Task 2 complete @syzop ! :D

[irc/unrealircd/unrealircd-webpanel.git] / plugins / sql_auth / sql_auth.php

diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php
index 0c8ca634ec2eaa9ccb5bca3f3fa6803493069b1c..a60a63068622b220d827eb0e726b7fa26ba7997d 100644 (file)
--- a/plugins/sql_auth/sql_auth.php
+++ b/plugins/sql_auth/sql_auth.php
@@ -13,7 +13,6 @@ class sql_auth
 
        function __construct()
        {
-               self::create_tables();
                Hook::func(HOOKTYPE_PRE_HEADER, 'sql_auth::session_start');
                Hook::func(HOOKTYPE_USER_LOOKUP, 'sql_auth::get_user');
                Hook::func(HOOKTYPE_USERMETA_ADD, 'sql_auth::add_usermeta');
@@ -76,16 +75,110 @@ class sql_auth
         */
        public static function create_tables()
        {
-               $script = $_SERVER['SCRIPT_FILENAME'];
-               if (str_ends_with($script,"setup.php"))
-                       return;
                $conn = sqlnew();
-               $stmt = $conn->query("SHOW TABLES LIKE '".get_config("mysql::table_prefix")."%'");
-               if ($stmt->rowCount() < 4)
+               $conn->query("CREATE TABLE IF NOT EXISTS " . get_config("mysql::table_prefix") . "users (
+                       user_id int AUTO_INCREMENT NOT NULL,
+                       user_name VARCHAR(255) NOT NULL,
+                       user_pass VARCHAR(255) NOT NULL,
+                       user_email VARCHAR(255),
+                       user_fname VARCHAR(255),
+                       user_lname VARCHAR(255),
+                       user_bio VARCHAR(255),
+                       created VARCHAR(255),
+                       PRIMARY KEY (user_id)
+               )");
+
+               /**
+                * Patch for beta users
+                * This adds the email column to existing tables without it
+               */
+               $columns = $conn->query("SHOW COLUMNS FROM " . get_config("mysql::table_prefix") . "users");
+               $column_names = array();
+               $c = $columns->fetchAll();
+
+               foreach($c as $column) {
+                       $column_names[] = $column['Field'];
+               }
+               $column_exists = in_array("user_email", $column_names);
+               if (!$column_exists) {
+                       $conn->query("ALTER TABLE " . get_config("mysql::table_prefix") . "users ADD COLUMN user_email varchar(255)");
+               }
+
+               /**
+                * Another patch for beta users
+                * This changes the size of the meta_value so we can store more
+                */
+               
+               $conn->query("CREATE TABLE IF NOT EXISTS " . get_config("mysql::table_prefix") . "user_meta (
+                       meta_id int AUTO_INCREMENT NOT NULL,
+                       user_id int NOT NULL,
+                       meta_key VARCHAR(255) NOT NULL,
+                       meta_value VARCHAR(255),
+                       PRIMARY KEY (meta_id)
+               )");
+               $conn->query("CREATE TABLE IF NOT EXISTS " . get_config("mysql::table_prefix") . "auth_settings (
+                       id int AUTO_INCREMENT NOT NULL,
+                       setting_key VARCHAR(255) NOT NULL,
+                       setting_value VARCHAR(255),
+                       PRIMARY KEY (id)
+               )");
+               $conn->query("CREATE TABLE IF NOT EXISTS " . get_config("mysql::table_prefix") . "fail2ban (
+                       id int AUTO_INCREMENT NOT NULL,
+                       ip VARCHAR(255) NOT NULL,
+                       count VARCHAR(255),
+                       PRIMARY KEY (id)
+               )");
+               $c = [];
+               if (($columns = $conn->query("SHOW COLUMNS FROM ".get_config("mysql::table_prefix")."user_meta")));
+                       $c = $columns->fetchAll();
+               if (!empty($c))
+                       $conn->query("ALTER TABLE `".get_config("mysql::table_prefix")."user_meta` CHANGE `meta_value` `meta_value` VARCHAR(5000) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin NULL DEFAULT NULL");
+
+
+               new AuthSettings();
+               
+
+               /* make sure everything went well */
+               $tables = ["users", "user_meta", "fail2ban", "auth_settings"];
+               $errors = 0; // counter
+               $error_messages = "";
+               foreach($tables as $table)
                {
-                       header("Location: ".get_config("base_url")."plugins/sql_auth/setup.php");
-                       die();
+                       $prefix = get_config("sql::prefix");
+                       $sql = "SHOW TABLES LIKE '$prefix%'"; // SQL query to check if table exists
+
+                       $result = $conn->query($sql);
+                       if ($result->rowCount())
+                       {   /* great! */ }
+
+                       else {
+                               $errors++;
+                               strcat($error_messages,"Table '$prefix$table' was not created successfully.<br>");
+                       }
                }
+               if (!$errors)
+               {
+                       if (defined('DEFAULT_USER')) // we've got a default account
+                       {
+                               $lkup = new PanelUser(DEFAULT_USER['username']);
+
+                               if (!$lkup->id) // doesn't exist, add it with full privileges
+                               {
+                                       $user = [];
+                                       $user['user_name'] = DEFAULT_USER['username'];
+                                       $user['user_pass'] = DEFAULT_USER['password'];
+                                       $user['err'] = "";
+                                       create_new_user($user);
+                               }
+                               $lkup = new PanelUser(DEFAULT_USER['username']);
+                               if (!user_can($lkup, PERMISSION_MANAGE_USERS))
+                                       $lkup->add_permission(PERMISSION_MANAGE_USERS);
+                       }
+                       return true;
+               }
+               else
+                       return false;
+       
        }
 
        /* We convert $u with a full user as an object ;D*/