Home Explore Help
Sign In
LBP
/
Organizr
mirror of https://github.com/causefx/Organizr.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #710 from causefx/cero-dev

Cero dev
causefx 8 years ago
parent
971b42d098 2525f5b3c5
commit
863a203731
4 changed files with 85 additions and 40 deletions
Split View Show Diff Stats
  1. 16 15
      error.php
  2. 53 2
      functions.php
  3. 5 5
      index.php
  4. 11 18
      user.php

+ 16 - 15
error.php
View File 

@@ -8,9 +8,9 @@ $databaseConfig = configLazy('config/config.php');
 
 // Load USER
 
 require_once("user.php");
 
 $USER = new User("registration_callback");
 
-if(isset($_GET['error']) && $_GET['error'] !== '404'){
 
-    $status = (isset($_GET['error'])?$_GET['error']:404);
 
-    setcookie('lec', $status, time() + (5), "/", DOMAIN);
 
+if(isset($_GET['error'])){
 
+    $status = (isset($_GET['error'])?$_GET['error']:123);
 
+    setcookie('lec', $status, time() + (3), "/", DOMAIN);
 
     http_response_code($status);
 
     //get file name
 
     if(!empty($_SERVER['PHP_SELF'])){
 
@@ -24,7 +24,7 @@ if(isset($_GET['error']) && $_GET['error'] !== '404'){
 
     exit();
 
 }
 
 if(!isset($_COOKIE['lec'])) {
 
-    $status = '404';
 
+    $status = '123';
 
 } else {
 
     $status = $_COOKIE['lec'];
 
 }
 
@@ -41,17 +41,18 @@ foreach(loadAppearance() as $key => $value) {
 
 //error stuff
 
 $requested = $_SERVER['REQUEST_URI'];
 
 $codes = array(
 
-       400 => array('Bad Request', 'The server cannot or will not process the request due to an apparent client error.', 'sowwy','400'),
 
-       401 => array('Unauthorized', 'You do not have access to this page.', 'sowwy','401'),
 
-       403 => array('Forbidden', 'The server has refused to fulfill your request.', 'sowwy','403'),
 
-       404 => array('Not Found', $requested . ' was not found on this server.', 'confused','404'),
 
-       405 => array('Method Not Allowed', 'The method specified in the Request-Line is not allowed for the specified resource.', 'confused','405'),
 
-       408 => array('Request Timeout', 'Your browser failed to send a request in the time allowed by the server.', 'sowwy','408'),
 
-       500 => array('Internal Server Error', 'The request was unsuccessful due to an unexpected condition encountered by the server.', 'confused','500'),
 
-       502 => array('Bad Gateway', 'The server received an invalid response from the upstream server while trying to fulfill the request.', 'confused','502'),
 
-       503 => array('Service Unavailable', 'The server is currently unavailable (because it is overloaded or down for maintenance).', 'confused','503'),
 
-       504 => array('Gateway Timeout', 'The upstream server failed to send a request in the time allowed by the server.', 'confused','504'),
 
-       999 => array('Not Logged In', 'You need to be logged in to access this page.', 'confused', '401'),
 
+    123 => array('No Error Set', 'No error was set.', 'sowwy','---'),
 
+    400 => array('Bad Request', 'The server cannot or will not process the request due to an apparent client error.', 'sowwy','400'),
 
+    401 => array('Unauthorized', 'You do not have access to this page.', 'sowwy','401'),
 
+    403 => array('Forbidden', 'The server has refused to fulfill your request.', 'sowwy','403'),
 
+    404 => array('Not Found', $requested . ' was not found on this server.', 'confused','404'),
 
+    405 => array('Method Not Allowed', 'The method specified in the Request-Line is not allowed for the specified resource.', 'confused','405'),
 
+    408 => array('Request Timeout', 'Your browser failed to send a request in the time allowed by the server.', 'sowwy','408'),
 
+    500 => array('Internal Server Error', 'The request was unsuccessful due to an unexpected condition encountered by the server.', 'confused','500'),
 
+    502 => array('Bad Gateway', 'The server received an invalid response from the upstream server while trying to fulfill the request.', 'confused','502'),
 
+    503 => array('Service Unavailable', 'The server is currently unavailable (because it is overloaded or down for maintenance).', 'confused','503'),
 
+    504 => array('Gateway Timeout', 'The upstream server failed to send a request in the time allowed by the server.', 'confused','504'),
 
