2020-04-27 23:27:39 +02:00
< ? php
2020-05-02 12:06:45 +02:00
require_once 'vendor/autoload.php' ;
use Tracy\Debugger ;
2020-04-27 23:27:39 +02:00
2020-06-02 14:54:35 +02:00
try {
require_once 'config.php' ;
} catch ( Exception $e ){
header ( 'Location: install/install.php' );
}
2020-05-02 12:06:45 +02:00
session_start ();
date_default_timezone_set ( 'Europe/Rome' );
class tools {
public function __construct (){
define ( " TOOLS " , " OK " );
}
2020-05-29 12:13:33 +02:00
public function validate_form_data ( $data , $noempty = true , $value = null ){
2020-05-02 12:06:45 +02:00
if ( ! is_array ( $data ) && isset ( $data ) && ! empty ( $data )){
if ( substr ( $data , 0 , 6 ) == '$post-' ){
$data = substr ( $data , 6 );
if ( isset ( $_POST [ $data ])){
$data = $_POST [ $data ];
}
}
}
if ( is_array ( $data )){
if ( empty ( $data )){
2020-05-29 12:13:33 +02:00
$continue = false ;
2020-05-02 12:06:45 +02:00
return false ;
} else {
2020-05-29 12:13:33 +02:00
$continue = true ;
2020-05-02 12:06:45 +02:00
}
2020-05-29 12:13:33 +02:00
if ( $continue ){
foreach ( $data as $key => $value ){
if ( ! is_array ( $value ) && isset ( $value ) && ! empty ( $value )){
if ( substr ( $value , 0 , 6 ) == '$post-' ){
$value = substr ( $value , 6 );
if ( isset ( $_POST [ $value ])){
$value = $_POST [ $value ];
2020-05-02 12:06:45 +02:00
}
}
}
2020-05-29 12:13:33 +02:00
if ( $continue ){
if ( ! is_array ( $value )){
bdump ( $value );
2020-05-02 12:06:45 +02:00
bdump ( " _ " );
2020-05-29 12:13:33 +02:00
$validazione = $this -> validate_form_data ( $value , $noempty , $value );
2020-05-02 12:06:45 +02:00
if ( ! $validazione ){
2020-05-29 12:13:33 +02:00
$continue = false ;
2020-05-02 12:06:45 +02:00
return false ;
}
}
}
}
2020-05-29 12:13:33 +02:00
if ( $continue ){
2020-05-02 12:06:45 +02:00
return true ;
}
}
} else if ( isset ( $data )) {
if ( ! empty ( $data )){
2020-05-29 12:13:33 +02:00
if ( ! is_null ( $value )){
return $value == $data ;
2020-05-02 12:06:45 +02:00
} else {
bdump ( $data );
return true ;
}
} else {
return false ;
}
} else {
return false ;
}
}
public function get_ip (){
if ( ! empty ( $_SERVER [ 'HTTP_CLIENT_IP' ])){
$ip = $_SERVER [ 'HTTP_CLIENT_IP' ];
} elseif ( ! empty ( $_SERVER [ 'HTTP_X_FORWARDED_FOR' ])){
$ip = $_SERVER [ 'HTTP_X_FORWARDED_FOR' ];
} else {
$ip = $_SERVER [ 'REMOTE_ADDR' ];
}
if ( SERVER_UNDER_CF ){
if ( ! empty ( $_SERVER [ 'HTTP_CF_CONNECTING_IP' ])){
$ip = $_SERVER [ 'HTTP_CF_CONNECTING_IP' ];
}
}
return $ip ;
}
public function get_page_url (){
if ( ! empty ( $_SERVER [ " HTTPS " ])){
if ( $_SERVER [ " HTTPS " ] == " on " ){
$protocol = " https " ;
} else {
$protocol = " http " ;
}
} else {
$protocol = " http " ;
}
$port = ( $_SERVER [ " SERVER_PORT " ] == " 80 " ) ? " " : ( " : " . $_SERVER [ " SERVER_PORT " ]);
return $protocol . " :// " . $_SERVER [ 'SERVER_NAME' ] . $port . $_SERVER [ 'REQUEST_URI' ];
}
public function redirect ( $url ){
if ( ! headers_sent ()){
header ( 'Location: ' . $url );
exit ;
} else {
echo '<script type="text/javascript">' ;
echo 'window.location.href="' . $url . '";' ;
echo '</script>' ;
echo '<noscript>' ;
echo '<meta http-equiv="refresh" content="0;url=' . $url . '" />' ;
echo '</noscript>' ;
}
}
