Continued implementation of new table structures, New SQL procedures, and New function principles, Updated saving methods to support PHP 7.4 and deprecation of magic_quotes

This commit is contained in:
xevidos 2019-10-16 10:20:09 -04:00
parent ecd0f63d63
commit fa0889268a
19 changed files with 372 additions and 947 deletions

View file

@ -167,8 +167,8 @@ class Common {
public static function is_admin() {
global $sql;
$query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;";
$bind_variables = array( $_SESSION["user"], "admin" );
$query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
$bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
$admin = ( $return > 0 );
return $admin;
@ -316,32 +316,7 @@ class Common {
public static function startSession() {
Common::construct();
//Set a Session Name
session_name( md5( BASE_PATH ) );
session_save_path( SESSIONS_PATH );
session_start();
if( ! defined( 'SESSION_ID' ) ) {
define( "SESSION_ID", session_id() );
}
//Check for external authentification
if( defined( 'AUTH_PATH' ) ) {
require_once( AUTH_PATH );
}
global $lang;
if ( isset( $_SESSION['lang'] ) ) {
include BASE_PATH . "/languages/{$_SESSION['lang']}.php";
} else {
include BASE_PATH . "/languages/" . LANGUAGE . ".php";
}
Common::start_session();
}
//////////////////////////////////////////////////////////////////

View file

@ -14,7 +14,6 @@ class Active extends Common {
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $username = "";
public $path = "";
public $new_path = "";
@ -34,7 +33,7 @@ class Active extends Common {
public static function remove( $path ) {
global $sql;
$query = "DELETE FROM active WHERE path=? AND username=?;";
$query = "DELETE FROM active WHERE path=? AND user=?;";
$bind_variables = array( $path, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@ -46,8 +45,8 @@ class Active extends Common {
public function ListActive() {
global $sql;
$query = "SELECT path, position, focused FROM active WHERE username=?";
$bind_variables = array( $this->username );
$query = "SELECT path, position, focused FROM active WHERE user=?";
$bind_variables = array( $_SESSION["user_id"] );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
$root = WORKSPACE;
@ -82,7 +81,7 @@ class Active extends Common {
public function Check() {
global $sql;
$query = "SELECT username FROM active WHERE path=?";
$query = "SELECT user FROM active WHERE path=?";
$bind_variables = array( $this->path );
$result = $sql->query( $query, $bind_variables, array() );
$tainted = false;
@ -92,10 +91,11 @@ class Active extends Common {
foreach( $result as $id => $data ) {
array_push( $users, $data["username"] );
if( $data["username"] == $this->username ) {
array_push( $users, $data["user"] );
if( $data["user"] == $_SESSION ) {
$user = true;
break;
}
}
@ -115,8 +115,8 @@ class Active extends Common {
public function Add() {
global $sql;
$query = "INSERT INTO active( username, path, focused ) VALUES ( ?, ?, ? );";
$bind_variables = array( $this->username, $this->path, false );
$query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
$bind_variables = array( $_SESSION["user_id"], $this->path, false );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -149,8 +149,8 @@ class Active extends Common {
public function RemoveAll() {
global $sql;
$query = "DELETE FROM active WHERE username=?;";
$bind_variables = array( $this->username );
$query = "DELETE FROM active WHERE user=?;";
$bind_variables = array( $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -167,8 +167,8 @@ class Active extends Common {
public function MarkFileAsFocused() {
global $sql;
$query = "UPDATE active SET focused=? WHERE username=?;UPDATE active SET focused=? WHERE path=? AND username=?;";
$bind_variables = array( false, $this->username, true, $this->path, $this->username );
$query = "UPDATE active SET focused=? WHERE user=?;UPDATE active SET focused=? WHERE path=? AND user=?;";
$bind_variables = array( false, $_SESSION["user_id"], true, $this->path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -188,8 +188,8 @@ class Active extends Common {
foreach( $positions as $path => $cursor ) {
$query .= "UPDATE active SET position=? WHERE path=? AND username=?;";
array_push( $bind_variables, json_encode( $cursor ), $path, $this->username );
$query .= "UPDATE active SET position=? WHERE path=? AND user=?;";
array_push( $bind_variables, json_encode( $cursor ), $path, $_SESSION["user_id"] );
}
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );

View file

@ -406,7 +406,8 @@ class Filemanager extends Common {
if( $patch && ! $mtime ) {
$response["status"] = "error";
$response["message"] = "mtime parameter not found";
$response["message"] = "invalid mtime parameter not found";
$response["mtime"] = $mtime;
return $response;
}