+    999 => array('Not Logged In', 'You need to be logged in to access this page.', 'confused', '401'),
 
 );
 
 $errorTitle = ($codes[$status][0]) ? $codes[$status][0] : "Error";
 
 $message = ($codes[$status][1]) ? $codes[$status][1] : "An Error Occured";

+ 53 - 2
functions.php
View File 

@@ -37,6 +37,56 @@ function debug_out($variable, $die = false) {
 
 	if ($die) { http_response_code(503); die(); }
 
 }
 
 
+//Cookie Function
 
+function coookie($type, $name, $value = '', $days = -1){
 
+	if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https"){
 
+		$Secure = true;
 
+ 	   	$HTTPOnly = true;
 
+	}elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
 
+		$Secure = true;
 
+ 	   	$HTTPOnly = true;
 
+	} else {
 
+		$Secure = false;
 
+ 	   	$HTTPOnly = false;
 
+   }
 
+	$Path = '/';
 
+	$Domain = $_SERVER['HTTP_HOST'];
 
+	$Port = strpos($Domain, ':');
 
+	if ($Port !== false)  $Domain = substr($Domain, 0, $Port);
 
+	$Port = strpos($Domain, ':');
 
+	$check = substr_count($Domain, '.');
 
+	if($check >= 3){
 
+		if(is_numeric($Domain[0])){
 
+			$Domain = '';
 
+		}else{
 
+			$Domain = '.'.explode('.',$Domain)[1].'.'.explode('.',$Domain)[2].'.'.explode('.',$Domain)[3];
 
+		}
 
+	}elseif($check == 2){
 
+		$Domain = '.'.explode('.',$Domain)[1].'.'.explode('.',$Domain)[2];
 
+	}elseif($check == 1){
 
+		$Domain = '.' . $Domain;
 
+	}else{
 
+		$Domain = '';
 
+	}
 
+	if($type = 'set'){
 
+		$_COOKIE[$name] = $value;
 
+		header('Set-Cookie: ' . rawurlencode($name) . '=' . rawurlencode($value)
 
+							. (empty($days) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', time() + (86400 * $days)) . ' GMT')
 
+							. (empty($Path) ? '' : '; path=' . $Path)
 
+							. (empty($Domain) ? '' : '; domain=' . $Domain)
 
+							. (!$Secure ? '' : '; secure')
 
+							. (!$HTTPOnly ? '' : '; HttpOnly'), false);
 
+	}elseif($type = 'delete'){
 
+		unset($_COOKIE[$name]);
 
+		header('Set-Cookie: ' . rawurlencode($name) . '=' . rawurlencode($value)
 
+							. (empty($days) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', time() - 3600) . ' GMT')
 
+							. (empty($Path) ? '' : '; path=' . $Path)
 
+							. (empty($Domain) ? '' : '; domain=' . $Domain)
 
+							. (!$Secure ? '' : '; secure')
 
+							. (!$HTTPOnly ? '' : '; HttpOnly'), false);
 
+	}
 
+
 
+}
 
 // ==== Auth Plugins START ====
 
 if (function_exists('ldap_connect')) :
 
 	// Pass credentials to LDAP backend
 
@@ -4791,7 +4841,7 @@ function getOmbiToken($username, $password){
 
 		"rememberMe" => "true",
 
          );
 
 	$api = curl_post(OMBIURL."/api/v1/Token", $json, $headers);
 
-	if (isset($result['content'])) {
 
+	if (isset($api['content'])) {
 
 		return json_decode($api['content'], true)['access_token'];
 
 	}else{
 
 		return false;
 
@@ -5088,7 +5138,8 @@ function outputOmbiRequests($header = "Requested Content", $items, $script = fal
 
 	$hideMenu .= '<li data-filter="item-all" data-name="Content" data-filter-on="false"><a class="js-filter-all" href="javascript:void(0)">All</a></li>';
 
     $hideMenu .= '</ul></div></div>';
 
     // If None Populate Empty Item
 
-    if (count(array_flip($items)) < 1) {
 
+    //if (count(array_flip($items)) < 1) {
 
+	if (!count($items)) {
 
         return '<div id="recentRequests" class="content-box box-shadow big-box"><h5 class="text-center">'.$header.'</h5><p class="text-center">No Requests Found</p></div>';
 
     }else{
 
 		$className = str_replace(' ', '', $header);

+ 5 - 5
index.php
View File 

@@ -1348,12 +1348,12 @@ $group = (isset($group) ? $group : "guest");
 
