mirror of
https://github.com/ShaYmez/FreeSTAR-Status-Engine.git
synced 2026-06-04 07:04:41 -04:00
Initial commit
This commit is contained in:
Vojtěch Sajdl
@@ -0,0 +1,107 @@
|
||||
<?php
|
||||
//DIR Because of include problems
|
||||
require(__DIR__ . "/incident.php");
|
||||
require(__DIR__ . "/service.php");
|
||||
require(__DIR__ . "/user.php");
|
||||
require(__DIR__ . "/token.php");
|
||||
/**
|
||||
* Facade class
|
||||
*/
|
||||
class Constellation
|
||||
{
|
||||
|
||||
public function render_incidents($future=false, $offset=0, $limit = 5, $admin = 0){
|
||||
global $mysqli;
|
||||
if ($offset<0)
|
||||
{
|
||||
$offset = 0;
|
||||
}
|
||||
if (isset($_GET['ajax']))
|
||||
{
|
||||
$ajax = true;
|
||||
}
|
||||
$limit++;
|
||||
$c = ($future)?">=":"<=";
|
||||
$timestamp = (isset($_GET['timestamp'])&& !$future)?$_GET['timestamp']:time();
|
||||
$sql = $mysqli->prepare("SELECT *, status.id as status_id FROM status INNER JOIN users ON user_id=users.id WHERE `time` $c ? AND `end_time` $c ? OR (`time`<=? AND `end_time` $c ? ) ORDER BY `time` DESC LIMIT ? OFFSET ?");
|
||||
$sql->bind_param("iiiiii",$timestamp, $timestamp, $timestamp, $timestamp, $limit, $offset);
|
||||
$sql->execute();
|
||||
$query = $sql->get_result();
|
||||
if ($future && $query->num_rows && !$ajax)
|
||||
{
|
||||
echo "<h3>Planned maintenance</h3>";
|
||||
}
|
||||
else if ($query->num_rows &&!$ajax)
|
||||
{
|
||||
if ($offset)
|
||||
{
|
||||
echo '<noscript><div class="centered"><a href="?offset='.($offset-$limit+1).'×tamp='.$timestamp.'" class="btn btn-default">Back</a></div></noscript>';
|
||||
}
|
||||
echo "<h3>Past incidents</h3>";
|
||||
}
|
||||
else if (!$future &&!$ajax)
|
||||
{
|
||||
echo "<h3>No incidents</h3>";
|
||||
}
|
||||
$show = !$future && $query->num_rows==$limit;
|
||||
$limit--;
|
||||
$offset += $limit;
|
||||
|
||||
if ($query->num_rows){
|
||||
while(($result = $query->fetch_assoc()) && $limit-->0)
|
||||
{
|
||||
$incident = new Incident($result);
|
||||
$incident->render($admin);
|
||||
}
|
||||
if ($show)
|
||||
{
|
||||
echo '<div class="centered"><a href="?offset='.($offset).'×tamp='.$timestamp.'" id="loadmore" class="btn btn-default">Load more</a></div>';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function render_status($admin = 0){
|
||||
global $mysqli;
|
||||
|
||||
$query = $mysqli->query("SELECT id, name FROM services");
|
||||
$array = array();
|
||||
if ($query->num_rows){
|
||||
$timestamp = time();
|
||||
|
||||
while($result = $query->fetch_assoc())
|
||||
{
|
||||
$id = $result['id'];
|
||||
$sql = $mysqli->prepare("SELECT type FROM services_status INNER JOIN status ON services_status.status_id = status.id WHERE service_id = ? AND `time` <= ? AND (`end_time` >= ? OR `end_time`=0) ORDER BY `time` DESC LIMIT 1");
|
||||
|
||||
$sql->bind_param("iii", $id, $timestamp, $timestamp);
|
||||
$sql->execute();
|
||||
$tmp = $sql->get_result();
|
||||
if ($tmp->num_rows)
|
||||
{
|
||||
$array[] = new Service($result['id'], $result['name'], $tmp->fetch_assoc()['type']);
|
||||
}
|
||||
else{
|
||||
$array[] = new Service($result['id'], $result['name']);
|
||||
}
|
||||
}
|
||||
|
||||
echo Service::current_status($array);
|
||||
}
|
||||
else{
|
||||
$array[] = new Service(0, "No services", -1);
|
||||
}
|
||||
if (!$admin)
|
||||
{
|
||||
echo '<div id="status-container" class="clearfix">';
|
||||
foreach($array as $service){
|
||||
$service->render();
|
||||
}
|
||||
echo '</div>';
|
||||
}
|
||||
else{
|
||||
return $array;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$constellation = new Constellation();
|
||||
@@ -0,0 +1,152 @@
|
||||
<?php
|
||||
/**
|
||||
* Class for creating and rendering an incident
|
||||
*/
|
||||
class Incident
|
||||
{
|
||||
private $id;
|
||||
private $date;
|
||||
private $end_date;
|
||||
private $text;
|
||||
private $type;
|
||||
private $title;
|
||||
private $username;
|
||||
|
||||
function __construct($data)
|
||||
{
|
||||
$this->id = $data['status_id'];
|
||||
$this->date = new DateTime("@".$data['time']);