View file

@ -169,24 +169,36 @@ switch( $action ) {
case 'modify':
if( isset( $_POST["content"] ) || isset( $_POST["patch"] ) ) {
if( isset( $_POST["data"] ) ) {
$content = isset( $_POST["content"] ) ? $_POST["content"] : "";
$patch = isset( $_POST["patch"] ) ? $_POST["patch"] : false;
$mtime = isset( $_POST["mtime"] ) ? $_POST["mtime"] : 0;
$data = json_decode( $_POST["data"], true );
if( get_magic_quotes_gpc() ){
if( json_last_error() !== JSON_ERROR_NONE ) {
$content = stripslashes( $content );
$patch = stripslashes( $patch );
$mtime = stripslashes( $mtime );
$data = json_decode( stripslashes( $_POST["data"] ), true );
}
$response = $Filemanager->modify( $path, $content, $mtime );
if( json_last_error() !== JSON_ERROR_NONE ) {
$data = array();
}
if( isset( $data["content"] ) || isset( $data["patch"] ) ) {
$content = isset( $data["content"] ) ? $data["content"] : "";
$patch = isset( $data["patch"] ) ? $data["patch"] : false;
$mtime = isset( $data["mtime"] ) ? $data["mtime"] : 0;
$response = $Filemanager->modify( $path, $content, $patch, $mtime );
} else {
$response["status"] = "error";
$response["message"] = "Missing modification content";
}
} else {
$response["status"] = "error";
$response["message"] = "Missing modification content";
$response["message"] = "Missing save data";
}
break;

View file

@ -54,10 +54,10 @@
this.noOpen = this.noAudio.concat( this.noFiles, this.noImages ),
this.noBrowser = this.noAudio.concat( this.noImages ),
// Initialize node listener
this.nodeListener();
this.noBrowser = this.noAudio.concat( this.noImages ),
// Initialize node listener
this.nodeListener();
this.auto_reload = ( await codiad.settings.get_option( "codiad.filemanager.autoReloadPreview" ) == "true" );
amplify.subscribe( 'settings.save', async function() {
@ -1066,8 +1066,10 @@
callbacks.error.apply( context, [data] );
}
}
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), data, function( resp ) {
let post = {
"data": JSON.stringify( data )
};
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), post, function( resp ) {
console.log( resp );
resp = $.parseJSON( resp );

View file

@ -148,8 +148,7 @@ define("WSURL", BASE_URL . "/workspace");
// Marketplace
//define("MARKETURL", "http://market.codiad.com/json");
';
$this->save_file( $this->config, $config_data );
echo( "success" );
return file_put_contents( $this->config, $config_data );
}
function create_project() {
@ -158,10 +157,12 @@ define("WSURL", BASE_URL . "/workspace");
if ( ! $this->is_abs_path( $project_path ) ) {
$project_path = preg_replace( '/[^\w-._@]/', '-', $project_path );
$project_path = preg_replace( '/[^\w\-._@]/', '-', $project_path );
$project_path = $this->username . "/" . $project_path;
if( ! is_dir( $this->workspace . "/" . $project_path ) ) {
mkdir( $this->workspace . "/" . $project_path );
mkdir( $this->workspace . "/" . $project_path, 0755, true );
}
} else {
@ -185,11 +186,12 @@ define("WSURL", BASE_URL . "/workspace");
}
$bind_variables = array(
$project_path,
$this->project_name,
$project_path,
$this->username
);
$query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
$query = "DELETE FROM projects WHERE path = ?;INSERT INTO projects(name, path, owner) VALUES (?,?,( SELECT id FROM users WHERE username = ? LIMIT 1 ));";
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
@ -205,36 +207,31 @@ define("WSURL", BASE_URL . "/workspace");
$result = $this->sql->create_default_tables();
if ( ! $result === true ) {
if ( ! $result["create_tables"] === true ) {
die( '{"message":"Could not tables in database.","error":"' . json_encode( $result ) .'"}' );
exit( json_encode( $result ) );
}
}
function create_user() {
$bind_variables = array(
"",
"",
$this->username,
$this->password,
"",
$this->project_path,
"admin",
"",
""
Permissions::LEVELS["admin"]
);
$query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
$error = $statement->errorInfo();
$query = "INSERT INTO users( username, password, project, access ) VALUES ( ?,?,( SELECT id FROM projects WHERE path = ? LIMIT 1 ),? )";
if( ! $error[0] == "00000" ) {
try {
die( '{"message":"Could not create user in database.","error":"' . addslashes(json_encode( $error )) .'"}' );
$connection = $this->sql->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
} catch( exception $e ) {
exit( "Error could not create user: " . $e->getMessage() );
}
$this->set_default_options();
}
@ -269,10 +266,11 @@ define("WSURL", BASE_URL . "/workspace");
$connection = $this->sql->connect();
$this->create_tables();
$this->create_project();
$this->create_user();
$this->create_project();
//exit( "stop" );
$this->create_config();
return "success";
}
function JSEND( $message, $error=null ) {
@ -288,18 +286,11 @@ define("WSURL", BASE_URL . "/workspace");
exit( json_encode( $message ) );
}
function save_file( $file, $data ) {
$write = fopen( $file, 'w' ) or die( '{"message": "can\'t open file"}' );
fwrite( $write, $data );
fclose( $write );
}
public function set_default_options() {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username = ? ), ? );";
$bind_variables = array(
$option["name"],
$this->username,
@ -309,7 +300,7 @@ define("WSURL", BASE_URL . "/workspace");
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username = ? );";
$bind_variables = array(
$option["value"],
$option["name"],

