Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-11-10 21:26:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changed error messages, Removed Debug messages, Removed version update function, Updated regex for path, Reformatted user controller, Added server side checks to create user function, Removed unique from active columns in create default tables, Removed groups column from users, Added upgrade table structure function

Browse Source
This commit is contained in:
xevidos 2019-07-08 22:34:39 -04:00
parent 0dedba59d2
commit c2d0662a23
11 changed files with 335 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
components/filemanager/class.filemanager.php
View File

@ -434,7 +434,7 @@ class Filemanager extends Common {
} else {
$this->status = "error";
$this->message = "Cannot Create File";
$this->message = "Cannot Create File at " . $this->path;
}
} else {
@ -556,8 +556,6 @@ class Filemanager extends Common {
if ( ! file_exists( $new_path ) ) {
echo var_dump( Permissions::has_create( $this->path ) );
if ( Permissions::has_create( $this->path ) && rename( $this->path, $new_path ) ) {
//unlink($this->path);
@ -817,7 +815,7 @@ class Filemanager extends Common {
} elseif( $invalid_characters && ( $_GET['action'] == "modify" || $_GET['action'] == "delete" ) ) {
} else {
$path = preg_replace( '/[^A-Za-z0-9\-\._\/\ ]/', '', $path );
$path = preg_replace( '/[^A-Za-z0-9\-\._@\/\ ]/', '', $path );
}
return $path;
}

3
components/permissions/class.permissions.php
View File

@ -53,9 +53,6 @@ class Permissions {
public static function check_path( $level, $path ) {
$user_level = self::get_access( $path );
echo var_dump( $level, $user_level, $path );
return self::check_access( $level, $user_level );
}

6
components/project/class.project.php
View File

@ -226,7 +226,7 @@ class Project extends Common {
} else {
$return = formatJSEND( "error", "Error fetching projects." );
$return = formatJSEND( "error", "No projects found." );
}
return( $return );
@ -243,7 +243,7 @@ class Project extends Common {
if( empty( $return ) ) {
$return = formatJSEND( "error", "Error fetching projects." );
$return = formatJSEND( "error", "No projects found." );
}
} else {
@ -265,7 +265,7 @@ class Project extends Common {
if( empty( $return ) ) {
$return = formatJSEND( "error", "Error fetching projects." );
$return = formatJSEND( "error", "No projects found." );
}
return( $return );

2
components/project/controller.php
View File

@ -73,7 +73,7 @@ if( $_GET['action'] == 'add_user' ) {
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'create' ) {
$Project->name = $_GET['project_name'];
if( $_GET['public_project'] == 'true' ) {

248
components/sql/class.sql.php
View File

@ -54,7 +54,7 @@ class sql {
public function create_default_tables() {
$result = $this->create_tables(
$create_tables = $this->create_tables(
array(
"active" => array(
"fields" => array(
@ -64,8 +64,8 @@ class sql {
"focused" => "string"
),
"attributes" => array(
"username" => array( "not null", "unique" ),
"path" => array( "not null", "unique" ),
"username" => array( "not null" ),
"path" => array( "not null" ),
"focused" => array( "not null" ),
)
),
@ -118,7 +118,6 @@ class sql {
"email" => "string",
"project" => "int",
"access" => "string",
"groups" => "string",
"token" => "string",
),
"attributes" => array(
@ -144,106 +143,12 @@ class sql {
),
)
);
if( $result === true ) {
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
try {
$projects = $this->query( "ALTER TABLE projects DROP CONSTRAINT path1500owner255;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
try {
$projects = $this->query( "ALTER TABLE active DROP CONSTRAINT username255path1500;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
}
}
return $result;
$structure_updates = $this->update_table_structure();
$result = array(
"create_tables" => $create_tables,
"structure_updates" => $structure_updates
);
exit( json_encode( $result, JSON_PRETTY_PRINT ) );
}
public function create_tables( $table ) {
@ -339,6 +244,141 @@ class sql {
//return $query;
}
public function update_table_structure() {
$status_updates = array();
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
$status_updates["access_column"] = "Cached data and removed access column.";
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["access_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No access column to convert."
);
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert && strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_current_project"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Users current project column to project_id conversion failed."
);
}
try {
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_groups_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
);
}
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
try {
$projects = $this->query( "ALTER TABLE projects DROP $constraint path1500owner255;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["path_owner_constraint"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of path1500owner255 constraint in the projects table failed. This usually means there was never one to begin with"
);
}
try {
$projects = $this->query( "ALTER TABLE active DROP $constraint username255path1500;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["username_path_constraint"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of username255path1500 constraint in the active table failed. This usually means there was never one to begin with"
);
}
}
return $status_updates;
}
public function query( $query, $bind_variables, $default, $action='fetchAll', $errors="default" ) {
/**

