Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-11-10 21:26:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Continued implementation of new table structures, New SQL procedures, and New function principles, Updated saving methods to support PHP 7.4 and deprecation of magic_quotes

Browse Source
This commit is contained in:
xevidos 2019-10-16 10:20:09 -04:00
parent ecd0f63d63
commit fa0889268a
19 changed files with 372 additions and 947 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
common.php
View File

@ -167,8 +167,8 @@ class Common {
public static function is_admin() {
global $sql;
$query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;";
$bind_variables = array( $_SESSION["user"], "admin" );
$query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
$bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
$admin = ( $return > 0 );
return $admin;
@ -316,32 +316,7 @@ class Common {
public static function startSession() {
Common::construct();
//Set a Session Name
session_name( md5( BASE_PATH ) );
session_save_path( SESSIONS_PATH );
session_start();
if( ! defined( 'SESSION_ID' ) ) {
define( "SESSION_ID", session_id() );
}
//Check for external authentification
if( defined( 'AUTH_PATH' ) ) {
require_once( AUTH_PATH );
}
global $lang;
if ( isset( $_SESSION['lang'] ) ) {
include BASE_PATH . "/languages/{$_SESSION['lang']}.php";
} else {
include BASE_PATH . "/languages/" . LANGUAGE . ".php";
}
Common::start_session();
}
//////////////////////////////////////////////////////////////////

30
components/active/class.active.php
View File

@ -14,7 +14,6 @@ class Active extends Common {
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $username = "";
public $path = "";
public $new_path = "";
@ -34,7 +33,7 @@ class Active extends Common {
public static function remove( $path ) {
global $sql;
$query = "DELETE FROM active WHERE path=? AND username=?;";
$query = "DELETE FROM active WHERE path=? AND user=?;";
$bind_variables = array( $path, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@ -46,8 +45,8 @@ class Active extends Common {
public function ListActive() {
global $sql;
$query = "SELECT path, position, focused FROM active WHERE username=?";
$bind_variables = array( $this->username );
$query = "SELECT path, position, focused FROM active WHERE user=?";
$bind_variables = array( $_SESSION["user_id"] );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
$root = WORKSPACE;
@ -82,7 +81,7 @@ class Active extends Common {
public function Check() {
global $sql;
$query = "SELECT username FROM active WHERE path=?";
$query = "SELECT user FROM active WHERE path=?";
$bind_variables = array( $this->path );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
@ -92,10 +91,11 @@ class Active extends Common {
foreach( $result as $id => $data ) {
array_push( $users, $data["username"] );
if( $data["username"] == $this->username ) {
array_push( $users, $data["user"] );
if( $data["user"] == $_SESSION ) {
$user = true;
break;
}
}
@ -115,8 +115,8 @@ class Active extends Common {
public function Add() {
global $sql;
$query = "INSERT INTO active( username, path, focused ) VALUES ( ?, ?, ? );";
$bind_variables = array( $this->username, $this->path, false );
$query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
$bind_variables = array( $_SESSION["user_id"], $this->path, false );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -149,8 +149,8 @@ class Active extends Common {
public function RemoveAll() {
global $sql;
$query = "DELETE FROM active WHERE username=?;";
$bind_variables = array( $this->username );
$query = "DELETE FROM active WHERE user=?;";
$bind_variables = array( $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -167,8 +167,8 @@ class Active extends Common {
public function MarkFileAsFocused() {
global $sql;
$query = "UPDATE active SET focused=? WHERE username=?;UPDATE active SET focused=? WHERE path=? AND username=?;";
$bind_variables = array( false, $this->username, true, $this->path, $this->username );
$query = "UPDATE active SET focused=? WHERE user=?;UPDATE active SET focused=? WHERE path=? AND user=?;";
$bind_variables = array( false, $_SESSION["user_id"], true, $this->path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -188,8 +188,8 @@ class Active extends Common {
foreach( $positions as $path => $cursor ) {
$query .= "UPDATE active SET position=? WHERE path=? AND username=?;";
array_push( $bind_variables, json_encode( $cursor ), $path, $this->username );
$query .= "UPDATE active SET position=? WHERE path=? AND user=?;";
array_push( $bind_variables, json_encode( $cursor ), $path, $_SESSION["user_id"] );
}
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );

3
components/filemanager/class.filemanager.php
View File

@ -406,7 +406,8 @@ class Filemanager extends Common {
if( $patch && ! $mtime ) {
$response["status"] = "error";
$response["message"] = "mtime parameter not found";
$response["message"] = "invalid mtime parameter not found";
$response["mtime"] = $mtime;
return $response;
}

