This commit is contained in:
Vojtěch Sajdl 2018-01-03 14:15:45 +01:00
parent e7df74cad8
commit 9820686776
No known key found for this signature in database
GPG Key ID: 082BC82518E5F32E
9 changed files with 50 additions and 36 deletions

View File

@ -9,7 +9,7 @@ if (isset($_GET['ajax']))
$offset = $_GET['offset']; $offset = $_GET['offset'];
} }
if ($_GET['new']=="incident") if (isset($_GET['new']) && $_GET['new']=="incident")
{ {
Incident::add(); Incident::add();
} }
@ -19,8 +19,6 @@ if (isset($_GET['delete']))
Incident::delete($_GET['delete']); Incident::delete($_GET['delete']);
} }
//TODO: Pamatovat si data
render_header(_("Dashboard"), true); render_header(_("Dashboard"), true);
?> ?>
@ -48,14 +46,16 @@ render_header(_("Dashboard"), true);
} ?> } ?>
<div id="status-container" class="clearfix"> <div id="status-container" class="clearfix">
<?php <?php
if (!is_array($_POST['services'])) if (isset($_POST['services']) && !is_array($_POST['services']))
{ {
$_POST['services'] = array($_POST['services']); $post_services = array($_POST['services']);
}else{
$post_services = array();
} }
foreach($services as $service){ foreach($services as $service){
?> ?>
<div class="item clearfix"> <div class="item clearfix">
<div class="service"><?php if ($service->get_status()!=-1){?><input type="checkbox" name="services[]" value="<?php echo $service->get_id(); ?>" <?php echo (in_array($service->get_id(), $_POST['services']))?"checked":'';?> id="service-<?php echo $service->get_id(); ?>"><?php } ?><label for="service-<?php echo $service->get_id(); ?>"><?php echo $service->get_name(); ?></label></div> <div class="service"><?php if ($service->get_status()!=-1){?><input type="checkbox" name="services[]" value="<?php echo $service->get_id(); ?>" <?php echo (in_array($service->get_id(), $post_services))?"checked":'';?> id="service-<?php echo $service->get_id(); ?>"><?php } ?><label for="service-<?php echo $service->get_id(); ?>"><?php echo $service->get_name(); ?></label></div>
<div class="status <?php echo $classes[$service->get_status()];?>"><?php echo $statuses[$service->get_status()];?></div> <div class="status <?php echo $classes[$service->get_status()];?>"><?php echo $statuses[$service->get_status()];?></div>
</div> </div>
<?php <?php
@ -68,13 +68,13 @@ render_header(_("Dashboard"), true);
<i class="glyphicon glyphicon-info-sign"></i> <i class="glyphicon glyphicon-info-sign"></i>
</div> </div>
<div class="panel-heading clearfix"> <div class="panel-heading clearfix">
<input type="text" name="title" id="title" placeholder="<?php echo _("Title");?>" value="<?php echo htmlspecialchars($_POST['title']); ?>" required> <span id="time"><input id="time_input" type="text" pattern="(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))" name="time" value="<?php echo htmlspecialchars($_POST['time']); ?>" class="pull-right" title="Use ISO 8601 format (e.g. 2017-11-23T19:50:51+00:00)" placeholder="<?php echo _("Time");?>"></span> <input type="text" name="title" id="title" placeholder="<?php echo _("Title");?>" value="<?php echo (isset($_POST['title'])?htmlspecialchars($_POST['title']):''); ?>" required> <span id="time"><input id="time_input" type="text" pattern="(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))" name="time" value="<?php echo (isset($_POST['time'])?htmlspecialchars($_POST['time']):''); ?>" class="pull-right" title="Use ISO 8601 format (e.g. 2017-11-23T19:50:51+00:00)" placeholder="<?php echo _("Time");?>"></span>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<textarea name="text" placeholder="<?php echo _("Here goes your text...");?>" required><?php echo htmlspecialchars($_POST['text']); ?></textarea> <textarea name="text" placeholder="<?php echo _("Here goes your text...");?>" required><?php echo (isset($_POST['text'])?htmlspecialchars($_POST['text']):''); ?></textarea>
</div> </div>
<div class="panel-footer clearfix"> <div class="panel-footer clearfix">
<small><?php echo _("Posted by");?>: <?php echo $user->get_username();?> <span class="pull-right" id="end_time_wrapper"><?php echo _("Ending");?>:&nbsp;<input id="end_time" title="Use ISO 8601 format (e.g. 2017-11-23T19:50:51+00:00)" type="text" pattern="(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))" name="end_time" class="pull-right" placeholder="<?php echo _("End time");?>" value="<?php echo htmlspecialchars($_POST['end_time']); ?>"></span></small> <small><?php echo _("Posted by");?>: <?php echo $user->get_username();?> <span class="pull-right" id="end_time_wrapper"><?php echo _("Ending");?>:&nbsp;<input id="end_time" title="Use ISO 8601 format (e.g. 2017-11-23T19:50:51+00:00)" type="text" pattern="(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))|(\d{4}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d([+-][0-2]\d:[0-5]\d|Z))" name="end_time" class="pull-right" placeholder="<?php echo _("End time");?>" value="<?php echo (isset($_POST['end_time'])?htmlspecialchars($_POST['end_time']):''); ?>"></span></small>
</div> </div>
</article> </article>
<select class="form-control pull-left" id="type" name="type"> <select class="form-control pull-left" id="type" name="type">

