
932 lines
35 KiB
Raw Normal View History

2020-04-27 23:27:39 +02:00
require_once 'vendor/autoload.php';
2021-03-04 09:52:11 +01:00
use DebugBar\StandardDebugBar;
2020-04-27 23:27:39 +02:00
2020-12-20 21:40:53 +01:00
if(!file_exists("config.php") && !file_exists("../../config.php")) {
header('Location: install/install.php');
2021-03-24 17:10:44 +01:00
2020-11-13 18:57:47 +01:00
2020-07-03 12:10:41 +02:00
require_once 'config.php';
2021-03-01 16:35:56 +01:00
'dsn' => SENTRY_DSN,
'traces_sample_rate' => 0.8,
'environment' => SENTRY_ENV
2021-03-05 23:37:45 +01:00
function bdump($message){
global $debugbar;
2020-11-13 18:57:47 +01:00
class tools
public $check_cf_ip;
public $profiler_enabled;
public $profiler_last_name = "";
public function __construct($check_cf_ip, $profiler_enabled)
$this->check_cf_ip = $check_cf_ip;
$this->profiler_enabled = $profiler_enabled;
2020-11-25 11:29:19 +01:00
public function validate_form($data, $expected_value=null, $data_source=null)
2020-11-13 18:57:47 +01:00
2020-11-25 11:29:19 +01:00
foreach($data as $element){
2021-03-19 22:35:37 +01:00
if (!$this->validate_form($element, $expected_value, $data_source)) return false;
2020-11-13 18:57:47 +01:00
2020-11-25 11:29:19 +01:00
return true;
2020-11-13 18:57:47 +01:00
} else {
2020-11-25 11:29:19 +01:00
if(is_null($data_source) || !is_array($data_source)){
$data_source = $_POST;
return !is_null($data) && isset($data_source[$data]) && !is_null($data_source[$data]) && (!is_null($expected_value) ? $data_source[$data] == $expected_value : true);
2020-11-13 18:57:47 +01:00
public function get_ip()
if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
2020-11-13 18:57:47 +01:00
if($this->check_cf_ip) {
2020-11-13 18:57:47 +01:00
return $ip;
public function get_page_url()
if(!empty($_SERVER["HTTPS"])) {
if($_SERVER["HTTPS"] == "on") {
$protocol = "https";
} else {
$protocol = "http";
} else {
2020-11-13 18:57:47 +01:00
$protocol = "http";
2020-11-13 18:57:47 +01:00
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . $_SERVER['REQUEST_URI'];
2020-11-13 18:57:47 +01:00
public function redirect($url)
2021-03-04 09:52:11 +01:00
global $debugbar;
if(!is_null($debugbar)) $debugbar->stackData();
2020-11-13 18:57:47 +01:00
if (!headers_sent()) {
header('Location: '.$url);
} else {
echo '<script type="text/javascript">';
echo 'window.location.href="'.$url.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
echo '</noscript>';
2021-03-24 17:10:44 +01:00
public function rickroll()
$rickrolls = [
$this->redirect($rickrolls[array_rand($rickrolls)]); //Dear attacker/bot, have fun!