View file

@ -442,12 +442,12 @@ if(!password_match){ alert('The passwords entered do not match'); }
if(!empty_fields && password_match && check_path){
$.post('components/install/install.php',$('#install').serialize(),function( data ) {
if( data == 'success' ){
console.log( data );
if( data === "success" ){
window.location.reload();
} else {
data = JSON.parse( data );
console.log( data.error );
alert( "An Error Occurred\n" + data.message );
alert( "An Error Occurred. Please check the console for more information.\n" );
}
});
}

View file

@ -23,6 +23,12 @@ class Permissions {
"admin" => 64,
);
const SYSTEM_LEVELS = array(
"user" => 32,
"admin" => 64,
);
function __construct() {
@ -82,7 +88,7 @@ class Permissions {
if( $data["owner"] == 'nobody' ) {
$access = self::LEVELS["owner"];
} elseif( $data["owner"] == $_SESSION["user"] ) {
} elseif( $data["owner"] == $_SESSION["user_id"] ) {
$access = self::LEVELS["owner"];
} else {

View file

@ -155,13 +155,13 @@ class Project extends Common {
$owner = $result["owner"];
if( $exclude_public ) {
if( $owner == $_SESSION["user"] ) {
if( $owner == $_SESSION["user_id"] ) {
$return = true;
}
} else {
if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
if( $owner == $_SESSION["user_id"] || $owner == 'nobody' ) {
$return = true;
}
@ -217,7 +217,7 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $project, $_SESSION["user_id"], $_SESSION["user_id"] );
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
//$bind_variables = array( $project, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
@ -260,7 +260,7 @@ class Project extends Common {
WHERE owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? );";
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
return( $return );
}
@ -293,14 +293,14 @@ class Project extends Common {
global $sql;
$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
$bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
$pass = false;
if( ! empty( $return ) ) {
$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
if( $return > 0 ) {
@ -375,13 +375,13 @@ class Project extends Common {
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name LIMIT 1;";
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
$bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
if( ! empty( $return ) ) {
$query = "UPDATE users SET project=? WHERE username=?;";
$bind_variables = array( $this->path, $_SESSION["user"] );
$bind_variables = array( $return["id"], $_SESSION["user"] );
$sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];

View file

@ -96,7 +96,7 @@ switch( $_GET['action'] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Public projects can not be managed'));" class="icon-block bigger-icon"></a></td>
<?php
} elseif( $owner !== $_SESSION["user"] ) {
} elseif( $owner !== $_SESSION["user_id"] ) {
?>
<td width="70"><a onclick="codiad.message.error(i18n('Projects owned by others can not be managed'));" class="icon-block bigger-icon"></a></td>

View file

@ -113,7 +113,7 @@ class Settings {
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
} else {
$query = "DELETE FROM options WHERE name=? AND username=?";
$query = "DELETE FROM options WHERE name=? AND user=?";
$bind_variables = array(
$option,
$this->username,
@ -138,17 +138,17 @@ class Settings {
$query = "SELECT value FROM options WHERE name=?;";
$bind_variables = array( $option );
$return = $sql->query( $query, $bind_variables, array() )[0];
$return = $sql->query( $query, $bind_variables, array() );
} else {
$query = "SELECT value FROM user_options WHERE name=? AND username=?;";
$bind_variables = array( $option, $this->username );
$return = $sql->query( $query, $bind_variables, array() )[0];
$query = "SELECT value FROM user_options WHERE name=? AND user=?;";
$bind_variables = array( $option, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
}
if( ! empty( $return ) ) {
$return = $return["value"];
$return = $return[0]["value"];
} else {
$return = null;
@ -259,21 +259,21 @@ class Settings {
}
} else {
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
$bind_variables = array(
$option,
$this->username,
$_SESSION["user_id"],
$value,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
$bind_variables = array(
$value,
$option,
$this->username,
$_SESSION["user_id"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}