View File

@ -30,7 +30,18 @@ if (!isset($_SESSION['user']))
else else
{ {
$user = new User($_SESSION['user']); $user = new User($_SESSION['user']);
switch ($_GET["do"]) { if (!$user->is_active())
{
User::logout();
}
if (!isset($_GET['do'])){
$do = "";
}else{
$do = $_GET['do'];
}
switch ($do) {
case 'change-email': case 'change-email':
$user = new User($_GET['id']); $user = new User($_GET['id']);
$user->change_email(); $user->change_email();

View File

@ -16,15 +16,15 @@ render_header(_("New user"), true); ?>
<?php <?php
} ?> } ?>
<div class="form-group"> <div class="form-group">
<div class="col-sm-6"><label for="name"><?php echo _("Name");?>: </label><input type="text" maxlength="50" name="name" value="<?php echo htmlspecialchars($_POST['name'],ENT_QUOTES);?>" id="name" placeholder="<?php echo _("Name");?>" class="form-control" required></div> <div class="col-sm-6"><label for="name"><?php echo _("Name");?>: </label><input type="text" maxlength="50" name="name" value="<?php echo ((isset($_POST['name']))?htmlspecialchars($_POST['name'],ENT_QUOTES):'');?>" id="name" placeholder="<?php echo _("Name");?>" class="form-control" required></div>
<div class="col-sm-6"><label for="surname"><?php echo _("Surname");?>: </label><input type="text" maxlength="50" name="surname" value="<?php echo htmlspecialchars($_POST['surname'],ENT_QUOTES);?>" id="surname" placeholder="<?php echo _("Surname");?>" class="form-control" required></div> <div class="col-sm-6"><label for="surname"><?php echo _("Surname");?>: </label><input type="text" maxlength="50" name="surname" value="<?php echo ((isset($_POST['surname']))?htmlspecialchars($_POST['surname'],ENT_QUOTES):'');?>" id="surname" placeholder="<?php echo _("Surname");?>" class="form-control" required></div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-6"><label for="username"><?php echo _("Username");?>:</label><input type="text" maxlength="50" name="username" value="<?php echo htmlspecialchars($_POST['username'],ENT_QUOTES);?>" id="username" placeholder="<?php echo _("Username");?>" class="form-control" required></div> <div class="col-sm-6"><label for="username"><?php echo _("Username");?>:</label><input type="text" maxlength="50" name="username" value="<?php echo ((isset($_POST['username']))?htmlspecialchars($_POST['username'],ENT_QUOTES):'');?>" id="username" placeholder="<?php echo _("Username");?>" class="form-control" required></div>
<div class="col-sm-6"><label for="email"><?php echo _("Email");?>:</label><input type="email" maxlength="60" name="email" value="<?php echo htmlspecialchars($_POST['email'],ENT_QUOTES);?>" id="email" placeholder="<?php echo _("Email");?>" class="form-control" required></div> <div class="col-sm-6"><label for="email"><?php echo _("Email");?>:</label><input type="email" maxlength="60" name="email" value="<?php echo ((isset($_POST['email']))?htmlspecialchars($_POST['email'],ENT_QUOTES):'');?>" id="email" placeholder="<?php echo _("Email");?>" class="form-control" required></div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-6"><label for="password"><?php echo _("Password");?>:</label><input type="password" name="password" value="<?php echo htmlspecialchars($_POST['password'],ENT_QUOTES);?>" id="password" placeholder="<?php echo _("Password");?>" class="form-control" required></div> <div class="col-sm-6"><label for="password"><?php echo _("Password");?>:</label><input type="password" name="password" value="<?php echo ((isset($_POST['password']))?htmlspecialchars($_POST['password'],ENT_QUOTES):'');?>" id="password" placeholder="<?php echo _("Password");?>" class="form-control" required></div>
<div class="col-sm-6"> <div class="col-sm-6">
<label for="permission"><?php echo _("Permission");?>: </label> <label for="permission"><?php echo _("Permission");?>: </label>
<select name="permission" id="permission" class="form-control"> <select name="permission" id="permission" class="form-control">