2021-03-24 17:10:44 +01:00
2020-11-13 18:57:47 +01:00
function extract_unique($data)
$this->profiler_start("Extract unique");
foreach($data as $arr){
if(is_array($arr)) {
$tmp = $this->extract_unique($arr);
foreach($tmp as $temp){
if(!is_array($temp)) {
if(!in_array($temp, $array2)) {
$array2[] = $temp;
2020-11-13 18:57:47 +01:00
} else {
if(!in_array($arr, $array2)) {
$array2[] = $arr;
2020-11-13 18:57:47 +01:00
return $array2;
2021-02-23 15:01:54 +01:00
public function createKey($lenght=32)
2020-11-13 18:57:47 +01:00
2021-02-23 15:01:54 +01:00
return bin2hex(random_bytes($lenght));
2020-11-13 18:57:47 +01:00
2020-11-13 18:57:47 +01:00
public function sanitize($string, $htmlAllowed=false, $htmlPurifierOptions=[])
$htmlAllowed=false; //TODO: fix HTMLPurifier_Config
2020-11-13 18:57:47 +01:00
if($htmlAllowed) {
$config = HTMLPurifier_Config::createDefault();
foreach ($htmlPurifierOptions as $key => $value) {
$config->set($key, $value);
2020-11-13 18:57:47 +01:00
$purifier = new HTMLPurifier($config);
$string = $purifier->purify($string);
} else {
2020-11-13 18:57:47 +01:00
$string = htmlspecialchars($string);
return $string;
public function profiler_start($name=null)
2021-03-04 09:52:11 +01:00
global $debugbar;
if($this->profiler_enabled && !is_null($debugbar)) {
2020-11-13 18:57:47 +01:00
if(is_null($name)) {
$name = $this->profiler_last_name;
2021-03-04 09:52:11 +01:00
if($name !== "") $debugbar['time']->startMeasure($name);
2020-11-13 18:57:47 +01:00
public function profiler_stop($name=null)
2021-03-04 09:52:11 +01:00
global $debugbar;
if($this->profiler_enabled && !is_null($debugbar)) {
if(is_null($name) || $name == "") {
2020-11-13 18:57:47 +01:00
$name = $this->profiler_last_name;
2021-03-04 09:52:11 +01:00
if($name !== "") $debugbar['time']->stopMeasure($name);
2020-11-13 18:57:47 +01:00
2021-03-24 17:10:44 +01:00
public function ajax_page_response($response)
2021-03-04 09:52:11 +01:00
global $debugbar;
$json_response = json_encode($response);
$response_data = substr(crc32($json_response), 0, 10);
header("data: ".$response_data);
header("Content-type: application/json");
if(!is_null($debugbar)) $debugbar->sendDataInHeaders(true);
2021-04-05 18:57:52 +02:00
if(isset($_GET["oldData"]) && $_GET["oldData"] !== $response_data){
} else {
2020-11-13 18:57:47 +01:00
2020-11-13 18:57:47 +01:00
class database
protected $db_host = DB_HOST;
protected $db_dbname = DB_NAME;
protected $db_username = DB_USER;
protected $db_password = DB_PASSWORD;
public $connection = null;
public $query = null;
public $stmt = null;
public $load_from_file = true;
public $options = [];
public $options_cache_file = null;
public function connect()
try {
2021-03-04 09:52:11 +01:00
$this->connection = new DebugBar\DataCollector\PDO\TraceablePDO(new PDO("mysql:host=" . $this->db_host . ";dbname=" . $this->db_dbname, $this->db_username, $this->db_password));
2020-11-13 18:57:47 +01:00
$this->connection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
catch(PDOException $e)
2020-11-13 18:57:47 +01:00
public function isOptionsEmpty()
return empty($this->exec("SELECT * FROM `%PREFIX%_options`;", true));
2020-11-13 18:57:47 +01:00
public function __construct()
if($this->isOptionsEmpty()) {
header('Location: install/install.php');
$file_infos = pathinfo(array_reverse(debug_backtrace())[0]['file']);
if(strpos($file_infos['dirname'], 'resources') !== false) {
$this->options_cache_file = "../../options.txt";
} else {
2020-11-13 18:57:47 +01:00
$this->options_cache_file = "options.txt";
if($this->load_from_file) {
if(file_exists($this->options_cache_file)/* && time()-@filemtime($this->options_cache_file) < 604800*/) {
$this->options = unserialize(file_get_contents($this->options_cache_file), ['allowed_classes' => false]);
