]>
jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/sql_auth.php
3 require_once "SQL/sql.php";
4 require_once "SQL/user.php";
5 require_once "SQL/settings.php";
10 public $name = "SQLAuth";
11 public $author = "Valware";
12 public $version = "1.0";
13 public $description = "Provides a User Auth and Management Panel with an SQL backend";
15 function __construct()
17 self
::create_tables();
18 Hook
::func(HOOKTYPE_NAVBAR
, 'sql_auth::add_navbar');
19 Hook
::func(HOOKTYPE_PRE_HEADER
, 'sql_auth::session_start');
20 Hook
::func(HOOKTYPE_OVERVIEW_CARD
, 'sql_auth::add_overview_card');
22 if (defined('SQL_DEFAULT_USER')) // we've got a default account
24 $lkup = new SQLA_User(SQL_DEFAULT_USER
['username']);
26 if (!$lkup->id
) // doesn't exist, add it with full privileges
28 create_new_user(["user_name" => SQL_DEFAULT_USER
['username'], "user_pass" => SQL_DEFAULT_USER
['password']]);
33 public static function add_navbar(&$pages)
36 if (!unreal_get_current_user()->id
)
41 $pages["Panel Access"] = "plugins/sql_auth/";
42 if (isset($_SESSION['id']))
44 $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
48 public static function session_start($n)
51 if (!isset($_SESSION['id']))
53 $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
54 if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
55 header("Location: " . BASE_URL
. "plugins/sql_auth/error.php");
61 if (!unreal_get_current_user()->id
) // user no longer exists
64 header("Location: ".BASE_URL
."plugins/sql_auth/login.php");
71 * Create the tables we'll be using in the SQLdb
74 public static function create_tables()
77 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "users (
78 user_id int AUTO_INCREMENT NOT NULL,
79 user_name VARCHAR(255) NOT NULL,
80 user_pass VARCHAR(255) NOT NULL,
82 user_fname VARCHAR(255),
83 user_lname VARCHAR(255),
84 user_bio VARCHAR(255),
88 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "user_meta (
89 meta_id int AUTO_INCREMENT NOT NULL,
91 meta_key VARCHAR(255) NOT NULL,
92 meta_value VARCHAR(255),
95 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "auth_settings (
96 id int AUTO_INCREMENT NOT NULL,
97 setting_key VARCHAR(255) NOT NULL,
98 setting_value VARCHAR(255),
104 * Summary of add_overview_card
105 * @param mixed $stats
108 public static function add_overview_card(object &$stats) : void
110 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX
. "users")->fetchColumn();
113 <div
class="container mt-5">
116 <div
class="col-sm-3">
117 <div
class="card text-center">
118 <div
class="card-header bg-success text-white">
121 <i
class="fa fa-lock-open fa-3x"></i
>
124 <h3
class="display-4"><?php
echo $num_of_panel_admins; ?></h3
>
128 <div
class="card-body">
133 <div
class="col"> <a
class="btn btn-primary" href
="<?php echo BASE_URL; ?>plugins/sql_auth/">View
</a
></div
>
146 function security_check()
148 $ip = $_SERVER['REMOTE_ADDR'];
149 if (dnsbl_check($ip))
152 else if (fail2ban_check($ip))
158 function dnsbl_check($ip)
160 $dnsbl_lookup = DNSBL
;
162 // clear variable just in case
165 // if the IP was not given because you're an idiot, stop processing
166 if (!$ip) { return; }
168 // get the first two segments of the IPv4
169 $because = split($ip, "."); // why you
170 $you = $because[1]; // gotta play
171 $want = $because[2]; // that song
172 $to = $you.".".$want."."; // so loud?
174 // exempt local connections because sometimes they get a false positive
175 if ($to == "192.168." || $to == "127.0.") { return NULL; }
177 // you spin my IP right round, right round, to check the records baby, right round-round-round
178 $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
181 foreach ($dnsbl_lookup as $host) {
184 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
191 // if it was safe, return NOTHING
196 // else, you guessed it, return where it was listed
202 function fail2ban_check($ip)