X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/59d032c86464658baee13fad479403f411c2c56e..89ba7ba42b9f5eeca0e55e62ab2f5cf0494e0be0:/Classes/class-paneluser.php

diff --git a/Classes/class-paneluser.php b/Classes/class-paneluser.php
index c813992..217226f 100644
--- a/Classes/class-paneluser.php
+++ b/Classes/class-paneluser.php
@@ -54,6 +54,8 @@ class PanelUser
 		$user["id"] = $id;
 		$user["object"] = NULL;
 		Hook::run(HOOKTYPE_USER_LOOKUP, $user);
+		if ($user['object'] === null)
+			return; /* no auth module loaded? */
 		foreach ($user['object'] as $key => $value)
 			$this->$key = $value;
 	}
@@ -63,13 +65,40 @@ class PanelUser
 	 * @param string $input
 	 * @return bool
 	 */
-	function password_verify(string $input) : bool
+	function password_verify(string $password, bool &$hash_needs_updating = false) : bool
 	{
-		if (password_verify($input, $this->passhash))
-			return true;
+		GLOBAL $config;
+		$hash_needs_updating = false;
+
+		if (str_starts_with($this->passhash, "peppered:"))
+		{
+			/* Argon2 with pepper */
+			$password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
+			if (password_verify($password, substr($this->passhash,9)))
+				return true;
+		} else {
+			/* Old standard argon2 */
+			if (password_verify($password, $this->passhash))
+			{
+				$hash_needs_updating = true;
+				return true;
+			}
+		}
 		return false;
 	}
 
+	/**
+	 * Generate hash of user's password
+	 * @param string $password
+	 * @return string
+	 */
+	public static function password_hash(string $password) : string
+	{
+		GLOBAL $config;
+		$input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
+		return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
+	}
+
 	/**
 	 * Add user meta data
 	 * @param string $key
@@ -184,7 +213,7 @@ function create_new_user(array &$user) : bool
 		throw new Exception("Attempted to add user without specifying user_name or user_pass");
 
 	$user['user_name'] = htmlspecialchars($user['user_name']);
-	$user['user_pass'] = password_hash($user['user_pass'], PASSWORD_ARGON2ID);
+	$user['user_pass'] = PanelUser::password_hash($user['user_pass']);
 	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
 	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
 	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
@@ -212,12 +241,7 @@ function create_new_user(array &$user) : bool
  */
 function unreal_get_current_user() : PanelUser|bool
 {
-	if (!isset($_SESSION))
-	{
-		session_set_cookie_params(3600);
-		session_start();
-	}
-	if (isset($_SESSION['id']))
+	if (isset($_SESSION) && isset($_SESSION['id']))
 	{
 		$user = new PanelUser(NULL, $_SESSION['id']);
 		if ($user->id)
@@ -326,3 +350,77 @@ function generate_panel_user_permission_table($user)
 		<?php
 	}
 }
+
+function get_panel_user_roles_list()
+{
+	/* Defaults */
+	$list = [
+        "Super Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
+        "Read Only" => [], // Read Only can do nothing
+	];
+
+	Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
+	return $list;
+}
+
+function generate_role_list($list)
+{
+	$list2 = get_panel_user_permission_list();
+	?>
+		<h5>Roles List:</h5>
+		<div id="permlist">
+		<div class="container-xxl" style="max-width: 1430px;">
+		<div class="accordion" id="roles_accord">
+
+<?php foreach($list as $role => $slug) {?>
+	<div class="card">
+		<div class="card-header" id="<?php echo to_slug($role); ?>_heading">
+			<div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
+				<?php echo $role ?>
+				
+			</div>
+		</div>
+
+		<div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
+			<div id="results_rpc" class="card-body">
+				<form method="post">
+				<?php if ($role !== "Super Admin" && $role !== "Read Only") { ?>
+					<div class="container row mb-2">
+						<button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
+						<button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
+					</div>
+					
+				<?php } ?>
+				<div id="<?php echo $role; ?>_input_area"><?php
+					foreach($list2 as $desc => $slug)
+					{
+					$attributes = "";
+					$attributes .= ($role == "Super Admin" || $role == "Read Only") ? "disabled " : "";
+
+						?>
+						<div class="input-group">
+							<div class="input-group-prepend">
+								<div class="input-group-text">
+									<input <?php
+										$attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
+										echo $attributes;
+									?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
+								</div>
+							</div>
+							<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
+						</div>
+				
+						<?php
+					}
+				?>	</div>
+				</form>
+			</div>
+		</div>
+	</div>
+<?php }?>
+
+		</div></div><br>
+			
+</div><?php
+
+}