]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - Classes/class-paneluser.php
projects / irc / unrealircd / unrealircd-webpanel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Do something about no icons
[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php
1 <?php
2 /** Relating to Panel Access: Can add, delete and edit users. Big boss. */
3 define('PERMISSION_MANAGE_USERS', 'manage_users');
4 /** Relating to Users tab: Can ban users connected to IRC */
5 define('PERMISSION_BAN_USERS', 'ban_users');
6 /** Change properties of a user, i.e. vhost, modes and more */
7 define('PERMISSION_EDIT_USER', 'edit_user');
8 /** Change properties of a channel, i.e. topic, modes and more */
9 define('PERMISSION_EDIT_CHANNEL', 'edit_channel');
10 /** Change properties of a user on a channel i.e give/remove voice or ops and more */
11 define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user');
12 /** Can add manual bans, including G-Lines, Z-Lines and more */
13 define('PERMISSION_SERVER_BAN_ADD', 'tkl_add');
14 /** Can remove set bans, including G-Lines, Z-Lines and more */
15 define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
16 /** Can add Name Bans (Q-Lines) */
17 define('PERMISSION_NAME_BAN_ADD', 'nb_add');
18 /** Can delete Name Bans (Q-Lines) */
19 define('PERMISSION_NAME_BAN_DEL', 'nb_del');
20 /** Can add ban exceptions (E-Lines) */
21 define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add');
22 /** Can delete ban exceptions (E-Lines) */
23 define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del');
24 /** Can add spamfilter entries */
25 define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
26 /** Can delete spamfilter entries */
27 define('PERMISSION_SPAMFILTER_DEL', 'sf_del');
28 /** Can rehash servers */
29 define('PERMISSION_REHASH', 'rhs');
30 /**
31 * PanelUser
32 * This is the User class for the SQL_Auth plugin
33 */
34 class PanelUser
35 {
36 public $id = NULL;
37 public $username = NULL;
38 private $passhash = NULL;
39 public $first_name = NULL;
40 public $last_name = NULL;
41 public $created = NULL;
42 public $user_meta = [];
43 public $bio = NULL;
44 public $email = NULL;
45
46 /**
47 * Find a user in the database by name or ID
48 * @param string $name
49 * @param mixed $id
50 */
51 function __construct(string $name = NULL, int $id = NULL)
52 {
53 $user["name"] = $name;
54 $user["id"] = $id;
55 $user["object"] = NULL;
56 Hook::run(HOOKTYPE_USER_LOOKUP, $user);
57 if ($user['object'] === null)
58 return; /* no auth module loaded? */
59 foreach ($user['object'] as $key => $value)
60 $this->$key = $value;
61 }
62
63 /**
64 * Verify a user's password
65 * @param string $input
66 * @return bool
67 */
68 function password_verify(string $password, bool &$hash_needs_updating = false) : bool
69 {
70 GLOBAL $config;
71 $hash_needs_updating = false;
72
73 if (str_starts_with($this->passhash, "peppered:"))
74 {
75 /* Argon2 with pepper */
76 $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
77 if (password_verify($password, substr($this->passhash,9)))
78 return true;
79 } else {
80 /* Old standard argon2 */
81 if (password_verify($password, $this->passhash))
82 {
83 $hash_needs_updating = true;
84 return true;
85 }
86 }
87 return false;
88 }
89
90 /**
91 * Generate hash of user's password
92 * @param string $password
93 * @return string
94 */
95 public static function password_hash(string $password) : string
96 {
97 GLOBAL $config;
98 $input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
99 return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
100 }
101
102 /**
103 * Add user meta data
104 * If using an array for the first param then you
105 * must also use an array for the second param
106 * @param array|string $key
107 * @param array|string|int|bool|null $value
108 */
109 function add_meta(array|string $key, array|string|int|bool|null $value)
110 {
111
112 if (!$key)
113 return false;
114
115 if (is_array($key))
116 {
117 foreach ($key as $i => $k)
118 $arr[$k] = $value[$i];
119 } else {
120 $arr[$key] = $value;
121 }
122
123 foreach($arr as $k => $v)
124 {
125 $meta = [
126 "id" => $this->id,
127 "key" => $k,
128 "value" => $v
129 ];
130
131 $array['meta'] = $meta;
132 $array['user'] = $this;
133 Hook::run(HOOKTYPE_USERMETA_ADD, $array);
134 }
135
136 }
137
138 /**
139 * Delete user meta data by key