View file

@ -166,7 +166,7 @@
let _self = codiad.settings;
jQuery.ajax({
url: this.controller + '?action=update_option',
type: "POST",
dataType: 'html',

View file

@ -1,458 +0,0 @@
<?php
class sql_conversions {
public $actions = array(
"create" => array(
"mysql" => "CREATE TABLE IF NOT EXISTS",
"pgsql" => "CREATE TABLE IF NOT EXISTS",
"sqlite" => "CREATE TABLE IF NOT EXISTS",
),
"delete" => array(
"mysql" => "DELETE",
"pgsql" => "DELETE",
"sqlite" => "DELETE",
),
"find" => array(
"mysql" => "LOCATE( %substring%, %string% )",
"pgsql" => "POSITION( %substring% in %string% )",
"sqlite" => "INSTR( %string%, %substring% )",
),
"select" => array(
"mysql" => "SELECT",
"pgsql" => "SELECT",
"sqlite" => "SELECT",
),
"update" => array(
"mysql" => "UPDATE",
"pgsql" => "UPDATE",
"sqlite" => "UPDATE",
),
);
public $comparisons = array(
"equal" => array(
"mysql" => "=",
"pgsql" => "=",
"sqlite" => "=",
),
"less than" => array(
"mysql" => "<",
"pgsql" => "<",
"sqlite" => "<",
),
"more than" => array(
"mysql" => ">",
"pgsql" => ">",
"sqlite" => ">",
),
"not" => array(
"mysql" => "!",
"pgsql" => "!",
"sqlite" => "!",
),
"not equal" => array(
"mysql" => "!=",
"pgsql" => "!=",
"sqlite" => "!=",
),
"where" => array(
"mysql" => "WHERE",
"pgsql" => "WHERE",
"sqlite" => "WHERE",
),
);
public $data_types = array(
"bool" => array(
"mysql" => "BOOL",
"pgsql" => "BOOL",
"sqlite" => "BOOL",
),
"int" => array(
"mysql" => "INT",
"pgsql" => "INT",
"sqlite" => "INT",
),
"string" => array(
"mysql" => "VARCHAR(255)",
"pgsql" => "VARCHAR",
"sqlite" => "VARCHAR",
),
"text" => array(
"mysql" => "TEXT",
"pgsql" => "TEXT",
"sqlite" => "TEXT",
),
);
public $general = array(
"from" => array(
"mysql" => "FROM",
"pgsql" => "FROM",
"sqlite" => "FROM",
),
);
public $specials = array(
"id" => array(
"mysql" => "NOT NULL AUTO_INCREMENT PRIMARY KEY",
"pgsql" => "SERIAL PRIMARY KEY",
"sqlite" => "SERIAL PRIMARY KEY",
),
"key" => array(
"mysql" => "KEY",
"pgsql" => "KEY",
"sqlite" => "KEY",
),
"auto increment" => array(
"mysql" => "AUTO_INCREMENT",
"pgsql" => "AUTO_INCREMENT",
"sqlite" => "AUTO_INCREMENT",
),
"not null" => array(
"mysql" => "NOT NULL",
"pgsql" => "NOT NULL",
"sqlite" => "NOT NULL",
),
"null" => array(
"mysql" => "NULL",
"pgsql" => "NULL",
"sqlite" => "NULL",
),
"unique" => array(
"mysql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
"pgsql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
"sqlite" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
),
);
public $wraps = array(
"close" => array(
"mysql" => "`",
"mssql" => "]",
"pgsql" => "\"",
"sqlite" => "\"",
),
"open" => array(
"mysql" => "`",
"mssql" => "[",
"pgsql" => "\"",
"sqlite" => "\"",
),
);
public function check_field( $needle, $haystack ) {
$field = preg_replace_callback(
// Matches parts to be replaced: '[field]'
'/(\[.*?\])/',
// Callback function. Use 'use()' or define arrays as 'global'
function( $matches ) use ( $haystack ) {
// Remove square brackets from the match
// then use it as variable name
$match = trim( $matches[1], "[]" );
return $match;
},
// Input string to search in.
$needle
);
if( $field === $needle ) {
$field = false;
}
return $field;
}
public function find( $substring, $string ) {
$dbtype = DBTYPE;
$find_string = $this->actions["find"][$dbtype];
$find_string = str_replace( "%string%", $string, $find_string );
$find_string = str_replace( "%substring%", $substring, $find_string );
return $find_string;
}
public function select( $table, $fields, $where ) {
$dbtype = DBTYPE;
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$query = $this->actions["select"][$dbtype] . " ";
$bind_vars = array();
if( empty( $fields ) ) {
$query .= " * ";
}
foreach( $fields as $field ) {
$query .= $field . ",";
}
$query = substr( $query, 0, -1 );
$query .= " {$this->general["from"][$dbtype]} {$table} ";
if( ! empty( $where ) ) {
$query .= " {$this->comparisons["where"][$dbtype]} ";
}
foreach( $where as $comparison ) {
$comparison_string = "";
