diff --git a/common.php b/common.php
index bed198f..0df0af7 100755
--- a/common.php
+++ b/common.php
@@ -167,8 +167,8 @@ class Common {
public static function is_admin() {
global $sql;
- $query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;";
- $bind_variables = array( $_SESSION["user"], "admin" );
+ $query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
+ $bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
$admin = ( $return > 0 );
return $admin;
@@ -316,32 +316,7 @@ class Common {
public static function startSession() {
- Common::construct();
-
- //Set a Session Name
- session_name( md5( BASE_PATH ) );
- session_save_path( SESSIONS_PATH );
- session_start();
-
- if( ! defined( 'SESSION_ID' ) ) {
-
- define( "SESSION_ID", session_id() );
- }
-
- //Check for external authentification
- if( defined( 'AUTH_PATH' ) ) {
-
- require_once( AUTH_PATH );
- }
-
- global $lang;
- if ( isset( $_SESSION['lang'] ) ) {
-
- include BASE_PATH . "/languages/{$_SESSION['lang']}.php";
- } else {
-
- include BASE_PATH . "/languages/" . LANGUAGE . ".php";
- }
+ Common::start_session();
}
//////////////////////////////////////////////////////////////////
diff --git a/components/active/class.active.php b/components/active/class.active.php
index dac9313..bee6d72 100755
--- a/components/active/class.active.php
+++ b/components/active/class.active.php
@@ -14,7 +14,6 @@ class Active extends Common {
// PROPERTIES
//////////////////////////////////////////////////////////////////
- public $username = "";
public $path = "";
public $new_path = "";
@@ -34,7 +33,7 @@ class Active extends Common {
public static function remove( $path ) {
global $sql;
- $query = "DELETE FROM active WHERE path=? AND username=?;";
+ $query = "DELETE FROM active WHERE path=? AND user=?;";
$bind_variables = array( $path, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@@ -46,8 +45,8 @@ class Active extends Common {
public function ListActive() {
global $sql;
- $query = "SELECT path, position, focused FROM active WHERE username=?";
- $bind_variables = array( $this->username );
+ $query = "SELECT path, position, focused FROM active WHERE user=?";
+ $bind_variables = array( $_SESSION["user_id"] );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
$root = WORKSPACE;
@@ -82,7 +81,7 @@ class Active extends Common {
public function Check() {
global $sql;
- $query = "SELECT username FROM active WHERE path=?";
+ $query = "SELECT user FROM active WHERE path=?";
$bind_variables = array( $this->path );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
@@ -92,10 +91,11 @@ class Active extends Common {
foreach( $result as $id => $data ) {
- array_push( $users, $data["username"] );
- if( $data["username"] == $this->username ) {
+ array_push( $users, $data["user"] );
+ if( $data["user"] == $_SESSION ) {
$user = true;
+ break;
}
}
@@ -115,8 +115,8 @@ class Active extends Common {
public function Add() {
global $sql;
- $query = "INSERT INTO active( username, path, focused ) VALUES ( ?, ?, ? );";
- $bind_variables = array( $this->username, $this->path, false );
+ $query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
+ $bind_variables = array( $_SESSION["user_id"], $this->path, false );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@@ -149,8 +149,8 @@ class Active extends Common {
public function RemoveAll() {
global $sql;
- $query = "DELETE FROM active WHERE username=?;";
- $bind_variables = array( $this->username );
+ $query = "DELETE FROM active WHERE user=?;";
+ $bind_variables = array( $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@@ -167,8 +167,8 @@ class Active extends Common {
public function MarkFileAsFocused() {
global $sql;
- $query = "UPDATE active SET focused=? WHERE username=?;UPDATE active SET focused=? WHERE path=? AND username=?;";
- $bind_variables = array( false, $this->username, true, $this->path, $this->username );
+ $query = "UPDATE active SET focused=? WHERE user=?;UPDATE active SET focused=? WHERE path=? AND user=?;";
+ $bind_variables = array( false, $_SESSION["user_id"], true, $this->path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@@ -188,8 +188,8 @@ class Active extends Common {
foreach( $positions as $path => $cursor ) {
- $query .= "UPDATE active SET position=? WHERE path=? AND username=?;";
- array_push( $bind_variables, json_encode( $cursor ), $path, $this->username );
+ $query .= "UPDATE active SET position=? WHERE path=? AND user=?;";
+ array_push( $bind_variables, json_encode( $cursor ), $path, $_SESSION["user_id"] );
}
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
diff --git a/components/filemanager/class.filemanager.php b/components/filemanager/class.filemanager.php
index b5f668d..601aad5 100755
--- a/components/filemanager/class.filemanager.php
+++ b/components/filemanager/class.filemanager.php
@@ -406,7 +406,8 @@ class Filemanager extends Common {
if( $patch && ! $mtime ) {
$response["status"] = "error";
- $response["message"] = "mtime parameter not found";
+ $response["message"] = "invalid mtime parameter not found";
+ $response["mtime"] = $mtime;
return $response;
}
diff --git a/components/filemanager/controller.php b/components/filemanager/controller.php
index e82422e..69fadab 100755
--- a/components/filemanager/controller.php
+++ b/components/filemanager/controller.php
@@ -169,24 +169,36 @@ switch( $action ) {
case 'modify':
- if( isset( $_POST["content"] ) || isset( $_POST["patch"] ) ) {
+ if( isset( $_POST["data"] ) ) {
- $content = isset( $_POST["content"] ) ? $_POST["content"] : "";
- $patch = isset( $_POST["patch"] ) ? $_POST["patch"] : false;
- $mtime = isset( $_POST["mtime"] ) ? $_POST["mtime"] : 0;
+ $data = json_decode( $_POST["data"], true );
- if( get_magic_quotes_gpc() ){
+ if( json_last_error() !== JSON_ERROR_NONE ) {
- $content = stripslashes( $content );
- $patch = stripslashes( $patch );
- $mtime = stripslashes( $mtime );