View File

@ -24,7 +24,7 @@ if (isset($message)){
<?php if ($user->get_rank() <= 1){?> <?php if ($user->get_rank() <= 1){?>
<form action="?do=settings&new=service" method="post"> <form action="?do=settings&new=service" method="post">
<div class="input-group pull-right new-service"> <div class="input-group pull-right new-service">
<input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo htmlspecialchars($_POST['service']); ?>" maxlength="50" required> <input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo ((isset($_POST['service']))?htmlspecialchars($_POST['service']):''); ?>" maxlength="50" required>
<span class="input-group-btn"> <span class="input-group-btn">
<button type="submit" class="btn btn-success pull-right"><?php echo _("Add service");?></button> <button type="submit" class="btn btn-success pull-right"><?php echo _("Add service");?></button>
</span> </span>

View File

@ -27,7 +27,7 @@ if (isset($_POST['permission']))
} }
if ($_GET['what']=='toggle') if (isset($_GET['what']) && $_GET['what']=='toggle')
{ {
$displayed_user->toggle(); $displayed_user->toggle();
} }

View File

@ -8,7 +8,7 @@ class Token
{ {
global $mysqli; global $mysqli;
$salt = uniqid(mt_rand(), true); $salt = uniqid(mt_rand(), true);
$token = hash('sha256', $seed.$salt); $token = hash('sha256', $id.$salt);
$stmt = $mysqli->prepare("INSERT INTO tokens VALUES(?, ?, ?, ?)"); $stmt = $mysqli->prepare("INSERT INTO tokens VALUES(?, ?, ?, ?)");
$stmt->bind_param("siis", $token, $id, $expire, $data); $stmt->bind_param("siis", $token, $id, $expire, $data);
$stmt->execute(); $stmt->execute();