function extract_unique ( $data ){
$array2 = [];
foreach ( $data as $arr ){
if ( is_array ( $arr )){
$tmp = $this -> extract_unique ( $arr );
foreach ( $tmp as $temp ){
if ( ! is_array ( $temp )){
if ( ! in_array ( $temp , $array2 )){
$array2 [] = $temp ;
}
}
}
} else {
if ( ! in_array ( $arr , $array2 )){
$array2 [] = $arr ;
}
}
}
return $array2 ;
}
2020-04-27 23:27:39 +02:00
}
2020-05-02 12:06:45 +02:00
class database {
protected $db_host = DB_HOST ;
protected $db_dbname = DB_NAME ;
protected $db_username = DB_USER ;
protected $db_password = DB_PASSWORD ;
2020-05-20 22:49:36 +02:00
public $connection = null ;
2020-05-02 12:06:45 +02:00
public $query = null ;
public $stmt = null ;
2020-05-29 12:13:33 +02:00
public function connect (){
2020-05-02 12:06:45 +02:00
try {
2020-05-20 22:49:36 +02:00
$this -> connection = new PDO ( " mysql:host= " . $this -> db_host . " ;dbname= " . $this -> db_dbname , $this -> db_username , $this -> db_password );
$this -> connection -> setAttribute ( PDO :: ATTR_EMULATE_PREPARES , false );
$this -> connection -> setAttribute ( PDO :: ATTR_ERRMODE , PDO :: ERRMODE_EXCEPTION );
2020-05-02 12:06:45 +02:00
}
catch ( PDOException $e )
{
exit ( $e -> getMessage ());
}
}
2020-06-05 17:56:22 +02:00
public function isOptionsEmpty (){
2020-06-05 21:03:13 +02:00
return empty ( $this -> exec ( " SELECT * FROM `%PREFIX%_options`; " , true ));
2020-06-05 17:56:22 +02:00
}
2020-05-02 12:06:45 +02:00
public function __construct (){
if ( ! defined ( " DATABASE " )){
define ( " DATABASE " , " OK " );
}
2020-05-29 12:13:33 +02:00
$this -> connect ();
2020-06-05 21:03:13 +02:00
if ( $this -> isOptionsEmpty ()){
2020-06-05 17:56:22 +02:00
header ( 'Location: install/install.php' );
}
2020-05-02 12:06:45 +02:00
}
public function close (){
2020-05-20 22:49:36 +02:00
$this -> connection = null ;
2020-05-02 12:06:45 +02:00
}
2020-05-29 12:13:33 +02:00
public function exec ( $sql , $fetch = false , $param = null ){
2020-05-02 12:06:45 +02:00
try {
2020-05-20 22:49:36 +02:00
$this -> connection -> beginTransaction ();
$this -> stmt = $this -> connection -> prepare ( str_replace ( " %PREFIX% " , DB_PREFIX , $sql ));
2020-05-02 12:06:45 +02:00
if ( ! is_null ( $param )){
$this -> query = $this -> stmt -> execute ( $param );
} else {
$this -> query = $this -> stmt -> execute ();
}
bdump ( $this -> query );
2020-05-20 22:49:36 +02:00
$this -> connection -> commit ();
2020-05-02 12:06:45 +02:00
if ( $fetch == true ){
return $this -> stmt -> fetchAll ( PDO :: FETCH_ASSOC );
}
$this -> stmt -> closeCursor ();
} catch ( PDOException $e ) {
2020-05-29 12:13:33 +02:00
print " Error!: " . $e -> getMessage () . " <br/> " ;
2020-05-20 22:49:36 +02:00
$this -> connection -> rollBack ();
2020-05-02 12:06:45 +02:00
die ();
}
}
2020-05-29 12:13:33 +02:00
public function exists ( $table , $id ){
$risultato = $this -> exec ( " SELECT :table FROM `%PREFIX%_interventi` WHERE id = :id; " , true , [ " :table " => $table , " :id " => $id ]);
2020-05-02 12:06:45 +02:00
return ! empty ( $risultato );
}
2020-05-29 12:13:33 +02:00
public function add_intervento ( $data , $codice , $uscita , $rientro , $capo , $autisti , $personale , $luogo , $note , $tipo , $incrementa , $inseritoda ){
