2020-04-27 23:27:39 +02:00
|
|
|
<?php
|
2020-05-02 12:06:45 +02:00
|
|
|
require_once 'vendor/autoload.php';
|
|
|
|
use Tracy\Debugger;
|
2020-04-27 23:27:39 +02:00
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
if(!file_exists("config.php") && !file_exists("../../config.php")) header('Location: install/install.php');
|
|
|
|
|
|
|
|
require_once 'config.php';
|
2020-05-02 12:06:45 +02:00
|
|
|
|
|
|
|
session_start();
|
|
|
|
date_default_timezone_set('Europe/Rome');
|
|
|
|
|
|
|
|
class tools{
|
2020-06-17 12:05:10 +02:00
|
|
|
public $check_cf_ip;
|
|
|
|
|
|
|
|
public function __construct($check_cf_ip){
|
2020-05-02 12:06:45 +02:00
|
|
|
define("TOOLS", "OK");
|
2020-06-17 12:05:10 +02:00
|
|
|
$this->check_cf_ip = $check_cf_ip;
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
2020-05-29 12:13:33 +02:00
|
|
|
public function validate_form_data($data, $noempty=true, $value=null){
|
2020-05-02 12:06:45 +02:00
|
|
|
if(!is_array($data) && isset($data) && !empty($data)){
|
|
|
|
if(substr($data, 0, 6) == '$post-'){
|
|
|
|
$data = substr($data, 6);
|
|
|
|
if(isset($_POST[$data])){
|
|
|
|
$data = $_POST[$data];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if(is_array($data)){
|
|
|
|
if(empty($data)){
|
2020-05-29 12:13:33 +02:00
|
|
|
$continue = false;
|
2020-05-02 12:06:45 +02:00
|
|
|
return false;
|
|
|
|
} else {
|
2020-05-29 12:13:33 +02:00
|
|
|
$continue = true;
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-05-29 12:13:33 +02:00
|
|
|
if($continue){
|
|
|
|
foreach($data as $key=>$value){
|
|
|
|
if(!is_array($value) && isset($value) && !empty($value)){
|
|
|
|
if(substr($value, 0, 6) == '$post-'){
|
|
|
|
$value = substr($value, 6);
|
|
|
|
if(isset($_POST[$value])){
|
|
|
|
$value = $_POST[$value];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-05-29 12:13:33 +02:00
|
|
|
if($continue){
|
|
|
|
if(!is_array($value)){
|
|
|
|
bdump($value);
|
2020-05-02 12:06:45 +02:00
|
|
|
bdump("_");
|
2020-05-29 12:13:33 +02:00
|
|
|
$validazione = $this->validate_form_data($value, $noempty, $value);
|
2020-05-02 12:06:45 +02:00
|
|
|
if(!$validazione){
|
2020-05-29 12:13:33 +02:00
|
|
|
$continue = false;
|
2020-05-02 12:06:45 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-05-29 12:13:33 +02:00
|
|
|
if($continue){
|
2020-05-02 12:06:45 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if(isset($data)) {
|
|
|
|
if(!empty($data)){
|
2020-05-29 12:13:33 +02:00
|
|
|
if(!is_null($value)){
|
|
|
|
return $value == $data;
|
2020-05-02 12:06:45 +02:00
|
|
|
} else {
|
|
|
|
bdump($data);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function get_ip(){
|
|
|
|
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
}else{
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
}
|
2020-06-17 12:05:10 +02:00
|
|
|
if($this->check_cf_ip){
|
2020-05-02 12:06:45 +02:00
|
|
|
if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
|
|
|
|
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $ip;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function get_page_url(){
|
|
|
|
if(!empty($_SERVER["HTTPS"])){
|
|
|
|
if($_SERVER["HTTPS"] == "on"){
|
|
|
|
$protocol = "https";
|
|
|
|
} else {
|
|
|
|
$protocol = "http";
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$protocol = "http";
|
|
|
|
}
|
|
|
|
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
|
|
|
|
return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . $_SERVER['REQUEST_URI'];
|
|
|
|
}
|
|
|
|
|
|
|
|
public function redirect($url){
|
|
|
|
if (!headers_sent()){
|
|
|
|
header('Location: '.$url);
|
|
|
|
exit;
