Merge pull request #986 from phpservermon/feature/public_page

Public page

config.php.sample

@@ -7,3 +7,4 @@ define('PSM_DB_HOST', 'localhost');
 define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty.
 define('PSM_BASE_URL', '');
 define('PSM_WEBCRON_KEY', '');
+define('PSM_PUBLIC', false);

docs/faq.rst

@@ -10,7 +10,7 @@ Users
 What are the differences between the user levels?
 -------------------------------------------------
 
-There are 2 user levels available: regular user and administrator.
+There are 3 user levels available: anonymous, regular user and administrator.
 
 Administrators:
 
@@ -24,6 +24,16 @@ Regular users:
 * View the history and logs of their assigned servers.
 * Run the updater on their assigned servers.
 
+Anonymous:
+Only meant for user '__PUBLIC__' and can't be assigned to any other user.
+
+* View the status of their assigned servers without password.
+
+I removed user '__PUBLIC__', what now?
+--------------------------------------
+
+* Go to users -> create new user.
+* Set the username to '__PUBLIC__', level to 'anonymous' and the rest is up to you. 
 
 Servers
 +++++++
@@ -101,6 +111,14 @@ After upgrading, my email stopped working.
 
 Run 'php composer.phar update' and you should be good to go!
 
+Setting up a public page.
+-------------------------
+
+1. Set PSM_PUBLIC to true in config.php.
+2. If not yet existing, create a user with username '__PUBLIC__'. See Users -> "I removed user '__PUBLIC__', what now?" for help.
+3. Add servers to user '__PUBLIC__'.
+4. Go to /public.php.
+
 Notifications
 +++++++++++++
 

public.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * PHP Server Monitor
+ * Monitor your servers and websites.
+ *
+ * This file is part of PHP Server Monitor.
+ * PHP Server Monitor is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHP Server Monitor is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PHP Server Monitor.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package     phpservermon
+ * @author      Tim Zandbergen <Tim@Xervion.nl>
+ * @copyright   Copyright (c) 2008-2017 Pepijn Over <pep@mailbox.org>
+ * @license     http://www.gnu.org/licenses/gpl.txt GNU GPL v3
+ * @version     Release: @package_version@
+ * @link        http://www.phpservermonitor.org/
+ * @since       phpservermon 3.6.0
+ **/
+
+namespace {
+    define('PSM_PUBLIC_PAGE', true);
+
+    require __DIR__ . '/src/bootstrap.php';
+
+    $router->run('server_status');
+
+    // By destroying the session the login will show when going to another page
+    session_destroy();
+    
+}

src/bootstrap.php

@@ -108,6 +108,19 @@ namespace {
         }
     }
 
+    // check for a public page var
+    // This should be defined in the config
+    if (!defined('PSM_PUBLIC')) {
+        define('PSM_PUBLIC', false);
+    }
+
+    // check for a public page
+    // This variable is for internal use
+    // and should not be changed by the user manualy
+    if (!defined('PSM_PUBLIC_PAGE')) {
+        define('PSM_PUBLIC_PAGE', false);
+    }
+
     $lang = psm_get_conf('language', 'en_US');
     psm_load_lang($lang);
 }

src/lang/en_US.lang.php

@@ -106,7 +106,10 @@ $sm_lang = array(
         'level' => 'Level',
         'level_10' => 'Administrator',
         'level_20' => 'User',
-        'level_description' => '<b>Administrators</b> have full access: they can manage servers, users and edit the global configuration.<br><b>Users</b> can only view and run the updater for the servers that have been assigned to them.',
+        'level_30' => 'Anonymous',
+        'level_description' => '<b>Administrators</b> have full access: they can manage servers, users and edit the
+ global configuration.<br><b>Users</b> can only view and run the updater for the
+ servers that have been assigned to them.',
         'mobile' => 'Mobile',
         'email' => 'Email',
         'pushover' => 'Pushover',
@@ -154,6 +157,7 @@ $sm_lang = array(
         'error_user_password_invalid' => 'The entered password is invalid.',
         'error_user_password_no_match' => 'The entered passwords do not match.',
         'error_user_admin_cant_be_deleted' => 'You can\'t remove the last administrator.',
+        'error_user_cant_be_anonymous' => 'Only user \'__public__\' can have the level anonymous.'
     ),
     'log' => array(
         'title' => 'Log entries',

src/psm/Module/AbstractController.php

@@ -124,7 +124,7 @@ abstract class AbstractController implements ControllerInterface
      * @var int $user_level_required
      * @see setMinUserLevelRequired()
      */
-    protected $user_level_required = PSM_USER_USER;
+    protected $user_level_required = (PSM_PUBLIC && PSM_PUBLIC_PAGE) ? PSM_USER_ANONYMOUS : PSM_USER_USER;
 
