ShaYmez/FreeSTAR-Status-Engine
1
0
Fork 0
mirror of https://github.com/ShaYmez/FreeSTAR-Status-Engine.git synced 2026-06-03 22:54:54 -04:00
Code Issues Projects Releases Wiki Activity

files reformatted

Browse Source 
for better readability
This commit is contained in:
Tealk
2021-03-18 18:26:03 +01:00
parent e2e4a9620b
commit bf3048baf8
40 changed files with 2079 additions and 2205 deletions
Download Patch File Download Diff File Expand all files Collapse all files
classes/constellation.php
+50 -65
View File
@@ -6,8 +6,8 @@ require_once(__DIR__ . "/service-group.php");
require_once(__DIR__ . "/user.php");
require_once(__DIR__ . "/token.php");
/**
* Facade class
*/
* Facade class
*/
class Constellation
{
@@ -18,48 +18,41 @@ class Constellation
* @param int $limit - limits the number of incidents rendered
* @param Boolean $admin - specifies whether to render admin controls
*/
public function render_incidents($future=false, $offset=0, $limit = 5, $admin = 0){
if ($offset<0)
{
public function render_incidents($future = false, $offset = 0, $limit = 5, $admin = 0)
{
if ($offset < 0) {
$offset = 0;
}
$limit = (isset($_GET['limit'])?$_GET['limit']:5);
$offset = (isset($_GET['offset'])?$_GET['offset']:0);
$timestamp = (isset($_GET['timestamp']))?$_GET['timestamp']:time();
$limit = (isset($_GET['limit']) ? $_GET['limit'] : 5);
$offset = (isset($_GET['offset']) ? $_GET['offset'] : 0);
$timestamp = (isset($_GET['timestamp'])) ? $_GET['timestamp'] : time();
$incidents = $this->get_incidents($future, $offset, $limit, $timestamp);
$ajax = isset($_GET['ajax']);
if ($future && count($incidents["incidents"]) && !$ajax)
{
echo "<h3>"._("Planned maintenance")."</h3>";
}
else if (count($incidents["incidents"]) &&!$ajax)
{
if ($offset)
{
echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit).'&timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
if ($future && count($incidents["incidents"]) && !$ajax) {
echo "<h3>" . _("Planned maintenance") . "</h3>";
} else if (count($incidents["incidents"]) && !$ajax) {
if ($offset) {
echo '<noscript><div class="centered"><a href="' . WEB_URL . '/?offset=' . ($offset - $limit) . '&timestamp=' . $timestamp . '" class="btn btn-default">' . _("Back") . '</a></div></noscript>';
}
echo "<h3>"._("Past incidents")."</h3>";
}
else if (!$future &&!$ajax)
{
echo "<h3>"._("No incidents")."</h3>";
echo "<h3>" . _("Past incidents") . "</h3>";
} else if (!$future && !$ajax) {
echo "<h3>" . _("No incidents") . "</h3>";
}
$show = !$future && $incidents["more"];
$offset += $limit;
if (count($incidents["incidents"])){
if (count($incidents["incidents"])) {
foreach ($incidents['incidents'] as $incident) {
$incident->render($admin);
}
if ($show)
{
echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
if ($show) {
echo '<div class="centered"><a href="' . WEB_URL . '/?offset=' . ($offset) . '&timestamp=' . $timestamp . '" id="loadmore" class="btn btn-default">' . _("Load more") . '</a></div>';
}
}
}
@@ -69,54 +62,49 @@ class Constellation
* @param boolean $admin
* @return array of services
*/
public function render_status($admin = false, $heading = true){
public function render_status($admin = false, $heading = true)
{
global $mysqli;
//$query = $mysqli->query("SELECT id, name, description FROM services");
$query = $mysqli->query("SELECT services.id, services.name, services.description, services_groups.name as group_name FROM services LEFT JOIN services_groups ON services.group_id=services_groups.id ORDER BY services_groups.name ");
$array = array();
if ($query->num_rows){
if ($query->num_rows) {
$timestamp = time();
while($result = $query->fetch_assoc())
{
while ($result = $query->fetch_assoc()) {
$id = $result['id'];
$sql = $mysqli->prepare("SELECT type FROM services_status INNER JOIN status ON services_status.status_id = status.id WHERE service_id = ? AND `time` <= ? AND (`end_time` >= ? OR `end_time`=0) ORDER BY `time` DESC LIMIT 1");
$sql->bind_param("iii", $id, $timestamp, $timestamp);
$sql->execute();
$tmp = $sql->get_result();
if ($tmp->num_rows)
{
if ($tmp->num_rows) {
$array[] = new Service($result['id'], $result['name'], $result['description'], $result['group_name'], $tmp->fetch_assoc()['type']);
}
else{
} else {
$array[] = new Service($result['id'], $result['name'], $result['description'], $result['group_name']);
}
}
if ($heading)
{
if ($heading) {
echo Service::current_status($array);
}
}
else{
} else {
$array[] = new Service(0, _("No services"), -1);
}
if (!$admin)
{
?>
if (!$admin) {
?>
<script>
$(document).ready(function(){
$('[data-toggle="tooltip"]').tooltip();
});
$(document).ready(function() {
$('[data-toggle="tooltip"]').tooltip();
});
</script>
<?php
<?php
//echo '<div id="status-container" class="clearfix">';
//$arrCompletedGroups = array();
foreach($array as $service){
foreach ($array as $service) {
//print_r($service);
//if ( !empty($service->group_name) && !in_array($service->group_name, $arrCompletedGroups)) {
//print $service->name;
//print $service->name;
// $arrCompletedGroups[] = $service['group_name'];
// $service->render(true);
//} else {
@@ -125,35 +113,33 @@ class Constellation
}
echo '</ul>';
//echo '</div>';
}
else{
} else {
return $array;
}
}
function get_incidents($future = false, $offset = 0, $limit = 5, $timestamp = 0){
function get_incidents($future = false, $offset = 0, $limit = 5, $timestamp = 0)
{
global $mysqli;
if ($timestamp == 0)
{
if ($timestamp == 0) {
$timestamp = time();
}
$operator = ($future)?">=":"<=";
$operator = ($future) ? ">=" : "<=";
$limit++;
$sql = $mysqli->prepare("SELECT users.id, status.type, status.title, status.text, status.time, status.end_time, users.username, status.id as status_id FROM status INNER JOIN users ON user_id=users.id WHERE `time` $operator ? AND `end_time` $operator ? OR (`time`<=? AND `end_time` $operator ? ) ORDER BY `time` DESC LIMIT ? OFFSET ?");
$sql->bind_param("iiiiii",$timestamp, $timestamp, $timestamp, $timestamp, $limit, $offset);
$sql->bind_param("iiiiii", $timestamp, $timestamp, $timestamp, $timestamp, $limit, $offset);
$sql->execute();
$query = $sql->get_result();
$array = [];
$limit--;
$more = false;
if ($query->num_rows>$limit){
if ($query->num_rows > $limit) {
$more = true;
}
if ($query->num_rows){
while(($result = $query->fetch_assoc()) && $limit-- > 0)
{
if ($query->num_rows) {
while (($result = $query->fetch_assoc()) && $limit-- > 0) {
// Add service id and service names to an array in the Incident class
$stmt_service = $mysqli->prepare("SELECT services.id,services.name FROM services
INNER JOIN services_status ON services.id = services_status.service_id
@@ -161,7 +147,7 @@ class Constellation
$stmt_service->bind_param("i", $result['status_id']);
$stmt_service->execute();
$query_service = $stmt_service->get_result();
while($result_service = $query_service->fetch_assoc()) {
while ($result_service = $query_service->fetch_assoc()) {
$result['service_id'][] = $result_service['id'];
$result['service_name'][] = $result_service['name'];
}
@@ -198,15 +184,14 @@ class Constellation
function render_alert($alert_type, $header, $message, $show_link = false, $url = null, $link_text = null)
{
echo '<div><h1></h1>
<div class="alert '.$alert_type.'" role="alert">
<h4 class="alert-heading">'.$header.'</h4>
<div class="alert ' . $alert_type . '" role="alert">
<h4 class="alert-heading">' . $header . '</h4>
<hr>
<p class="mb-0">'.$message.'</p>
<p class="mb-0">' . $message . '</p>
</div></div>';
if ( $show_link ) {
echo '<div class="clearfix"><a href="'.$url.'" class="btn btn-success" role="button">'.$link_text.'</a></div>';
if ($show_link) {
echo '<div class="clearfix"><a href="' . $url . '" class="btn btn-success" role="button">' . $link_text . '</a></div>';
}
}
}
classes/db-class.php
+32 -28
View File
@@ -3,53 +3,57 @@
class SSDB
{
function execute($conn,$sql){
function execute($conn, $sql)
{
if ($conn->query($sql) === TRUE) {
return true;
return true;
} else {
return $conn->error;
return $conn->error;
}
}
function getSetting($conn,$setting){
$sql = "SELECT value FROM settings WHERE setting='".$setting."'";
function getSetting($conn, $setting)
{
$sql = "SELECT value FROM settings WHERE setting='" . $setting . "'";
$result = $conn->query($sql);
if ($result->num_rows == 1) {
while($row = $result->fetch_assoc()) {
while ($row = $result->fetch_assoc()) {
return $row["value"];
}
} else {
return "null";
}
}
function setSetting($conn,$settingname,$settingvalue){
$sql = "INSERT INTO settings (setting,value) VALUES ('".$settingname."','".$settingvalue."');";
if ($conn->query($sql) === TRUE) {
return true;
} else {
return $conn->error;
}
}
function deleteSetting($conn,$settingname){
$sql = "DELETE FROM settings WHERE setting=\"".$settingname."\";";
function setSetting($conn, $settingname, $settingvalue)
{
$sql = "INSERT INTO settings (setting,value) VALUES ('" . $settingname . "','" . $settingvalue . "');";
if ($conn->query($sql) === TRUE) {
return true;
} else {
return $conn->error;
}
return true;
} else {
return $conn->error;
}
}
function updateSetting($conn, $settingname, $settingvalue){
function deleteSetting($conn, $settingname)
{
$sql = "DELETE FROM settings WHERE setting=\"" . $settingname . "\";";
if ($conn->query($sql) === TRUE) {
return true;
} else {
return $conn->error;
}
}
function updateSetting($conn, $settingname, $settingvalue)
{
$this->deleteSetting($conn, $settingname);
$this->setSetting($conn, $settingname, $settingvalue);
return true;
}
function getBooleanSetting($conn, $setting) {
if (trim($this->getSetting($conn, $setting)) == "yes"){
return true;
}
return false;
function getBooleanSetting($conn, $setting)
{
if (trim($this->getSetting($conn, $setting)) == "yes") {
return true;
}
return false;
}
}
classes/incident.php
+59 -69
View File
@@ -2,8 +2,8 @@
require_once(__DIR__ . "/notification.php");
/**
* Class for creating and rendering an incident
*/
* Class for creating and rendering an incident
*/
class Incident implements JsonSerializable
{
private $id;
@@ -24,14 +24,14 @@ class Incident implements JsonSerializable
*/
function __construct($data)
{
//TODO: Maybe get data from id?
//TODO: Maybe get data from id?
$this->id = $data['status_id'];
$this->timestamp = $data['time'];
$this->end_timestamp = $data['end_time'];
$this->date = new DateTime("@".$data['time']);
$this->date = new DateTime("@" . $data['time']);
$this->date = $this->date->format('Y-m-d H:i:sP');
if ($data['end_time']>0){
$this->end_date = new DateTime("@".$data['end_time']);
if ($data['end_time'] > 0) {
$this->end_date = new DateTime("@" . $data['end_time']);
$this->end_date = $this->end_date->format('Y-m-d H:i:sP');
}
$this->type = $data['type'];
@@ -46,17 +46,16 @@ class Incident implements JsonSerializable
* Deletes incident by ID.
