X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/9f9d16d58f4c3eb314d4bd230e55410373de2f1f..b6540c8fd85cca3e4e5c4dd40d3568884b3dbc6b:/plugins/sql_auth/sql_auth.php diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php index 524694d..eac438e 100644 --- a/plugins/sql_auth/sql_auth.php +++ b/plugins/sql_auth/sql_auth.php @@ -24,6 +24,8 @@ class sql_auth Hook::func(HOOKTYPE_GET_USER_LIST, 'sql_auth::get_user_list'); Hook::func(HOOKTYPE_USER_DELETE, 'sql_auth::user_delete'); Hook::func(HOOKTYPE_EDIT_USER, 'sql_auth::edit_core'); + Hook::func(HOOKTYPE_PRE_OVERVIEW_CARD, 'sql_auth::add_pre_overview_card'); + AuthModLoaded::$status = 1; if (defined('SQL_DEFAULT_USER')) // we've got a default account { @@ -54,9 +56,19 @@ class sql_auth } } + public static function add_pre_overview_card($empty) + { + if (defined('SQL_DEFAULT_USER')) + Message::Fail("Warning: SQL_DEFAULT_USER is set in config.php. You should remove that item now, as it is only used during installation."); + } + /* pre-Header hook */ public static function session_start($n) { + $current_page = $_SERVER['REQUEST_URI']; + if (str_ends_with($current_page,"setup.php")) + return; + if (!isset($_SESSION)) { session_set_cookie_params(3600); @@ -64,14 +76,13 @@ class sql_auth } if (!isset($_SESSION['id']) || empty($_SESSION)) { - $secure = ($_SERVER['HTTPS'] == 'on') ? "https://" : "http://"; - $current_url = "$secure$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + $tok = split($_SERVER['SCRIPT_FILENAME'], "/"); if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") { header("Location: " . BASE_URL . "plugins/sql_auth/error.php"); die(); } - header("Location: ".BASE_URL."login/?redirect=".urlencode($current_url)); + header("Location: ".BASE_URL."login/?redirect=".urlencode($current_page)); die(); } else @@ -83,6 +94,8 @@ class sql_auth die(); } // you'll be automatically logged out after one hour of inactivity + $_SESSION['last-activity'] = time(); + } } @@ -92,65 +105,16 @@ class sql_auth */ public static function create_tables() { + $script = $_SERVER['SCRIPT_FILENAME']; + if (str_ends_with($script,"setup.php")) + return; $conn = sqlnew(); - $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "users ( - user_id int AUTO_INCREMENT NOT NULL, - user_name VARCHAR(255) NOT NULL, - user_pass VARCHAR(255) NOT NULL, - user_email VARCHAR(255), - user_fname VARCHAR(255), - user_lname VARCHAR(255), - user_bio VARCHAR(255), - created VARCHAR(255), - PRIMARY KEY (user_id) - )"); - - /** - * Patch for beta users - * This adds the email column to existing tables without it - */ - $columns = $conn->query("SHOW COLUMNS FROM " . SQL_PREFIX . "users"); - $column_names = array(); - $c = $columns->fetchAll(); - - foreach($c as $column) { - $column_names[] = $column['Field']; - } - $column_exists = in_array("user_email", $column_names); - if (!$column_exists) { - $conn->query("ALTER TABLE " . SQL_PREFIX . "users ADD COLUMN user_email varchar(255)"); + $stmt = $conn->query("SHOW TABLES LIKE '".SQL_PREFIX."%'"); + if ($stmt->rowCount() < 4) + { + header("Location: ".BASE_URL."plugins/sql_auth/setup.php"); + die(); } - - /** - * Another patch for beta users - * This changes the size of the meta_value so we can store more - */ - $columns = $conn->query("SHOW COLUMNS FROM ".SQL_PREFIX."user_meta"); - $c = $columns->fetchAll(); - if (!empty($c)) - $conn->query("ALTER TABLE `".SQL_PREFIX."user_meta` CHANGE `meta_value` `meta_value` VARCHAR(5000) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin NULL DEFAULT NULL"); - - - $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "user_meta ( - meta_id int AUTO_INCREMENT NOT NULL, - user_id int NOT NULL, - meta_key VARCHAR(255) NOT NULL, - meta_value VARCHAR(255), - PRIMARY KEY (meta_id) - )"); - $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings ( - id int AUTO_INCREMENT NOT NULL, - setting_key VARCHAR(255) NOT NULL, - setting_value VARCHAR(255), - PRIMARY KEY (id) - )"); - $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "fail2ban ( - id int AUTO_INCREMENT NOT NULL, - ip VARCHAR(255) NOT NULL, - count VARCHAR(255), - PRIMARY KEY (id) - )"); - new AuthSettings(); } /* We convert $u with a full user as an object ;D*/ @@ -302,27 +266,46 @@ class sql_auth $info = $arr['info']; foreach($info as $key => $val) { - if (!$val) + $value = NULL; + if (!$val || !strlen($val) || BadPtr($val)) continue; - if (!strcmp($key,"update_fname")) + if (!strcmp($key,"update_fname") && $val != $user->first_name) + { $value = "user_fname"; - - elseif (!strcmp($key,"update_lname")) + $valuestr = "first name"; + } + elseif (!strcmp($key,"update_lname") && $val != $user->last_name) + { $value = "user_lname"; - - elseif (!strcmp($key,"update_bio")) + $valuestr = "last name"; + } + elseif (!strcmp($key,"update_bio") && $val != $user->bio) + { $value = "user_bio"; - + $valuestr = "bio"; + } elseif (!strcmp($key,"update_pass") || !strcmp($key,"update_pass_conf")) + { $value = "user_pass"; - - elseif(!strcmp($key,"update_email")) + $valuestr = "password"; + } + elseif(!strcmp($key,"update_email") && $val != $user->email) + { $value = "user_email"; - else - die("Malfunction"); + $valuestr = "email address"; + } + + if (!$value) + continue; $query = "UPDATE " . SQL_PREFIX . "users SET $value=:value WHERE user_id = :id"; $stmt = $conn->prepare($query); $stmt->execute(["value" => $val, "id" => $user->id]); + + if (!$stmt->rowCount() && $stmt->errorInfo()[0] != "00000") + Message::Fail("Could not update $valuestr for $user->username: ".$stmt->errorInfo()[0]." (CODE: ".$stmt->errorCode().")"); + + else + Message::Success("Successfully updated the $valuestr for $user->username"); } } }