5 public $name = "FileDB";
6 public $author = "Syzop";
7 public $version = "1.0";
8 public $description = "File-based database backend";
9 public $email = "syzop@vulnscan.org";
11 function __construct()
13 Hook
::func(HOOKTYPE_USER_LOOKUP
, 'file_db::get_user');
14 Hook
::func(HOOKTYPE_USERMETA_ADD
, 'file_db::add_usermeta');
15 Hook
::func(HOOKTYPE_USERMETA_DEL
, 'file_db::del_usermeta');
16 Hook
::func(HOOKTYPE_USERMETA_GET
, 'file_db::get_usermeta');
17 Hook
::func(HOOKTYPE_USER_CREATE
, 'file_db::user_create');
18 Hook
::func(HOOKTYPE_GET_USER_LIST
, 'file_db::get_user_list');
19 Hook
::func(HOOKTYPE_USER_DELETE
, 'file_db::user_delete');
20 Hook
::func(HOOKTYPE_EDIT_USER
, 'file_db::edit_core');
21 Hook
::func(HOOKTYPE_PRE_OVERVIEW_CARD
, 'file_db::add_pre_overview_card');
22 AuthModLoaded
::$status = 1;
26 if (defined('DEFAULT_USER')) // we've got a default account
28 $lkup = new PanelUser(DEFAULT_USER
['username']);
30 if (!$lkup->id
) // doesn't exist, add it with full privileges
33 $user['user_name'] = DEFAULT_USER
['username'];
34 $user['user_pass'] = DEFAULT_USER
['password'];
36 create_new_user($user);
38 $lkup = new PanelUser(DEFAULT_USER
['username']);
39 if (!user_can($lkup, PERMISSION_MANAGE_USERS
))
40 $lkup->add_permission(PERMISSION_MANAGE_USERS
);
44 public static function add_pre_overview_card($empty)
46 if (defined('DEFAULT_USER'))
47 Message
::Fail("Warning: DEFAULT_USER is set in config.php. You should remove that item now, as it is only used during installation.");
50 public static function get_user_helper($item)
53 $obj->id
= $item["id"];
54 $obj->username
= $item["username"];
55 $obj->passhash
= $item["password"];
56 $obj->first_name
= $item["first_name"];
57 $obj->last_name
= $item["last_name"];
58 $obj->created
= $item["created"];
59 $obj->bio
= $item["bio"];
60 $obj->email
= $item["email"];
61 $obj->user_meta
= (new PanelUser_Meta($obj->id
))->list;
65 public static function uid_to_username($id)
68 foreach($db["users"] as $user=>$details)
69 if ($details["id"] === $id)
70 return $details["username"];
74 /* We convert $u with a full user as an object ;D*/
75 public static function get_user(&$u)
85 foreach($db["users"] as $user=>$details)
86 if ($details["id"] === $id)
87 $obj = file_db
::get_user_helper($details);
89 if (isset($db["users"][$name]))
91 $obj = file_db
::get_user_helper($db["users"][$name]);
97 public static function get_usermeta(&$u)
103 $username = file_db
::uid_to_username($uid);
105 die("User not found: $uid\n"); // return false; /* User does not exist */
107 $u['meta'] = $db["users"][$username]['meta'];
110 public static function add_usermeta(&$meta)
114 $meta = $meta['meta'];
117 $value = $meta['value'];
120 $username = file_db
::uid_to_username($uid);
122 return false; /* User does not exist */
125 $db["users"][$username]["meta"][$key] = $value;
130 public static function del_usermeta(&$meta)
134 $meta = $meta['meta'];
139 $username = file_db
::uid_to_username($uid);
141 return false; /* User does not exist */
144 unset($db["users"][$username]["meta"][$key]);
150 public static function minimal_db()
153 /* Add at least the general arrays: */
154 if (!isset($db["users"]))
156 if (!isset($db["settings"]))
157 $db["settings"] = [];
158 /* Initialize more if we ever add more... */
160 public static function read_db()
163 $db_filename = UPATH
.'/data/database.php';
164 @include($db_filename);
165 file_db
::minimal_db();
168 /* Delete the database -- only called during setup AFTER confirmation! */
169 public static function delete_db()
173 file_db
::minimal_db();
174 file_db
::write_db(true);
177 public static function write_db($force = false)
180 /* Refuse to write empty db (or nearly empty) */
181 if (empty($db) || (empty($db["users"]) && empty($db["settings"])) && !$force)
184 $db_filename = UPATH
.'/data/database.php';
185 $tmpfile = UPATH
.'/data/database.tmp.'.bin2hex(random_bytes(8)).'.php'; // hmm todo optional location? :D
186 $fd = fopen($tmpfile, "w");
188 die("Could not write to temporary database file $tmpfile.<br>We need write permissions on the data/ directory!<br>");
190 $str = var_export($db, true);
192 die("Error while running write_db() -- weird!");
193 if (!fwrite($fd, "<?php\n".