|
|
|
|
} else {
|
|
|
|
echo '<script type="text/javascript">';
|
|
|
|
echo 'window.location.href="'.$url.'";';
|
|
|
|
echo '</script>';
|
|
|
|
echo '<noscript>';
|
|
|
|
echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
|
|
|
|
echo '</noscript>';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
function extract_unique($data){
|
|
|
|
$array2=[];
|
|
|
|
foreach($data as $arr){
|
|
|
|
if(is_array($arr)){
|
|
|
|
$tmp = $this->extract_unique($arr);
|
|
|
|
foreach($tmp as $temp){
|
|
|
|
if(!is_array($temp)){
|
|
|
|
if(!in_array($temp, $array2)){
|
|
|
|
$array2[] = $temp;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if(!in_array($arr, $array2)){
|
|
|
|
$array2[] = $arr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $array2;
|
|
|
|
}
|
2020-07-12 10:57:02 +02:00
|
|
|
|
|
|
|
public function createKey($hashCode=false, $lenght=128){
|
|
|
|
$code = str_replace(".", "", bin2hex(random_bytes(10)).base64_encode(openssl_random_pseudo_bytes(30)));
|
|
|
|
if($hashCode){
|
|
|
|
$code = $code.".".hash("sha256", $code);
|
|
|
|
}
|
|
|
|
return $code;
|
|
|
|
}
|
2020-04-27 23:27:39 +02:00
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
|
|
|
|
class database{
|
|
|
|
protected $db_host = DB_HOST;
|
|
|
|
protected $db_dbname = DB_NAME;
|
|
|
|
protected $db_username = DB_USER;
|
|
|
|
protected $db_password = DB_PASSWORD;
|
2020-05-20 22:49:36 +02:00
|
|
|
public $connection = null;
|
2020-05-02 12:06:45 +02:00
|
|
|
public $query = null;
|
|
|
|
public $stmt = null;
|
|
|
|
|
2020-05-29 12:13:33 +02:00
|
|
|
public function connect(){
|
2020-05-02 12:06:45 +02:00
|
|
|
try {
|
2020-05-20 22:49:36 +02:00
|
|
|
$this->connection = new PDO("mysql:host=" . $this->db_host . ";dbname=" . $this->db_dbname, $this->db_username, $this->db_password);
|
|
|
|
$this->connection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
|
|
|
|
$this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
catch(PDOException $e)
|
|
|
|
{
|
|
|
|
exit($e->getMessage());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-06-05 17:56:22 +02:00
|
|
|
public function isOptionsEmpty(){
|
2020-06-05 21:03:13 +02:00
|
|
|
return empty($this->exec("SELECT * FROM `%PREFIX%_options`;", true));
|
2020-06-05 17:56:22 +02:00
|
|
|
}
|
|
|
|
|
2020-05-02 12:06:45 +02:00
|
|
|
public function __construct(){
|
|
|
|
if(!defined("DATABASE")){
|
|
|
|
define("DATABASE", "OK");
|
|
|
|
}
|
2020-05-29 12:13:33 +02:00
|
|
|
$this->connect();
|
2020-06-05 21:03:13 +02:00
|
|
|
if($this->isOptionsEmpty()){
|
2020-06-05 17:56:22 +02:00
|
|
|
header('Location: install/install.php');
|
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function close(){
|
2020-05-20 22:49:36 +02:00
|
|
|
$this->connection = null;
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
2020-07-07 18:02:46 +02:00
|
|
|
public function exec($sql1, $fetch=false, $param=null, ...$others_params){
|
2020-05-02 12:06:45 +02:00
|
|
|
try{
|
2020-07-07 18:02:46 +02:00
|
|
|
//$this->connection->beginTransaction();
|
|
|
|
array_unshift($others_params,$sql1);
|
|
|
|
bdump($others_params);
|
|
|
|
$toReturn = [];
|
|
|
|
foreach($others_params as $sql){
|
|
|
|
$sql = str_replace("%PREFIX%", DB_PREFIX, $sql);
|
|
|
|
bdump($sql);
|
|
|
|
$this->stmt = $this->connection->prepare($sql);
|
|
|
|
if(!is_null($param)){
|
|
|
|
$this->query = $this->stmt->execute($param);
|
|
|
|
} else {
|
|
|
|
$this->query = $this->stmt->execute();
|
|
|
|
}
|
|
|
|
bdump($this->query);
|
|
|
|
|
|
|
|
if($fetch == true){
|
|
|
|
if(count($others_params) > 1) {
|
|
|
|
