ?> diff --git a/components/active/init.js b/components/active/init.js index 0455852..7e725ab 100755 --- a/components/active/init.js +++ b/components/active/init.js @@ -49,6 +49,12 @@ }, open: function(path, content, mtime, inBackground, focus) { + + //if( this. ) { + + + //} + if (focus === undefined) { focus = true; } diff --git a/components/autosave/init.js b/components/autosave/init.js index 40991dd..c0b6ef8 100755 --- a/components/autosave/init.js +++ b/components/autosave/init.js @@ -13,9 +13,9 @@ curpath = path.split('/').slice(0, -1).join('/')+'/'; // Instantiates plugin - $(function() { + $( function() { - amplify.subscribe('settings.changed', async function() { + amplify.subscribe( 'settings.changed', function() { codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' ); codiad.auto_save.reload_interval(); @@ -25,7 +25,7 @@ }); codiad.auto_save = { - + // Allows relative `this.path` linkage auto_save_trigger: null, invalid_states: [ "", " ", null, undefined ], @@ -37,7 +37,7 @@ }, verbose: false, - init: async function() { + init: function() { codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' ); @@ -48,31 +48,33 @@ window.clearInterval( this.auto_save_trigger ); if( codiad.auto_save.verbose ) { + console.log( 'Auto save disabled' ); } return; } - $(window).focus(function() { + $( window ).focus( function() { - //Turn auto save off if the user leaves the tab. - codiad.auto_save.settings.toggle = false; + //Turn auto save on if the user comes back the tab. + codiad.auto_save.settings.toggle = true; if( codiad.auto_save.verbose ) { + console.log( 'Auto save resumed' ); } }); - $(window).blur(function() { + $( window ).blur( function() { //Turn auto save off if the user leaves the tab. codiad.auto_save.settings.toggle = false; if( codiad.auto_save.verbose ) { + console.log( 'Auto save paused' ); } }); console.log( 'Auto save Enabled' ); - //let editor = document.getElementsByClassName( 'ace_content' )[0]; this.auto_save_trigger = setInterval( this.auto_save, 256 ); }, @@ -103,15 +105,22 @@ let content = codiad.editor.getContent(); codiad.active.save; - codiad.filemanager.saveFile(path, content, localStorage.removeItem(path), false); + codiad.filemanager.saveFile( path, content, localStorage.removeItem( path ), false ); var session = codiad.active.sessions[path]; if( typeof session != 'undefined' ) { + session.untainted = content; session.serverMTime = session.serverMTime; - if (session.listThumb) session.listThumb.removeClass('changed'); - if (session.tabThumb) session.tabThumb.removeClass('changed'); + if ( session.listThumb ) { + + session.listThumb.removeClass('changed'); + } + + if ( session.tabThumb ) { + + session.tabThumb.removeClass('changed'); + } } - this.saving = false; }, @@ -129,4 +138,4 @@ } } }; -})(this, jQuery); \ No newline at end of file +})( this, jQuery ); \ No newline at end of file diff --git a/components/filemanager/class.filemanager.php b/components/filemanager/class.filemanager.php index f589e35..aca0d68 100755 --- a/components/filemanager/class.filemanager.php +++ b/components/filemanager/class.filemanager.php @@ -424,19 +424,19 @@ class Filemanager extends Common { $files = array_diff( scandir( $path ), array( '.', '..' ) ); foreach ( $files as $file ) { - if ( is_link( "$path/$file" ) ) { + if ( is_link( $path . "/" . $file ) ) { if ( $follow ) { - rrmdir("$path/$file", $follow, false); + rrmdir( $path . "/" . $file, $follow, false); } - unlink( "$path/$file" ); - } elseif ( is_dir( "$path/$file" ) ) { + unlink( $path . "/" . $file ); + } elseif ( is_dir( $path . "/" . $file ) ) { - rrmdir( "$path/$file", $follow, false ); + rrmdir( $path . "/" . $file, $follow, false ); } else { - unlink( "$path/$file" ); + unlink( $path . "/" . $file ); } } if( $keep_parent === false ) { @@ -501,7 +501,7 @@ class Filemanager extends Common { } else { // Change content - if ($this->content || $this->patch) { + if ( $this->content || $this->patch ) { if ( $this->content == ' ' ) { diff --git a/components/project/class.project.php b/components/project/class.project.php index d2049e2..e97cdfb 100755 --- a/components/project/class.project.php +++ b/components/project/class.project.php @@ -22,6 +22,7 @@ class Project extends Common { public $no_return = false; public $assigned = false; public $command_exec = ''; + public $public_project = false; ////////////////////////////////////////////////////////////////// // METHODS @@ -44,12 +45,12 @@ class Project extends Common { public function add_project( $project_name, $project_path, $owner = null ) { - if( $owner == null ) { - - $owner = $_SESSION["user"]; - } else { + if( $this->public_project ) { $owner = 'nobody'; + } else { + + $owner = $_SESSION["user"]; } $sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );"; @@ -60,30 +61,103 @@ class Project extends Common { return( $return ); } - public function delete_project( $project_name, $project_path, $owner = null ) { + public function check_owner( $path = null, $exclude_public = false ) { - if( $owner == null ) { + if( $path === null ) { - $owner = $_SESSION["user"]; + $path = $this->path; + } + $sql = "SELECT `owner` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + $return = false; + + if( mysqli_num_rows( $result ) > 0 ) { + + $owner = mysqli_fetch_assoc( $result )["owner"]; + if( $exclude_public ) { + + if( $owner == $_SESSION["user"] ) { + + $return = true; + } + } else { + + if( $owner == $_SESSION["user"] || $owner == 'nobody' ) { + + $return = true; + } + } + } + return( $return ); + } + + public function get_access( $path = null ) { + + if( $path === null ) { + + $path = $this->path; + } + $sql = "SELECT `access` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_assoc( $return )["access"]; } else { - $owner = 'nobody'; + $return = formatJSEND( "error", "Error fetching project info." ); } - $owner = $_SESSION["user"]; - $sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );"; - $bind = "sss"; - $bind_variables = array( $project_name, $project_path, $owner ); - $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) ); + return( $return ); + } + + public function get_owner( $path = null ) { - try { + if( $path === null ) { - $json = json_decode( $return, true ); - exit( $return ); - } catch( exception $e ) { - - exit( formatJSEND( "success", "Successfully deleted project $project_name." ) ); + $path = $this->path; } + $sql = "SELECT `owner` FROM `projects` WHERE `path`=?"; + $bind = "s"; + $bind_variables = array( $path ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_assoc( $return )["owner"]; + } else { + + $return = formatJSEND( "error", "Error fetching project info." ); + } + + return( $return ); + } + + public function get_project( $project = null ) { + + if( $project === null ) { + + $project = $this->path; + } + + $sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' ) ORDER BY `name`;"; + $bind = "ss"; + $bind_variables = array( $project, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + + $return = mysqli_fetch_all( $return, MYSQLI_ASSOC )[0]; + } else { + + $return = formatJSEND( "error", "Error fetching projects." ); + } + + return( $return ); } public function get_projects() { @@ -169,18 +243,20 @@ class Project extends Common { public function Open() { - $pass = false; - foreach ( $this->projects as $project => $data ) { - - if ( $data['path'] == $this->path ) { - - $pass = true; - $this->name = $data['name']; - $_SESSION['project'] = $data['path']; - } - } - if ( $pass ) { + $sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { + $return = mysqli_fetch_assoc( $return ); + $sql = "UPDATE `users` SET `project`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) ); + $this->name = $return['name']; + $_SESSION['project'] = $return['path']; echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) ); } else { @@ -204,6 +280,11 @@ class Project extends Common { } if ( $this->path != '' ) { + if( ! $this->public_project ) { + + $this->path = $_SESSION["user"] . '/' . $this->path; + } + $pass = $this->checkDuplicate(); if ( $pass ) { @@ -312,16 +393,17 @@ class Project extends Common { public function Delete() { - $revised_array = array(); - foreach ( $this->projects as $project => $data ) { + $sql = "DELETE FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );"; + $bind = "ss"; + $bind_variables = array( $this->path, $_SESSION["user"] ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) ); + + if( sql::check_sql_error( $return ) ) { - if ( $data['path'] != $this->path ) { - - $revised_array[] = array( "name" => $data['name'], "path" => $data['path'] ); - } else { - - $this->delete_project( $data['name'], $data['path'] ); - } + echo( formatJSEND( "success", "Successfully deleted $project_name." ) ); + } else { + + echo $return; } } diff --git a/components/project/controller.php b/components/project/controller.php index 0ae0f32..491f043 100755 --- a/components/project/controller.php +++ b/components/project/controller.php @@ -18,97 +18,149 @@ checkSession(); $Project = new Project(); -////////////////////////////////////////////////////////////////// -// Get Current Project -////////////////////////////////////////////////////////////////// - -$no_return = false; -if (isset($_GET['no_return'])) { -$no_return = true; -} - -if ($_GET['action']=='get_current') { - -if ( ! isset($_SESSION['project'])) { -// Load default/first project -if ($no_return) { -$Project->no_return = true; -} -$Project->GetFirst(); -} else { -// Load current -$Project->path = $_SESSION['project']; -$project_name = $Project->GetName(); -if (!$no_return) { -echo formatJSEND("success", array("name"=>$project_name,"path"=>$_SESSION['project'])); -} -} -} - -////////////////////////////////////////////////////////////////// -// Open Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='open') { -if (!checkPath($_GET['path'])) { -die(formatJSEND("error", "No Access to path " . $_GET['path'])); -} -$Project->path = $_GET['path']; -$Project->Open(); -} - ////////////////////////////////////////////////////////////////// // Create Project ////////////////////////////////////////////////////////////////// -if ($_GET['action']=='create') { -if (checkAccess()) { -$Project->name = $_GET['project_name']; -if ($_GET['project_path'] != '') { -$Project->path = $_GET['project_path']; -} else { -$Project->path = $_GET['project_name']; -} -// Git Clone? -if (!empty($_GET['git_repo'])) { -$Project->gitrepo = $_GET['git_repo']; -$Project->gitbranch = $_GET['git_branch']; -} -$Project->Create(); -} -} - -////////////////////////////////////////////////////////////////// -// Rename Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='rename') { -if (!checkPath($_GET['project_path'])) { -die(formatJSEND("error", "No Access")); -} -$Project->path = $_GET['project_path']; -$Project->Rename(); -} - -////////////////////////////////////////////////////////////////// -// Delete Project -////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='delete') { -if (checkAccess()) { -$Project->path = $_GET['project_path']; -$Project->Delete(); -} +if( $_GET['action'] == 'create' ) { + + $Project->name = $_GET['project_name']; + + if( $_GET['public_project'] == 'true' ) { + + $Project->public_project = true; + } + + if( $_GET['project_path'] != '' ) { + + $Project->path = $_GET['project_path']; + } else { + + $Project->path = $_GET['project_name']; + } + // Git Clone? + if( ! empty( $_GET['git_repo'] ) ) { + + $Project->gitrepo = $_GET['git_repo']; + $Project->gitbranch = $_GET['git_branch']; + } + $Project->Create(); } ////////////////////////////////////////////////////////////////// // Return Current ////////////////////////////////////////////////////////////////// -if ($_GET['action']=='current') { -if (isset($_SESSION['project'])) { -echo formatJSEND("success", $_SESSION['project']); -} else { -echo formatJSEND("error", "No Project Returned"); +if( $_GET['action'] == 'current' ) { + + if( isset( $_SESSION['project'] ) ) { + + echo formatJSEND( "success", $_SESSION['project'] ); + } else { + + echo formatJSEND( "error", "No Project Returned" ); + } } + +////////////////////////////////////////////////////////////////// +// Delete Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'delete' ) { + + if( checkPath( $_GET['project_path'] ) ) { + + $Project->path = $_GET['project_path']; + $Project->Delete(); + } } + +////////////////////////////////////////////////////////////////// +// Get