5 public $name = "FileDB";
6 public $author = "Syzop";
7 public $version = "1.0";
8 public $description = "File-based database backend";
9 public $email = "syzop@vulnscan.org";
11 function __construct()
13 Hook
::func(HOOKTYPE_USER_LOOKUP
, 'file_db::get_user');
14 Hook
::func(HOOKTYPE_USERMETA_ADD
, 'file_db::add_usermeta');
15 Hook
::func(HOOKTYPE_USERMETA_DEL
, 'file_db::del_usermeta');
16 Hook
::func(HOOKTYPE_USERMETA_GET
, 'file_db::get_usermeta');
17 Hook
::func(HOOKTYPE_USER_CREATE
, 'file_db::user_create');
18 Hook
::func(HOOKTYPE_GET_USER_LIST
, 'file_db::get_user_list');
19 Hook
::func(HOOKTYPE_USER_DELETE
, 'file_db::user_delete');
20 Hook
::func(HOOKTYPE_EDIT_USER
, 'file_db::edit_core');
21 Hook
::func(HOOKTYPE_PRE_OVERVIEW_CARD
, 'file_db::add_pre_overview_card');
22 AuthModLoaded
::$status = 1;
26 if (defined('DEFAULT_USER')) // we've got a default account
28 $lkup = new PanelUser(DEFAULT_USER
['username']);
30 if (!$lkup->id
) // doesn't exist, add it with full privileges
33 $user['user_name'] = DEFAULT_USER
['username'];
34 $user['user_pass'] = DEFAULT_USER
['password'];
36 create_new_user($user);
38 $lkup = new PanelUser(DEFAULT_USER
['username']);
39 if (!user_can($lkup, PERMISSION_MANAGE_USERS
))
40 $lkup->add_permission(PERMISSION_MANAGE_USERS
);
44 public static function add_pre_overview_card($empty)
46 if (defined('DEFAULT_USER'))
47 Message
::Fail("Warning: DEFAULT_USER is set in config.php. You should remove that item now, as it is only used during installation.");
50 public static function get_user_helper($item)
53 $obj->id
= $item["id"];
54 $obj->username
= $item["username"];
55 $obj->passhash
= $item["password"];
56 $obj->first_name
= $item["first_name"];
57 $obj->last_name
= $item["last_name"];
58 $obj->created
= $item["created"];
59 $obj->bio
= $item["bio"];
60 $obj->email
= $item["email"];
61 $obj->user_meta
= (new PanelUser_Meta($obj->id
))->list;
65 public static function uid_to_username($id)
68 foreach($db["users"] as $user=>$details)
69 if ($details["id"] === $id)
70 return $details["username"];
74 /* We convert $u with a full user as an object ;D*/
75 public static function get_user(&$u)
85 foreach($db["users"] as $user=>$details)
86 if ($details["id"] === $id)
87 $obj = file_db
::get_user_helper($details);
89 if (isset($db["users"][$name]))
91 $obj = file_db
::get_user_helper($db["users"][$name]);
97 public static function get_usermeta(&$u)
103 $username = file_db
::uid_to_username($uid);
105 die("User not found: $uid\n"); // return false; /* User does not exist */
107 $u['meta'] = $db["users"][$username]['meta'];
110 public static function add_usermeta(&$meta)
114 $meta = $meta['meta'];
117 $value = $meta['value'];
120 $username = file_db
::uid_to_username($uid);
122 return false; /* User does not exist */
125 $db["users"][$username]["meta"][$key] = $value;
130 public static function del_usermeta(&$u)
136 $username = file_db
::uid_to_username($uid);
138 return false; /* User does not exist */
141 unset($db["users"][$username]["meta"][$key]);
147 public static function minimal_db()
150 /* Add at least the general arrays: */
151 if (!isset($db["users"]))
153 if (!isset($db["settings"]))
154 $db["settings"] = [];
155 /* Initialize more if we ever add more... */
157 public static function read_db()
160 $db_filename = UPATH
.'/data/database.php';
161 @include($db_filename);
162 file_db
::minimal_db();
165 /* Delete the database -- only called during setup AFTER confirmation! */
166 public static function delete_db()
170 file_db
::minimal_db();
171 file_db
::write_db(true);
174 public static function write_db($force = false)
177 /* Refuse to write empty db (or nearly empty) */
178 if (empty($db) || (empty($db["users"]) && empty($db["settings"])) && !$force)
181 $db_filename = UPATH
.'/data/database.php';
182 $tmpfile = UPATH
.'/data/database.tmp.'.bin2hex(random_bytes(8)).'.php'; // hmm todo optional location? :D
183 $fd = fopen($tmpfile, "w");
185 die("Could not write to temporary database file $tmpfile.<br>We need write permissions on the data/ directory!<br>");
187 $str = var_export($db, true);
189 die("Error while running write_db() -- weird!");
190 if (!fwrite($fd, "<?php\n".