+ $data = json_decode( stripslashes( $_POST["data"] ), true );
}
- $response = $Filemanager->modify( $path, $content, $mtime );
+ if( json_last_error() !== JSON_ERROR_NONE ) {
+
+ $data = array();
+ }
+
+ if( isset( $data["content"] ) || isset( $data["patch"] ) ) {
+
+ $content = isset( $data["content"] ) ? $data["content"] : "";
+ $patch = isset( $data["patch"] ) ? $data["patch"] : false;
+ $mtime = isset( $data["mtime"] ) ? $data["mtime"] : 0;
+
+ $response = $Filemanager->modify( $path, $content, $patch, $mtime );
+ } else {
+
+ $response["status"] = "error";
+ $response["message"] = "Missing modification content";
+ }
} else {
$response["status"] = "error";
- $response["message"] = "Missing modification content";
+ $response["message"] = "Missing save data";
}
break;
diff --git a/components/filemanager/init.js b/components/filemanager/init.js
index d93914c..62b20ad 100755
--- a/components/filemanager/init.js
+++ b/components/filemanager/init.js
@@ -54,10 +54,10 @@
this.noOpen = this.noAudio.concat( this.noFiles, this.noImages ),
- this.noBrowser = this.noAudio.concat( this.noImages ),
-
- // Initialize node listener
- this.nodeListener();
+ this.noBrowser = this.noAudio.concat( this.noImages ),
+
+ // Initialize node listener
+ this.nodeListener();
this.auto_reload = ( await codiad.settings.get_option( "codiad.filemanager.autoReloadPreview" ) == "true" );
amplify.subscribe( 'settings.save', async function() {
@@ -1066,8 +1066,10 @@
callbacks.error.apply( context, [data] );
}
}
-
- $.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), data, function( resp ) {
+ let post = {
+ "data": JSON.stringify( data )
+ };
+ $.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), post, function( resp ) {
console.log( resp );
resp = $.parseJSON( resp );
diff --git a/components/install/install.php b/components/install/install.php
index 4d9e1ee..07ea2a1 100644
--- a/components/install/install.php
+++ b/components/install/install.php
@@ -148,8 +148,7 @@ define("WSURL", BASE_URL . "/workspace");
// Marketplace
//define("MARKETURL", "http://market.codiad.com/json");
';
- $this->save_file( $this->config, $config_data );
- echo( "success" );
+ return file_put_contents( $this->config, $config_data );
}
function create_project() {
@@ -158,10 +157,12 @@ define("WSURL", BASE_URL . "/workspace");
if ( ! $this->is_abs_path( $project_path ) ) {
- $project_path = preg_replace( '/[^\w-._@]/', '-', $project_path );
+ $project_path = preg_replace( '/[^\w\-._@]/', '-', $project_path );
+ $project_path = $this->username . "/" . $project_path;
+
if( ! is_dir( $this->workspace . "/" . $project_path ) ) {
- mkdir( $this->workspace . "/" . $project_path );
+ mkdir( $this->workspace . "/" . $project_path, 0755, true );
}
} else {
@@ -185,11 +186,12 @@ define("WSURL", BASE_URL . "/workspace");
}
$bind_variables = array(
+ $project_path,
$this->project_name,
$project_path,
$this->username
);
- $query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
+ $query = "DELETE FROM projects WHERE path = ?;INSERT INTO projects(name, path, owner) VALUES (?,?,( SELECT id FROM users WHERE username = ? LIMIT 1 ));";
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
@@ -205,36 +207,31 @@ define("WSURL", BASE_URL . "/workspace");
$result = $this->sql->create_default_tables();
- if ( ! $result === true ) {
+ if ( ! $result["create_tables"] === true ) {
- die( '{"message":"Could not tables in database.","error":"' . json_encode( $result ) .'"}' );
+ exit( json_encode( $result ) );
}
}
function create_user() {
$bind_variables = array(
- "",
- "",
$this->username,
$this->password,
- "",
$this->project_path,
- "admin",
- "",
- ""
+ Permissions::LEVELS["admin"]
);
- $query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
- $connection = $this->sql->connect();
- $statement = $connection->prepare( $query );
- $statement->execute( $bind_variables );
- $error = $statement->errorInfo();
+ $query = "INSERT INTO users( username, password, project, access ) VALUES ( ?,?,( SELECT id FROM projects WHERE path = ? LIMIT 1 ),? )";
- if( ! $error[0] == "00000" ) {
+ try {
- die( '{"message":"Could not create user in database.","error":"' . addslashes(json_encode( $error )) .'"}' );
+ $connection = $this->sql->connect();
+ $statement = $connection->prepare( $query );
+ $statement->execute( $bind_variables );
+ } catch( exception $e ) {
+
+ exit( "Error could not create user: " . $e->getMessage() );
}
-
$this->set_default_options();
}
@@ -269,10 +266,11 @@ define("WSURL", BASE_URL . "/workspace");
$connection = $this->sql->connect();
$this->create_tables();
- $this->create_project();
$this->create_user();
+ $this->create_project();
//exit( "stop" );
$this->create_config();
+ return "success";
}
function JSEND( $message, $error=null ) {
@@ -288,18 +286,11 @@ define("WSURL", BASE_URL . "/workspace");
exit( json_encode( $message ) );
}
- function save_file( $file, $data ) {
-
- $write = fopen( $file, 'w' ) or die( '{"message": "can\'t open file"}' );
- fwrite( $write, $data );
- fclose( $write );
- }
-
public function set_default_options() {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
- $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+ $query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username = ? ), ? );";
$bind_variables = array(
$option["name"],
$this->username,
@@ -309,7 +300,7 @@ define("WSURL", BASE_URL . "/workspace");
if( $result == 0 ) {
- $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+ $query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username = ? );";
$bind_variables = array(
$option["value"],
$option["name"],
diff --git a/components/install/view.php b/components/install/view.php
index 0796f85..63168d9 100755
--- a/components/install/view.php
+++ b/components/install/view.php
@@ -442,12 +442,12 @@ if(!password_match){ alert('The passwords entered do not match'); }
