This adds a new configuration item: `DNSBL`.
This is checked against non-logged in users on every page. If they are not logged in they get blacklist checked and then redirected to the login page, providing their IP was not blacklisted.
If it was blacklisted the user will be redirected to an error screen with a cute dog on it.
I have also spent a considerable amount of time trying (and failing) to make it look good on mobile devices, so this is a small commit ;)
<br>
<form method="get" action="details.php">
-<div class="input-group short-form-control justify-content-center align-items-center">
- <input style="margin: 0%; height: 24px;" class="left-pan form-control" id="chan" name="chan" type="text" value="<?php echo $channame; ?>">
- <div class="input-group-append">
- <br><button type="submit" class="btn btn-primary">Go</button>
+<div class="container">
+ <div class="input-group short-form-control">
+ <input style="margin: 0%; height: 24px;" class="form-control" id="chan" name="chan" type="text" value="<?php echo $channame; ?>">
+ <div class="input-group-append">
+ <br><button type="submit" class="btn btn-primary">Go</button>
+ </div>
</div>
</div>
</form>
return; ?>
<br>
-<div class="container-xxl">
+<div class="container">
<div class="row">
<div class="col-sm-6">
<div class="card">
</div>
</div>
</div><br>
-<div class="container-xxl">
+<div class="container">
<div class="row">
- <div class="col">
+ <div class="col-sm-6">
<div class="card">
<div class="card-body">
<h5 class="card-title">Occupants</h5>
</div>
</div>
<?php
- require_once("../footer.php");
+require_once("../footer.php");
"username" => "default",
"password" => "testing"
]);
+
+/**
+ * Also part of the SQL_Auth plugin. This protects your login page.
+ * This is a list of DNS Blacklists that get checked for non-logged-in
+ * users.
+*/
+define('DNSBL', [
+ "dnsbl.dronebl.org",
+ "rbl.efnetrbl.org"
+]);
.table-striped>tbody>tr:nth-child(odd)>th {
background-color: #ffffff;
}
-
\ No newline at end of file
+
+ /* Small screens (max-width: 576px) */
+@media (max-width: 576px) {
+ /* Change the font size for all headings */
+ h1, h2, h3, h4, h5, h6 {
+ font-size: 18px;
+ }
+
+ /* Hide the sidebar */
+ .sidebar {
+ display: none;
+ }
+
+ /* Make the main content take up the full width of the screen */
+ .main-content {
+ width: 100%;
+ }
+}
+
+/* Medium screens (min-width: 577px) and (max-width: 768px) */
+@media (min-width: 577px) and (max-width: 768px) {
+ /* Change the font size for all headings */
+
+}
+
+/* Large screens (min-width: 769px) */
+@media (min-width: 769px) {
+ /* CSS rules for large screens go here */
+}
+/* Portrait screens (max-width: 576px) */
+@media (max-width: 576px) and (max-height: 812px) {
+ /* CSS rules for portrait screens go here */
+}
+
+/* Landscape screens (min-width: 577px) and (max-height: 812px) */
+@media (min-width: 577px) and (max-height: 812px) {
+ /* CSS rules for landscape screens go here */
+}
</footer>
</body>
</html>
+</div>
+</div>
<?php $arr = []; Hook::run(HOOKTYPE_PRE_HEADER, $arr); ?>
<!DOCTYPE html>
<head>
+<div class="media">
+<div class="media-body">
+
+ <!-- This will make it so that it "works" on mobile device. Not sure it's a good idea yet though
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<meta name="HandheldFriendly" content="true">
+-->
+
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css">
<div class="container-fluid">
<!-- Fixed navbar -->
- <nav class="navbar navbar-expand-sm navbar-dark bg-dark fixed-top">
+ <nav class="navbar navbar-expand-sm navbar-dark bg-dark fixed-top z-index padding-top">
<ul class="nav navbar-nav">
<a class="navbar-brand" href="<?php echo BASE_URL; ?>"><img src="<?php echo BASE_URL; ?>img/favicon.ico" height="25" width="25"> UnrealIRCd Admin Panel</a>
<?php
--- /dev/null
+<?php
+
+/* insert code here */
\ No newline at end of file
--- /dev/null
+<?php
+
+class AuthSettings {
+
+ public $list = [];
+
+ function __construct()
+ {
+ $conn = sqlnew();
+ $query = "SELECT * FROM " . SQL_PREFIX . "auth_settings";
+ $result = $conn->query($query);
