]>
Commit | Line | Data |
---|---|---|
ea27475b VP |
1 | <?php |
2 | ||
3 | require_once "SQL/sql.php"; | |
4d634d0a | 4 | require_once "SQL/user.php"; |
ce9cf366 | 5 | require_once "SQL/settings.php"; |
4d634d0a | 6 | |
ea27475b VP |
7 | class sql_auth |
8 | { | |
b44a2e97 | 9 | public $name = "SQLAuth"; |
ea27475b VP |
10 | public $author = "Valware"; |
11 | public $version = "1.0"; | |
12 | public $description = "Provides a User Auth and Management Panel with an SQL backend"; | |
13 | ||
14 | function __construct() | |
15 | { | |
5015c85c | 16 | self::create_tables(); |
b44a2e97 VP |
17 | Hook::func(HOOKTYPE_NAVBAR, 'sql_auth::add_navbar'); |
18 | Hook::func(HOOKTYPE_PRE_HEADER, 'sql_auth::session_start'); | |
aec8a198 | 19 | Hook::func(HOOKTYPE_OVERVIEW_CARD, 'sql_auth::add_overview_card'); |
33f512fa | 20 | Hook::func(HOOKTYPE_FOOTER, 'sql_auth::add_footer_info'); |
4d634d0a VP |
21 | |
22 | if (defined('SQL_DEFAULT_USER')) // we've got a default account | |
23 | { | |
24 | $lkup = new SQLA_User(SQL_DEFAULT_USER['username']); | |
25 | ||
26 | if (!$lkup->id) // doesn't exist, add it with full privileges | |
27 | { | |
28 | create_new_user(["user_name" => SQL_DEFAULT_USER['username'], "user_pass" => SQL_DEFAULT_USER['password']]); | |
29 | } | |
30 | } | |
ea27475b VP |
31 | } |
32 | ||
33 | public static function add_navbar(&$pages) | |
34 | { | |
06369f59 VP |
35 | $user = unreal_get_current_user(); |
36 | if (!$user) | |
ce9cf366 VP |
37 | { |
38 | $pages = NULL; | |
39 | return; | |
40 | } | |
4225314c VP |
41 | $pages["Panel Access"] = "plugins/sql_auth/"; |
42 | if (isset($_SESSION['id'])) | |
b44a2e97 VP |
43 | { |
44 | $pages["Logout"] = "plugins/sql_auth/login.php?logout=true"; | |
45 | } | |
ea27475b VP |
46 | } |
47 | ||
33f512fa VP |
48 | public static function add_footer_info($empty) |
49 | { | |
50 | if (!($user = unreal_get_current_user())) | |
51 | return; | |
52 | ||
53 | else { | |
54 | echo "<code>Admin Panel v" . WEBPANEL_VERSION . "</code>"; | |
55 | } | |
56 | } | |
57 | ||
3a8ffab8 | 58 | /* pre-Header hook */ |
b44a2e97 VP |
59 | public static function session_start($n) |
60 | { | |
06369f59 VP |
61 | if (!isset($_SESSION)) |
62 | { | |
63 | session_set_cookie_params(3600); | |
64 | session_start(); | |
65 | } | |
454379e3 VP |
66 | do_log($_SESSION); |
67 | if (!isset($_SESSION['id']) || empty($_SESSION)) | |
b44a2e97 | 68 | { |
3a8ffab8 VP |
69 | $secure = ($_SERVER['HTTPS'] == 'on') ? "https://" : "http://"; |
70 | $current_url = "$secure$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; | |
ce9cf366 VP |
71 | $tok = split($_SERVER['SCRIPT_FILENAME'], "/"); |
72 | if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") { | |
73 | header("Location: " . BASE_URL . "plugins/sql_auth/error.php"); | |
74 | die(); | |
75 | } | |
3a8ffab8 | 76 | header("Location: ".BASE_URL."plugins/sql_auth/login.php?redirect=".urlencode($current_url)); |
454379e3 | 77 | die(); |
b44a2e97 | 78 | } |
08ce3aa7 VP |
79 | else |
80 | { | |
f5e3ecee | 81 | if (!unreal_get_current_user()->id) // user no longer exists |
08ce3aa7 VP |
82 | { |
83 | session_destroy(); | |
84 | header("Location: ".BASE_URL."plugins/sql_auth/login.php"); | |
f5e3ecee | 85 | die(); |
08ce3aa7 | 86 | } |
e3e93dde | 87 | // you'll be automatically logged out after one hour of inactivity |
08ce3aa7 | 88 | } |
b44a2e97 | 89 | } |
ea27475b | 90 | |
ce9cf366 VP |
91 | /** |
92 | * Create the tables we'll be using in the SQLdb | |
93 | * @return void | |
94 | */ | |
5015c85c VP |
95 | public static function create_tables() |
96 | { | |
97 | $conn = sqlnew(); | |
98 | $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "users ( | |
99 | user_id int AUTO_INCREMENT NOT NULL, | |
100 | user_name VARCHAR(255) NOT NULL, | |
101 | user_pass VARCHAR(255) NOT NULL, | |
102 | ||
103 | user_fname VARCHAR(255), | |
104 | user_lname VARCHAR(255), | |