32
components/filemanager/controller.php
View File

@ -169,24 +169,36 @@ switch( $action ) {
case 'modify':
if( isset( $_POST["content"] ) || isset( $_POST["patch"] ) ) {
if( isset( $_POST["data"] ) ) {
$content = isset( $_POST["content"] ) ? $_POST["content"] : "";
$patch = isset( $_POST["patch"] ) ? $_POST["patch"] : false;
$mtime = isset( $_POST["mtime"] ) ? $_POST["mtime"] : 0;
$data = json_decode( $_POST["data"], true );
if( get_magic_quotes_gpc() ){
if( json_last_error() !== JSON_ERROR_NONE ) {
$content = stripslashes( $content );
$patch = stripslashes( $patch );
$mtime = stripslashes( $mtime );
$data = json_decode( stripslashes( $_POST["data"] ), true );
}
$response = $Filemanager->modify( $path, $content, $mtime );
if( json_last_error() !== JSON_ERROR_NONE ) {
$data = array();
}
if( isset( $data["content"] ) || isset( $data["patch"] ) ) {
$content = isset( $data["content"] ) ? $data["content"] : "";
$patch = isset( $data["patch"] ) ? $data["patch"] : false;
$mtime = isset( $data["mtime"] ) ? $data["mtime"] : 0;
$response = $Filemanager->modify( $path, $content, $patch, $mtime );
} else {
$response["status"] = "error";
$response["message"] = "Missing modification content";
}
} else {
$response["status"] = "error";
$response["message"] = "Missing modification content";
$response["message"] = "Missing save data";
}
break;

14
components/filemanager/init.js
View File

@ -54,10 +54,10 @@
this.noOpen = this.noAudio.concat( this.noFiles, this.noImages ),
this.noBrowser = this.noAudio.concat( this.noImages ),
// Initialize node listener
this.nodeListener();
this.noBrowser = this.noAudio.concat( this.noImages ),
// Initialize node listener
this.nodeListener();
this.auto_reload = ( await codiad.settings.get_option( "codiad.filemanager.autoReloadPreview" ) == "true" );
amplify.subscribe( 'settings.save', async function() {
@ -1066,8 +1066,10 @@
callbacks.error.apply( context, [data] );
}
}
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), data, function( resp ) {
let post = {
"data": JSON.stringify( data )
};
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), post, function( resp ) {
console.log( resp );
resp = $.parseJSON( resp );

53
components/install/install.php
View File

@ -148,8 +148,7 @@ define("WSURL", BASE_URL . "/workspace");
// Marketplace
//define("MARKETURL", "http://market.codiad.com/json");
';
$this->save_file( $this->config, $config_data );
echo( "success" );
return file_put_contents( $this->config, $config_data );
}
function create_project() {
@ -158,10 +157,12 @@ define("WSURL", BASE_URL . "/workspace");
if ( ! $this->is_abs_path( $project_path ) ) {
$project_path = preg_replace( '/[^\w-._@]/', '-', $project_path );
$project_path = preg_replace( '/[^\w\-._@]/', '-', $project_path );
$project_path = $this->username . "/" . $project_path;
if( ! is_dir( $this->workspace . "/" . $project_path ) ) {
mkdir( $this->workspace . "/" . $project_path );
mkdir( $this->workspace . "/" . $project_path, 0755, true );
}
} else {
@ -185,11 +186,12 @@ define("WSURL", BASE_URL . "/workspace");
}
$bind_variables = array(
$project_path,
$this->project_name,
$project_path,
$this->username
);
$query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
$query = "DELETE FROM projects WHERE path = ?;INSERT INTO projects(name, path, owner) VALUES (?,?,( SELECT id FROM users WHERE username = ? LIMIT 1 ));";
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
@ -205,36 +207,31 @@ define("WSURL", BASE_URL . "/workspace");
$result = $this->sql->create_default_tables();
if ( ! $result === true ) {
if ( ! $result["create_tables"] === true ) {
die( '{"message":"Could not tables in database.","error":"' . json_encode( $result ) .'"}' );
exit( json_encode( $result ) );
}
}
function create_user() {
$bind_variables = array(
"",
"",
$this->username,
$this->password,
"",
$this->project_path,
"admin",
"",
""
Permissions::LEVELS["admin"]
);
$query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
$error = $statement->errorInfo();
$query = "INSERT INTO users( username, password, project, access ) VALUES ( ?,?,( SELECT id FROM projects WHERE path = ? LIMIT 1 ),? )";
if( ! $error[0] == "00000" ) {
try {
die( '{"message":"Could not create user in database.","error":"' . addslashes(json_encode( $error )) .'"}' );
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
} catch( exception $e ) {
exit( "Error could not create user: " . $e->getMessage() );
}
$this->set_default_options();
}
@ -269,10 +266,11 @@ define("WSURL", BASE_URL . "/workspace");
$connection = $this->sql->connect();
$this->create_tables();
$this->create_project();
$this->create_user();
$this->create_project();
//exit( "stop" );
$this->create_config();
return "success";
}
function JSEND( $message, $error=null ) {
@ -288,18 +286,11 @@ define("WSURL", BASE_URL . "/workspace");
exit( json_encode( $message ) );
}
function save_file( $file, $data ) {
$write = fopen( $file, 'w' ) or die( '{"message": "can\'t open file"}' );
fwrite( $write, $data );
fclose( $write );
}
public function set_default_options() {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username = ? ), ? );";
$bind_variables = array(
$option["name"],
$this->username,
@ -309,7 +300,7 @@ define("WSURL", BASE_URL . "/workspace");
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username = ? );";
$bind_variables = array(
$option["value"],
$option["name"],