|
||||
$this->date = $this->date->format('Y-m-d H:i:sP');
|
||||
if ($data['end_time']>0){
|
||||
$this->end_date = new DateTime("@".$data['end_time']);
|
||||
$this->end_date = $this->end_date->format('Y-m-d H:i:sP');
|
||||
}
|
||||
$this->type = $data['type'];
|
||||
$this->title = $data['title'];
|
||||
$this->text = $data['text'];
|
||||
$this->username = $data['username'];
|
||||
}
|
||||
|
||||
public static function delete($id){
|
||||
global $mysqli, $message;
|
||||
|
||||
$stmt = $mysqli->prepare("DELETE FROM services_status WHERE status_id = ?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
$stmt = $mysqli->prepare("DELETE FROM status WHERE id= ?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
header("Location: /admin");
|
||||
}
|
||||
|
||||
public static function add()
|
||||
{
|
||||
global $mysqli, $message;
|
||||
$user_id = $_SESSION['user'];
|
||||
$type = $_POST['type'];
|
||||
$title = $_POST['title'];
|
||||
$text = $_POST['text'];
|
||||
|
||||
if (strlen($title)==0)
|
||||
{
|
||||
$message = "Please enter title";
|
||||
return;
|
||||
}else if(strlen($title)>50){
|
||||
$message = "Title too long! Character limit is 50";
|
||||
return;
|
||||
}
|
||||
|
||||
if (strlen($title)==0)
|
||||
{
|
||||
$message = "Please enter text";
|
||||
return;
|
||||
}
|
||||
|
||||
if ($type == 2 && (!strlen(trim($_POST['time'])) || !strlen(trim($_POST['end_time']))))
|
||||
{
|
||||
$message = "Please set start and end time! Use ISO 8601 format.";
|
||||
return;
|
||||
}
|
||||
|
||||
if (empty($_POST['services'])){
|
||||
$message = "Please select at least one service";
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!is_array($_POST['services']))
|
||||
{
|
||||
$services = array($_POST['services']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$services = $_POST['services'];
|
||||
}
|
||||
|
||||
if (!empty($_POST['time'])){
|
||||
$time = strtotime($_POST['time']);
|
||||
$end_time = strtotime($_POST['end_time']);
|
||||
if (!$time)
|
||||
{
|
||||
$message = "Start date format is not recognized. Please use ISO 8601 format.";
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$end_time)
|
||||
{
|
||||
$message = "End date format is not recognized. Please use ISO 8601 format.";
|
||||
return;
|
||||
}
|
||||
}else{
|
||||
$time = time();
|
||||
$end_time = '';
|
||||
}
|
||||
|
||||
$stmt = $mysqli->prepare("INSERT INTO status VALUES ('',?, ?, ?, ?, ?, ?)");
|
||||
$stmt->bind_param("issiii", $type, $title, $text, $time ,$end_time ,$user_id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
$status_id = $mysqli->insert_id;
|
||||
|
||||
foreach ($services as $service) {
|
||||
$stmt = $mysqli->prepare("INSERT INTO services_status VALUES ('',?, ?)");
|
||||
$stmt->bind_param("ii", $service, $status_id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
}
|
||||
header("Location: /admin");
|
||||
}
|
||||
}
|
||||
|
||||
public function render($admin=0){
|
||||
global $icons;
|
||||
global $classes, $user;
|
||||
$admin = $admin && (($user->get_rank()<=1) || ($user->get_username() == $this->username));
|
||||
?>
|
||||
<article class="panel panel-<?php echo $classes[$this->type];?>">
|
||||
<div class="panel-heading icon">
|
||||
<i class="<?php echo $icons[$this->type];?>"></i>
|
||||
</div>
|
||||
<div class="panel-heading clearfix">
|
||||
<h2 class="panel-title"><?php echo $this->title; ?></h2>
|
||||
<?php if ($admin){
|
||||
echo '<a href="?delete='.$this->id.'" class="pull-right delete"><i class="fa fa-trash"></i></a>';
|
||||
}?>
|
||||
<time class="pull-right timeago" datetime="<?php echo $this->date; ?>"><?php echo $this->date; ?></time>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<?php echo $this->text; ?>
|
||||
</div>
|
||||
<div class="panel-footer">
|
||||
<small>Posted by: <?php echo $this->username;
|
||||
if (isset($this->end_date)){?>
|
||||
<span class="pull-right"><?php echo strtotime($this->end_date)>time()?"Ending:":"Ended:";?> <time class="pull-right timeago" datetime="<?php echo $this->end_date; ?>"><?php echo $this->end_date; ?></time></span>
