]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - Classes/class-paneluser.php
projects / irc / unrealircd / unrealircd-webpanel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add a `Plugins` overview card
[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php
1 <?php
2 /** Relating to Panel Access: Can add, delete and edit users. Big boss. */
3 define('PERMISSION_MANAGE_USERS', 'manage_users');
4 /** Relating to Users tab: Can ban users connected to IRC */
5 define('PERMISSION_BAN_USERS', 'ban_users');
6 /** Change properties of a user, i.e. vhost, modes and more */
7 define('PERMISSION_EDIT_USER', 'edit_user');
8 /** Change properties of a channel, i.e. topic, modes and more */
9 define('PERMISSION_EDIT_CHANNEL', 'edit_channel');
10 /** Change properties of a user on a channel i.e give/remove voice or ops and more */
11 define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user');
12 /** Can add manual bans, including G-Lines, Z-Lines and more */
13 define('PERMISSION_SERVER_BAN_ADD', 'tkl_add');
14 /** Can remove set bans, including G-Lines, Z-Lines and more */
15 define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
16 /** Can add Name Bans (Q-Lines) */
17 define('PERMISSION_NAME_BAN_ADD', 'nb_add');
18 /** Can delete Name Bans (Q-Lines) */
19 define('PERMISSION_NAME_BAN_DEL', 'nb_del');
20 /** Can add ban exceptions (E-Lines) */
21 define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add');
22 /** Can delete ban exceptions (E-Lines) */
23 define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del');
24 /** Can add spamfilter entries */
25 define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
26 /** Can delete spamfilter entries */
27 define('PERMISSION_SPAMFILTER_DEL', 'sf_del');
28 /** Can rehash servers */
29 define('PERMISSION_REHASH', 'rhs');
30 /** Can install and uninstall plugins */
31 define('PERMISSION_MANAGE_PLUGINS', 'mng_plg');
32 /**
33 * PanelUser
34 * This is the User class for the SQL_Auth plugin
35 */
36 class PanelUser
37 {
38 public $id = NULL;
39 public $username = NULL;
40 private $passhash = NULL;
41 public $first_name = NULL;
42 public $last_name = NULL;
43 public $created = NULL;
44 public $user_meta = [];
45 public $bio = NULL;
46 public $email = NULL;
47
48 /**
49 * Find a user in the database by name or ID
50 * @param string $name
51 * @param mixed $id
52 */
53 function __construct(string $name = NULL, int $id = NULL)
54 {
55 $user["name"] = $name;
56 $user["id"] = $id;
57 $user["object"] = NULL;
58 Hook::run(HOOKTYPE_USER_LOOKUP, $user);
59 if ($user['object'] === null)
60 return; /* no auth module loaded? */
61 foreach ($user['object'] as $key => $value)
62 $this->$key = $value;
63 }
64
65 /**
66 * Verify a user's password
67 * @param string $input
68 * @return bool
69 */
70 function password_verify(string $password, bool &$hash_needs_updating = false) : bool
71 {
72 GLOBAL $config;
73 $hash_needs_updating = false;
74
75 if (str_starts_with($this->passhash, "peppered:"))
76 {
77 /* Argon2 with pepper */
78 $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
79 if (password_verify($password, substr($this->passhash,9)))
80 return true;
81 } else {
82 /* Old standard argon2 */
83 if (password_verify($password, $this->passhash))
84 {
85 $hash_needs_updating = true;
86 return true;
87 }
88 }
89 return false;
90 }
91
92 /**
93 * Generate hash of user's password
94 * @param string $password
95 * @return string
96 */
97 public static function password_hash(string $password) : string
98 {
99 GLOBAL $config;
100 $input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
101 return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
102 }
103
104 /**
105 * Add user meta data
106 * If using an array for the first param then you
107 * must also use an array for the second param
108 * @param array|string $key
109 * @param array|string|int|bool|null $value
110 */
111 function add_meta(array|string $key, array|string|int|bool|null $value)
112 {
113
114 if (!$key)
115 return false;
116
117 if (is_array($key))
118 {
119 foreach ($key as $i => $k)
120 $arr[$k] = $value[$i];
121 } else {
122 $arr[$key] = $value;
123 }
124
125 foreach($arr as $k => $v)
126 {
127 $meta = [
128 "id" => $this->id,
129 "key" => $k,
130 "value" => $v
131 ];
132
133 $array['meta'] = $meta;
134 $array['user'] = $this;
135 Hook::run(HOOKTYPE_USERMETA_ADD, $array);