//Put a replace of %% symbols with fields and open / close
if( $comparison[0] == "find" ) {
$c1 = $this->check_field( $comparison[1], $fields );
$c2 = $this->check_field( $comparison[2], $fields );
$c3 = $this->check_field( $comparison[3][1], $fields );
if( ! $c1 === FALSE ) {
$c1 = $id_open . $c1 . $id_close;
} else {
$c1 = "?";
array_push( $bind_vars, $comparison[1] );
}
if( ! $c2 === FALSE ) {
$c2 = $id_open . $c2 . $id_close;
} else {
$c2 = "?";
array_push( $bind_vars, $comparison[2] );
}
if( ! $c3 === FALSE ) {
$c3 = $id_open . $c3 . $id_close;
} else {
$c3 = "?";
array_push( $bind_vars, $comparison[3][1] );
}
$c0 = $this->find( $c1, $c2 );
$comparison_string .= "{$c0} {$this->comparisons[$comparison[3][0]][$dbtype]} {$c3}";
} elseif( $comparison[0] == "in" ) {
} elseif( $comparison[0] == "limit" ) {
} else {
if( in_array( $fields, $comparison[1] ) ) {
$comparison[1] = $id_open . $comparison[1] . $id_close;
}
if( in_array( $fields, $comparison[3] ) ) {
$comparison[3] = $id_open . $comparison[3] . $id_close;
}
$comparison_string .= "{$comparison[1]} {$this->$comparisons[$comparison[0]][$dbtype]} {$comparison[2]}";
}
$index = array_search( $comparison, $where );
if( $index ) {
} else {
$query .= "{$comparison_string} ";
}
}
//$query = substr( $query, 0, -1 );
$query .= ";";
return array( $query, $bind_vars );
}
public function table( $table_name, $fields, $attributes ) {
$dbtype = DBTYPE;
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$query = "{$this->actions["create"][$dbtype]} {$table_name} (";
foreach( $fields as $id => $type ) {
$query .= "{$id} {$this->data_types[$type][$dbtype]}";
if( isset( $attributes[$id] ) ) {
foreach( $attributes[$id] as $attribute ) {
$attribute_string = $this->specials["$attribute"][$dbtype];
if( $attribute == "unique" ) {
continue;
}
if( $dbtype == "pgsql" ) {
if( $id == "id" ) {
$query = substr( $query, 0, -( strlen( " {$this->data_types[$type][$dbtype]}" ) ) );
}
}
if( ! strpos( $attribute_string, "%table_name%" ) === FALSE ) {
$attribute_string = str_replace( "%table_name%", $table_name, $attribute_string );
}
if( ! strpos( $attribute_string, "%fields%" ) === FALSE ) {
$fields_string = "";
foreach( $fields as $field ) {
$fields_string .= "{$id_open}field{$id_close},";
}
$fields_string = substr( $fields_string, 0, -1 );
$attribute_string = str_replace( "%fields%", $fields_string, $attribute_string );
}
$query .= " {$attribute_string}";
}
}
$query .= ",";
}
$id_close = $this->wraps["close"][$dbtype];
$id_open = $this->wraps["open"][$dbtype];
$fields_string = "";
$unique_string = "";
$unique_length = 0;
foreach( $attributes as $id => $attribute ) {
if( in_array( "unique", $attribute ) ) {
$unique_length++;
}
}
foreach( $attributes as $id => $attribute ) {
if( is_array( $attribute ) && in_array( "unique", $attribute ) ) {
if( $unique_string == "" ) {
$unique_string = $this->specials["unique"][$dbtype] . ",";
}
if( $dbtype == "mysql" && $fields ) {
if( $fields[$id] == "text" ) {
$field_length = ( 3000 / $unique_length );
$fields_string .= "{$id_open}{$id}{$id_close}($field_length),";
} elseif( $fields[$id] == "string" ) {
$field_length = ( 3000 / $unique_length );
$fields_string .= "{$id_open}{$id}{$id_close}(255),";
}
} else {
$fields_string .= "{$id_open}{$id}{$id_close},";
}
}
}
$unique_string = str_replace( "%constraint_name%", strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $fields_string ) ), $unique_string );
$unique_string = str_replace( "%field_names%", substr( $fields_string, 0, -1 ), $unique_string );
$query .= $unique_string;
$query = substr( $query, 0, -1 );
$query .= ")";
if( $dbtype == "mysql" ) {
$query .= " ENGINE=InnoDB;";
} else {
$query .= ";";
}
return( $query );
}
public function tables( $tables ) {
$query = "";
foreach( $tables as $table_name => $table_data ) {
$query .= $this->table( $table_name, $table_data["fields"], $table_data["attributes"] ) . PHP_EOL;
}
return( $query );
}
public function update( $table, $fields, $where ) {
}
}
?>

