]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blobdiff - Classes/class-paneluser.php
projects / irc / unrealircd / unrealircd-webpanel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Shut up some errors
[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php
diff --git a/Classes/class-paneluser.php b/Classes/class-paneluser.php
index 217226f11fa46420854b4545987479bdfa40e857..d6350f0b4546fc2596d2e9235ecc02a49431c304 100644 (file)
--- a/Classes/class-paneluser.php
+++ b/Classes/class-paneluser.php
@@ -27,6 +27,8 @@ define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
 define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
 /** Can rehash servers */
 define('PERMISSION_REHASH', 'rhs');
 define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
 /** Can rehash servers */
 define('PERMISSION_REHASH', 'rhs');
+/** Can install and uninstall plugins */
+define('PERMISSION_MANAGE_PLUGINS', 'mng_plg');
 /**
  * PanelUser
  * This is the User class for the SQL_Auth plugin
 /**
  * PanelUser
  * This is the User class for the SQL_Auth plugin
@@ -69,17 +71,23 @@ class PanelUser
        {
                GLOBAL $config;
                $hash_needs_updating = false;
        {
                GLOBAL $config;
                $hash_needs_updating = false;
-
+               $p2 = $password;
                if (str_starts_with($this->passhash, "peppered:"))
                {
                        /* Argon2 with pepper */
                        $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
                        if (password_verify($password, substr($this->passhash,9)))
                if (str_starts_with($this->passhash, "peppered:"))
                {
                        /* Argon2 with pepper */
                        $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
                        if (password_verify($password, substr($this->passhash,9)))
+                       {
+                               $this->HIBP(sha1($p2));
                                return true;
                                return true;
-               } else {
+                       }
+               }
+               else
+               {
                        /* Old standard argon2 */
                        if (password_verify($password, $this->passhash))
                        {
                        /* Old standard argon2 */
                        if (password_verify($password, $this->passhash))
                        {
+                               $this->HIBP(sha1($p2));
                                $hash_needs_updating = true;
                                return true;
                        }
                                $hash_needs_updating = true;
                                return true;
                        }
@@ -101,24 +109,37 @@ class PanelUser
 
        /**
         * Add user meta data
 
        /**
         * Add user meta data
-        * @param string $key
-        * @param string $value
+        * If using an array for the first param then you
+        * must also use an array for the second param
+        * @param array|string $key
+        * @param array|string|int|bool|null $value
         */
         */
-       function add_meta(string $key, string $value)
+       function add_meta(array|string $key, array|string|int|bool|null $value)
        {
                
        {
                
-               if (!$key || !$value)
+               if (!$key)
                        return false;
 
                        return false;
 
-               $meta = [
-                       "id" => $this->id,
-                       "key" => $key,
-                       "value" => $value
-               ];
+               if (is_array($key))
+               {
+                       foreach ($key as $i => $k)
+                               $arr[$k] = $value[$i];
+               } else {
+                       $arr[$key] = $value;
+               }
 
 
-               $array['meta'] = $meta;
-               $array['user'] = $this;
-               Hook::run(HOOKTYPE_USERMETA_ADD, $array);
+               foreach($arr as $k => $v)
+               {
+                       $meta = [
+                               "id" => $this->id,
+                               "key" => $k,
+                               "value" => $v
+                       ];
+
+                       $array['meta'] = $meta;
+                       $array['user'] = $this;
+                       Hook::run(HOOKTYPE_USERMETA_ADD, $array);
+               }
                
        }
 
                
        }
 
@@ -135,7 +156,9 @@ class PanelUser
                        "id" => $this->id,
                        "key" => $key,
                ];
                        "id" => $this->id,
                        "key" => $key,
                ];
-               Hook::run(HOOKTYPE_USERMETA_DEL, $meta);
+               $array['meta'] = $meta;
+               $array['user'] = $this;
+               Hook::run(HOOKTYPE_USERMETA_DEL, $array);
 
