SQL errors now return as formatted json errors, added sql result error check, removed admin requirement from project management, removed old access system dialog, added get user and get users functions, added common functions to global functions, testing change that will hopefully fix the inability to rename or delete strangely named files, refactored project init.js

This commit is contained in:
xevidos 2018-11-10 00:41:28 -05:00
parent 42a87590ac
commit 574eb29b8e
17 changed files with 1290 additions and 748 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.scannerwork

24
.gitlab-ci.yml Executable file
View file

@ -0,0 +1,24 @@
stages:
- build
- test
- deploy
build:
stage: build
script:
- echo "Building the app this does nothing."
test:
stage: test
script:
- echo "Testing the app."
- /home/xevidos/scripts/sonar-codiad.sh
only:
- development
deploy_staging:
stage: deploy
script:
- echo "Deploy to staging server this does nothing."
only:
- master

View file

@ -99,21 +99,7 @@ class Common {
// New Methods
//////////////////////////////////////////////////////////////////
public static function return( $output, $action = "return" ) {
switch( $action ) {
case( "exit" ):
exit( $output );
break;
case( "return" ):
return( $output );
break;
}
}
//////////////////////////////////////////////////////////////////
// Check access to application
@ -121,11 +107,11 @@ class Common {
public static function check_access( $action = "return" ) {
if( ! self::check_session() ) {
/*if( ! self::check_session() ) {
session_destroy();
self::return( formatJSEND( "error", "Error fetching project information." ), "exit" );
}
}*/
}
//////////////////////////////////////////////////////////////////
@ -165,19 +151,73 @@ class Common {
self::return( $return, $action );
}
//////////////////////////////////////////////////////////////////
// Check Session / Key
//////////////////////////////////////////////////////////////////
public static function get_users( $return = "return" ) {
public static function check_session( $action = "return" ) {
$sql = "SELECT `username` FROM `users`;";
$bind = "";
$bind_variables = array();
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking users." ) );
$user_list = array();
foreach( $result as $row ) {
if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) {
//exit('{"status":"error","message":"Authentication Error"}');
exit( '{"status":"error","message":"Authentication Error<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant('BASE_URL') . '`</script>"}' );
array_push( $user_list, $row["username"] );
}
if( mysqli_num_rows( $result ) > 0 ) {
switch( $return ) {
case( "json" ):
$return = json_encode( $user_list );
break;
case( "return" ):
$return = $user_list;
break;
}
} else {
$return = formatJSEND( "error", "Error selecting user information." );
}
return( $return );
}
public static function is_admin() {
$sql = "SELECT * FROM `users` WHERE `username`=? AND `access`=?;";
$bind = "ss";
$bind_variables = array( $_SESSION["user"], "admin" );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking user acess." ) );
if( mysqli_num_rows( $return ) > 0 ) {
return( true );
} else {
return( false );
}
}
public static function logout() {
$sql = "UPDATE `users` SET `token`=? WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( null, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
try {
$json = json_decode( $return, true );
echo( $return );
} catch( exception $e ) {}
session_unset();
session_destroy();
session_start();
}
//////////////////////////////////////////////////////////////////
@ -220,6 +260,22 @@ class Common {
}
}
public static function return( $output, $action = "return" ) {
switch( $action ) {
case( "exit" ):
exit( $output );
break;
case( "return" ):
return( $output );
break;
}
}
//////////////////////////////////////////////////////////////////
// Old Methods
//////////////////////////////////////////////////////////////////
@ -333,17 +389,20 @@ class Common {
public static function checkSession() {
// Set any API keys
$api_keys = array();
// Check API Key or Session Authentication
$key = "";
if( isset( $_GET['key'] ) ) {
$pass = false;
$sql = "SELECT * FROM `users` WHERE `username`=? AND `token`=PASSWORD( ? );";
$bind = "ss";
$bind_variables = array( $_SESSION["user"], $_SESSION["token"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error checking access." ) );
$key = $_GET['key'];
if( mysqli_num_rows( $return ) > 0 ) {
$pass = true;
}
if( ! isset( $_SESSION['user'] ) && ! in_array( $key, $api_keys ) ) {
//exit('{"status":"error","message":"Authentication Error"}');
if( ! $pass ) {
logout();
exit( '{"status":"error","message":"Authentication Error<script>window.location.href = window.location.protocol + `' . "//" . Common::getConstant('BASE_URL') . '`</script>"}' );
}
}
@ -431,7 +490,7 @@ class Common {
public static function checkAccess() {
return !file_exists( DATA . "/" . $_SESSION['user'] . '_acl.php' );
return self::is_admin();
}
//////////////////////////////////////////////////////////////////
@ -509,6 +568,7 @@ class Common {
// Wrapper for old method names
//////////////////////////////////////////////////////////////////
function is_admin() { Common::is_admin(); }
function debug($message) { Common::debug($message); }
function i18n($key, $args = array()) { echo Common::i18n($key, $args); }
function get_i18n($key, $args = array()) { return Common::get_i18n($key, $args); }
@ -519,4 +579,6 @@ function formatJSEND($status,$data=false){ return Common::formatJSEND($status,$d
function checkAccess() { return Common::checkAccess(); }
function checkPath($path) { return Common::checkPath($path); }
function isAvailable($func) { return Common::isAvailable($func); }
function logout() { return Common::logout(); }
function get_users() { return Common::get_users(); }
?>

View file

@ -49,6 +49,12 @@
},
open: function(path, content, mtime, inBackground, focus) {
//if( this. ) {
//}
if (focus === undefined) {
focus = true;
}