     /**
      * Required user level for certain actions

src/psm/Module/User/Controller/UserController.php

@@ -282,12 +282,25 @@ class UserController extends AbstractController
             $user_validator->username($clean['user_name'], $user_id);
             $user_validator->email($clean['email']);
             $user_validator->level($clean['level']);
+            
+            // Won't allow anonymous level for users other than __PUBLIC__
+            if ($clean['user_name'] !== "__PUBLIC__" && (int) $clean['level'] === (int) PSM_USER_ANONYMOUS) {
+                $this->addMessage(psm_get_lang('users', 'error_user_cant_be_anonymous'), 'error');
+                $clean['level'] = PSM_USER_USER;
+            }
 
             // always validate password for new users,
             // but only validate it for existing users when they change it.
-            if ($user_id == 0 || ($user_id > 0 && $clean['password'] != '')) {
+            if (($user_id == 0 || ($user_id > 0 && $clean['password'] != '')) && $clean['user_name'] != '__PUBLIC__') {
                 $user_validator->password($clean['password'], $clean['password_repeat']);
             }
+
+            // Auto generate password for __PUBLIC__ user
+            if ($clean['user_name'] === '__PUBLIC__') {
+                $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%&*_";
+                $clean['password'] = substr(str_shuffle($chars), 0, 24);
+            }
+
             if ($user_id > 0) {
                 $user_validator->userId($user_id);
             }

src/psm/Service/User.php

@@ -100,6 +100,17 @@ class User
             }
             $this->session = $session;
 
+            if (PSM_PUBLIC === true && PSM_PUBLIC_PAGE === true) {
+                $query_user = $this->db_connection->prepare('SELECT * FROM ' .
+                    PSM_DB_PREFIX . 'users WHERE user_name = :user_name and level = :level');
+                $query_user->bindValue(':user_name', "__PUBLIC__", \PDO::PARAM_STR);
+                $query_user->bindValue(':level', PSM_USER_ANONYMOUS, \PDO::PARAM_STR);
+                $query_user->execute();
+
+                // get result row (as an object)
+                $this->setUserLoggedIn($query_user->fetchObject()->user_id);
+            }
+
             if ((!defined('PSM_INSTALL') || !PSM_INSTALL)) {
                 // check the possible login actions:
                 // 1. login via session data (happens each time user opens a page on your php project AFTER

src/psm/Util/Install/Installer.php

@@ -724,7 +724,6 @@ class Installer
                     ('jabber_username', ''),
                     ('jabber_domain', ''),
                     ('jabber_password', '');";
-
         $this->execSQL($queries);
     }
 
@@ -754,6 +753,11 @@ class Installer
             ADD `discord` VARCHAR( 255 ) NOT NULL AFTER `mobile`;";
         $queries[] = "ALTER TABLE `" . PSM_DB_PREFIX . "servers` 
             ADD `discord` ENUM( 'yes','no' ) NOT NULL DEFAULT 'yes' AFTER  `sms`;";
+        $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` (
+            `user_name`, `level`, `name`, `email`)
+            VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')";
         $this->execSQL($queries);
+
+        $this->log('Public page is now available. Added user \'__PUBLIC__\'. See documentation for more info.');
     }
 }

src/psm/Util/User/UserValidator.php

@@ -39,7 +39,7 @@ class UserValidator
      * Available editable user levels
      * @var array $user_levels
      */
-    protected $user_levels = array(PSM_USER_ADMIN, PSM_USER_USER);
+    protected $user_levels = array(PSM_USER_ADMIN, PSM_USER_USER, PSM_USER_ANONYMOUS);
 
     /**
      * User service

src/templates/default/static/js/scripts.js

@@ -51,6 +51,7 @@ $().ready(function () {
 	}
 	$('#label').focus();
 });
+
 $("#type").change(function () {
 	switch ($("select#type option:checked").val()) {
 		case "website":
@@ -103,6 +104,21 @@ $("select#popular_ports").change(function () {
 	}
 }).change();
 
+$("#user_name").change(function ()
+{
+    switch ($("#user_name").val()) {
+        case "__PUBLIC__":
+            $('#password').parent().slideUp();
+            $('#password_repeat').parent().slideUp();
+            $("select#level").val('30');
+            $("#name").val('Public page');
+            break;
+        default:
+            $('#password').parent().slideDown();
+            $('#password_repeat').parent().slideDown();
+    }
+}).change();
+
 
 function psm_xhr(mod, params, method, on_complete, options) {
 	method = (typeof method === 'undefined') ? 'GET' : method;