* @param int ID
*/
public static function delete($id){
public static function delete($id)
{
global $mysqli, $message, $user;
if ($user->get_rank() > 1)
{
if ($user->get_rank() > 1) {
$stmt = $mysqli->prepare("SELECT count(*) as count FROM status WHERE id= ? AND user_id = ?");
$stmt->bind_param("ii", $id, $_SESSION['user']);
$stmt->execute();
$query = $stmt->get_result();
if (!$query->fetch_assoc()['count'])
{
if (!$query->fetch_assoc()['count']) {
$message = _("You don't have permission to do that!");
return;
}
@@ -71,7 +70,7 @@ class Incident implements JsonSerializable
$stmt->bind_param("i", $id);
$stmt->execute();
$query = $stmt->get_result();
header("Location: ".WEB_URL."/admin");
header("Location: " . WEB_URL . "/admin");
}
/**
@@ -84,77 +83,66 @@ class Incident implements JsonSerializable
{
global $mysqli, $message;
//Sould be a better way to get this array...
$statuses = array(_("Major outage"), _("Minor outage"), _("Planned maintenance"), _("Operational") );
$statuses = array(_("Major outage"), _("Minor outage"), _("Planned maintenance"), _("Operational"));
$user_id = $_SESSION['user'];
$type = $_POST['type'];
$title = strip_tags($_POST['title']);
$text = strip_tags($_POST['text'], '<br>');
if (strlen($title)==0)
{
if (strlen($title) == 0) {
$message = _("Please enter title");
return;
}else if(strlen($title)>50){
} else if (strlen($title) > 50) {
$message = _("Title too long! Character limit is 50");
return;
}
if (strlen($title)==0)
{
if (strlen($title) == 0) {
$message = _("Please enter text");
return;
}
if ($type == 2 && (!strlen(trim($_POST['time'])) || !strlen(trim($_POST['end_time']))))
{
if ($type == 2 && (!strlen(trim($_POST['time'])) || !strlen(trim($_POST['end_time'])))) {
$message = _("Please set start and end time! Use ISO 8601 format.");
return;
}
if (empty($_POST['services'])){
if (empty($_POST['services'])) {
$message = _("Please select at least one service");
}
else
{
if (!is_array($_POST['services']))
{
} else {
if (!is_array($_POST['services'])) {
$services = array($_POST['services']);
}
else
{
} else {
$services = $_POST['services'];
}
if (!empty($_POST['time']) && $type == 2){
$input_time = (!empty($_POST['time_js'])?$_POST['time_js']: $_POST['time']);
$input_end_time = (!empty($_POST['end_time_js'])?$_POST['end_time_js']: $_POST['end_time']);
if (!empty($_POST['time']) && $type == 2) {
$input_time = (!empty($_POST['time_js']) ? $_POST['time_js'] : $_POST['time']);
$input_end_time = (!empty($_POST['end_time_js']) ? $_POST['end_time_js'] : $_POST['end_time']);
$time = strtotime($input_time);
$end_time = strtotime($input_end_time);
if (!$time)
{
if (!$time) {
$message = _("Start date format is not recognized. Please use ISO 8601 format.");
return;
}
if (!$end_time)
{
if (!$end_time) {
$message = _("End date format is not recognized. Please use ISO 8601 format.");
return;
}
if ($time >= $end_time)
{
if ($time >= $end_time) {
$message = _("End time is either the same or earlier than start time!");
return;
}
}else{
} else {
$time = time();
$end_time = '';
}
$stmt = $mysqli->prepare("INSERT INTO status VALUES (NULL,?, ?, ?, ?, ?, ?)");
$stmt->bind_param("issiii", $type, $title, $text, $time ,$end_time ,$user_id);
$stmt->bind_param("issiii", $type, $title, $text, $time, $end_time, $user_id);
$stmt->execute();
$query = $stmt->get_result();
$status_id = $mysqli->insert_id;
@@ -178,7 +166,7 @@ class Incident implements JsonSerializable
$notify->notify_subscribers();
header("Location: ".WEB_URL."/admin?sent=true");
header("Location: " . WEB_URL . "/admin?sent=true");
}
}
@@ -187,40 +175,42 @@ class Incident implements JsonSerializable
* @param Boolean $admin - decides whether admin controls should be rendered
* @return void
*/
public function render($admin=0){
public function render($admin = 0)
{
global $icons;
global $classes, $user;
$admin = $admin && (($user->get_rank()<=1) || ($user->get_username() == $this->username));
$admin = $admin && (($user->get_rank() <= 1) || ($user->get_username() == $this->username));
$Parsedown = new Parsedown();
?>
<article class="card border-<?php echo $classes[$this->type];?> mb-3">
<div class="card-colore icon bg-<?php echo $classes[$this->type];?>"><i class="<?php echo $icons[$this->type];?>"></i></div>
<div class="card-header bg-<?php echo $classes[$this->type];?> border-<?php echo $classes[$this->type];?>">
<?php echo $this->title; ?>
<time class="pull-right timeago" datetime="<?php echo $this->date; ?>"><?php echo $this->date; ?></time>
<div class="float-end">
<?php if ($admin){
echo '<a href="'.WEB_URL.'/admin/?delete='.$this->id.'" class="pull-right delete"><i class="fa fa-trash"></i></a>';
}?>
</div>
?>
<article class="card border-<?php echo $classes[$this->type]; ?> mb-3">
<div class="card-colore icon bg-<?php echo $classes[$this->type]; ?>"><i class="<?php echo $icons[$this->type]; ?>"></i></div>
<div class="card-header bg-<?php echo $classes[$this->type]; ?> border-<?php echo $classes[$this->type]; ?>">
<?php echo $this->title; ?>
<time class="pull-right timeago" datetime="<?php echo $this->date; ?>"><?php echo $this->date; ?></time>
<div class="float-end">
<?php if ($admin) {
echo '<a href="' . WEB_URL . '/admin/?delete=' . $this->id . '" class="pull-right delete"><i class="fa fa-trash"></i></a>';
} ?>
</div>
</div>
<div class="card-body">
<?php echo $Parsedown->setBreaksEnabled(true)->text($this->text); ?>
</div>
<div class="card-footer bg-transparent border-<?php echo $classes[$this->type];?>">
<?php echo _("Impacted service(s): ");
foreach ( $this->service_name as $value ) {
echo '<span class="label label-default">'.$value . '</span>&nbsp;';
}
if (isset($this->end_date)){?>
<span class="pull-right"><?php echo strtotime($this->end_date)>time()?_("Ending"):_("Ended");?>:&nbsp;<time class="pull-right timeago" datetime="<?php echo $this->end_date; ?>"><?php echo $this->end_date; ?></time></span>
<?php } ?>
</div>
</article>
<?php
<div class="card-body">
<?php echo $Parsedown->setBreaksEnabled(true)->text($this->text); ?>
</div>
<div class="card-footer bg-transparent border-<?php echo $classes[$this->type]; ?>">
<?php echo _("Impacted service(s): ");
foreach ($this->service_name as $value) {
echo '<span class="label label-default">' . $value . '</span>&nbsp;';
}
if (isset($this->end_date)) { ?>
<span class="pull-right"><?php echo strtotime($this->end_date) > time() ? _("Ending") : _("Ended"); ?>:&nbsp;<time class="pull-right timeago" datetime="<?php echo $this->end_date; ?>"><?php echo $this->end_date; ?></time></span>
<?php } ?>
</div>
</article>
<?php
}
public function jsonSerialize() {
public function jsonSerialize()
{
return [
"id" => $this->id,
"date" => $this->timestamp,
classes/locale-negotiator.php
+42 -41
View File
@@ -1,10 +1,11 @@
<?php
/**
* This class is used to negotiate language displayed to user.
* Reads browser preferences and chooses the best language from list
*/
* This class is used to negotiate language displayed to user.
* Reads browser preferences and chooses the best language from list
*/
class LocaleNegotiator
{
{
private $accepted_langs = [];
private $default_language;
private $all_locales = array(
@@ -220,15 +221,15 @@ class LocaleNegotiator
'zh_SG' => '中文',
'zh_TW' => '中文',
'zu_ZA' => 'Isizulu',
);
);
/**
* This method scans for languages and creates a list of language and its name (localized ofc.)
* @param String $default_language language displayed to user in case no suitable lang is found
*/
* This method scans for languages and creates a list of language and its name (localized ofc.)
* @param String $default_language language displayed to user in case no suitable lang is found
*/
function __construct($default_language)
{
$tmp = glob(__DIR__ . '/../locale/*' , GLOB_ONLYDIR);
$tmp = glob(__DIR__ . '/../locale/*', GLOB_ONLYDIR);
$this->default_language = $default_language;
//Works only if the server supports the locale
//This basically means $accepted_langs[<lang_code>] = "<lang name>";
@@ -239,41 +240,42 @@ class LocaleNegotiator
}
/**
* Returns list of accepted langs so it can be reused for rendering language list for switching...
*/
public function get_accepted_langs(){
* Returns list of accepted langs so it can be reused for rendering language list for switching...
*/
public function get_accepted_langs()
{
return $this->accepted_langs;
}
/**
* This method does the actual negotiation. It has override parameter in case user wants to switch
* languages.
* @param String $override adds language to list of preffered languages with highest priority
* @return String language code that matched best with browser preferences
*/
public function negotiate($override = null){
* This method does the actual negotiation. It has override parameter in case user wants to switch
* languages.
* @param String $override adds language to list of preffered languages with highest priority
* @return String language code that matched best with browser preferences
*/
public function negotiate($override = null)
{
$langs = [];
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$http_accept_language = str_replace("-", "_", $_SERVER['HTTP_ACCEPT_LANGUAGE']);
preg_match_all('/([a-z]{1,8}(-[a-z]{1,8})?)\s*(;\s*q\s*=\s*(1|0\.[0-9]+))?/i', $http_accept_language, $lang_parse);
preg_match_all('/([a-z]{1,8}(-[a-z]{1,8})?)\s*(;\s*q\s*=\s*(1|0\.[0-9]+))?/i', $http_accept_language, $lang_parse);
if (count($lang_parse[1])) {
$langs = array_combine($lang_parse[1], $lang_parse[4]);
foreach ($langs as $lang => $val) {
//If browser didn't send quality of language, it is 1 by default
if ($val === '') $langs[$lang] = 1;
}
if (count($lang_parse[1])) {
$langs = array_combine($lang_parse[1], $lang_parse[4]);
if (isset($override))
{
//More important than the best lang of browser
$langs[$override] = 2;
}
foreach ($langs as $lang => $val) {
//If browser didn't send quality of language, it is 1 by default
if ($val === '') $langs[$lang] = 1;
}
arsort($langs, SORT_NUMERIC);
}
if (isset($override)) {
//More important than the best lang of browser
$langs[$override] = 2;
}
arsort($langs, SORT_NUMERIC);
}
}
//So we have lang code as value
@@ -285,18 +287,18 @@ class LocaleNegotiator
global $lang;
foreach ($langs as $lang) {
if (strlen($lang)>2){
if (in_array($lang, $accepted_langs)){
if (strlen($lang) > 2) {
if (in_array($lang, $accepted_langs)) {
$best_match = $lang;
break;
}
}else{
$possible = array_filter($accepted_langs, function($key) {
} else {
$possible = array_filter($accepted_langs, function ($key) {
global $lang;
return strpos($key, $lang) === 0;
return strpos($key, $lang) === 0;
});
if (count($possible)){
if (count($possible)) {
foreach ($possible as $value) {
$best_match = $value;
}
@@ -305,11 +307,10 @@ class LocaleNegotiator
}
}
if ($best_match === false){
if ($best_match === false) {
$best_match = $this->default_language;
}
return $best_match;
}
}
classes/mailer.php
+31 -29
View File
@@ -15,10 +15,11 @@ if (file_exists("libs/php_idn/idna.php")) {
require_once("../libs/php_idn/idna.php");
}
class Mailer {
public function __construct(){
class Mailer
{
public function __construct()
{
}
/**
@@ -28,7 +29,8 @@ class Mailer {
* @param boolean $html Set to true if we are sending HTML Mailer
* @return boolean True if success
*/
public function send_mail($to, $subject, $message, $html = true) {
public function send_mail($to, $subject, $message, $html = true)
{
// TODO -Handle $to as an array in order to send to muliple recipients without having
// to call the entire send_mail function over and over..