View file

@ -15,7 +15,7 @@
// Instantiates plugin
$( function() {
amplify.subscribe('settings.changed', async function() {
amplify.subscribe( 'settings.changed', function() {
codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' );
codiad.auto_save.reload_interval();
@ -37,7 +37,7 @@
},
verbose: false,
init: async function() {
init: function() {
codiad.auto_save.settings.autosave = codiad.settings.get_option( 'codiad.settings.autosave' );
@ -48,6 +48,7 @@
window.clearInterval( this.auto_save_trigger );
if( codiad.auto_save.verbose ) {
console.log( 'Auto save disabled' );
}
return;
@ -55,9 +56,10 @@
$( window ).focus( function() {
//Turn auto save off if the user leaves the tab.
codiad.auto_save.settings.toggle = false;
//Turn auto save on if the user comes back the tab.
codiad.auto_save.settings.toggle = true;
if( codiad.auto_save.verbose ) {
console.log( 'Auto save resumed' );
}
});
@ -67,12 +69,12 @@
//Turn auto save off if the user leaves the tab.
codiad.auto_save.settings.toggle = false;
if( codiad.auto_save.verbose ) {
console.log( 'Auto save paused' );
}
});
console.log( 'Auto save Enabled' );
//let editor = document.getElementsByClassName( 'ace_content' )[0];
this.auto_save_trigger = setInterval( this.auto_save, 256 );
},
@ -106,12 +108,19 @@
codiad.filemanager.saveFile( path, content, localStorage.removeItem( path ), false );
var session = codiad.active.sessions[path];
if( typeof session != 'undefined' ) {
session.untainted = content;
session.serverMTime = session.serverMTime;
if (session.listThumb) session.listThumb.removeClass('changed');
if (session.tabThumb) session.tabThumb.removeClass('changed');
if ( session.listThumb ) {
session.listThumb.removeClass('changed');
}
if ( session.tabThumb ) {
session.tabThumb.removeClass('changed');
}
}
this.saving = false;
},

View file

@ -424,19 +424,19 @@ class Filemanager extends Common {
$files = array_diff( scandir( $path ), array( '.', '..' ) );
foreach ( $files as $file ) {
if ( is_link( "$path/$file" ) ) {
if ( is_link( $path . "/" . $file ) ) {
if ( $follow ) {
rrmdir("$path/$file", $follow, false);
rrmdir( $path . "/" . $file, $follow, false);
}
unlink( "$path/$file" );
} elseif ( is_dir( "$path/$file" ) ) {
unlink( $path . "/" . $file );
} elseif ( is_dir( $path . "/" . $file ) ) {
rrmdir( "$path/$file", $follow, false );
rrmdir( $path . "/" . $file, $follow, false );
} else {
unlink( "$path/$file" );
unlink( $path . "/" . $file );
}
}
if( $keep_parent === false ) {

View file

@ -22,6 +22,7 @@ class Project extends Common {
public $no_return = false;
public $assigned = false;
public $command_exec = '';
public $public_project = false;
//////////////////////////////////////////////////////////////////
// METHODS
@ -44,12 +45,12 @@ class Project extends Common {
public function add_project( $project_name, $project_path, $owner = null ) {
if( $owner == null ) {
$owner = $_SESSION["user"];
} else {
if( $this->public_project ) {
$owner = 'nobody';
} else {
$owner = $_SESSION["user"];
}
$sql = "INSERT INTO `projects`( `name`, `path`, `owner` ) VALUES ( ?, ?, ? );";
@ -60,30 +61,103 @@ class Project extends Common {
return( $return );
}
public function delete_project( $project_name, $project_path, $owner = null ) {
public function check_owner( $path = null, $exclude_public = false ) {
if( $owner == null ) {
if( $path === null ) {
$owner = $_SESSION["user"];
$path = $this->path;
}
$sql = "SELECT `owner` FROM `projects` WHERE `path`=?";
$bind = "s";
$bind_variables = array( $path );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$return = false;
if( mysqli_num_rows( $result ) > 0 ) {
$owner = mysqli_fetch_assoc( $result )["owner"];
if( $exclude_public ) {
if( $owner == $_SESSION["user"] ) {
$return = true;
}
} else {
$owner = 'nobody';
if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
$return = true;
}
}
}
return( $return );
}
$owner = $_SESSION["user"];
$sql = "DELETE FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "sss";
$bind_variables = array( $project_name, $project_path, $owner );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
public function get_access( $path = null ) {
try {
if( $path === null ) {
$json = json_decode( $return, true );
exit( $return );
} catch( exception $e ) {
exit( formatJSEND( "success", "Successfully deleted project $project_name." ) );
$path = $this->path;
}
$sql = "SELECT `access` FROM `projects` WHERE `path`=?";
$bind = "s";
$bind_variables = array( $path );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching project information." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return )["access"];
} else {
$return = formatJSEND( "error", "Error fetching project info." );
}
return( $return );
}
public function get_owner( $path = null ) {
if( $path === null ) {
$path = $this->path;
}
$sql = "SELECT `owner` FROM `projects` WHERE `path`=?";
$bind = "s";
$bind_variables = array( $path );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return )["owner"];
} else {
$return = formatJSEND( "error", "Error fetching project info." );
}
return( $return );
}
public function get_project( $project = null ) {
if( $project === null ) {
$project = $this->path;
}
$sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' ) ORDER BY `name`;";
$bind = "ss";
$bind_variables = array( $project, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_all( $return, MYSQLI_ASSOC )[0];
} else {
$return = formatJSEND( "error", "Error fetching projects." );
}
return( $return );
}
public function get_projects() {
@ -169,18 +243,20 @@ class Project extends Common {
public function Open() {
$pass = false;
foreach ( $this->projects as $project => $data ) {
$sql = "SELECT * FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ss";
$bind_variables = array( $this->path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
if ( $data['path'] == $this->path ) {
$pass = true;
$this->name = $data['name'];
$_SESSION['project'] = $data['path'];
}
}
if ( $pass ) {
if( mysqli_num_rows( $return ) > 0 ) {
$return = mysqli_fetch_assoc( $return );
$sql = "UPDATE `users` SET `project`=? WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $this->path, $_SESSION["user"] );
sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching projects." ) );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
} else {
@ -204,6 +280,11 @@ class Project extends Common {
}
if ( $this->path != '' ) {
if( ! $this->public_project ) {
$this->path = $_SESSION["user"] . '/' . $this->path;
}
$pass = $this->checkDuplicate();
if ( $pass ) {
@ -312,16 +393,17 @@ class Project extends Common {
public function Delete() {
$revised_array = array();
foreach ( $this->projects as $project => $data ) {
$sql = "DELETE FROM `projects` WHERE `path`=? AND ( `owner`=? OR `owner`='nobody' );";
$bind = "ss";
$bind_variables = array( $this->path, $_SESSION["user"] );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting project $project_name." ) );
if ( $data['path'] != $this->path ) {
if( sql::check_sql_error( $return ) ) {
$revised_array[] = array( "name" => $data['name'], "path" => $data['path'] );
echo( formatJSEND( "success", "Successfully deleted $project_name." ) );
} else {
$this->delete_project( $data['name'], $data['path'] );
}
echo $return;
}
}