8
components/install/view.php
View File

@ -442,12 +442,12 @@ if(!password_match){ alert('The passwords entered do not match'); }
if(!empty_fields && password_match && check_path){
$.post('components/install/install.php',$('#install').serialize(),function( data ) {
if( data == 'success' ){
console.log( data );
if( data === "success" ){
window.location.reload();
} else {
data = JSON.parse( data );
console.log( data.error );
alert( "An Error Occurred\n" + data.message );
alert( "An Error Occurred. Please check the console for more information.\n" );
}
});
}

8
components/permissions/class.permissions.php
View File

@ -23,6 +23,12 @@ class Permissions {
"admin" => 64,
);
const SYSTEM_LEVELS = array(
"user" => 32,
"admin" => 64,
);
function __construct() {
@ -82,7 +88,7 @@ class Permissions {
if( $data["owner"] == 'nobody' ) {
$access = self::LEVELS["owner"];
} elseif( $data["owner"] == $_SESSION["user"] ) {
} elseif( $data["owner"] == $_SESSION["user_id"] ) {
$access = self::LEVELS["owner"];
} else {

16
components/project/class.project.php
View File

@ -155,13 +155,13 @@ class Project extends Common {
$owner = $result["owner"];
if( $exclude_public ) {
if( $owner == $_SESSION["user"] ) {
if( $owner == $_SESSION["user_id"] ) {
$return = true;
}
} else {
if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
if( $owner == $_SESSION["user_id"] || $owner == 'nobody' ) {
$return = true;
}
@ -217,7 +217,7 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $project, $_SESSION["user_id"], $_SESSION["user_id"] );
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
//$bind_variables = array( $project, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
@ -260,7 +260,7 @@ class Project extends Common {
WHERE owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? );";
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
return( $return );
}
@ -293,14 +293,14 @@ class Project extends Common {
global $sql;
$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
$pass = false;
if( ! empty( $return ) ) {
$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
if( $return > 0 ) {
@ -375,13 +375,13 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name LIMIT 1;";
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
if( ! empty( $return ) ) {
$query = "UPDATE users SET project=? WHERE username=?;";
$bind_variables = array( $this->path, $_SESSION["user"] );
$bind_variables = array( $return["id"], $_SESSION["user"] );
$sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];

2
components/project/dialog.php
View File

@ -96,7 +96,7 @@ switch( $_GET['action'] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Public projects can not be managed'));" class="icon-block bigger-icon"></a></td>
<?php
} elseif( $owner !== $_SESSION["user"] ) {
} elseif( $owner !== $_SESSION["user_id"] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Projects owned by others can not be managed'));" class="icon-block bigger-icon"></a></td>

20
components/settings/class.settings.php
View File

@ -113,7 +113,7 @@ class Settings {
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
} else {
$query = "DELETE FROM options WHERE name=? AND username=?";
$query = "DELETE FROM options WHERE name=? AND user=?";
$bind_variables = array(
$option,
$this->username,
@ -138,17 +138,17 @@ class Settings {
$query = "SELECT value FROM options WHERE name=?;";
$bind_variables = array( $option );
$return = $sql->query( $query, $bind_variables, array() )[0];
$return = $sql->query( $query, $bind_variables, array() );
} else {
$query = "SELECT value FROM user_options WHERE name=? AND username=?;";
$bind_variables = array( $option, $this->username );
$return = $sql->query( $query, $bind_variables, array() )[0];
$query = "SELECT value FROM user_options WHERE name=? AND user=?;";
$bind_variables = array( $option, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
}
if( ! empty( $return ) ) {
$return = $return["value"];
$return = $return[0]["value"];
} else {
$return = null;
@ -259,21 +259,21 @@ class Settings {
}
} else {
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
$bind_variables = array(
$option,
$this->username,
$_SESSION["user_id"],
$value,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
$bind_variables = array(
$value,
$option,
$this->username,
$_SESSION["user_id"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}