View file

@ -54,141 +54,27 @@ class sql {
public function create_default_tables() {
$create_tables = $this->create_tables(
array(
"active" => array(
"fields" => array(
"username" => "string",
"path" => "text",
"position" => "string",
"focused" => "string"
),
"attributes" => array(
"username" => array( "not null" ),
"path" => array( "not null" ),
"focused" => array( "not null" ),
)
),
"access" => array(
"fields" => array(
"project" => "int",
"user" => "int",
"level" => "int",
),
"attributes" => array(
"id" => array( "not null" ),
"user" => array( "not null" ),
"level" => array( "not null" ),
)
),
"options" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"value" => "text",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null", "unique" ),
"value" => array( "not null" ),
)
),
"projects" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"path" => "text",
"owner" => "string",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null" ),
"path" => array( "not null", "unique" ),
"owner" => array( "not null", "unique" ),
)
),
"users" => array(
"fields" => array(
"id" => "int",
"first_name" => "string",
"last_name" => "string",
"username" => "string",
"password" => "text",
"email" => "string",
"project" => "int",
"access" => "string",
"token" => "string",
),
"attributes" => array(
"id" => array( "id" ),
"username" => array( "not null", "unique" ),
"password" => array( "not null" ),
"access" => array( "not null" ),
)
),
"user_options" => array(
"fields" => array(
"id" => "int",
"name" => "string",
"username" => "string",
"value" => "text",
),
"attributes" => array(
"id" => array( "id" ),
"name" => array( "not null", "unique" ),
"username" => array( "not null", "unique" ),
"value" => array( "not null" ),
)
),
)
);
$create_tables = $this->create_tables();
$structure_updates = $this->update_table_structure();
$result = array(
"create_tables" => $create_tables,
"structure_updates" => $structure_updates
);
exit( json_encode( $result, JSON_PRETTY_PRINT ) );
return $result;
}
public function create_tables( $table ) {
public function create_tables() {
/**
Tables layout
array(
"table_name" => array(
"fields" => array(
"id" => "int",
"test_field" => "string"
),
"attributes" => array(
"id" => array( "id" ),
"test_field" => array( "not null" ),
)
),
"table2_name" => array(
"fields" => array(
"id" => "int",
"test_field" => "string"
),
"attributes" => array(
"id" => array( "id" ),
"test_field" => array( "not null" ),
)
)
);
*/
$script = __DIR__ . "/scripts/" . DBTYPE . ".sql";
try {
if( ! is_file( $script ) ) {
$query = $this->conversions->tables( $table );
return "Error, no database scripts specified for currently selected dbtype.";
}
try {
$query = file_get_contents( $script );
$connection = $this->connect();
$result = $connection->exec( $query );
return true;
@ -227,130 +113,148 @@ class sql {
return self::$instance;
}
public function select( $table, $fields=array(), $where=array() ) {
$array = $this->conversions->select( $table, $fields, $where );
$query = $array[0];
$bind_vars = $array[1];
$result = $this->query( $query, $bind_vars, array() );
//echo var_dump( $query, $bind_vars ) . "<br>";
return $result;
}
public function update( $table, $fields=array(), $where=array() ) {
$query = $this->conversions->update( $table, $fields, $where );
//echo var_dump( $query ) . "<br>";
//return $query;
}
public function update_table_structure() {
$status_updates = array();
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
$status_updates["access_column"] = "Cached data and removed access column.";
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["access_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No access column to convert."
);
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert && strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_current_project"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Users current project column to project_id conversion failed."
);
}
try {
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_groups_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
);
}
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
//$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
$status_updates["access_column"] = "Cached data and removed access column.";
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["access_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No access column to convert."
);
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]} WHERE username = '{$user["username"]}';";
}
}
}
if( $convert && strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project INT", array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_current_project"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Users current project column to project_id conversion failed."
);
}
try {
$update_query = "";
$options = $this->query( "SELECT id, name, username, value FROM user_options", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $options as $row => $option ) {
if( $option["username"] == $user["username"] ) {
$update_query .= "UPDATE user_options SET user={$user["id"]} WHERE id={$option["id"]};";
}
}
}
if( strlen( $update_query ) > 0 ) {
//change project to users table
$result = $this->query( "ALTER TABLE user_options DROP COLUMN username", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE user_options ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
} else {
$status_updates["username_user_option_column"] = array( "dev_message" => "User options username column needed no conversion." );
}
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
$status_updates["username_user_option_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "No username column to convert."
);
}
try {
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
$status_updates["users_groups_column"] = array(
"error_message" => $error->getMessage(),
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
);
}
try {