View file

@ -18,97 +18,149 @@ checkSession();
$Project = new Project();
//////////////////////////////////////////////////////////////////
// Create Project
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'create' ) {
$Project->name = $_GET['project_name'];
if( $_GET['public_project'] == 'true' ) {
$Project->public_project = true;
}
if( $_GET['project_path'] != '' ) {
$Project->path = $_GET['project_path'];
} else {
$Project->path = $_GET['project_name'];
}
// Git Clone?
if( ! empty( $_GET['git_repo'] ) ) {
$Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
//////////////////////////////////////////////////////////////////
// Return Current
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'current' ) {
if( isset( $_SESSION['project'] ) ) {
echo formatJSEND( "success", $_SESSION['project'] );
} else {
echo formatJSEND( "error", "No Project Returned" );
}
}
//////////////////////////////////////////////////////////////////
// Delete Project
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'delete' ) {
if( checkPath( $_GET['project_path'] ) ) {
$Project->path = $_GET['project_path'];
$Project->Delete();
}
}
//////////////////////////////////////////////////////////////////
// Get Project Access
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'get_access' ) {
$Project->path = $_GET['project_path'];
$access = $Project->get_access( $_GET['project_path'] );
echo formatJSEND( "success", $access );
}
//////////////////////////////////////////////////////////////////
// Get Current Project
//////////////////////////////////////////////////////////////////
$no_return = false;
if( isset( $_GET['no_return'] ) ) {
$no_return = true;
}
if( $_GET['action'] == 'get_current' ) {
if( ! isset( $_SESSION['project'] ) ) {
// Load default/first project
if( $no_return ) {
$Project->no_return = true;
}
$Project->GetFirst();
} else {
// Load current
$Project->path = $_SESSION['project'];
$project_name = $Project->GetName();
if( ! $no_return ) {
echo formatJSEND( "success", array( "name" => $project_name, "path" => $_SESSION['project'] ) );
}
}
}
//////////////////////////////////////////////////////////////////
// Check Project Owner
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'get_owner' ) {
$Project->path = $_GET['project_path'];
$owner = $Project->get_owner();
try {
$return = json_decode( $owner );
exit( formatJSEND( "error", null ) );
} catch( exception $e ) {
exit( formatJSEND( "success", array( "owner" => $owner ) ) );
}
}
//////////////////////////////////////////////////////////////////
// Open Project
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'open' ) {
if( ! checkPath( $_GET['path'] ) ) {
die( formatJSEND( "error", "No Access to path " . $_GET['path'] ) );
}
$Project->path = $_GET['path'];
$Project->Open();
}
//////////////////////////////////////////////////////////////////
// Create Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='create') {
if (checkAccess()) {
$Project->name = $_GET['project_name'];
if ($_GET['project_path'] != '') {
$Project->path = $_GET['project_path'];
} else {
$Project->path = $_GET['project_name'];
}
// Git Clone?
if (!empty($_GET['git_repo'])) {
$Project->gitrepo = $_GET['git_repo'];
$Project->gitbranch = $_GET['git_branch'];
}
$Project->Create();
}
}
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'rename' ) {
if( ! checkPath( $_GET['project_path'] ) ) {
die( formatJSEND( "error", "No Access" ) );
}
$Project->path = $_GET['project_path'];
$Project->Rename();
}
//////////////////////////////////////////////////////////////////
// Delete Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='delete') {
if (checkAccess()) {
$Project->path = $_GET['project_path'];
$Project->Delete();
}
}
//////////////////////////////////////////////////////////////////
// Return Current
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='current') {
if (isset($_SESSION['project'])) {
echo formatJSEND("success", $_SESSION['project']);
} else {
echo formatJSEND("error", "No Project Returned");
}
}

