Added lockout system

added token backend work

api/config/default.php

@@ -159,5 +159,9 @@ return array(
 	'pingMs' => false,
 	'pingAuthMs' => '1',
 	'notificationBackbone' => 'izi',
-	'notificationPosition' => 'br'
+	'notificationPosition' => 'br',
+	'lockoutSystem' => false,
+	'lockoutTimeout' => '60',
+	'lockoutMaxAuth' => '0',
+	'lockoutMinAuth' => '1'
 );

api/functions/organizr-functions.php

@@ -53,6 +53,12 @@ function organizrSpecialSettings()
 		'notifications' => array(
 			'backbone' => $GLOBALS['notificationBackbone'],
 			'position' => $GLOBALS['notificationPosition']
+		),
+		'lockout' => array(
+			'enabled' => $GLOBALS['lockoutSystem'],
+			'timer' => $GLOBALS['lockoutTimeout'],
+			'minGroup' => $GLOBALS['lockoutMinAuth'],
+			'maxGroup' => $GLOBALS['lockoutMaxAuth']
 		)
 	);
 }
@@ -208,6 +214,56 @@ function recover($array)
 	}
 }
 
+function unlock($array)
+{
+	if ($array['data']['password'] == '') {
+		return 'Password Not Set';
+	}
+	try {
+		$connect = new Dibi\Connection([
+			'driver' => 'sqlite3',
+			'database' => $GLOBALS['dbLocation'] . $GLOBALS['dbName'],
+		]);
+		$result = $connect->fetch('SELECT * FROM users WHERE id = ?', $GLOBALS['organizrUser']['userID']);
+		if (!password_verify($array['data']['password'], $result['password'])) {
+			return 'Password Incorrect';
+		}
+		$connect->query('
+            UPDATE users SET', [
+			'locked' => ''
+		], '
+            WHERE id=?', $GLOBALS['organizrUser']['userID']);
+		writeLog('success', 'User Lockout Function - User: ' . $GLOBALS['organizrUser']['username'] . '\'s account unlocked', $GLOBALS['organizrUser']['username']);
+		return true;
+	} catch (Dibi\Exception $e) {
+		writeLog('error', 'User Management Function - Error - User: ' . $GLOBALS['organizrUser']['username'] . ' An error Occured', $GLOBALS['organizrUser']['username']);
+		return 'an error occured';
+	}
+}
+
+function lock()
+{
+	if ($GLOBALS['organizrUser']['userID'] == '999') {
+		return 'Not Allowed on Guest';
+	}
+	try {
+		$connect = new Dibi\Connection([
+			'driver' => 'sqlite3',
+			'database' => $GLOBALS['dbLocation'] . $GLOBALS['dbName'],
+		]);
+		$connect->query('
+            UPDATE users SET', [
+			'locked' => '1'
+		], '
+            WHERE id=?', $GLOBALS['organizrUser']['userID']);
+		writeLog('success', 'User Lockout Function - User: ' . $GLOBALS['organizrUser']['username'] . '\'s account unlocked', $GLOBALS['organizrUser']['username']);
+		return true;
+	} catch (Dibi\Exception $e) {
+		writeLog('error', 'User Management Function - Error - User: ' . $GLOBALS['organizrUser']['username'] . ' An error Occured', $GLOBALS['organizrUser']['username']);
+		return 'an error occured';
+	}
+}
+
 function editUser($array)
 {
 	if ($array['data']['username'] == '' && $array['data']['username'] == '') {
@@ -431,7 +487,7 @@ function getSettingsMain()
 				'label' => 'Emby Token',
 				'value' => $GLOBALS['embyToken'],
 				'placeholder' => ''
-			)
+			),
 			/*array(
 				'type' => 'button',
 				'label' => 'Send Test',
@@ -440,7 +496,34 @@ function getSettingsMain()
 				'text' => 'Send'
 			)*/
 		),
-		'Misc' => array(
+		'Security' => array(
+			array(
+				'type' => 'number',
+				'name' => 'lockoutTimeout',
+				'label' => 'Inactivity Timer [Minutes]',
+				'value' => $GLOBALS['lockoutTimeout'],
+				'placeholder' => ''
+			),
+			array(
+				'type' => 'switch',
+				'name' => 'lockoutSystem',
+				'label' => 'Inactivity Lock',
+				'value' => $GLOBALS['lockoutSystem']
+			),
+			array(
+				'type' => 'select',
+				'name' => 'lockoutMinAuth',
+				'label' => 'Lockout Groups From',
+				'value' => $GLOBALS['lockoutMinAuth'],
+				'options' => groupSelect()
+			),
+			array(
+				'type' => 'select',
+				'name' => 'lockoutMaxAuth',
+				'label' => 'Lockout Groups To',
+				'value' => $GLOBALS['lockoutMaxAuth'],
+				'options' => groupSelect()
+			),
 			array(
 				'type' => 'password-alt',
 				'name' => 'registrationPassword',