2
components/system/controller.php
View File

@ -19,7 +19,7 @@ if ( $_POST['action'] == 'create_default_tables' ) {
global $sql;
$result = $sql->create_default_tables();
echo var_dump( $result );
//echo var_dump( $result );
if( $result === true ) {

92
components/update/update.php
View File

@ -177,7 +177,7 @@ class updater {
$sql = new sql();
$connection = $sql->connect();
$result = $sql->create_default_tables();
$result = $sql->recreate_default_tables();
$upgrade_function = str_replace( ".", "_", $this->update::VERSION );
if( is_callable( array( $this, $upgrade_function ) ) ) {
@ -597,96 +597,6 @@ class updater {
$return = "true";
}
}
function v_2_9_6() {
//This function should run to upgrade our database version from less than 2.9.6
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
if( $convert ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
$constraint = ( DBTYPE == "mysql" ) ? "INDEX" : "CONSTRAINT";
try {
$projects = $this->query( "ALTER TABLE projects DROP $constraint path1500owner255;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
try {
$projects = $this->query( "ALTER TABLE active DROP $constraint username255path1500;", array(), 0, "rowCount", "exception" );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
}
}
if( isset( $_GET["action"] ) && $_GET["action"] !== '' ) {

4
components/user/class.user.php
View File

@ -53,10 +53,10 @@ class User {
if( $return > 0 ) {
$this->set_default_options();
echo formatJSEND( "success", array( "username" => $this->username ) );
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
} else {
echo formatJSEND( "error", "The Username is Already Taken" );
exit( formatJSEND( "error", "The Username is Already Taken" ) );
}
}

274
components/user/controller.php
View File

@ -1,164 +1,190 @@
<?php
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
/*
* Copyright (c) Codiad & Kent Safranski (codiad.com), distributed
* as-is and without warranty under the MIT License. See
* [root]/license.txt for more. This information must remain intact.
*/
require_once('../../common.php');
require_once('class.user.php');
require_once('../../common.php');
require_once('class.user.php');
if (!isset($_GET['action'])) {
die(formatJSEND("error", "Missing parameter"));
}
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
if ($_GET['action']!='authenticate') {
checkSession();
if( ! isset( $_GET['action'] ) ) {
die( formatJSEND( "error", "Missing parameter" ) );
}
$User = new User();
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='authenticate') {
if (!isset($_POST['username']) || !isset($_POST['password'])) {
die(formatJSEND("error", "Missing username or password"));
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
if (isset($languages[ $_POST['language'] ])) {
$User->lang = $_POST['language'];
} else {
$User->lang = 'en';
}
// theme
$User->theme = $_POST['theme'];
$User->Authenticate();
if( $_GET['action'] != 'authenticate' ) {
checkSession();
}
//////////////////////////////////////////////////////////////////
// Logout
//////////////////////////////////////////////////////////////////
$User = new User();
if ($_GET['action']=='logout') {
//////////////////////////////////////////////////////////////////
// Authenticate
//////////////////////////////////////////////////////////////////
if($_GET['action']=='authenticate') {
if( ! isset( $_POST['username'] ) || ! isset( $_POST['password'] ) ) {
die( formatJSEND( "error", "Missing username or password" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
if( isset( $languages[$_POST['language']] ) ) {
$User->lang = $_POST['language'];
} else {
$User->lang = 'en';
}
// theme
$User->theme = $_POST['theme'];
$User->Authenticate();
}
//////////////////////////////////////////////////////////////////
// Logout
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'logout' ) {
logout();
}
//////////////////////////////////////////////////////////////////
// Create User
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Create User
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='create') {
if (checkAccess()) {
if (!isset($_POST['username']) || !isset($_POST['password'])) {
die(formatJSEND("error", "Missing username or password"));
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
}
}
//////////////////////////////////////////////////////////////////
// Delete User
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='delete') {
if (checkAccess()) {
if (!isset($_GET['username'])) {
die(formatJSEND("error", "Missing username"));
}
$User->username = User::CleanUsername( $_GET['username'] );
$User->Delete();
}
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='password') {
if (!isset($_POST['username']) || !isset($_POST['password'])) {
die(formatJSEND("error", "Missing username or password"));
}
if (checkAccess() || $_POST['username'] == $_SESSION['user']) {
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Password();
}
}
//////////////////////////////////////////////////////////////////
// Change Project
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='project') {
if (!isset($_GET['project'])) {
die(formatJSEND("error", "Missing project"));
}
$User->username = $_SESSION['user'];
$User->project = $_GET['project'];
$User->Project();
}
//////////////////////////////////////////////////////////////////
// Search Users
//////////////////////////////////////////////////////////////////
if ( $_GET['action'] == 'search_users' ) {
if( $_GET['action'] == 'create' ) {
if ( ! isset( $_GET['search_term'] ) ) {
if( checkAccess() ) {
if ( ! isset( $_POST['username'] ) || ! isset( $_POST['password'] ) ) {
exit( formatJSEND( "error", "Missing username or password" ) );
}
if ( ! ( $_POST['password'] === $_POST['password2'] ) ) {
exit( formatJSEND( "error", "Passwords do not match" ) );
}
if ( preg_match( '/[^\w\-\._@]/', $_POST['username'] ) ) {
exit( formatJSEND( "error", "Invalid characters in username" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
}
}
//////////////////////////////////////////////////////////////////
// Delete User
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'delete' ) {
if( checkAccess() ) {
if( ! isset( $_GET['username'] ) ) {
die( formatJSEND( "error", "Missing username" ) );
}
$User->username = User::CleanUsername( $_GET['username'] );
$User->Delete();
}
}
//////////////////////////////////////////////////////////////////
// Change Password
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'password' ) {
if( ! isset( $_POST['username']) || ! isset( $_POST['password'] ) ) {
die( formatJSEND( "error", "Missing username or password" ) );
}
if( $_POST['username'] == $_SESSION['user'] || is_admin() ) {
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Password();
}
}
//////////////////////////////////////////////////////////////////
// Change Project
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'project' ) {
if( ! isset( $_GET['project'] ) ) {
die( formatJSEND( "error", "Missing project" ) );
}
$User->username = $_SESSION['user'];
$User->project = $_GET['project'];
$User->Project();
}
//////////////////////////////////////////////////////////////////
// Search Users
//////////////////////////////////////////////////////////////////
if( $_GET['action'] == 'search_users' ) {
if( ! isset( $_GET['search_term'] ) ) {
die( formatJSEND( "error", "Missing search term" ) );
}
search_users( $_GET['search_term'], "exit", true );
}
//////////////////////////////////////////////////////////////////
// Verify User Account
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Verify User Account
//////////////////////////////////////////////////////////////////
if ($_GET['action']=='verify') {
$User->username = $_SESSION['user'];
//$User->Verify();
checkSession();
if( $_GET['action'] == 'verify' ) {
$User->username = $_SESSION['user'];
checkSession();
}
if ( $_GET['action'] == 'update_access' ) {
if( $_GET['action'] == 'update_access' ) {
checkSession();
if ( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
die( formatJSEND( "error", "Could not update access." ) );
}
if( ! is_admin() ) {
die( formatJSEND( "error", "You do not have permission to update access." ) );
die( formatJSEND( "error", "You do not have permission to update user's access." ) );
}
$User->username = $_GET["username"];
$User->access = $_GET["access"];
$User->access = $_GET["access"];
$User->update_access();
}