2
components/settings/init.js
View File

@ -166,7 +166,7 @@
let _self = codiad.settings;
jQuery.ajax({
url: this.controller + '?action=update_option',
type: "POST",
dataType: 'html',

458
components/sql/class.sql.conversions.php
View File

@ -1,458 +0,0 @@
<?php
class sql_conversions {
public $actions = array(
"create" => array(
"mysql" => "CREATE TABLE IF NOT EXISTS",
"pgsql" => "CREATE TABLE IF NOT EXISTS",
"sqlite" => "CREATE TABLE IF NOT EXISTS",
),
"delete" => array(
"mysql" => "DELETE",
"pgsql" => "DELETE",
"sqlite" => "DELETE",
),
"find" => array(
"mysql" => "LOCATE( %substring%, %string% )",
"pgsql" => "POSITION( %substring% in %string% )",
"sqlite" => "INSTR( %string%, %substring% )",
),
"select" => array(
"mysql" => "SELECT",
"pgsql" => "SELECT",
"sqlite" => "SELECT",
),
"update" => array(
"mysql" => "UPDATE",
"pgsql" => "UPDATE",
"sqlite" => "UPDATE",
),
);
public $comparisons = array(
"equal" => array(
"mysql" => "=",
"pgsql" => "=",
"sqlite" => "=",
),
"less than" => array(
"mysql" => "<",
"pgsql" => "<",
"sqlite" => "<",
),
"more than" => array(
"mysql" => ">",
"pgsql" => ">",
"sqlite" => ">",
),
"not" => array(
"mysql" => "!",
"pgsql" => "!",
"sqlite" => "!",
),
"not equal" => array(
"mysql" => "!=",
"pgsql" => "!=",
"sqlite" => "!=",
),
"where" => array(
"mysql" => "WHERE",
"pgsql" => "WHERE",
"sqlite" => "WHERE",
),
);
public $data_types = array(
"bool" => array(
"mysql" => "BOOL",
"pgsql" => "BOOL",
"sqlite" => "BOOL",
),
"int" => array(
"mysql" => "INT",
"pgsql" => "INT",
"sqlite" => "INT",
),
"string" => array(
"mysql" => "VARCHAR(255)",
"pgsql" => "VARCHAR",
"sqlite" => "VARCHAR",
),
"text" => array(
"mysql" => "TEXT",
"pgsql" => "TEXT",
"sqlite" => "TEXT",
),
);
public $general = array(
"from" => array(
"mysql" => "FROM",
"pgsql" => "FROM",
"sqlite" => "FROM",
),
);
public $specials = array(
"id" => array(
"mysql" => "NOT NULL AUTO_INCREMENT PRIMARY KEY",
"pgsql" => "SERIAL PRIMARY KEY",
"sqlite" => "SERIAL PRIMARY KEY",
),
"key" => array(
"mysql" => "KEY",
"pgsql" => "KEY",
"sqlite" => "KEY",
),
"auto increment" => array(
"mysql" => "AUTO_INCREMENT",
"pgsql" => "AUTO_INCREMENT",
"sqlite" => "AUTO_INCREMENT",
),
"not null" => array(
"mysql" => "NOT NULL",
"pgsql" => "NOT NULL",
"sqlite" => "NOT NULL",
),
"null" => array(
"mysql" => "NULL",
"pgsql" => "NULL",
"sqlite" => "NULL",
),
"unique" => array(
"mysql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
"pgsql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
"sqlite" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
),
);
public $wraps = array(
"close" => array(
"mysql" => "`",
"mssql" => "]",
"pgsql" => "\"",
"sqlite" => "\"",
),
"open" => array(
"mysql" => "`",
"mssql" => "[",
"pgsql" => "\"",
"sqlite" => "\"",
),
);
public function check_field( $needle, $haystack ) {
$field = preg_replace_callback(
// Matches parts to be replaced: '[field]'
'/(\[.*?\])/',
// Callback function. Use 'use()' or define arrays as 'global'
function( $matches ) use ( $haystack ) {
// Remove square brackets from the match
// then use it as variable name
$match = trim( $matches[1], "[]" );
return $match;
},
// Input string to search in.
$needle
);
if( $field === $needle ) {
$field = false;
}
return $field;
}
public function find( $substring, $string ) {
$dbtype = DBTYPE;
$find_string = $this->actions["find"][$dbtype];
$find_string = str_replace( "%string%", $string, $find_string );
$find_string = str_replace( "%substring%", $substring, $find_string );
return $find_string;
}
public function select( $table, $fields, $where ) {
$dbtype = DBTYPE;
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$query = $this->actions["select"][$dbtype] . " ";
$bind_vars = array();
if( empty( $fields ) ) {
$query .= " * ";
}
foreach( $fields as $field ) {
$query .= $field . ",";
}
$query = substr( $query, 0, -1 );
$query .= " {$this->general["from"][$dbtype]} {$table} ";
if( ! empty( $where ) ) {
$query .= " {$this->comparisons["where"][$dbtype]} ";
}
foreach( $where as $comparison ) {
