]>
Commit | Line | Data |
---|---|---|
961b0aa7 | 1 | <?php |
cc9898cc VP |
2 | /** Relating to Panel Access: Can add, delete and edit users. Big boss. */ |
3 | define('PERMISSION_MANAGE_USERS', 'manage_users'); | |
4 | /** Relating to Users tab: Can ban users connected to IRC */ | |
5 | define('PERMISSION_BAN_USERS', 'ban_users'); | |
6 | /** Change properties of a user, i.e. vhost, modes and more */ | |
7 | define('PERMISSION_EDIT_USER', 'edit_user'); | |
8 | /** Change properties of a channel, i.e. topic, modes and more */ | |
9 | define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); | |
10 | /** Change properties of a user on a channel i.e give/remove voice or ops and more */ | |
11 | define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); | |
12 | /** Can add manual bans, including G-Lines, Z-Lines and more */ | |
13 | define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); | |
14 | /** Can remove set bans, including G-Lines, Z-Lines and more */ | |
15 | define('PERMISSION_SERVER_BAN_DEL', 'tkl_del'); | |
16 | /** Can add Name Bans (Q-Lines) */ | |
17 | define('PERMISSION_NAME_BAN_ADD', 'nb_add'); | |
18 | /** Can delete Name Bans (Q-Lines) */ | |
19 | define('PERMISSION_NAME_BAN_DEL', 'nb_del'); | |
20 | /** Can add ban exceptions (E-Lines) */ | |
21 | define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); | |
22 | /** Can delete ban exceptions (E-Lines) */ | |
23 | define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); | |
24 | /** Can add spamfilter entries */ | |
25 | define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); | |
26 | /** Can delete spamfilter entries */ | |
27 | define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); | |
6b3d3f83 | 28 | /** |
6930484c | 29 | * PanelUser |
6b3d3f83 VP |
30 | * This is the User class for the SQL_Auth plugin |
31 | */ | |
6930484c | 32 | class PanelUser |
961b0aa7 | 33 | { |
d72d1923 VP |
34 | public $id = NULL; |
35 | public $username = NULL; | |
36 | private $passhash = NULL; | |
37 | public $first_name = NULL; | |
38 | public $last_name = NULL; | |
39 | public $created = NULL; | |
40 | public $user_meta = []; | |
41 | public $bio = NULL; | |
0b546dde | 42 | public $email = NULL; |
d72d1923 VP |
43 | |
44 | /** | |
45 | * Find a user in the database by name or ID | |
46 | * @param string $name | |
47 | * @param mixed $id | |
48 | */ | |
49 | function __construct(string $name = NULL, int $id = NULL) | |
50 | { | |
6930484c VP |
51 | $user["name"] = $name; |
52 | $user["id"] = $id; | |
53 | $user["object"] = NULL; | |
d72d1923 | 54 | |
6930484c VP |
55 | Hook::run(HOOKTYPE_USER_LOOKUP, $user); |
56 | foreach ($user['object'] as $key => $value) | |
57 | $this->$key = $value; | |
d72d1923 VP |
58 | } |
59 | ||
60 | /** | |
61 | * Verify a user's password | |
62 | * @param string $input | |
63 | * @return bool | |
64 | */ | |
65 | function password_verify(string $input) : bool | |
66 | { | |
67 | if (password_verify($input, $this->passhash)) | |
68 | return true; | |
69 | return false; | |
70 | } | |
71 | ||
72 | /** | |
73 | * Add user meta data | |
74 | * @param string $key | |
75 | * @param string $value | |
d72d1923 VP |
76 | */ |
77 | function add_meta(string $key, string $value) | |
78 | { | |
6930484c | 79 | |
d72d1923 VP |
80 | if (!$key || !$value) |
81 | return false; | |
82 | ||
83 | $meta = [ | |
84 | "id" => $this->id, | |
85 | "key" => $key, | |
86 | "value" => $value | |
87 | ]; | |
d72d1923 | 88 | |
6930484c VP |
89 | $array['meta'] = $meta; |
90 | $array['user'] = $this; | |
91 | Hook::run(HOOKTYPE_USERMETA_ADD, $array); | |
92 | ||
d72d1923 VP |
93 | } |
94 | ||
95 | /** | |
96 | * Delete user meta data by key | |
97 | * @param string $key | |
d72d1923 VP |
98 | */ |
99 | function delete_meta(string $key) | |