} else {
$this->options = $this->exec("SELECT * FROM `%PREFIX%_options` WHERE `enabled` = 1", true);
file_put_contents($this->options_cache_file, serialize($this->options));
} else {
$this->options = $this->exec("SELECT * FROM `%PREFIX%_options` WHERE `enabled` = 1", true);
public function close()
$this->connection = null;
public function exec($sql1, $fetch=false, $param=null, ...$others_params)
array_unshift($others_params, $sql1);
$toReturn = [];
foreach($others_params as $sql){
$sql = str_replace("%PREFIX%", DB_PREFIX, $sql);
$this->stmt = $this->connection->prepare($sql);
if(!is_null($param)) {
$this->query = $this->stmt->execute($param);
} else {
$this->query = $this->stmt->execute();
if($fetch == true) {
if(count($others_params) > 1) {
$toReturn[] = $this->stmt->fetchAll(PDO::FETCH_ASSOC);
} else {
$toReturn = $this->stmt->fetchAll(PDO::FETCH_ASSOC);
return $toReturn;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
public function exists($table, $id)
2021-03-24 17:10:44 +01:00
$result = $this->exec("SELECT :table FROM `%PREFIX%_services` WHERE id = :id;", true, [":table" => $table, ":id" => $id]);
return !empty($result);
2020-11-13 18:57:47 +01:00
2021-03-24 15:20:42 +01:00
public function get_option($name)
2020-11-13 18:57:47 +01:00
if(defined($name)) {
return constant($name);
} else {
//$option = $this->exec("SELECT `value` FROM `%PREFIX%_options` WHERE `name` = :name AND `enabled` = 1;", true, [":name" => $name]);
//return empty($option) ? "" : $option[0]["value"];
foreach($this->options as $option){
if($name == $option["name"]) {
return empty($option["value"]) ? false : $option["value"];
return false;
2020-11-13 18:57:47 +01:00
2020-11-13 18:57:47 +01:00
final class Role
const GUEST = \Delight\Auth\Role::AUTHOR;
const BASIC_VIEWER = \Delight\Auth\Role::COLLABORATOR;
const FULL_VIEWER = \Delight\Auth\Role::CONSULTANT;
const EDITOR = \Delight\Auth\Role::CONSUMER;
const SUPER_EDITOR = \Delight\Auth\Role::CONTRIBUTOR;
const DEVELOPER = \Delight\Auth\Role::DEVELOPER;
const TESTER = \Delight\Auth\Role::CREATOR;
const EXTERNAL_VIEWER = \Delight\Auth\Role::REVIEWER;
const ADMIN = \Delight\Auth\Role::ADMIN;
const SUPER_ADMIN = \Delight\Auth\Role::SUPER_ADMIN;
public function __construct()
2020-11-13 18:57:47 +01:00
class user
private $database = null;
private $tools = null;
2021-03-05 00:30:24 +01:00
private $profile_names = null;
2020-11-13 18:57:47 +01:00
public $auth = null;
public $authenticated = false;
public function __construct($database, $tools)
$this->database = $database;
$this->tools = $tools;
$this->auth = new \Delight\Auth\Auth($database->connection, $tools->get_ip(), DB_PREFIX."_", false);
2021-04-03 17:47:34 +02:00
if(isset($_REQUEST["apiKey"]) && !is_null($_REQUEST["apiKey"])){
2021-02-22 18:36:20 +01:00
$api_key_row = $this->database->exec("SELECT * FROM `%PREFIX%_api_keys` WHERE apikey = :apikey;", true, [":apikey" => $_REQUEST["apiKey"]]);
$user = $this->database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $api_key_row[0]["user"]]);
$user_id = $user[0]["id"];
if(!empty($user)) {
if(is_null($user[0]["name"])) {
$_SESSION['_user_name'] = $this->auth->getUsername();
} else {
$_SESSION['_user_name'] = $user[0]["name"];
$_SESSION['_user_hidden'] = $user[0]["hidden"];
$_SESSION['_user_disabled'] = $user[0]["disabled"];
$_SESSION['_user_chief'] = $user[0]["chief"];
setcookie("authenticated", true);
2020-11-13 18:57:47 +01:00
$this->authenticated = $this->auth->isLoggedIn();
2021-03-05 00:30:24 +01:00
$this->profile_names = $this->database->exec("SELECT `id`, `name` FROM `%PREFIX%_profiles`;", true);
$this->user_names = $this->database->exec("SELECT `id`, `username` FROM `%PREFIX%_users`;", true);
2020-11-13 18:57:47 +01:00
public function authenticated()