@@ -36,19 +38,19 @@ class Mailer {
// Convert IDN/punycode domain to ascii
// TODO Handle IDN in left hand side of email address
if ( $this->is_utf8($to) ) {
if ($this->is_utf8($to)) {
$elements = explode('@', $to);
$domainpart = EncodePunycodeIDN(array_pop($elements)); // Convert domain part to ascii
$to = $elements[0] . '@' . $domainpart; // Reassemble tge full email address
}
// Send using PHP mailer if it is enabled
if ( PHP_MAILER ) {
require_once(PHP_MAILER_PATH .'/Exception.php'); /* Exception class. */
require_once(PHP_MAILER_PATH .'/PHPMailer.php'); /* The main PHPMailer class. */
if (PHP_MAILER) {
require_once(PHP_MAILER_PATH . '/Exception.php'); /* Exception class. */
require_once(PHP_MAILER_PATH . '/PHPMailer.php'); /* The main PHPMailer class. */
if ( PHP_MAILER_SMTP ) {
require_once(PHP_MAILER_PATH .'/SMTP.php'); /* SMTP class, needed if you want to use SMTP. */
if (PHP_MAILER_SMTP) {
require_once(PHP_MAILER_PATH . '/SMTP.php'); /* SMTP class, needed if you want to use SMTP. */
}
$phpmail = new PHPMailer(false);
@@ -58,7 +60,7 @@ class Mailer {
//$phpmail->Debugoutput = error_log;
// Define SMTP parameters if enabled
if ( PHP_MAILER_SMTP ) {
if (PHP_MAILER_SMTP) {
$phpmail->isSMTP();
$phpmail->Host = PHP_MAILER_HOST;
@@ -67,7 +69,7 @@ class Mailer {
//$phpmail->SMTPDebug = 2; // Enable for debugging
// Handle authentication for SMTP if enabled
if ( !empty(PHP_MAILER_USER) ) {
if (!empty(PHP_MAILER_USER)) {
$phpmail->SMTPAuth = true;
$phpmail->Username = PHP_MAILER_USER;
$phpmail->Password = PHP_MAILER_PASS;
@@ -77,7 +79,7 @@ class Mailer {
$phpmail->addAddress($to);
$phpmail->Subject = $subject;
// Send HMTL mail
if ( $html ) {
if ($html) {
$phpmail->msgHtml($message);
$phpmail->AltBody = $this->convert_html_to_plain_txt($message, false);
} else {
@@ -85,24 +87,22 @@ class Mailer {
}
$phpmail->isHtml($html); // use htmlmail if enabled
if ( ! $phpmail->send() ) {
if (!$phpmail->send()) {
// TODO Log error message $phpmail->ErrorInfo;
return false;
}
return true;
} else {
// Use standard PHP mail() function
$headers = "Content-Type: $content_type; \"charset=utf-8\" ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$headers = "Content-Type: $content_type; \"charset=utf-8\" " . PHP_EOL;
$headers .= "MIME-Version: 1.0 " . PHP_EOL;
$headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
$headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $message, $headers);
// TODO log error message if mail fails
return true;
}
}
/**
* Tries to verify the domain using dns request against an MX record of the domain part
@@ -112,11 +112,12 @@ class Mailer {
* @param String $email Email address to check
* @return boolean True if MX record exits, false if otherwise
*/
public function verify_domain($email){
public function verify_domain($email)
{
// TODO - Handle idn/punycode domain names without being dependent on PHP native libs.
$domain = explode('@', $email);
$domain = EncodePunycodeIDN(array_pop($domain).'.'); // Add dot at end of domain to avoid local domain lookups
syslog(1,$domain);
$domain = EncodePunycodeIDN(array_pop($domain) . '.'); // Add dot at end of domain to avoid local domain lookups
syslog(1, $domain);
return checkdnsrr($domain, 'MX');
}
@@ -145,20 +146,22 @@ class Mailer {
* @param boolean $remove_links Set to true if links should be removed from email
* @return String pain text version
*/
public function convert_html_to_plain_txt($content, $remove_links=false){
public function convert_html_to_plain_txt($content, $remove_links = false)
{
// TODO does not handle unsubscribe/manage subscription text very well.
// Replace HTML line breaks with text line breaks
$plain_text = str_ireplace(array("<br>","<br />"), "\n\r", $content);
$plain_text = str_ireplace(array("<br>", "<br />"), "\n\r", $content);
// Remove the content between the tags that wouldn't normally get removed with the strip_tags function
$plain_text = preg_replace(array('@<head[^>]*?>.*?</head>@siu',
$plain_text = preg_replace(array(
'@<head[^>]*?>.*?</head>@siu',
'@<style[^>]*?>.*?</style>@siu',
'@<script[^>]*?.*?</script>@siu',
'@<noscript[^>]*?.*?</noscript>@siu',
), "", $plain_text); // Remove everything from between the tags that doesn't get removed with strip_tags function
// If the user has chosen to preserve the addresses from links
if(!$remove_links){
if (!$remove_links) {
$plain_text = strip_tags(preg_replace('/<a href="(.*)">/', ' $1 ', $plain_text));
}
@@ -166,9 +169,8 @@ class Mailer {
$plain_text = str_replace("&nbsp;", "", $plain_text);
// Replace multiple line breaks with a single line break
$plain_text = preg_replace("/(\s){3,}/","\r\n\r\n",trim($plain_text));
$plain_text = preg_replace("/(\s){3,}/", "\r\n\r\n", trim($plain_text));
return $plain_text;
}
}
classes/notification.php
+13 -14
View File
@@ -25,7 +25,7 @@ class Notification
public function populate_impacted_services($status_id)
{
global $mysqli;
if (! empty($status_id)) {
if (!empty($status_id)) {
// Fetch services names for use in email
$stmt = $mysqli->prepare("SELECT services.id, services.name FROM services INNER JOIN services_status on services.id = services_status.service_id WHERE services_status.status_id = ?");
$stmt->bind_param("i", $status_id);
@@ -66,7 +66,7 @@ class Notification
$queue->user_id = $_SESSION['user'];
$arr_data = array();
if ( SUBSCRIBE_EMAIL ) {
if (SUBSCRIBE_EMAIL) {
$arr_data = $this->prepare_email(); // Make up the base message and subject for email
$queue->type_id = $queue->all_type_id['notify_email'];
$queue->template_data1 = $arr_data['subject'];
@@ -75,7 +75,7 @@ class Notification
//syslog(1, "queue email: ". $task_id_email);
$arr_email = array();
}
if ( SUBSCRIBE_TELEGRAM ) {
if (SUBSCRIBE_TELEGRAM) {
$arr_data = $this->prepare_telegram();
$queue->type_id = $queue->all_type_id['notify_telegram'];
$queue->template_data1 = null;
@@ -103,16 +103,14 @@ class Notification
if ($typeID == 2 && SUBSCRIBE_EMAIL) {
$arr_email[] = $subscriber['subscriberIDFK'];
}
}
}
if ( SUBSCRIBE_TELEGRAM) {
if (SUBSCRIBE_TELEGRAM) {
$queue->task_id = $task_id_telegram;
$queue->add_notification($arr_telegram); // Add array of Telegram users to the notification queue list
}
if ( SUBSCRIBE_EMAIL ) {
if (SUBSCRIBE_EMAIL) {
$queue->task_id = $task_id_email;
$queue->add_notification($arr_email); // Add array of Email users to the notification queue list
}
@@ -132,13 +130,12 @@ class Notification
$msg = sprintf($msg, $firstname);
$tg_message = array('text' => $msg, 'chat_id' => $userID, 'parse_mode' => 'HTML');
$json = @file_get_contents("https://api.telegram.org/bot" . TG_BOT_API_TOKEN . "/sendMessage?" . http_build_query($tg_message) );
$json = @file_get_contents("https://api.telegram.org/bot" . TG_BOT_API_TOKEN . "/sendMessage?" . http_build_query($tg_message));
$response = json_decode($json, true);
if (!is_array($response) || ! array_key_exists("ok", $response) || $response['ok'] != 1 ) {
if (!is_array($response) || !array_key_exists("ok", $response) || $response['ok'] != 1) {
return false;
}
return true;
}
@@ -154,13 +151,14 @@ class Notification
{
// TODO Error handling
$mailer = new Mailer();
if ( ! $mailer->send_mail($subscriber, $subject, $msg, true) ) {
return false;
if (!$mailer->send_mail($subscriber, $subject, $msg, true)) {
return false;
}
return true;
}
public function prepare_email(){
public function prepare_email()
{
$Parsedown = new Parsedown();
$str_mail = file_get_contents("../libs/templates/email_status_update.html");
@@ -189,7 +187,8 @@ class Notification
return $val;
}
public function prepare_telegram(){
public function prepare_telegram()
{
$msg = _("Hi #s!\nThere is a status update for service(s): %s\nThe new status is: %s\nTitle: %s\n\n%s\n\n<a href='%s'>View online</a>");
$val['body'] = sprintf($msg, $this->servicenames, $this->status, $this->title, $this->text, WEB_URL);
return $val;
classes/queue.php
+146 -136
View File
@@ -5,157 +5,167 @@
*/
class Queue
{
public $task_id;
public $type_id;
public $status;
public $template_data1; // i.e. Subject for email
public $template_data2; // i.e. HTML email body
public $create_time;
public $completed_time;
public $num_errors;
public $user_id;
public $all_type_id = array('notify_telegram' => 1,
'notify_email' => 2);
public $task_id;
public $type_id;
public $status;
public $template_data1; // i.e. Subject for email
public $template_data2; // i.e. HTML email body
public $create_time;
public $completed_time;
public $num_errors;
public $user_id;
public $all_type_id = array(
'notify_telegram' => 1,
'notify_email' => 2
);
public $all_status = array('populating' => 1,
'ready' => 2,
'processing' => 3,
'completed' => 4,
'failed' => 5);
public $all_status = array(
'populating' => 1,
'ready' => 2,
'processing' => 3,
'completed' => 4,
'failed' => 5
);
public function add_task() {
global $mysqli;
$stmt = $mysqli->prepare("INSERT INTO queue_task (type_id, status, template_data1, template_data2, created_time, user_id) VALUES (?,?,?,?,?,?)");
if ( false===$stmt ) {
//die('prepare() failed: ' . htmlspecialchars($mysqli->error));
echo $mysqli->errno();
}
#if ( false === $stmt ) { syslog(1, "Error :". $mysqli->error); }
$now = time();
$res = $stmt->bind_param("iissii", $this->type_id, $this->status, $this->template_data1, $this->template_data2, $now, $this->user_id);
if ( false === $res ) {
echo "error";
die();
}
$stmt->execute();
$query = $stmt->get_result();
print $query;
$this->task_id = $mysqli->insert_id;
return $this->task_id;
public function add_task()
{
global $mysqli;
$stmt = $mysqli->prepare("INSERT INTO queue_task (type_id, status, template_data1, template_data2, created_time, user_id) VALUES (?,?,?,?,?,?)");
if (false === $stmt) {
//die('prepare() failed: ' . htmlspecialchars($mysqli->error));
echo $mysqli->errno();
}
/**
* Remove task from the queue
* @return void
*/
public function delete_task($task_id){
global $mysqli;
$stmt = $mysqli->prepare("DELETE FROM queue_task WHERE id = ?");
$stmt->bind_param("i", $task_id);
$stmt->execute();
#if ( false === $stmt ) { syslog(1, "Error :". $mysqli->error); }
$now = time();
$res = $stmt->bind_param("iissii", $this->type_id, $this->status, $this->template_data1, $this->template_data2, $now, $this->user_id);
if (false === $res) {
echo "error";
die();
}
$stmt->execute();
$query = $stmt->get_result();
print $query;
$this->task_id = $mysqli->insert_id;
return $this->task_id;
}
/**
* Update status for given task
* @param int $new_status The new current status of the task. Must be selected from the $all_status array.