api/functions/token-functions.php

@@ -81,6 +81,14 @@ function createToken($username, $email, $image, $group, $groupID, $key, $days =
 		->getToken(); // Retrieves the generated token
 		$jwttoken->getHeaders(); // Retrieves the token headers
 		$jwttoken->getClaims(); // Retrieves the token claims
+		// Add token to DB
+		$addToken = [
+			'token' => (string)$jwttoken,
+			'user_id' => $result['id'],
+			'created' => $GLOBALS['currentTime'],
+			'expires' => gmdate("Y-m-d\TH:i:s\Z", time() + (86400 * $days))
+		];
+		$database->query('INSERT INTO [tokens]', $addToken);
 		coookie('set', 'organizrToken', $jwttoken, $days);
 		return $jwttoken;
 	} catch (Dibi\Exception $e) {
@@ -100,6 +108,12 @@ function validateToken($token, $global = false)
 					'driver' => 'sqlite3',
 					'database' => $GLOBALS['dbLocation'] . $GLOBALS['dbName'],
 				]);
+				$tokenCheck = $database->fetch('SELECT * FROM tokens WHERE user_id = ? AND token = ?', $userInfo['userID'], $token);
+				if (!$tokenCheck) {
+					// Delete cookie & reload page
+					coookie('delete', 'organizrToken');
+					$GLOBALS['organizrUser'] = false;
+				}
 				$result = $database->fetch('SELECT * FROM users WHERE id = ?', $userInfo['userID']);
 				$GLOBALS['organizrUser'] = array(
 					"token" => $token,
@@ -112,6 +126,7 @@ function validateToken($token, $global = false)
 					"image" => $result['image'],
 					"userID" => $result['id'],
 					"loggedin" => true,
+					"locked" => $result['locked']
 				);
 			} catch (Dibi\Exception $e) {
 				$GLOBALS['organizrUser'] = false;
@@ -141,7 +156,8 @@ function getOrganizrUserToken()
 			//"groupImage"=>getGuest()['image'],
 			"image" => getGuest()['image'],
 			"userID" => null,
-			"loggedin" => false
+			"loggedin" => false,
+			"locked" => false
 		);
 	}
 }

api/index.php

@@ -657,6 +657,32 @@ switch ($function) {
 				break;
 		}
 		break;
+	case 'v1_unlock':
+		switch ($method) {
+			case 'POST':
+				$result['status'] = 'success';
+				$result['statusText'] = 'success';
+				$result['data'] = unlock($_POST);
+				break;
+			default:
+				$result['status'] = 'error';
+				$result['statusText'] = 'The function requested is not defined for method: ' . $method;
+				break;
+		}
+		break;
+	case 'v1_lock':
+		switch ($method) {
+			case 'POST':
+				$result['status'] = 'success';
+				$result['statusText'] = 'success';
+				$result['data'] = lock($_POST);
+				break;
+			default:
+				$result['status'] = 'error';
+				$result['statusText'] = 'The function requested is not defined for method: ' . $method;
+				break;
+		}
+		break;
 	case 'v1_test_iframe':
 		switch ($method) {
 			case 'POST':

api/pages/lockscreen.php

@@ -1,28 +1,27 @@
 <?php
-if(file_exists('config'.DIRECTORY_SEPARATOR.'config.php')){
-$pageLockScreen = '
+if (file_exists('config' . DIRECTORY_SEPARATOR . 'config.php')) {
+	$pageLockScreen = '
 <script>
 </script>
-<section id="lockScreen" class="lock-screen" oncontextmenu="return false;">
+<section id="lockScreen" class="lock-screen" oncontextmenu="return false;" onkeydown="blockDev">
   <div class="login-box">
     <div class="white-box">
-      <form class="form-horizontal form-material" id="form-lockscreen">
+      <form class="form-horizontal form-material" id="form-lockscreen" onsubmit="return false;">
         <div class="form-group">
           <div class="col-xs-12 text-center">
-            <div class="user-thumb text-center"> <img alt="thumbnail" class="img-circle" width="100" src="'.$GLOBALS['organizrUser']['image'].'">
-              <h3>'.$GLOBALS['organizrUser']['username'].'</h3>
+            <div class="user-thumb text-center"> <img alt="thumbnail" class="img-circle" width="100" src="' . $GLOBALS['organizrUser']['image'] . '">
+              <h3>' . $GLOBALS['organizrUser']['username'] . '</h3>
             </div>
           </div>
         </div>
         <div class="form-group ">
           <div class="col-xs-12">
-            <input name="username" class="form-control" type="hidden" value="'.$GLOBALS['organizrUser']['username'].'">
-            <input name="password" class="form-control" type="password" required="" placeholder="password" lang="en">
+            <input id="unlockPassword" name="password" class="form-control" type="password" required="" placeholder="password" lang="en">
           </div>
         </div>
         <div class="form-group text-center">
           <div class="col-xs-12">
-            <button class="btn btn-info btn-lg btn-block text-uppercase waves-effect waves-light" type="submit" lang="en">Unlock</button>
+            <button class="btn btn-info btn-lg btn-block text-uppercase waves-effect waves-light unlockButton" type="submit" lang="en">Unlock</button>
           </div>
         </div>
       </form>