return $this->authenticated;
public function requirelogin($redirect=true)
$this->tools->profiler_start("Require login");
if(!$this->authenticated()) {
2021-03-24 15:20:42 +01:00
if($this->database->get_option("intrusion_save")) {
if($this->database->get_option("intrusion_save_info")) {
2020-11-25 11:29:19 +01:00
$params = [":page" => $this->tools->get_page_url(), ":ip" => $this->tools->get_ip(), ":date" => date("d/m/Y"), ":hour" => date("H:i.s"), ":server_var" => json_encode($_SERVER)];
2020-11-13 18:57:47 +01:00
} else {
2020-11-25 11:29:19 +01:00
$params = [":page" => $this->tools->get_page_url(), ":ip" => "redacted", ":date" => date("d/m/Y"), ":hour" => date("H:i.s"), ":server_var" => json_encode(["redacted" => "true"])];
2020-11-13 18:57:47 +01:00
2020-11-25 11:29:19 +01:00
$sql = "INSERT INTO `%PREFIX%_intrusions` (`id`, `page`, `date`, `hour`, `ip`, `server_var`) VALUES (NULL, :page, :date, :hour, :ip, :server_var)";
2020-11-13 18:57:47 +01:00
$this->database->exec($sql, false, $params);
if($redirect) {
2021-03-24 15:20:42 +01:00
2020-11-13 18:57:47 +01:00
} else {
public function requireRole($role, $adminGranted=true)
return $this->auth->hasRole($role) || $adminGranted && $role !== Role::DEVELOPER && $this->auth->hasRole(Role::ADMIN) || $role !== Role::DEVELOPER && $this->auth->hasRole(Role::SUPER_ADMIN);
public function name($replace=false)
if(isset($_SESSION['_user_name'])) {
$return_name = $_SESSION['_user_name'];
} else {
2020-11-13 18:57:47 +01:00
$check_name = $this->nameById($this->auth->getUserId());
if($check_name) {
$return_name = $check_name;
} else {
$return_name = "not authenticated";
2020-11-13 18:57:47 +01:00
if($replace) {
return str_replace(" ", "_", $return_name);
} else {
2020-11-13 18:57:47 +01:00
return $return_name;
public function nameById($id)
2021-03-19 22:35:37 +01:00
$name = null;
2021-03-05 00:30:24 +01:00
foreach($this->profile_names as $profile) {
2021-03-05 23:00:52 +01:00
if($profile["id"] == $id && !is_null($profile["name"])) {
2021-03-19 22:35:37 +01:00
$name = s($profile["name"], false);
foreach($this->user_names as $user) {
if($user["id"] == $id){
return(s($user["username"], false));
2020-11-13 18:57:47 +01:00
2021-03-19 22:35:37 +01:00
if(is_null($name)) return false;
2021-03-19 22:35:37 +01:00
return $name;
2020-11-13 18:57:47 +01:00
public function hidden()
$profiles = $this->database->exec("SELECT `name` FROM `%PREFIX%_profiles` WHERE hidden = 1;", true);
return $profiles;
2020-11-13 18:57:47 +01:00
public function available($name)
$user = $this->database->exec("SELECT available FROM `%PREFIX%_users` WHERE name = :name;", true, [":name" => $name]);
if(empty($user)) {
return false;
} else {
return $user[0]["available"];
2020-11-13 18:57:47 +01:00
public function info()
return array("autenticated" => $this->authenticated(), "id" => $this->auth->getUserId(), "name" => $this->name(), "full_viewer" => $this->requireRole(Role::FULL_VIEWER), "tester" => $this->requireRole(Role::TESTER), "developer" => $this->requireRole(Role::DEVELOPER));
2021-04-04 21:44:35 +02:00
public function login($name, $password, $remember_me)
2020-11-13 18:57:47 +01:00
if(!empty($name)) {
if(!empty($password)) {
try {
if ($remember_me) {
// keep logged in for one year
$rememberDuration = (int) (60 * 60 * 24 * 365.25);
} else {
// do not keep logged in after session ends
$rememberDuration = null;
$this->auth->loginWithUsername($name, $password, $rememberDuration);
catch (\Delight\Auth\InvalidEmailException $e) {
return ["status" => "error", "code" => 010, "text" => "Wrong email address"];
catch (\Delight\Auth\InvalidPasswordException $e) {
return ["status" => "error", "code" => 011, "text" => "Wrong password"];
catch (\Delight\Auth\EmailNotVerifiedException $e) {