* @return void
*/
public function set_task_status($new_status) {
global $mysqli;
$stmt = $mysqli->prepare("UPDATE queue_task SET status = ? WHERE id = ?");
$stmt->bind_param("ii", $new_status, $this->task_id);
$stmt->execute();
$this->status = $new_status;
/**
* Remove task from the queue
* @return void
*/
public function delete_task($task_id)
{
global $mysqli;
$stmt = $mysqli->prepare("DELETE FROM queue_task WHERE id = ?");
$stmt->bind_param("i", $task_id);
$stmt->execute();
}
/**
* Update status for given task
* @param int $new_status The new current status of the task. Must be selected from the $all_status array.
* @return void
*/
public function set_task_status($new_status)
{
global $mysqli;
$stmt = $mysqli->prepare("UPDATE queue_task SET status = ? WHERE id = ?");
$stmt->bind_param("ii", $new_status, $this->task_id);
$stmt->execute();
$this->status = $new_status;
}
/**
* Add notification queue data for given task
* @param array $arr_data Array filled with subscriber_id
* @return void
*/
public function add_notification($arr_data)
{
global $mysqli;
//Default status = 1, retres = 0, task_id = $this->task_id
// Build query manually since mysqli doesn't cater well for multi insert..
$count = count($arr_data); // Let's find number of elements
$counter = 0;
$query = '';
$seperator = ',';
$sub_query = '(%d, %d, %d ,%d)%s';
foreach ($arr_data as $value) {
$counter++;
if ($counter == $count) {
$seperator = '';
} // Make sure last character for SQL query is correct
$query .= sprintf($sub_query, $this->task_id, 1, $value, 0, $seperator);
}
$sql = "INSERT INTO queue_notify (task_id, status, subscriber_id, retries) VALUES " . $query;
/**
* Add notification queue data for given task
* @param array $arr_data Array filled with subscriber_id
* @return void
*/
public function add_notification($arr_data) {
global $mysqli;
$mysqli->query($sql);
//Default status = 1, retres = 0, task_id = $this->task_id
$this->set_task_status($this->all_status['ready']); // Make task available for release
}
// Build query manually since mysqli doesn't cater well for multi insert..
$count = count($arr_data); // Let's find number of elements
$counter = 0;
$query = '';
$seperator = ',';
$sub_query = '(%d, %d, %d ,%d)%s';
public function update_notification_retries($task_id, $subscriber_id)
{
global $mysqli;
$stmt = $mysqli->prepare("UPDATE queue_notify SET retries = retries+1 WHERE task_id = ? AND subscriber_id = ?");
$stmt->bind_param("ii", $task_id, $subscriber_id);
$stmt->execute();
}
foreach ($arr_data as $value) {
$counter++;
if ($counter == $count) { $seperator = ''; } // Make sure last character for SQL query is correct
$query .= sprintf($sub_query, $this->task_id, 1, $value, 0, $seperator);
}
$sql = "INSERT INTO queue_notify (task_id, status, subscriber_id, retries) VALUES ". $query;
public function delete_notification($task_id, $subscriber_id)
{
global $mysqli;
$stmt = $mysqli->prepare("DELETE FROM queue_notify WHERE task_id = ? AND subscriber_id = ?");
$stmt->bind_param("ii", $task_id, $subscriber_id);
$stmt->execute();
}
$mysqli->query($sql);
// TODO: Fix max attempts for notifications
public function process_queue()
{
global $mysqli;
$stmt = $mysqli->query("SELECT qn.id, qn.task_id, qn.status, qn.subscriber_id, qn.retries, sub.firstname, sub.userID, sub.token FROM queue_notify AS qn INNER JOIN subscribers AS sub ON qn.subscriber_id = sub.subscriberID WHERE qn.status NOT LIKE 2 AND sub.active=1");
while ($result = $stmt->fetch_assoc()) {
$this->set_task_status($this->all_status['ready']); // Make task available for release
}
$i = 2;
$stmt2 = $mysqli->prepare("SELECT * FROM queue_task WHERE id = ? AND status = ?");
$stmt2->bind_param("ii", $result['task_id'], $i);
$stmt2->execute();
$tmp = $stmt2->get_result();
$result2 = $tmp->fetch_assoc();
$typeID = $result2['type_id'];
public function update_notification_retries($task_id, $subscriber_id) {
global $mysqli;
$stmt = $mysqli->prepare("UPDATE queue_notify SET retries = retries+1 WHERE task_id = ? AND subscriber_id = ?");
$stmt->bind_param("ii", $task_id, $subscriber_id);
$stmt->execute();
}
public function delete_notification($task_id, $subscriber_id) {
global $mysqli;
$stmt = $mysqli->prepare("DELETE FROM queue_notify WHERE task_id = ? AND subscriber_id = ?");
$stmt->bind_param("ii", $task_id, $subscriber_id);
$stmt->execute();
}
// TODO: Fix max attempts for notifications
public function process_queue(){
global $mysqli;
$stmt = $mysqli->query("SELECT qn.id, qn.task_id, qn.status, qn.subscriber_id, qn.retries, sub.firstname, sub.userID, sub.token FROM queue_notify AS qn INNER JOIN subscribers AS sub ON qn.subscriber_id = sub.subscriberID WHERE qn.status NOT LIKE 2 AND sub.active=1");
while ( $result = $stmt->fetch_assoc() ) {
$i = 2;
$stmt2 = $mysqli->prepare("SELECT * FROM queue_task WHERE id = ? AND status = ?");
$stmt2->bind_param("ii", $result['task_id'], $i);
$stmt2->execute();
$tmp = $stmt2->get_result();
$result2 = $tmp->fetch_assoc();
$typeID = $result2['type_id'];
// Handle telegram
if ($typeID == 1) {
$msg = str_replace("#s", $result['firstname'], $result2['template_data2']);
if ( ! Notification::submit_queue_telegram($result['userID'], $result['firstname'], $msg) ) {
Queue::update_notification_retries($result['task_id'], $result['subscriber_id']); // Sent
} else {
Queue::delete_notification($result['task_id'], $result['subscriber_id']); // Failed
}
}
// Handle email
if ($typeID == 2) {
$msg = str_replace("%token%", $result['token'], $result2['template_data2']);
if ( ! Notification::submit_queue_email($result['userID'], $result2['template_data1'], $msg) ) {
Queue::update_notification_retries($result['task_id'], $result['subscriber_id']); // Sent
} else {
Queue::delete_notification($result['task_id'], $result['subscriber_id']); // Failed
}
}
}
// Check if queue log is empty and if so delete the queue_task
$stmt = $mysqli->query("SELECT id, (SELECT COUNT(*) FROM queue_notify AS qn WHERE qn.task_id = queue_task.id) AS count FROM queue_task");
while ( $result = $stmt->fetch_assoc() ) {
if ( $result['count'] == 0 ) {
Queue::delete_task($result['id']);
// Handle telegram
if ($typeID == 1) {
$msg = str_replace("#s", $result['firstname'], $result2['template_data2']);
if (!Notification::submit_queue_telegram($result['userID'], $result['firstname'], $msg)) {
Queue::update_notification_retries($result['task_id'], $result['subscriber_id']); // Sent
} else {
Queue::delete_notification($result['task_id'], $result['subscriber_id']); // Failed
}
}
// Handle email
if ($typeID == 2) {
$msg = str_replace("%token%", $result['token'], $result2['template_data2']);
if (!Notification::submit_queue_email($result['userID'], $result2['template_data1'], $msg)) {
Queue::update_notification_retries($result['task_id'], $result['subscriber_id']); // Sent
} else {
Queue::delete_notification($result['task_id'], $result['subscriber_id']); // Failed
}
}
}
// Check if queue log is empty and if so delete the queue_task
$stmt = $mysqli->query("SELECT id, (SELECT COUNT(*) FROM queue_notify AS qn WHERE qn.task_id = queue_task.id) AS count FROM queue_task");
while ($result = $stmt->fetch_assoc()) {
if ($result['count'] == 0) {
Queue::delete_task($result['id']);
}
}
}
}
classes/service-group.php
+18 -25
View File
@@ -1,7 +1,8 @@
<?php
/**
* Class for managing services
*/
* Class for managing services
*/
class ServiceGroup
{
private $id;
@@ -63,17 +64,15 @@ class ServiceGroup
public static function add()
{
global $user, $message;
if (strlen($_POST['group'])>50)
{
if (strlen($_POST['group']) > 50) {
$message = _("Service group name is too long! Character limit is 50");
return;
}else if (strlen(trim($_POST['group']))==0){
} else if (strlen(trim($_POST['group'])) == 0) {
$message = _("Please enter name!");
return;
}
if ($user->get_rank()<=1)
{
if ($user->get_rank() <= 1) {
global $mysqli;
$name = $_POST["group"];
$description = $_POST["description"];
@@ -82,9 +81,8 @@ class ServiceGroup
$stmt->bind_param("ssi", $name, $description, $visibility_id);
$stmt->execute();
$stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}else
{
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -92,17 +90,15 @@ class ServiceGroup
public static function edit()
{
global $user, $message;
if (strlen($_POST['group'])>50)
{
if (strlen($_POST['group']) > 50) {
$message = _("Service group name is too long! Character limit is 50");
return;
}else if (strlen(trim($_POST['group']))==0){
} else if (strlen(trim($_POST['group'])) == 0) {
$message = _("Please enter name!");
return;
}
if ($user->get_rank()<=1)
{
if ($user->get_rank() <= 1) {
global $mysqli;
$name = $_POST["group"];
$description = $_POST["description"];
@@ -112,9 +108,8 @@ class ServiceGroup
$stmt->bind_param("ssii", $name, $description, $visibility_id, $group_id);
$stmt->execute();
$stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}else
{
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -125,8 +120,7 @@ class ServiceGroup
public static function delete()
{
global $user, $message;
if ($user->get_rank()<=1)
{
if ($user->get_rank() <= 1) {
global $mysqli;
$id = $_GET['delete'];
@@ -140,10 +134,8 @@ class ServiceGroup
$stmt->execute();
$query = $stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}
else
{
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -153,7 +145,8 @@ class ServiceGroup
* Get list of services groups.