if(!empty_fields && password_match && check_path){
$.post('components/install/install.php',$('#install').serialize(),function( data ) {
-if( data == 'success' ){
+console.log( data );
+
+if( data === "success" ){
window.location.reload();
} else {
-data = JSON.parse( data );
-console.log( data.error );
-alert( "An Error Occurred\n" + data.message );
+alert( "An Error Occurred. Please check the console for more information.\n" );
}
});
}
diff --git a/components/permissions/class.permissions.php b/components/permissions/class.permissions.php
index 55512f9..b082bb5 100644
--- a/components/permissions/class.permissions.php
+++ b/components/permissions/class.permissions.php
@@ -23,6 +23,12 @@ class Permissions {
"admin" => 64,
);
+ const SYSTEM_LEVELS = array(
+
+ "user" => 32,
+ "admin" => 64,
+ );
+
function __construct() {
@@ -82,7 +88,7 @@ class Permissions {
if( $data["owner"] == 'nobody' ) {
$access = self::LEVELS["owner"];
- } elseif( $data["owner"] == $_SESSION["user"] ) {
+ } elseif( $data["owner"] == $_SESSION["user_id"] ) {
$access = self::LEVELS["owner"];
} else {
diff --git a/components/project/class.project.php b/components/project/class.project.php
index c4c0b68..d22cd12 100755
--- a/components/project/class.project.php
+++ b/components/project/class.project.php
@@ -155,13 +155,13 @@ class Project extends Common {
$owner = $result["owner"];
if( $exclude_public ) {
- if( $owner == $_SESSION["user"] ) {
+ if( $owner == $_SESSION["user_id"] ) {
$return = true;
}
} else {
- if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
+ if( $owner == $_SESSION["user_id"] || $owner == 'nobody' ) {
$return = true;
}
@@ -217,7 +217,7 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
- $bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
+ $bind_variables = array( $project, $_SESSION["user_id"], $_SESSION["user_id"] );
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
//$bind_variables = array( $project, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
@@ -260,7 +260,7 @@ class Project extends Common {
WHERE owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? );";
- $bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
+ $bind_variables = array( $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
return( $return );
}
@@ -293,14 +293,14 @@ class Project extends Common {
global $sql;
$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
- $bind_variables = array( $old_name, $path, $_SESSION["user"] );
+ $bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
$pass = false;
if( ! empty( $return ) ) {
$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
- $bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
+ $bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
if( $return > 0 ) {
@@ -375,13 +375,13 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name LIMIT 1;";
- $bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
+ $bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
if( ! empty( $return ) ) {
$query = "UPDATE users SET project=? WHERE username=?;";
- $bind_variables = array( $this->path, $_SESSION["user"] );
+ $bind_variables = array( $return["id"], $_SESSION["user"] );
$sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];
diff --git a/components/project/dialog.php b/components/project/dialog.php
index 6d1416b..b70dbe4 100755
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@@ -96,7 +96,7 @@ switch( $_GET['action'] ) {
?>
|
|
diff --git a/components/settings/class.settings.php b/components/settings/class.settings.php
index f46fadb..fc2afc3 100755
--- a/components/settings/class.settings.php
+++ b/components/settings/class.settings.php
@@ -113,7 +113,7 @@ class Settings {
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
} else {
- $query = "DELETE FROM options WHERE name=? AND username=?";
+ $query = "DELETE FROM options WHERE name=? AND user=?";
$bind_variables = array(
$option,
$this->username,
@@ -138,17 +138,17 @@ class Settings {
$query = "SELECT value FROM options WHERE name=?;";
$bind_variables = array( $option );
- $return = $sql->query( $query, $bind_variables, array() )[0];
+ $return = $sql->query( $query, $bind_variables, array() );
} else {
- $query = "SELECT value FROM user_options WHERE name=? AND username=?;";
- $bind_variables = array( $option, $this->username );
- $return = $sql->query( $query, $bind_variables, array() )[0];
+ $query = "SELECT value FROM user_options WHERE name=? AND user=?;";
+ $bind_variables = array( $option, $_SESSION["user_id"] );
+ $return = $sql->query( $query, $bind_variables, array() );
}
if( ! empty( $return ) ) {
- $return = $return["value"];
+ $return = $return[0]["value"];
} else {
$return = null;
@@ -259,21 +259,21 @@ class Settings {
}
} else {
- $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+ $query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
$bind_variables = array(
$option,
- $this->username,
+ $_SESSION["user_id"],
$value,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
- $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+ $query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
$bind_variables = array(
$value,
$option,
- $this->username,
+ $_SESSION["user_id"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
diff --git a/components/settings/init.js b/components/settings/init.js
index cd28450..3f4d0ee 100755
--- a/components/settings/init.js
+++ b/components/settings/init.js
@@ -166,7 +166,7 @@
let _self = codiad.settings;
jQuery.ajax({
-
+
url: this.controller + '?action=update_option',
type: "POST",
dataType: 'html',
diff --git a/components/sql/class.sql.conversions.php b/components/sql/class.sql.conversions.php
deleted file mode 100644
index ccea77d..0000000
--- a/components/sql/class.sql.conversions.php
+++ /dev/null
@@ -1,458 +0,0 @@
- array(
-
- "mysql" => "CREATE TABLE IF NOT EXISTS",
- "pgsql" => "CREATE TABLE IF NOT EXISTS",
- "sqlite" => "CREATE TABLE IF NOT EXISTS",