$comparison_string = "";
//Put a replace of %% symbols with fields and open / close
if( $comparison[0] == "find" ) {
$c1 = $this->check_field( $comparison[1], $fields );
$c2 = $this->check_field( $comparison[2], $fields );
$c3 = $this->check_field( $comparison[3][1], $fields );
if( ! $c1 === FALSE ) {
$c1 = $id_open . $c1 . $id_close;
} else {
$c1 = "?";
array_push( $bind_vars, $comparison[1] );
}
if( ! $c2 === FALSE ) {
$c2 = $id_open . $c2 . $id_close;
} else {
$c2 = "?";
array_push( $bind_vars, $comparison[2] );
}
if( ! $c3 === FALSE ) {
$c3 = $id_open . $c3 . $id_close;
} else {
$c3 = "?";
array_push( $bind_vars, $comparison[3][1] );
}
$c0 = $this->find( $c1, $c2 );
$comparison_string .= "{$c0} {$this->comparisons[$comparison[3][0]][$dbtype]} {$c3}";
} elseif( $comparison[0] == "in" ) {
} elseif( $comparison[0] == "limit" ) {
} else {
if( in_array( $fields, $comparison[1] ) ) {
$comparison[1] = $id_open . $comparison[1] . $id_close;
}
if( in_array( $fields, $comparison[3] ) ) {
$comparison[3] = $id_open . $comparison[3] . $id_close;
}
$comparison_string .= "{$comparison[1]} {$this->$comparisons[$comparison[0]][$dbtype]} {$comparison[2]}";
}
$index = array_search( $comparison, $where );
if( $index ) {
} else {
$query .= "{$comparison_string} ";
}
}
//$query = substr( $query, 0, -1 );
$query .= ";";
return array( $query, $bind_vars );
}
public function table( $table_name, $fields, $attributes ) {
$dbtype = DBTYPE;
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$query = "{$this->actions["create"][$dbtype]} {$table_name} (";
foreach( $fields as $id => $type ) {
$query .= "{$id} {$this->data_types[$type][$dbtype]}";
if( isset( $attributes[$id] ) ) {
foreach( $attributes[$id] as $attribute ) {
$attribute_string = $this->specials["$attribute"][$dbtype];
if( $attribute == "unique" ) {
continue;
}
if( $dbtype == "pgsql" ) {
if( $id == "id" ) {
$query = substr( $query, 0, -( strlen( " {$this->data_types[$type][$dbtype]}" ) ) );
}
}
if( ! strpos( $attribute_string, "%table_name%" ) === FALSE ) {
$attribute_string = str_replace( "%table_name%", $table_name, $attribute_string );
}
if( ! strpos( $attribute_string, "%fields%" ) === FALSE ) {
$fields_string = "";
foreach( $fields as $field ) {
$fields_string .= "{$id_open}field{$id_close},";
}
$fields_string = substr( $fields_string, 0, -1 );
$attribute_string = str_replace( "%fields%", $fields_string, $attribute_string );
}
$query .= " {$attribute_string}";
}
}
$query .= ",";
}
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$fields_string = "";
$unique_string = "";
$unique_length = 0;
foreach( $attributes as $id => $attribute ) {
if( in_array( "unique", $attribute ) ) {
$unique_length++;
}
}
foreach( $attributes as $id => $attribute ) {
if( is_array( $attribute ) && in_array( "unique", $attribute ) ) {
if( $unique_string == "" ) {
$unique_string = $this->specials["unique"][$dbtype] . ",";
}
if( $dbtype == "mysql" && $fields ) {
if( $fields[$id] == "text" ) {
$field_length = ( 3000 / $unique_length );
$fields_string .= "{$id_open}{$id}{$id_close}($field_length),";
} elseif( $fields[$id] == "string" ) {
$field_length = ( 3000 / $unique_length );
$fields_string .= "{$id_open}{$id}{$id_close}(255),";
}
} else {
$fields_string .= "{$id_open}{$id}{$id_close},";
}
}
}
$unique_string = str_replace( "%constraint_name%", strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $fields_string ) ), $unique_string );
$unique_string = str_replace( "%field_names%", substr( $fields_string, 0, -1 ), $unique_string );
$query .= $unique_string;
$query = substr( $query, 0, -1 );
$query .= ")";
if( $dbtype == "mysql" ) {
$query .= " ENGINE=InnoDB;";
} else {
$query .= ";";
}
return( $query );
}
public function tables( $tables ) {
$query = "";
foreach( $tables as $table_name => $table_data ) {
$query .= $this->table( $table_name, $table_data["fields"], $table_data["attributes"] ) . PHP_EOL;
}
return( $query );
}
public function update( $table, $fields, $where ) {
}
}
?>