136 }
137
138 }
139
140 /**
141 * Delete user meta data by key
142 * @param string $key
143 */
144 function delete_meta(string $key)
145 {
146 if (!$key )
147 return false;
148
149 $meta = [
150 "id" => $this->id,
151 "key" => $key,
152 ];
153 $array['meta'] = $meta;
154 $array['user'] = $this;
155 Hook::run(HOOKTYPE_USERMETA_DEL, $array);
156
157 }
158
159 /** PERMISSIONS */
160
161 function add_permission($permission)
162 {
163 $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
164 if (!in_array($permission,$meta))
165 $meta[] = $permission;
166 $this->add_meta("permissions", serialize($meta)); // updet de dettabess
167 $this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
168 }
169 function delete_permission($permission)
170 {
171 $meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
172 foreach($meta as $key => $value)
173 {
174 if (!strcmp($permission, $value))
175 unset($meta[$key]);
176 }
177 $this->add_meta("permissions", serialize($meta));
178 $this->user_meta['permissions'] = serialize($meta);
179 }
180
181 /** Updates core user info.
182 * CAUTION: Updating a non-existent column will crash
183 * your shit
184 */
185 function update_core_info($array)
186 {
187 $arr = ['info' => $array, 'user' => $this];
188 Hook::run(HOOKTYPE_EDIT_USER, $arr);
189 }
190 }
191
192
193 /**
194 * This class looks up and returns any user meta.
195 * This is used by PanelUser, so you won't need to
196 * call it separately from PanelUser.
197 */
198 class PanelUser_Meta
199 {
200 public $list = [];
201 function __construct($id)
202 {
203 $array = [];
204 $arr["id"] = $id;
205 $arr['meta'] = &$array;
206 Hook::run(HOOKTYPE_USERMETA_GET, $arr);
207 $this->list = $arr['meta'];
208
209 }
210 }
211
212 /**
213 * Array of user
214 *
215 * Required:
216 * user_name
217 * user_pass
218 *
219 * Optional:
220 * user_fname
221 * user_lname
222 *
223 * @param array $user
224 * @throws Exception
225 * @return bool
226 */
227 function create_new_user(array &$user) : bool
228 {
229 if (!isset($user['user_name']) || !isset($user['user_pass']))
230 throw new Exception("Attempted to add user without specifying user_name or user_pass");
231
232 $user['user_name'] = htmlspecialchars($user['user_name']);
233 $user['user_pass'] = PanelUser::password_hash($user['user_pass']);
234 $user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
235 $last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
236 $user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
237 $user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;
238
239 if (($u = new PanelUser($user['user_name']))->id)
240 {
241 $user['err'] = "User already exists";
242 return false;
243 }
244 // internal use
245 $user['success'] = false;
246 $user['errmsg'] = [];
247
248 Hook::run(HOOKTYPE_USER_CREATE, $user);
249 if (!$user['success'])
250 return false;
251
252 return true;
253 }
254
255 /**
256 * Gets the user object for the current session
257 * @return PanelUser|bool
258 */
259 function unreal_get_current_user() : PanelUser|bool
260 {
261 if (isset($_SESSION) && isset($_SESSION['id']))
262 {
263 $user = new PanelUser(NULL, $_SESSION['id']);
264 if ($user->id)
265 return $user;
266 }
267 return false;
268 }
269
270 /**
271 * Checks if a user can do something
272 * @param string $permission
273 * @return bool
274 */
275 function current_user_can($permission) : bool
276 {
277 $user = unreal_get_current_user();
278 if (!$user)
279 return false;
280 return user_can($user, $permission);
281 }
282
283 /**
284 * Checks if a user can do something
285 * @param string $permission
286 * @return bool
287 */
288 function user_can(PanelUser $user, $permission) : bool
289 {
290 global $config;
291 if (!$user)
292 return false;
293
294 if (isset($user->user_meta['role']))
295 {
296 if ($user->user_meta['role'] == "Super-Admin")
297 return true;
298
299 else if ($user->user_meta['role'] == "Read-Only")
300 return false;
301
302 else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
303 return true;
304
305 return false;
306 }
307
308 /* compatibility fallback */
309 if (isset($user->user_meta['permissions']))
310 {
311 $perms = unserialize($user->user_meta['permissions']);
312 if (in_array($permission, $perms))
313 return true;
314 }
315 return false;
316 }
317
318 /**
319 * Delete a user and related meta
320 * @param int $id The ID of the user in the SQL database.