- ),
-
- "delete" => array(
-
- "mysql" => "DELETE",
- "pgsql" => "DELETE",
- "sqlite" => "DELETE",
- ),
-
- "find" => array(
-
- "mysql" => "LOCATE( %substring%, %string% )",
- "pgsql" => "POSITION( %substring% in %string% )",
- "sqlite" => "INSTR( %string%, %substring% )",
- ),
-
- "select" => array(
-
- "mysql" => "SELECT",
- "pgsql" => "SELECT",
- "sqlite" => "SELECT",
- ),
-
- "update" => array(
-
- "mysql" => "UPDATE",
- "pgsql" => "UPDATE",
- "sqlite" => "UPDATE",
- ),
- );
-
- public $comparisons = array(
-
- "equal" => array(
-
- "mysql" => "=",
- "pgsql" => "=",
- "sqlite" => "=",
- ),
-
- "less than" => array(
-
- "mysql" => "<",
- "pgsql" => "<",
- "sqlite" => "<",
- ),
-
- "more than" => array(
-
- "mysql" => ">",
- "pgsql" => ">",
- "sqlite" => ">",
- ),
-
- "not" => array(
-
- "mysql" => "!",
- "pgsql" => "!",
- "sqlite" => "!",
- ),
-
- "not equal" => array(
-
- "mysql" => "!=",
- "pgsql" => "!=",
- "sqlite" => "!=",
- ),
-
- "where" => array(
-
- "mysql" => "WHERE",
- "pgsql" => "WHERE",
- "sqlite" => "WHERE",
- ),
- );
-
- public $data_types = array(
-
- "bool" => array(
-
- "mysql" => "BOOL",
- "pgsql" => "BOOL",
- "sqlite" => "BOOL",
- ),
-
- "int" => array(
-
- "mysql" => "INT",
- "pgsql" => "INT",
- "sqlite" => "INT",
- ),
-
- "string" => array(
-
- "mysql" => "VARCHAR(255)",
- "pgsql" => "VARCHAR",
- "sqlite" => "VARCHAR",
- ),
-
- "text" => array(
-
- "mysql" => "TEXT",
- "pgsql" => "TEXT",
- "sqlite" => "TEXT",
- ),
- );
-
- public $general = array(
-
- "from" => array(
-
- "mysql" => "FROM",
- "pgsql" => "FROM",
- "sqlite" => "FROM",
- ),
- );
-
- public $specials = array(
-
- "id" => array(
-
- "mysql" => "NOT NULL AUTO_INCREMENT PRIMARY KEY",
- "pgsql" => "SERIAL PRIMARY KEY",
- "sqlite" => "SERIAL PRIMARY KEY",
- ),
-
- "key" => array(
-
- "mysql" => "KEY",
- "pgsql" => "KEY",
- "sqlite" => "KEY",
- ),
-
- "auto increment" => array(
-
- "mysql" => "AUTO_INCREMENT",
- "pgsql" => "AUTO_INCREMENT",
- "sqlite" => "AUTO_INCREMENT",
- ),
-
- "not null" => array(
-
- "mysql" => "NOT NULL",
- "pgsql" => "NOT NULL",
- "sqlite" => "NOT NULL",
- ),
-
- "null" => array(
-
- "mysql" => "NULL",
- "pgsql" => "NULL",
- "sqlite" => "NULL",
- ),
-
- "unique" => array(
-
- "mysql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
- "pgsql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
- "sqlite" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
- ),
- );
-
- public $wraps = array(
-
- "close" => array(
-
- "mysql" => "`",
- "mssql" => "]",
- "pgsql" => "\"",
- "sqlite" => "\"",
- ),
-
- "open" => array(
-
- "mysql" => "`",
- "mssql" => "[",
- "pgsql" => "\"",
- "sqlite" => "\"",
- ),
- );
-
- public function check_field( $needle, $haystack ) {
-
- $field = preg_replace_callback(
- // Matches parts to be replaced: '[field]'
- '/(\[.*?\])/',
- // Callback function. Use 'use()' or define arrays as 'global'
- function( $matches ) use ( $haystack ) {
-
- // Remove square brackets from the match
- // then use it as variable name
- $match = trim( $matches[1], "[]" );
- return $match;
- },
- // Input string to search in.
- $needle
- );
-
- if( $field === $needle ) {
-
- $field = false;
- }
- return $field;
- }
-
- public function find( $substring, $string ) {
-
- $dbtype = DBTYPE;
- $find_string = $this->actions["find"][$dbtype];
- $find_string = str_replace( "%string%", $string, $find_string );
- $find_string = str_replace( "%substring%", $substring, $find_string );
-
- return $find_string;
- }
-
- public function select( $table, $fields, $where ) {
-
- $dbtype = DBTYPE;
- $id_close = $this->wraps["close"][$dbtype];
- $id_open = $this->wraps["open"][$dbtype];
- $query = $this->actions["select"][$dbtype] . " ";
- $bind_vars = array();
-
- if( empty( $fields ) ) {
-
- $query .= " * ";
- }
-
- foreach( $fields as $field ) {
-
- $query .= $field . ",";
- }
-
- $query = substr( $query, 0, -1 );
- $query .= " {$this->general["from"][$dbtype]} {$table} ";
-
- if( ! empty( $where ) ) {
-
- $query .= " {$this->comparisons["where"][$dbtype]} ";
- }
-
- foreach( $where as $comparison ) {
-
- $comparison_string = "";
-
- //Put a replace of %% symbols with fields and open / close
- if( $comparison[0] == "find" ) {
-
- $c1 = $this->check_field( $comparison[1], $fields );
- $c2 = $this->check_field( $comparison[2], $fields );
- $c3 = $this->check_field( $comparison[3][1], $fields );
-
- if( ! $c1 === FALSE ) {
-
- $c1 = $id_open . $c1 . $id_close;
- } else {
-
- $c1 = "?";
- array_push( $bind_vars, $comparison[1] );
- }
-
- if( ! $c2 === FALSE ) {
-
- $c2 = $id_open . $c2 . $id_close;
- } else {
-
- $c2 = "?";
- array_push( $bind_vars, $comparison[2] );
- }
-
- if( ! $c3 === FALSE ) {
-
- $c3 = $id_open . $c3 . $id_close;
- } else {
-
- $c3 = "?";
- array_push( $bind_vars, $comparison[3][1] );
- }
-
- $c0 = $this->find( $c1, $c2 );
- $comparison_string .= "{$c0} {$this->comparisons[$comparison[3][0]][$dbtype]} {$c3}";
- } elseif( $comparison[0] == "in" ) {
-
-
- } elseif( $comparison[0] == "limit" ) {
-
-
- } else {
-
- if( in_array( $fields, $comparison[1] ) ) {
-
- $comparison[1] = $id_open . $comparison[1] . $id_close;
- }
-
- if( in_array( $fields, $comparison[3] ) ) {
-
- $comparison[3] = $id_open . $comparison[3] . $id_close;
- }
-
- $comparison_string .= "{$comparison[1]} {$this->$comparisons[$comparison[0]][$dbtype]} {$comparison[2]}";
- }
-
- $index = array_search( $comparison, $where );
-
- if( $index ) {
-
- } else {
-
- $query .= "{$comparison_string} ";
- }
- }
-
- //$query = substr( $query, 0, -1 );
- $query .= ";";
- return array( $query, $bind_vars );
- }
-
- public function table( $table_name, $fields, $attributes ) {
-
- $dbtype = DBTYPE;
- $id_close = $this->wraps["close"][$dbtype];
- $id_open = $this->wraps["open"][$dbtype];
-
- $query = "{$this->actions["create"][$dbtype]} {$table_name} (";
-
- foreach( $fields as $id => $type ) {
-