css/organizr.css

@@ -71,7 +71,7 @@
     background: url(../../plugins/images/login-register.jpg) center center/cover no-repeat !important;
     height: 100%;
     position: fixed;
-    z-index: 999999;
+    z-index: 1001;
     top: 0;
     width: 100%;
     -webkit-user-select: none;

js/custom.js

@@ -348,6 +348,27 @@ $(document).on("click", ".login-button", function(e) {
         console.error("Organizr Function: Login Failed");
     });
 });
+$(document).on("click", ".unlockButton", function(e) {
+    e.preventDefault;
+    var post = {
+        password:$('#unlockPassword').val()
+    };
+    organizrAPI('POST','api/?v1/unlock',post).success(function(data) {
+        var html = JSON.parse(data);
+        console.log(html);
+        if(html.data == true){
+            location.reload();
+        }else if(html.data == 'Password Incorrect'){
+            message('Login Error',' Wrong password',activeInfo.settings.notifications.position,'#FFF','warning','10000');
+            console.error('Organizr Function: Login failed - wrong password');
+        }else{
+            message('Login Error',html.data,activeInfo.settings.notifications.position,'#FFF','warning','10000');
+            console.error('Organizr Function: Login failed');
+        }
+    }).fail(function(xhr) {
+        console.error("Organizr Function: Login Failed");
+    });
+});
 $(document).on("click", ".register-button", function(e) {
     e.preventDefault;
     var post = $( '#registerForm' ).serializeArray();
@@ -1604,6 +1625,9 @@ $(document).on('keydown', '#request-input', function () {
 $(document).on('keydown', '#mediaSearchQuery', function () {
   clearTimeout(typingTimer);
 });
+$(document).on('keydown', 'body', function () {
+    blockDev();
+});
 /* ===== Open-Close Right Sidebar ===== */
 
 $(document).on("click", ".right-side-toggle", function () {

js/functions.js

@@ -88,17 +88,18 @@ function isNumberKey(evt) {
     return true;
 }
 function timerIncrement() {
-    idleTime = idleTime + 1;
-    if (idleTime > 19) { // 20 minutes
-        //window.location.reload();
-		console.log('timedout!');
+    //check for cookieExpiry
+    if(hasCookie){
+        if(getCookie('organizrToken')){
+            //do nothing
+        }else{
+            location.reload();
+        }
     }
-	//check for cookieExpiry
-	if(hasCookie){
-		if(getCookie('organizrToken')){
-			//do nothing
-		}else{
-			location.reload();
+    idleTime = idleTime + 1;
+    if (idleTime > activeInfo.settings.lockout.timer && $('#lockScreen').length !== 1) {
+        if(activeInfo.user.groupID <= activeInfo.settings.lockout.minGroup && activeInfo.user.groupID >= activeInfo.settings.lockout.maxGroup){
+            lock();
         }
     }
 }
@@ -2096,7 +2097,7 @@ function loadAppearance(appearance){
 				background: url(`+appearance.loginWallpaper+`) center center/cover no-repeat!important;
 			    height: 100%;
 			    position: fixed;
-			    z-index: 999999;
+			    z-index: 1001;
 			    top: 0;
 			    width: 100%;
 			    -webkit-user-select: none;
@@ -4292,6 +4293,26 @@ function messageSingle(heading,text,position,color,icon,timeout){
         setTimeout(function(){ messageSingle(heading,text,position,color,icon,timeout); }, 100);
     }
 }
+function blockDev(e) {
+    var evtobj = window.event? event : e
+    if (evtobj.keyCode == 73 && evtobj.shiftKey && evtobj.ctrlKey){
+        evtobj.preventDefault();
+    }
+}
+function lock(){
+    organizrAPI('POST','api/?v1/lock','').success(function(data) {
+        var html = JSON.parse(data);
+        console.log(html);
+        if(html.data == true){
+            location.reload();
+        }else{
+            message('Login Error',html.data,activeInfo.settings.notifications.position,'#FFF','warning','10000');
+            console.error('Organizr Function: Login failed');
+        }
+    }).fail(function(xhr) {
+        console.error("Organizr Function: Login Failed");
+    });
+}
 function launch(){
 	organizrConnect('api/?v1/launch_organizr').success(function (data) {
         try {
@@ -4345,12 +4366,16 @@ function launch(){
 				break;
 			case "ok":
 				loadAppearance(json.appearance);
-				userMenu(json);
-				categoryProcess(json);
-				tabProcess(json);
-				accountManager(json);
-				organizrSpecialSettings(json);
-                getPingList(json);
+                if(activeInfo.user.locked == 1){
+                    buildLockscreen();
+                }else{
+                    userMenu(json);
+                    categoryProcess(json);
+                    tabProcess(json);
+                    accountManager(json);
+                    organizrSpecialSettings(json);
+                    getPingList(json);
+                }
 				break;
 			default:
 				console.error('Organizr Function: Action not set or defined');