* @return array $groups
*/
public function get_groups() {
public function get_groups()
{
global $mysqli;
$stmt = $mysqli->query("SELECT id, name FROM services_groups ORDER by name ASC");
classes/service.php
+66 -75
View File
@@ -1,7 +1,8 @@
<?php
/**
* Class for managing services
*/
* Class for managing services
*/
class Service implements JsonSerializable
{
private $id;
@@ -17,7 +18,7 @@ class Service implements JsonSerializable
* @param String $descriotion service description for tooltip
* @param int $status current service status
*/
function __construct($id, $name, $description=null, $group_name='', $status=3)
function __construct($id, $name, $description = null, $group_name = '', $status = 3)
{
//TODO: Maybe get data from ID?
$this->id = $id;
@@ -72,17 +73,15 @@ class Service implements JsonSerializable
public static function add()
{
global $user, $message;
if (strlen($_POST['service'])>50)
{
if (strlen($_POST['service']) > 50) {
$message = _("Service name is too long! Character limit is 50");
return;
}else if (strlen(trim($_POST['service']))==0){
} else if (strlen(trim($_POST['service'])) == 0) {
$message = _("Please enter name!");
return;
}
if ($user->get_rank()<=1)
{
if ($user->get_rank() <= 1) {
global $mysqli;
$name = htmlspecialchars($_POST['service']);
$description = htmlspecialchars($_POST['description']);
@@ -91,48 +90,44 @@ class Service implements JsonSerializable
$stmt->bind_param("ssi", $name, $description, $group_id);
$stmt->execute();
$stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}else
{
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
/**
* Processes submitted form and adds service unless problem is encountered,
* calling this is possible only for admin or higher rank. Also checks requirements
* for char limits.
* @return void
*/
public static function edit()
{
global $user, $message;
if (strlen($_POST['service'])>50)
{
$message = _("Service name is too long! Character limit is 50");
return;
}else if (strlen(trim($_POST['service']))==0){
$message = _("Please enter name!");
return;
}
if ($user->get_rank()<=1)
{
global $mysqli;
$service_id = $_POST["id"];
$name = htmlspecialchars($_POST['service']);
$description = htmlspecialchars($_POST["description"]);
$group_id = $_POST["group_id"];
$stmt = $mysqli->prepare("UPDATE services SET name=?, description=?, group_id=? WHERE id = ?");
$stmt->bind_param("ssii", $name, $description, $group_id, $service_id);
$stmt->execute();
$stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}else
{
$message = _("You don't have the permission to do that!");
}
* Processes submitted form and adds service unless problem is encountered,
* calling this is possible only for admin or higher rank. Also checks requirements
* for char limits.
* @return void
*/
public static function edit()
{
global $user, $message;
if (strlen($_POST['service']) > 50) {
$message = _("Service name is too long! Character limit is 50");
return;
} else if (strlen(trim($_POST['service'])) == 0) {
$message = _("Please enter name!");
return;
}
if ($user->get_rank() <= 1) {
global $mysqli;
$service_id = $_POST["id"];
$name = htmlspecialchars($_POST['service']);
$description = htmlspecialchars($_POST["description"]);
$group_id = $_POST["group_id"];
$stmt = $mysqli->prepare("UPDATE services SET name=?, description=?, group_id=? WHERE id = ?");
$stmt->bind_param("ssii", $name, $description, $group_id, $service_id);
$stmt->execute();
$stmt->get_result();
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
/**
* Deletes this service - first checks if user has permission to do that.
* @return void
@@ -140,8 +135,7 @@ class Service implements JsonSerializable
public static function delete()
{
global $user, $message;
if ($user->get_rank()<=1)
{
if ($user->get_rank() <= 1) {
global $mysqli;
$id = $_GET['delete'];
@@ -151,8 +145,7 @@ class Service implements JsonSerializable
$query = $stmt->get_result();
while ($res = $query->fetch_assoc()) {
if ($res['count']==1)
{
if ($res['count'] == 1) {
Incident::delete($res['status']);
}
}
@@ -167,10 +160,8 @@ class Service implements JsonSerializable
$stmt->execute();
$query = $stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=settings");
}
else
{
header("Location: " . WEB_URL . "/admin/?do=settings");
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -180,25 +171,24 @@ class Service implements JsonSerializable
* @param Service[] $array array of services
* @return void
*/
public static function current_status($array){
public static function current_status($array)
{
global $all, $some, $classes;
$statuses = array(0,0,0,0);
$statuses = array(0, 0, 0, 0);
$worst = 5;
foreach ($array as $service) {
if ($service->status<$worst)
{
if ($service->status < $worst) {
$worst = $service->get_status();
}
$statuses[$service->get_status()]++;
}
echo '<div id="status-big" class="alert-'.$classes[$worst].'">';
echo '<div id="status-big" class="alert-' . $classes[$worst] . '">';
if ($statuses[$worst] == count($array))
{
if ($statuses[$worst] == count($array)) {
echo $all[$worst];
}else{
} else {
echo $some[$worst];
}
echo '</div>';
@@ -209,7 +199,8 @@ class Service implements JsonSerializable
* @param $boolGroup set to true if the groups name is to be rendered
* @return void
*/
public function render(){
public function render()
{
global $statuses;
global $classes;
static $arrCompletedGroups = array();
@@ -218,49 +209,50 @@ class Service implements JsonSerializable
// Check if previous ul has been opened, and if a empty/new group is being
// render_header, close the UL first.
if ( $boolOpened ) {
if ( empty($this->group_name) || !in_array($this->group_name, $arrCompletedGroups) ) {
if ($boolOpened) {
if (empty($this->group_name) || !in_array($this->group_name, $arrCompletedGroups)) {
echo '</ul>';
$boolOpened = false;
}
}
// If no group exist or group is new, start a new UL
if ( !empty($this->group_name) && !in_array($this->group_name, $arrCompletedGroups)) {
if (!empty($this->group_name) && !in_array($this->group_name, $arrCompletedGroups)) {
echo '<ul class="list-group components">';
//echo '<ul class="platforms list-group mb-2">';
// Render the group status if it exists
echo '<li class="list-group-item list-group-item-success group-name"><span><i class="fas fa-folder-open"></i></span>&nbsp;' . $this->group_name .'<div class="status '. $classes[$this->status] .'">'. _($statuses[$this->status]).'</div></li>';
echo '<li class="list-group-item list-group-item-success group-name"><span><i class="fas fa-folder-open"></i></span>&nbsp;' . $this->group_name . '<div class="status ' . $classes[$this->status] . '">' . _($statuses[$this->status]) . '</div></li>';
//echo '<li class="cist-group-item d-flex flex-row justify-content-between platform list-group-item-action py-0 expanded" role="button">' . $this->group_name .'<div class="status '. $classes[$this->status] .'"'. _($statuses[$this->status]).'</div></li>';
$arrCompletedGroups[] = $this->group_name;
$boolOpened = true;
}
if ( empty($this->group_name)) {
if (empty($this->group_name)) {
echo '<ul class="list-group components">';
// echo '<ul class="platforms list-group mb-2">';
// echo '<ul class="platforms list-group mb-2">';
$boolFinish = true;
}
// Render the service status
echo '<div>';
echo '<li class="list-group-item sub-component"><strong>' . $this->name .'</strong>';
echo '<li class="list-group-item sub-component"><strong>' . $this->name . '</strong>';
//echo '<li class="list-group-item d-flex flex-columns justify-content-between><span>+</span><h3 class="py-2 my-0 flex-fill expanded">' . $this->name . '</h3>';
if(!empty($this->description)) {
echo '<a class="desc-tool-tip" data-toggle="tooltip" data-placement="top" title="'.$this->description.'"> <span><i class="fas fa-question"></i></span></a>';
if (!empty($this->description)) {
echo '<a class="desc-tool-tip" data-toggle="tooltip" data-placement="top" title="' . $this->description . '"> <span><i class="fas fa-question"></i></span></a>';
}
if ($this->status!=-1){?><div class="status <?php echo $classes[$this->status];?>"><?php echo _($statuses[$this->status]);?></div>
<?php
if ($this->status != -1) { ?><div class="status <?php echo $classes[$this->status]; ?>"><?php echo _($statuses[$this->status]); ?></div>
<?php
}
echo '</li>';
if ( isset($boolFinish) && $boolFinish) {
if (isset($boolFinish) && $boolFinish) {
echo '</ul>';
}
echo '</div>';
}
public function jsonSerialize() {
public function jsonSerialize()
{
global $statuses;
return [
"id" => $this->id,
@@ -270,5 +262,4 @@ class Service implements JsonSerializable
"status_string" => $statuses[$this->status]
];
}
}
classes/subscriber.php
+16 -20
View File
@@ -4,7 +4,7 @@
* Subscriber class
*
*/
Class Subscriber
class Subscriber
{
public $id = null;
public $firstname = null;
@@ -15,7 +15,8 @@ Class Subscriber
public $typeID = null; // Holds subscription type ID
function __construct() {
function __construct()
{
$this->firstname = null;
$this->lastname = null;
$this->userID = "";
@@ -44,7 +45,6 @@ Class Subscriber
return $row['token'];
}
return false;
}
public function get_subscriber_by_token($token)
{
@@ -66,7 +66,7 @@ Class Subscriber
{
global $mysqli;
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE userID LIKE ? AND typeID = ? LIMIT 1");
$stmt->bind_param("si", $this->userID, $this->typeID );
$stmt->bind_param("si", $this->userID, $this->typeID);
$stmt->execute();
$result = $stmt->get_result();
@@ -77,7 +77,7 @@ Class Subscriber
return $row['subscriberID'];
} else {
// User is not registered in DB, so add if $create = true
if ( $create ) {
if ($create) {
$subscriber_id = $this->add($this->typeID, $this->userID, $this->active, $this->firstname, $this->lastname);
return $subscriber_id;
}
@@ -111,7 +111,7 @@ Class Subscriber
$expireTime = strtotime("+2 hours");
$updateTime = strtotime("now");
$token = $this->generate_token();
$stmt = $mysqli->prepare("INSERT INTO subscribers (typeID, userID, firstname, lastname, token, active, expires, create_time) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("issssiii", $typeID, $userID, $firstname, $lastname, $token, $active, $expireTime, $updateTime);
$stmt->execute();
@@ -135,7 +135,6 @@ Class Subscriber
$stmt->bind_param("ii", $updateTime, $subscriberID);
$stmt->execute();
return true;
}
public function activate($subscriberID)
@@ -164,7 +163,6 @@ Class Subscriber
$stmt->execute();
//$query = $stmt->get_result();
return true;
}
public function check_userid_exist()
@@ -177,7 +175,7 @@ Class Subscriber
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows > 0) {
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$this->id = $row['subscriberID'];
$this->populate();
@@ -192,7 +190,7 @@ Class Subscriber
$stmt = $mysqli->prepare("SELECT subscriberID, token, userID, active, expires FROM subscribers WHERE token LIKE ? LIMIT 1");
$stmt->bind_param("s", $token );
$stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
@@ -205,14 +203,14 @@ Class Subscriber
// If account is not already active, check if we are within timeframe of exipre +2h
// and active if so, otherwise,delete account and return falsev
if ( $row['active'] <> 1 ) {
if ($row['active'] <> 1) {
// Calculate time range for when subscription need to be validated
$time_end = $row['expires'];
$time_start = $time_end - (3600*2); // TODO - make this interval configurable via a config option
$time_start = $time_end - (3600 * 2); // TODO - make this interval configurable via a config option
$time_now = time();
if ( ($time_now > $time_start) && ($time_now < $time_end) ) {
if (($time_now > $time_start) && ($time_now < $time_end)) {
// Timefram is within range, active user..