$toReturn[] = $this->stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
} else {
|
|
|
|
$toReturn = $this->stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
}
|
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-07-07 18:02:46 +02:00
|
|
|
//$this->connection->commit();
|
|
|
|
//$this->stmt->closeCursor();
|
|
|
|
return $toReturn;
|
2020-05-02 12:06:45 +02:00
|
|
|
} catch (PDOException $e) {
|
2020-05-29 12:13:33 +02:00
|
|
|
print "Error!: " . $e->getMessage() . "<br/>";
|
2020-07-07 18:02:46 +02:00
|
|
|
//$this->connection->rollBack();
|
2020-05-02 12:06:45 +02:00
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-29 12:13:33 +02:00
|
|
|
public function exists($table, $id){
|
2020-07-03 12:10:41 +02:00
|
|
|
$risultato = $this->exec("SELECT :table FROM `%PREFIX%_services` WHERE id = :id;", true, [":table" => $table, ":id" => $id]);
|
2020-05-02 12:06:45 +02:00
|
|
|
return !empty($risultato);
|
|
|
|
}
|
|
|
|
|
2020-06-06 18:58:37 +02:00
|
|
|
public function getOption($name){
|
|
|
|
if(defined($name)){
|
|
|
|
return constant($name);
|
|
|
|
} else {
|
|
|
|
$option = $this->exec("SELECT `value` FROM `%PREFIX%_options` WHERE `name` = :name AND `enabled` = 1;", true, [":name" => $name]);
|
|
|
|
return empty($option) ? "" : $option[0]["value"];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-06-07 13:56:12 +02:00
|
|
|
public function incrementa($incrementa){
|
|
|
|
bdump($incrementa);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services + 1 WHERE id IN ($incrementa);";
|
2020-06-07 13:56:12 +02:00
|
|
|
$this->exec($sql, false);
|
|
|
|
}
|
|
|
|
|
2020-06-09 21:50:41 +02:00
|
|
|
public function getIncrementa($id){
|
|
|
|
bdump($id);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "SELECT `incrementa` FROM `%PREFIX%_services` WHERE `id` = :id";
|
2020-06-09 21:50:41 +02:00
|
|
|
$incrementa = $this->exec($sql, true, [":id" => $id])[0]['incrementa'];
|
|
|
|
bdump($incrementa);
|
|
|
|
return $incrementa;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function diminuisci($id){
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services - 1 WHERE id IN ({$this->getIncrementa($id)});";
|
2020-06-09 21:50:41 +02:00
|
|
|
$this->exec($sql, false);
|
|
|
|
}
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function incrementa_trainings($incrementa){
|
2020-07-01 21:00:53 +02:00
|
|
|
bdump($incrementa);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings + 1 WHERE id IN ($incrementa);";
|
2020-07-01 21:00:53 +02:00
|
|
|
$this->exec($sql, false);
|
|
|
|
}
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function getIncrementa_trainings($id){
|
2020-07-01 21:00:53 +02:00
|
|
|
bdump($id);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "SELECT `incrementa` FROM `%PREFIX%_trainings` WHERE `id` = :id";
|
2020-07-01 21:00:53 +02:00
|
|
|
$incrementa = $this->exec($sql, true, [":id" => $id])[0]['incrementa'];
|
|
|
|
bdump($incrementa);
|
|
|
|
return $incrementa;
|
|
|
|
}
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function diminuisci_trainings($id){
|
|
|
|
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings - 1 WHERE id IN ({$this->getIncrementa_trainings($id)});";
|
2020-07-01 21:00:53 +02:00
|
|
|
$this->exec($sql, false);
|
|
|
|
}
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function add_service($data, $codice, $uscita, $rientro, $capo, $autisti, $personale, $luogo, $note, $tipo, $incrementa, $inseritoda){
|
2020-05-02 12:06:45 +02:00
|
|
|
$autisti = implode(",", $autisti);
|
|
|
|
bdump($autisti);
|
|
|
|
$personale = implode(",", $personale);
|
|
|