+ while ($row = $result->fetch())
+ {
+ $this->list[$row['setting_key']] = $row['setting_value'];
+ }
+ }
+}
\ No newline at end of file
require_once "../../common.php";
require_once "../../header.php";
-if (!isset($_GET) || !isset($_GET['errno']))
-{
- Message::Fail("Uh oh! Something went wrong. We don't know anything else.");
-}
-elseif ($_GET['errno'] == 1)
+if ($_GET['errno'] == 1)
{
Message::Fail("Looks like your SQL tables haven't been set up yet",
"SQL_Auth needs to create tables for users and permissions. Is that okay?<br>",
"<form method=\"post\" action=\"index.php\">
<button type=\"submit\" id=\"sql_setup\" name=\"sql_setup\" class=\"text-right btn btn-primary\" value=\"add_tables\">Yes, set up tables</button>
</form>");
- ?>
-
- <?php
+}
+
+else if (!$_GET['errno'])
+{
+ echo "<h3>Uh oh! Looks like there was an error.</h3><h4>That's all we know.</h4>";
+ echo "Here's a cute chihuahua enjoying a chest rub to cheer you up about it<br>";
+ echo "<img width=\"250\" height=\"300\" src=\"https://i.ibb.co/WtvNbkC/20220731-160824.jpg\">";
}
?>
\ No newline at end of file
if ($_POST['username'] && $_POST['password'])
{
+ /* securitah */
+ security_check();
$user = new SQLA_User($_POST['username']);
/* not being too informative with the login error in case of attackers */
require_once "SQL/sql.php";
require_once "SQL/user.php";
+require_once "SQL/settings.php";
+new AuthSettings();
class sql_auth
{
public static function add_navbar(&$pages)
{
session_start();
-
+ if (!unreal_get_current_user()->id)
+ {
+ $pages = NULL;
+ return;
+ }
$pages["Panel Access"] = "plugins/sql_auth/";
if (isset($_SESSION['id']))
{
public static function session_start($n)
{
+
if (!isset($_SESSION['id']))
{
- header("Location: ".BASE_URL."plugins/sql_auth/login.php");
+ $tok = split($_SERVER['SCRIPT_FILENAME'], "/");
+ if ($check = security_check() && $tok[count($tok) - 1] !== "error.php") {
+ header("Location: " . BASE_URL . "plugins/sql_auth/error.php");
+ die();
+ }
}
else
{
}
}
+ /**
+ * Create the tables we'll be using in the SQLdb
+ * @return void
+ */
public static function create_tables()
{
$conn = sqlnew();
meta_value VARCHAR(255),
PRIMARY KEY (meta_id)
)");
+ $conn->query("CREATE TABLE IF NOT EXISTS " . SQL_PREFIX . "auth_settings (
+ id int AUTO_INCREMENT NOT NULL,
+ setting_key VARCHAR(255) NOT NULL,
+ setting_value VARCHAR(255),
+ PRIMARY KEY (id)
+ )");
}
- public static function add_overview_card(&$stats)
+ /**
+ * Summary of add_overview_card
+ * @param mixed $stats
+ * @return void
+ */
+ public static function add_overview_card(object &$stats) : void
{
$num_of_panel_admins = sqlnew()->query("SELECT COUNT(*) FROM " . SQL_PREFIX . "users")->fetchColumn();
?>
<?php
}
-}
\ No newline at end of file
+}
+
+
+function security_check()
+{
+ $ip = $_SERVER['REMOTE_ADDR'];
+ if (dnsbl_check($ip))
+ return true;
+
+ else if (fail2ban_check($ip))
+ {
+
+ }
+}
+
+function dnsbl_check($ip)
+{
+ $dnsbl_lookup = DNSBL;
+
+ // clear variable just in case
+ $listed = NULL;
+
+ // if the IP was not given because you're an idiot, stop processing
+ if (!$ip) { return; }
+
+ // get the first two segments of the IPv4
+ $because = split($ip, "."); // why you
+ $you = $because[1]; // gotta play
+ $want = $because[2]; // that song
+ $to = $you.".".$want."."; // so loud?
+
+ // exempt local connections because sometimes they get a false positive
+ if ($to == "192.168." || $to == "127.0.") { return NULL; }
+
+ // you spin my IP right round, right round, to check the records baby, right round-round-round
+ $reverse_ip = glue(array_reverse(split($ip, ".")), ".");
+
+ // checkem
+ foreach ($dnsbl_lookup as $host) {
+
+ //if it was listed
+ if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) {
+
+ //take note
+ $listed = $host;
+ }
+ }
+
+ // if it was safe, return NOTHING
+ if (!$listed) {
+ return NULL;
+ }
+
+ // else, you guessed it, return where it was listed
+ else {
+ return $listed;
+ }
+}
+
+function fail2ban_check($ip)
+{}
\ No newline at end of file
</div>
</div>
<br>
-<div class="row">
<div class="col-sm-3">
<div class="card">
<div class="card-body">