$stmt2 = $mysqli->prepare("UPDATE subscribers SET active=1, expires=null WHERE subscriberID = ?");
$stmt2->bind_param("i", $row['subscriberID']);
@@ -223,7 +221,6 @@ Class Subscriber
$this->userID = $row['userID'];
$this->token = $row['token'];
return true;
} else {
// Timeframe outside of given scope -> delete account
$stmt2 = $mysqli->prepare("DELETE FROM subscribers WHERE subscriberID = ?");
@@ -251,7 +248,7 @@ Class Subscriber
{
global $mysqli;
if ( function_exists('openssl_random_pseudo_bytes') ) {
if (function_exists('openssl_random_pseudo_bytes')) {
$token = openssl_random_pseudo_bytes(32); //Generate a random string.
$token = bin2hex($token); //Convert the binary data into hexadecimal representation.
} else {
@@ -265,7 +262,7 @@ Class Subscriber
$stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0 ) {
if ($result->num_rows > 0) {
// token already exists, call self again
$token = $this->generate_token();
}
@@ -285,18 +282,18 @@ Class Subscriber
$key = '';
// build range and shuffle range using ASCII table
for ($i=0; $i<=255; $i++) {
for ($i = 0; $i <= 255; $i++) {
$range[] = chr($i);
}
// shuffle our range 3 times
for ($i=0; $i<=3; $i++) {
for ($i = 0; $i <= 3; $i++) {
shuffle($range);
}
// loop for random number generation
for ($i = 0; $i < mt_rand($min_length, $max_length); $i++) {
$key .= $range[mt_rand(0, count($range)-1)];
$key .= $range[mt_rand(0, count($range) - 1)];
}
$return = bin2hex($key);
@@ -325,5 +322,4 @@ Class Subscriber
unset($_SESSION['subscriber_id']);
unset($_SESSION['subscriber_token']);
}
}
classes/subscriptions.php
+31 -31
View File
@@ -4,30 +4,30 @@
* Subscriptions class
*
*/
Class Subscriptions
class Subscriptions
{
public function add($userID, $service)
{
global $mysqli;
$stmt = $mysqli->prepare("INSERT INTO services_subscriber (subscriberIDFK, serviceIDFK) VALUES (?, ?)");
$stmt->bind_param("ii", $userID, $service);
$stmt->execute();
//$query = $stmt->get_result();
return true;
}
public function remove($userID, $service)
{
global $mysqli;
$stmt = $mysqli->prepare("DELETE FROM services_subscriber WHERE subscriberIDFK = ? AND serviceIDFK = ?");
$stmt->bind_param("ii", $userID, $service);
$stmt->execute();
//$query = $stmt->get_result();
return true;
}
function render_subscribed_services($typeID, $subscriberID, $userID, $token)
{
global $mysqli;
@@ -41,54 +41,54 @@ Class Subscriptions
$query = $stmt->get_result();
$strNotifyType = _('E-mail Notification subscription');
if ( $typeID == 1 ) { $strNotifyType = _('Telegram Notification subscription'); }
if ($typeID == 1) {
$strNotifyType = _('Telegram Notification subscription');
}
?>
?>
<div class="row">
<div class="col-xs-12 col-lg-offset-2 col-lg-8">
<div class="text-center">
<h3><?php echo $strNotifyType; ?></h3>
<p><?php echo _("Manage notification subscription for"); echo "&nbsp". $userID; ?></p>
<a onclick="if (confirm('<?php echo _("Are you sure you want to cancel you subscription?");?>')){return true;}else{event.stopPropagation(); event.preventDefault();};" class="confirmation" href="index.php?do=unsubscribe&amp;type=<?php echo $typeID;?>&amp;token=<?php echo $token;?>"><button class="btn btn-danger"><?php echo _("Cancel Subscription");?></button></a>
<div class="col-xs-12 col-lg-offset-2 col-lg-8">
<div class="text-center">
<h3><?php echo $strNotifyType; ?></h3>
<p><?php echo _("Manage notification subscription for");
echo "&nbsp" . $userID; ?></p>
<a onclick="if (confirm('<?php echo _("Are you sure you want to cancel you subscription?"); ?>')){return true;}else{event.stopPropagation(); event.preventDefault();};" class="confirmation" href="index.php?do=unsubscribe&amp;type=<?php echo $typeID; ?>&amp;token=<?php echo $token; ?>"><button class="btn btn-danger"><?php echo _("Cancel Subscription"); ?></button></a>
</div>
</div>
</div>
</div>
<?php
<?php
echo '<h1>' . _("Your subscriptions") . "</h1>";
echo '<div class="list-group">';
$subs = array(); // Will be used to hold IDs of services already selected
if ($query->num_rows){
while($result = $query->fetch_assoc())
{
echo '<a href="'.WEB_URL.'/subscriptions.php?remove=' . $result['id'] .'" class="list-group-item"><span class="glyphicon glyphicon-remove text-danger"></span>&nbsp;' . $result['name'] . '</a>';
if ($query->num_rows) {
while ($result = $query->fetch_assoc()) {
echo '<a href="' . WEB_URL . '/subscriptions.php?remove=' . $result['id'] . '" class="list-group-item"><span class="glyphicon glyphicon-remove text-danger"></span>&nbsp;' . $result['name'] . '</a>';
$subs[] = $result['id'];
}
} else {
echo '<div class="container"><summary>'._("You do not currently subscribe to any services. Please add services from the list below.").'</summary></div>';
echo '<div class="container"><summary>' . _("You do not currently subscribe to any services. Please add services from the list below.") . '</summary></div>';
}
echo "</div>";
echo '<h1>' . _("Add new subscription") . '</h1>';
// Prepare to query for unselect services. If none are selected, query for all
$subsExp = null;
if (count($subs) > 0 ) {
$subsExp = 'NOT IN ('. implode(",", $subs) .')';
if (count($subs) > 0) {
$subsExp = 'NOT IN (' . implode(",", $subs) . ')';
}
$query = $mysqli->query("SELECT services.id, services.name from services WHERE services.id $subsExp");
echo '<div class="list-group">';
if ($query->num_rows){
while($result = $query->fetch_assoc()){
echo '<a href="'.WEB_URL.'/subscriptions.php?add=' . $result['id'] . '" class="list-group-item list-group-item-action"><span class="fas fa-plus text-success"></span>&nbsp;' . $result['name'] . '</a>';
if ($query->num_rows) {
while ($result = $query->fetch_assoc()) {
echo '<a href="' . WEB_URL . '/subscriptions.php?add=' . $result['id'] . '" class="list-group-item list-group-item-action"><span class="fas fa-plus text-success"></span>&nbsp;' . $result['name'] . '</a>';
}
} else {
echo '<div class="container"><summary>'._("No further services available for subscriptions.").'</summary></div>';
echo '<div class="container"><summary>' . _("No further services available for subscriptions.") . '</summary></div>';
}
echo '</div>';
}
}
}
classes/telegram.php
+78 -75
View File
@@ -1,82 +1,85 @@
<?php
Class Telegram
class Telegram
{
/**
* Get telegram user data
*
* Gets telegram user data from cookie and save it to array
*
* @return void
*
* @author Telegram
*
*
* @since 0.1
*/
function getTelegramUserData() {
if (isset($_COOKIE['tg_user'])) {
$auth_data_json = urldecode($_COOKIE['tg_user']);
$auth_data = json_decode($auth_data_json, true);
return $auth_data;
}
return false;
/**
* Get telegram user data
*
* Gets telegram user data from cookie and save it to array
*
* @return void
*
* @author Telegram
*
*
* @since 0.1
*/
function getTelegramUserData()
{
if (isset($_COOKIE['tg_user'])) {
$auth_data_json = urldecode($_COOKIE['tg_user']);
$auth_data = json_decode($auth_data_json, true);
return $auth_data;
}
/**
* Check if data is from telegram
*
* This checks if the data provides is from telegram. It includes a Fix for firefox
*
* @param mixed $auth_data The Authentication Data
*
* @return $auth_data
*
*/
function checkTelegramAuthorization($auth_data) {
$check_hash = $auth_data['hash'];
unset($auth_data['hash']);
$data_check_arr = [];
foreach ($auth_data as $key => $value) {
// $data_check_arr[] = $key . '=' . $value;
$data_check_arr[] = $key . '=' . str_replace('https:/t', 'https://t', $value);
}
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash('sha256', TG_BOT_API_TOKEN, true);
$hash = hash_hmac('sha256', $data_check_string, $secret_key);
if (strcmp($hash, $check_hash) !== 0) {
throw new Exception('Data is NOT from Telegram');
}
if ((time() - $auth_data['auth_date']) > 86400) {
throw new Exception('Data is outdated');
}
return $auth_data;
return false;
}
/**
* Check if data is from telegram
*
* This checks if the data provides is from telegram. It includes a Fix for firefox
*
* @param mixed $auth_data The Authentication Data
*
* @return $auth_data
*
*/
function checkTelegramAuthorization($auth_data)
{
$check_hash = $auth_data['hash'];
unset($auth_data['hash']);
$data_check_arr = [];
foreach ($auth_data as $key => $value) {
// $data_check_arr[] = $key . '=' . $value;
$data_check_arr[] = $key . '=' . str_replace('https:/t', 'https://t', $value);
}
/**
* Save telegram userdata
*
* Save the telegram user data in a cookie
* @return void
*/
function saveTelegramUserData($auth_data) {
$auth_data_json = json_encode($auth_data);
setcookie('tg_user', $auth_data_json);
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash('sha256', TG_BOT_API_TOKEN, true);
$hash = hash_hmac('sha256', $data_check_string, $secret_key);
if (strcmp($hash, $check_hash) !== 0) {
throw new Exception('Data is NOT from Telegram');
}
function get_telegram_subscriberid($user)
{
global $mysqli;
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE typeID=1 AND userID LIKE ? LIMIT 1");
$stmt->bind_param("s", $user);
$stmt->execute();
$result = $stmt->get_result();
if ( $result->num_rows) {
$row = $result->fetch_assoc();
$subscriberID = $row['subscriberID'];
return $subscriberID;
}
return null; // Return null on false
if ((time() - $auth_data['auth_date']) > 86400) {
throw new Exception('Data is outdated');
}
}
return $auth_data;
}
/**
* Save telegram userdata
*
* Save the telegram user data in a cookie
* @return void
*/
function saveTelegramUserData($auth_data)
{
$auth_data_json = json_encode($auth_data);
setcookie('tg_user', $auth_data_json);
}
function get_telegram_subscriberid($user)
{
global $mysqli;
$stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE typeID=1 AND userID LIKE ? LIMIT 1");
$stmt->bind_param("s", $user);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows) {
$row = $result->fetch_assoc();
$subscriberID = $row['subscriberID'];
return $subscriberID;
}
return null; // Return null on false
}
}
classes/token.php
+6 -5
View File
@@ -1,7 +1,8 @@
<?php
/**
* Class for creating and deleting tokens
*/
* Class for creating and deleting tokens
*/
class Token
{
/**
@@ -15,7 +16,7 @@ class Token
{
global $mysqli;
$salt = uniqid(mt_rand(), true);
$token = hash('sha256', $id.$salt);
$token = hash('sha256', $id . $salt);
$stmt = $mysqli->prepare("INSERT INTO tokens VALUES(?, ?, ?, ?)");
$stmt->bind_param("siis", $token, $id, $expire, $data);
$stmt->execute();
@@ -67,8 +68,8 @@ class Token
global $mysqli;
$time = time();
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE token = ? OR expire<?");
$stmt->bind_param("sd", $token,$time);
$stmt->bind_param("sd", $token, $time);
$stmt->execute();
$stmt->get_result();
}
}
}
classes/user.php
+223 -262
View File
@@ -1,7 +1,8 @@
<?php
/**
* Class that encapsulates everything that can be done with a user
*/
* Class that encapsulates everything that can be done with a user
*/
class User
{
private $id;
@@ -24,8 +25,7 @@ class User
$stmt->execute();
$query = $stmt->get_result();
if (!$query->num_rows)
{
if (!$query->num_rows) {
throw new Exception("User doesn't exist.");
return;
}
@@ -48,7 +48,7 @@ class User
{
return $this->username;
}
/**
* Returns whether this user is active
* @return Boolean user active status
@@ -57,7 +57,7 @@ class User
{
return $this->active;
}
/**
* Returns rank of this user
* @return int rank
@@ -66,7 +66,7 @@ class User
{
return $this->rank;
}
/**
* Returns full name of this user
* @return String name in "Name Surname" format