return ["status" => "error", "code" => 012, "text" => "Email not verified"];
2020-11-22 01:31:43 +01:00
catch (\Delight\Auth\UnknownUsernameException $e) {
return ["status" => "error", "code" => 013, "text" => "Wrong username"];
2020-11-13 18:57:47 +01:00
catch (\Delight\Auth\TooManyRequestsException $e) {
return ["status" => "error", "code" => 020, "text" => "Too many requests"];
if($this->auth->isLoggedIn()) {
2021-03-24 17:10:44 +01:00
$this->log("Login", $this->auth->getUserId());
2020-11-13 18:57:47 +01:00
$user = $this->database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $this->auth->getUserId()]);
if(!empty($user)) {
if(is_null($user[0]["name"])) {
$_SESSION['_user_name'] = $this->auth->getUsername();
} else {
$_SESSION['_user_name'] = $user[0]["name"];
$_SESSION['_user_hidden'] = $user[0]["hidden"];
$_SESSION['_user_disabled'] = $user[0]["disabled"];
$_SESSION['_user_chief'] = $user[0]["chief"];
setcookie("authenticated", true);
return true;
} else {
2020-11-13 18:57:47 +01:00
return ["status" => "error", "code" => 002];
2020-11-13 18:57:47 +01:00
} else {
2020-11-13 18:57:47 +01:00
return ["status" => "error", "code" => 001];
2020-11-13 18:57:47 +01:00
2021-03-24 17:10:44 +01:00
public function log($action, $changed=null, $editor=null, $timestamp=null)
2020-11-13 18:57:47 +01:00
2021-03-24 15:20:42 +01:00
$date = new Datetime('now');
$timestamp = $date->format('Y-m-d H:i:s');
2021-03-24 17:10:44 +01:00
$changed = $this->auth->getUserId();
$editor = $changed;
2021-03-24 15:20:42 +01:00
$ip = $this->tools->get_ip();
} else {
$ip = null;
$source_type = defined("REQUEST_USING_API") ? "api" : "web";
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? mb_strimwidth($_SERVER['HTTP_USER_AGENT'], 0, 200, "...") : null;
$params = [":action" => $action, ":changed" => $changed, ":editor" => $editor, ":timestamp" => $timestamp, ":ip" => $ip, "source_type" => $source_type, "user_agent" => $user_agent];
$sql = "INSERT INTO `%PREFIX%_log` (`id`, `action`, `changed`, `editor`, `timestamp`, `ip`, `source_type`, `user_agent`) VALUES (NULL, :action, :changed, :editor, :timestamp, :ip, :source_type, :user_agent)";
2020-11-13 18:57:47 +01:00
$this->database->exec($sql, false, $params);
2020-06-17 22:24:14 +02:00
2020-11-13 18:57:47 +01:00
public function logout()
try {
2021-03-24 17:10:44 +01:00
2020-11-13 18:57:47 +01:00
setcookie("authenticated", false, time() - 3600);
catch (\Delight\Auth\NotLoggedInException $e) {
die('Not logged in');
2020-12-30 23:57:56 +01:00
public function add_user($email, $name, $username, $password, $phone_number, $birthday, $chief, $driver, $hidden, $disabled, $inserted_by)
2020-11-13 18:57:47 +01:00
2021-04-04 21:44:35 +02:00
//TODO: save birthday in db
2020-11-13 18:57:47 +01:00
$this->tools->profiler_start("Add user");
$userId = $this->auth->admin()->createUserWithUniqueUsername($email, $password, $username);
if($userId) {
$hidden = $hidden ? 1 : 0;
$disabled = $disabled ? 1 : 0;
2020-11-25 11:29:19 +01:00
$chief = $chief ? 1 : 0;
$driver = $driver ? 1 : 0;
2020-12-30 23:57:56 +01:00
$sql = "INSERT INTO `%PREFIX%_profiles` (`hidden`, `disabled`, `name`, `phone_number`, `chief`, `driver`) VALUES (:hidden, :disabled, :name, :phone_number, :chief, :driver)";
$this->database->exec($sql, false, [":hidden" => $hidden, ":disabled" => $disabled, ":name" => $name, ":phone_number" => $phone_number, ":chief" => $chief, ":driver" => $driver]);
2020-11-25 11:29:19 +01:00
if($chief == 1) {
2020-11-13 18:57:47 +01:00
$this->auth->admin()->addRoleForUserById($userId, Role::FULL_VIEWER);
2021-03-24 17:10:44 +01:00
$this->log("User added", $userId, $inserted_by);
2020-11-13 18:57:47 +01:00
return $userId;
} else {
2020-12-30 23:57:56 +01:00
return false;
2020-11-13 18:57:47 +01:00