64
components/user/init.js
View File

@ -130,41 +130,39 @@
var _this = this;
codiad.modal.load(400, this.dialog + '?action=create');
$('#modal-content form')
.live('submit', function(e) {
e.preventDefault();
var pass = true;
var username = $('#modal-content form input[name="username"]')
.val();
var password1 = $('#modal-content form input[name="password1"]')
.val();
var password2 = $('#modal-content form input[name="password2"]')
.val();
.live('submit', function(e) {
e.preventDefault();
var pass = true;
var username = $('#modal-content form input[name="username"]')
.val();
var password1 = $('#modal-content form input[name="password1"]')
.val();
var password2 = $('#modal-content form input[name="password2"]')
.val();
// Check matching passwords
if(password1 != password2) {
// Check matching passwords
if(password1 != password2) {
codiad.message.error(i18n('Passwords Do Not Match'));
pass = false;
}
codiad.message.error(i18n('Passwords Do Not Match'));
pass = false;
}
if( pass ) {
// Check no spaces in username
if(!/^[a-z0-9]+$/i.test(username) || username.length === 0) {
codiad.message.error(i18n('Username Must Be Alphanumeric String'));
pass = false;
}
if(pass) {
$.post(_this.controller + '?action=create', {
'username': username,
'password': password1
}, function(data) {
var createResponse = codiad.jsend.parse(data);
if(createResponse != 'error') {
codiad.message.success(i18n('User Account Created'))
_this.list();
}
});
}
});
$.post( _this.controller + '?action=create', {
'username': username,
'password': password1,
'password2': password2,
}, function(data) {
var createResponse = codiad.jsend.parse( data );
if( createResponse != 'error' ) {
codiad.message.success( i18n( 'User Account Created' ) )
_this.list();
}
});
}
});
},
//////////////////////////////////////////////////////////////////

6
js/system.js
View File

@ -135,12 +135,6 @@
},
success: function( data ) {
let response = codiad.jsend.parse( data );
if( response != 'error' ) {
codiad.message.success( i18n( 'Created Default Tables' ) );
}
console.log( data );
},
error: function(jqXHR, textStatus, errorThrown) {