 		<?php if($configReady == "Yes") {
 
 			if($USER->authenticated){ ?>
 
 				if (localStorageSupport) {
 
-					if(getCookie('mpt') !== ''){
 
-						localStorage.setItem("myPlexAccessToken",getCookie('mpt'));
 
-					}
 
-					if(getCookie('Auth') !== ''){
 
-						localStorage.setItem("id_token",getCookie('Auth'));
 
+					<?php if(isset($_COOKIE['mpt'])){
 
+						echo 'localStorage.setItem("myPlexAccessToken","'.$_COOKIE['mpt'].'");';
 
 					}
 
+					if(isset($_COOKIE['Auth'])){
 
+						echo 'localStorage.setItem("id_token","'.$_COOKIE['Auth'].'");';
 
+					}?>
 
 				}
 
 		<?php }else{?>
 
 			if (localStorageSupport) {

+ 11 - 18
user.php
View File 

@@ -434,18 +434,11 @@
 
 		{
 
 			$_SESSION["username"] = User::GUEST_USER;
 
 			$_SESSION["token"] = -1;
 
-            unset($_COOKIE['cookiePassword']);
 
-            setcookie("cookiePassword", '', time() - 3600, '/', DOMAIN);
 
-            setcookie("cookiePassword", '', time() - 3600, '/');
 
-			unset($_COOKIE['Auth']);
 
-            setcookie("Auth", '', time() - 3600, '/', DOMAIN);
 
-            setcookie("Auth", '', time() - 3600, '/');
 
-			unset($_COOKIE['mpt']);
 
-            setcookie("mpt", '', time() - 3600, '/', DOMAIN);
 
-            setcookie("mpt", '', time() - 3600, '/');
 
-			unset($_COOKIE['Organizr_Token']);
 
-            setcookie("Organizr_Token", '', time() - 3600, '/', DOMAIN);
 
-            setcookie("Organizr_Token", '', time() - 3600, '/');
 
+			coookie('delete','cookiePassword');
 
+			coookie('delete','Auth');
 
+			coookie('delete','mpt');
 
+			coookie('delete','Organizr_Token');
 
+
 
 		}
 
 		/**
 
 		 * Validate a username. Empty usernames or names
 
@@ -483,7 +476,7 @@
 
 			$token = $this->get_user_token($username);
 
 			//Check Token with Session
 
 			if(isset($_SESSION["token"])){
 
-				if($token == $_SESSION["token"]) { setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN); return true; }
 
+				if($token == $_SESSION["token"]) { coookie('set','cookiePassword',COOKIEPASSWORD,7); return true; }
 
 			}
 
 			//Check Token with JWT
 
 			if(isset($_COOKIE['Organizr_Token'])){
 
@@ -746,23 +739,23 @@
 
 					$_SESSION["Organizr_Token"] = $jwttoken;
 
 					// authentication passed - 2) signal authenticated
 
 					if($remember == "true") {
 
-						setcookie("Organizr_Token", $jwttoken, time() + (86400 * 7), "/", DOMAIN);
 
+						coookie('set','Organizr_Token',$jwttoken,7);
 
 					}else{
 
-						setcookie("Organizr_Token", $jwttoken, time() + (86400 * 1), "/", DOMAIN);
 
+						coookie('set','Organizr_Token',$jwttoken,1);
 
 					}
 
 					if(OMBIURL){
 
 						$ombiToken = getOmbiToken($username, $password);
 
 						if($ombiToken){
 
-							setcookie("Auth", $ombiToken, time() + (86400 * 7), "/", DOMAIN);
 
+							coookie('set','Auth',$ombiToken,7);
 
 						}
 
 					}
 
 					if(PLEXURL && isset($authSuccess['token'])){
 
-						setcookie("mpt", $authSuccess['token'], time() + (86400 * 7), "/", DOMAIN);
 
+						coookie('set','mpt',$authSuccess['token'],7);
 
 					}
 
 					$this->info("Welcome $username");
 
 					file_put_contents(FAIL_LOG, $buildLog($username, "good_auth"));
 
 					chmod(FAIL_LOG, 0660);
 
-					setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
 
+					coookie('set','cookiePassword',COOKIEPASSWORD,7);
 
      				writeLog("success", "$username has logged in");
 
 					return true;
 
 				} else if (AUTHBACKENDCREATE !== 'false' && $surface) {