X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/9c64340180025055174a4f55bcdb09e8ecd0575b..b2ae16abfe70a6d119eead51bcfab033e27da869:/plugins/sql_auth/sql_auth.php diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php index b0aa003..ececaec 100644 --- a/plugins/sql_auth/sql_auth.php +++ b/plugins/sql_auth/sql_auth.php @@ -1,7 +1,6 @@ id) // doesn't exist, add it with full privileges { - create_new_user(["user_name" => SQL_DEFAULT_USER['username'], "user_pass" => SQL_DEFAULT_USER['password']]); + $user = []; + $user['user_name'] = SQL_DEFAULT_USER['username']; + $user['user_pass'] = SQL_DEFAULT_USER['password']; + $user['err'] = ""; + create_new_user($user); } + $lkup = new PanelUser(SQL_DEFAULT_USER['username']); + if (!user_can($lkup, PERMISSION_MANAGE_USERS)) + $lkup->add_permission(PERMISSION_MANAGE_USERS); } } - public static function add_navbar(&$pages) + + public static function add_footer_info($empty) { - if (!unreal_get_current_user()->id) - { - $pages = NULL; + if (!($user = unreal_get_current_user())) return; - } - $pages["Panel Access"] = "plugins/sql_auth/"; - if (isset($_SESSION['id'])) - { - $pages["Logout"] = "plugins/sql_auth/login.php?logout=true"; + + else { + echo "Admin Panel v" . WEBPANEL_VERSION . ""; } } + /* pre-Header hook */ public static function session_start($n) { - do_log($_SESSION); + if (!isset($_SESSION)) + { + session_set_cookie_params(3600); + session_start(); + } if (!isset($_SESSION['id']) || empty($_SESSION)) { + $current_page = $_SERVER['REQUEST_URI']; $tok = split($_SERVER['SCRIPT_FILENAME'], "/"); if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") { header("Location: " . BASE_URL . "plugins/sql_auth/error.php"); die(); } - session_destroy(); - header("Location: ".BASE_URL."plugins/sql_auth/login.php"); + header("Location: ".BASE_URL."login/?redirect=".urlencode($current_page)); die(); } else { - if (!unreal_get_current_user()->id) // user no longer exists + if (!unreal_get_current_user()) // user no longer exists { session_destroy(); - header("Location: ".BASE_URL."plugins/sql_auth/login.php"); + header("Location: ".BASE_URL."login"); die(); } - session_start(); + // you'll be automatically logged out after one hour of inactivity } } @@ -80,13 +96,35 @@ class sql_auth user_id int AUTO_INCREMENT NOT NULL, user_name VARCHAR(255) NOT NULL, user_pass VARCHAR(255) NOT NULL, - + user_email VARCHAR(255), user_fname VARCHAR(255), user_lname VARCHAR(255), user_bio VARCHAR(255), created VARCHAR(255), PRIMARY KEY (user_id) )"); + + /** + * Patch for beta users + * This adds the email column to existing tables without it + */ + $columns = $conn->query("SHOW COLUMNS FROM " . SQL_PREFIX . "users"); + $column_names = array(); + $c = $columns->fetchAll(); + + foreach($c as $column) { + $column_names[] = $column['Field']; + } + $column_exists = in_array("user_email", $column_names); + if (!$column_exists) { + $conn->query("ALTER TABLE " . SQL_PREFIX . "users ADD COLUMN user_email varchar(255)"); + } + + /** + * Another patch for beta users + * This changes the size of the meta_value so we can store more + */ + $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta ( meta_id int AUTO_INCREMENT NOT NULL, user_id int NOT NULL, @@ -100,49 +138,194 @@ class sql_auth setting_value VARCHAR(255), PRIMARY KEY (id) )"); + $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "fail2ban ( + id int AUTO_INCREMENT NOT NULL, + ip VARCHAR(255) NOT NULL, + count VARCHAR(255), + PRIMARY KEY (id) + )"); + $c = []; + if (($columns = $conn->query("SHOW COLUMNS FROM ".SQL_PREFIX."user_meta"))); + $c = $columns->fetchAll(); + if (!empty($c)) + $conn->query("ALTER TABLE `".SQL_PREFIX."user_meta` CHANGE `meta_value` `meta_value` VARCHAR(5000) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin NULL DEFAULT NULL"); + + new AuthSettings(); } - /** - * Summary of add_overview_card - * @param mixed $stats - * @return void - */ - public static function add_overview_card(object &$stats) : void + /* We convert $u with a full user as an object ;D*/ + public static function get_user(&$u) { - $num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn(); - ?> - -
- -
-
-
-
-
-
- -
-
-

-
-
-
-
-
-
-
Panel Users
-
-
View
-
-
-
-
-
-
- prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1"); + $prep->execute(["id" => strtolower($id)]); + } + elseif ($name) + { + $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1"); + $prep->execute(["name" => strtolower($name)]); + } + $data = NULL; + $obj = (object) []; + if ($prep) + $data = $prep->fetchAll(); + if (isset($data[0]) && $data = $data[0]) + { + $obj->id = $data['user_id']; + $obj->username = $data['user_name']; + $obj->passhash = $data['user_pass']; + $obj->first_name = $data['user_fname'] ?? NULL; + $obj->last_name = $data['user_lname'] ?? NULL; + $obj->created = $data['created']; + $obj->bio = $data['user_bio']; + $obj->email = $data['user_email']; + $obj->user_meta = (new PanelUser_Meta($obj->id))->list; + } + $u['object'] = $obj; } + public static function get_usermeta(&$u) + { + $list = &$u['meta']; + $id = $u['id']; + $conn = sqlnew(); + if (isset($id)) + { + $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id"); + $prep->execute(["id" => $id]); + } + foreach ($prep->fetchAll() as $row) + { + $list[$row['meta_key']] = $row['meta_value']; + } + } + + public static function add_usermeta(&$meta) + { + $meta = $meta['meta']; + $conn = sqlnew(); + /* check if it exists first, update it if it does */ + $query = "SELECT * FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key"; + $stmt = $conn->prepare($query); + $stmt->execute(["id" => $meta['id'], "key" => $meta['key']]); + if ($stmt->rowCount()) // it exists, update instead of insert + { + $query = "UPDATE " . SQL_PREFIX . "user_meta SET meta_value = :value WHERE user_id = :id AND meta_key = :key"; + $stmt = $conn->prepare($query); + $stmt->execute($meta); + if ($stmt->rowCount()) + return true; + return false; + } + + else + { + $query = "INSERT INTO " . SQL_PREFIX . "user_meta (user_id, meta_key, meta_value) VALUES (:id, :key, :value)"; + $stmt = $conn->prepare($query); + $stmt->execute($meta); + if ($stmt->rowCount()) + return true; + return false; + } + } + public static function del_usermeta(&$u) + { + $conn = sqlnew(); + $query = "DELETE FROM " . SQL_PREFIX . "user_meta WHERE user_id = :id AND meta_key = :key"; + $stmt = $conn->prepare($query); + $stmt->execute($u['meta']); + if ($stmt->rowCount()) + return true; + return false; + } + public static function user_create(&$u) + { + $username = $u['user_name']; + $first_name = $u['fname'] ?? NULL; + $last_name = $u['lname'] ?? NULL; + $password = $u['user_pass'] ?? NULL; + $user_bio = $u['user_bio'] ?? NULL; + $user_email = $u['user_email'] ?? NULL; + $conn = sqlnew(); + $prep = $conn->prepare("INSERT INTO " . SQL_PREFIX . "users (user_name, user_pass, user_fname, user_lname, user_bio, user_email, created) VALUES (:name, :pass, :fname, :lname, :user_bio, :user_email, :created)"); + $prep->execute(["name" => $username, "pass" => $password, "fname" => $first_name, "lname" => $last_name, "user_bio" => $user_bio, "user_email" => $user_email, "created" => date("Y-m-d H:i:s")]); + if ($prep->rowCount()) + $u['success'] = true; + else + $u['errmsg'][] = "Could not add user"; + } + + public static function get_user_list(&$list) + { + $conn = sqlnew(); + $result = $conn->query("SELECT user_id FROM " . SQL_PREFIX . "users"); + if (!$result) // impossible + { + die("Something went wrong."); + } + $userlist = []; + while($row = $result->fetch()) + { + $userlist[] = new PanelUser(NULL, $row['user_id']); + } + if (!empty($userlist)) + $list = $userlist; + + } + public static function user_delete(&$u) + { + $user = $u['user']; + $query = "DELETE FROM " . SQL_PREFIX . "users WHERE user_id = :id"; + $conn = sqlnew(); + $stmt = $conn->prepare($query); + $stmt->execute(["id" => $user->id]); + $deleted = $stmt->rowCount(); + if ($deleted) + { + $u['info'][] = "Successfully deleted user \"$user->username\""; + $u['boolint'] = 1; + } else { + $u['info'][] = "Unknown error"; + $u['boolint'] = 0; + } + } + + public static function edit_core($arr) + { + $conn = sqlnew(); + $user = $arr['user']; + $info = $arr['info']; + foreach($info as $key => $val) + { + if (!$val) + continue; + if (!strcmp($key,"update_fname")) + $value = "user_fname"; + + elseif (!strcmp($key,"update_lname")) + $value = "user_lname"; + + elseif (!strcmp($key,"update_bio")) + $value = "user_bio"; + + elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf")) + $value = "user_pass"; + + elseif(!strcmp($key,"update_email")) + $value = "user_email"; + else + die("Malfunction"); + $query = "UPDATE " . SQL_PREFIX . "users SET $value=:value WHERE user_id = :id"; + $stmt = $conn->prepare($query); + $stmt->execute(["value" => $val, "id" => $user->id]); + } + } } @@ -160,6 +343,9 @@ function security_check() function dnsbl_check($ip) { + + if (!defined('DNSBL')) + return; $dnsbl_lookup = DNSBL; // clear variable just in case @@ -203,4 +389,6 @@ function dnsbl_check($ip) } function fail2ban_check($ip) -{} \ No newline at end of file +{ + +} \ No newline at end of file