140 * @param string $key
141 */
142 function delete_meta(string $key)
143 {
144 if (!$key )
145 return false;
146
147 $meta = [
148 "id" => $this->id,
149 "key" => $key,
150 ];
151 $array['meta'] = $meta;
152 $array['user'] = $this;
153 Hook::run(HOOKTYPE_USERMETA_DEL, $array);
154
155 }
156
157 /** PERMISSIONS */
158
159 function add_permission($permission)
160 {
161 $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
162 if (!in_array($permission,$meta))
163 $meta[] = $permission;
164 $this->add_meta("permissions", serialize($meta)); // updet de dettabess
165 $this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
166 }
167 function delete_permission($permission)
168 {
169 $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
170 foreach($meta as $key => $value)
171 {
172 if (!strcmp($permission, $value))
173 unset($meta[$key]);
174 }
175 $this->add_meta("permissions", serialize($meta));
176 $this->user_meta['permissions'] = serialize($meta);
177 }
178
179 /** Updates core user info.
180 * CAUTION: Updating a non-existent column will crash
181 * your shit
182 */
183 function update_core_info($array)
184 {
185 $arr = ['info' => $array, 'user' => $this];
186 Hook::run(HOOKTYPE_EDIT_USER, $arr);
187 }
188 }
189
190
191 /**
192 * This class looks up and returns any user meta.
193 * This is used by PanelUser, so you won't need to
194 * call it separately from PanelUser.
195 */
196 class PanelUser_Meta
197 {
198 public $list = [];
199 function __construct($id)
200 {
201 $array = [];
202 $arr["id"] = $id;
203 $arr['meta'] = &$array;
204 Hook::run(HOOKTYPE_USERMETA_GET, $arr);
205 $this->list = $arr['meta'];
206
207 }
208 }
209
210 /**
211 * Array of user
212 *
213 * Required:
214 * user_name
215 * user_pass
216 *
217 * Optional:
218 * user_fname
219 * user_lname
220 *
221 * @param array $user
222 * @throws Exception
223 * @return bool
224 */
225 function create_new_user(array &$user) : bool
226 {
227 if (!isset($user['user_name']) || !isset($user['user_pass']))
228 throw new Exception("Attempted to add user without specifying user_name or user_pass");
229
230 $user['user_name'] = htmlspecialchars($user['user_name']);
231 $user['user_pass'] = PanelUser::password_hash($user['user_pass']);
232 $user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
233 $last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
234 $user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
235 $user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;
236
237 if (($u = new PanelUser($user['user_name']))->id)
238 {
239 $user['err'] = "User already exists";
240 return false;
241 }
242 // internal use
243 $user['success'] = false;
244 $user['errmsg'] = [];
245
246 Hook::run(HOOKTYPE_USER_CREATE, $user);
247 if (!$user['success'])
248 return false;
249
250 return true;
251 }
252
253 /**
254 * Gets the user object for the current session
255 * @return PanelUser|bool
256 */
257 function unreal_get_current_user() : PanelUser|bool
258 {
259 if (isset($_SESSION) && isset($_SESSION['id']))
260 {
261 $user = new PanelUser(NULL, $_SESSION['id']);
262 if ($user->id)
263 return $user;
264 }
265 return false;
266 }
267
268 /**
269 * Checks if a user can do something
270 * @param string $permission
271 * @return bool
272 */
273 function current_user_can($permission) : bool
274 {
275 $user = unreal_get_current_user();
276 if (!$user)
277 return false;
278 return user_can($user, $permission);
279 }
280
281 /**
282 * Checks if a user can do something
283 * @param string $permission
284 * @return bool
285 */
286 function user_can(PanelUser $user, $permission) : bool
287 {
288 global $config;
289 if (!$user)
290 return false;
291
292 if (isset($user->user_meta['role']))
293 {
294 if ($user->user_meta['role'] == "Super-Admin")
295 return true;
296
297 else if ($user->user_meta['role'] == "Read-Only")
298 return false;
299
300 else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
301 return true;
302
303 return false;
304 }
305
306 /* compatibility fallback */
307 if (isset($user->user_meta['permissions']))
308 {
309 $perms = unserialize($user->user_meta['permissions']);
310 if (in_array($permission, $perms))
311 return true;
312 }
313 return false;
314 }
315
316 /**
317 * Delete a user and related meta
318 * @param int $id The ID of the user in the SQL database.