|
||||
<?}?>
|
||||
</small>
|
||||
</div>
|
||||
</article>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,131 @@
|
||||
<?php
|
||||
/**
|
||||
* Class for creating and rendering an incident
|
||||
*/
|
||||
class Service
|
||||
{
|
||||
private $id;
|
||||
private $name;
|
||||
private $status;
|
||||
|
||||
function __construct($id, $name, $status=3)
|
||||
{
|
||||
$this->id = $id;
|
||||
$this->name = $name;
|
||||
$this->status = $status;
|
||||
}
|
||||
|
||||
public function get_status()
|
||||
{
|
||||
return $this->status;
|
||||
}
|
||||
|
||||
public function get_id()
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function get_name()
|
||||
{
|
||||
return $this->name;
|
||||
}
|
||||
|
||||
public static function add()
|
||||
{
|
||||
global $user, $message;
|
||||
if (strlen($_POST['service'])>50)
|
||||
{
|
||||
$message = "Service name is too long! Character limit is 50";
|
||||
return;
|
||||
}else if (strlen(trim($_POST['service']))==0){
|
||||
$message = "Please enter name!";
|
||||
return;
|
||||
}
|
||||
|
||||
if ($user->get_rank()<=1)
|
||||
{
|
||||
global $mysqli;
|
||||
$name = $_POST['service'];
|
||||
$stmt = $mysqli->prepare("INSERT INTO services VALUES('',?)");
|
||||
$stmt->bind_param("s", $name);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
header("Location: /admin/?do=settings");
|
||||
}else
|
||||
{
|
||||
$message = "Insufficient permissions";
|
||||
}
|
||||
}
|
||||
|
||||
public static function delete()
|
||||
{
|
||||
global $user;
|
||||
if ($user->get_rank()<=1)
|
||||
{
|
||||
global $mysqli;
|
||||
$id = $_GET['delete'];
|
||||
|
||||
$stmt = $mysqli->prepare("SELECT service_id, status_id as status, (SELECT count(*) FROM services_status as s WHERE s.status_id=status) as count FROM services_status WHERE service_id = ? GROUP BY status_id");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
while ($res = $query->fetch_assoc()) {
|
||||
if ($res['count']==1)
|
||||
{
|
||||
Incident::delete($res['status']);
|
||||
}
|
||||
}
|
||||
|
||||
$stmt = $mysqli->prepare("DELETE FROM services WHERE id = ?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
$stmt = $mysqli->prepare("DELETE FROM services_status WHERE service_id = ?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
header("Location: /admin/?do=settings");
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = "Insufficient permissions";
|
||||
}
|
||||
}
|
||||
|
||||
public static function current_status($array){
|
||||
global $all, $some, $classes;
|
||||
$statuses = array(0,0,0,0);
|
||||
$worst = 5;
|
||||
foreach ($array as $service) {
|
||||
if ($service->status<$worst)
|
||||
{
|
||||
$worst = $service->get_status();
|
||||
}
|
||||
$statuses[$service->get_status()]++;
|
||||
}
|
||||
|
||||
echo '<div id="status-big" class="status '.$classes[$worst].'">';
|
||||
|
||||
if ($statuses[$worst] == count($array))
|
||||
{
|
||||
echo $all[$worst];
|
||||
}else{
|
||||
echo $some[$worst];
|
||||
}
|
||||
echo '</div>';
|
||||
}
|
||||
|
||||
public function render(){
|
||||
global $statuses;
|
||||
global $classes;
|
||||
?>
|
||||
<div class="item clearfix">
|
||||
<div class="service"><?php echo $this->name; ?></div>
|
||||
<?php if ($this->status!=-1){?><div class="status <?php echo $classes[$this->status];?>"><?php echo $statuses[$this->status];?></div><?php }?>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
/**
|
||||
* Class for creating and deleting tokens
|
||||
*/
|
||||
class Token
|
||||
{
|
||||
public static function new($id, $data, $expire)
|
||||
{
|
||||
global $mysqli;
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$token = hash('sha256', $seed.$salt);
|
||||
$stmt = $mysqli->prepare("INSERT INTO tokens VALUES(?, ?, ?, ?)");
|
||||
$stmt->bind_param("siis", $token, $id, $expire, $data);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
return $token;
|
||||
}
|
||||
|
||||
public static function validate_token($token, $user, $data)
|