100 | { | |
101 | if (!$key ) | |
102 | return false; | |
103 | ||
104 | $meta = [ | |
105 | "id" => $this->id, | |
106 | "key" => $key, | |
107 | ]; | |
6930484c | 108 | Hook::run(HOOKTYPE_USERMETA_DEL, $meta); |
d72d1923 VP |
109 | |
110 | } | |
111 | ||
112 | /** PERMISSIONS */ | |
113 | ||
114 | function add_permission($permission) | |
115 | { | |
116 | $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : []; | |
117 | if (!in_array($permission,$meta)) | |
118 | $meta[] = $permission; | |
119 | $this->add_meta("permissions", serialize($meta)); // updet de dettabess | |
120 | $this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used | |
121 | } | |
122 | function delete_permission($permission) | |
123 | { | |
124 | $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : []; | |
125 | foreach($meta as $key => $value) | |
126 | { | |
127 | if (!strcmp($permission, $value)) | |
128 | unset($meta[$key]); | |
129 | } | |
130 | $this->add_meta("permissions", serialize($meta)); | |
131 | $this->user_meta['permissions'] = serialize($meta); | |
132 | } | |
133 | ||
4d634d0a | 134 | } |
a3151e7c | 135 | |
6b3d3f83 VP |
136 | |
137 | /** | |
138 | * This class looks up and returns any user meta. | |
6930484c VP |
139 | * This is used by PanelUser, so you won't need to |
140 | * call it separately from PanelUser. | |
6b3d3f83 | 141 | */ |
6930484c | 142 | class PanelUser_Meta |
4d634d0a | 143 | { |
d72d1923 VP |
144 | public $list = []; |
145 | function __construct($id) | |
146 | { | |
6930484c VP |
147 | $array = []; |
148 | $arr["id"] = $id; | |
149 | $arr['meta'] = &$array; | |
150 | Hook::run(HOOKTYPE_USERMETA_GET, $arr); | |
151 | do_log($array); | |
152 | $this->list = $arr['meta']; | |
153 | ||
d72d1923 | 154 | } |
a3151e7c VP |
155 | } |
156 | ||
4225314c VP |
157 | /** |
158 | * Array of user | |
159 | * | |
160 | * Required: | |
161 | * user_name | |
162 | * user_pass | |
163 | * | |
164 | * Optional: | |
165 | * user_fname | |
166 | * user_lname | |
167 | * | |
168 | * @param array $user | |
169 | * @throws Exception | |
170 | * @return bool | |
171 | */ | |
180b8ec1 | 172 | function create_new_user(array &$user) : bool |
4d634d0a | 173 | { |
d72d1923 VP |
174 | if (!isset($user['user_name']) || !isset($user['user_pass'])) |
175 | throw new Exception("Attempted to add user without specifying user_name or user_pass"); | |
176 | ||
180b8ec1 VP |
177 | $user['user_name'] = htmlspecialchars($user['user_name']); |
178 | $user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID); | |
179 | $user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL; | |
180 | $last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL; | |
181 | $user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL; | |
d72d1923 | 182 | |
180b8ec1 VP |
183 | if (($u = new PanelUser($user['user_name']))->id) |
184 | { | |
185 | $user['err'] = "User already exists"; | |
186 | return false; | |
187 | } | |
188 | // internal use | |
189 | $user['success'] = false; | |
190 | $user['errmsg'] = []; | |
191 | ||
192 | Hook::run(HOOKTYPE_USER_CREATE, $user); | |
193 | if (!$user['success']) | |
194 | return false; | |
d72d1923 VP |
195 | |
196 | return true; | |
4d634d0a VP |
197 | } |
198 | ||
199 | /** | |
200 | * Gets the user object for the current session | |
6930484c | 201 | * @return PanelUser|bool |
4d634d0a | 202 | */ |
6930484c | 203 | function unreal_get_current_user() : PanelUser|bool |
a3151e7c | 204 | { |
06369f59 VP |
205 | if (!isset($_SESSION)) |
206 | { | |
207 | session_set_cookie_params(3600); | |
208 | session_start(); | |
209 | } | |
d72d1923 VP |
210 | if (isset($_SESSION['id'])) |
211 | { | |
6930484c | 212 | $user = new PanelUser(NULL, $_SESSION['id']); |
d72d1923 VP |
213 | if ($user->id) |
214 | return $user; | |
