[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php

<?php
/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
define('PERMISSION_MANAGE_USERS', 'manage_users'); 
/** Relating to Users tab: Can ban users connected to IRC */
define('PERMISSION_BAN_USERS', 'ban_users');
/** Change properties of a user, i.e. vhost, modes and more */
define('PERMISSION_EDIT_USER', 'edit_user');
/** Change properties of a channel, i.e. topic, modes and more */
define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); 
/** Change properties of a user on a channel i.e give/remove voice or ops and more */
define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); 
/** Can add manual bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); 
/** Can remove set bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
/** Can add Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_ADD', 'nb_add');
/** Can delete Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_DEL', 'nb_del'); 
/** Can add ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); 
/** Can delete ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); 
/** Can add spamfilter entries */
define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); 
/** Can delete spamfilter entries */
define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
/**
 * PanelUser
 * This is the User class for the SQL_Auth plugin
 */
class PanelUser
{
	public $id = NULL;
	public $username = NULL;
	private $passhash = NULL;
	public $first_name = NULL;
	public $last_name = NULL;
	public $created = NULL;
	public $user_meta = [];
	public $bio = NULL;
	public $email = NULL;

	/**
	 * Find a user in the database by name or ID
	 * @param string $name
	 * @param mixed $id
	 */
	function __construct(string $name = NULL, int $id = NULL)
	{
		$user["name"] = $name;
		$user["id"] = $id;
		$user["object"] = NULL;

		Hook::run(HOOKTYPE_USER_LOOKUP, $user);
		foreach ($user['object'] as $key => $value)
			$this->$key = $value;
	}

	/**
	 * Verify a user's password
	 * @param string $input
	 * @return bool
	 */
	function password_verify(string $input) : bool
	{
		if (password_verify($input, $this->passhash))
			return true;
		return false;
	}

	/**
	 * Add user meta data
	 * @param string $key
	 * @param string $value
	 */
	function add_meta(string $key, string $value)
	{
		
		if (!$key || !$value)
			return false;

		$meta = [
			"id" => $this->id,
			"key" => $key,
			"value" => $value
		];

		$array['meta'] = $meta;
		$array['user'] = $this;
		Hook::run(HOOKTYPE_USERMETA_ADD, $array);
		
	}

	/**
	 * Delete user meta data by key
	 * @param string $key
	 */
	function delete_meta(string $key)
	{
		if (!$key )
			return false;

		$meta = [
			"id" => $this->id,
			"key" => $key,
		];
		Hook::run(HOOKTYPE_USERMETA_DEL, $meta);

	}

	/** PERMISSIONS */

	function add_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		if (!in_array($permission,$meta))
			$meta[] = $permission;
		$this->add_meta("permissions", serialize($meta)); // updet de dettabess
		$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	}
	function delete_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		foreach($meta as $key => $value)
		{
			if (!strcmp($permission, $value))
				unset($meta[$key]);
		}
		$this->add_meta("permissions", serialize($meta));
		$this->user_meta['permissions'] = serialize($meta);
	}

}


/**
 * This class looks up and returns any user meta.
 * This is used by PanelUser, so you won't need to 
 * call it separately from PanelUser.
 */
class PanelUser_Meta
{
	public $list = [];
	function __construct($id)
	{
		$array = [];
		$arr["id"] = $id;
		$arr['meta'] = &$array;
		Hook::run(HOOKTYPE_USERMETA_GET, $arr);
		do_log($array);
		$this->list = $arr['meta'];
		
	}
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array &$user) : bool
{
	if (!isset($user['user_name']) || !isset($user['user_pass']))
		throw new Exception("Attempted to add user without specifying user_name or user_pass");

	$user['user_name'] = htmlspecialchars($user['user_name']);
	$user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;

	if (($u = new PanelUser($user['user_name']))->id)
	{
		$user['err'] = "User already exists";
		return false;
	}
	// internal use
	$user['success'] = false;
	$user['errmsg'] = [];
	