105 | user_bio VARCHAR(255), | |
106 | created VARCHAR(255), | |
107 | PRIMARY KEY (user_id) | |
108 | )"); | |
109 | $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta ( | |
110 | meta_id int AUTO_INCREMENT NOT NULL, | |
111 | user_id int NOT NULL, | |
112 | meta_key VARCHAR(255) NOT NULL, | |
113 | meta_value VARCHAR(255), | |
114 | PRIMARY KEY (meta_id) | |
115 | )"); | |
ce9cf366 VP |
116 | $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings ( |
117 | id int AUTO_INCREMENT NOT NULL, | |
118 | setting_key VARCHAR(255) NOT NULL, | |
119 | setting_value VARCHAR(255), | |
120 | PRIMARY KEY (id) | |
121 | )"); | |
33f512fa VP |
122 | $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "fail2ban ( |
123 | id int AUTO_INCREMENT NOT NULL, | |
124 | ip VARCHAR(255) NOT NULL, | |
125 | count VARCHAR(255), | |
126 | PRIMARY KEY (id) | |
127 | )"); | |
9c643401 | 128 | new AuthSettings(); |
5015c85c VP |
129 | } |
130 | ||
ce9cf366 VP |
131 | /** |
132 | * Summary of add_overview_card | |
133 | * @param mixed $stats | |
134 | * @return void | |
135 | */ | |
136 | public static function add_overview_card(object &$stats) : void | |
aec8a198 VP |
137 | { |
138 | $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn(); | |
139 | ?> | |
140 | ||
141 | <div class="container mt-5"> | |
142 | ||
143 | <div class="row"> | |
144 | <div class="col-sm-3"> | |
145 | <div class="card text-center"> | |
146 | <div class="card-header bg-success text-white"> | |
147 | <div class="row"> | |
148 | <div class="col"> | |
149 | <i class="fa fa-lock-open fa-3x"></i> | |
150 | </div> | |
151 | <div class="col"> | |
152 | <h3 class="display-4"><?php echo $num_of_panel_admins; ?></h3> | |
153 | </div> | |
154 | </div> | |
155 | </div> | |
156 | <div class="card-body"> | |
157 | <div class="row"> | |
158 | <div class="col"> | |
159 | <h6>Panel Users</h6> | |
160 | </div> | |
161 | <div class="col"> <a class="btn btn-primary" href="<?php echo BASE_URL; ?>plugins/sql_auth/">View</a></div> | |
162 | </div> | |
163 | </div> | |
164 | </div> | |
165 | </div> | |
166 | </div> | |
167 | </div> | |
168 | <?php | |
169 | } | |
170 | ||
ce9cf366 VP |
171 | } |
172 | ||
173 | ||
174 | function security_check() | |
175 | { | |
176 | $ip = $_SERVER['REMOTE_ADDR']; | |
177 | if (dnsbl_check($ip)) | |
178 | return true; | |
179 | ||
180 | else if (fail2ban_check($ip)) | |
181 | { | |
182 | ||
183 | } | |
184 | } | |
185 | ||
186 | function dnsbl_check($ip) | |
187 | { | |
188 | $dnsbl_lookup = DNSBL; | |
189 | ||
190 | // clear variable just in case | |
191 | $listed = NULL; | |
192 | ||
193 | // if the IP was not given because you're an idiot, stop processing | |
194 | if (!$ip) { return; } | |
195 | ||
196 | // get the first two segments of the IPv4 | |
197 | $because = split($ip, "."); // why you | |
198 | $you = $because[1]; // gotta play | |
199 | $want = $because[2]; // that song | |
200 | $to = $you.".".$want."."; // so loud? | |
201 | ||
202 | // exempt local connections because sometimes they get a false positive | |
203 | if ($to == "192.168." || $to == "127.0.") { return NULL; } | |
204 | ||
205 | // you spin my IP right round, right round, to check the records baby, right round-round-round | |
206 | $reverse_ip = glue(array_reverse(split($ip, ".")), "."); | |
207 | ||
208 | // checkem | |
209 | foreach ($dnsbl_lookup as $host) { | |
210 | ||
211 | //if it was listed | |
212 | if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) { | |
213 | ||
214 | //take note | |
215 | $listed = $host; | |
216 | } | |
217 | } | |
218 | ||
219 | // if it was safe, return NOTHING | |
220 | if (!$listed) { | |
221 | return NULL; | |
222 | } | |
223 | ||
224 | // else, you guessed it, return where it was listed | |
225 | else { | |
226 | return $listed; | |
227 | } | |
228 | } | |
229 | ||
230 | function fail2ban_check($ip) | |
33f512fa VP |
231 | { |
232 | ||
233 | } |