@@ -86,14 +86,13 @@ class User
global $mysqli, $message, $user;
$id = $_GET['id'];
if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{
if ($this->id != $_SESSION['user'] && $user->get_rank() <= 1 && ($user->get_rank() < $this->rank)) {
$stmt = $mysqli->prepare("UPDATE users SET active = !active WHERE id=?");
$stmt->bind_param("i", $this->id);
$stmt->execute();
$stmt->close();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
}else{
header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -108,94 +107,87 @@ class User
public static function add()
{
global $user, $message, $mysqli;
if (INSTALL_OVERRIDE || $user->get_rank()==0)
{
if (strlen(trim($_POST['name']))==0) {
if (INSTALL_OVERRIDE || $user->get_rank() == 0) {
if (strlen(trim($_POST['name'])) == 0) {
$messages[] = _("Name");
}
if(strlen(trim($_POST['surname']))==0) {
if (strlen(trim($_POST['surname'])) == 0) {
$messages[] = _("Surname");
}
if(strlen(trim($_POST['email']))==0) {
if (strlen(trim($_POST['email'])) == 0) {
$messages[] = _("Email");
}
if(strlen(trim($_POST['password']))==0) {
if (strlen(trim($_POST['password'])) == 0) {
$messages[] = _("Password");
}
if(!isset($_POST['permission']))
{
if (!isset($_POST['permission'])) {
$messages[] = _("Rank");
}
if (isset($messages)){
$message = "Please enter ".implode(", ", $messages);
if (isset($messages)) {
$message = "Please enter " . implode(", ", $messages);
return;
}
$name = $_POST['name'];
$surname = $_POST['surname'];
$username = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "Invalid email!";
return;
}
$variables = array();
if (strlen($name)>50){
if (strlen($name) > 50) {
$variables[] = 'name: 50';
}
if (strlen($surname)>50){
if (strlen($surname) > 50) {
$variables[] = 'surname: 50';
}
if (strlen($username)>50){
if (strlen($username) > 50) {
$variables[] = 'username: 50';
}
if (strlen($email)>60){
if (strlen($email) > 60) {
$variables[] = 'email: 60';
}
if (!empty($variables))
{
if (!empty($variables)) {
$message = _("Please mind the following character limits: ");
$message .= implode(", ", $variables);
return;
}
$salt = uniqid(mt_rand(), true);
$hash = hash('sha256', $pass.$salt);
$hash = hash('sha256', $pass . $salt);
$permission = $_POST['permission'];
$stmt = $mysqli->prepare("INSERT INTO users values (NULL, ?, ?, ?, ?, ?, ?, ?, 1)");
$stmt->bind_param("ssssssi", $email, $username, $name, $surname, $hash, $salt, $permission);
$stmt->execute();
if ($stmt->affected_rows==0)
{
if ($stmt->affected_rows == 0) {
$message = _("Username or email already used");
return;
}
$to = $email;
$subject = _('User account created').' - '.NAME;
$msg = sprintf(_("Hi %s!<br>"."Your account has been created. You can login with your email address at <a href=\"%s\">%s</a> with password %s - please change it as soon as possible."), $name." ".$surname,WEB_URL."/admin", WEB_URL."/admin", $pass);
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$subject = _('User account created') . ' - ' . NAME;
$msg = sprintf(_("Hi %s!<br>" . "Your account has been created. You can login with your email address at <a href=\"%s\">%s</a> with password %s - please change it as soon as possible."), $name . " " . $surname, WEB_URL . "/admin", WEB_URL . "/admin", $pass);
$headers = "Content-Type: text/html; charset=utf-8 " . PHP_EOL;
$headers .= "MIME-Version: 1.0 " . PHP_EOL;
$headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
$headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $msg, $headers);
if (!INSTALL_OVERRIDE)
{
header("Location: ".WEB_URL."/admin/?do=settings");
if (!INSTALL_OVERRIDE) {
header("Location: " . WEB_URL . "/admin/?do=settings");
}
}
else {
} else {
$message = _("You don't have the permission to do that!");
}
}
@@ -210,13 +202,11 @@ class User
public static function login()
{
global $message, $mysqli;
if (!isset($_POST['email']) && !isset($_POST['email']))
{
if (!isset($_POST['email']) && !isset($_POST['email'])) {
return;
}
if ((!isset($_POST['email']) || !isset($_POST['email'])))
{
if ((!isset($_POST['email']) || !isset($_POST['email']))) {
$message = _("Please fill in your email and password!");
return;
}
@@ -228,37 +218,33 @@ class User
$stmt->execute();
$query = $stmt->get_result();
if ($query->num_rows<1)
{
if ($query->num_rows < 1) {
$message = _("Wrong email or password");
return;
}
$result = $query->fetch_assoc();
$salt = $result["salt"];
$id = $result["id"];
$active = $result["active"];
if (!$active)
{
if (!$active) {
$message = _("Your account has been disabled. Please contact administrator.");
return;
}
$hash = hash('sha256', $pass.$salt);
$hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash=?");
$stmt->bind_param("is", $id, $hash);
$stmt->execute();
$query = $stmt->get_result();
if (!$query->fetch_assoc()['count'])
{
if (!$query->fetch_assoc()['count']) {
$message = _("Wrong email or password");
return;
}
if (isset($_POST['remember'])&&$_POST['remember'])
{
if (isset($_POST['remember']) && $_POST['remember']) {
$year = strtotime('+356 days', time());
$token = Token::add($id, 'remember', $year);
setcookie('token', $token, $year, "/");
@@ -266,7 +252,7 @@ class User
}
$_SESSION['user'] = $id;
header("Location: ".WEB_URL."/admin");
header("Location: " . WEB_URL . "/admin");
}
/**
@@ -281,24 +267,21 @@ class User
$id = $_COOKIE['user'];
$token = $_COOKIE['token'];
if (Token::validate($token, $id, "remember"))
{
if (Token::validate($token, $id, "remember")) {
$year = strtotime('+356 days', time());
unset($_COOKIE['token']);
$_SESSION['user'] = $id;
$new_token = Token::add($id, 'remember', $year);
setcookie('token', $new_token, $year, "/");
setcookie('user', $id, $year, "/");
}
else
{
} else {
unset($_COOKIE['user']);
unset($_COOKIE['token']);
setcookie('user', null, -1, '/');
setcookie('token', null, -1, '/');
$message = _("Invalid token detected, please login again!");
}
Token::delete($token);
}
/**
@@ -308,142 +291,137 @@ class User
public function render_user_settings()
{
global $permissions, $user;
?>
?>
<div class="row user">
<div class="col-md-2 col-md-offset-2"><img src="https://www.gravatar.com/avatar/<?php echo md5( strtolower( trim( $this->email ) ) );?>?s=160"
alt="<?php echo _("Profile picture");?>"></div>
<div class="col-md-2 col-md-offset-2"><img src="https://www.gravatar.com/avatar/<?php echo md5(strtolower(trim($this->email))); ?>?s=160" alt="<?php echo _("Profile picture"); ?>"></div>
<div class="col-md-6">
<?php if($this->id==$_SESSION['user']||$user->get_rank()<1){
?>
<form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="input-group">
<div class="col-md-12">
<div class="row">
<label class="form-name" for="name"><?php echo _("Name"); ?></label>
<label class="form-name" for="surname"><?php echo _("Surname"); ?></label>
</div>
<div class="row">
<input type="text" name="name" placeholder="<?php echo _("Name"); ?>"
title="<?php echo _("Name"); ?>" class="form-control form-name"
value=<?php echo htmlspecialchars($this->name, ENT_QUOTES);?>>
<input type="text" name="surname" placeholder="<?php echo _("Surname"); ?>"
title="<?php echo _("Surname"); ?>" class="form-control form-name"
value=<?php echo htmlspecialchars($this->surname, ENT_QUOTES);?>>
<?php if ($this->id == $_SESSION['user'] || $user->get_rank() < 1) {
?>
<form action="<?php echo WEB_URL; ?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="input-group">
<div class="col-md-12">
<div class="row">
<label class="form-name" for="name"><?php echo _("Name"); ?></label>
<label class="form-name" for="surname"><?php echo _("Surname"); ?></label>
</div>
<div class="row">
<input type="text" name="name" placeholder="<?php echo _("Name"); ?>" title="<?php echo _("Name"); ?>" class="form-control form-name" value=<?php echo htmlspecialchars($this->name, ENT_QUOTES); ?>>
<input type="text" name="surname" placeholder="<?php echo _("Surname"); ?>" title="<?php echo _("Surname"); ?>" class="form-control form-name" value=<?php echo htmlspecialchars($this->surname, ENT_QUOTES); ?>>
</div>
</div>
</div>
</div>
<div class="input-group">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change name");?></button>
</div>
</form>
<div class="input-group">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change name"); ?></button>
</div>
</form>
<?php
}else{
} else {
?>
<h3><?php echo $this->name." ".$this->surname;?></h3>
<h3><?php echo $this->name . " " . $this->surname; ?></h3>
<?php
}?>
} ?>
</div>
</div>
<form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<form action="<?php echo WEB_URL; ?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username");?></strong></div>
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username"); ?></strong></div>
<div class="col-md-6">
<?php
if ($this->id==$_SESSION['user'] || $user->get_rank()<1){?>
<div class="input-group">
<input type="text" class="form-control" name="username" required value="<?php echo htmlspecialchars($this->username, ENT_QUOTES);?>">
<span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change username");?></button>
</span>
</div>
<?php
}else{?><?php echo $this->username." ";
if ($user->get_rank()>=1){
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>";
}
}
?>
if ($this->id == $_SESSION['user'] || $user->get_rank() < 1) { ?>
<div class="input-group">
<input type="text" class="form-control" name="username" required value="<?php echo htmlspecialchars($this->username, ENT_QUOTES); ?>">
<span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change username"); ?></button>
</span>
</div>
<?php
} else { ?><?php echo $this->username . " ";
if ($user->get_rank() >= 1) {
echo "<i class='fa fa-" . ($this->active ? "check success" : "times danger") . "'></i>";
}
}
?>
</div>
</div>
</form>
<form action="<?php echo WEB_URL;?>/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
<form action="<?php echo WEB_URL; ?>/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role");?></strong></div>
<div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?>
<div class="input-group"><select class="form-control" name="permission">
<?php foreach ($permissions as $key => $value) {
echo "<option value='$key' ".($key==$this->rank?"selected":"").">$value</option>";
} ?>
</select><span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change role");?></button>
</span>
</div><?php }else{ echo $permissions[$this->rank];}?></div>
</div>
</form>
<?php if($this->id==$_SESSION['user']||$user->get_rank()<1)
{?>
<form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong>Email</strong></div>
<div class="col-md-6">
<div class="input-group">
<input type="email" class="form-control" name="email" value="<?php echo $this->email; ?>">
<span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change email");?></button>
</span>
</div>
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role"); ?></strong></div>
<div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']) { ?>
<div class="input-group"><select class="form-control" name="permission">
<?php foreach ($permissions as $key => $value) {
echo "<option value='$key' " . ($key == $this->rank ? "selected" : "") . ">$value</option>";
} ?>
</select><span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change role"); ?></button>
</span>
</div><?php } else {
echo $permissions[$this->rank];
} ?>
</div>
</div>
</form>
<?php }else
{
<?php if ($this->id == $_SESSION['user'] || $user->get_rank() < 1) { ?>
