From a9f0f64c78ea9cc6442b2c784a53d7a59663cc96 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Thu, 12 Dec 2019 22:00:31 +0100 Subject: [PATCH 01/13] Public server page --- public.php | 35 +++++++++++++++++++++++++++ src/bootstrap.php | 13 ++++++++++ src/lang/en_US.lang.php | 1 + src/psm/Module/AbstractController.php | 2 +- src/psm/Service/User.php | 11 +++++++++ src/psm/Util/User/UserValidator.php | 2 +- 6 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 public.php diff --git a/public.php b/public.php new file mode 100644 index 00000000..35299784 --- /dev/null +++ b/public.php @@ -0,0 +1,35 @@ +. + * + * @package phpservermon + * @author Pepijn Over + * @copyright Copyright (c) 2008-2017 Pepijn Over + * @license http://www.gnu.org/licenses/gpl.txt GNU GPL v3 + * @version Release: @package_version@ + * @link http://www.phpservermonitor.org/ + **/ + +namespace { + define('PSM_PUBLIC_PAGE', true); + + require __DIR__ . '/src/bootstrap.php'; + + $router->run('server'); +} diff --git a/src/bootstrap.php b/src/bootstrap.php index 9037beef..e6dd3338 100644 --- a/src/bootstrap.php +++ b/src/bootstrap.php @@ -108,6 +108,19 @@ namespace { } } + // check for a public page var + // This should be defined in the config + if (!defined('PSM_PUBLIC')) { + define('PSM_PUBLIC', false); + } + + // check for a public page + // This variable is for internal use + // and should not be changed by the user manualy + if (!defined('PSM_PUBLIC_PAGE')) { + define('PSM_PUBLIC_PAGE', false); + } + $lang = psm_get_conf('language', 'en_US'); psm_load_lang($lang); } diff --git a/src/lang/en_US.lang.php b/src/lang/en_US.lang.php index 621a6aed..c836511f 100644 --- a/src/lang/en_US.lang.php +++ b/src/lang/en_US.lang.php @@ -106,6 +106,7 @@ $sm_lang = array( 'level' => 'Level', 'level_10' => 'Administrator', 'level_20' => 'User', + 'level_30' => 'Anonymous', 'level_description' => 'Administrators have full access: they can manage servers, users and edit the global configuration.
Users can only view and run the updater for the servers that have been assigned to them.', diff --git a/src/psm/Module/AbstractController.php b/src/psm/Module/AbstractController.php index 260543e6..2fe2209b 100644 --- a/src/psm/Module/AbstractController.php +++ b/src/psm/Module/AbstractController.php @@ -124,7 +124,7 @@ abstract class AbstractController implements ControllerInterface * @var int $user_level_required * @see setMinUserLevelRequired() */ - protected $user_level_required = PSM_USER_USER; + protected $user_level_required = (PSM_PUBLIC && PSM_PUBLIC_PAGE) ? PSM_USER_ANONYMOUS : PSM_USER_USER; /** * Required user level for certain actions diff --git a/src/psm/Service/User.php b/src/psm/Service/User.php index fb50e475..fce6213b 100644 --- a/src/psm/Service/User.php +++ b/src/psm/Service/User.php @@ -100,6 +100,17 @@ class User } $this->session = $session; + if (PSM_PUBLIC === true && PSM_PUBLIC_PAGE === true) { + $query_user = $this->db_connection->prepare('SELECT * FROM ' . + PSM_DB_PREFIX . 'users WHERE user_name = :user_name and level = :level'); + $query_user->bindValue(':user_name', "__PUBLIC__", \PDO::PARAM_STR); + $query_user->bindValue(':level', PSM_USER_ANONYMOUS, \PDO::PARAM_STR); + $query_user->execute(); + + // get result row (as an object) + $this->setUserLoggedIn($query_user->fetchObject()->user_id); + } + if ((!defined('PSM_INSTALL') || !PSM_INSTALL)) { // check the possible login actions: // 1. login via session data (happens each time user opens a page on your php project AFTER diff --git a/src/psm/Util/User/UserValidator.php b/src/psm/Util/User/UserValidator.php index 65f322e0..b7277ce8 100644 --- a/src/psm/Util/User/UserValidator.php +++ b/src/psm/Util/User/UserValidator.php @@ -39,7 +39,7 @@ class UserValidator * Available editable user levels * @var array $user_levels */ - protected $user_levels = array(PSM_USER_ADMIN, PSM_USER_USER); + protected $user_levels = array(PSM_USER_ADMIN, PSM_USER_USER, PSM_USER_ANONYMOUS); /** * User service From ae6367b2a003b08d45c89d2d53e112431d947390 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Fri, 13 Dec 2019 14:13:15 +0100 Subject: [PATCH 02/13] Changed page to status page --- public.