- $query .= "{$id} {$this->data_types[$type][$dbtype]}";
-
- if( isset( $attributes[$id] ) ) {
-
- foreach( $attributes[$id] as $attribute ) {
-
- $attribute_string = $this->specials["$attribute"][$dbtype];
-
- if( $attribute == "unique" ) {
-
- continue;
- }
-
- if( $dbtype == "pgsql" ) {
-
- if( $id == "id" ) {
-
- $query = substr( $query, 0, -( strlen( " {$this->data_types[$type][$dbtype]}" ) ) );
- }
- }
-
- if( ! strpos( $attribute_string, "%table_name%" ) === FALSE ) {
-
- $attribute_string = str_replace( "%table_name%", $table_name, $attribute_string );
- }
-
- if( ! strpos( $attribute_string, "%fields%" ) === FALSE ) {
-
- $fields_string = "";
-
- foreach( $fields as $field ) {
-
- $fields_string .= "{$id_open}field{$id_close},";
- }
-
- $fields_string = substr( $fields_string, 0, -1 );
- $attribute_string = str_replace( "%fields%", $fields_string, $attribute_string );
- }
- $query .= " {$attribute_string}";
- }
- }
- $query .= ",";
- }
-
- $id_close = $this->wraps["close"][$dbtype];
- $id_open = $this->wraps["open"][$dbtype];
- $fields_string = "";
- $unique_string = "";
- $unique_length = 0;
-
- foreach( $attributes as $id => $attribute ) {
-
- if( in_array( "unique", $attribute ) ) {
-
- $unique_length++;
- }
- }
-
- foreach( $attributes as $id => $attribute ) {
-
- if( is_array( $attribute ) && in_array( "unique", $attribute ) ) {
-
- if( $unique_string == "" ) {
-
- $unique_string = $this->specials["unique"][$dbtype] . ",";
- }
- if( $dbtype == "mysql" && $fields ) {
-
- if( $fields[$id] == "text" ) {
-
- $field_length = ( 3000 / $unique_length );
- $fields_string .= "{$id_open}{$id}{$id_close}($field_length),";
- } elseif( $fields[$id] == "string" ) {
-
- $field_length = ( 3000 / $unique_length );
- $fields_string .= "{$id_open}{$id}{$id_close}(255),";
- }
- } else {
-
- $fields_string .= "{$id_open}{$id}{$id_close},";
- }
- }
- }
-
- $unique_string = str_replace( "%constraint_name%", strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $fields_string ) ), $unique_string );
- $unique_string = str_replace( "%field_names%", substr( $fields_string, 0, -1 ), $unique_string );
- $query .= $unique_string;
-
- $query = substr( $query, 0, -1 );
- $query .= ")";
-
- if( $dbtype == "mysql" ) {
-
- $query .= " ENGINE=InnoDB;";
- } else {
-
- $query .= ";";
- }
-
- return( $query );
- }
-
- public function tables( $tables ) {
-
- $query = "";
-
- foreach( $tables as $table_name => $table_data ) {
-
- $query .= $this->table( $table_name, $table_data["fields"], $table_data["attributes"] ) . PHP_EOL;
- }
- return( $query );
- }
-
- public function update( $table, $fields, $where ) {
-
-
- }
-}
-
-?>
diff --git a/components/sql/class.sql.php b/components/sql/class.sql.php
index 5201bf3..4f46465 100755
--- a/components/sql/class.sql.php
+++ b/components/sql/class.sql.php
@@ -54,141 +54,27 @@ class sql {
public function create_default_tables() {
- $create_tables = $this->create_tables(
- array(
- "active" => array(
- "fields" => array(
- "username" => "string",
- "path" => "text",
- "position" => "string",
- "focused" => "string"
- ),
- "attributes" => array(
- "username" => array( "not null" ),
- "path" => array( "not null" ),
- "focused" => array( "not null" ),
- )
- ),
- "access" => array(
- "fields" => array(
- "project" => "int",
- "user" => "int",
- "level" => "int",
- ),
- "attributes" => array(
- "id" => array( "not null" ),
- "user" => array( "not null" ),
- "level" => array( "not null" ),
- )
- ),
- "options" => array(
- "fields" => array(
- "id" => "int",
- "name" => "string",
- "value" => "text",
- ),
- "attributes" => array(
- "id" => array( "id" ),
- "name" => array( "not null", "unique" ),
- "value" => array( "not null" ),
- )
- ),
- "projects" => array(
- "fields" => array(
- "id" => "int",
- "name" => "string",
- "path" => "text",
- "owner" => "string",
- ),
- "attributes" => array(
-
- "id" => array( "id" ),
- "name" => array( "not null" ),
- "path" => array( "not null", "unique" ),
- "owner" => array( "not null", "unique" ),
- )
- ),
- "users" => array(
- "fields" => array(
- "id" => "int",
- "first_name" => "string",
- "last_name" => "string",
- "username" => "string",
- "password" => "text",
- "email" => "string",
- "project" => "int",
- "access" => "string",
- "token" => "string",
- ),
- "attributes" => array(
- "id" => array( "id" ),
- "username" => array( "not null", "unique" ),
- "password" => array( "not null" ),
- "access" => array( "not null" ),
- )
- ),
- "user_options" => array(
- "fields" => array(
- "id" => "int",
- "name" => "string",
- "username" => "string",
- "value" => "text",
- ),
- "attributes" => array(
- "id" => array( "id" ),
- "name" => array( "not null", "unique" ),
- "username" => array( "not null", "unique" ),
- "value" => array( "not null" ),
- )
- ),
- )
- );
+ $create_tables = $this->create_tables();
$structure_updates = $this->update_table_structure();
$result = array(
"create_tables" => $create_tables,
"structure_updates" => $structure_updates
);
- exit( json_encode( $result, JSON_PRETTY_PRINT ) );
+ return $result;
}
- public function create_tables( $table ) {
+ public function create_tables() {
- /**
- Tables layout
- array(
-
- "table_name" => array(
-
- "fields" => array(
-
- "id" => "int",
- "test_field" => "string"
- ),
- "attributes" => array(
-
- "id" => array( "id" ),
- "test_field" => array( "not null" ),
- )
- ),
- "table2_name" => array(
-
- "fields" => array(
-
- "id" => "int",
- "test_field" => "string"
- ),
- "attributes" => array(
-
- "id" => array( "id" ),
- "test_field" => array( "not null" ),
- )
- )
- );
- */
+ $script = __DIR__ . "/scripts/" . DBTYPE . ".sql";
- try {
+ if( ! is_file( $script ) ) {
- $query = $this->conversions->tables( $table );
+ return "Error, no database scripts specified for currently selected dbtype.";
+ }
+
+ try {
+
+ $query = file_get_contents( $script );
$connection = $this->connect();
