]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - plugins/sql_auth/sql_auth.php
projects / irc / unrealircd / unrealircd-webpanel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix ndentation on sql_auth's login.php
[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / sql_auth.php
1 <?php
2
3 require_once "SQL/sql.php";
4 require_once "SQL/user.php";
5 require_once "SQL/settings.php";
6
7 class sql_auth
8 {
9 public $name = "SQLAuth";
10 public $author = "Valware";
11 public $version = "1.0";
12 public $description = "Provides a User Auth and Management Panel with an SQL backend";
13
14 function __construct()
15 {
16 self::create_tables();
17 Hook::func(HOOKTYPE_NAVBAR, 'sql_auth::add_navbar');
18 Hook::func(HOOKTYPE_PRE_HEADER, 'sql_auth::session_start');
19 Hook::func(HOOKTYPE_OVERVIEW_CARD, 'sql_auth::add_overview_card');
20
21 if (defined('SQL_DEFAULT_USER')) // we've got a default account
22 {
23 $lkup = new SQLA_User(SQL_DEFAULT_USER['username']);
24
25 if (!$lkup->id) // doesn't exist, add it with full privileges
26 {
27 create_new_user(["user_name" => SQL_DEFAULT_USER['username'], "user_pass" => SQL_DEFAULT_USER['password']]);
28 }
29 }
30 }
31
32 public static function add_navbar(&$pages)
33 {
34 if (!unreal_get_current_user()->id)
35 {
36 $pages = NULL;
37 return;
38 }
39 $pages["Panel Access"] = "plugins/sql_auth/";
40 if (isset($_SESSION['id']))
41 {
42 $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";
43 }
44 }
45
46 public static function session_start($n)
47 {
48 do_log($_SESSION);
49 if (!isset($_SESSION['id']) || empty($_SESSION))
50 {
51 $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
52 if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
53 header("Location: " . BASE_URL . "plugins/sql_auth/error.php");
54 die();
55 }
56 session_destroy();
57 header("Location: ".BASE_URL."plugins/sql_auth/login.php");
58 die();
59 }
60 else
61 {
62 if (!unreal_get_current_user()->id) // user no longer exists
63 {
64 session_destroy();
65 header("Location: ".BASE_URL."plugins/sql_auth/login.php");
66 die();
67 }
68 session_start();
69 }
70 }
71
72 /**
73 * Create the tables we'll be using in the SQLdb
74 * @return void
75 */
76 public static function create_tables()
77 {
78 $conn = sqlnew();
79 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "users (
80 user_id int AUTO_INCREMENT NOT NULL,
81 user_name VARCHAR(255) NOT NULL,
82 user_pass VARCHAR(255) NOT NULL,
83
84 user_fname VARCHAR(255),
85 user_lname VARCHAR(255),
86 user_bio VARCHAR(255),
87 created VARCHAR(255),
88 PRIMARY KEY (user_id)
89 )");
90 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta (
91 meta_id int AUTO_INCREMENT NOT NULL,
92 user_id int NOT NULL,
93 meta_key VARCHAR(255) NOT NULL,
94 meta_value VARCHAR(255),
95 PRIMARY KEY (meta_id)
96 )");
97 $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings (
98 id int AUTO_INCREMENT NOT NULL,
99 setting_key VARCHAR(255) NOT NULL,
100 setting_value VARCHAR(255),
101 PRIMARY KEY (id)
102 )");
103 new AuthSettings();
104 }
105
106 /**
107 * Summary of add_overview_card
108 * @param mixed $stats
109 * @return void
110 */
111 public static function add_overview_card(object &$stats) : void
112 {
113 $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn();
114 ?>
115
116 <div class="container mt-5">
117
118 <div class="row">
119 <div class="col-sm-3">
120 <div class="card text-center">
121 <div class="card-header bg-success text-white">
122 <div class="row">
123 <div class="col">
124 <i class="fa fa-lock-open fa-3x"></i>
125 </div>
126 <div class="col">
127 <h3 class="display-4"><?php echo $num_of_panel_admins; ?></h3>
128 </div>
129 </div>
130 </div>
131 <div class="card-body">
132 <div class="row">
133 <div class="col">
134 <h6>Panel Users</h6>
135 </div>
136 <div class="col"> <a class="btn btn-primary" href="<?php echo BASE_URL; ?>plugins/sql_auth/">View</a></div>
137 </div>
138 </div>
139 </div>
140 </div>
141 </div>
142 </div>
143 <?php
144 }
145
146 }
147
148
149 function security_check()
150 {
151 $ip = $_SERVER['REMOTE_ADDR'];
152 if (dnsbl_check($ip))
153 return true;
154
155 else if (fail2ban_check($ip))
156 {
157
158 }
159 }
160
161 function dnsbl_check($ip)
162 {
163 $dnsbl_lookup = DNSBL;
164
165 // clear variable just in case
166 $listed = NULL;
167
168 // if the IP was not given because you're an idiot, stop processing
169 if (!$ip) { return; }
170
171 // get the first two segments of the IPv4
172 $because = split($ip, "."); // why you
173 $you = $because[1]; // gotta play
174 $want = $because[2]; // that song
175 $to = $you.".".$want."."; // so loud?
176
177 // exempt local connections because sometimes they get a false positive
178 if ($to == "192.168." || $to == "127.0.") { return NULL; }
179
180 // you spin my IP right round, right round, to check the records baby, right round-round-round
181 $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
182
183 // checkem
184 foreach ($dnsbl_lookup as $host) {
185
186 //if it was listed
187 if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
188
189 //take note
190 $listed = $host;
191 }
192 }
193
194 // if it was safe, return NOTHING
195 if (!$listed) {
196 return NULL;
197 }
198
199 // else, you guessed it, return where it was listed
200 else {
201 return $listed;
202 }
203 }
204
205 function fail2ban_check($ip)
206 {}
Unnamed repository; edit this file 'description' to name the repository.