2020-09-02 16:57:56 +02:00
2020-11-13 18:57:47 +01:00
public function remove_user($id, $removed_by)
$this->tools->profiler_start("Remove user");
$this->database->exec("DELETE FROM `%PREFIX%_users` WHERE `id` = :id", true, [":id" => $id], "DELETE FROM `%PREFIX%_profiles` WHERE `id` = :id");
2021-03-24 15:20:42 +01:00
$this->log("User removed", null, $removed_by);
2020-11-13 18:57:47 +01:00
2020-11-14 15:25:24 +01:00
public function online_time_update($id=null){
$this->tools->profiler_start("Update online timestamp");
if(is_null($id)) $id = $this->auth->getUserId();
$time = time();
$sql = "UPDATE `%PREFIX%_profiles` SET online_time = '$time' WHERE id = '" . $id ."'";
$this->database->exec($sql, true);
bdump(["id" => $id, "time" => $time]);
2020-11-13 18:57:47 +01:00
2021-03-24 17:10:44 +01:00
class crud
public $tools = null;
public $database = null;
public $user = null;
public function __construct($tools, $database, $user)
$this->tools = $tools;
$this->database = $database;
$this->user = $user;
public function increment($increment)
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services + 1 WHERE id IN ($increment);";
$this->database->exec($sql, false);
public function getIncrement($id)
$sql = "SELECT `increment` FROM `%PREFIX%_services` WHERE `id` = :id";
$increment = $this->database->exec($sql, true, [":id" => $id])[0]['increment'];
return $increment;
public function decrease($id)
$sql = "UPDATE `%PREFIX%_profiles` SET `services`= services - 1 WHERE id IN ({$this->getIncrement($id)});";
$this->database->exec($sql, false);
public function increment_trainings($increment)
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings + 1 WHERE id IN ($increment);";
$this->database->exec($sql, false);
public function getIncrement_trainings($id)
$sql = "SELECT `increment` FROM `%PREFIX%_trainings` WHERE `id` = :id";
$increment = $this->database->exec($sql, true, [":id" => $id])[0]['increment'];
return $increment;
public function decrease_trainings($id)
$sql = "UPDATE `%PREFIX%_profiles` SET `trainings`= trainings - 1 WHERE id IN ({$this->getIncrement_trainings($id)});";
$this->database->exec($sql, false);
public function add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
$drivers = implode(",", $drivers);
$crew = implode(",", $crew);
$increment = implode(",", $increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_services` (`id`, `date`, `code`, `beginning`, `end`, `chief`, `drivers`, `crew`, `place`, `notes`, `type`, `increment`, `inserted_by`) VALUES (NULL, :date, :code, :beginning, :end, :chief, :drivers, :crew, :place, :notes, :type, :increment, :inserted_by);";
$this->database->exec($sql, false, [":date" => $date, ":code" => $code, "beginning" => $beginning, ":end" => $end, ":chief" => $chief, ":drivers" => $drivers, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":type" => $type, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->user->log("Service added");
public function remove_service($id)
$this->database->exec("DELETE FROM `%PREFIX%_services` WHERE `id` = :id", true, [":id" => $id]);
$this->user->log("Service removed");
public function edit_service($id, $date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by)
$this->add_service($date, $code, $beginning, $end, $chief, $drivers, $crew, $place, $notes, $type, $increment, $inserted_by);
$this->user->log("Service edited");
public function add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
$crew = implode(",", $crew);
$increment = implode(",", $increment);
$date = date('Y-m-d H:i:s', strtotime($date));
$sql = "INSERT INTO `%PREFIX%_trainings` (`id`, `date`, `name`, `beginning`, `end`, `chief`, `crew`, `place`, `notes`, `increment`, `inserted_by`) VALUES (NULL, :date, :name, :start_time, :end_time, :chief, :crew, :place, :notes, :increment, :inserted_by);";