|
bdump($personale);
|
|
|
|
$incrementa = implode(",", $incrementa);
|
|
|
|
bdump($incrementa);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "INSERT INTO `%PREFIX%_services` (`id`, `data`, `codice`, `uscita`, `rientro`, `capo`, `autisti`, `personale`, `luogo`, `note`, `tipo`, `incrementa`, `inseritoda`) VALUES (NULL, :data, :codice, :uscita, :rientro, :capo, :autisti, :personale, :luogo, :note, :tipo, :incrementa, :inseritoda);";
|
2020-06-07 13:56:12 +02:00
|
|
|
$this->exec($sql, false, [":data" => $data, ":codice" => $codice, "uscita" => $uscita, ":rientro" => $rientro, ":capo" => $capo, ":autisti" => $autisti, ":personale" => $personale, ":luogo" => $luogo, ":note" => $note, ":tipo" => $tipo, ":incrementa" => $incrementa, ":inseritoda" => $inseritoda]);
|
|
|
|
$this->incrementa($incrementa);
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-06-07 16:09:37 +02:00
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function remove_service($id){
|
2020-06-09 21:50:41 +02:00
|
|
|
$this->diminuisci($id);
|
2020-07-03 12:10:41 +02:00
|
|
|
$this->exec("DELETE FROM `%PREFIX%_services` WHERE `id` = :id", true, [":id" => $id]);
|
2020-06-09 21:50:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function change_service($id, $data, $codice, $uscita, $rientro, $capo, $autisti, $personale, $luogo, $note, $tipo, $incrementa, $inseritoda){
|
|
|
|
$this->remove_service($id); // TODO: update, instead of removing and re-adding (with another id)
|
|
|
|
$this->add_service($data, $codice, $uscita, $rientro, $capo, $autisti, $personale, $luogo, $note, $tipo, $incrementa, $inseritoda);
|
2020-06-07 16:09:37 +02:00
|
|
|
}
|
2020-07-01 21:00:53 +02:00
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function add_training($data, $name, $start_time, $end_time, $capo, $personale, $luogo, $note, $incrementa, $inseritoda){
|
2020-07-01 21:00:53 +02:00
|
|
|
$personale = implode(",", $personale);
|
|
|
|
bdump($personale);
|
|
|
|
$incrementa = implode(",", $incrementa);
|
|
|
|
bdump($incrementa);
|
2020-07-03 12:10:41 +02:00
|
|
|
$sql = "INSERT INTO `%PREFIX%_trainings` (`id`, `data`, `name`, `inizio`, `fine`, `capo`, `personale`, `luogo`, `note`, `incrementa`, `inseritoda`) VALUES (NULL, :data, :name, :start_time, :end_time, :capo, :personale, :luogo, :note, :incrementa, :inseritoda);";
|
2020-07-01 21:00:53 +02:00
|
|
|
$this->exec($sql, false, [":data" => $data, ":name" => $name, "start_time" => $start_time, ":end_time" => $end_time, ":capo" => $capo, ":personale" => $personale, ":luogo" => $luogo, ":note" => $note, ":incrementa" => $incrementa, ":inseritoda" => $inseritoda]);
|
2020-07-03 12:10:41 +02:00
|
|
|
$this->incrementa_trainings($incrementa);
|
2020-07-01 21:00:53 +02:00
|
|
|
}
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function remove_training($id){
|
|
|
|
$this->diminuisci_trainings($id);
|
2020-07-01 21:00:53 +02:00
|
|
|
bdump($id);
|
2020-07-03 12:10:41 +02:00
|
|
|
$this->exec("DELETE FROM `%PREFIX%_trainings` WHERE `id` = :id", true, [":id" => $id]);
|
2020-07-01 21:00:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-07-03 12:10:41 +02:00
|
|
|
public function change_training($id, $data, $name, $start_time, $end_time, $capo, $personale, $luogo, $note, $incrementa, $inseritoda){
|
|
|
|
$this->remove_training($id); // TODO: update, instead of removing and re-adding (with another id)
|
2020-07-01 21:00:53 +02:00
|
|
|
bdump("removed");
|
2020-07-03 12:10:41 +02:00
|
|
|
$this->add_training($data, $name, $start_time, $end_time, $capo, $personale, $luogo, $note, $incrementa, $inseritoda);