390
components/sql/class.sql.php
View File

@ -54,141 +54,27 @@ class sql {
public function create_default_tables() {
$create_tables = $this->create_tables(
array(
"active" => array(
"fields" => array(
"username" => "string",
"path" => "text",
"position" => "string",
"focused" => "string"
),
"attributes" => array(
"username" => array( "not null" ),
"path" => array( "not null" ),
"focused" => array( "not null" ),
)
),
"access" => array(
"fields" => array(
"project" => "int",
"user" => "int",
"level" => "int",
),
"attributes" => array(
"id" => array( "not null" ),
"user" => array( "not null" ),
"level" => array( "not null" ),
)
),
"options" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"value" => "text",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null", "unique" ),
"value" => array( "not null" ),
)
),
"projects" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"path" => "text",
"owner" => "string",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null" ),
"path" => array( "not null", "unique" ),
"owner" => array( "not null", "unique" ),
)
),
"users" => array(
"fields" => array(
"id" => "int",
"first_name" => "string",
"last_name" => "string",
"username" => "string",
"password" => "text",
"email" => "string",
"project" => "int",
"access" => "string",
"token" => "string",
),
"attributes" => array(
"id" => array( "id" ),
"username" => array( "not null", "unique" ),
"password" => array( "not null" ),
"access" => array( "not null" ),
)
),
"user_options" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"username" => "string",
"value" => "text",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null", "unique" ),
"username" => array( "not null", "unique" ),
"value" => array( "not null" ),
)
),
)
);
$create_tables = $this->create_tables();
$structure_updates = $this->update_table_structure();
$result = array(
"create_tables" => $create_tables,
"structure_updates" => $structure_updates
);
exit( json_encode( $result, JSON_PRETTY_PRINT ) );
return $result;
}
public function create_tables( $table ) {
public function create_tables() {
/**
Tables layout
array(
"table_name" => array(
"fields" => array(
"id" => "int",
"test_field" => "string"
),
"attributes" => array(
"id" => array( "id" ),
"test_field" => array( "not null" ),
)
),
"table2_name" => array(
"fields" => array(
"id" => "int",
"test_field" => "string"
),
"attributes" => array(
"id" => array( "id" ),
"test_field" => array( "not null" ),
)
)
);
*/
$script = __DIR__ . "/scripts/" . DBTYPE . ".sql";
try {
if( ! is_file( $script ) ) {
$query = $this->conversions->tables( $table );
return "Error, no database scripts specified for currently selected dbtype.";
}
try {
$query = file_get_contents( $script );
$connection = $this->connect();
$result = $connection->exec( $query );
return true;
@ -227,130 +113,148 @@ class sql {
return self::$instance;
}
public function select( $table, $fields=array(), $where=array() ) {
$array = $this->conversions->select( $table, $fields, $where );
$query = $array[0];
$bind_vars = $array[1];
$result = $this->query( $query, $bind_vars, array() );
//echo var_dump( $query, $bind_vars ) . "<br>";
return $result;
}
public function update( $table, $fields=array(), $where=array() ) {
$query = $this->conversions->update( $table, $fields, $where );
//echo var_dump( $query ) . "<br>";
//return $query;
}
public function update_table_structure() {
$status_updates = array();
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
$status_updates["access_column"] = "Cached data and removed access column.";
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["access_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No access column to convert."
);
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert && strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_current_project"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Users current project column to project_id conversion failed."
);
}
try {
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_groups_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
);
}
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
//$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
$status_updates["access_column"] = "Cached data and removed access column.";
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["access_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No access column to convert."
);
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]} WHERE username = '{$user["username"]}';";
}
}
}
if( $convert && strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project INT", array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_current_project"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Users current project column to project_id conversion failed."
);
}
try {
$update_query = "";
$options = $this->query( "SELECT id, name, username, value FROM user_options", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $options as $row => $option ) {
if( $option["username"] == $user["username"] ) {
$update_query .= "UPDATE user_options SET user={$user["id"]} WHERE id={$option["id"]};";
}
}
}
if( strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE user_options DROP COLUMN username", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE user_options ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["username_user_option_column"] = array( "dev_message" => "User options username column needed no conversion." );
}
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["username_user_option_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No username column to convert."
);
}
try {
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_groups_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
);
}
try {