191 "/* This database file is written automatically by the UnrealIRCd webpanel.\n".
192 " * You are not really supposed to edit it manually.\n".
194 '$db = '.$str.";\n"))
196 die("Error writing to database file $tmpfile (on fwrite).<br>");
199 die("Error writing to database file $tmpfile (on close).<br>");
200 /* Now atomically rename the file */
201 if (!rename($tmpfile, $db_filename))
202 die("Could not write (rename) to file ".$db_filename."<br>");
203 if (function_exists('opcache_invalidate'))
204 opcache_invalidate($db_filename);
207 public static function user_create(&$u)
211 $username = $u['user_name'];
212 $first_name = $u['fname'] ?? NULL;
213 $last_name = $u['lname'] ?? NULL;
214 $password = $u['user_pass'] ?? NULL;
215 $user_bio = $u['user_bio'] ?? NULL;
216 $user_email = $u['user_email'] ?? NULL;
217 $created = date("Y-m-d H:i:s");
218 $id = random_int(1000000,99999999);
222 if (isset($db["users"][$username]))
224 $u['errmsg'][] = "Could not add user: user already exists";
228 $db["users"][$username] = [
230 "username" => $username,
231 "first_name" => $first_name,
232 "last_name" => $last_name,
233 "password" => $password,
235 "email" => $user_email,
236 "created" => $created,
241 $u['success'] = true;
244 public static function get_user_list(&$list)
249 foreach($db["users"] as $user=>$details)
251 $userlist[] = new PanelUser(NULL, $details['id']);
253 if (!empty($userlist))
258 public static function user_delete(&$u)
264 $username = $user->username
;
266 if (isset($db["users"][$username]))
268 unset($db["users"][$username]);
271 file_db
::write_db(true);
275 $u['info'][] = "Successfully deleted user \"$user->username\"";
278 $u['info'][] = "Unknown error";
283 public static function edit_core($arr)
287 $user = $arr['user'];
288 $username = $user->username
;
289 $info = $arr['info'];
293 foreach($info as $key => $val)
296 if (!$val || !strlen($val) || BadPtr($val))
298 if (!strcmp($key,"update_fname") && $val != $user->first_name
)
300 $keyname = "first_name";
301 $property_name = "first name";
303 elseif (!strcmp($key,"update_lname") && $val != $user->last_name
)
305 $keyname = "last_name";
306 $property_name = "last name";
308 elseif (!strcmp($key,"update_bio") && $val != $user->bio
)
311 $property_name = "bio";
313 elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf"))
315 $keyname = "password";
316 $property_name = "password";
318 elseif(!strcmp($key,"update_email") && $val != $user->email
)
321 $property_name = "email address";
327 if (isset($db["users"][$username]))
329 $db["users"][$username][$keyname] = $val;
330 Message
::Success("Successfully updated the $property_name for $user->username");
332 Message
::Fail("Could not update $property_name for $user->username: ".$stmt->errorInfo()[0]." (CODE: ".$stmt->errorCode().")");
336 file_db
::write_db(true);
341 public static function get()
345 if (!isset($db) || empty($db))
348 return $db["settings"];
350 public static function set($key, $val) : bool
355 $db["settings"][$key] = $val;