|
2020-07-01 21:00:53 +02:00
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
2020-05-25 22:43:56 +02:00
|
|
|
final class Role {
|
|
|
|
//https://github.com/delight-im/PHP-Auth/blob/master/src/Role.php
|
|
|
|
const GUEST = \Delight\Auth\Role::AUTHOR;
|
|
|
|
const BASIC_VIEWER = \Delight\Auth\Role::COLLABORATOR;
|
|
|
|
const FULL_VIEWER = \Delight\Auth\Role::CONSULTANT;
|
|
|
|
const EDITOR = \Delight\Auth\Role::CONSUMER;
|
|
|
|
const SUPER_EDITOR = \Delight\Auth\Role::CONTRIBUTOR;
|
|
|
|
const DEVELOPER = \Delight\Auth\Role::DEVELOPER;
|
|
|
|
const TESTER = \Delight\Auth\Role::CREATOR;
|
|
|
|
const EXTERNAL_VIEWER = \Delight\Auth\Role::REVIEWER;
|
|
|
|
const ADMIN = \Delight\Auth\Role::ADMIN;
|
|
|
|
const SUPER_ADMIN = \Delight\Auth\Role::SUPER_ADMIN;
|
|
|
|
|
|
|
|
public function __construct() {}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2020-05-02 12:06:45 +02:00
|
|
|
class user{
|
|
|
|
private $database = null;
|
|
|
|
private $tools = null;
|
2020-05-25 22:43:56 +02:00
|
|
|
public $auth = null;
|
2020-05-02 12:06:45 +02:00
|
|
|
|
|
|
|
public function __construct($database, $tools){
|
|
|
|
$this->database = $database;
|
|
|
|
$this->tools = $tools;
|
2020-06-17 22:08:59 +02:00
|
|
|
$this->auth = new \Delight\Auth\Auth($database->connection, $tools->get_ip(), DB_PREFIX."_", false);
|
2020-05-02 12:06:45 +02:00
|
|
|
define("LOGIN", "OK");
|
|
|
|
}
|
|
|
|
|
2020-05-29 12:13:33 +02:00
|
|
|
public function authenticated(){
|
2020-05-25 22:43:56 +02:00
|
|
|
return $this->auth->isLoggedIn();
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
2020-05-20 22:49:36 +02:00
|
|
|
public function requirelogin(){
|
2020-05-29 12:13:33 +02:00
|
|
|
if(!$this->authenticated()){
|
2020-06-06 18:58:37 +02:00
|
|
|
if($this->database->getOption("intrusion_save")){
|
|
|
|
if($this->database->getOption("intrusion_save_info")){
|
2020-05-29 12:13:33 +02:00
|
|
|
$params = [":pagina" => $this->tools->get_page_url(), ":ip" => $this->tools->get_ip(), ":data" => date("d/m/Y"), ":ora" => date("H:i.s"), ":servervar" => json_encode($_SERVER)];
|
2020-05-02 12:06:45 +02:00
|
|
|
} else {
|
2020-05-29 12:13:33 +02:00
|
|
|
$params = [":pagina" => $this->tools->get_page_url(), ":ip" => "redacted", ":data" => date("d/m/Y"), ":ora" => date("H:i.s"), ":servervar" => json_encode(["redacted" => "true"])];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-05-29 12:13:33 +02:00
|
|
|
$sql = "INSERT INTO `%PREFIX%_intrusions` (`id`, `pagina`, `data`, `ora`, `ip`, `servervar`) VALUES (NULL, :pagina, :data, :ora, :ip, :servervar)";
|
|
|
|
$this->database->exec($sql, false, $params);
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-06-06 18:58:37 +02:00
|
|
|
$this->tools->redirect($this->database->getOption("web_url"));
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-28 23:33:10 +02:00
|
|
|
public function requireRole($role, $adminGranted=true){
|
2020-08-31 18:33:50 +02:00
|
|
|
return $this->auth->hasRole($role) || $this->auth->hasRole(Role::SUPER_ADMIN) || ($this->auth->hasRole(Role::ADMIN) && $adminGranted && $role !== Role::DEVELOPER);
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-05-25 22:43:56 +02:00
|
|
|
|
|
|
|
public function name($replace=false){
|
|
|
|
if(isset($_SESSION['_user_name'])){
|
2020-05-02 12:06:45 +02:00
|
|
|
if($replace){
|
2020-05-25 22:43:56 +02:00
|
|
|
return str_replace(" ", "_", $_SESSION['_user_name']);
|
2020-05-02 12:06:45 +02:00
|
|
|
} else {
|
2020-05-25 22:43:56 +02:00
|
|
|
return $_SESSION['_user_name'];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
