Shut up some errors

[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php
diff --git a/Classes/class-paneluser.php b/Classes/class-paneluser.php

index 810aac51748f687ef364c5fbbacc4944ba21efe4..d6350f0b4546fc2596d2e9235ecc02a49431c304 100644 (file)
--- a/Classes/class-paneluser.php
+++ b/Classes/class-paneluser.php
@@ -27,6 +27,8 @@ define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
  define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
  /** Can rehash servers */
  define('PERMISSION_REHASH', 'rhs');
  define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
  /** Can rehash servers */
  define('PERMISSION_REHASH', 'rhs');
+/** Can install and uninstall plugins */
+define('PERMISSION_MANAGE_PLUGINS', 'mng_plg');
  /**
   * PanelUser
   * This is the User class for the SQL_Auth plugin
  /**
   * PanelUser
   * This is the User class for the SQL_Auth plugin
@@ -69,17 +71,23 @@ class PanelUser
         {
                 GLOBAL $config;
                 $hash_needs_updating = false;
         {
                 GLOBAL $config;
                 $hash_needs_updating = false;
-
+               $p2 = $password;
                 if (str_starts_with($this->passhash, "peppered:"))
                 {
                         /* Argon2 with pepper */
                         $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
                         if (password_verify($password, substr($this->passhash,9)))
                 if (str_starts_with($this->passhash, "peppered:"))
                 {
                         /* Argon2 with pepper */
                         $password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
                         if (password_verify($password, substr($this->passhash,9)))
+                       {
+                               $this->HIBP(sha1($p2));
                                 return true;
                                 return true;
-               } else {
+                       }
+               }
+               else
+               {
                         /* Old standard argon2 */
                         if (password_verify($password, $this->passhash))
                         {
                         /* Old standard argon2 */
                         if (password_verify($password, $this->passhash))
                         {
+                               $this->HIBP(sha1($p2));
                                 $hash_needs_updating = true;
                                 return true;
                         }
                                 $hash_needs_updating = true;
                                 return true;
                         }
@@ -101,24 +109,37 @@ class PanelUser
  
         /**
          * Add user meta data
  
         /**
          * Add user meta data
-        * @param string $key
-        * @param string $value
+        * If using an array for the first param then you
+        * must also use an array for the second param
+        * @param array|string $key
+        * @param array|string|int|bool|null $value
          */
          */
-       function add_meta(string $key, string $value)
+       function add_meta(array|string $key, array|string|int|bool|null $value)
         {
                 
         {
                 
-               if (!$key || !$value)
+               if (!$key)
                         return false;
  
                         return false;
  
-               $meta = [
-                       "id" => $this->id,
-                       "key" => $key,
-                       "value" => $value
-               ];
+               if (is_array($key))
+               {
+                       foreach ($key as $i => $k)
+                               $arr[$k] = $value[$i];
+               } else {
+                       $arr[$key] = $value;
+               }
  
  
-               $array['meta'] = $meta;
-               $array['user'] = $this;
-               Hook::run(HOOKTYPE_USERMETA_ADD, $array);
+               foreach($arr as $k => $v)
+               {
+                       $meta = [
+                               "id" => $this->id,
+                               "key" => $k,
+                               "value" => $v
+                       ];
+
+                       $array['meta'] = $meta;
+                       $array['user'] = $this;
+                       Hook::run(HOOKTYPE_USERMETA_ADD, $array);
+               }
                 
         }
  
                 
         }
  
@@ -172,6 +193,44 @@ class PanelUser
                 $arr = ['info' => $array, 'user' => $this];
                 Hook::run(HOOKTYPE_EDIT_USER, $arr);
         }
                 $arr = ['info' => $array, 'user' => $this];
                 Hook::run(HOOKTYPE_EDIT_USER, $arr);
         }
+
+       /** Have I Been Pwned
+        * Check password against HIBP to let them know about their
+        * leaked password.
+        * @param string $password_hash This should be a pre-hashed sha1 password
+        */
+       function HIBP($password_hash)
+       {
+               if (get_config("hibp") == false)
+                       return;
+               $url = "https://api.pwnedpasswords.com/range/".substr($password_hash,0,5);
+               $end = substr($password_hash,5);
+               $ch = curl_init($url);
+
+               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+               $response = curl_exec($ch);
+
+               if (curl_errno($ch))
+               {
+                       error_log("[error] Could not check against Have I Been Pwned API");
+                       return;
+               }
+               $data = explode("\r\n",$response);
+               curl_close($ch);
+               $count = count($data);
+               $i = 1;
+               foreach($data as $dat)
+               {
+                       $result = explode(":",$dat);
+                       if ($result[0] == strtoupper($end))
+                       {
+                               $this->add_meta("hibp", $result[1]);
+                               return;
+                       }
+                       $i++;
+               }
+       }
  }
  
  
  }
  
  
@@ -327,6 +386,7 @@ function get_panel_user_permission_list()
  {
         $list = [
                 "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
  {
         $list = [
                 "Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
+               "Can add/delete/manage plugins" => PERMISSION_MANAGE_PLUGINS,
                 "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
                 "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
                 "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
                 "Can ban/kill IRC users" => PERMISSION_BAN_USERS,
                 "Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
                 "Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
@@ -339,6 +399,7 @@ function get_panel_user_permission_list()
                 "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
                 "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
                 "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
                 "Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
                 "Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
                 "Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
+
         ];
         Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
         return $list;
         ];
         Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
         return $list;