$result = $connection->exec( $query );
return true;
@@ -227,130 +113,148 @@ class sql {
return self::$instance;
}
- public function select( $table, $fields=array(), $where=array() ) {
-
- $array = $this->conversions->select( $table, $fields, $where );
- $query = $array[0];
- $bind_vars = $array[1];
- $result = $this->query( $query, $bind_vars, array() );
- //echo var_dump( $query, $bind_vars ) . "
";
- return $result;
- }
-
- public function update( $table, $fields=array(), $where=array() ) {
-
- $query = $this->conversions->update( $table, $fields, $where );
- //echo var_dump( $query ) . "
";
- //return $query;
- }
-
public function update_table_structure() {
$status_updates = array();
- $sql_conversions = new sql_conversions();
-
- try {
-
- $access_query = "INSERT INTO access( project, user, level ) VALUES ";
- $projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
- $users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
- $delete = Permissions::LEVELS["delete"];
-
- foreach( $users as $row => $user ) {
-
- foreach( $projects as $row => $project ) {
-
- $access = json_decode( $project["access"], true );
- if( ! is_array( $access ) || empty( $access ) ) {
-
- continue;
- }
-
- foreach( $access as $granted_user ) {
-
- if( $granted_user == $user["username"] ) {
-
- $access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
- }
- }
- }
- }
-
- if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
-
- $result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
- }
- $result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
- $status_updates["access_column"] = "Cached data and removed access column.";
- } catch( Exception $error ) {
-
- //The access field is not there.
- //echo var_export( $error->getMessage(), $access_query );
- $status_updates["access_column"] = array(
- "error_message" => $error->getMessage(),
- "dev_message" => "No access column to convert."
- );
- }
-
- try {
-
- $update_query = "";
- $projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
- $result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
- $convert = false;
- $delete = Permissions::LEVELS["delete"];
-
- foreach( $result as $row => $user ) {
-
- if( ! is_numeric( $user["project"] ) ) {
-
- $convert = true;
- }
-
- foreach( $projects as $row => $project ) {
-
- if( $project["path"] == $user["project"] ) {
-
- $update_query .= "UPDATE users SET project={$project["id"]};";
- }
- }
- }
-
- if( $convert && strlen( $update_query ) > 0 ) {
-
- //change project to users table
- $result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
- $result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
- $result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
- } else {
-
- $status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
- }
- } catch( Exception $error ) {
-
- //echo var_dump( $error->getMessage() );
- $status_updates["users_current_project"] = array(
- "error_message" => $error->getMessage(),
- "dev_message" => "Users current project column to project_id conversion failed."
- );
- }
-
- try {
-
- $result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
- $status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
- } catch( Exception $error ) {
-
- //echo var_dump( $error->getMessage() );
- $status_updates["users_groups_column"] = array(
- "error_message" => $error->getMessage(),
- "dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
- );
- }
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
- //$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
+ try {
+
+ $access_query = "INSERT INTO access( project, user, level ) VALUES ";
+ $projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
+ $users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
+ $delete = Permissions::LEVELS["delete"];
+
+ foreach( $users as $row => $user ) {
+
+ foreach( $projects as $row => $project ) {
+
+ $access = json_decode( $project["access"], true );
+ if( ! is_array( $access ) || empty( $access ) ) {
+
+ continue;
+ }
+
+ foreach( $access as $granted_user ) {
+
+ if( $granted_user == $user["username"] ) {
+
+ $access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
+ }
+ }
+ }
+ }
+
+ if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
+
+ $result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
+ }
+ $result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
+ $status_updates["access_column"] = "Cached data and removed access column.";
+ } catch( Exception $error ) {
+
+ //The access field is not there.
+ //echo var_export( $error->getMessage(), $access_query );
+ $status_updates["access_column"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "No access column to convert."
+ );
+ }
+
+ try {
+
+ $update_query = "";
+ $projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
+ $result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
+ $convert = false;
+ $delete = Permissions::LEVELS["delete"];
+
+ foreach( $result as $row => $user ) {
+
+ if( ! is_numeric( $user["project"] ) ) {
+
+ $convert = true;
+ }
+
+ foreach( $projects as $row => $project ) {
+
+ if( $project["path"] == $user["project"] ) {
+
+ $update_query .= "UPDATE users SET project={$project["id"]} WHERE username = '{$user["username"]}';";
+ }
+ }
+ }
+
+ if( $convert && strlen( $update_query ) > 0 ) {
+
+ //change project to users table
+ $result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
+ $result = $this->query( "ALTER TABLE users ADD COLUMN project INT", array(), array(), "rowCount", "exception" );
+ $result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
+ } else {
+
+ $status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
+ }
+ } catch( Exception $error ) {
+
+ //echo var_dump( $error->getMessage() );
+ $status_updates["users_current_project"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "Users current project column to project_id conversion failed."