194 "/* This database file is written automatically by the UnrealIRCd webpanel.\n".
195 " * You are not really supposed to edit it manually.\n".
197 '$db = '.$str.";\n"))
199 die("Error writing to database file $tmpfile (on fwrite).<br>");
202 die("Error writing to database file $tmpfile (on close).<br>");
203 /* Now atomically rename the file */
204 if (!rename($tmpfile, $db_filename))
205 die("Could not write (rename) to file ".$db_filename."<br>");
206 if (function_exists('opcache_invalidate'))
207 opcache_invalidate($db_filename);
210 public static function user_create(&$u)
214 $username = $u['user_name'];
215 $first_name = $u['fname'] ?? NULL;
216 $last_name = $u['lname'] ?? NULL;
217 $password = $u['user_pass'] ?? NULL;
218 $user_bio = $u['user_bio'] ?? NULL;
219 $user_email = $u['user_email'] ?? NULL;
220 $created = date("Y-m-d H:i:s");
221 $id = random_int(1000000,99999999);
225 if (isset($db["users"][$username]))
227 $u['errmsg'][] = "Could not add user: user already exists";
231 $db["users"][$username] = [
233 "username" => $username,
234 "first_name" => $first_name,
235 "last_name" => $last_name,
236 "password" => $password,
238 "email" => $user_email,
239 "created" => $created,
244 $u['success'] = true;
247 public static function get_user_list(&$list)
252 foreach($db["users"] as $user=>$details)
254 $userlist[] = new PanelUser(NULL, $details['id']);
256 if (!empty($userlist))
261 public static function user_delete(&$u)
267 $username = $user->username
;
269 if (isset($db["users"][$username]))
271 unset($db["users"][$username]);
274 file_db
::write_db(true);
278 $u['info'][] = "Successfully deleted user \"$user->username\"";
281 $u['info'][] = "Unknown error";
286 public static function edit_core($arr)
290 $user = $arr['user'];
291 $username = $user->username
;
292 $info = $arr['info'];
296 foreach($info as $key => $val)
299 if (!$val || !strlen($val) || BadPtr($val))
301 if (!strcmp($key,"update_fname") && $val != $user->first_name
)
303 $keyname = "first_name";
304 $property_name = "first name";
306 elseif (!strcmp($key,"update_lname") && $val != $user->last_name
)
308 $keyname = "last_name";
309 $property_name = "last name";
311 elseif (!strcmp($key,"update_bio") && $val != $user->bio
)
314 $property_name = "bio";
316 elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf"))
318 $keyname = "password";
319 $property_name = "password";
321 elseif(!strcmp($key,"update_email") && $val != $user->email
)
324 $property_name = "email address";
330 if (isset($db["users"][$username]))
332 $db["users"][$username][$keyname] = $val;
333 Message
::Success("Successfully updated the $property_name for $user->username");
335 Message
::Fail("Could not update $property_name for $user->username: ".$stmt->errorInfo()[0]." (CODE: ".$stmt->errorCode().")");
339 file_db
::write_db(true);
344 public static function get()
348 if (!isset($db) || empty($db))
351 return $db["settings"];
353 public static function set($key, $val) : bool
358 $db["settings"][$key] = $val;