} else {
|
2020-05-29 12:13:33 +02:00
|
|
|
return "not authenticated";
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-25 22:43:56 +02:00
|
|
|
public function nameById($id){
|
2020-05-29 12:13:33 +02:00
|
|
|
$profiles = $this->database->exec("SELECT `name` FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $id]);
|
2020-05-25 22:43:56 +02:00
|
|
|
if(!empty($profiles)){
|
|
|
|
if(!is_null($profiles[0]["name"])){
|
|
|
|
return($profiles[0]["name"]);
|
|
|
|
} else {
|
2020-05-29 12:13:33 +02:00
|
|
|
$user = $this->database->exec("SELECT `username` FROM `%PREFIX%_users` WHERE id = :id;", true, [":id" => $id]);
|
2020-05-25 22:43:56 +02:00
|
|
|
if(!empty($user)){
|
|
|
|
if(!is_null($user[0]["username"])){
|
|
|
|
return($user[0]["username"]);
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
} else {
|
2020-05-25 22:43:56 +02:00
|
|
|
return false;
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-25 22:43:56 +02:00
|
|
|
public function hidden(){
|
2020-05-29 12:13:33 +02:00
|
|
|
$profiles = $this->database->exec("SELECT `name` FROM `%PREFIX%_profiles` WHERE hidden = 1;", true);
|
2020-05-25 22:43:56 +02:00
|
|
|
return $profiles;
|
|
|
|
}
|
|
|
|
|
2020-07-03 11:38:41 +02:00
|
|
|
public function available($name){
|
|
|
|
$user = $this->database->exec("SELECT available FROM `%PREFIX%_users` WHERE name = :name;", true, [":name" => $name]);
|
2020-05-20 22:49:36 +02:00
|
|
|
if(empty($user)){
|
2020-05-02 12:06:45 +02:00
|
|
|
return false;
|
|
|
|
} else {
|
2020-07-03 11:38:41 +02:00
|
|
|
return $user[0]["available"];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function info(){
|
2020-05-25 22:43:56 +02:00
|
|
|
return array("id" => $this->auth->getUserId(), "name" => $this->name(), "full_viewer" => $this->requireRole(Role::FULL_VIEWER), "tester" => $this->requireRole(Role::TESTER), "developer" => $this->requireRole(Role::DEVELOPER));
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
2020-05-25 22:43:56 +02:00
|
|
|
public function login($name, $password, $twofa=null){
|
|
|
|
if(!empty($name)){
|
2020-05-02 12:06:45 +02:00
|
|
|
if(!empty($password)){
|
2020-05-25 22:43:56 +02:00
|
|
|
try {
|
|
|
|
$this->auth->loginWithUsername($name, $password);
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
|
|
return ["status" => "error", "code" => 010, "text" => "Wrong email address"];
|
|
|
|
die('Wrong email address');
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
|
|
return ["status" => "error", "code" => 011, "text" => "Wrong password"];
|
|
|
|
die('Wrong password');
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\EmailNotVerifiedException $e) {
|
|
|
|
return ["status" => "error", "code" => 012, "text" => "Email not verified"];
|
|
|
|
die('Email not verified');
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
|
|
return ["status" => "error", "code" => 020, "text" => "Too many requests"];
|
|
|
|
die('Too many requests');
|
|
|
|
}
|
|
|
|
if($this->auth->isLoggedIn()){
|
2020-05-30 13:22:52 +02:00
|
|
|
$this->log("Login", $this->auth->getUserId(), $this->auth->getUserId(), date("d/m/Y"), date("H:i.s"));
|
2020-05-29 12:13:33 +02:00
|
|
|
$user = $this->database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $this->auth->getUserId()]);
|
2020-05-25 22:43:56 +02:00
|
|
|
if(!empty($user)){
|
|
|
|
if(is_null($user[0]["name"])){
|
|
|
|
$_SESSION['_user_name'] = $this->auth->getUsername();
|
|
|
|
} else {
|
|
|
|
$_SESSION['_user_name'] = $user[0]["name"];
|
|
|
|
}
|
|
|
|
$_SESSION['_user_hidden'] = $user[0]["hidden"];
|
|
|
|
$_SESSION['_user_disabled'] = $user[0]["disabled"];