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public.php b/public.php index 35299784..28f21a7e 100644 --- a/public.php +++ b/public.php @@ -31,5 +31,5 @@ namespace { require __DIR__ . '/src/bootstrap.php'; - $router->run('server'); + $router->run('server_status'); } From 7745c752d1e39d1b9f8365111c86582e00f135b2 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Tue, 18 Aug 2020 17:49:44 +0200 Subject: [PATCH 03/13] Updated docs --- public.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public.php b/public.php index 28f21a7e..03c035b0 100644 --- a/public.php +++ b/public.php @@ -19,11 +19,12 @@ * along with PHP Server Monitor. If not, see . * * @package phpservermon - * @author Pepijn Over + * @author Tim Zandbergen * @copyright Copyright (c) 2008-2017 Pepijn Over * @license http://www.gnu.org/licenses/gpl.txt GNU GPL v3 * @version Release: @package_version@ * @link http://www.phpservermonitor.org/ + * @since phpservermon 3.6.0 **/ namespace { From 7d11f7bd1f8a0bad06da3bd62137c2f7bf7fa380 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Tue, 18 Aug 2020 17:50:06 +0200 Subject: [PATCH 04/13] Prevent unautorized warning --- public.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/public.php b/public.php index 03c035b0..9848ffbd 100644 --- a/public.php +++ b/public.php @@ -33,4 +33,8 @@ namespace { require __DIR__ . '/src/bootstrap.php'; $router->run('server_status'); + + // By destroying the session the login will show when going to another page + session_destroy(); + } From b94d66bfc02131467db846ebab9722047be9df85 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Tue, 18 Aug 2020 17:50:22 +0200 Subject: [PATCH 05/13] Added user on upgrade --- src/psm/Util/Install/Installer.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/psm/Util/Install/Installer.php b/src/psm/Util/Install/Installer.php index 010b9fbf..114eba65 100644 --- a/src/psm/Util/Install/Installer.php +++ b/src/psm/Util/Install/Installer.php @@ -341,6 +341,9 @@ class Installer if (version_compare($version_from, '3.4.2', '<')) { $this->upgrade342(); } + if (version_compare($version_from, '3.6.0', '<')) { + $this->upgrade360(); + } psm_update_conf('version', $version_to); } @@ -655,4 +658,14 @@ class Installer $queries[] = "ALTER TABLE `" . PSM_DB_PREFIX . "servers` CHANGE `last_output` `last_output` TEXT;"; $this->execSQL($queries); } + + protected function upgrade360() + { + $queries = array(); + $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` ( + `user_name`, `level`, `name`, `email`) + VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')"; + $this->execSQL($queries); + $this->log('Added user \'__PUBLIC__\'.'); + } } From 27d9bd6a70658b27313922a0060621a2f8bd6f1d Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Tue, 18 Aug 2020 17:53:18 +0200 Subject: [PATCH 06/13] Only __public__ can be anonymous --- src/lang/en_US.lang.php | 1 + src/psm/Module/User/Controller/UserController.php | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/src/lang/en_US.lang.php b/src/lang/en_US.lang.php index c836511f..21dabb9e 100644 --- a/src/lang/en_US.lang.php +++ b/src/lang/en_US.lang.php @@ -152,6 +152,7 @@ $sm_lang = array( 'error_user_password_invalid' => 'The entered password is invalid.', 'error_user_password_no_match' => 'The entered passwords do not match.', 'error_user_admin_cant_be_deleted' => 'You can\'t remove the last administrator.', + 'error_user_cant_be_anonymous' => 'Only user \'__public__\' can have the level anonymous.' ), 'log' => array( 'title' => 'Log entries', diff --git a/src/psm/Module/User/Controller/UserController.php b/src/psm/Module/User/Controller/UserController.php index cbc3ff64..a45f24a7 100644 --- a/src/psm/Module/User/Controller/UserController.php +++ b/src/psm/Module/User/Controller/UserController.php @@ -274,6 +274,14 @@ class UserController extends AbstractController $user_validator->username($clean['user_name'], $user_id); $user_validator->email($clean['email']); $user_validator->level($clean['level']); + + // Won't allow anonymous level for users other than __PUBLIC__ + if ($clean['user_name'] !== "__PUBLIC__" && (int) $clean['level'] === (int) PSM_USER_ANONYMOUS) { + $this->addMessage(psm_get_lang('users', 'error_user_cant_be_anonymous'), 'error'); + $clean['level'] = PSM_USER_USER; + } + + // Won't allow removing the last admin if ( count($this->db->select(PSM_DB_PREFIX . 