$this->database->exec($sql, false, [":date" => $date, ":name" => $name, "start_time" => $start_time, ":end_time" => $end_time, ":chief" => $chief, ":crew" => $crew, ":place" => $place, ":notes" => $notes, ":increment" => $increment, ":inserted_by" => $inserted_by]);
$this->user->log("Training added");
public function remove_training($id)
$this->database->exec("DELETE FROM `%PREFIX%_trainings` WHERE `id` = :id", true, [":id" => $id]);
$this->user->log("Training removed");
public function edit_training($id, $date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by)
$this->add_training($date, $name, $start_time, $end_time, $chief, $crew, $place, $notes, $increment, $inserted_by);
$this->user->log("Training edited");
2020-11-13 18:57:47 +01:00
class translations
public $loaded_languages = ["en", "it"];
public $default_language = "en";
public $language = null;
public $client_languages = ["en"];
public $loaded_translations = [];
public $filename = "";
public function client_languages()
$client_languages = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
2020-07-02 21:45:45 +02:00
} else {
2020-11-13 18:57:47 +01:00
$client_languages = "en-US;q=0.5,en;q=0.3";
2020-07-02 21:45:45 +02:00
2020-11-13 18:57:47 +01:00
if(strpos($client_languages, ';') == false) {
if(strpos($client_languages, '-') !== false) {
return [substr($client_languages, 0, 5)];
2020-07-02 21:45:45 +02:00
} else {
2020-11-13 18:57:47 +01:00
return [substr($client_languages, 0, 2)];
2020-07-02 21:45:45 +02:00
2020-11-13 18:57:47 +01:00
} else {
$client_languages = explode(",", $client_languages);
$tmp_languages = [];
2021-04-04 21:44:35 +02:00
foreach($client_languages as $language){
2020-11-13 18:57:47 +01:00
if(strpos($language, ';') == false) {
$tmp_languages[$language] = 1;
} else {
$tmp_languages[explode(";q=", $language)[0]] = (float) explode(";q=", $language)[1];
return array_keys($tmp_languages);
2020-07-02 21:45:45 +02:00
public function __construct($force_language)
2020-11-13 18:57:47 +01:00
$this->client_languages = $this->client_languages();
2020-12-20 21:40:53 +01:00
if(isset($_COOKIE["forceLanguage"]) && in_array($_COOKIE["forceLanguage"], $this->loaded_languages)){
2020-12-16 17:59:47 +01:00
$this->language = $_COOKIE["forceLanguage"];
} else if($force_language && in_array($force_language, $this->loaded_languages)){
$this->language = $force_language;
2020-12-16 17:59:47 +01:00
} else {
foreach($this->client_languages as $language){
if(in_array($language, $this->loaded_languages) && $this->language == null) {
$this->language = $language;
if($this->language == null) {
$this->language = "en";
2020-11-13 18:57:47 +01:00
$file_infos = pathinfo(array_reverse(debug_backtrace())[0]['file']);
if(strpos($file_infos['dirname'], 'resources') !== false) {
$this->filename = "../../translations/".$this->language."/".$file_infos['basename'];
} else {
$this->filename = "translations/".$this->language."/".$file_infos['basename'];
if (file_exists($this->filename)) {
$this->loaded_translations = array_merge(include "translations/".$this->language."/base.php", include $this->filename);
} else {
$this->loaded_translations = include "translations/".$this->language."/base.php";
} catch(Exception $e) {
$this->loaded_translations = include "../../translations/".$this->language."/base.php";
2020-07-02 21:45:45 +02:00
2020-11-13 18:57:47 +01:00
public function translate($string)
try {
if (!array_key_exists($string, $this->loaded_translations)) {
throw new Exception('string does not exist');
return $this->loaded_translations[$string];
} catch (\Exception $e) {
bdump($e, $string);
return $string;
2020-11-13 18:57:47 +01:00
2021-04-01 22:29:18 +02:00