319 * @param array $info This will fill with a response.
320 * @return int
321 *
322 * Return values:
323 * 1 The user was successfully deleted.
324 * 0 The user was not found
325 * -1 The admin does not have permission to delete users [TODO]
326 */
327 function delete_user(int $id, &$info = []) : int
328 {
329 $user = new PanelUser(NULL, $id);
330 if (!$user->id) {
331 $info[] = "Could not find user";
332 return 0;
333 }
334 $arr = ["user" => $user, "info" => &$info, "boolint" => 0];
335 Hook::run(HOOKTYPE_USER_DELETE, $arr);
336 return $arr["boolint"];
337 }
338
339 function get_panel_user_permission_list()
340 {
341 $list = [
342 "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
343 "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
344 "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
345 "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
346 "Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
347 "Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
348 "Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
349 "Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
350 "Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
351 "Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
352 "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
353 "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
354 "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
355 ];
356 Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
357 return $list;
358 }
359
360 function generate_panel_user_permission_table($user)
361 {
362
363 $list = get_panel_user_permission_list();
364 foreach($list as $desc => $slug)
365 {
366 $attributes = "";
367 $attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
368 ?>
369 <div class="input-group">
370 <div class="input-group-prepend">
371 <div class="input-group-text">
372 <input <?php
373 $attributes .= (user_can($user, $slug)) ? "checked" : "";
374 echo $attributes;
375 ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
376 </div>
377 </div>
378 <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
379 </div>
380
381 <?php
382 }
383 }
384
385 function get_panel_user_roles_list()
386 {
387 GLOBAL $config;
388
389 /* Defaults */
390 $list = [
391 "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
392 "Read-Only" => [], // Read Only can do nothing
393 ];
394
395 if (isset($config["user_roles"]))
396 foreach($config['user_roles'] as $r => $role)
397 $list[$r] = $role;
398
399 return $list;
400 }
401
402 function generate_role_list($list)
403 {
404 $list2 = get_panel_user_permission_list();
405 ?>
406 <h5>Roles List:</h5>
407 <div id="permlist">
408 <div class="container-xxl" style="max-width: 1430px;">
409 <div class="accordion" id="roles_accord">
410
411 <?php foreach($list as $role => $slug) {?>
412 <div class="card">
413 <div class="card-header" id="<?php echo to_slug($role); ?>_heading">
414 <div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
415 <?php echo $role ?>
416
417 </div>
418 </div>
419
420 <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
421 <div id="results_rpc" class="card-body">
422 <form method="post">
423 <?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
424 <div class="container row mb-2">
425 <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
426 <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
427 </div>
428
429 <?php } ?>
430 <div id="<?php echo $role; ?>_input_area"><?php
431 foreach($list2 as $desc => $slug)
432 {
433 $attributes = "";
434 $attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";
435
436 ?>
437 <div class="input-group">
438 <div class="input-group-prepend">
439 <div class="input-group-text">
440 <input <?php
441 $attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
442 echo $attributes;
443 ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
444 </div>
445 </div>
446 <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
447 </div>
448
449 <?php
450 }
451 ?> </div>
452 </form>
453 </div>
454 </div>
455 </div>
456 <?php }?>
457
458 </div></div><br>
459
460 </div><?php
461
462 }
Unnamed repository; edit this file 'description' to name the repository.