        }
 
 
        }
 
@@ -170,6 +193,44 @@ class PanelUser
                $arr = ['info' => $array, 'user' => $this];
                Hook::run(HOOKTYPE_EDIT_USER, $arr);
        }
                $arr = ['info' => $array, 'user' => $this];
                Hook::run(HOOKTYPE_EDIT_USER, $arr);
        }
+
+       /** Have I Been Pwned
+        * Check password against HIBP to let them know about their
+        * leaked password.
+        * @param string $password_hash This should be a pre-hashed sha1 password
+        */
+       function HIBP($password_hash)
+       {
+               if (get_config("hibp") == false)
+                       return;
+               $url = "https://api.pwnedpasswords.com/range/".substr($password_hash,0,5);
+               $end = substr($password_hash,5);
+               $ch = curl_init($url);
+
+               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+               $response = curl_exec($ch);
+
+               if (curl_errno($ch))
+               {
+                       error_log("[error] Could not check against Have I Been Pwned API");
+                       return;
+               }
+               $data = explode("\r\n",$response);
+               curl_close($ch);
+               $count = count($data);
+               $i = 1;
+               foreach($data as $dat)
+               {
+                       $result = explode(":",$dat);
+                       if ($result[0] == strtoupper($end))
+                       {
+                               $this->add_meta("hibp", $result[1]);
+                               return;
+                       }
+                       $i++;
+               }
+       }
 }
 
 
 }
 
 
@@ -270,9 +331,25 @@ function current_user_can($permission) : bool
  */
 function user_can(PanelUser $user, $permission) : bool
 {
  */
 function user_can(PanelUser $user, $permission) : bool
 {
+       global $config;
        if (!$user)
                return false;
 
        if (!$user)
                return false;
 
+       if (isset($user->user_meta['role']))
+       {
+               if ($user->user_meta['role'] == "Super-Admin")
+                       return true;
+
+               else if ($user->user_meta['role'] == "Read-Only")
+                       return false;
+
+               else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
+                       return true;
+                       
+               return false;
+       }
+
+       /* compatibility fallback */
        if (isset($user->user_meta['permissions']))
        {
                $perms = unserialize($user->user_meta['permissions']);
        if (isset($user->user_meta['permissions']))
        {
                $perms = unserialize($user->user_meta['permissions']);
@@ -309,6 +386,7 @@ function get_panel_user_permission_list()
 {
        $list = [
                "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
 {
        $list = [
                "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
+               "Can add/delete/manage plugins" => PERMISSION_MANAGE_PLUGINS,
                "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
                "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
                "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
                "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
                "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
                "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
@@ -321,6 +399,7 @@ function get_panel_user_permission_list()
                "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
                "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
                "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
                "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
                "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
                "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
+
        ];
        Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
        return $list;
        ];
        Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
        return $list;
@@ -353,13 +432,18 @@ function generate_panel_user_permission_table($user)
 
 function get_panel_user_roles_list()
 {
 
 function get_panel_user_roles_list()
 {
+       GLOBAL $config;
+
        /* Defaults */
        $list = [
        /* Defaults */
        $list = [
-        "Super Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
-        "Read Only" => [], // Read Only can do nothing
+               "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
+               "Read-Only" => [], // Read Only can do nothing
        ];
 
        ];
 
-       Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
+       if (isset($config["user_roles"]))
+               foreach($config['user_roles'] as $r => $role)
+                       $list[$r] = $role;
+
        return $list;
 }
 
        return $list;
 }
 
@@ -384,7 +468,7 @@ function generate_role_list($list)
                <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
                        <div id="results_rpc" class="card-body">
                                <form method="post">
                <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
                        <div id="results_rpc" class="card-body">
                                <form method="post">
-                               <?php if ($role !== "Super Admin" && $role !== "Read Only") { ?>
+                               <?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
                                        <div class="container row mb-2">
                                                <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
                                                <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
                                        <div class="container row mb-2">
                                                <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
                                                <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
@@ -395,7 +479,7 @@ function generate_role_list($list)
                                        foreach($list2 as $desc => $slug)
                                        {
                                        $attributes = "";
                                        foreach($list2 as $desc => $slug)
                                        {
                                        $attributes = "";
-                                       $attributes .= ($role == "Super Admin" || $role == "Read Only") ? "disabled " : "";
+                                       $attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";
 
                                                ?>
                                                <div class="input-group">
 
                                                ?>
                                                <div class="input-group">
Unnamed repository; edit this file 'description' to name the repository.