	Hook::run(HOOKTYPE_USER_CREATE, $user);
	if (!$user['success'])
		return false;
	
	return true;
}

/**
 * Gets the user object for the current session
 * @return PanelUser|bool
 */
function unreal_get_current_user() : PanelUser|bool
{
	if (!isset($_SESSION))
	{
		session_set_cookie_params(3600);
		session_start();
	}
	if (isset($_SESSION['id']))
	{
		$user = new PanelUser(NULL, $_SESSION['id']);
		if ($user->id)
			return $user;
	}
	return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can($permission) : bool
{
	$user = unreal_get_current_user();
	return user_can($user, $permission);
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function user_can(PanelUser $user, $permission) : bool
{
	if (!$user)
		return false;

	if (isset($user->user_meta['permissions']))
	{
		$perms = unserialize($user->user_meta['permissions']);
		if (in_array($permission, $perms))
			return true;
	}
	return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
	$user = new PanelUser(NULL, $id);
	if (!$user->id) {
		$info[] = "Could not find user";
		return 0;
	}
	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	return $arr["boolint"];
}

function get_panel_user_permission_list()
{
	$list = [
		"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
		"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
		"Can hange properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
		"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
		"Change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
		"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
		"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
		"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
		"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
		"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
		"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
		"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
		"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
	];
	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	return $list;
}

function generate_panel_user_permission_table($user)
{
	
	$list = get_panel_user_permission_list();
	foreach($list as $desc => $slug)
	{
		$attributes = "";
		$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
		?>
		<div class="input-group">
			<div class="input-group-prepend">
				<div class="input-group-text">
					<input <?php
						$attributes .= (user_can($user, $slug)) ? "checked" : "";
						echo $attributes;
					?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
				</div>
			</div>
			<input type="text" readonly  class="form-control" value="<?php echo "$desc ($slug)"; ?>">
		</div>