<form action="<?php echo WEB_URL; ?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong>Email</strong></div>
<div class="col-md-6">
<div class="input-group">
<input type="email" class="form-control" name="email" value="<?php echo $this->email; ?>">
<span class="input-group-btn">
<button type="submit" class="btn btn-primary pull-right"><?php echo _("Change email"); ?></button>
</span>
</div>
</div>
</div>
</form>
<?php } else {
?>
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Email");?></strong></div>
<div class="col-md-6">
<a href="mailto:<?php echo $this->email; ?>"><?php echo $this->email; ?></a>
</div>
</div>
<?php
}
if($this->id==$_SESSION['user']){
?>
<form action="<?php echo WEB_URL;?>/admin/?do=user" method="POST">
<div class="row">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Password");?></strong></div>
<div class="row user">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Email"); ?></strong></div>
<div class="col-md-6">
<label for="password"><?php echo _("Old password");?></label>
<input id="password" placeholder="<?php echo _("Old password");?>" type="password" class="form-control" name="old_password">
<label for="new_password"><?php echo _("New password");?></label>
<input id="new_password" placeholder="<?php echo _("New password");?>" type="password" class="form-control" name="password">
<label for="new_password_check"><?php echo _("Repeat password");?></label>
<input id="new_password_check" placeholder="<?php echo _("Repeat password");?>" type="password" class="form-control" name="password_repeat">
<button type="submit" class="btn btn-primary pull-right margin-top"><?php echo _("Change password");?></button>
<a href="mailto:<?php echo $this->email; ?>"><?php echo $this->email; ?></a>
</div>
</div>
</form>
<?php
}
if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{?>
<div class="row">
<div class="col-md-2 col-md-offset-2"></div>
<div class="col-md-6">
<?php
if ($this->active){
echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-danger">'._("Deactivate user")."</a>";
}else{
echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-success">'._("Activate user")."</a>";
}
?>
}
if ($this->id == $_SESSION['user']) {
?>
<form action="<?php echo WEB_URL; ?>/admin/?do=user" method="POST">
<div class="row">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Password"); ?></strong></div>
<div class="col-md-6">
<label for="password"><?php echo _("Old password"); ?></label>
<input id="password" placeholder="<?php echo _("Old password"); ?>" type="password" class="form-control" name="old_password">
<label for="new_password"><?php echo _("New password"); ?></label>
<input id="new_password" placeholder="<?php echo _("New password"); ?>" type="password" class="form-control" name="password">
<label for="new_password_check"><?php echo _("Repeat password"); ?></label>
<input id="new_password_check" placeholder="<?php echo _("Repeat password"); ?>" type="password" class="form-control" name="password_repeat">
<button type="submit" class="btn btn-primary pull-right margin-top"><?php echo _("Change password"); ?></button>
</div>
</div>
</form>
<?php
}
if ($this->id != $_SESSION['user'] && $user->get_rank() <= 1 && ($user->get_rank() < $this->rank)) { ?>
<div class="row">
<div class="col-md-2 col-md-offset-2"></div>
<div class="col-md-6">
<?php
if ($this->active) {
echo '<a href="' . WEB_URL . '/admin/?do=user&id=' . $this->id . '&what=toggle" class="btn btn-danger">' . _("Deactivate user") . "</a>";
} else {
echo '<a href="' . WEB_URL . '/admin/?do=user&id=' . $this->id . '&what=toggle" class="btn btn-success">' . _("Activate user") . "</a>";
}
?>
</div>
</div>
</div>
<?php }
<?php }
}
/**
@@ -456,24 +434,22 @@ class User
$id = $this->id;
$stmt = $mysqli->prepare("SELECT count(*) FROM users WHERE username LIKE ?");
$stmt->bind_param("s",$_POST["username"]);
$stmt->bind_param("s", $_POST["username"]);
$stmt->execute();
if ($stmt->num_rows > 0)
{
if ($stmt->num_rows > 0) {
$message = _("This username is already taken.");
return;
}
$stmt->close();
if ($_SESSION['user'] != $id && $user->get_rank()>0)
{
if ($_SESSION['user'] != $id && $user->get_rank() > 0) {
$message = _("Cannot change username of other users!");
}else{
} else {
$stmt = $mysqli->prepare("UPDATE users SET username = ? WHERE id=?");
$stmt->bind_param("si",$_POST["username"],$id);
$stmt->bind_param("si", $_POST["username"], $id);
$stmt->execute();
$stmt->close();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
}
}
@@ -484,30 +460,28 @@ class User
public function change_name()
{
global $mysqli, $message, $user;
if (strlen(trim($_POST['name']))==0) {
if (strlen(trim($_POST['name'])) == 0) {
$messages[] = _("Name");
}
if(strlen(trim($_POST['surname']))==0) {
if (strlen(trim($_POST['surname'])) == 0) {
$messages[] = _("Surname");
}
if (!empty($messages))
{
$message = "Please enter ".implode(", ", $messages);
if (!empty($messages)) {
$message = "Please enter " . implode(", ", $messages);
return;
}
$id = $this->id;
if ($_SESSION['user'] != $id && $user->get_rank()>0)
{
if ($_SESSION['user'] != $id && $user->get_rank() > 0) {
$message = _("Cannot change names of other users!");
}else{
} else {
$stmt = $mysqli->prepare("UPDATE users SET `name` = ?, `surname` = ? WHERE id=?");
$stmt->bind_param("ssi",$_POST["name"],$_POST["surname"],$id);
$stmt->bind_param("ssi", $_POST["name"], $_POST["surname"], $id);
$stmt->execute();
$stmt->close();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
}
}
@@ -521,18 +495,15 @@ class User
{
global $mysqli, $message;
$id = $this->id;
if ($_POST['password']!=$_POST['password_repeat'])
{
if ($_POST['password'] != $_POST['password_repeat']) {
$message = _("Passwords do not match!");
return;
}
if (!$token)
{
if ($_SESSION['user']!=$id)
{
if (!$token) {
if ($_SESSION['user'] != $id) {
$message = _("Cannot change password of other users!");
}else{
} else {
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
@@ -541,35 +512,32 @@ class User
$salt = $result['salt'];
$pass = $_POST['old_password'];
$hash = hash('sha256', $pass.$salt);
$hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash = ?");
$stmt->bind_param("is", $id, $hash);
$stmt->execute();
if ($stmt->get_result()->fetch_assoc()['count'])
{
if ($stmt->get_result()->fetch_assoc()['count']) {
$pass = $_POST['password'];
$hash = hash('sha256', $pass.$salt);
$hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
$stmt->bind_param("si", $hash, $id);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
$stmt->bind_param("d", $id);
$stmt->execute();
$stmt->bind_param("d", $id);
$stmt->execute();
$stmt->get_result();
User::logout();
}
else{
} else {
$message = _("Wrong password!");
}
}
}else{
if (Token::validate($token, $id, "passwd"))
{
} else {
if (Token::validate($token, $id, "passwd")) {
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
@@ -578,20 +546,18 @@ class User
$salt = $result['salt'];
$pass = $_POST['password'];
$hash = hash('sha256', $pass.$salt);
$hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
$stmt->bind_param("si", $hash,$id);
$stmt->bind_param("si", $hash, $id);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
$stmt->bind_param("d", $id);
$stmt->execute();
$stmt->get_result();
}
else
{
$stmt->bind_param("d", $id);
$stmt->execute();
$stmt->get_result();
} else {
$message = _("Invalid token detected, please retry your request from start!");
}
Token::delete($token);
@@ -612,41 +578,41 @@ class User
$stmt->execute();
$query = $stmt->get_result();
$id = $query->fetch_assoc()['id'];
$id = $query->fetch_assoc()['id'];
$time = strtotime('+1 day', time());
$token = Token::add($id, 'passwd', $time);
$link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
$link = WEB_URL . "/admin/?do=lost-password&id=$id&token=$token";
$to = $email;
$user = new User($id);
$subject = _('Reset password') . ' - '.NAME;
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">RESET PASSWORD</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$subject = _('Reset password') . ' - ' . NAME;
$msg = sprintf(_("Hi %s!<br>Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">RESET PASSWORD</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 " . PHP_EOL;
$headers .= "MIME-Version: 1.0 " . PHP_EOL;
$headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
$headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $msg, $headers);
}
}
/**
* Sends email with link for email change confirmation (security reasons), link is token protected and valid only once.
* @return void
*/
public function email_link(){
public function email_link()
{
global $user, $mysqli;
$email = $_POST['email'];
$id = $this->id;
if ($user->get_rank()<1 && $id!=$_SESSION['user'])
{
if ($user->get_rank() < 1 && $id != $_SESSION['user']) {
$stmt = $mysqli->prepare("UPDATE users SET email = ? WHERE id=?");
$stmt->bind_param("sd", $email, $id);
$stmt->execute();
$stmt->get_result();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
return;
}
@@ -654,14 +620,14 @@ class User
$token = Token::add($id, 'email;$email', $time);
$link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
$link = WEB_URL . "/admin/?do=change-email&id=$id&token=$token";
$to = $email;
$subject = _('Email change').' - '.NAME;
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
$subject = _('Email change') . ' - ' . NAME;
$msg = sprintf(_("Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 " . PHP_EOL;
$headers .= "MIME-Version: 1.0 " . PHP_EOL;
$headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
$headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $msg, $headers);
return _('Confirmation email sent!');
@@ -677,8 +643,7 @@ class User
$token = $_GET['token'];
$id = $_GET['id'];
if (Token::validate($token, $id, "email;%"))
{
if (Token::validate($token, $id, "email;%")) {
$data = explode(";", Token::get_data($token, $id));
$email = $data[1];
@@ -688,25 +653,22 @@ class User
$stmt->execute();
$stmt->get_result();
Token::delete($token);
header("Location: ".WEB_URL."/admin/");
}
else
{
header("Location: " . WEB_URL . "/admin/");
} else {
$message = _("Invalid token detected, please retry your request from start!");
}
Token::delete($token);
}
/**
* Logs current user out.
* @return void
*/
public static function logout(){
public static function logout()
{
session_unset();
if (isset($_COOKIE['token']))
{
if (isset($_COOKIE['token'])) {
$token = $_COOKIE['token'];
Token::delete($token);
unset($_COOKIE['user']);
@@ -714,26 +676,25 @@ class User
setcookie('user', null, -1, '/');
setcookie('token', null, -1, '/');
}
header("Location: ".WEB_URL."/admin");
header("Location: " . WEB_URL . "/admin");
}
/**
* Changes permissions of current user - only super admin can do this, so it checks permission first.
* @return void
*/
public function change_permission(){
public function change_permission()
{
global $mysqli, $message, $user;
if ($user->get_rank()==0)
{
if ($user->get_rank() == 0) {
$permission = $_POST['permission'];
$id = $_GET['id'];
$stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
$stmt->bind_param("si", $permission, $id);
$stmt->execute();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
}
else{
$stmt->execute();
header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
} else {
$message = _("You don't have permission to do that!");
}
}
}
}