215 | } | |
216 | return false; | |
4d634d0a VP |
217 | } |
218 | ||
219 | /** | |
220 | * Checks if a user can do something | |
221 | * @param string $permission | |
222 | * @return bool | |
223 | */ | |
d72d1923 | 224 | function current_user_can($permission) : bool |
4d634d0a | 225 | { |
d72d1923 | 226 | $user = unreal_get_current_user(); |
2405dc8e VP |
227 | return user_can($user, $permission); |
228 | } | |
229 | ||
230 | /** | |
231 | * Checks if a user can do something | |
232 | * @param string $permission | |
233 | * @return bool | |
234 | */ | |
235 | function user_can(PanelUser $user, $permission) : bool | |
236 | { | |
d72d1923 VP |
237 | if (!$user) |
238 | return false; | |
2405dc8e | 239 | |
d72d1923 VP |
240 | if (isset($user->user_meta['permissions'])) |
241 | { | |
242 | $perms = unserialize($user->user_meta['permissions']); | |
243 | if (in_array($permission, $perms)) | |
d72d1923 | 244 | return true; |
d72d1923 VP |
245 | } |
246 | return false; | |
4d634d0a VP |
247 | } |
248 | ||
7aad7c29 VP |
249 | /** |
250 | * Delete a user and related meta | |
251 | * @param int $id The ID of the user in the SQL database. | |
d72d1923 | 252 | * @param array $info This will fill with a response. |
7aad7c29 VP |
253 | * @return int |
254 | * | |
255 | * Return values: | |
256 | * 1 The user was successfully deleted. | |
257 | * 0 The user was not found | |
258 | * -1 The admin does not have permission to delete users [TODO] | |
259 | */ | |
260 | function delete_user(int $id, &$info = []) : int | |
261 | { | |
6930484c | 262 | $user = new PanelUser(NULL, $id); |
d72d1923 VP |
263 | if (!$user->id) { |
264 | $info[] = "Could not find user"; | |
265 | return 0; | |
266 | } | |
180b8ec1 VP |
267 | $arr = ["user" => $user, "info" => &$info, "boolint" => 0]; |
268 | Hook::run(HOOKTYPE_USER_DELETE, $arr); | |
269 | return $arr["boolint"]; | |
54b5ea90 VP |
270 | } |
271 | ||
2405dc8e VP |
272 | function get_panel_user_permission_list() |
273 | { | |
274 | $list = [ | |
275 | "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS, | |
276 | "Can ban/kill IRC users" => PERMISSION_BAN_USERS, | |
277 | "Can hange properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER, | |
278 | "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL, | |
279 | "Change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER, | |
280 | "Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD, | |
281 | "Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL, | |
282 | "Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD, | |
283 | "Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL, | |
284 | "Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD, | |
285 | "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL, | |
286 | "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD, | |
287 | "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL | |
288 | ]; | |
289 | Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions | |
290 | return $list; | |
291 | } | |
292 | ||
293 | function generate_panel_user_permission_table($user) | |
294 | { | |
295 | ||
296 | $list = get_panel_user_permission_list(); | |
297 | foreach($list as $desc => $slug) | |
298 | { | |
299 | $attributes = ""; | |
300 | $attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled "; | |
301 | ?> | |
302 | <div class="input-group"> | |
303 | <div class="input-group-prepend"> | |
304 | <div class="input-group-text"> | |
305 | <input <?php | |
306 | $attributes .= (user_can($user, $slug)) ? "checked" : ""; | |
307 | echo $attributes; | |
308 | ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox"> | |
309 | </div> | |
310 | </div> | |
311 | <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>"> | |
312 | </div> | |
313 | ||
314 | <?php | |
315 | } | |
316 | } |