]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/sql_auth.php
projects / irc / unrealircd / unrealircd-webpanel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rather large update, please see commit notes
[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / sql_auth.php
1 <?php
2
3 require_once "SQL/sql.php";
4 require_once "SQL/user.php";
5 require_once "SQL/settings.php";
6
7 class sql_auth
8 {
9 public $name = "SQLAuth";
10 public $author = "Valware";
11 public $version = "1.0";
12 public $description = "Provides a User Auth and Management Panel with an SQL backend";
13
14 function __construct()
15 {
16 self::create_tables();
17 Hook::func(HOOKTYPE_NAVBAR, 'sql_auth::add_navbar');
18 Hook::func(HOOKTYPE_PRE_HEADER, 'sql_auth::session_start');
19 Hook::func(HOOKTYPE_OVERVIEW_CARD, 'sql_auth::add_overview_card');
20 Hook::func(HOOKTYPE_FOOTER, 'sql_auth::add_footer_info');
21
22 if (defined('SQL_DEFAULT_USER')) // we've got a default account
23 {
24 $lkup = new SQLA_User(SQL_DEFAULT_USER['username']);
25
26 if (!$lkup->id) // doesn't exist, add it with full privileges
27 {
28 create_new_user(["user_name" => SQL_DEFAULT_USER['username'], "user_pass" => SQL_DEFAULT_USER['password']]);
29 }
30 }
31 }
32
33 public static function add_navbar(&$pages)
34 {
35 if (!unreal_get_current_user()->id)
36 {
37 $pages = NULL;
38 return;
39 }
40 $pages["Panel Access"] = "plugins/sql_auth/";
41 if (isset($_SESSION['id']))
42 {
43 $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
44 }
45 }
46
47 public static function add_footer_info($empty)
48 {
49 if (!($user = unreal_get_current_user()))
50 return;
51
52 else {
53 echo "<code>Admin Panel v" . WEBPANEL_VERSION . "</code>";
54 }
55 }
56
57 public static function session_start($n)
58 {
59 do_log($_SESSION);
60 if (!isset($_SESSION['id']) || empty($_SESSION))
61 {
62 $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
63 if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
64 header("Location: " . BASE_URL . "plugins/sql_auth/error.php");
65 die();
66 }
67 session_destroy();
68 header("Location: ".BASE_URL."plugins/sql_auth/login.php");
69 die();
70 }
71 else
72 {
73 if (!unreal_get_current_user()->id) // user no longer exists
74 {
75 session_destroy();
76 header("Location: ".BASE_URL."plugins/sql_auth/login.php");
77 die();
78 }
79 // you'll be automatically logged out after one hour of inactivity
80 session_set_cookie_params(3600);
81 session_start();
82 }
83 }
84
85 /**
86 * Create the tables we'll be using in the SQLdb
87 * @return void
88 */
89 public static function create_tables()
90 {
91 $conn = sqlnew();
92 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "users (
93 user_id int AUTO_INCREMENT NOT NULL,
94 user_name VARCHAR(255) NOT NULL,
95 user_pass VARCHAR(255) NOT NULL,
96
97 user_fname VARCHAR(255),
98 user_lname VARCHAR(255),
99 user_bio VARCHAR(255),
100 created VARCHAR(255),
101 PRIMARY KEY (user_id)
102 )");
103 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta (
104 meta_id int AUTO_INCREMENT NOT NULL,
105 user_id int NOT NULL,
106 meta_key VARCHAR(255) NOT NULL,
107 meta_value VARCHAR(255),
108 PRIMARY KEY (meta_id)
109 )");
110 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings (
111 id int AUTO_INCREMENT NOT NULL,
112 setting_key VARCHAR(255) NOT NULL,
113 setting_value VARCHAR(255),
114 PRIMARY KEY (id)
115 )");
116 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "fail2ban (
117 id int AUTO_INCREMENT NOT NULL,
118 ip VARCHAR(255) NOT NULL,
119 count VARCHAR(255),
120 PRIMARY KEY (id)
121 )");
122 new AuthSettings();
123 }
124
125 /**
126 * Summary of add_overview_card
127 * @param mixed $stats
128 * @return void
129 */
130 public static function add_overview_card(object &$stats) : void
131 {
132 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn();
133 ?>
134
135 <div class="container mt-5">
136
137 <div class="row">
138 <div class="col-sm-3">
139 <div class="card text-center">
140 <div class="card-header bg-success text-white">
141 <div class="row">
142 <div class="col">
143 <i class="fa fa-lock-open fa-3x"></i>
144 </div>
145 <div class="col">
146 <h3 class="display-4"><?php echo $num_of_panel_admins; ?></h3>
147 </div>
148 </div>
149 </div>
150 <div class="card-body">
151 <div class="row">
152 <div class="col">
153 <h6>Panel Users</h6>
154 </div>
155 <div class="col"> <a class="btn btn-primary" href="<?php echo BASE_URL; ?>plugins/sql_auth/">View</a></div>
156 </div>
157 </div>
158 </div>
159 </div>
160 </div>
161 </div>
162 <?php
163 }
164
165 }
166
167
168 function security_check()
169 {
170 $ip = $_SERVER['REMOTE_ADDR'];
171 if (dnsbl_check($ip))
172 return true;
173
174 else if (fail2ban_check($ip))
175 {
176
177 }
178 }
179
180 function dnsbl_check($ip)
181 {
182 $dnsbl_lookup = DNSBL;
183
184 // clear variable just in case
185 $listed = NULL;
186
187 // if the IP was not given because you're an idiot, stop processing
188 if (!$ip) { return; }
189
190 // get the first two segments of the IPv4
191 $because = split($ip, "."); // why you
192 $you = $because[1]; // gotta play
193 $want = $because[2]; // that song
194 $to = $you.".".$want."."; // so loud?
195
196 // exempt local connections because sometimes they get a false positive
197 if ($to == "192.168." || $to == "127.0.") { return NULL; }
198
199 // you spin my IP right round, right round, to check the records baby, right round-round-round
200 $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
201
202 // checkem
203 foreach ($dnsbl_lookup as $host) {
204
205 //if it was listed
206 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
207
208 //take note
209 $listed = $host;
210 }
211 }
212
213 // if it was safe, return NOTHING
214 if (!$listed) {
215 return NULL;
216 }
217
218 // else, you guessed it, return where it was listed
219 else {
220 return $listed;
221 }
222 }
223
224 function fail2ban_check($ip)
225 {
226
227 }
Unnamed repository; edit this file 'description' to name the repository.