2020-05-02 12:06:45 +02:00
$autisti = implode ( " , " , $autisti );
bdump ( $autisti );
$personale = implode ( " , " , $personale );
bdump ( $personale );
$incrementa = implode ( " , " , $incrementa );
bdump ( $incrementa );
2020-05-20 09:35:34 +02:00
$sql = " INSERT INTO `%PREFIX%_interventi` (`id`, `data`, `codice`, `uscita`, `rientro`, `capo`, `autisti`, `personale`, `luogo`, `note`, `tipo`, `incrementa`, `inseritoda`) VALUES (NULL, :data, :codice, :uscita, :rientro, :capo, :autisti, :personale, :luogo, :note, :tipo, :incrementa, :inseritoda);
2020-05-25 22:43:56 +02:00
UPDATE `%PREFIX%_profiles` SET `interventi` = interventi + 1 WHERE id IN ( : incrementa ); " ;
2020-05-29 12:13:33 +02:00
$this -> exec ( $sql , false , [ " :data " => $data , " :codice " => $codice , " uscita " => $uscita , " :rientro " => $rientro , " :capo " => $capo , " :autisti " => $autisti , " :personale " => $personale , " :luogo " => $luogo , " :note " => $note , " :tipo " => $tipo , " :incrementa " => $incrementa , " :inseritoda " => $inseritoda ]); // Non posso execre 2 query pdo con salvate le query nella classe dalla classe. Devo execrne 1 sola
2020-05-02 12:06:45 +02:00
}
}
2020-05-25 22:43:56 +02:00
final class Role {
//https://github.com/delight-im/PHP-Auth/blob/master/src/Role.php
const GUEST = \Delight\Auth\Role :: AUTHOR ;
const BASIC_VIEWER = \Delight\Auth\Role :: COLLABORATOR ;
const FULL_VIEWER = \Delight\Auth\Role :: CONSULTANT ;
const EDITOR = \Delight\Auth\Role :: CONSUMER ;
const SUPER_EDITOR = \Delight\Auth\Role :: CONTRIBUTOR ;
const DEVELOPER = \Delight\Auth\Role :: DEVELOPER ;
const TESTER = \Delight\Auth\Role :: CREATOR ;
const EXTERNAL_VIEWER = \Delight\Auth\Role :: REVIEWER ;
const ADMIN = \Delight\Auth\Role :: ADMIN ;
const SUPER_ADMIN = \Delight\Auth\Role :: SUPER_ADMIN ;
public function __construct () {}
}
2020-05-02 12:06:45 +02:00
class user {
private $database = null ;
private $tools = null ;
2020-05-25 22:43:56 +02:00
public $auth = null ;
2020-05-02 12:06:45 +02:00
public function __construct ( $database , $tools ){
$this -> database = $database ;
$this -> tools = $tools ;
2020-05-25 22:43:56 +02:00
$this -> auth = new \Delight\Auth\Auth ( $database -> connection , $tools -> get_ip (), DB_PREFIX . " _ " );
2020-05-02 12:06:45 +02:00
define ( " LOGIN " , " OK " );
}
2020-05-29 12:13:33 +02:00
public function authenticated (){
2020-05-25 22:43:56 +02:00
return $this -> auth -> isLoggedIn ();
2020-05-02 12:06:45 +02:00
}
2020-05-20 22:49:36 +02:00
public function requirelogin (){
2020-05-29 12:13:33 +02:00
if ( ! $this -> authenticated ()){
2020-05-02 12:06:45 +02:00
if ( INTRUSION_SAVE ){
if ( INTRUSION_SAVE_INFO ){
2020-05-29 12:13:33 +02:00
$params = [ " :pagina " => $this -> tools -> get_page_url (), " :ip " => $this -> tools -> get_ip (), " :data " => date ( " d/m/Y " ), " :ora " => date ( " H:i.s " ), " :servervar " => json_encode ( $_SERVER )];
2020-05-02 12:06:45 +02:00
} else {
2020-05-29 12:13:33 +02:00
$params = [ " :pagina " => $this -> tools -> get_page_url (), " :ip " => " redacted " , " :data " => date ( " d/m/Y " ), " :ora " => date ( " H:i.s " ), " :servervar " => json_encode ([ " redacted " => " true " ])];
2020-05-02 12:06:45 +02:00
}
2020-05-29 12:13:33 +02:00