'users', array('level' => PSM_USER_ADMIN))) == 1 && $this->getUser()->getUserLevel() == PSM_USER_ADMIN From 8cbf2dd7bf008f759aff47e88a1d5d80a9576bac Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Tue, 18 Aug 2020 17:53:26 +0200 Subject: [PATCH 07/13] Bumped version --- README.rst | 2 +- src/includes/psmconfig.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index d0a633ee..1940063c 100755 --- a/README.rst +++ b/README.rst @@ -5,7 +5,7 @@ PHP Server Monitor :alt: Join the chat at https://gitter.im/erickrf/nlpnet :target: https://gitter.im/phpservermon/phpservermon -Version 3.4.5 +Version 3.6.0 PHP Server Monitor is a script that checks whether your websites and servers are up and running. It comes with a web based user interface where you can manage your services and websites, diff --git a/src/includes/psmconfig.inc.php b/src/includes/psmconfig.inc.php index 530753c8..c70d24e5 100644 --- a/src/includes/psmconfig.inc.php +++ b/src/includes/psmconfig.inc.php @@ -30,7 +30,7 @@ /** * Current PSM version */ -define('PSM_VERSION', '3.4.5'); +define('PSM_VERSION', '3.6.0'); /** * URL to check for updates. Will not be checked if turned off on config page. From 56b122471b82607f6d4cb290fa688c66ca6a127e Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Mon, 24 Aug 2020 22:11:09 +0200 Subject: [PATCH 08/13] Added documentation --- docs/faq.rst | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/faq.rst b/docs/faq.rst index 0fdfb03c..a2f88ecb 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -10,7 +10,7 @@ Users What are the differences between the user levels? ------------------------------------------------- -There are 2 user levels available: regular user and administrator. +There are 3 user levels available: anonymous, regular user and administrator. Administrators: @@ -24,6 +24,16 @@ Regular users: * View the history and logs of their assigned servers. * Run the updater on their assigned servers. +Anonymous: +Only meant for user '__PUBLIC__' and can't be assigned to any other user. + +* View the status of their assigned servers without password. + +I removed user '__PUBLIC__', what now? +-------------------------------------- + +* Go to users -> create new user. +* Set the username to '__PUBLIC__', level to 'anonymous' and the rest is up to you. Servers +++++++ @@ -101,6 +111,14 @@ After upgrading, my email stopped working. Run 'php composer.phar update' and you should be good to go! +Setting up a public page. +------------------------- + +1. Set PSM_PUBLIC to true in config.php. +2. If not yet existing, create a user with username '__PUBLIC__'. See Users -> "I removed user '__PUBLIC__', what now?" for help. +3. Add servers to user '__PUBLIC__'. +4. Go to /public.php. + Notifications +++++++++++++ From 57e53d77c4d30d84378395602ea3752cc63fb041 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Mon, 24 Aug 2020 22:11:32 +0200 Subject: [PATCH 09/13] Added PSM_PUBLIC --- config.php.sample | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config.php.sample b/config.php.sample index 31d490d7..a892215c 100755 --- a/config.php.sample +++ b/config.php.sample @@ -5,4 +5,5 @@ define('PSM_DB_PASS', 'db_pass'); define('PSM_DB_NAME', 'db_name'); define('PSM_DB_HOST', 'localhost'); define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty. -define('PSM_BASE_URL', ''); \ No newline at end of file +define('PSM_BASE_URL', ''); +define('PSM_PUBLIC', true); \ No newline at end of file From 36e33b32154c1e803b2a00cc9533822fbcf52a09 Mon Sep 17 00:00:00 2001 From: Tim Date: Wed, 26 Aug 2020 15:17:23 +0200 Subject: [PATCH 10/13] Removed old check Removal of last admin has been fixed with 3568a570. --- src/psm/Module/User/Controller/UserController.php | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/psm/Module/User/Controller/UserController.php b/src/psm/Module/User/Controller/UserController.php index 0704cc39..cd667a29 100644 --- a/src/psm/Module/User/Controller/UserController.php +++ b/src/psm/Module/User/Controller/UserController.php @@ -289,15 +289,6 @@ class UserController extends AbstractController $clean['level'] = PSM_USER_USER; } - // Won't allow removing the last admin - if ( - count($this->db->select(PSM_DB_PREFIX . 