||||
{
|
||||
global $mysqli;
|
||||
$time = time();
|
||||
$stmt = $mysqli->prepare("SELECT count(*) as count, data FROM tokens WHERE token = ? AND user = ? AND expire>=? AND data LIKE ?");
|
||||
$stmt->bind_param("siis", $token, $id, $time, $data);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
return $query->fetch_assoc()['count'];
|
||||
}
|
||||
|
||||
public static function delete($token)
|
||||
{
|
||||
global $mysqli;
|
||||
$time = time();
|
||||
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE token = ? OR expire<?");
|
||||
$stmt->bind_param("sd", $token,$time);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,492 @@
|
||||
<?php
|
||||
/**
|
||||
* Class for creating and rendering an incident
|
||||
*/
|
||||
class User
|
||||
{
|
||||
private $id;
|
||||
private $name;
|
||||
private $surname;
|
||||
private $username;
|
||||
private $email;
|
||||
private $rank;
|
||||
private $active;
|
||||
|
||||
function __construct($id)
|
||||
{
|
||||
global $mysqli;
|
||||
$stmt = $mysqli->prepare("SELECT * FROM users WHERE id=?");
|
||||
$stmt->bind_param("d", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
if (!$query->num_rows)
|
||||
{
|
||||
throw new Exception("User doesn't exist.");
|
||||
return;
|
||||
}
|
||||
|
||||
$result = $query->fetch_array();
|
||||
$this->id = $id;
|
||||
$this->active = $result['active'];
|
||||
$this->name = $result['name'];
|
||||
$this->email = $result['email'];
|
||||
$this->surname = $result['surname'];
|
||||
$this->username = $result['username'];
|
||||
$this->rank = $result['permission'];
|
||||
}
|
||||
|
||||
public function get_username()
|
||||
{
|
||||
return $this->username;
|
||||
}
|
||||
|
||||
public function get_rank()
|
||||
{
|
||||
return $this->rank;
|
||||
}
|
||||
|
||||
public function get_name()
|
||||
{
|
||||
return $this->name . " " . $this->surname;
|
||||
}
|
||||
|
||||
public function toggle()
|
||||
{
|
||||
global $mysqli, $message, $user;
|
||||
$id = $_SESSION['user'];
|
||||
$stmt = $mysqli->prepare("SELECT permission FROM users WHERE id=?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
$permission = $result['permission'];
|
||||
$id = $_GET['id'];
|
||||
if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
|
||||
{
|
||||
$stmt = $mysqli->prepare("UPDATE users SET active = !active WHERE id=?");
|
||||
$stmt->bind_param("i", $this->id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
header("Location: /admin/?do=user&id=".$id);
|
||||
}else{
|
||||
$message = "You don't have the permission to do that!";
|
||||
}
|
||||
}
|
||||
|
||||
public static function add()
|
||||
{
|
||||
global $user, $message, $mysqli;
|
||||
if (INSTALL_OVERRIDE || $user->get_rank()==0)
|
||||
{
|
||||
if (strlen(trim($_POST['name']))==0 || strlen(trim($_POST['surname']))==0 || strlen(trim($_POST['email']))==0 || strlen(trim($_POST['password']))==0 || !isset($_POST['permission']))
|
||||
{
|
||||
$message = "Please enter all data!";
|
||||
}else{
|
||||
$name = $_POST['name'];
|
||||
$surname = $_POST['surname'];
|
||||
$username = $_POST['username'];
|
||||
$email = $_POST['email'];
|
||||
$pass = $_POST['password'];
|
||||
|
||||
$variables = array();
|
||||
if (strlen($name)>50){
|
||||
$variables[] = 'name: 50';
|
||||
}
|
||||
if (strlen($surname)>50){
|
||||
$variables[] = 'surname: 50';
|
||||
}
|
||||
if (strlen($username)>50){
|
||||
$variables[] = 'username: 50';
|
||||
}
|
||||
if (strlen($email)>60){
|
||||
$variables[] = 'email: 60';
|
||||
}
|
||||
|
||||
if (!empty($variables))
|
||||
{
|
||||
$message = "Please mind the following character limits: ";
|
||||
$message .= implode(", ", $variables);
|
||||
return;
|
||||
}
|
||||
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$hash = hash('sha256', $pass.$salt);
|
||||
$permission = $_POST['permission'];
|
||||
|
||||
|
||||
$stmt = $mysqli->prepare("INSERT INTO users values ('', ?, ?, ?, ?, ?, ?, ?, 1)");
|
||||
$stmt->bind_param("ssssssi", $email, $username, $name, $surname, $hash, $salt, $permission);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
