]>
jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/sql_auth.php
3 require_once "SQL/sql.php";
4 require_once "SQL/user.php";
5 require_once "SQL/settings.php";
9 public $name = "SQLAuth";
10 public $author = "Valware";
11 public $version = "1.0";
12 public $description = "Provides a User Auth and Management Panel with an SQL backend";
14 function __construct()
16 self
::create_tables();
17 Hook
::func(HOOKTYPE_NAVBAR
, 'sql_auth::add_navbar');
18 Hook
::func(HOOKTYPE_PRE_HEADER
, 'sql_auth::session_start');
19 Hook
::func(HOOKTYPE_OVERVIEW_CARD
, 'sql_auth::add_overview_card');
20 Hook
::func(HOOKTYPE_FOOTER
, 'sql_auth::add_footer_info');
22 if (defined('SQL_DEFAULT_USER')) // we've got a default account
24 $lkup = new SQLA_User(SQL_DEFAULT_USER
['username']);
26 if (!$lkup->id
) // doesn't exist, add it with full privileges
28 create_new_user(["user_name" => SQL_DEFAULT_USER
['username'], "user_pass" => SQL_DEFAULT_USER
['password']]);
33 public static function add_navbar(&$pages)
35 if (!unreal_get_current_user()->id
)
40 $pages["Panel Access"] = "plugins/sql_auth/";
41 if (isset($_SESSION['id']))
43 $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
47 public static function add_footer_info($empty)
49 if (!($user = unreal_get_current_user()))
53 echo "<code>Admin Panel v" . WEBPANEL_VERSION
. "</code>";
57 public static function session_start($n)
60 if (!isset($_SESSION['id']) || empty($_SESSION))
62 $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
63 if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
64 header("Location: " . BASE_URL
. "plugins/sql_auth/error.php");
68 header("Location: ".BASE_URL
."plugins/sql_auth/login.php");
73 if (!unreal_get_current_user()->id
) // user no longer exists
76 header("Location: ".BASE_URL
."plugins/sql_auth/login.php");
79 // you'll be automatically logged out after one hour of inactivity
80 session_set_cookie_params(3600);
86 * Create the tables we'll be using in the SQLdb
89 public static function create_tables()
92 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "users (
93 user_id int AUTO_INCREMENT NOT NULL,
94 user_name VARCHAR(255) NOT NULL,
95 user_pass VARCHAR(255) NOT NULL,
97 user_fname VARCHAR(255),
98 user_lname VARCHAR(255),
99 user_bio VARCHAR(255),
100 created VARCHAR(255),
101 PRIMARY KEY (user_id)
103 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "user_meta (
104 meta_id int AUTO_INCREMENT NOT NULL,
105 user_id int NOT NULL,
106 meta_key VARCHAR(255) NOT NULL,
107 meta_value VARCHAR(255),
108 PRIMARY KEY (meta_id)
110 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "auth_settings (
111 id int AUTO_INCREMENT NOT NULL,
112 setting_key VARCHAR(255) NOT NULL,
113 setting_value VARCHAR(255),
116 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "fail2ban (
117 id int AUTO_INCREMENT NOT NULL,
118 ip VARCHAR(255) NOT NULL,
126 * Summary of add_overview_card
127 * @param mixed $stats
130 public static function add_overview_card(object &$stats) : void
132 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX
. "users")->fetchColumn();
135 <div
class="container mt-5">
138 <div
class="col-sm-3">
139 <div
class="card text-center">
140 <div
class="card-header bg-success text-white">
143 <i
class="fa fa-lock-open fa-3x"></i
>
146 <h3
class="display-4"><?php
echo $num_of_panel_admins; ?></h3
>
150 <div
class="card-body">
155 <div
class="col"> <a
class="btn btn-primary" href
="<?php echo BASE_URL; ?>plugins/sql_auth/">View
</a
></div
>
168 function security_check()
170 $ip = $_SERVER['REMOTE_ADDR'];
171 if (dnsbl_check($ip))
174 else if (fail2ban_check($ip))
180 function dnsbl_check($ip)
182 $dnsbl_lookup = DNSBL
;
184 // clear variable just in case
187 // if the IP was not given because you're an idiot, stop processing
188 if (!$ip) { return; }
190 // get the first two segments of the IPv4
191 $because = split($ip, "."); // why you
192 $you = $because[1]; // gotta play
193 $want = $because[2]; // that song
194 $to = $you.".".$want."."; // so loud?
196 // exempt local connections because sometimes they get a false positive
197 if ($to == "192.168." || $to == "127.0.") { return NULL; }
199 // you spin my IP right round, right round, to check the records baby, right round-round-round
200 $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
203 foreach ($dnsbl_lookup as $host) {
206 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
213 // if it was safe, return NOTHING
218 // else, you guessed it, return where it was listed
224 function fail2ban_check($ip)