|
|
|
|
$_SESSION['_user_caposquadra'] = $user[0]["caposquadra"];
|
|
|
|
return true;
|
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
} else {
|
2020-05-25 22:43:56 +02:00
|
|
|
return ["status" => "error", "code" => 002];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
} else {
|
2020-05-25 22:43:56 +02:00
|
|
|
return ["status" => "error", "code" => 001];
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
}
|
2020-05-29 14:57:13 +02:00
|
|
|
public function log($action, $changed, $editor, $date, $time){
|
|
|
|
$params = [":action" => $action, ":changed" => $changed, ":editor" => $editor, ":date" => $date, ":time" => $time];
|
|
|
|
$sql = "INSERT INTO `%PREFIX%_log` (`id`, `action`, `changed`, `editor`, `date`, `time`) VALUES (NULL, :action, :changed, :editor, :date, :time)";
|
2020-05-29 12:13:33 +02:00
|
|
|
$this->database->exec($sql, false, $params);
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function logout(){
|
2020-05-25 22:43:56 +02:00
|
|
|
try {
|
2020-05-30 13:22:52 +02:00
|
|
|
$this->log("Logout", $this->auth->getUserId(), $this->auth->getUserId(), date("d/m/Y"), date("H:i.s"));
|
2020-05-25 22:43:56 +02:00
|
|
|
$this->auth->destroySession();
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\NotLoggedInException $e) {
|
|
|
|
die('Not logged in');
|
|
|
|
}
|
2020-04-28 11:09:38 +02:00
|
|
|
}
|
2020-06-17 22:08:59 +02:00
|
|
|
|
2020-06-17 22:44:29 +02:00
|
|
|
public function add_user($email, $name, $username, $password, $birthday, $capo, $autista, $hidden, $disabled, $inseritoda){
|
2020-06-17 22:24:14 +02:00
|
|
|
$userId = $this->auth->admin()->createUserWithUniqueUsername($email, $password, $username);
|
2020-06-17 22:12:21 +02:00
|
|
|
$sql = "INSERT INTO `%PREFIX%_profiles` (`hidden`, `disabled`, `name`, `caposquadra`, `autista`) VALUES (:hidden, :disabled, :name, :caposquadra, :autista)";
|
|
|
|
$this->database->exec($sql, false, [":hidden" => $hidden, ":disabled" => $disabled, ":name" => $name, ":caposquadra" => $capo, ":autista" => $autista]);
|
2020-06-17 22:24:14 +02:00
|
|
|
if($capo == 1){
|
|
|
|
$this->auth->admin()->addRoleForUserById($userId, Role::FULL_VIEWER);
|
|
|
|
}
|
2020-06-17 22:08:59 +02:00
|
|
|
}
|
2020-06-17 22:44:29 +02:00
|
|
|
|
|
|
|
public function remove_user($id){
|
|
|
|
$this->exec("DELETE FROM `%PREFIX%_users` WHERE `id` = :id; DELETE FROM `%PREFIX%_profiles` WHERE `id` = :id;", true, [":id" => $id]);
|
|
|
|
}
|
2020-04-27 23:27:39 +02:00
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
|
2020-07-02 21:45:45 +02:00
|
|
|
class translations{
|
2020-07-03 14:27:00 +02:00
|
|
|
public $loaded_languages = ["en", "it"];
|
2020-07-02 21:45:45 +02:00
|
|
|
public $default_language = "en";
|
2020-07-03 14:27:00 +02:00
|
|
|
public $language = null;
|
2020-07-02 21:45:45 +02:00
|
|
|
public $client_languages = ["en"];
|
|
|
|
public $loaded_translations = [];
|
|
|
|
public $filename = "";
|
|
|
|
|
|
|
|
public function client_languages() {
|
|
|
|
$client_languages = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
|
|
|
if(strpos($client_languages, ';') == false){
|
|
|
|
if(strpos($client_languages, '-') !== false){
|
|
|
|
return [substr($client_languages, 0, 5)];
|
|
|
|
} else {
|
|
|
|
return [substr($client_languages, 0, 2)];
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$client_languages = explode(",", $client_languages);
|
|
|
|
$tmp_languages = [];
|
|
|
|
foreach($client_languages as $key=>$language){
|
|
|
|
if(strpos($language, ';') == false){
|
|
|
|
$tmp_languages[$language] = 1;
|
|
|
|