View file

@ -1,3 +1,13 @@
--
-- Table structure for table `access`
--
CREATE TABLE IF NOT EXISTS `access` (
`user` int NOT NULL,
`project` int NOT NULL,
`level` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `active`
--
@ -9,16 +19,6 @@ CREATE TABLE IF NOT EXISTS `active` (
`focused` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `access`
--
CREATE TABLE IF NOT EXISTS `access` (
`user` int NOT NULL,
`project` int NOT NULL,
`level` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `projects` (
`id` int PRIMARY KEY AUTO_INCREMENT NOT NULL,
`name` varchar(255) NOT NULL,
`path` text NOT NULL,
`owner` int NOT NULL,
`owner` int NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

View file

@ -10,25 +10,10 @@ require_once( "../settings/class.settings.php" );
class User {
const ACCESS = array(
"admin",
"user"
);
//////////////////////////////////////////////////////////////////
// PROPERTIES
//////////////////////////////////////////////////////////////////
public $access = 'user';
public $username = '';
public $password = '';
public $project = '';
public $projects = '';
public $users = '';
public $actives = '';
public $lang = '';
public $theme = '';
//////////////////////////////////////////////////////////////////
// METHODS
//////////////////////////////////////////////////////////////////
@ -43,46 +28,47 @@ class User {
}
public function add_user() {
public function add_user( $username, $password, $access ) {
global $sql;
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
$bind_variables = array( $this->username, $this->password, $this->access, null );
$bind_variables = array( $username, $password, $access, null );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
$pass = false;
if( $return > 0 ) {
$this->set_default_options();
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
} else {
exit( formatJSEND( "error", "The Username is Already Taken" ) );
$this->set_default_options( $username );
$pass = true;
}
return false;
}
public function delete_user() {
public function delete_user( $username ) {
global $sql;
$query = "DELETE FROM user_options WHERE username=?;";
$bind_variables = array( $this->username );
$query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
$bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
//TODO: add new permissions system to delete cleanup
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
$bind_variables = array(
$this->username,
$username,
"null",
null,
"[]",
"",
json_encode( array( $this->username ) )
json_encode( array( $username ) )
);
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
if( $return > -1 ) {
$query = "DELETE FROM users WHERE username=?;";
$bind_variables = array( $this->username );
$bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -134,26 +120,26 @@ class User {
}
}
public function set_default_options() {
public function set_default_options( $username ) {
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
global $sql;
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
$bind_variables = array(
$option["name"],
$this->username,
$username,
$option["value"],
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
$bind_variables = array(
$option["value"],
$option["name"],
$this->username,
$username,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@ -164,59 +150,18 @@ class User {
// Authenticate
//////////////////////////////////////////////////////////////////
public function Authenticate() {
public function Authenticate( $username, $password ) {
if( $this->username == "" || $this->password == "" ) {
if( $username == "" || $password == "" ) {
exit( formatJSEND( "error", "Username or password can not be blank." ) );
}
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 );
}
$permissions = array(
"755",
"0755"
);
$server_user = posix_getpwuid( posix_geteuid() );
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
if( is_array( $server_user ) ) {
$server_user = $server_user["uid"];
}
if( ! ( $sessions_owner === $server_user ) ) {
try {
chown( SESSIONS_PATH, $server_user );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
}
}
if( ! in_array( $sessions_permissions, $permissions ) ) {
try {
chmod( SESSIONS_PATH, 00755 );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
}
return false;
}
global $sql;
$pass = false;
$this->EncryptPassword();
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
/**
@ -226,17 +171,17 @@ class User {
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
if( ! empty( $return ) ) {
$query = "UPDATE users SET password=? WHERE username=?;";
$bind_variables = array( $this->password, $this->username );
$bind_variables = array( $password, $username );
$return = $sql->query( $query, $bind_variables, array() );
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $this->username, $this->password );
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
}
}
@ -247,17 +192,15 @@ class User {
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['user'] = $username;
$_SESSION['user_id'] = $user["id"];
$_SESSION['token'] = $token;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
@ -265,16 +208,9 @@ class User {
$_SESSION['project_id'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );
}
if( $pass ) {
echo formatJSEND( "success", array( "username" => $this->username ) );
} else {
echo formatJSEND( "error", "Incorrect Username or Password" );
$this->checkDuplicateSessions( $username );
}
return $pass;
}
/**
@ -356,10 +292,9 @@ class User {
// Create Account
//////////////////////////////////////////////////////////////////
public function Create() {
public function Create( $username, $password ) {
$this->EncryptPassword();
$this->add_user();
$this->add_user( $username, $password );
}
//////////////////////////////////////////////////////////////////
@ -375,9 +310,9 @@ class User {
// Encrypt Password
//////////////////////////////////////////////////////////////////
private function EncryptPassword() {
private function encrypt_password( $password ) {
$this->password = sha1( md5( $this->password ) );
return sha1( md5( $password ) );
}
//////////////////////////////////////////////////////////////////
@ -421,11 +356,11 @@ class User {
}
}
public function update_access() {
public function update_access( $username, $access ) {
global $sql;
$query = "UPDATE users SET access=? WHERE username=?;";
$bind_variables = array( $this->access, $this->username );
$bind_variables = array( $access, $username );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $return > 0 ) {
@ -433,7 +368,7 @@ class User {
echo formatJSEND( "success", "Updated access for {$this->username}" );
} else {
echo formatJSEND( "error", "Error updating project" );
echo formatJSEND( "error", "Error updating access" );
}
}