Project Access +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'get_access' ) { + + $Project->path = $_GET['project_path']; + $access = $Project->get_access( $_GET['project_path'] ); + echo formatJSEND( "success", $access ); +} + +////////////////////////////////////////////////////////////////// +// Get Current Project +////////////////////////////////////////////////////////////////// + +$no_return = false; +if( isset( $_GET['no_return'] ) ) { + + $no_return = true; +} + +if( $_GET['action'] == 'get_current' ) { + + if( ! isset( $_SESSION['project'] ) ) { + + // Load default/first project + if( $no_return ) { + + $Project->no_return = true; + } + $Project->GetFirst(); + } else { + + // Load current + $Project->path = $_SESSION['project']; + $project_name = $Project->GetName(); + if( ! $no_return ) { + + echo formatJSEND( "success", array( "name" => $project_name, "path" => $_SESSION['project'] ) ); + } + } +} + +////////////////////////////////////////////////////////////////// +// Check Project Owner +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'get_owner' ) { + + $Project->path = $_GET['project_path']; + $owner = $Project->get_owner(); + try { + + $return = json_decode( $owner ); + exit( formatJSEND( "error", null ) ); + } catch( exception $e ) { + + exit( formatJSEND( "success", array( "owner" => $owner ) ) ); + } +} + +////////////////////////////////////////////////////////////////// +// Open Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'open' ) { + + if( ! checkPath( $_GET['path'] ) ) { + + die( formatJSEND( "error", "No Access to path " . $_GET['path'] ) ); + } + $Project->path = $_GET['path']; + $Project->Open(); +} + +////////////////////////////////////////////////////////////////// +// Rename Project +////////////////////////////////////////////////////////////////// + +if( $_GET['action'] == 'rename' ) { + + if( ! checkPath( $_GET['project_path'] ) ) { + + die( formatJSEND( "error", "No Access" ) ); + } + $Project->path = $_GET['project_path']; + $Project->Rename(); +} + diff --git a/components/project/dialog.php b/components/project/dialog.php index f95ab15..1b019c1 100755 --- a/components/project/dialog.php +++ b/components/project/dialog.php @@ -65,7 +65,8 @@ switch( $_GET['action'] ) { - + +
@@ -86,19 +87,35 @@ switch( $_GET['action'] ) { get_owner( $data['path'] ); + if( $owner == 'nobody' ) { - if( $_SESSION['project'] == $data['path'] ) { - - ?> - - - - + + + + + + + + + + + @@ -109,8 +126,8 @@ switch( $_GET['action'] ) {
- - + + +
+ + + + + + +

Note: Everyone will have full access to public projects.

+ +
+ + + + + + + + + +
+ + +   + + +
+
+ + + + + +
+ -
- - - - - - -
- - - - - - - - - -
- - -   - - -
-
- - - - - - check_owner( $_GET["path"], true ) ) { + ?> + 
Error, you either do not own this project or it is a public project.
+ get_project( $path ); + $access = json_decode( $project["access"], true ); + $users = get_users(); + ?> + + + + + + + +

No users have been given access.

+ + + + + + + + +
+

+ 		+ +
+ +   + + - - - - -   - - + + + + +   + + - - - - 
 ,
- - - -
- - + + + + 
 ,
+ + + + + + + + + +
+
+ + diff --git a/components/project/init.js b/components/project/init.js index 3714fdb..b249633 100755 --- a/components/project/init.js +++ b/components/project/init.js @@ -1,259 +1,417 @@ /* - * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed - * as-is and without warranty under the MIT License. See - * [root]/license.txt for more. This information must remain intact. - */ +* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed +* as-is and without warranty under the MIT License. See +* [root]/license.txt for more. This information must remain intact. +*/ -(function(global, $){ - - var codiad = global.codiad; - - $(function() { - codiad.project.init(); - }); - - codiad.project = { - - controller: 'components/project/controller.php', - dialog: 'components/project/dialog.php', - - init: function() { - this.loadCurrent(); - this.loadSide(); - - var _this = this; - - $('#projects-create').click(function(){ - codiad.project.create('true'); - }); - - $('#projects-manage').click(function(){ - codiad.project.list(); - }); - - $('#projects-collapse').click(function(){ - if (!_this._sideExpanded) { - _this.projectsExpand(); - } else { - _this.projectsCollapse(); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Get Current Project - ////////////////////////////////////////////////////////////////// - - loadCurrent: function() { - $.get(this.controller + '?action=get_current', function(data) { - var projectInfo = codiad.jsend.parse(data); - if (projectInfo != 'error') { - $('#file-manager') - .html('') - .append(''); - codiad.filemanager.index(projectInfo.path); - codiad.user.project(projectInfo.path); - codiad.message.success(i18n('Project %{projectName}% Loaded', {projectName:projectInfo.name})); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Open Project - ////////////////////////////////////////////////////////////////// - - open: function(path) { - var _this = this; - codiad.finder.contractFinder(); - $.get(this.controller + '?action=open&path=' + encodeURIComponent(path), function(data) { - var projectInfo = codiad.jsend.parse(data); - if (projectInfo != 'error') { - _this.loadCurrent(); - codiad.modal.unload(); - codiad.user.project(path); - localStorage.removeItem("lastSearched"); - /* Notify listeners. */ - amplify.publish('project.onOpen', path); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Open the project manager dialog - ////////////////////////////////////////////////////////////////// - - list: function() { - $('#modal-content form') - .die('submit'); // Prevent form bubbling - codiad.modal.load(500, this.dialog + '?action=list'); - }, - - ////////////////////////////////////////////////////////////////// - // Load and list projects in the sidebar. - ////////////////////////////////////////////////////////////////// - loadSide: async function() { - $( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) ); - this._sideExpanded = true; - }, - - projectsExpand: function() { - this._sideExpanded = true; - $('#side-projects').css('height', 276+'px'); - $('.project-list-title').css('right', 0); - $('.sb-left-content').css('bottom', 