+ );
+ }
+
+ try {
+
+ $update_query = "";
+ $options = $this->query( "SELECT id, name, username, value FROM user_options", array(), array(), "fetchAll", "exception" );
+ $users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
+ $delete = Permissions::LEVELS["delete"];
+
+ foreach( $users as $row => $user ) {
+
+ foreach( $options as $row => $option ) {
+
+ if( $option["username"] == $user["username"] ) {
+
+ $update_query .= "UPDATE user_options SET user={$user["id"]} WHERE id={$option["id"]};";
+ }
+ }
+ }
+
+ if( strlen( $update_query ) > 0 ) {
+
+ //change project to users table
+ $result = $this->query( "ALTER TABLE user_options DROP COLUMN username", array(), array(), "rowCount", "exception" );
+ $result = $this->query( "ALTER TABLE user_options ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
+ $result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
+ } else {
+
+ $status_updates["username_user_option_column"] = array( "dev_message" => "User options username column needed no conversion." );
+ }
+ } catch( Exception $error ) {
+
+ //The access field is not there.
+ //echo var_export( $error->getMessage(), $access_query );
+ $status_updates["username_user_option_column"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "No username column to convert."
+ );
+ }
+
+ try {
+
+ $result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
+ $status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
+ } catch( Exception $error ) {
+
+ //echo var_dump( $error->getMessage() );
+ $status_updates["users_groups_column"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
+ );
+ }
try {
diff --git a/components/sql/scripts/mysql.sql b/components/sql/scripts/mysql.sql
index 5eceeb7..5582831 100644
--- a/components/sql/scripts/mysql.sql
+++ b/components/sql/scripts/mysql.sql
@@ -1,3 +1,13 @@
+--
+-- Table structure for table `access`
+--
+
+CREATE TABLE IF NOT EXISTS `access` (
+ `user` int NOT NULL,
+ `project` int NOT NULL,
+ `level` int NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
--
-- Table structure for table `active`
--
@@ -9,16 +19,6 @@ CREATE TABLE IF NOT EXISTS `active` (
`focused` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
---
--- Table structure for table `access`
---
-
-CREATE TABLE IF NOT EXISTS `access` (
- `user` int NOT NULL,
- `project` int NOT NULL,
- `level` int NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-- --------------------------------------------------------
--
@@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `projects` (
`id` int PRIMARY KEY AUTO_INCREMENT NOT NULL,
`name` varchar(255) NOT NULL,
`path` text NOT NULL,
- `owner` int NOT NULL,
+ `owner` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/components/user/class.user.php b/components/user/class.user.php
index 9622c0b..6da1ac3 100755
--- a/components/user/class.user.php
+++ b/components/user/class.user.php
@@ -10,25 +10,10 @@ require_once( "../settings/class.settings.php" );
class User {
- const ACCESS = array(
- "admin",
- "user"
- );
-
//////////////////////////////////////////////////////////////////
// PROPERTIES
//////////////////////////////////////////////////////////////////
- public $access = 'user';
- public $username = '';
- public $password = '';
- public $project = '';
- public $projects = '';
- public $users = '';
- public $actives = '';
- public $lang = '';
- public $theme = '';
-
//////////////////////////////////////////////////////////////////
// METHODS
//////////////////////////////////////////////////////////////////
@@ -43,46 +28,47 @@ class User {
}
- public function add_user() {
+ public function add_user( $username, $password, $access ) {
global $sql;
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
- $bind_variables = array( $this->username, $this->password, $this->access, null );
+ $bind_variables = array( $username, $password, $access, null );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
+ $pass = false;
if( $return > 0 ) {
- $this->set_default_options();
- exit( formatJSEND( "success", array( "username" => $this->username ) ) );
- } else {
-
- exit( formatJSEND( "error", "The Username is Already Taken" ) );
+ $this->set_default_options( $username );
+ $pass = true;
}
+ return false;
}
- public function delete_user() {
+ public function delete_user( $username ) {
global $sql;
- $query = "DELETE FROM user_options WHERE username=?;";
- $bind_variables = array( $this->username );
+ $query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
+ $bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
+ //TODO: add new permissions system to delete cleanup
+
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
$bind_variables = array(
- $this->username,
+ $username,
"null",
null,
"[]",
"",
- json_encode( array( $this->username ) )
+ json_encode( array( $username ) )
);
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
$query = "DELETE FROM users WHERE username=?;";
- $bind_variables = array( $this->username );
+ $bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@@ -134,26 +120,26 @@ class User {
}
}
- public function set_default_options() {
+ public function set_default_options( $username ) {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
global $sql;
- $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+ $query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
$bind_variables = array(
$option["name"],
- $this->username,
+ $username,
$option["value"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
- $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+ $query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
$bind_variables = array(
$option["value"],
$option["name"],
- $this->username,
+ $username,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@@ -164,59 +150,18 @@ class User {
// Authenticate
//////////////////////////////////////////////////////////////////
- public function Authenticate() {
+ public function Authenticate( $username, $password ) {
- if( $this->username == "" || $this->password == "" ) {
+ if( $username == "" || $password == "" ) {
- exit( formatJSEND( "error", "Username or password can not be blank." ) );
- }
-
- if( ! is_dir( SESSIONS_PATH ) ) {
-
- mkdir( SESSIONS_PATH, 00755 );
- }
-
- $permissions = array(
- "755",
- "0755"
- );
-
- $server_user = posix_getpwuid( posix_geteuid() );
- $sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
- $sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
-
- if( is_array( $server_user ) ) {
-
- $server_user = $server_user["uid"];
- }
-
- if( ! ( $sessions_owner === $server_user ) ) {
-
- try {
-
- chown( SESSIONS_PATH, $server_user );
