X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/9f9d16d58f4c3eb314d4bd230e55410373de2f1f..2b418d6e87b856aed377f7b23803069b46e605a2:/plugins/sql_auth/sql_auth.php diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php index 524694d..69f55ba 100644 --- a/plugins/sql_auth/sql_auth.php +++ b/plugins/sql_auth/sql_auth.php @@ -24,6 +24,8 @@ class sql_auth Hook::func(HOOKTYPE_GET_USER_LIST, 'sql_auth::get_user_list'); Hook::func(HOOKTYPE_USER_DELETE, 'sql_auth::user_delete'); Hook::func(HOOKTYPE_EDIT_USER, 'sql_auth::edit_core'); + Hook::func(HOOKTYPE_PRE_OVERVIEW_CARD, 'sql_auth::add_pre_overview_card'); + AuthModLoaded::$status = 1; if (defined('SQL_DEFAULT_USER')) // we've got a default account { @@ -54,6 +56,12 @@ class sql_auth } } + public static function add_pre_overview_card($empty) + { + if (defined('SQL_DEFAULT_USER')) + Message::Fail("Warning: SQL_DEFAULT_USER is set in config.php. You should remove that item now, as it is only used during installation."); + } + /* pre-Header hook */ public static function session_start($n) { @@ -64,14 +72,13 @@ class sql_auth } if (!isset($_SESSION['id']) || empty($_SESSION)) { - $secure = ($_SERVER['HTTPS'] == 'on') ? "https://" : "http://"; - $current_url = "$secure$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + $current_page = $_SERVER['REQUEST_URI']; $tok = split($_SERVER['SCRIPT_FILENAME'], "/"); if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") { header("Location: " . BASE_URL . "plugins/sql_auth/error.php"); die(); } - header("Location: ".BASE_URL."login/?redirect=".urlencode($current_url)); + header("Location: ".BASE_URL."login/?redirect=".urlencode($current_page)); die(); } else @@ -125,12 +132,7 @@ class sql_auth * Another patch for beta users * This changes the size of the meta_value so we can store more */ - $columns = $conn->query("SHOW COLUMNS FROM ".SQL_PREFIX."user_meta"); - $c = $columns->fetchAll(); - if (!empty($c)) - $conn->query("ALTER TABLE `".SQL_PREFIX."user_meta` CHANGE `meta_value` `meta_value` VARCHAR(5000) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin NULL DEFAULT NULL"); - - + $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta ( meta_id int AUTO_INCREMENT NOT NULL, user_id int NOT NULL, @@ -150,6 +152,13 @@ class sql_auth count VARCHAR(255), PRIMARY KEY (id) )"); + $c = []; + if (($columns = $conn->query("SHOW COLUMNS FROM ".SQL_PREFIX."user_meta"))); + $c = $columns->fetchAll(); + if (!empty($c)) + $conn->query("ALTER TABLE `".SQL_PREFIX."user_meta` CHANGE `meta_value` `meta_value` VARCHAR(5000) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin NULL DEFAULT NULL"); + + new AuthSettings(); } @@ -302,27 +311,46 @@ class sql_auth $info = $arr['info']; foreach($info as $key => $val) { - if (!$val) + $value = NULL; + if (!$val || !strlen($val) || BadPtr($val)) continue; - if (!strcmp($key,"update_fname")) + if (!strcmp($key,"update_fname") && $val != $user->first_name) + { $value = "user_fname"; - - elseif (!strcmp($key,"update_lname")) + $valuestr = "first name"; + } + elseif (!strcmp($key,"update_lname") && $val != $user->last_name) + { $value = "user_lname"; - - elseif (!strcmp($key,"update_bio")) + $valuestr = "last name"; + } + elseif (!strcmp($key,"update_bio") && $val != $user->bio) + { $value = "user_bio"; - + $valuestr = "bio"; + } elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf")) + { $value = "user_pass"; - - elseif(!strcmp($key,"update_email")) + $valuestr = "password"; + } + elseif(!strcmp($key,"update_email") && $val != $user->email) + { $value = "user_email"; - else - die("Malfunction"); + $valuestr = "email address"; + } + + if (!$value) + continue; $query = "UPDATE " . SQL_PREFIX . "users SET $value=:value WHERE user_id = :id"; $stmt = $conn->prepare($query); $stmt->execute(["value" => $val, "id" => $user->id]); + + if (!$stmt->rowCount() && $stmt->errorInfo()[0] != "00000") + Message::Fail("Could not update $valuestr for $user->username: ".$stmt->errorInfo()[0]." (CODE: ".$stmt->errorCode().")"); + + else + Message::Success("Successfully updated the $valuestr for $user->username"); } } }