276+'px'); - $('#projects-collapse') - .removeClass('icon-up-dir') - .addClass('icon-down-dir'); - }, - - projectsCollapse: function() { - this._sideExpanded = false; - $('#side-projects').css('height', 33+'px'); - $('.project-list-title').css('right', 0); - $('.sb-left-content').css('bottom', 33+'px'); - $('#projects-collapse') - .removeClass('icon-down-dir') - .addClass('icon-up-dir'); - }, - - ////////////////////////////////////////////////////////////////// - // Create Project - ////////////////////////////////////////////////////////////////// - - create: function(close) { - var _this = this; - create = true; - codiad.modal.load(500, this.dialog + '?action=create&close=' + close); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectName = $('#modal-content form input[name="project_name"]') - .val(), - projectPath = $('#modal-content form input[name="project_path"]') - .val(), - gitRepo = $('#modal-content form input[name="git_repo"]') - .val(), - gitBranch = $('#modal-content form input[name="git_branch"]') - .val(); - if(projectPath.indexOf('/') == 0) { - create = confirm('Do you really want to create project with absolute path "' + projectPath + '"?'); - } - if(create) { - $.get(_this.controller + '?action=create&project_name=' + encodeURIComponent(projectName) + '&project_path=' + encodeURIComponent(projectPath) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch, function(data) { - createResponse = codiad.jsend.parse(data); - if (createResponse != 'error') { - _this.open(createResponse.path); - codiad.modal.unload(); - _this.loadSide(); - /* Notify listeners. */ - amplify.publish('project.onCreate', {"name": projectName, "path": projectPath, "git_repo": gitRepo, "git_branch": gitBranch}); - } - }); - } - }); - }, - - ////////////////////////////////////////////////////////////////// - // Rename Project - ////////////////////////////////////////////////////////////////// - - rename: function(path,name) { - var _this = this; - codiad.modal.load(500, this.dialog + '?action=rename&path=' + encodeURIComponent(path) + '&name='+name); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectPath = $('#modal-content form input[name="project_path"]') - .val(); - var projectName = $('#modal-content form input[name="project_name"]') - .val(); - $.get(_this.controller + '?action=rename&project_path=' + encodeURIComponent(projectPath) + '&project_name=' + encodeURIComponent(projectName), function(data) { - renameResponse = codiad.jsend.parse(data); - if (renameResponse != 'error') { - codiad.message.success(i18n('Project renamed')); - _this.loadSide(); - $('#file-manager a[data-type="root"]').html(projectName); - codiad.modal.unload(); - /* Notify listeners. */ - amplify.publish('project.onRename', {"path": projectPath, "name": projectName}); - } - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Delete Project - ////////////////////////////////////////////////////////////////// - - delete: function(name, path) { - var _this = this; - codiad.modal.load(500, this.dialog + '?action=delete&name=' + encodeURIComponent(name) + '&path=' + encodeURIComponent(path)); - $('#modal-content form') - .live('submit', function(e) { - e.preventDefault(); - var projectPath = $('#modal-content form input[name="project_path"]') - .val(); - var deletefiles = $('input:checkbox[name="delete"]:checked').val(); - var followlinks = $('input:checkbox[name="follow"]:checked').val(); - var action = '?action=delete'; - if( typeof deletefiles !== 'undefined' ) { - if( typeof followlinks !== 'undefined' ) { - action += '&follow=true&path=' + encodeURIComponent(projectPath); - } else { - action += '&path=' + encodeURIComponent(projectPath); - } - } - $.get(codiad.filemanager.controller + action, function(d) { - $.get(_this.controller + '?action=delete&project_path=' + encodeURIComponent(projectPath), function(data) { - deleteResponse = codiad.jsend.parse(data); - if (deleteResponse != 'error') { - codiad.message.success(i18n('Project Deleted')); - _this.list(); - _this.loadSide(); - // Remove any active files that may be open - $('#active-files a') - .each(function() { - var curPath = $(this) - .attr('data-path'); - if (curPath.indexOf(projectPath) == 0) { - codiad.active.remove(curPath); - } - }); - /* Notify listeners. */ - amplify.publish('project.onDelete', {"path": projectPath, "name": name}); - } - }); - }); - }); - }, - - ////////////////////////////////////////////////////////////////// - // Check Absolute Path - ////////////////////////////////////////////////////////////////// - - isAbsPath: function(path) { - if ( path.indexOf("/") == 0 ) { - return true; - } else { - return false; - } - }, - - ////////////////////////////////////////////////////////////////// - // Get Current (Path) - ////////////////////////////////////////////////////////////////// - - getCurrent: function() { - var _this = this; - var currentResponse = null; - $.ajax({ - url: _this.controller + '?action=current', - async: false, - success: function(data) { - currentResponse = codiad.jsend.parse(data); - } - }); - return currentResponse; - } - }; -})(this, jQuery); +( function( global, $ ) { + + var codiad = global.codiad; + + $( function() { + + codiad.project.init(); + }); + + codiad.project = { + + controller: 'components/project/controller.php', + dialog: 'components/project/dialog.php', + + init: function() { + + this.loadCurrent(); + this.loadSide(); + + var _this = this; + + $( '#projects-create' ).click( function() { + + codiad.project.create('true'); + }); + + $( '#projects-manage' ).click( function() { + + codiad.project.list(); + }); + + $('#projects-collapse').click( function() { + + if ( ! _this._sideExpanded ) { + + _this.projectsExpand(); + } else { + + _this.projectsCollapse(); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Add user access + ////////////////////////////////////////////////////////////////// + + add_user: function( user ) { + + var _this = this; + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + + ////////////////////////////////////////////////////////////////// + // Create Project + ////////////////////////////////////////////////////////////////// + + create: function( close ) { + + var _this = this; + create = true; + codiad.modal.load( 500, this.dialog + '?action=create&close=' + close ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + + e.preventDefault(); + var projectName = $( '#modal-content form input[name="project_name"]' ) + .val(), + projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(), + gitRepo = $( '#modal-content form input[name="git_repo"]' ) + .val(), + gitBranch = $( '#modal-content form input[name="git_branch"]' ) + .val(); + public_project = $( '#modal-content form select[name="public_project"]' ) + .val(); + if( projectPath.indexOf( '/' ) == 0 ) { + + create = confirm( 'Do you really want to create project with absolute path "' + projectPath + '"?' ); + } + if( create ) { + + $.get( _this.controller + '?action=create&project_name=' + encodeURIComponent( projectName ) + '&project_path=' + encodeURIComponent( projectPath ) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch + '&public_project=' + public_project, function( data ) { + + createResponse = codiad.jsend.parse( data ); + if ( createResponse != 'error' ) { + + _this.open( createResponse.path ); + codiad.modal.unload(); + _this.loadSide(); + /* Notify listeners. */ + amplify.publish( 'project.onCreate', {"name": projectName, "path": projectPath, "git_repo": gitRepo, "git_branch": gitBranch} ); + } + }); + } + }); + }, + + ////////////////////////////////////////////////////////////////// + // Delete Project + ////////////////////////////////////////////////////////////////// + + delete: function( name, path ) { + + var _this = this; + codiad.modal.load( 500, this.dialog + '?action=delete&name=' + encodeURIComponent( name ) + '&path=' + encodeURIComponent( path ) ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + + e.preventDefault(); + var projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(); + var deletefiles = $( 'input:checkbox[name="delete"]:checked' ).val(); + var followlinks = $( 'input:checkbox[name="follow"]:checked' ).val(); + var action = '?action=delete'; + if( typeof deletefiles !== 'undefined' ) { + + if( typeof followlinks !== 'undefined' ) { + + action += '&follow=true&path=' + encodeURIComponent( projectPath ); + } else { + + action += '&path=' + encodeURIComponent( projectPath ); + } + } + $.get(codiad.filemanager.controller + action, function( d ) { + + $.get(_this.controller + '?action=delete&project_path=' + encodeURIComponent( projectPath ), function( data ) { + + deleteResponse = codiad.jsend.parse( data ); + if ( deleteResponse != 'error' ) { + + codiad.message.success( i18n( 'Project Deleted' ) ); + _this.list(); + _this.loadSide(); + // Remove any active files that may be open + $( '#active-files a' ) + .each(function() { + + var curPath = $( this ) + .attr( 'data-path' ); + if ( curPath.indexOf( projectPath ) == 0 ) { + + codiad.active.remove( curPath ); + } + }); + /* Notify listeners. */ + amplify.publish( 'project.onDelete', {"path": projectPath, "name": name} ); + } + }); + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Get Access + ////////////////////////////////////////////////////////////////// + + get_access: function( path, generate_table = false ) { + + var _this = this; + $.get( _this.controller + '?action=get_access&project_path=' + encodeURIComponent( path ), function( data ) { + + return codiad.jsend.parse( data ); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Get Current (Path) + ////////////////////////////////////////////////////////////////// + + getCurrent: function() { + + var _this = this; + var currentResponse = null; + $.ajax({ + + url: _this.controller + '?action=current', + async: false, + success: function( data ) { + + currentResponse = codiad.jsend.parse( data ); + } + }); + return currentResponse; + }, + + ////////////////////////////////////////////////////////////////// + // Check Absolute Path + ////////////////////////////////////////////////////////////////// + + isAbsPath: function( path ) { + + if ( path.indexOf( "/" ) == 0 ) { + + return true; + } else { + + return false; + } + }, + + ////////////////////////////////////////////////////////////////// + // Open the project manager dialog + ////////////////////////////////////////////////////////////////// + + list: function() { + + $( '#modal-content form' ).die( 'submit' ); // Prevent form bubbling + codiad.modal.load( 500, this.dialog + '?action=list' ); + }, + + /** + * Turn the access array into a table. + */ + load_access: function() { + + var _this = this; + var access = _this.get_access(); + + //If the access is not null then build a table from the data. + if( access !== '' ) { + + access = JSON.parse( access ); + } + }, + + ////////////////////////////////////////////////////////////////// + // Get Current Project + ////////////////////////////////////////////////////////////////// + + loadCurrent: function() { + + $.get( this.controller + '?action=get_current', function( data ) { + + var projectInfo = codiad.jsend.parse( data ); + if ( projectInfo != 'error' ) { + + $( '#file-manager' ) + .html( '' ) + .append( '' ); + codiad.filemanager.index( projectInfo.path ); + codiad.user.project( projectInfo.path ); + codiad.message.success( i18n( 'Project %{projectName}% Loaded', {projectName:projectInfo.name} ) ); + } + }); + }, + + + ////////////////////////////////////////////////////////////////// + // Load and list projects in the sidebar. + ////////////////////////////////////////////////////////////////// + loadSide: async function() { + + $( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) ); + this._sideExpanded = true; + }, + + ////////////////////////////////////////////////////////////////// + // Manage access + ////////////////////////////////////////////////////////////////// + + manage_access: function( path ) { + + var _this = this; + + $( '#modal-content form' ) + .die( 'submit' ); // Prevent form bubbling + codiad.modal.load( 500, this.dialog + '?action=manage_access&path=' + path ); + }, + + ////////////////////////////////////////////////////////////////// + // Open Project + ////////////////////////////////////////////////////////////////// + + open: function( path ) { + + var _this = this; + codiad.finder.contractFinder(); + $.get( this.controller + '?action=open&path=' + encodeURIComponent( path ), function( data ) { + + var projectInfo = codiad.jsend.parse(data); + if ( projectInfo != 'error' ) { + + _this.loadCurrent(); + codiad.modal.unload(); + codiad.user.project( path ); + localStorage.removeItem( "lastSearched" ); + /* Notify listeners. */ + amplify.publish( 'project.onOpen', path ); + } + }); + }, + + projectsExpand: function() { + + this._sideExpanded = true; + $( '#side-projects' ).css( 'height', 276 + 'px' ); + $( '.project-list-title' ).css( 'right', 0 ); + $( '.sb-left-content' ).css( 'bottom', 276 + 'px' ); + $( '#projects-collapse' ) + .removeClass( 'icon-up-dir' ) + .addClass( 'icon-down-dir' ); + }, + + projectsCollapse: function() { + + this._sideExpanded = false; + $( '#side-projects' ).css( 'height', 33 + 'px' ); + $( '.project-list-title' ).css( 'right', 0 ); + $( '.sb-left-content' ).css( 'bottom', 33 + 'px' ); + $( '#projects-collapse' ) + .removeClass( 'icon-down-dir' ) + .addClass( 'icon-up-dir' ); + }, + + ////////////////////////////////////////////////////////////////// + // Remove User access + ////////////////////////////////////////////////////////////////// + + remove_user: function( user ) { + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Rename Project + ////////////////////////////////////////////////////////////////// + + rename: function( path, name ) { + + var _this = this; + codiad.modal.load( 500, this.dialog + '?action=rename&path=' + encodeURIComponent( path ) + '&name=' + name ); + $( '#modal-content form' ) + .live( 'submit', function( e ) { + e.preventDefault(); + var projectPath = $( '#modal-content form input[name="project_path"]' ) + .val(); + var projectName = $( '#modal-content form input[name="project_name"]' ) + .val(); + $.get( _this.controller + '?action=rename&project_path=' + encodeURIComponent( projectPath ) + '&project_name=' + encodeURIComponent( projectName ), function( data ) { + + renameResponse = codiad.jsend.parse( data ); + if ( renameResponse != 'error' ) { + + codiad.message.success( i18n( 'Project renamed' ) ); + _this.loadSide(); + $( '#file-manager a[data-type="root"]' ).html( projectName ); + codiad.modal.unload(); + /* Notify listeners. */ + amplify.publish( 'project.onRename', {"path": projectPath, "name": projectName} ); + } + }); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Save User access + ////////////////////////////////////////////////////////////////// + + save_access: function() { + + $( '#modal-content form' ).live( 'submit', function( e ) { + + e.preventDefault(); + }); + }, + + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + + search_users: function() { + + var _this = this; + var current_response = null; + var select_list = document.getElementById( 'user_list' ); + var search_box = document.getElementById( 'search_users' ); + var search_term = search_box.value; + $.ajax({ + + url: codiad.user.controller + '?action=search_users&search_term=' + search_term, + async: false, + success: function( data ) { + + current_response = codiad.jsend.parse( data ); + } + }); + + select_list.innerHTML = ``; + + if ( current_response != 'error' ) { + + for( let i = current_response.length; i--; ) { + + let optionElement = document.createElement( 'option' ); + optionElement.innerText = current_response[i]; + select_list.appendChild( optionElement ); + } + } + }, + }; +})( this, jQuery ); diff --git a/components/sql/class.sql.php b/components/sql/class.sql.php index fcdc457..422d46e 100755 --- a/components/sql/class.sql.php +++ b/components/sql/class.sql.php @@ -8,6 +8,18 @@ class sql { } + public static function check_sql_error( $sql ) { + + $return = false; + $result = json_decode( $sql ); + + if ( json_last_error() !== JSON_ERROR_NONE || $sql == NULL ) { + + $return = true; + } + return( $return ); + } + public static function connect() { $host = DBHOST; @@ -30,7 +42,7 @@ class sql { if( $connection->error ) { - $return = $connection->error; + $return = formatJSEND( "error", $connection->error ); } $connection->close(); diff --git a/components/update/convert.php b/components/update/convert.php index e033abc..a7309d0 100755 --- a/components/update/convert.php +++ b/components/update/convert.php @@ -7,6 +7,7 @@ error_reporting(E_ALL); require_once('../../common.php'); require_once('../settings/class.settings.php'); require_once('../project/class.project.php'); +require_once('../user/class.user.php'); checkSession(); if ( ! checkAccess() ) { echo "Error, you do not have access to update Codiad."; @@ -15,12 +16,13 @@ if ( ! checkAccess() ) { $user_settings_file = DATA . "/settings.php"; $projects_file = DATA . "/projects.php"; -$projects_file = DATA . "/users.php"; +$users_file = DATA . "/users.php"; $system_settings_file = null; $Settings = new Settings(); $Common = new Common(); $Project = new Project(); +$User = new User(); if( file_exists( $user_settings_file ) ) { @@ -44,4 +46,16 @@ if( file_exists( $projects_file ) ) { $Project->add_project( $data["name"], $data["path"], true ); } unlink( $projects_file ); +} + +if( file_exists( $users_file ) ) { + + $users = getJSON( 'users.php' ); + foreach( $users as $user ) { + + $User->username = $user["username"]; + $User->password = $user["password"]; + $User->add_user(); + } + unlink( $users_file ); } \ No newline at end of file diff --git a/components/user/class.user.php b/components/user/class.user.php index 8b9a484..e347003 100755 --- a/components/user/class.user.php +++ b/components/user/class.user.php @@ -12,6 +12,7 @@ class User { // PROPERTIES ////////////////////////////////////////////////////////////////// + public $access = 'user'; public $username = ''; public $password = ''; public $project = ''; @@ -33,10 +34,51 @@ class User { public function __construct() { - $this->users = getJSON( 'users.php' ); $this->actives = getJSON( 'active.php' ); } + public function add_user() { + + $sql = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, PASSWORD( ? ), ?, ? );"; + $bind = "ssss"; + $bind_variables = array( $this->username, $this->password, $this->access, null ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error that username is already taken." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", array( "username" => $this->username ) ); + } else { + + echo formatJSEND( "error", "The Username is Already Taken" ); + } + } + + public function get_user( $username ) { + + $sql = "SELECT * FROM `users` WHERE `username`=?"; + $bind = "s"; + $bind_variables = array( $username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select user." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", $return ); + } else { + + echo $return; + } + } + + public function list_users() { + + $sql = "SELECT * FROM `users`"; + $bind = ""; + $bind_variables = array( $this->username, $this->password, $this->access, null ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select users." ) ); + + return( $return ); + } + ////////////////////////////////////////////////////////////////// // Authenticate ////////////////////////////////////////////////////////////////// @@ -82,27 +124,35 @@ class User { } $pass = false; - $this->EncryptPassword(); - $users = getJSON('users.php'); - foreach( $users as $user ) { + $sql = "SELECT * FROM `users` WHERE `username`=? AND `password`=PASSWORD( ? );"; + $bind = "ss"; + $bind_variables = array( $this->username, $this->password ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching user information." ) ); + + if( mysqli_num_rows( $return ) > 0 ) { - if( $user['username'] == $this->username && $user['password'] == $this->password ) { + $pass = true; + $token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) ); + $_SESSION['id'] = SESSION_ID; + $_SESSION['user'] = $this->username; + $_SESSION['token'] = $token; + $_SESSION['lang'] = $this->lang; + $_SESSION['theme'] = $this->theme; + $_SESSION["login_session"] = true; + $user = mysqli_fetch_assoc( $return ); + + $sql = "UPDATE `users` SET `token`=PASSWORD( ? ) WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $token, $this->username ); + sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( $user['project'] != '' ) { - $pass = true; - $_SESSION['id'] = SESSION_ID; - $_SESSION['user'] = $this->username; - $_SESSION['lang'] = $this->lang; - $_SESSION['theme'] = $this->theme; - $_SESSION["login_session"] = true; - - if($user['project']!='') { - - $_SESSION['project'] = $user['project']; - } - - $this->checkDuplicateSessions( $this->username ); + $_SESSION['project'] = $user['project']; } + + $this->checkDuplicateSessions( $this->username ); } if( $pass ) { @@ -160,133 +210,6 @@ class User { session_start(); } - ////////////////////////////////////////////////////////////////// - // Create Account - ////////////////////////////////////////////////////////////////// - - public function Create() { - - $this->EncryptPassword(); - $pass = $this->checkDuplicate(); - if( $pass ) { - - $this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" ); - saveJSON( 'users.php', $this->users ); - echo formatJSEND( "success", array( "username" => $this->username ) ); - } else { - - echo formatJSEND( "error", "The Username is Already Taken" ); - } - } - - ////////////////////////////////////////////////////////////////// - // Delete Account - ////////////////////////////////////////////////////////////////// - - public function Delete() { - - // Remove User - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $data['username'] != $this->username ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - - // Remove any active files - foreach( $this->actives as $active => $data ) { - - if( $this->username == $data['username'] ) { - - unset( $this->actives[$active] ); - } - } - saveJSON( 'active.php', $this->actives ); - - // Remove access control list (if exists) - if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { - - unlink(BASE_PATH . "/data/" . $this->username . '_acl.php'); - } - - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Change Password - ////////////////////////////////////////////////////////////////// - - public function Password() { - - $this->EncryptPassword(); - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $data['username'] == $this->username ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] ); - } else { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - - public function Project_Access() { - - // Access set to all projects - if( $this->projects == 0 ) { - - // Access set to restricted list - if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) { - - unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' ); - } - } else { - - // Save array back to JSON - saveJSON( $this->username . '_acl.php', $this->projects ); - } - // Response - echo formatJSEND( "success", null ); - } - - ////////////////////////////////////////////////////////////////// - // Set Current Project - ////////////////////////////////////////////////////////////////// - - public function Project() { - - $revised_array = array(); - foreach( $this->users as $user => $data ) { - - if( $this->username == $data['username'] ) { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project ); - } else { - - $revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] ); - } - } - // Save array back to JSON - saveJSON( 'users.php', $revised_array ); - // Response - echo formatJSEND( "success", null ); - } - ////////////////////////////////////////////////////////////////// // Check Duplicate ////////////////////////////////////////////////////////////////// @@ -304,6 +227,154 @@ class User { return $pass; } + ////////////////////////////////////////////////////////////////// + // Clean username + ////////////////////////////////////////////////////////////////// + + public static function CleanUsername( $username ) { + + return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ); + } + + ////////////////////////////////////////////////////////////////// + // Create Account + ////////////////////////////////////////////////////////////////// + + public function Create() { + + $this->EncryptPassword(); + $this->add_user(); + } + + ////////////////////////////////////////////////////////////////// + // Delete Account + ////////////////////////////////////////////////////////////////// + + public function Delete() { + + $sql = "DELETE FROM `users` WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->username, $this->password ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", null ); + } else { + + echo $return; + } + } + + ////////////////////////////////////////////////////////////////// + // Encrypt Password + ////////////////////////////////////////////////////////////////// + + private function EncryptPassword() { + + $this->password = sha1( md5( $this->password ) ); + } + + ////////////////////////////////////////////////////////////////// + // Change Password + ////////////////////////////////////////////////////////////////// + + public function Password() { + + $this->EncryptPassword(); + $sql = "UPDATE `users` SET `password`=PASSWORD( ? ) WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->password, $this->username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + } else { + + echo formatJSEND( "success", null ); + } + } + + ////////////////////////////////////////////////////////////////// + // Set Current Project + ////////////////////////////////////////////////////////////////// + + public function Project() { + + $sql = "UPDATE `users` SET `project`=? WHERE `username`=?;"; + $bind = "ss"; + $bind_variables = array( $this->project, $this->username ); + $return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) ); + + if( sql::check_sql_error( $return ) ) { + + echo formatJSEND( "success", null ); + } else { + + echo( $return ); + } + } + + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + + public function search_users( $username, $return = "return" ) { + + $sql = "SELECT `username` FROM `users` WHERE `username` LIKE ?;"; + $bind = "s"; + $bind_variables = array( "%{$username}%" ); + $result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error selecting user information." ) ); + $user_list = array(); + + foreach( $result as $row ) { + + array_push( $user_list, $row["username"] ); + } + + if( mysqli_num_rows( $result ) > 0 ) { + + switch( $return ) { + + case( "exit" ): + + exit( formatJSEND( "success", $user_list ) ); + break; + + case( "json" ): + + $return = json_encode( $user_list ); + break; + + case( "return" ): + + $return = $user_list; + break; + } + } else { + + switch( $return ) { + + case( "exit" ): + + exit( formatJSEND( "error", "Error selecting user information." ) ); + break; + + case( "json" ): + + $return = formatJSEND( "error", "Error selecting user information." ); + break; + + case( "return" ): + + $return = null; + break; + } + } + + return( $return ); + } + ////////////////////////////////////////////////////////////////// // Verify Account Exists ////////////////////////////////////////////////////////////////// @@ -320,22 +391,4 @@ class User { } echo( $pass ); } - - ////////////////////////////////////////////////////////////////// - // Encrypt Password - ////////////////////////////////////////////////////////////////// - - private function EncryptPassword() { - - $this->password = sha1( md5( $this->password ) ); - } - - ////////////////////////////////////////////////////////////////// - // Clean username - ////////////////////////////////////////////////////////////////// - - public static function CleanUsername( $username ) { - - return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username ); - } } diff --git a/components/user/controller.php b/components/user/controller.php index e9d6b16..9c214c9 100755 --- a/components/user/controller.php +++ b/components/user/controller.php @@ -54,9 +54,8 @@ if ($_GET['action']=='authenticate') { ////////////////////////////////////////////////////////////////// if ($_GET['action']=='logout') { - session_unset(); - session_destroy(); - session_start(); + + logout(); } ////////////////////////////////////////////////////////////////// @@ -90,27 +89,6 @@ if ($_GET['action']=='delete') { } } - ////////////////////////////////////////////////////////////////// - // Set Project Access - ////////////////////////////////////////////////////////////////// - -if ($_GET['action']=='project_access') { - if (checkAccess()) { - if (!isset($_GET['username'])) { - die(formatJSEND("error", "Missing username")); - } - $User->username = $_GET['username']; - - //No project selected - if (isset($_POST['projects'])) { - $User->projects = $_POST['projects']; - } else { - $User->projects = array(); - } - $User->Project_Access(); - } -} - ////////////////////////////////////////////////////////////////// // Change Password ////////////////////////////////////////////////////////////////// @@ -141,11 +119,26 @@ if ($_GET['action']=='project') { $User->Project(); } + ////////////////////////////////////////////////////////////////// + // Search Users + ////////////////////////////////////////////////////////////////// + +if ( $_GET['action'] == 'search_users' ) { + + if ( ! isset( $_GET['search_term'] ) ) { + + die( formatJSEND( "error", "Missing search term" ) ); + } + $User->search_users( $_GET['search_term'], "exit" ); +} + ////////////////////////////////////////////////////////////////// // Verify User Account ////////////////////////////////////////////////////////////////// if ($_GET['action']=='verify') { + $User->username = $_SESSION['user']; - $User->Verify(); + //$User->Verify(); + checkSession(); } diff --git a/components/user/dialog.php b/components/user/dialog.php index e1fcd48..f4a51eb 100755 --- a/components/user/dialog.php +++ b/components/user/dialog.php @@ -5,9 +5,9 @@ * as-is and without warranty under the MIT License. See * [root]/license.txt for more. This information must remain intact. */ - - require_once('../../common.php'); - + require_once('../../common.php'); + require_once('./class.user.php'); + $User = new User(); ////////////////////////////////////////////////////////////////// // Verify Session or Key ////////////////////////////////////////////////////////////////// @@ -23,7 +23,7 @@ case 'list': $projects_assigned = false; - if(!checkAccess()){ + if( ! checkAccess() ){ ?>
@@ -44,13 +44,12 @@ $data){ + $users = $User->list_users(); + foreach( $users as $user => $data ){ ?> - @@ -96,45 +95,6 @@ - - - - -
> - - $data){ - $sel = ''; - if($projects_assigned && in_array($data['path'],$projects_assigned)){ $sel = 'checked="checked"'; } - echo(''); - } - ?> -
'.$data['name'].'
-
- - -

"> - + "> - +