22
components/sql/scripts/mysql.sql
View File

@ -1,3 +1,13 @@
--
-- Table structure for table `access`
--
CREATE TABLE IF NOT EXISTS `access` (
`user` int NOT NULL,
`project` int NOT NULL,
`level` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `active`
--
@ -9,16 +19,6 @@ CREATE TABLE IF NOT EXISTS `active` (
`focused` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `access`
--
CREATE TABLE IF NOT EXISTS `access` (
`user` int NOT NULL,
`project` int NOT NULL,
`level` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `projects` (
`id` int PRIMARY KEY AUTO_INCREMENT NOT NULL,
`name` varchar(255) NOT NULL,
`path` text NOT NULL,
`owner` int NOT NULL,
`owner` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

139
components/user/class.user.php
View File

@ -10,25 +10,10 @@ require_once( "../settings/class.settings.php" );
class User {
const ACCESS = array(
"admin",
"user"
);
//////////////////////////////////////////////////////////////////
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $access = 'user';
public $username = '';
public $password = '';
public $project = '';
public $projects = '';
public $users = '';
public $actives = '';
public $lang = '';
public $theme = '';
//////////////////////////////////////////////////////////////////
// METHODS
//////////////////////////////////////////////////////////////////
@ -43,46 +28,47 @@ class User {
}
public function add_user() {
public function add_user( $username, $password, $access ) {
global $sql;
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$bind_variables = array( $username, $password, $access, null );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
$pass = false;
if( $return > 0 ) {
$this->set_default_options();
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
} else {
exit( formatJSEND( "error", "The Username is Already Taken" ) );
$this->set_default_options( $username );
$pass = true;
}
return false;
}
public function delete_user() {
public function delete_user( $username ) {
global $sql;
$query = "DELETE FROM user_options WHERE username=?;";
$bind_variables = array( $this->username );
$query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
$bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
//TODO: add new permissions system to delete cleanup
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
$bind_variables = array(
$this->username,
$username,
"null",
null,
"[]",
"",
json_encode( array( $this->username ) )
json_encode( array( $username ) )
);
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
$query = "DELETE FROM users WHERE username=?;";
$bind_variables = array( $this->username );
$bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -134,26 +120,26 @@ class User {
}
}
public function set_default_options() {
public function set_default_options( $username ) {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
global $sql;
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
$bind_variables = array(
$option["name"],
$this->username,
$username,
$option["value"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
$bind_variables = array(
$option["value"],
$option["name"],
$this->username,
$username,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@ -164,59 +150,18 @@ class User {
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate() {
public function Authenticate( $username, $password ) {
if( $this->username == "" || $this->password == "" ) {
if( $username == "" || $password == "" ) {
exit( formatJSEND( "error", "Username or password can not be blank." ) );
}
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 );
}
$permissions = array(
"755",
"0755"
);
$server_user = posix_getpwuid( posix_geteuid() );
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
if( is_array( $server_user ) ) {
$server_user = $server_user["uid"];
}
if( ! ( $sessions_owner === $server_user ) ) {
try {
chown( SESSIONS_PATH, $server_user );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
}
}
if( ! in_array( $sessions_permissions, $permissions ) ) {
try {
chmod( SESSIONS_PATH, 00755 );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
}
return false;
}
global $sql;
$pass = false;
$this->EncryptPassword();
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
/**
@ -226,17 +171,17 @@ class User {
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
if( ! empty( $return ) ) {
$query = "UPDATE users SET password=? WHERE username=?;";
$bind_variables = array( $this->password, $this->username );
$bind_variables = array( $password, $username );
$return = $sql->query( $query, $bind_variables, array() );
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
}
}
@ -247,17 +192,15 @@ class User {
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['user'] = $username;
$_SESSION['user_id'] = $user["id"];
$_SESSION['token'] = $token;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
@ -265,16 +208,9 @@ class User {
$_SESSION['project_id'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );
}
if( $pass ) {
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "Incorrect Username or Password" );
$this->checkDuplicateSessions( $username );
}
return $pass;
}
/**
@ -356,10 +292,9 @@ class User {
// Create Account
//////////////////////////////////////////////////////////////////
public function Create() {
public function Create( $username, $password ) {
$this->EncryptPassword();
$this->add_user();
$this->add_user( $username, $password );
}
//////////////////////////////////////////////////////////////////
@ -375,9 +310,9 @@ class User {
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
private function encrypt_password( $password ) {
$this->password = sha1( md5( $this->password ) );
return sha1( md5( $password ) );
}
//////////////////////////////////////////////////////////////////
@ -421,11 +356,11 @@ class User {
}
}
public function update_access() {
public function update_access( $username, $access ) {
global $sql;
$query = "UPDATE users SET access=? WHERE username=?;";
$bind_variables = array( $this->access, $this->username );
$bind_variables = array( $access, $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -433,7 +368,7 @@ class User {
echo formatJSEND( "success", "Updated access for {$this->username}" );
} else {
echo formatJSEND( "error", "Error updating project" );
echo formatJSEND( "error", "Error updating access" );
}
}