- } catch( Exception $e ) {
-
- exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
- }
- }
-
- if( ! in_array( $sessions_permissions, $permissions ) ) {
-
- try {
-
- chmod( SESSIONS_PATH, 00755 );
- } catch( Exception $e ) {
-
- exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
- }
+ return false;
}
global $sql;
$pass = false;
$this->EncryptPassword();
$query = "SELECT * FROM users WHERE username=? AND password=?;";
- $bind_variables = array( $this->username, $this->password );
+ $bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
/**
@@ -226,17 +171,17 @@ class User {
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
- $bind_variables = array( $this->username, $this->password );
+ $bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
if( ! empty( $return ) ) {
$query = "UPDATE users SET password=? WHERE username=?;";
- $bind_variables = array( $this->password, $this->username );
+ $bind_variables = array( $password, $username );
$return = $sql->query( $query, $bind_variables, array() );
$query = "SELECT * FROM users WHERE username=? AND password=?;";
- $bind_variables = array( $this->username, $this->password );
+ $bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
}
}
@@ -247,17 +192,15 @@ class User {
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID;
- $_SESSION['user'] = $this->username;
+ $_SESSION['user'] = $username;
$_SESSION['user_id'] = $user["id"];
$_SESSION['token'] = $token;
- $_SESSION['lang'] = $this->lang;
- $_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
- $projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
+ $projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
@@ -265,16 +208,9 @@ class User {
$_SESSION['project_id'] = $user['project'];
}
- $this->checkDuplicateSessions( $this->username );
- }
-
- if( $pass ) {
-
- echo formatJSEND( "success", array( "username" => $this->username ) );
- } else {
-
- echo formatJSEND( "error", "Incorrect Username or Password" );
+ $this->checkDuplicateSessions( $username );
}
+ return $pass;
}
/**
@@ -356,10 +292,9 @@ class User {
// Create Account
//////////////////////////////////////////////////////////////////
- public function Create() {
+ public function Create( $username, $password ) {
- $this->EncryptPassword();
- $this->add_user();
+ $this->add_user( $username, $password );
}
//////////////////////////////////////////////////////////////////
@@ -375,9 +310,9 @@ class User {
// Encrypt Password
//////////////////////////////////////////////////////////////////
- private function EncryptPassword() {
+ private function encrypt_password( $password ) {
- $this->password = sha1( md5( $this->password ) );
+ return sha1( md5( $password ) );
}
//////////////////////////////////////////////////////////////////
@@ -421,11 +356,11 @@ class User {
}
}
- public function update_access() {
+ public function update_access( $username, $access ) {
global $sql;
$query = "UPDATE users SET access=? WHERE username=?;";
- $bind_variables = array( $this->access, $this->username );
+ $bind_variables = array( $access, $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@@ -433,7 +368,7 @@ class User {
echo formatJSEND( "success", "Updated access for {$this->username}" );
} else {
- echo formatJSEND( "error", "Error updating project" );
+ echo formatJSEND( "error", "Error updating access" );
}
}
diff --git a/components/user/controller.php b/components/user/controller.php
index 27c1cea..78618bd 100755
--- a/components/user/controller.php
+++ b/components/user/controller.php
@@ -36,22 +36,73 @@ if($_GET['action']=='authenticate') {
die( formatJSEND( "error", "Missing username or password" ) );
}
- $User->username = User::CleanUsername( $_POST['username'] );
- $User->password = $_POST['password'];
+ $username = User::CleanUsername( $_POST['username'] );
+ $password = $User->encrypt_password( $_POST['password'] );
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
if( isset( $languages[$_POST['language']] ) ) {
- $User->lang = $_POST['language'];
+ $lang = $_POST['language'];
} else {
- $User->lang = 'en';
+ $lang = 'en';
}
// theme
- $User->theme = $_POST['theme'];
- $User->Authenticate();
+ $theme = $_POST['theme'];
+ $permissions = array(
+ "755",
+ "0755"
+ );
+
+ if( ! is_dir( SESSIONS_PATH ) ) {
+
+ mkdir( SESSIONS_PATH, 00755 );
+ }
+
+ $server_user = getmyuid();
+ $sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
+ $sessions_owner = fileowner( SESSIONS_PATH );
+
+ if( is_array( $server_user ) ) {
+
+ $server_user = $server_user["uid"];
+ }
+
+ if( ! ( $sessions_owner === $server_user ) ) {
+
+ try {
+
+ chown( SESSIONS_PATH, $server_user );
+ } catch( Exception $e ) {
+
+ exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
+ }
+ }
+
+ if( ! in_array( $sessions_permissions, $permissions ) ) {
+
+ try {
+
+ chmod( SESSIONS_PATH, 00755 );
+ } catch( Exception $e ) {
+
+ exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
+ }
+ }
+
+ $pass = $User->Authenticate( $username, $password );
+
+ if( $pass ) {
+
+ $_SESSION['lang'] = $lang;
+ $_SESSION['theme'] = $theme;
+ exit( formatJSEND( "success", array( "username" => $this->username ) ) );
+ } else {
+
+ exit( formatJSEND( "error", "Incorrect Username or Password" ) );
+ }
}
//////////////////////////////////////////////////////////////////
@@ -86,9 +137,9 @@ if( $_GET['action'] == 'create' ) {
exit( formatJSEND( "error", "Invalid characters in username" ) );
}
- $User->username = User::CleanUsername( $_POST['username'] );
- $User->password = $_POST['password'];
- $User->Create();
+ $username = User::CleanUsername( $_POST['username'] );
+ $password = $User->encrypt_password( $_POST['password'] );
+ $User->Create( $username, $password );
}
}
@@ -174,7 +225,7 @@ if( $_GET['action'] == 'update_access' ) {
checkSession();
- if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
+ if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) {
die( formatJSEND( "error", "Could not update access." ) );
}
@@ -184,7 +235,10 @@ if( $_GET['action'] == 'update_access' ) {
die( formatJSEND( "error", "You do not have permission to update user's access." ) );
}
- $User->username = $_GET["username"];
- $User->access = $_GET["access"];
- $User->update_access();
+ if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) {
+
+ exit( formatJSEND( "error", "Invalid access level specified." ) );
+ }
+
+ $User->update_access( $_POST["user"], $_POST["access"] );
}
diff --git a/components/user/dialog.php b/components/user/dialog.php
index 296ed3f..25eda6d 100755
--- a/components/user/dialog.php
+++ b/components/user/dialog.php
@@ -72,10 +72,10 @@ switch($_GET['action']){
|