5 public $name = "FileAuth";
6 public $author = "Syzop and Valware";
7 public $version = "1.0";
8 public $description = "Provides a User Auth using a simple file backend";
9 public $email = "syzop@vulnscan.org";
11 function __construct()
13 Hook
::func(HOOKTYPE_PRE_HEADER
, 'file_auth::session_start');
14 Hook
::func(HOOKTYPE_FOOTER
, 'file_auth::add_footer_info');
15 Hook
::func(HOOKTYPE_USER_LOOKUP
, 'file_auth::get_user');
16 Hook
::func(HOOKTYPE_USERMETA_ADD
, 'file_auth::add_usermeta');
17 Hook
::func(HOOKTYPE_USERMETA_DEL
, 'file_auth::del_usermeta');
18 Hook
::func(HOOKTYPE_USERMETA_GET
, 'file_auth::get_usermeta');
19 Hook
::func(HOOKTYPE_USER_CREATE
, 'file_auth::user_create');
20 Hook
::func(HOOKTYPE_GET_USER_LIST
, 'file_auth::get_user_list');
21 Hook
::func(HOOKTYPE_USER_DELETE
, 'file_auth::user_delete');
22 Hook
::func(HOOKTYPE_EDIT_USER
, 'file_auth::edit_core');
23 Hook
::func(HOOKTYPE_PRE_OVERVIEW_CARD
, 'file_auth::add_pre_overview_card');
24 AuthModLoaded
::$status = 1;
28 if (defined('DEFAULT_USER')) // we've got a default account
30 $lkup = new PanelUser(DEFAULT_USER
['username']);
32 if (!$lkup->id
) // doesn't exist, add it with full privileges
35 $user['user_name'] = DEFAULT_USER
['username'];
36 $user['user_pass'] = DEFAULT_USER
['password'];
38 create_new_user($user);
40 $lkup = new PanelUser(DEFAULT_USER
['username']);
41 if (!user_can($lkup, PERMISSION_MANAGE_USERS
))
42 $lkup->add_permission(PERMISSION_MANAGE_USERS
);
47 public static function add_footer_info($empty)
49 if (!($user = unreal_get_current_user()))
53 echo "<code>Admin Panel v" . WEBPANEL_VERSION
. "</code>";
57 public static function add_pre_overview_card($empty)
59 if (defined('DEFAULT_USER'))
60 Message
::Fail("Warning: DEFAULT_USER is set in config.php. You should remove that item now, as it is only used during installation.");
65 public static function session_start($n)
67 if (!isset($_SESSION))
69 session_set_cookie_params(3600);
72 if (!isset($_SESSION['id']) || empty($_SESSION))
74 header("Location: ".get_config("base_url")."login/?redirect=".urlencode($current_page));
79 if (!unreal_get_current_user()) // user no longer exists
82 header("Location: ".get_config("base_url")."login");
85 // you'll be automatically logged out after one hour of inactivity
86 $_SESSION['last-activity'] = time();
91 public static function get_user_helper($item)
94 $obj->id
= $item["id"];
95 $obj->username
= $item["username"];
96 $obj->passhash
= $item["password"];
97 $obj->first_name
= $item["first_name"];
98 $obj->last_name
= $item["last_name"];
99 $obj->created
= $item["created"];
100 $obj->bio
= $item["bio"];
101 $obj->email
= $item["email"];
102 $obj->user_meta
= (new PanelUser_Meta($obj->id
))->list;
106 public static function uid_to_username($id)
109 foreach($db["users"] as $user=>$details)
110 if ($details["id"] === $id)
111 return $details["username"];
115 /* We convert $u with a full user as an object ;D*/
116 public static function get_user(&$u)
126 foreach($db["users"] as $user=>$details)
127 if ($details["id"] === $id)
128 $obj = file_auth
::get_user_helper($details);
130 if (isset($db["users"][$name]))
132 $obj = file_auth
::get_user_helper($db["users"][$name]);
138 public static function get_usermeta(&$u)
144 $username = file_auth
::uid_to_username($uid);
146 die("User not found: $uid\n"); // return false; /* User does not exist */
148 $u['meta'] = $db["users"][$username]['meta'];
151 public static function add_usermeta(&$meta)
155 $meta = $meta['meta'];
158 $value = $meta['value'];
160 file_auth
::read_db();
161 $username = file_auth
::uid_to_username($uid);
163 return false; /* User does not exist */
166 $db["users"][$username]["meta"][$key] = $value;
167 file_auth
::write_db();
171 public static function del_usermeta(&$u)
176 file_auth
::read_db();
177 $username = file_auth
::uid_to_username($uid);
179 return false; /* User does not exist */
182 unset($db["users"][$username]["meta"][$key]);
184 file_auth
::write_db();
188 public static function read_db()
191 $db_filename = UPATH
.'/data/database.php';
192 @include($db_filename);
193 /* Add at least the general arrays: */
194 if (!isset($db["users"]))
196 /* Initialize more if we ever add more... */
199 public static function write_db($force = false)
202 /* Refuse to write empty db (or nearly empty) */
203 if (empty($db) || empty($db["users"]) && !$force)
206 $db_filename = UPATH
.'/data/database.php';
207 $tmpfile = UPATH
.'/data/database.tmp.'.bin2hex(random_bytes(8)).'.php'; // hmm todo optional location? :D
208 $fd = fopen($tmpfile, "w");
210 die("Could not write to temporary database file $tmpfile.<br>We need write permissions on the data/ directory!<br>");
212 $str = var_export($db, true);
214 die("Error while running write_db() -- weird!");
215 if (!fwrite($fd, "<?php\n".