$sql = " INSERT INTO `%PREFIX%_intrusions` (`id`, `pagina`, `data`, `ora`, `ip`, `servervar`) VALUES (NULL, :pagina, :data, :ora, :ip, :servervar) " ;
$this -> database -> exec ( $sql , false , $params );
2020-05-02 12:06:45 +02:00
}
$this -> tools -> redirect ( WEB_URL );
}
}
2020-05-28 23:33:10 +02:00
public function requireRole ( $role , $adminGranted = true ){
return $this -> auth -> hasRole ( $role ) || $this -> auth -> hasRole ( Role :: SUPER_ADMIN ) || ( $this -> auth -> hasRole ( Role :: ADMIN ) && $adminGranted );
2020-05-02 12:06:45 +02:00
}
2020-05-25 22:43:56 +02:00
public function name ( $replace = false ){
if ( isset ( $_SESSION [ '_user_name' ])){
2020-05-02 12:06:45 +02:00
if ( $replace ){
2020-05-25 22:43:56 +02:00
return str_replace ( " " , " _ " , $_SESSION [ '_user_name' ]);
2020-05-02 12:06:45 +02:00
} else {
2020-05-25 22:43:56 +02:00
return $_SESSION [ '_user_name' ];
2020-05-02 12:06:45 +02:00
}
} else {
2020-05-29 12:13:33 +02:00
return " not authenticated " ;
2020-05-02 12:06:45 +02:00
}
}
2020-05-25 22:43:56 +02:00
public function nameById ( $id ){
2020-05-29 12:13:33 +02:00
$profiles = $this -> database -> exec ( " SELECT `name` FROM `%PREFIX%_profiles` WHERE id = :id; " , true , [ " :id " => $id ]);
2020-05-25 22:43:56 +02:00
if ( ! empty ( $profiles )){
if ( ! is_null ( $profiles [ 0 ][ " name " ])){
return ( $profiles [ 0 ][ " name " ]);
} else {
2020-05-29 12:13:33 +02:00
$user = $this -> database -> exec ( " SELECT `username` FROM `%PREFIX%_users` WHERE id = :id; " , true , [ " :id " => $id ]);
2020-05-25 22:43:56 +02:00
if ( ! empty ( $user )){
if ( ! is_null ( $user [ 0 ][ " username " ])){
return ( $user [ 0 ][ " username " ]);
} else {
return false ;
}
} else {
return false ;
}
}
2020-05-02 12:06:45 +02:00
} else {
2020-05-25 22:43:56 +02:00
return false ;
2020-05-02 12:06:45 +02:00
}
}
2020-05-25 22:43:56 +02:00
public function hidden (){
2020-05-29 12:13:33 +02:00
$profiles = $this -> database -> exec ( " SELECT `name` FROM `%PREFIX%_profiles` WHERE hidden = 1; " , true );
2020-05-25 22:43:56 +02:00
return $profiles ;
}
public function avaible ( $name ){
2020-05-29 12:13:33 +02:00
$user = $this -> database -> exec ( " SELECT avaible FROM `%PREFIX%_users` WHERE name = :name; " , true , [ " :name " => $name ]);
2020-05-20 22:49:36 +02:00
if ( empty ( $user )){
2020-05-02 12:06:45 +02:00
return false ;
} else {
2020-05-20 23:16:45 +02:00
return $user [ 0 ][ " avaible " ];
2020-05-02 12:06:45 +02:00
}
}
public function info (){
2020-05-25 22:43:56 +02:00
return array ( " id " => $this -> auth -> getUserId (), " name " => $this -> name (), " full_viewer " => $this -> requireRole ( Role :: FULL_VIEWER ), " tester " => $this -> requireRole ( Role :: TESTER ), " developer " => $this -> requireRole ( Role :: DEVELOPER ));
2020-05-02 12:06:45 +02:00
}
2020-05-25 22:43:56 +02:00
public function login ( $name , $password , $twofa = null ){
if ( ! empty ( $name )){
2020-05-02 12:06:45 +02:00
if ( ! empty ( $password )){
2020-05-25 22:43:56 +02:00
try {
$this -> auth -> loginWithUsername ( $name , $password );
}
catch ( \Delight\Auth\InvalidEmailException $e ) {
return [ " status " => " error " , " code " => 010 , " text " => " Wrong email address " ];
