]>
jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/sql_auth.php
3 require_once "SQL/sql.php";
4 require_once "SQL/user.php";
5 require_once "SQL/settings.php";
9 public $name = "SQLAuth";
10 public $author = "Valware";
11 public $version = "1.0";
12 public $description = "Provides a User Auth and Management Panel with an SQL backend";
14 function __construct()
16 self
::create_tables();
17 Hook
::func(HOOKTYPE_NAVBAR
, 'sql_auth::add_navbar');
18 Hook
::func(HOOKTYPE_PRE_HEADER
, 'sql_auth::session_start');
19 Hook
::func(HOOKTYPE_OVERVIEW_CARD
, 'sql_auth::add_overview_card');
20 Hook
::func(HOOKTYPE_FOOTER
, 'sql_auth::add_footer_info');
22 if (defined('SQL_DEFAULT_USER')) // we've got a default account
24 $lkup = new SQLA_User(SQL_DEFAULT_USER
['username']);
26 if (!$lkup->id
) // doesn't exist, add it with full privileges
28 create_new_user(["user_name" => SQL_DEFAULT_USER
['username'], "user_pass" => SQL_DEFAULT_USER
['password']]);
33 public static function add_navbar(&$pages)
35 $user = unreal_get_current_user();
41 $pages["Panel Access"] = "plugins/sql_auth/";
42 if (isset($_SESSION['id']))
44 $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
48 public static function add_footer_info($empty)
50 if (!($user = unreal_get_current_user()))
54 echo "<code>Admin Panel v" . WEBPANEL_VERSION
. "</code>";
59 public static function session_start($n)
61 if (!isset($_SESSION))
63 session_set_cookie_params(3600);
67 if (!isset($_SESSION['id']) || empty($_SESSION))
69 $secure = ($_SERVER['HTTPS'] == 'on') ? "https://" : "http://";
70 $current_url = "$secure$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
71 $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
72 if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
73 header("Location: " . BASE_URL
. "plugins/sql_auth/error.php");
76 header("Location: ".BASE_URL
."plugins/sql_auth/login.php?redirect=".urlencode($current_url));
81 if (!unreal_get_current_user()->id
) // user no longer exists
84 header("Location: ".BASE_URL
."plugins/sql_auth/login.php");
87 // you'll be automatically logged out after one hour of inactivity
92 * Create the tables we'll be using in the SQLdb
95 public static function create_tables()
98 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "users (
99 user_id int AUTO_INCREMENT NOT NULL,
100 user_name VARCHAR(255) NOT NULL,
101 user_pass VARCHAR(255) NOT NULL,
103 user_fname VARCHAR(255),
104 user_lname VARCHAR(255),
105 user_bio VARCHAR(255),
106 created VARCHAR(255),
107 PRIMARY KEY (user_id)
109 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "user_meta (
110 meta_id int AUTO_INCREMENT NOT NULL,
111 user_id int NOT NULL,
112 meta_key VARCHAR(255) NOT NULL,
113 meta_value VARCHAR(255),
114 PRIMARY KEY (meta_id)
116 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "auth_settings (
117 id int AUTO_INCREMENT NOT NULL,
118 setting_key VARCHAR(255) NOT NULL,
119 setting_value VARCHAR(255),
122 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX
. "fail2ban (
123 id int AUTO_INCREMENT NOT NULL,
124 ip VARCHAR(255) NOT NULL,
132 * Summary of add_overview_card
133 * @param mixed $stats
136 public static function add_overview_card(object &$stats) : void
138 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX
. "users")->fetchColumn();
141 <div
class="container mt-5">
144 <div
class="col-sm-3">
145 <div
class="card text-center">
146 <div
class="card-header bg-success text-white">
149 <i
class="fa fa-lock-open fa-3x"></i
>
152 <h3
class="display-4"><?php
echo $num_of_panel_admins; ?></h3
>
156 <div
class="card-body">
161 <div
class="col"> <a
class="btn btn-primary" href
="<?php echo BASE_URL; ?>plugins/sql_auth/">View
</a
></div
>
174 function security_check()
176 $ip = $_SERVER['REMOTE_ADDR'];
177 if (dnsbl_check($ip))
180 else if (fail2ban_check($ip))
186 function dnsbl_check($ip)
188 $dnsbl_lookup = DNSBL
;
190 // clear variable just in case
193 // if the IP was not given because you're an idiot, stop processing
194 if (!$ip) { return; }
196 // get the first two segments of the IPv4
197 $because = split($ip, "."); // why you
198 $you = $because[1]; // gotta play
199 $want = $because[2]; // that song
200 $to = $you.".".$want."."; // so loud?
202 // exempt local connections because sometimes they get a false positive
203 if ($to == "192.168." || $to == "127.0.") { return NULL; }
205 // you spin my IP right round, right round, to check the records baby, right round-round-round
206 $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
209 foreach ($dnsbl_lookup as $host) {
212 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
219 // if it was safe, return NOTHING
224 // else, you guessed it, return where it was listed
230 function fail2ban_check($ip)