'users', array('level' => PSM_USER_ADMIN))) == 1 && - $this->getUser()->getUserLevel() == PSM_USER_ADMIN - ) { - $this->addMessage(psm_get_lang('users', 'error_user_admin_cant_be_deleted'), 'warning'); - $clean['level'] = PSM_USER_ADMIN; - } - // always validate password for new users, // but only validate it for existing users when they change it. if ($user_id == 0 || ($user_id > 0 && $clean['password'] != '')) { From 99bcc90c0325e9f261c80cb3589cfa115211af81 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Wed, 26 Aug 2020 15:58:58 +0200 Subject: [PATCH 11/13] Auto gen password for __PUBLIC__ and hide fields --- .../Module/User/Controller/UserController.php | 9 ++++++++- src/templates/default/static/js/scripts.js | 16 ++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/psm/Module/User/Controller/UserController.php b/src/psm/Module/User/Controller/UserController.php index cd667a29..ba55a0e2 100644 --- a/src/psm/Module/User/Controller/UserController.php +++ b/src/psm/Module/User/Controller/UserController.php @@ -291,9 +291,16 @@ class UserController extends AbstractController // always validate password for new users, // but only validate it for existing users when they change it. - if ($user_id == 0 || ($user_id > 0 && $clean['password'] != '')) { + if (($user_id == 0 || ($user_id > 0 && $clean['password'] != '')) && $clean['user_name'] != '__PUBLIC__') { $user_validator->password($clean['password'], $clean['password_repeat']); } + + // Auto generate password for __PUBLIC__ user + if ($clean['user_name'] === '__PUBLIC__') { + $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%&*_"; + $clean['password'] = substr(str_shuffle($chars), 0, 24); + } + if ($user_id > 0) { $user_validator->userId($user_id); } diff --git a/src/templates/default/static/js/scripts.js b/src/templates/default/static/js/scripts.js index acd8b2ca..5184e3fb 100644 --- a/src/templates/default/static/js/scripts.js +++ b/src/templates/default/static/js/scripts.js @@ -51,6 +51,7 @@ $().ready(function () { } $('#label').focus(); }); + $("#type").change(function () { switch ($("select#type option:checked").val()) { case "website": @@ -103,6 +104,21 @@ $("select#popular_ports").change(function () { } }).change(); +$("#user_name").change(function () +{ + switch ($("#user_name").val()) { + case "__PUBLIC__": + $('#password').parent().slideUp(); + $('#password_repeat').parent().slideUp(); + $("select#level").val('30'); + $("#name").val('Public page'); + break; + default: + $('#password').parent().slideDown(); + $('#password_repeat').parent().slideDown(); + } +}).change(); + function psm_xhr(mod, params, method, on_complete, options) { method = (typeof method === 'undefined') ? 'GET' : method; From f1df99c5ae70587f5623966c25a7b429ae04a051 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Wed, 26 Aug 2020 15:59:46 +0200 Subject: [PATCH 12/13] Moved update script to 3.6.0 --- src/psm/Util/Install/Installer.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/psm/Util/Install/Installer.php b/src/psm/Util/Install/Installer.php index b36d13a1..ab9e5fef 100644 --- a/src/psm/Util/Install/Installer.php +++ b/src/psm/Util/Install/Installer.php @@ -724,12 +724,7 @@ class Installer ('jabber_username', ''), ('jabber_domain', ''), ('jabber_password', '');"; - - $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` ( - `user_name`, `level`, `name`, `email`) - VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')"; $this->execSQL($queries); - $this->log('Added user \'__PUBLIC__\'.'); } /** @@ -758,6 +753,11 @@ class Installer ADD `discord` VARCHAR( 255 ) NOT NULL AFTER `mobile`;"; $queries[] = "ALTER TABLE `" . PSM_DB_PREFIX . "servers` ADD `discord` ENUM( 'yes','no' ) NOT NULL DEFAULT 'yes' AFTER `sms`;"; + $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` ( + `user_name`, `level`, `name`, `email`) + VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')"; $this->execSQL($queries); + + $this->log('Public page is now available. Added user \'__PUBLIC__\'. See documentation for more info.'); } } From 3cf9a6e444c6bcd3f2d6d9dfec726306942573d5 Mon Sep 17 00:00:00 2001 From: Samuel Denis-D'Ortun Date: Sun, 1 Nov 2020 11:08:53 -0500 Subject: [PATCH 13/13] Set public to false by default. --- config.php.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php.sample b/config.php.sample index fd0775f4..a9537ed0 100644 --- a/config.php.sample +++ b/config.php.sample @@ -7,4 +7,4 @@ define('PSM_DB_HOST', 'localhost'); define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty. define('PSM_BASE_URL', ''); define('PSM_WEBCRON_KEY', ''); -define('PSM_PUBLIC', true); \ No newline at end of file +define('PSM_PUBLIC', false);