View file

@ -65,7 +65,8 @@ switch( $_GET['action'] ) {
<th width="70"><?php i18n( "Open");?></th>
<th width="150"><?php i18n( "Project Name" );?></th>
<th width="250"><?php i18n( "Path" );?></th>
<?php if( checkAccess() ) { ?><th width="70"><?php i18n("Delete");?></th><?php } ?>
<th width="70"><?php i18n( "Access" );?></th>
<th width="70"><?php i18n( "Delete" );?></th>
</tr>
</table>
<div class="project-wrapper">
@ -86,8 +87,25 @@ switch( $_GET['action'] ) {
<td width="150"><?php echo($data['name']);?></td>
<td width="250"><?php echo($data['path']);?></td>
<?php
if( checkAccess() ) {
$owner = $Project->get_owner( $data['path'] );
if( $owner == 'nobody' ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Public projects can not be managed'));" class="icon-block bigger-icon"></a></td>
<?php
} elseif( $owner !== $_SESSION["user"] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Projects owned by others can not be managed'));" class="icon-block bigger-icon"></a></td>
<?php
} else {
?>
<td width="70"><a onclick="codiad.project.manage_access( '<?php echo( $data['path'] );?>' );" class="icon-lock bigger-icon"></a></td>
<?php
}
?>
<?php
if( $_SESSION['project'] == $data['path'] ) {
?>
@ -99,7 +117,6 @@ switch( $_GET['action'] ) {
<td width="70"><a onclick="codiad.project.delete('<?php echo($data['name']);?>','<?php echo($data['path']);?>');" class="icon-cancel-circled bigger-icon"></a></td>
<?php
}
}
?>
</tr>
<?php
@ -109,8 +126,8 @@ switch( $_GET['action'] ) {
</table>
</div>
</div>
<?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project"); ?></button><?php } ?>
<button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;"><?php i18n("Close"); ?></button>
<button class="btn-left" onclick="codiad.project.create();"><?php i18n("New Project");?></button>
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n("Close");?></button>
<?php
break;
@ -126,7 +143,12 @@ switch( $_GET['action'] ) {
<input name="project_name" autofocus="autofocus" autocomplete="off">
<label><?php i18n( "Folder Name or Absolute Path" );?></label>
<input name="project_path" autofocus="off" autocomplete="off">
<label><?php i18n( "Public Project" );?></label>
<select name="public_project">
<option value="false">False</option>
<option value="true">True</option>
</select>
<p><small><i>Note: Everyone will have full access to public projects.</i></small></p>
<!-- Clone From GitHub -->
<div style="width: 500px;">
<table class="hide" id="git-clone">
@ -146,15 +168,89 @@ switch( $_GET['action'] ) {
</tr>
</table>
</div>
<!-- /Clone From GitHub --><?php
<!-- /Clone From GitHub -->
<?php
$action = 'codiad.project.list();';
if( $_GET['close'] == 'true' ) {
$action = 'codiad.modal.unload();';
}
?>
<button class="btn-left"><?php i18n( "Create Project" );?></button>
<button onclick="$('#git-clone').slideDown(300); $(this).hide(); return false;" class="btn-mid"><?php i18n( "...From Git Repo" ); ?></button>
<button class="btn-right" onclick="<?php echo $action;?>return false;"><?php i18n( "Cancel" );?></button>
</form>
<?php
break;
//////////////////////////////////////////////////////////////
// Manage Project Access
//////////////////////////////////////////////////////////////
case 'manage_access':
/**
* Check and see if the path of the project is set. Also check and
* see if the project the user is attempting to view permissions for
* is one that they own.
*/
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
?>
<pre>Error, you either do not own this project or it is a public project.</pre>
<?php
return;
}
// Get projects data
$path = $_GET['path'];
$project = $Project->get_project( $path );
$access = json_decode( $project["access"], true );
$users = get_users();
?>
<form>
<input type="hidden" name="project_path" value="<?php echo( $path );?>">
<label><span class="icon-pencil"></span><?php i18n( "Add Users" );?></label>
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
<select id="user_list">
<?php
foreach( $users as $user ) {
?>
<option value="<?php echo htmlentities( $user );?>"><?php echo htmlentities( $user );?></option>
<?php
}
?>
</select>
<button class="btn-left" onclick="codiad.project.add_user();">Add User</button>
<?php
if( $access == null ) {
?>
<p>No users have been given access.</p>
<?php
} else {
?>
<table id="access_list">
<?php
foreach( $access as $user ) {
?>
<tr>
<td>
<p><?php echo htmlentities( $user );?></p>
</td>
<td>
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user );?>' );">Remove Access</button>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
?>
<button class="btn-left" onclick="codiad.project.save_access();"><?php i18n( "Save" );?></button>&nbsp;<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Cancel" );?></button>
<form>
<?php
break;
@ -163,6 +259,7 @@ switch( $_GET['action'] ) {
// Rename
//////////////////////////////////////////////////////////////////
case 'rename':
?>
<form>
<input type="hidden" name="project_path" value="<?php echo( $_GET['path'] );?>">
@ -185,13 +282,18 @@ switch( $_GET['action'] ) {
<label><?php i18n( "Confirm Project Deletion" );?></label>
<pre><?php i18n( "Name:" );?> <?php echo( $_GET['name'] );?>, <?php i18n( "Path:" )?> <?php echo( $_GET['path'] );?></pre>
<table>
<tr><td width="5"><input type="checkbox" name="delete" id="delete" value="true"></td><td><?php i18n("Delete Project Files"); ?></td></tr>
<tr><td width="5"><input type="checkbox" name="follow" id="follow" value="true"></td><td><?php i18n("Follow Symbolic Links "); ?></td></tr>
<tr>
<td width="5">
<input type="checkbox" name="delete" id="delete" value="true"></td>
<td><?php i18n( "Delete Project Files" ); ?></td>
</tr>
<tr>
<td width="5"><input type="checkbox" name="follow" id="follow" value="true"></td>
<td><?php i18n( "Follow Symbolic Links " );?></td>
</tr>
</table>
<button class="btn-left"><?php i18n( "Confirm" );?></button><button class="btn-right" onclick="codiad.project.list();return false;"><?php i18n( "Cancel" );?></button>
<?php
break;
}
?>