} else {
|
|
|
|
$tmp_languages[explode(";q=",$language)[0]] = (float) explode(";q=",$language)[1];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
arsort($tmp_languages);
|
|
|
|
return array_keys($tmp_languages);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function __construct(){
|
|
|
|
$this->client_languages = $this->client_languages();
|
|
|
|
foreach($this->client_languages as $language){
|
2020-07-03 14:27:00 +02:00
|
|
|
if(in_array($language, $this->loaded_languages) && $this->language == null){
|
2020-07-02 21:45:45 +02:00
|
|
|
$this->language = $language;
|
|
|
|
}
|
|
|
|
}
|
2020-07-03 14:27:00 +02:00
|
|
|
if($this->language == null){
|
|
|
|
$this->language = "en";
|
|
|
|
}
|
2020-09-01 12:27:32 +02:00
|
|
|
$file_infos = pathinfo(array_reverse(debug_backtrace())[0]['file']);
|
|
|
|
if(strpos($file_infos['dirname'], 'risorse') !== false) {
|
|
|
|
$this->filename = "../../translations/".$this->language."/".$file_infos['basename'];
|
|
|
|
} else {
|
|
|
|
$this->filename = "translations/".$this->language."/".$file_infos['basename'];
|
|
|
|
}
|
|
|
|
if (file_exists($this->filename)){
|
|
|
|
$this->loaded_translations = array_merge(require("translations/".$this->language."/base.php"),require($this->filename));
|
|
|
|
} else {
|
|
|
|
try{
|
|
|
|
$this->loaded_translations = require("translations/".$this->language."/base.php");
|
|
|
|
} catch(Exception $e) {
|
|
|
|
$this->loaded_translations = require("../../translations/".$this->language."/base.php");
|
|
|
|
}
|
|
|
|
}
|
2020-07-02 21:45:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function translate($string){
|
2020-07-02 23:49:41 +02:00
|
|
|
bdump($string);
|
2020-07-02 21:45:45 +02:00
|
|
|
try {
|
2020-07-03 14:27:00 +02:00
|
|
|
if (!array_key_exists($string, $this->loaded_translations))
|
2020-07-02 21:45:45 +02:00
|
|
|
throw new Exception ('string does not exist');
|
|
|
|
return $this->loaded_translations[$string];
|
|
|
|
} catch (\Exception $e) {
|
2020-07-02 23:49:41 +02:00
|
|
|
bdump($this->filename);
|
|
|
|
bdump($e, $string);
|
2020-07-02 21:45:45 +02:00
|
|
|
return $string;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-10 12:06:00 +02:00
|
|
|
function init_class($enableDebugger=true){
|
2020-07-02 21:45:45 +02:00
|
|
|
global $tools, $database, $user, $translations;
|
|
|
|
if(!isset($tools) && !isset($database) && !isset($translations)){
|
2020-05-02 12:06:45 +02:00
|
|
|
$database = new database();
|
2020-06-17 12:05:10 +02:00
|
|
|
$tools = new tools($database->getOption("check_cf_ip"));
|
2020-05-25 22:43:56 +02:00
|
|
|
$user = new user($database, $tools);
|
2020-07-02 21:45:45 +02:00
|
|
|
$translations = new translations();
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|
2020-07-10 12:06:00 +02:00
|
|
|
if($enableDebugger){
|
2020-05-25 22:43:56 +02:00
|
|
|
//if($user->requireRole(Role::DEVELOPER)){
|
2020-05-02 12:06:45 +02:00
|
|
|
Debugger::enable(Debugger::DEVELOPMENT, __DIR__ . '/error-log');
|
2020-05-25 22:43:56 +02:00
|
|
|
//} else {
|
|
|
|
//Debugger::enable(Debugger::PRODUCTION, __DIR__ . '/error-log');
|
|
|
|
//}
|
2020-07-10 12:06:00 +02:00
|
|
|
}
|
2020-09-01 12:27:32 +02:00
|
|
|
bdump(get_included_files());
|
|
|
|
bdump($translations->loaded_translations);
|
2020-07-02 23:49:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function t($string, $echo=true){
|
|
|
|
global $translations;
|
|
|
|
if($echo){
|
|
|
|
echo $translations->translate($string);
|
|
|
|
} else {
|
|
|
|
return $translations->translate($string);
|
|
|
|
}
|
2020-05-02 12:06:45 +02:00
|
|
|
}
|