if ($query->affected_rows>0)
|
||||
{
|
||||
$to = $email;
|
||||
$subject = 'User account created - '.NAME;
|
||||
$message = 'Hi '.$name." ".$surname."!<br>"."Your account has been created. You can login with your email address at <a href=\"".WEB_URL."/admin\">".WEB_URL."/admin </a> with password ".$pass.". Please change it as soon as possible. ";
|
||||
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
|
||||
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
|
||||
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
|
||||
mail($to, $subject, $message, $headers);
|
||||
header("Location: /admin/?do=settings");
|
||||
}
|
||||
else{
|
||||
$message = "Username or email already used";
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$message = "Insufficient permission";
|
||||
}
|
||||
}
|
||||
|
||||
public static function login()
|
||||
{
|
||||
global $message, $mysqli;
|
||||
if (isset($_POST['email']))
|
||||
{
|
||||
$email = $_POST['email'];
|
||||
$pass = $_POST['pass'];
|
||||
|
||||
$stmt = $mysqli->prepare("SELECT id,password_salt as salt,active FROM users WHERE email=?");
|
||||
$stmt->bind_param("s", $email);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
if ($query->num_rows)
|
||||
{
|
||||
$result = $query->fetch_assoc();
|
||||
|
||||
$salt = $result["salt"];
|
||||
$id = $result["id"];
|
||||
$active = $result["active"];
|
||||
if (!$active)
|
||||
{
|
||||
$message = "Your account has been disabled. Please contact administrator.";
|
||||
}
|
||||
else
|
||||
{
|
||||
$hash = hash('sha256', $pass.$salt);
|
||||
|
||||
$stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash=?");
|
||||
$stmt->bind_param("is", $id, $hash);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
if (!$query->fetch_assoc()['count'])
|
||||
{
|
||||
$message = "Wrong email or password";
|
||||
}else
|
||||
{
|
||||
if (isset($_POST['remember'])&&$_POST['remember'])
|
||||
{
|
||||
$year = strtotime('+356 days', time());
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$token = hash('sha256', $id.$salt);
|
||||
setcookie('token', $token, $year, "/");
|
||||
setcookie('user', $id, $year, "/");
|
||||
Token::new($id, 'remember', $year);
|
||||
}
|
||||
$_SESSION['user'] = $id;
|
||||
header("Location: /admin");
|
||||
}
|
||||
}
|
||||
}
|
||||
else{
|
||||
$message = "Wrong email or password";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function restore_session()
|
||||
{
|
||||
global $mysqli, $message;
|
||||
$id = $_COOKIE['user'];
|
||||
$token = $_COOKIE['token'];
|
||||
$time = time();
|
||||
if (Token::validate_token($token, $id, "remember"))
|
||||
{
|
||||
$year = strtotime('+356 days', $timestamp);
|
||||
unset($_COOKIE['token']);
|
||||
$_SESSION['user'] = $id;
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$token = hash('sha256', $id.$salt);
|
||||
setcookie('token', $token, $year);
|
||||
Token::new($id, 'remember', $year);
|
||||
}
|
||||
else
|
||||
{
|
||||
unset($_COOKIE['user']);
|
||||
unset($_COOKIE['token']);
|
||||
setcookie('user', null, -1, '/');
|
||||
setcookie('token', null, -1, '/');
|
||||
$message = "Invalid token detected, please login again!";
|
||||
}
|
||||
|
||||
Token::delete($token);
|
||||
}
|
||||
|
||||
public function render_user_settings()
|
||||
{
|
||||
global $permissions, $user;
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><img src="https://www.gravatar.com/avatar/<?php echo md5( strtolower( trim( $this->email ) ) );?>" alt="Profile picture"></div>
|
||||
<div class="col-md-6"><h3><?php echo $this->name." ".$this->surname;?></h3></div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>ID</strong></div>
|
||||
<div class="col-md-6"><?php echo $this->id; ?></div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>Username</strong></div>
|
||||
<div class="col-md-6"><?php echo $this->username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
|
||||
{
|
||||
echo "<a href='/admin/?do=user&id=".$this->id."&what=toggle'>";