View file

@ -9,6 +9,7 @@
var codiad = global.codiad;
$( function() {
codiad.project.init();
});
@ -18,114 +19,61 @@
dialog: 'components/project/dialog.php',
init: function() {
this.loadCurrent();
this.loadSide();
var _this = this;
$( '#projects-create' ).click( function() {
codiad.project.create('true');
});
$( '#projects-manage' ).click( function() {
codiad.project.list();
});
$('#projects-collapse').click( function() {
if ( ! _this._sideExpanded ) {
_this.projectsExpand();
} else {
_this.projectsCollapse();
}
});
},
//////////////////////////////////////////////////////////////////
// Get Current Project
// Add user access
//////////////////////////////////////////////////////////////////
loadCurrent: function() {
$.get(this.controller + '?action=get_current', function(data) {
var projectInfo = codiad.jsend.parse(data);
if (projectInfo != 'error') {
$('#file-manager')
.html('')
.append('<ul><li><a id="project-root" data-type="root" class="directory" data-path="' + projectInfo.path + '">' + projectInfo.name + '</a></li></ul>');
codiad.filemanager.index(projectInfo.path);
codiad.user.project(projectInfo.path);
codiad.message.success(i18n('Project %{projectName}% Loaded', {projectName:projectInfo.name}));
}
});
},
add_user: function( user ) {
//////////////////////////////////////////////////////////////////
// Open Project
//////////////////////////////////////////////////////////////////
open: function(path) {
var _this = this;
codiad.finder.contractFinder();
$.get(this.controller + '?action=open&path=' + encodeURIComponent(path), function(data) {
var projectInfo = codiad.jsend.parse(data);
if (projectInfo != 'error') {
_this.loadCurrent();
codiad.modal.unload();
codiad.user.project(path);
localStorage.removeItem("lastSearched");
/* Notify listeners. */
amplify.publish('project.onOpen', path);
}
$( '#modal-content form' ).live( 'submit', function( e ) {
e.preventDefault();
});
},
//////////////////////////////////////////////////////////////////
// Open the project manager dialog
//////////////////////////////////////////////////////////////////
list: function() {
$('#modal-content form')
.die('submit'); // Prevent form bubbling
codiad.modal.load(500, this.dialog + '?action=list');
},
//////////////////////////////////////////////////////////////////
// Load and list projects in the sidebar.
//////////////////////////////////////////////////////////////////
loadSide: async function() {
$( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) );
this._sideExpanded = true;
},
projectsExpand: function() {
this._sideExpanded = true;
$('#side-projects').css('height', 276+'px');
$('.project-list-title').css('right', 0);
$('.sb-left-content').css('bottom', 276+'px');
$('#projects-collapse')
.removeClass('icon-up-dir')
.addClass('icon-down-dir');
},
projectsCollapse: function() {
this._sideExpanded = false;
$('#side-projects').css('height', 33+'px');
$('.project-list-title').css('right', 0);
$('.sb-left-content').css('bottom', 33+'px');
$('#projects-collapse')
.removeClass('icon-down-dir')
.addClass('icon-up-dir');
},
//////////////////////////////////////////////////////////////////
// Create Project
//////////////////////////////////////////////////////////////////
create: function( close ) {
var _this = this;
create = true;
codiad.modal.load( 500, this.dialog + '?action=create&close=' + close );
$( '#modal-content form' )
.live( 'submit', function( e ) {
e.preventDefault();
var projectName = $( '#modal-content form input[name="project_name"]' )
.val(),
@ -135,13 +83,19 @@
.val(),
gitBranch = $( '#modal-content form input[name="git_branch"]' )
.val();
public_project = $( '#modal-content form select[name="public_project"]' )
.val();
if( projectPath.indexOf( '/' ) == 0 ) {
create = confirm( 'Do you really want to create project with absolute path "' + projectPath + '"?' );
}
if( create ) {
$.get(_this.controller + '?action=create&project_name=' + encodeURIComponent(projectName) + '&project_path=' + encodeURIComponent(projectPath) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch, function(data) {
$.get( _this.controller + '?action=create&project_name=' + encodeURIComponent( projectName ) + '&project_path=' + encodeURIComponent( projectPath ) + '&git_repo=' + gitRepo + '&git_branch=' + gitBranch + '&public_project=' + public_project, function( data ) {
createResponse = codiad.jsend.parse( data );
if ( createResponse != 'error' ) {
_this.open( createResponse.path );
codiad.modal.unload();
_this.loadSide();
@ -153,43 +107,17 @@
});
},
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
rename: function(path,name) {
var _this = this;
codiad.modal.load(500, this.dialog + '?action=rename&path=' + encodeURIComponent(path) + '&name='+name);
$('#modal-content form')
.live('submit', function(e) {
e.preventDefault();
var projectPath = $('#modal-content form input[name="project_path"]')
.val();
var projectName = $('#modal-content form input[name="project_name"]')
.val();
$.get(_this.controller + '?action=rename&project_path=' + encodeURIComponent(projectPath) + '&project_name=' + encodeURIComponent(projectName), function(data) {
renameResponse = codiad.jsend.parse(data);
if (renameResponse != 'error') {
codiad.message.success(i18n('Project renamed'));
_this.loadSide();
$('#file-manager a[data-type="root"]').html(projectName);
codiad.modal.unload();
/* Notify listeners. */
amplify.publish('project.onRename', {"path": projectPath, "name": projectName});
}
});
});
},
//////////////////////////////////////////////////////////////////
// Delete Project
//////////////////////////////////////////////////////////////////
delete: function( name, path ) {
var _this = this;
codiad.modal.load( 500, this.dialog + '?action=delete&name=' + encodeURIComponent( name ) + '&path=' + encodeURIComponent( path ) );
$( '#modal-content form' )
.live( 'submit', function( e ) {
e.preventDefault();
var projectPath = $( '#modal-content form input[name="project_path"]' )
.val();
@ -197,25 +125,33 @@
var followlinks = $( 'input:checkbox[name="follow"]:checked' ).val();
var action = '?action=delete';
if( typeof deletefiles !== 'undefined' ) {
if( typeof followlinks !== 'undefined' ) {
action += '&follow=true&path=' + encodeURIComponent( projectPath );
} else {
action += '&path=' + encodeURIComponent( projectPath );
}
}
$.get(codiad.filemanager.controller + action, function( d ) {
$.get(_this.controller + '?action=delete&project_path=' + encodeURIComponent( projectPath ), function( data ) {
deleteResponse = codiad.jsend.parse( data );
if ( deleteResponse != 'error' ) {
codiad.message.success( i18n( 'Project Deleted' ) );
_this.list();
_this.loadSide();
// Remove any active files that may be open
$( '#active-files a' )
.each(function() {
var curPath = $( this )
.attr( 'data-path' );
if ( curPath.indexOf( projectPath ) == 0 ) {
codiad.active.remove( curPath );
}
});
@ -228,15 +164,16 @@
},
//////////////////////////////////////////////////////////////////
// Check Absolute Path
// Get Access
//////////////////////////////////////////////////////////////////
isAbsPath: function(path) {
if ( path.indexOf("/") == 0 ) {
return true;
} else {
return false;
}
get_access: function( path, generate_table = false ) {
var _this = this;
$.get( _this.controller + '?action=get_access&project_path=' + encodeURIComponent( path ), function( data ) {
return codiad.jsend.parse( data );
});
},
//////////////////////////////////////////////////////////////////
@ -244,16 +181,237 @@
//////////////////////////////////////////////////////////////////
getCurrent: function() {
var _this = this;
var currentResponse = null;
$.ajax({
url: _this.controller + '?action=current',
async: false,
success: function( data ) {
currentResponse = codiad.jsend.parse( data );
}
});
return currentResponse;
},
//////////////////////////////////////////////////////////////////
// Check Absolute Path
//////////////////////////////////////////////////////////////////
isAbsPath: function( path ) {
if ( path.indexOf( "/" ) == 0 ) {
return true;
} else {
return false;
}
},
//////////////////////////////////////////////////////////////////
// Open the project manager dialog
//////////////////////////////////////////////////////////////////
list: function() {
$( '#modal-content form' ).die( 'submit' ); // Prevent form bubbling
codiad.modal.load( 500, this.dialog + '?action=list' );
},
/**
* Turn the access array into a table.
*/
load_access: function() {
var _this = this;
var access = _this.get_access();
//If the access is not null then build a table from the data.
if( access !== '' ) {
access = JSON.parse( access );
}
},
//////////////////////////////////////////////////////////////////
// Get Current Project
//////////////////////////////////////////////////////////////////
loadCurrent: function() {
$.get( this.controller + '?action=get_current', function( data ) {
var projectInfo = codiad.jsend.parse( data );
if ( projectInfo != 'error' ) {
$( '#file-manager' )
.html( '' )
.append( '<ul><li><a id="project-root" data-type="root" class="directory" data-path="' + projectInfo.path + '">' + projectInfo.name + '</a></li></ul>' );
codiad.filemanager.index( projectInfo.path );
codiad.user.project( projectInfo.path );
codiad.message.success( i18n( 'Project %{projectName}% Loaded', {projectName:projectInfo.name} ) );
}
});
},
//////////////////////////////////////////////////////////////////
// Load and list projects in the sidebar.
//////////////////////////////////////////////////////////////////
loadSide: async function() {
$( '.sb-projects-content' ).load( this.dialog + '?action=sidelist&trigger='+ await codiad.settings.get_option( 'codiad.editor.fileManagerTrigger' ) );
this._sideExpanded = true;
},
//////////////////////////////////////////////////////////////////
// Manage access
//////////////////////////////////////////////////////////////////
manage_access: function( path ) {
var _this = this;
$( '#modal-content form' )
.die( 'submit' ); // Prevent form bubbling
codiad.modal.load( 500, this.dialog + '?action=manage_access&path=' + path );
},
//////////////////////////////////////////////////////////////////
// Open Project
//////////////////////////////////////////////////////////////////
open: function( path ) {
var _this = this;
codiad.finder.contractFinder();
$.get( this.controller + '?action=open&path=' + encodeURIComponent( path ), function( data ) {
var projectInfo = codiad.jsend.parse(data);
if ( projectInfo != 'error' ) {
_this.loadCurrent();
codiad.modal.unload();
codiad.user.project( path );
localStorage.removeItem( "lastSearched" );
/* Notify listeners. */
amplify.publish( 'project.onOpen', path );
}
});
},
projectsExpand: function() {
this._sideExpanded = true;
$( '#side-projects' ).css( 'height', 276 + 'px' );
$( '.project-list-title' ).css( 'right', 0 );
$( '.sb-left-content' ).css( 'bottom', 276 + 'px' );
$( '#projects-collapse' )
.removeClass( 'icon-up-dir' )
.addClass( 'icon-down-dir' );
},
projectsCollapse: function() {
this._sideExpanded = false;
$( '#side-projects' ).css( 'height', 33 + 'px' );
$( '.project-list-title' ).css( 'right', 0 );
$( '.sb-left-content' ).css( 'bottom', 33 + 'px' );
$( '#projects-collapse' )
.removeClass( 'icon-down-dir' )
.addClass( 'icon-up-dir' );
},
//////////////////////////////////////////////////////////////////
// Remove User access
//////////////////////////////////////////////////////////////////
remove_user: function( user ) {
$( '#modal-content form' ).live( 'submit', function( e ) {
e.preventDefault();
});
},
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
rename: function( path, name ) {
var _this = this;
codiad.modal.load( 500, this.dialog + '?action=rename&path=' + encodeURIComponent( path ) + '&name=' + name );
$( '#modal-content form' )
.live( 'submit', function( e ) {
e.preventDefault();
var projectPath = $( '#modal-content form input[name="project_path"]' )
.val();
var projectName = $( '#modal-content form input[name="project_name"]' )
.val();
$.get( _this.controller + '?action=rename&project_path=' + encodeURIComponent( projectPath ) + '&project_name=' + encodeURIComponent( projectName ), function( data ) {
renameResponse = codiad.jsend.parse( data );
if ( renameResponse != 'error' ) {
codiad.message.success( i18n( 'Project renamed' ) );
_this.loadSide();
$( '#file-manager a[data-type="root"]' ).html( projectName );
codiad.modal.unload();
/* Notify listeners. */
amplify.publish( 'project.onRename', {"path": projectPath, "name": projectName} );
}
});
});
},
//////////////////////////////////////////////////////////////////
// Save User access
//////////////////////////////////////////////////////////////////
save_access: function() {
$( '#modal-content form' ).live( 'submit', function( e ) {
e.preventDefault();
});
},
//////////////////////////////////////////////////////////////////
// Search Users
//////////////////////////////////////////////////////////////////
search_users: function() {
var _this = this;
var current_response = null;
var select_list = document.getElementById( 'user_list' );
var search_box = document.getElementById( 'search_users' );
var search_term = search_box.value;
$.ajax({
url: codiad.user.controller + '?action=search_users&search_term=' + search_term,
async: false,
success: function( data ) {
current_response = codiad.jsend.parse( data );
}
});
select_list.innerHTML = ``;
if ( current_response != 'error' ) {
for( let i = current_response.length; i--; ) {
let optionElement = document.createElement( 'option' );
optionElement.innerText = current_response[i];
select_list.appendChild( optionElement );
}
}
},
};
})( this, jQuery );