die ( 'Wrong email address' );
}
catch ( \Delight\Auth\InvalidPasswordException $e ) {
return [ " status " => " error " , " code " => 011 , " text " => " Wrong password " ];
die ( 'Wrong password' );
}
catch ( \Delight\Auth\EmailNotVerifiedException $e ) {
return [ " status " => " error " , " code " => 012 , " text " => " Email not verified " ];
die ( 'Email not verified' );
}
catch ( \Delight\Auth\TooManyRequestsException $e ) {
return [ " status " => " error " , " code " => 020 , " text " => " Too many requests " ];
die ( 'Too many requests' );
}
if ( $this -> auth -> isLoggedIn ()){
2020-05-30 13:22:52 +02:00
$this -> log ( " Login " , $this -> auth -> getUserId (), $this -> auth -> getUserId (), date ( " d/m/Y " ), date ( " H:i.s " ));
2020-05-29 12:13:33 +02:00
$user = $this -> database -> exec ( " SELECT * FROM `%PREFIX%_profiles` WHERE id = :id; " , true , [ " :id " => $this -> auth -> getUserId ()]);
2020-05-25 22:43:56 +02:00
if ( ! empty ( $user )){
if ( is_null ( $user [ 0 ][ " name " ])){
$_SESSION [ '_user_name' ] = $this -> auth -> getUsername ();
} else {
$_SESSION [ '_user_name' ] = $user [ 0 ][ " name " ];
}
$_SESSION [ '_user_hidden' ] = $user [ 0 ][ " hidden " ];
$_SESSION [ '_user_disabled' ] = $user [ 0 ][ " disabled " ];
$_SESSION [ '_user_caposquadra' ] = $user [ 0 ][ " caposquadra " ];
return true ;
}
2020-05-02 12:06:45 +02:00
}
} else {
2020-05-25 22:43:56 +02:00
return [ " status " => " error " , " code " => 002 ];
2020-05-02 12:06:45 +02:00
}
} else {
2020-05-25 22:43:56 +02:00
return [ " status " => " error " , " code " => 001 ];
2020-05-02 12:06:45 +02:00
}
}
2020-05-29 14:57:13 +02:00
public function log ( $action , $changed , $editor , $date , $time ){
$params = [ " :action " => $action , " :changed " => $changed , " :editor " => $editor , " :date " => $date , " :time " => $time ];
$sql = " INSERT INTO `%PREFIX%_log` (`id`, `action`, `changed`, `editor`, `date`, `time`) VALUES (NULL, :action, :changed, :editor, :date, :time) " ;
2020-05-29 12:13:33 +02:00
$this -> database -> exec ( $sql , false , $params );
2020-05-02 12:06:45 +02:00
}
public function logout (){
2020-05-25 22:43:56 +02:00
try {
2020-05-30 13:22:52 +02:00
$this -> log ( " Logout " , $this -> auth -> getUserId (), $this -> auth -> getUserId (), date ( " d/m/Y " ), date ( " H:i.s " ));
2020-05-25 22:43:56 +02:00
$this -> auth -> destroySession ();
}
catch ( \Delight\Auth\NotLoggedInException $e ) {
die ( 'Not logged in' );
}
2020-04-28 11:09:38 +02:00
}
2020-04-27 23:27:39 +02:00
}
2020-05-02 12:06:45 +02:00
function init_class (){
2020-05-25 22:43:56 +02:00
global $user , $tools , $database ;
if ( ! isset ( $user ) && ! isset ( $tools ) && ! isset ( $database )){
2020-05-02 12:06:45 +02:00
$tools = new tools ();
$database = new database ();
2020-05-25 22:43:56 +02:00
$user = new user ( $database , $tools );
2020-05-02 12:06:45 +02:00
}
2020-05-25 22:43:56 +02:00
//if($user->requireRole(Role::DEVELOPER)){
2020-05-02 12:06:45 +02:00
Debugger :: enable ( Debugger :: DEVELOPMENT , __DIR__ . '/error-log' );
2020-05-25 22:43:56 +02:00
//} else {
//Debugger::enable(Debugger::PRODUCTION, __DIR__ . '/error-log');
//}
2020-05-02 12:06:45 +02:00
}