|
||||
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i></a>";
|
||||
}else{
|
||||
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>";
|
||||
}?></div>
|
||||
</div>
|
||||
|
||||
<form action="/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>Role</strong></div>
|
||||
<div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?> <div class="input-group"><select class="form-control" name="permission"><?php foreach ($permissions as $key => $value) {
|
||||
echo "<option value='$key' ".($key==$this->rank?"selected":"").">$value</option>";
|
||||
} ?>
|
||||
</select><span class="input-group-btn">
|
||||
<button type="submit" class="btn btn-primary pull-right">Change role</button>
|
||||
</span>
|
||||
</div><?}else{ echo $permissions[$this->rank];}?></div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<?php if($this->id==$_SESSION['user'])
|
||||
{?>
|
||||
<form action="/admin/?do=user" method="POST">
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>Email</strong></div>
|
||||
<div class="col-md-6">
|
||||
<div class="input-group">
|
||||
<input type="email" class="form-control" name="email" value="<?php echo $this->email; ?>">
|
||||
<span class="input-group-btn">
|
||||
<button type="submit" class="btn btn-primary pull-right">Change email</button>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
<form action="/admin/?do=user" method="POST">
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>Password</strong></div>
|
||||
<div class="col-md-6">
|
||||
<label for="password">Old password</label>
|
||||
<input id="password" placeholder="Old password" type="password" class="form-control" name="old_password">
|
||||
<label for="new_password">New password</label>
|
||||
<input id="new_password" placeholder="New password" type="password" class="form-control" name="password">
|
||||
<label for="new_password_check">Repeat password</label>
|
||||
<input id="new_password_check" placeholder="Repeat password" type="password" class="form-control" name="password_repeat">
|
||||
<button type="submit" class="btn btn-primary pull-right margin-top">Change password</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
else
|
||||
{
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-md-2 col-md-offset-2"><strong>Email</strong></div>
|
||||
<div class="col-md-6">
|
||||
<a href="mailto:<?php echo $this->email; ?>"><?php echo $this->email; ?></a>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
public function change_password($token = false)
|
||||
{
|
||||
global $mysqli, $user, $message;
|
||||
$time = time();
|
||||
$id = $this->id;
|
||||
if ($_POST['password']!=$_POST['password_repeat'])
|
||||
{
|
||||
$message = "Passwords do not match!";
|
||||
}else{
|
||||
if (!$token)
|
||||
{
|
||||
if ($_SESSION['user']!=$id)
|
||||
{
|
||||
$message = "Cannot change password of other users!";
|
||||
}else{
|
||||
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
$result = $query->fetch_assoc();
|
||||
$salt = $result['salt'];
|
||||
$pass = $_POST['old_password'];
|
||||
$hash = hash('sha256', $pass.$salt);
|
||||
|
||||
$stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash = ?");
|
||||
$stmt->bind_param("is", $id, $hash);
|
||||
$stmt->execute();
|
||||
if ($stmt->get_result()->fetch_assoc()['count'])
|
||||
{
|
||||
$pass = $_POST['password'];
|
||||
$hash = hash('sha256', $pass.$salt);
|
||||
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
|
||||
$stmt->bind_param("si", $hash, $id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
User::logout();
|
||||
}
|
||||
else{
|
||||
$message = "Wrong password!";
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if (Token::validate_token($token, $id, "passwd"))
|
||||
{
|
||||
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
|
||||
$stmt->bind_param("i", $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
$result = $query->fetch_assoc();
|
||||
$salt = $result['salt'];
|
||||
$pass = $_POST['password'];
|
||||
$hash = hash('sha256', $pass.$salt);
|
||||
|
||||