View file

@ -8,6 +8,18 @@ class sql {
}
public static function check_sql_error( $sql ) {
$return = false;
$result = json_decode( $sql );
if ( json_last_error() !== JSON_ERROR_NONE || $sql == NULL ) {
$return = true;
}
return( $return );
}
public static function connect() {
$host = DBHOST;
@ -30,7 +42,7 @@ class sql {
if( $connection->error ) {
$return = $connection->error;
$return = formatJSEND( "error", $connection->error );
}
$connection->close();

View file

@ -7,6 +7,7 @@ error_reporting(E_ALL);
require_once('../../common.php');
require_once('../settings/class.settings.php');
require_once('../project/class.project.php');
require_once('../user/class.user.php');
checkSession();
if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad.";
@ -15,12 +16,13 @@ if ( ! checkAccess() ) {
$user_settings_file = DATA . "/settings.php";
$projects_file = DATA . "/projects.php";
$projects_file = DATA . "/users.php";
$users_file = DATA . "/users.php";
$system_settings_file = null;
$Settings = new Settings();
$Common = new Common();
$Project = new Project();
$User = new User();
if( file_exists( $user_settings_file ) ) {
@ -45,3 +47,15 @@ if( file_exists( $projects_file ) ) {
}
unlink( $projects_file );
}
if( file_exists( $users_file ) ) {
$users = getJSON( 'users.php' );
foreach( $users as $user ) {
$User->username = $user["username"];
$User->password = $user["password"];
$User->add_user();
}
unlink( $users_file );
}