80
components/user/controller.php
View File

@ -36,22 +36,73 @@ if($_GET['action']=='authenticate') {
die( formatJSEND( "error", "Missing username or password" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$username = User::CleanUsername( $_POST['username'] );
$password = $User->encrypt_password( $_POST['password'] );
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
if( isset( $languages[$_POST['language']] ) ) {
$User->lang = $_POST['language'];
$lang = $_POST['language'];
} else {
$User->lang = 'en';
$lang = 'en';
}
// theme
$User->theme = $_POST['theme'];
$User->Authenticate();
$theme = $_POST['theme'];
$permissions = array(
"755",
"0755"
);
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 );
}
$server_user = getmyuid();
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = fileowner( SESSIONS_PATH );
if( is_array( $server_user ) ) {
$server_user = $server_user["uid"];
}
if( ! ( $sessions_owner === $server_user ) ) {
try {
chown( SESSIONS_PATH, $server_user );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
}
}
if( ! in_array( $sessions_permissions, $permissions ) ) {
try {
chmod( SESSIONS_PATH, 00755 );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
}
}
$pass = $User->Authenticate( $username, $password );
if( $pass ) {
$_SESSION['lang'] = $lang;
$_SESSION['theme'] = $theme;
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
} else {
exit( formatJSEND( "error", "Incorrect Username or Password" ) );
}
}
//////////////////////////////////////////////////////////////////
@ -86,9 +137,9 @@ if( $_GET['action'] == 'create' ) {
exit( formatJSEND( "error", "Invalid characters in username" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
$username = User::CleanUsername( $_POST['username'] );
$password = $User->encrypt_password( $_POST['password'] );
$User->Create( $username, $password );
}
}
@ -174,7 +225,7 @@ if( $_GET['action'] == 'update_access' ) {
checkSession();
if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) {
die( formatJSEND( "error", "Could not update access." ) );
}
@ -184,7 +235,10 @@ if( $_GET['action'] == 'update_access' ) {
die( formatJSEND( "error", "You do not have permission to update user's access." ) );
}
$User->username = $_GET["username"];
$User->access = $_GET["access"];
$User->update_access();
if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) {
exit( formatJSEND( "error", "Invalid access level specified." ) );
}
$User->update_access( $_POST["user"], $_POST["access"] );
}

4
components/user/dialog.php
View File

@ -72,10 +72,10 @@ switch($_GET['action']){
<td width="75">
<select onchange="codiad.user.update_access( event, '<?php echo( $data['username'] ); ?>' )">
<?php
foreach( User::ACCESS as $role ) {
foreach( Permissions::SYSTEM_LEVELS as $role => $id ) {
?>
<option value="<?php echo $role;?>" <?php if( $data["access"] == $role ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
<option value="<?php echo $id;?>" <?php if( $data["access"] == $id ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
<?php
}
?>

7
components/user/init.js
View File

@ -266,7 +266,7 @@
$.get(this.controller + '?action=project&project=' + project);
},
update_access: function( e, username=null ) {
update_access: function( e, username ) {
let access = "";
@ -278,7 +278,10 @@
access = e.target.value;
}
$.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) {
$.post( this.controller + `?action=update_access`, {
username: username,
access: access,
}, function( data ) {
let response = codiad.jsend.parse( data );
if( response != 'error' ) {