321 * @param array $info This will fill with a response.
322 * @return int
323 *
324 * Return values:
325 * 1 The user was successfully deleted.
326 * 0 The user was not found
327 * -1 The admin does not have permission to delete users [TODO]
328 */
329 function delete_user(int $id, &$info = []) : int
330 {
331 $user = new PanelUser(NULL, $id);
332 if (!$user->id) {
333 $info[] = "Could not find user";
334 return 0;
335 }
336 $arr = ["user" => $user, "info" => &$info, "boolint" => 0];
337 Hook::run(HOOKTYPE_USER_DELETE, $arr);
338 return $arr["boolint"];
339 }
340
341 function get_panel_user_permission_list()
342 {
343 $list = [
344 "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
345 "Can add/delete/manage plugins" => PERMISSION_MANAGE_PLUGINS,
346 "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
347 "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
348 "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
349 "Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
350 "Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
351 "Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
352 "Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
353 "Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
354 "Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
355 "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
356 "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
357 "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
358
359 ];
360 Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
361 return $list;
362 }
363
364 function generate_panel_user_permission_table($user)
365 {
366
367 $list = get_panel_user_permission_list();
368 foreach($list as $desc => $slug)
369 {
370 $attributes = "";
371 $attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
372 ?>
373 <div class="input-group">
374 <div class="input-group-prepend">
375 <div class="input-group-text">
376 <input <?php
377 $attributes .= (user_can($user, $slug)) ? "checked" : "";
378 echo $attributes;
379 ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
380 </div>
381 </div>
382 <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
383 </div>
384
385 <?php
386 }
387 }
388
389 function get_panel_user_roles_list()
390 {
391 GLOBAL $config;
392
393 /* Defaults */
394 $list = [
395 "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
396 "Read-Only" => [], // Read Only can do nothing
397 ];
398
399 if (isset($config["user_roles"]))
400 foreach($config['user_roles'] as $r => $role)
401 $list[$r] = $role;
402
403 return $list;
404 }
405
406 function generate_role_list($list)
407 {
408 $list2 = get_panel_user_permission_list();
409 ?>
410 <h5>Roles List:</h5>
411 <div id="permlist">
412 <div class="container-xxl" style="max-width: 1430px;">
413 <div class="accordion" id="roles_accord">
414
415 <?php foreach($list as $role => $slug) {?>
416 <div class="card">
417 <div class="card-header" id="<?php echo to_slug($role); ?>_heading">
418 <div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
419 <?php echo $role ?>
420
421 </div>
422 </div>
423
424 <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
425 <div id="results_rpc" class="card-body">
426 <form method="post">
427 <?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
428 <div class="container row mb-2">
429 <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
430 <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
431 </div>
432
433 <?php } ?>
434 <div id="<?php echo $role; ?>_input_area"><?php
435 foreach($list2 as $desc => $slug)
436 {
437 $attributes = "";
438 $attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";
439
440 ?>
441 <div class="input-group">
442 <div class="input-group-prepend">
443 <div class="input-group-text">
444 <input <?php
445 $attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
446 echo $attributes;
447 ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
448 </div>
449 </div>
450 <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
451 </div>
452
453 <?php
454 }
455 ?> </div>
456 </form>
457 </div>
458 </div>
459 </div>
460 <?php }?>
461
462 </div></div><br>
463
464 </div><?php
465
466 }
Unnamed repository; edit this file 'description' to name the repository.