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
|
||||
$stmt->bind_param("si", $hash,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = "Invalid token detected, please retry your request from start!";
|
||||
}
|
||||
|
||||
Token::delete($token);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function password_link()
|
||||
{
|
||||
global $mysqli;
|
||||
$email = $_POST['email'];
|
||||
|
||||
$stmt = $mysqli->prepare("SELECT id FROM users WHERE email=?");
|
||||
$stmt->bind_param("s", $email);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
|
||||
$id = $query->fetch_assoc()['id'];
|
||||
$time = strtotime('+1 day', time());
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$token = hash('sha256', $id.$salt);
|
||||
|
||||
Token::new($id, 'passwd', $time);
|
||||
|
||||
$link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
|
||||
$to = $email;
|
||||
$user = new User($id);
|
||||
$subject = 'Reset password - '.NAME;
|
||||
$msg = 'Hi '.$user->get_name()."!<br>Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"$link\">RESET PASSWORD</a><br><br>If the link doesn't work, copy & paste it into your browser: <br>$link";
|
||||
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
|
||||
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
|
||||
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
|
||||
mail($to, $subject, $msg, $headers);
|
||||
}
|
||||
|
||||
public function email_link(){
|
||||
global $mysqli;
|
||||
$email = $_POST['email'];
|
||||
$time = strtotime('+1 day', time());
|
||||
$salt = uniqid(mt_rand(), true);
|
||||
$id = $this->id;
|
||||
$token = hash('sha256', $id.$salt);
|
||||
|
||||
Token::new($id, 'email;$email', $time);
|
||||
|
||||
|
||||
$link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
|
||||
$to = $email;
|
||||
$subject = 'Email change - '.NAME;
|
||||
$msg = 'Hi '.$this->get_name()."!<br>Below you will find link to finish changing your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"$link\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy & paste it into your browser: <br>$link";
|
||||
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
|
||||
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
|
||||
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
|
||||
|
||||
mail($to, $subject, $msg, $headers);
|
||||
}
|
||||
|
||||
public function change_email()
|
||||
{
|
||||
//TODO: Get message from this somehow
|
||||
global $mysqli, $message;
|
||||
$time = time();
|
||||
$token = $_GET['token'];
|
||||
$id = $_GET['id'];
|
||||
|
||||
if (Token::validate_token($token, $id, "email;%"))
|
||||
{
|
||||
$data = explode(";", $result['data']);
|
||||
|
||||
$email = $data[1];
|
||||
|
||||
$stmt = $mysqli->prepare("UPDATE users SET email = ? WHERE id=?");
|
||||
$stmt->bind_param("sd", $email, $id);
|
||||
$stmt->execute();
|
||||
$query = $stmt->get_result();
|
||||
Token::delete($token);
|
||||
header("Location: /admin/");
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = "Invalid token detected, please retry your request from start!";
|
||||
}
|
||||
|
||||
Token::delete($token);
|
||||
|
||||
}
|
||||
|
||||
public static function logout(){
|
||||
global $mysqli;
|
||||
session_unset();
|
||||
$token = $_COOKIE['token'];
|
||||
$time = time();
|
||||
Token::delete($token);
|
||||
unset($_COOKIE['user']);
|
||||
unset($_COOKIE['token']);
|
||||
setcookie('user', null, -1, '/');
|
||||
setcookie('token', null, -1, '/');
|
||||
header("Location: /admin");
|
||||
}
|
||||
|
||||
public function change_permission(){
|
||||
global $mysqli, $message, $user;
|
||||
if ($user->get_rank()==0)
|
||||
{
|
||||
$permission = $_POST['permission'];
|
||||
$id = $_GET['id'];
|
||||
$stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
|
||||
$stmt->bind_param("si", $permission, $id);
|
||||
$stmt->execute();
|
||||
header("Location: /admin/?do=user&id=".$id);
|
||||
}
|
||||
else{
|
||||
$message = "You don't have permission to do that!";
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user