plugins/sql_auth/sql_auth.php

   1 <?php
   2
   3 require_once "SQL/sql.php";
   4 require_once "SQL/user.php";
   5 require_once "SQL/settings.php";
   6
   7 class sql_auth
   8 {
   9         public $name = "SQLAuth";
  10         public $author = "Valware";
  11         public $version = "1.0";
  12         public $description = "Provides a User Auth and Management Panel with an SQL backend";
  13
  14         function __construct()
  15         {
  16                 self::create_tables();
  17                 Hook::func(HOOKTYPE_NAVBAR, 'sql_auth::add_navbar');
  18                 Hook::func(HOOKTYPE_PRE_HEADER, 'sql_auth::session_start');
  19                 Hook::func(HOOKTYPE_OVERVIEW_CARD, 'sql_auth::add_overview_card');
  20                 Hook::func(HOOKTYPE_FOOTER, 'sql_auth::add_footer_info');
  21
  22                 if (defined('SQL_DEFAULT_USER')) // we've got a default account
  23                 {
  24                         $lkup = new SQLA_User(SQL_DEFAULT_USER['username']);
  25
  26                         if (!$lkup->id) // doesn't exist, add it with full privileges
  27                         {
  28                                 create_new_user(["user_name" => SQL_DEFAULT_USER['username'], "user_pass" => SQL_DEFAULT_USER['password']]);
  29                         }
  30                 }
  31         }
  32
  33         public static function add_navbar(&$pages)
  34         {
  35                 $user = unreal_get_current_user();
  36                 if (!$user)
  37                 {
  38                         $pages = NULL;
  39                         return;
  40                 }
  41                 $pages["Panel Access"] = "plugins/sql_auth/";
  42                 if (isset($_SESSION['id']))
  43                 {
  44                         $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
  45                 }
  46         }
  47
  48         public static function add_footer_info($empty)
  49         {
  50                 if (!($user = unreal_get_current_user()))
  51                         return;
  52
  53                 else {
  54                         echo "<code>Admin Panel v" . WEBPANEL_VERSION . "</code>";
  55                 }
  56         }
  57
  58         /* pre-Header hook */
  59         public static function session_start($n)
  60         {
  61                 if (!isset($_SESSION))
  62                 {
  63                         session_set_cookie_params(3600);
  64                         session_start();
  65                 }
  66                 do_log($_SESSION);
  67                 if (!isset($_SESSION['id']) || empty($_SESSION))
  68                 {
  69                         $secure = ($_SERVER['HTTPS'] == 'on') ? "https://" : "http://";
  70                         $current_url = "$secure$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
  71                         $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
  72                         if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
  73                                 header("Location: " . BASE_URL . "plugins/sql_auth/error.php");
  74                                 die();
  75                         }
  76                         header("Location: ".BASE_URL."plugins/sql_auth/login.php?redirect=".urlencode($current_url));
  77                         die();
  78                 }
  79                 else
  80                 {
  81                         if (!unreal_get_current_user()->id) // user no longer exists
  82                         {
  83                                 session_destroy();
  84                                 header("Location: ".BASE_URL."plugins/sql_auth/login.php");
  85                                 die();
  86                         }
  87                         // you'll be automatically logged out after one hour of inactivity
  88                 }
  89         }
  90
  91         /**
  92          * Create the tables we'll be using in the SQLdb
  93          * @return void
  94          */
  95         public static function create_tables()
  96         {
  97                 $conn = sqlnew();
  98                 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "users (
  99                         user_id int AUTO_INCREMENT NOT NULL,
 100                         user_name VARCHAR(255) NOT NULL,
 101                         user_pass VARCHAR(255) NOT NULL,
 102
 103                         user_fname VARCHAR(255),
 104                         user_lname VARCHAR(255),
 105                         user_bio VARCHAR(255),
 106                         created VARCHAR(255),
 107                         PRIMARY KEY (user_id)
 108                 )");
 109                 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta (
 110                         meta_id int AUTO_INCREMENT NOT NULL,
 111                         user_id int NOT NULL,
 112                         meta_key VARCHAR(255) NOT NULL,
 113                         meta_value VARCHAR(255),
 114                         PRIMARY KEY (meta_id)
 115                 )");
 116                 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings (
 117                         id int AUTO_INCREMENT NOT NULL,
 118                         setting_key VARCHAR(255) NOT NULL,
 119                         setting_value VARCHAR(255),
 120                         PRIMARY KEY (id)
 121                 )");
 122                 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "fail2ban (
 123                         id int AUTO_INCREMENT NOT NULL,
 124                         ip VARCHAR(255) NOT NULL,
 125                         count VARCHAR(255),
 126                         PRIMARY KEY (id)
 127                 )");
 128                 new AuthSettings();
 129         }
 130
 131         /**
 132          * Summary of add_overview_card
 133          * @param mixed $stats
 134          * @return void
 135          */
 136         public static function add_overview_card(object &$stats) : void
 137         {
 138                 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn();
 139                 ?>
 140
 141                 <div class="container mt-5">
 142
 143                         <div class="row">
 144                                 <div class="col-sm-3">
 145                                         <div class="card text-center">
 146                                                 <div class="card-header bg-success text-white">
 147                                                         <div class="row">
 148                                                                 <div class="col">
 149                                                                         <i class="fa fa-lock-open fa-3x"></i>
 150                                                                 </div>
 151                                                                 <div class="col">
 152                                                                         <h3 class="display-4"><?php echo $num_of_panel_admins; ?></h3>
 153                                                                 </div>
 154                                                         </div>
 155                                                 </div>
 156                                                 <div class="card-body">
 157                                                         <div class="row">
 158                                                                 <div class="col">
 159                                                                         <h6>Panel Users</h6>
 160                                                                 </div>
 161                                                                 <div class="col"> <a class="btn btn-primary" href="<?php echo BASE_URL; ?>plugins/sql_auth/">View</a></div>
 162                                                         </div>
 163                                                 </div>
 164                                         </div>
 165                                 </div>
 166                         </div>
 167                 </div>
 168                 <?php
 169         }
 170
 171 }
 172
 173
 174 function security_check()
 175 {
 176         $ip = $_SERVER['REMOTE_ADDR'];
 177         if (dnsbl_check($ip))
 178                 return true;
 179
 180         else if (fail2ban_check($ip))
 181         {
 182
 183         }
 184 }
 185
 186 function dnsbl_check($ip)
 187 {
 188         $dnsbl_lookup = DNSBL;
 189
 190         // clear variable just in case
 191         $listed = NULL;
 192
 193         // if the IP was not given because you're an idiot, stop processing
 194         if (!$ip) { return; }
 195
 196         // get the first two segments of the IPv4
 197         $because = split($ip, ".");   // why you
 198         $you = $because[1];               // gotta play
 199         $want = $because[2];             // that song
 200         $to = $you.".".$want.".";       // so loud?
 201
 202         // exempt local connections because sometimes they get a false positive
 203         if ($to == "192.168." || $to == "127.0.") { return NULL; }
 204
 205         // you spin my IP right round, right round, to check the records baby, right round-round-round
 206         $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
 207
 208         // checkem
 209         foreach ($dnsbl_lookup as $host) {
 210
 211                 //if it was listed
 212                 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
 213
 214                         //take note
 215                         $listed = $host;
 216                 }
 217         }
 218
 219         // if it was safe, return NOTHING
 220         if (!$listed) {
 221                 return NULL;
 222         }
 223
 224         // else, you guessed it, return where it was listed
 225         else {
 226                 return $listed;
 227         }
 228 }
 229
 230 function fail2ban_check($ip)
 231 {
 232
 233 }