View file

@ -12,6 +12,7 @@ class User {
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $access = 'user';
public $username = '';
public $password = '';
public $project = '';
@ -33,10 +34,51 @@ class User {
public function __construct() {
$this->users = getJSON( 'users.php' );
$this->actives = getJSON( 'active.php' );
}
public function add_user() {
$sql = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, PASSWORD( ? ), ?, ? );";
$bind = "ssss";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error that username is already taken." ) );
if( sql::check_sql_error( $return ) ) {
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "The Username is Already Taken" );
}
}
public function get_user( $username ) {
$sql = "SELECT * FROM `users` WHERE `username`=?";
$bind = "s";
$bind_variables = array( $username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select user." ) );
if( sql::check_sql_error( $return ) ) {
echo formatJSEND( "success", $return );
} else {
echo $return;
}
}
public function list_users() {
$sql = "SELECT * FROM `users`";
$bind = "";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error can not select users." ) );
return( $return );
}
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
@ -82,19 +124,28 @@ class User {
}
$pass = false;
$this->EncryptPassword();
$users = getJSON('users.php');
foreach( $users as $user ) {
$sql = "SELECT * FROM `users` WHERE `username`=? AND `password`=PASSWORD( ? );";
$bind = "ss";
$bind_variables = array( $this->username, $this->password );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error fetching user information." ) );
if( $user['username'] == $this->username && $user['password'] == $this->password ) {
if( mysqli_num_rows( $return ) > 0 ) {
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['token'] = $token;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$user = mysqli_fetch_assoc( $return );
$sql = "UPDATE `users` SET `token`=PASSWORD( ? ) WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $token, $this->username );
sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
if( $user['project'] != '' ) {
@ -103,7 +154,6 @@ class User {
$this->checkDuplicateSessions( $this->username );
}
}
if( $pass ) {
@ -160,133 +210,6 @@ class User {
session_start();
}
//////////////////////////////////////////////////////////////////
// Create Account
//////////////////////////////////////////////////////////////////
public function Create() {
$this->EncryptPassword();
$pass = $this->checkDuplicate();
if( $pass ) {
$this->users[] = array( "username" => $this->username, "password" => $this->password, "project" => "" );
saveJSON( 'users.php', $this->users );
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "The Username is Already Taken" );
}
}
//////////////////////////////////////////////////////////////////
// Delete Account
//////////////////////////////////////////////////////////////////
public function Delete() {
// Remove User
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $data['username'] != $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Remove any active files
foreach( $this->actives as $active => $data ) {
if( $this->username == $data['username'] ) {
unset( $this->actives[$active] );
}
}
saveJSON( 'active.php', $this->actives );
// Remove access control list (if exists)
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink(BASE_PATH . "/data/" . $this->username . '_acl.php');
}
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
public function Password() {
$this->EncryptPassword();
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $data['username'] == $this->username ) {
$revised_array[] = array( "username" => $data['username'], "password" => $this->password, "project" => $data['project'] );
} else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Set Project Access
//////////////////////////////////////////////////////////////////
public function Project_Access() {
// Access set to all projects
if( $this->projects == 0 ) {
// Access set to restricted list
if( file_exists( BASE_PATH . "/data/" . $this->username . '_acl.php' ) ) {
unlink( BASE_PATH . "/data/" . $this->username . '_acl.php' );
}
} else {
// Save array back to JSON
saveJSON( $this->username . '_acl.php', $this->projects );
}
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Set Current Project
//////////////////////////////////////////////////////////////////
public function Project() {
$revised_array = array();
foreach( $this->users as $user => $data ) {
if( $this->username == $data['username'] ) {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $this->project );
} else {
$revised_array[] = array( "username" => $data['username'], "password" => $data['password'], "project" => $data['project'] );
}
}
// Save array back to JSON
saveJSON( 'users.php', $revised_array );
// Response
echo formatJSEND( "success", null );
}
//////////////////////////////////////////////////////////////////
// Check Duplicate
//////////////////////////////////////////////////////////////////
@ -304,6 +227,154 @@ class User {
return $pass;
}
//////////////////////////////////////////////////////////////////
// Clean username
//////////////////////////////////////////////////////////////////
public static function CleanUsername( $username ) {
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
}
//////////////////////////////////////////////////////////////////
// Create Account
//////////////////////////////////////////////////////////////////
public function Create() {
$this->EncryptPassword();
$this->add_user();
}
//////////////////////////////////////////////////////////////////
// Delete Account
//////////////////////////////////////////////////////////////////
public function Delete() {
$sql = "DELETE FROM `users` WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $this->username, $this->password );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error deleting user information." ) );
if( sql::check_sql_error( $return ) ) {
echo formatJSEND( "success", null );
} else {
echo $return;
}
}
//////////////////////////////////////////////////////////////////
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
$this->password = sha1( md5( $this->password ) );
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
public function Password() {
$this->EncryptPassword();
$sql = "UPDATE `users` SET `password`=PASSWORD( ? ) WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $this->password, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
if( sql::check_sql_error( $return ) ) {
} else {
echo formatJSEND( "success", null );
}
}
//////////////////////////////////////////////////////////////////
// Set Current Project
//////////////////////////////////////////////////////////////////
public function Project() {
$sql = "UPDATE `users` SET `project`=? WHERE `username`=?;";
$bind = "ss";
$bind_variables = array( $this->project, $this->username );
$return = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error updating user information." ) );
if( sql::check_sql_error( $return ) ) {
echo formatJSEND( "success", null );
} else {
echo( $return );
}
}
//////////////////////////////////////////////////////////////////
// Search Users
//////////////////////////////////////////////////////////////////
public function search_users( $username, $return = "return" ) {
$sql = "SELECT `username` FROM `users` WHERE `username` LIKE ?;";
$bind = "s";
$bind_variables = array( "%{$username}%" );
$result = sql::sql( $sql, $bind, $bind_variables, formatJSEND( "error", "Error selecting user information." ) );
$user_list = array();
foreach( $result as $row ) {
array_push( $user_list, $row["username"] );
}
if( mysqli_num_rows( $result ) > 0 ) {
switch( $return ) {
case( "exit" ):
exit( formatJSEND( "success", $user_list ) );
break;
case( "json" ):
$return = json_encode( $user_list );
break;
case( "return" ):
$return = $user_list;
break;
}
} else {
switch( $return ) {
case( "exit" ):
exit( formatJSEND( "error", "Error selecting user information." ) );
break;
case( "json" ):
$return = formatJSEND( "error", "Error selecting user information." );
break;
case( "return" ):
$return = null;
break;
}
}
return( $return );
}
//////////////////////////////////////////////////////////////////
// Verify Account Exists
//////////////////////////////////////////////////////////////////
@ -320,22 +391,4 @@ class User {
}
echo( $pass );
}
//////////////////////////////////////////////////////////////////
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
$this->password = sha1( md5( $this->password ) );
}
//////////////////////////////////////////////////////////////////
// Clean username
//////////////////////////////////////////////////////////////////
public static function CleanUsername( $username ) {
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $username );
}
}