$webpack_manifest_path = realpath("resources/dist/manifest.json");
2020-11-13 18:57:47 +01:00
function init_class($enableDebugger=true, $headers=true)
2021-03-24 17:10:44 +01:00
global $tools, $database, $user, $crud, $translations, $debugbar;
2020-11-13 18:57:47 +01:00
if(!isset($tools) && !isset($database) && !isset($translations)) {
$database = new database();
2021-03-24 15:20:42 +01:00
$tools = new tools($database->get_option("check_cf_ip"), $enableDebugger);
2020-11-13 18:57:47 +01:00
$user = new user($database, $tools);
2021-03-24 17:10:44 +01:00
$crud = new crud($tools, $database, $user);
2021-03-24 15:20:42 +01:00
$translations = new translations($database->get_option("force_language"));
2020-11-13 18:57:47 +01:00
if($headers) {
2021-02-20 21:05:03 +01:00
//TODO adding require-trusted-types-for 'script';
2021-03-24 15:20:42 +01:00
$csp = "default-src 'self' data: *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; object-src; style-src 'self' 'unsafe-inline';";
2021-02-20 21:05:03 +01:00
$csp .= " report-uri ".SENTRY_CSP_REPORT_URI.";";
2020-11-13 18:57:47 +01:00
header("Content-Security-Policy: $csp");
header("X-Content-Security-Policy: $csp");
header("X-WebKit-CSP: $csp");
header("X-XSS-Protection: 1; mode=block");
header("X-Content-Type-Options: nosniff");
header("Feature-Policy: autoplay 'none'; camera 'none'; microphone 'none'; payment 'none'");
2021-03-01 16:35:56 +01:00
Sentry\configureScope(function (Sentry\State\Scope $scope): void {
global $user, $translations;
2021-03-01 22:39:49 +01:00
$id = $user->auth->getUserId();
$username = $user->nameById($id);
if($username !== false){
'id' => $id,
'username' => $username
2021-03-01 16:35:56 +01:00
$scope->setTag('page.locale', $translations->client_languages[0]);
2021-03-04 09:52:11 +01:00
} else {
//TODO: add Monolog here
2021-03-01 16:35:56 +01:00
2021-03-04 09:52:11 +01:00
if($enableDebugger && $user->requireRole(Role::DEVELOPER)) {
$debugbar = new StandardDebugBar();
2021-03-05 23:27:17 +01:00
$dir = str_replace("resources\ajax\\", "", __DIR__).DIRECTORY_SEPARATOR.'debug_storage';
$debugbar->setStorage(new DebugBar\Storage\FileStorage($dir));
2021-03-04 09:52:11 +01:00
$debugbar->addCollector(new DebugBar\DataCollector\PDO\PDOCollector($database->connection));
$debugbar->addCollector(new DebugBar\DataCollector\ConfigCollector($database->options));
} else {
2021-03-04 09:52:11 +01:00
$debugbar = null;
function customErrorPage() {
2021-04-01 22:29:18 +02:00
global $webpack_manifest_path;
2021-03-04 09:52:11 +01:00
$error = error_get_last();
if ($error) {
2021-04-04 21:44:35 +02:00
2021-04-01 22:29:18 +02:00
2021-03-01 16:35:56 +01:00
2020-09-01 12:27:32 +02:00
2021-03-04 09:52:11 +01:00
setcookie("disableServiceWorkerInstallation", true);
} else if(isset($_GET["enableSW"])){
setcookie("disableServiceWorkerInstallation", false, time() - 3600);
setcookie("forceServiceWorkerInstallation", false, time() - 3600);
} else if(isset($_GET["forceSW"])){
setcookie("disableServiceWorkerInstallation", false, time() - 3600);
setcookie("forceServiceWorkerInstallation", true);
2020-07-02 21:45:45 +02:00
2020-11-13 18:57:47 +01:00
function t($string, $echo=true)
global $translations;
if($echo) {
echo $translations->translate($string);
} else {
2020-11-13 18:57:47 +01:00
return $translations->translate($string);
2020-07-02 23:49:41 +02:00
2020-11-13 18:57:47 +01:00
function s($string, $echo=true, $htmlAllowed=false, $htmlPurifierOptions=[])
global $tools;
if($echo) {
echo $tools->sanitize($string, $htmlAllowed, $htmlPurifierOptions);
} else {
return $tools->sanitize($string, $htmlAllowed, $htmlPurifierOptions);
2020-11-13 18:57:47 +01:00
function p_start($name=null)
global $tools;
2020-11-13 18:57:47 +01:00
function p_stop($name=null)
global $tools;