View file

@ -36,22 +36,73 @@ if($_GET['action']=='authenticate') {
die( formatJSEND( "error", "Missing username or password" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$username = User::CleanUsername( $_POST['username'] );
$password = $User->encrypt_password( $_POST['password'] );
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
if( isset( $languages[$_POST['language']] ) ) {
$User->lang = $_POST['language'];
$lang = $_POST['language'];
} else {
$User->lang = 'en';
$lang = 'en';
}
// theme
$User->theme = $_POST['theme'];
$User->Authenticate();
$theme = $_POST['theme'];
$permissions = array(
"755",
"0755"
);
if( ! is_dir( SESSIONS_PATH ) ) {
mkdir( SESSIONS_PATH, 00755 );
}
$server_user = getmyuid();
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
$sessions_owner = fileowner( SESSIONS_PATH );
if( is_array( $server_user ) ) {
$server_user = $server_user["uid"];
}
if( ! ( $sessions_owner === $server_user ) ) {
try {
chown( SESSIONS_PATH, $server_user );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
}
}
if( ! in_array( $sessions_permissions, $permissions ) ) {
try {
chmod( SESSIONS_PATH, 00755 );
} catch( Exception $e ) {
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
}
}
$pass = $User->Authenticate( $username, $password );
if( $pass ) {
$_SESSION['lang'] = $lang;
$_SESSION['theme'] = $theme;
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
} else {
exit( formatJSEND( "error", "Incorrect Username or Password" ) );
}
}
//////////////////////////////////////////////////////////////////
@ -86,9 +137,9 @@ if( $_GET['action'] == 'create' ) {
exit( formatJSEND( "error", "Invalid characters in username" ) );
}
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
$username = User::CleanUsername( $_POST['username'] );
$password = $User->encrypt_password( $_POST['password'] );
$User->Create( $username, $password );
}
}
@ -174,7 +225,7 @@ if( $_GET['action'] == 'update_access' ) {
checkSession();
if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) {
die( formatJSEND( "error", "Could not update access." ) );
}
@ -184,7 +235,10 @@ if( $_GET['action'] == 'update_access' ) {
die( formatJSEND( "error", "You do not have permission to update user's access." ) );
}
$User->username = $_GET["username"];
$User->access = $_GET["access"];
$User->update_access();
if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) {
exit( formatJSEND( "error", "Invalid access level specified." ) );
}
$User->update_access( $_POST["user"], $_POST["access"] );
}

View file

@ -72,10 +72,10 @@ switch($_GET['action']){
<td width="75">
<select onchange="codiad.user.update_access( event, '<?php echo( $data['username'] ); ?>' )">
<?php
foreach( User::ACCESS as $role ) {
foreach( Permissions::SYSTEM_LEVELS as $role => $id ) {
?>
<option value="<?php echo $role;?>" <?php if( $data["access"] == $role ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
<option value="<?php echo $id;?>" <?php if( $data["access"] == $id ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
<?php
}
?>

View file

@ -266,7 +266,7 @@
$.get(this.controller + '?action=project&project=' + project);
},
update_access: function( e, username=null ) {
update_access: function( e, username ) {
let access = "";
@ -278,7 +278,10 @@
access = e.target.value;
}
$.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) {
$.post( this.controller + `?action=update_access`, {
username: username,
access: access,
}, function( data ) {
let response = codiad.jsend.parse( data );
if( response != 'error' ) {