Просмотр исходного кода

Merge pull request #705 from causefx/cero-dev

Cero dev
causefx 8 лет назад
Родитель
Сommit
c1da2cc10d
12 измененных файлов с 76 добавлено и 57 удалено
  1. 7 1
      auth.php
  2. 10 10
      error.php
  3. 26 9
      functions.php
  4. 2 2
      lang/de.ini
  5. 1 1
      lang/en.ini
  6. 2 2
      lang/es.ini
  7. 2 2
      lang/fr.ini
  8. 2 2
      lang/it.ini
  9. 2 2
      lang/nl.ini
  10. 2 2
      lang/pl.ini
  11. 3 8
      settings.php
  12. 17 16
      user.php

+ 7 - 1
auth.php

@@ -4,6 +4,7 @@ require_once("user.php");
 $USER = new User("registration_callback");
 $ban = isset($_GET['ban']) ? strtoupper($_GET['ban']) : "";
 $whitelist = isset($_GET['whitelist']) ? $_GET['whitelist'] : false;
+$blacklist = isset($_GET['blacklist']) ? $_GET['blacklist'] : false;
 $currentIP = get_client_ip();
 
 if ($whitelist) {
@@ -14,6 +15,11 @@ if ($whitelist) {
 		$skipped = true;
 	}
 }
+if ($blacklist) {
+    if(in_array($currentIP, getWhitelist($blacklist))) {
+       !$debug ? exit(http_response_code(401)) : die("$currentIP Blacklisted");
+	}
+}
 if (isset($_GET['admin'])) {
     if($USER->authenticated && $USER->role == "admin" && !in_array(strtoupper($USER->username), getBannedUsers($ban))) {
         !$debug ? exit(http_response_code(200)) : die("$USER->username on $currentIP Authorized At Admin Level");
@@ -36,4 +42,4 @@ if ($skipped) {
 	!$debug ? exit(http_response_code(401)) : die("$USER->username on $currentIP Not Authorized Nor On Whitelist");
 }
 
-?>
+?>

+ 10 - 10
error.php

@@ -41,16 +41,16 @@ foreach(loadAppearance() as $key => $value) {
 //error stuff
 $requested = $_SERVER['REQUEST_URI'];
 $codes = array(
-       400 => array('Bad Request', 'The server cannot or will not process the request due to an apparent client error.', 'sowwy'),
-       401 => array('Unauthorized', 'You do not have access to this page.', 'sowwy'),
-       403 => array('Forbidden', 'The server has refused to fulfill your request.', 'sowwy'),
-       404 => array('Not Found', $requested . ' was not found on this server.', 'confused'),
-       405 => array('Method Not Allowed', 'The method specified in the Request-Line is not allowed for the specified resource.', 'confused'),
-       408 => array('Request Timeout', 'Your browser failed to send a request in the time allowed by the server.', 'sowwy'),
-       500 => array('Internal Server Error', 'The request was unsuccessful due to an unexpected condition encountered by the server.', 'confused'),
-       502 => array('Bad Gateway', 'The server received an invalid response from the upstream server while trying to fulfill the request.', 'confused'),
-       503 => array('Service Unavailable', 'The server is currently unavailable (because it is overloaded or down for maintenance).', 'confused'),
-       504 => array('Gateway Timeout', 'The upstream server failed to send a request in the time allowed by the server.', 'confused'),
+       400 => array('Bad Request', 'The server cannot or will not process the request due to an apparent client error.', 'sowwy','400'),
+       401 => array('Unauthorized', 'You do not have access to this page.', 'sowwy','401'),
+       403 => array('Forbidden', 'The server has refused to fulfill your request.', 'sowwy','403'),
+       404 => array('Not Found', $requested . ' was not found on this server.', 'confused','404'),
+       405 => array('Method Not Allowed', 'The method specified in the Request-Line is not allowed for the specified resource.', 'confused','405'),
+       408 => array('Request Timeout', 'Your browser failed to send a request in the time allowed by the server.', 'sowwy','408'),
+       500 => array('Internal Server Error', 'The request was unsuccessful due to an unexpected condition encountered by the server.', 'confused','500'),
+       502 => array('Bad Gateway', 'The server received an invalid response from the upstream server while trying to fulfill the request.', 'confused','502'),
+       503 => array('Service Unavailable', 'The server is currently unavailable (because it is overloaded or down for maintenance).', 'confused','503'),
+       504 => array('Gateway Timeout', 'The upstream server failed to send a request in the time allowed by the server.', 'confused','504'),
        999 => array('Not Logged In', 'You need to be logged in to access this page.', 'confused', '401'),
 );
 $errorTitle = ($codes[$status][0]) ? $codes[$status][0] : "Error";