View file

@ -54,9 +54,8 @@ if ($_GET['action']=='authenticate') {
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='logout') {
session_unset();
session_destroy();
session_start();
logout();
}
//////////////////////////////////////////////////////////////////
@ -90,27 +89,6 @@ if ($_GET['action']=='delete') {
}
}
//////////////////////////////////////////////////////////////////
// Set Project Access
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='project_access') {
if (checkAccess()) {
if (!isset($_GET['username'])) {
die(formatJSEND("error", "Missing username"));
}
$User->username = $_GET['username'];
//No project selected
if (isset($_POST['projects'])) {
$User->projects = $_POST['projects'];
} else {
$User->projects = array();
}
$User->Project_Access();
}
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
@ -141,11 +119,26 @@ if ($_GET['action']=='project') {
$User->Project();
}
//////////////////////////////////////////////////////////////////
// Search Users
//////////////////////////////////////////////////////////////////
if ( $_GET['action'] == 'search_users' ) {
if ( ! isset( $_GET['search_term'] ) ) {
die( formatJSEND( "error", "Missing search term" ) );
}
$User->search_users( $_GET['search_term'], "exit" );
}
//////////////////////////////////////////////////////////////////
// Verify User Account
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='verify') {
$User->username = $_SESSION['user'];
$User->Verify();
//$User->Verify();
checkSession();
}

View file

@ -5,9 +5,9 @@
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
require_once('../../common.php');
require_once('./class.user.php');
$User = new User();
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
@ -44,13 +44,12 @@
<?php
// Get projects JSON data
$users = getJSON('users.php');
$users = $User->list_users();
foreach( $users as $user => $data ){
?>
<tr>
<td width="150"><?php echo($data['username']); ?></td>
<td width="85"><a onclick="codiad.user.password('<?php echo($data['username']); ?>');" class="icon-flashlight bigger-icon"></a></td>
<td width="75"><a onclick="codiad.user.projects('<?php echo($data['username']); ?>');" class="icon-archive bigger-icon"></a></td>
<?php
if($_SESSION['user'] == $data['username']){
?>
@ -96,45 +95,6 @@
<?php
break;
//////////////////////////////////////////////////////////////////////
// Set Project Access
//////////////////////////////////////////////////////////////////////
case 'projects':
// Get project list
$projects = getJSON('projects.php');
// Get control list (if exists)
$projects_assigned = false;
if(file_exists(BASE_PATH . "/data/" . $_GET['username'] . '_acl.php')){
$projects_assigned = getJSON($_GET['username'] . '_acl.php');
}
?>
<form>
<input type="hidden" name="username" value="<?php echo($_GET['username']); ?>">
<label><?php i18n("Project Access for "); ?><?php echo(ucfirst($_GET['username'])); ?></label>
<select name="access_level" onchange="if($(this).val()=='0'){ $('#project-selector').slideUp(300); }else{ $('#project-selector').slideDown(300).css({'overflow-y':'scroll'}); }">
<option value="0" <?php if(!$projects_assigned){ echo('selected="selected"'); } ?>><?php i18n("Access ALL Projects"); ?></option>
<option value="1" <?php if($projects_assigned){ echo('selected="selected"'); } ?>><?php i18n("Only Selected Projects"); ?></option>
</select>
<div id="project-selector" <?php if(!$projects_assigned){ echo('style="display: none;"'); } ?>>
<table>
<?php
// Build list
foreach($projects as $project=>$data){
$sel = '';
if($projects_assigned && in_array($data['path'],$projects_assigned)){ $sel = 'checked="checked"'; }
echo('<tr><td width="5"><input type="checkbox" name="project" '.$sel.' id="'.$data['path'].'" value="'.$data['path'].'"></td><td>'.$data['name'].'</td></tr>');
}
?>
</table>
</div>
<button class="btn-left"><?php i18n("Confirm"); ?></button>
<button class="btn-right" onclick="codiad.user.list();return false;"><?php i18n("Close"); ?></button>
<?php
break;
//////////////////////////////////////////////////////////////////////
// Delete User
//////////////////////////////////////////////////////////////////////

View file

@ -30,7 +30,13 @@
});
// Get Theme
if( codiad.settings !== undefined ) {
var theme = await codiad.settings.get_option( 'codiad.theme' );
} else {
var theme = 'default';
}
$("#theme option").each(function()
{
if($(this).val() == theme) {
@ -39,7 +45,14 @@
});
// Get Language
if( codiad.settings !== undefined ) {
var language = await codiad.settings.get_option('codiad.language');
} else {
var language = 'en';
}
$("#language option").each(function()
{
if($(this).val() == language) {
@ -130,6 +143,7 @@
if (pass) {
$.post(_this.controller + '?action=create', {'username' : username , 'password' : password1 }, function(data) {
var createResponse = codiad.jsend.parse(data);
console.log( data );
if (createResponse != 'error') {
codiad.message.success(i18n('User Account Created'))
_this.list();

View file

@ -270,10 +270,10 @@ if( defined( "SITE_NAME" ) && ! ( SITE_NAME === "" || SITE_NAME === null ) ) {
<div class="project-list-title">
<h2><?php i18n("Projects"); ?></h2>
<a id="projects-collapse" class="icon-down-dir icon" alt="<?php i18n("Collapse"); ?>"></a>
<?php if(checkAccess()) { ?>
<?php //if(checkAccess()) { ?>
<a id="projects-manage" class="icon-archive icon"></a>
<a id="projects-create" class="icon-plus icon" alt="<?php i18n("Create Project"); ?>"></a>
<?php } ?>
<?php //} ?>
</div>
<div class="sb-projects-content"></div>