View File

@ -41,6 +41,11 @@ class User
return $this->username; return $this->username;
} }
public function is_active()
{
return $this->active;
}
public function get_rank() public function get_rank()
{ {
return $this->rank; return $this->rank;
@ -180,11 +185,9 @@ class User
if (isset($_POST['remember'])&&$_POST['remember']) if (isset($_POST['remember'])&&$_POST['remember'])
{ {
$year = strtotime('+356 days', time()); $year = strtotime('+356 days', time());
$salt = uniqid(mt_rand(), true); $token = Token::new($id, 'remember', $year);
$token = hash('sha256', $id.$salt);
setcookie('token', $token, $year, "/"); setcookie('token', $token, $year, "/");
setcookie('user', $id, $year, "/"); setcookie('user', $id, $year, "/");
Token::new($id, 'remember', $year);
} }
$_SESSION['user'] = $id; $_SESSION['user'] = $id;
header("Location: /admin"); header("Location: /admin");
@ -205,13 +208,11 @@ class User
$time = time(); $time = time();
if (Token::validate_token($token, $id, "remember")) if (Token::validate_token($token, $id, "remember"))
{ {
$year = strtotime('+356 days', $timestamp); $year = strtotime('+356 days', time());
unset($_COOKIE['token']); unset($_COOKIE['token']);
$_SESSION['user'] = $id; $_SESSION['user'] = $id;
$salt = uniqid(mt_rand(), true); $token = Token::new($id, 'remember', $year);
$token = hash('sha256', $id.$salt);
setcookie('token', $token, $year); setcookie('token', $token, $year);
Token::new($id, 'remember', $year);
} }
else else
{ {

View File

@ -66,8 +66,8 @@ else{
<div class="navbar-collapse collapse navbar-right navbar-admin"> <div class="navbar-collapse collapse navbar-right navbar-admin">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="<?php echo WEB_URL;?>/admin/"><?php echo _("Dashboard");?></a></li> <li><a href="<?php echo WEB_URL;?>/admin/"><?php echo _("Dashboard");?></a></li>
<li><a href="<?php echo WEB_URL;?>/admin/?do=user"><?php echo printf(_("User (%s)"), $user->get_username());?></a></li> <li><a href="<?php echo WEB_URL;?>/admin/?do=user"><?php printf(_("User (%s)"), $user->get_username());?></a></li>
<li><a href="<?php echo WEB_URL;?>/admin/?do=settings"><?php echo _("Settings");?>");?></a></li> <li><a href="<?php echo WEB_URL;?>/admin/?do=settings"><?php echo _("Settings");?></a></li>
<li><a href="<?php echo WEB_URL;?>/admin/?do=logout"><?php echo _("Logout");?></a></li> <li><a href="<?php echo WEB_URL;?>/admin/?do=logout"><?php echo _("Logout");?></a></li>
</ul> </ul>
</div><!--/.nav-collapse --> </div><!--/.nav-collapse -->

View File

@ -5,6 +5,17 @@ function mb_ucfirst($string)
return mb_strtoupper(mb_substr($string, 0, 1)).mb_strtolower(mb_substr($string, 1)); return mb_strtoupper(mb_substr($string, 0, 1)).mb_strtolower(mb_substr($string, 1));
} }
$accepted_langs = glob(__DIR__ . '/locale/*' , GLOB_ONLYDIR);
$lang_names = array();
foreach ($accepted_langs as $key => $value) {
$accepted_langs[$key] = basename($value);
}
foreach ($accepted_langs as $lang) {
$lang_names[$lang] = mb_ucfirst(locale_get_display_language($lang, $lang));
}
if (!isset($_SESSION['locale'])||isset($_GET['lang'])) if (!isset($_SESSION['locale'])||isset($_GET['lang']))
{ {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
@ -29,11 +40,6 @@ if (!isset($_SESSION['locale'])||isset($_GET['lang']))
$langs = array_flip($langs); $langs = array_flip($langs);
$accepted_langs = glob(__DIR__ . '/locale/*' , GLOB_ONLYDIR);
$lang_names = array();
foreach ($accepted_langs as $key => $value) {
$accepted_langs[$key] = basename($value);
}
$best_match = false; $best_match = false;
@ -56,10 +62,6 @@ if (!isset($_SESSION['locale'])||isset($_GET['lang']))
} }
} }
foreach ($accepted_langs as $lang) {
$lang_names[$lang] = mb_ucfirst(locale_get_display_language($lang, $lang));
}
if ($best_match === false){ if ($best_match === false){
$best_match = DEFAULT_LANGUAGE; $best_match = DEFAULT_LANGUAGE;
} }