$user["id"] = $id;
$user["object"] = NULL;
Hook::run(HOOKTYPE_USER_LOOKUP, $user);
+ if ($user['object'] === null)
+ return; /* no auth module loaded? */
foreach ($user['object'] as $key => $value)
$this->$key = $value;
}
* @param string $input
* @return bool
*/
- function password_verify(string $input) : bool
+ function password_verify(string $password, bool &$hash_needs_updating = false) : bool
{
- if (password_verify($input, $this->passhash))
- return true;
+ GLOBAL $config;
+ $hash_needs_updating = false;
+
+ if (str_starts_with($this->passhash, "peppered:"))
+ {
+ /* Argon2 with pepper */
+ $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
+ if (password_verify($password, substr($this->passhash,9)))
+ return true;
+ } else {
+ /* Old standard argon2 */
+ if (password_verify($password, $this->passhash))
+ {
+ $hash_needs_updating = true;
+ return true;
+ }
+ }
return false;
}
+ /**
+ * Generate hash of user's password
+ * @param string $password
+ * @return string
+ */
+ public static function password_hash(string $password) : string
+ {
+ GLOBAL $config;
+ $input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
+ return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
+ }
+
/**
* Add user meta data
* @param string $key
throw new Exception("Attempted to add user without specifying user_name or user_pass");
$user['user_name'] = htmlspecialchars($user['user_name']);
- $user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
+ $user['user_pass'] = PanelUser::password_hash($user['user_pass']);
$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
*/
function unreal_get_current_user() : PanelUser|bool
{
- if (!isset($_SESSION))
- {
- session_set_cookie_params(3600);
- session_start();
- }
- if (isset($_SESSION['id']))
+ if (isset($_SESSION) && isset($_SESSION['id']))
{
$user = new PanelUser(NULL, $_SESSION['id']);
if ($user->id)
<?php
}
}
+
+function get_panel_user_roles_list()
+{
+ /* Defaults */
+ $list = [
+ "Super Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
+ "Read Only" => [], // Read Only can do nothing
+ ];
+
+ Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
+ return $list;
+}
+
+function generate_role_list($list)
+{
+ $list2 = get_panel_user_permission_list();
+ ?>
+ <h5>Roles List:</h5>
+ <div id="permlist">
+ <div class="container-xxl" style="max-width: 1430px;">
+ <div class="accordion" id="roles_accord">
+
+<?php foreach($list as $role => $slug) {?>
+ <div class="card">
+ <div class="card-header" id="<?php echo to_slug($role); ?>_heading">
+ <div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
+ <?php echo $role ?>
+
+ </div>
+ </div>
+
+ <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
+ <div id="results_rpc" class="card-body">
+ <form method="post">
+ <?php if ($role !== "Super Admin" && $role !== "Read Only") { ?>
+ <div class="container row mb-2">
+ <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
+ <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
+ </div>
+
+ <?php } ?>
+ <div id="<?php echo $role; ?>_input_area"><?php
+ foreach($list2 as $desc => $slug)
+ {
+ $attributes = "";
+ $attributes .= ($role == "Super Admin" || $role == "Read Only") ? "disabled " : "";
+
+ ?>
+ <div class="input-group">
+ <div class="input-group-prepend">
+ <div class="input-group-text">
+ <input <?php
+ $attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
+ echo $attributes;
+ ?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
+ </div>
+ </div>
+ <input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
+ </div>
+
+ <?php
+ }
+ ?> </div>
+ </form>
+ </div>
+ </div>
+ </div>
+<?php }?>
+
+ </div></div><br>
+
+</div><?php
+
+}