@php
use App\Models\UserData;
$GLOBALS['activenotify'] = true;
$compromised = false;
function notification($dismiss = '', $ntid, $heading, $body) {
$dismissBtn = '';
if ($dismiss) {
$dismissBtn = 'Dismiss';
}
echo <<
MODAL;
}
function notificationCard($ntid, $icon, $heading, $subheading) {
echo "
";
}
//security check, checks if config files got compromised
if(auth()->user()->role == 'admin'){
$serversb = $_SERVER['SERVER_NAME'];
$urisb = $_SERVER['REQUEST_URI'];
// Tests if a URL has a valid SSL certificate
function has_sslsb( $domain ) {
$ssl_check = @fsockopen( 'ssl://' . $domain, 443, $errno, $errstr, 30 );
$res = !! $ssl_check;
if ( $ssl_check ) { fclose( $ssl_check ); }
return $res;
}
// Changes probed URL to HTTP if no valid SSL certificate is present, otherwise an error would be thrown
if (has_sslsb($serversb)) {
$actual_linksb = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
} else {
$actual_linksb = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
}
function getUrlSatusCodesb($urlsb, $timeoutsb = 3)
{
$chsb = curl_init();
$optssb = array(CURLOPT_RETURNTRANSFER => true, // do not output to browser
CURLOPT_URL => $urlsb,
CURLOPT_NOBODY => true, // do a HEAD request only
CURLOPT_TIMEOUT => $timeoutsb);
curl_setopt_array($chsb, $optssb);
curl_exec($chsb);
$status = curl_getinfo($chsb, CURLINFO_HTTP_CODE);
curl_close($chsb);
return $status;
}
// Files or directories to test if accessible externally
$url1sb = getUrlSatusCodesb($actual_linksb . '/../../.env');
$url2sb = getUrlSatusCodesb($actual_linksb . '/../../database/database.sqlite');
// sets compromised to true if config files got compromised
if($url1sb == '200' or $url2sb == '200') {
$compromised = true;
} else {
$compromised = false;
}
}
// end security check
$notifyID = Auth::user()->id;
@endphp
{{-- Notification Cards --}}
@php
$notifications = [
[
'id' => 'modal-1',
'icon' => 'bi bi-exclamation-triangle-fill text-danger',
'title' => 'Your security is at risk!',
'message' => 'Immediate action is required!',
'condition' => $compromised,
'dismiss' => 'Dismiss this notification',
'adminonly' => true,
],
[
'id' => 'modal-star',
'icon' => 'bi bi-heart-fill',
'title' => 'Enjoying Linkstack?',
'message' => 'Help Us Out',
'condition' => UserData::getData($notifyID, 'hide-star-notification') !== true,
'dismiss' => 'Hide this notification',
'adminonly' => true,
],
];
$shownNotifications = array_filter($notifications, function($notification) {
return $notification['condition'] && (!$notification['adminonly'] || (auth()->user()->role == 'admin'));
});
@endphp
@if(count($shownNotifications) > 0)
@foreach($shownNotifications as $notification)
@push('notifications')
{{ notificationCard($notification['id'], $notification['icon'], $notification['title'], $notification['message'], $notification['dismiss']) }}
@endpush
@endforeach
@else
@php $GLOBALS['activenotify'] = false; @endphp
@push('notifications')
No notifications
@endpush
@endif
{{-- Notification Modals --}}
@push('sidebar-scripts') @php
notification('', 'modal-1', 'Your security is at risk!', 'Your security is at risk. Some files can be accessed by everyone. Immediate action is required!
Some important files, are publicly accessible, putting your security at risk. Please take immediate action to revoke public access to these files to prevent unauthorized access to your sensitive information.
Learn more.');
notification('hide-star-notification', 'modal-star', 'Support Linkstack', 'If you\'re enjoying using Linkstack, we would greatly appreciate it if you could take a moment to give our project a star on GitHub. Your support will help us reach a wider audience and improve the quality of our project.
If you\'re able to make a financial contribution, even a small amount would help us cover the costs of maintaining and improving Linkstack.
Thank you for your support and for being a part of the LinkStack community!');
@endphp @endpush
@php
if(isset($_GET['dismiss'])) {
$dismiss = $_GET['dismiss'];
$param = str_replace('dismiss=', '', $dismiss);
UserData::saveData($notifyID, $param, true);
exit(header("Location: " . url()->current()));
}
@endphp