216 "/* This database file is written automatically by the UnrealIRCd webpanel.\n".
217 " * You are not really supposed to edit it manually.\n".
219 '$db = '.var_export($db, true).";\n"))
221 die("Error writing to database file $tmpfile (on fwrite).<br>");
224 die("Error writing to database file $tmpfile (on close).<br>");
225 /* Now atomically rename the file */
226 if (!rename($tmpfile, $db_filename))
227 die("Could not write (rename) to file ".$db_filename."<br>");
228 opcache_invalidate($db_filename);
231 public static function user_create(&$u)
235 $username = $u['user_name'];
236 $first_name = $u['fname'] ?? NULL;
237 $last_name = $u['lname'] ?? NULL;
238 $password = $u['user_pass'] ?? NULL;
239 $user_bio = $u['user_bio'] ?? NULL;
240 $user_email = $u['user_email'] ?? NULL;
241 $created = date("Y-m-d H:i:s");
242 $id = random_int(1000000,99999999);
244 file_auth
::read_db();
246 if (isset($db["users"][$username]))
248 $u['errmsg'][] = "Could not add user: user already exists";
252 $db["users"][$username] = [
254 "username" => $username,
255 "first_name" => $first_name,
256 "last_name" => $last_name,
257 "password" => $password,
259 "email" => $user_email,
260 "created" => $created,
264 file_auth
::write_db();
265 $u['success'] = true;
268 public static function get_user_list(&$list)
273 foreach($db["users"] as $user=>$details)
275 $userlist[] = new PanelUser(NULL, $details['id']);
277 if (!empty($userlist))
282 public static function user_delete(&$u)
286 file_auth
::read_db();
288 $username = $user->username
;
290 if (isset($db["users"][$username]))
292 unset($db["users"][$username]);
295 file_auth
::write_db(true);
299 $u['info'][] = "Successfully deleted user \"$user->username\"";
302 $u['info'][] = "Unknown error";
307 public static function edit_core($arr)
311 $user = $arr['user'];
312 $username = $user->username
;
313 $info = $arr['info'];
315 file_auth
::read_db();
317 foreach($info as $key => $val)
320 if (!$val || !strlen($val) || BadPtr($val))
322 if (!strcmp($key,"update_fname") && $val != $user->first_name
)
324 $keyname = "first_name";
325 $property_name = "first name";
327 elseif (!strcmp($key,"update_lname") && $val != $user->last_name
)
329 $keyname = "last_name";
330 $property_name = "last name";
332 elseif (!strcmp($key,"update_bio") && $val != $user->bio
)
335 $property_name = "bio";
337 elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf"))
339 $keyname = "password";
340 $property_name = "password";
342 elseif(!strcmp($key,"update_email") && $val != $user->email
)
345 $property_name = "email address";
351 if (isset($db["users"][$username]))
353 $db["users"][$username][$keyname] = $val;
354 Message
::Success("Successfully updated the $property_name for $user->username");
356 Message
::Fail("Could not update $property_name for $user->username: ".$stmt->errorInfo()[0]." (CODE: ".$stmt->errorCode().")");
360 file_auth
::write_db(true);