		<?php
	}
}
Commit	Line	Data
961b0aa7	1	<?php
cc9898cc VP	2	/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
	3	define('PERMISSION_MANAGE_USERS', 'manage_users');
	4	/** Relating to Users tab: Can ban users connected to IRC */
	5	define('PERMISSION_BAN_USERS', 'ban_users');
	6	/** Change properties of a user, i.e. vhost, modes and more */
	7	define('PERMISSION_EDIT_USER', 'edit_user');
	8	/** Change properties of a channel, i.e. topic, modes and more */
	9	define('PERMISSION_EDIT_CHANNEL', 'edit_channel');
	10	/** Change properties of a user on a channel i.e give/remove voice or ops and more */
	11	define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user');
	12	/** Can add manual bans, including G-Lines, Z-Lines and more */
	13	define('PERMISSION_SERVER_BAN_ADD', 'tkl_add');
	14	/** Can remove set bans, including G-Lines, Z-Lines and more */
	15	define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
	16	/** Can add Name Bans (Q-Lines) */
	17	define('PERMISSION_NAME_BAN_ADD', 'nb_add');
	18	/** Can delete Name Bans (Q-Lines) */
	19	define('PERMISSION_NAME_BAN_DEL', 'nb_del');
	20	/** Can add ban exceptions (E-Lines) */
	21	define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add');
	22	/** Can delete ban exceptions (E-Lines) */
	23	define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del');
	24	/** Can add spamfilter entries */
	25	define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
	26	/** Can delete spamfilter entries */
	27	define('PERMISSION_SPAMFILTER_DEL', 'sf_del');
6b3d3f83	28	/**
6930484c	29	* PanelUser
6b3d3f83 VP	30	* This is the User class for the SQL_Auth plugin
6b3d3f83 VP	31	*/
6930484c	32	class PanelUser
961b0aa7	33	{
d72d1923 VP	34	public $id = NULL;
	35	public $username = NULL;
	36	private $passhash = NULL;
	37	public $first_name = NULL;
	38	public $last_name = NULL;
	39	public $created = NULL;
	40	public $user_meta = [];
	41	public $bio = NULL;
0b546dde	42	public $email = NULL;
d72d1923 VP	43
	44	/**
	45	* Find a user in the database by name or ID
	46	* @param string $name
	47	* @param mixed $id
	48	*/
	49	function __construct(string $name = NULL, int $id = NULL)
	50	{
6930484c VP	51	$user["name"] = $name;
	52	$user["id"] = $id;
	53	$user["object"] = NULL;
d72d1923	54
6930484c VP	55	Hook::run(HOOKTYPE_USER_LOOKUP, $user);
	56	foreach ($user['object'] as $key => $value)
	57	$this->$key = $value;
d72d1923 VP	58	}
	59
	60	/**
	61	* Verify a user's password
	62	* @param string $input
	63	* @return bool
	64	*/
	65	function password_verify(string $input) : bool
	66	{
	67	if (password_verify($input, $this->passhash))
	68	return true;
	69	return false;
	70	}
	71
	72	/**
	73	* Add user meta data
	74	* @param string $key
	75	* @param string $value
d72d1923 VP	76	*/
	77	function add_meta(string $key, string $value)
	78	{
6930484c	79
d72d1923 VP	80	if (!$key \|\| !$value)
	81	return false;
	82
	83	$meta = [
	84	"id" => $this->id,
	85	"key" => $key,
	86	"value" => $value
	87	];
d72d1923	88
6930484c VP	89	$array['meta'] = $meta;
	90	$array['user'] = $this;
	91	Hook::run(HOOKTYPE_USERMETA_ADD, $array);
	92
d72d1923 VP	93	}
	94
	95	/**
	96	* Delete user meta data by key
	97	* @param string $key
d72d1923 VP	98	*/
	99	function delete_meta(string $key)
	100	{
	101	if (!$key )
	102	return false;
	103
	104	$meta = [
	105	"id" => $this->id,
	106	"key" => $key,
	107	];
6930484c	108	Hook::run(HOOKTYPE_USERMETA_DEL, $meta);
d72d1923 VP	109
	110	}
	111
	112	/** PERMISSIONS */
	113
	114	function add_permission($permission)
	115	{
	116	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	117	if (!in_array($permission,$meta))
	118	$meta[] = $permission;
	119	$this->add_meta("permissions", serialize($meta)); // updet de dettabess
	120	$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	121	}
	122	function delete_permission($permission)
	123	{
	124	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	125	foreach($meta as $key => $value)
	126	{
	127	if (!strcmp($permission, $value))
	128	unset($meta[$key]);
	129	}
	130	$this->add_meta("permissions", serialize($meta));
	131	$this->user_meta['permissions'] = serialize($meta);
	132	}
	133
4d634d0a	134	}
a3151e7c	135
6b3d3f83 VP	136
	137	/**
	138	* This class looks up and returns any user meta.
6930484c VP	139	* This is used by PanelUser, so you won't need to
6930484c VP	140	* call it separately from PanelUser.
6b3d3f83	141	*/
6930484c	142	class PanelUser_Meta
4d634d0a	143	{
d72d1923 VP	144	public $list = [];
	145	function __construct($id)
	146	{
6930484c VP	147	$array = [];
	148	$arr["id"] = $id;
	149	$arr['meta'] = &$array;
	150	Hook::run(HOOKTYPE_USERMETA_GET, $arr);
	151	do_log($array);
	152	$this->list = $arr['meta'];
	153
d72d1923	154	}
a3151e7c VP	155	}
a3151e7c VP	156
4225314c VP	157	/**
	158	* Array of user
	159	*
	160	* Required:
	161	* user_name
	162	* user_pass
	163	*
	164	* Optional:
	165	* user_fname
	166	* user_lname
	167	*
	168	* @param array $user
	169	* @throws Exception
	170	* @return bool
	171	*/
180b8ec1	172	function create_new_user(array &$user) : bool
4d634d0a	173	{
d72d1923 VP	174	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	175	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	176
180b8ec1 VP	177	$user['user_name'] = htmlspecialchars($user['user_name']);
	178	$user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
	179	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	180	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	181	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
9a674833	182	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;
d72d1923	183
180b8ec1 VP	184	if (($u = new PanelUser($user['user_name']))->id)
	185	{
	186	$user['err'] = "User already exists";
	187	return false;
	188	}
	189	// internal use
	190	$user['success'] = false;
	191	$user['errmsg'] = [];
	192
	193	Hook::run(HOOKTYPE_USER_CREATE, $user);
	194	if (!$user['success'])
	195	return false;
d72d1923 VP	196
d72d1923 VP	197	return true;
4d634d0a VP	198	}
	199
	200	/**
	201	* Gets the user object for the current session
6930484c	202	* @return PanelUser\|bool
4d634d0a	203	*/
6930484c	204	function unreal_get_current_user() : PanelUser\|bool
a3151e7c	205	{
06369f59 VP	206	if (!isset($_SESSION))
	207	{
	208	session_set_cookie_params(3600);
	209	session_start();
	210	}
d72d1923 VP	211	if (isset($_SESSION['id']))
d72d1923 VP	212	{
6930484c	213	$user = new PanelUser(NULL, $_SESSION['id']);
d72d1923 VP	214	if ($user->id)
	215	return $user;
	216	}
	217	return false;
4d634d0a VP	218	}
	219
	220	/**
	221	* Checks if a user can do something
	222	* @param string $permission
	223	* @return bool
	224	*/
d72d1923	225	function current_user_can($permission) : bool
4d634d0a	226	{
d72d1923	227	$user = unreal_get_current_user();
2405dc8e VP	228	return user_can($user, $permission);
	229	}
	230
	231	/**
	232	* Checks if a user can do something
	233	* @param string $permission
	234	* @return bool
	235	*/
	236	function user_can(PanelUser $user, $permission) : bool
	237	{
d72d1923 VP	238	if (!$user)
d72d1923 VP	239	return false;
2405dc8e	240
d72d1923 VP	241	if (isset($user->user_meta['permissions']))
	242	{
	243	$perms = unserialize($user->user_meta['permissions']);
	244	if (in_array($permission, $perms))
d72d1923	245	return true;
d72d1923 VP	246	}
d72d1923 VP	247	return false;
4d634d0a VP	248	}
4d634d0a VP	249
7aad7c29 VP	250	/**
	251	* Delete a user and related meta
	252	* @param int $id The ID of the user in the SQL database.
d72d1923	253	* @param array $info This will fill with a response.
7aad7c29 VP	254	* @return int
	255	*
	256	* Return values:
	257	* 1 The user was successfully deleted.
	258	* 0 The user was not found
	259	* -1 The admin does not have permission to delete users [TODO]
	260	*/
	261	function delete_user(int $id, &$info = []) : int
	262	{
6930484c	263	$user = new PanelUser(NULL, $id);
d72d1923 VP	264	if (!$user->id) {
	265	$info[] = "Could not find user";
	266	return 0;
	267	}
180b8ec1 VP	268	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	269	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	270	return $arr["boolint"];
54b5ea90 VP	271	}
54b5ea90 VP	272
2405dc8e VP	273	function get_panel_user_permission_list()
	274	{
	275	$list = [
	276	"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
	277	"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
	278	"Can hange properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
	279	"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
	280	"Change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
	281	"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
	282	"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
	283	"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
	284	"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
	285	"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
	286	"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
	287	"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
	288	"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
	289	];
	290	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	291	return $list;
	292	}
	293
	294	function generate_panel_user_permission_table($user)
	295	{
	296
	297	$list = get_panel_user_permission_list();
	298	foreach($list as $desc => $slug)
	299	{
	300	$attributes = "";
	301	$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
	302	?>
	303	<div class="input-group">
	304	<div class="input-group-prepend">
	305	<div class="input-group-text">
	306	<input <?php
	307	$attributes .= (user_can($user, $slug)) ? "checked" : "";
	308	echo $attributes;
	309	?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
	310	</div>
	311	</div>
	312	<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
	313	</div>
	314
	315	<?php
	316	}
	317	}