+ 26 - 9
functions.php

@@ -2,7 +2,7 @@
 
 // ===================================
 // Define Version
- define('INSTALLEDVERSION', '1.601');
+ define('INSTALLEDVERSION', '1.603');
 // ===================================
 $debugOrganizr = true;
 if($debugOrganizr == true && file_exists('debug.php')){ require_once('debug.php'); }
@@ -1556,6 +1556,23 @@ function upgradeCheck() {
 		$createConfigSuccess = createConfig($config);
 		unset($config);
 	}
+	// Upgrade to 1.603
+	$config = loadConfig();
+	if (isset($config['database_Location']) && (!isset($config['CONFIG_VERSION']) || $config['CONFIG_VERSION'] < '1.603')) {
+		// Update Version and Commit
+		$config['CONFIG_VERSION'] = '1.603';
+		copy('config/config.php', 'config/config['.date('Y-m-d_H-i-s').'][1.601].bak.php');
+		$createConfigSuccess = createConfig($config);
+		unset($config);
+		if(file_exists('org.log')){
+			copy('org.log', DATABASE_LOCATION.'org.log');
+			unlink('org.log');
+		}
+		if(file_exists('loginLog.json')){
+			copy('loginLog.json', DATABASE_LOCATION.'loginLog.json');
+			unlink('loginLog.json');
+		}
+	}
 
 	return true;
 }
@@ -3233,20 +3250,20 @@ function strip($string){
 }
 
 function writeLog($type, $message){
-	if(file_exists("org.log")){
-		if(filesize("org.log") > 500000){
-			rename('org.log','org['.date('Y-m-d').'].log');
+	if(file_exists(DATABASE_LOCATION."org.log")){
+		if(filesize(DATABASE_LOCATION."org.log") > 500000){
+			rename(DATABASE_LOCATION.'org.log',DATABASE_LOCATION.'org['.date('Y-m-d').'].log');
 			$message2 = date("Y-m-d H:i:s")."|".$type."|".strip("ORG LOG: Creating backup of org.log to org[".date('Y-m-d')."].log ")."\n";
-			file_put_contents("org.log", $message2, FILE_APPEND | LOCK_EX);
+			file_put_contents(DATABASE_LOCATION."org.log", $message2, FILE_APPEND | LOCK_EX);
 
 		}
 	}
     $message = date("Y-m-d H:i:s")."|".$type."|".strip($message)."\n";
-    file_put_contents("org.log", $message, FILE_APPEND | LOCK_EX);
+    file_put_contents(DATABASE_LOCATION."org.log", $message, FILE_APPEND | LOCK_EX);
 }
 
 function readLog(){
-    $log = file("org.log",FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+    $log = file(DATABASE_LOCATION."org.log",FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
     $log = array_reverse($log);
     foreach($log as $line){
 		if(substr_count($line, '|') == 2){
@@ -4164,8 +4181,8 @@ function backupDB(){
 		$orgFiles = array(
 			'css' => 'custom.css',
 			'temp' => 'cus.sd',
-			'orgLog' => 'org.log',
-			'loginLog' => 'loginLog.json',
+			'orgLog' => DATABASE_LOCATION.'org.log',
+			'loginLog' => DATABASE_LOCATION.'loginLog.json',
 			'chatDB' => 'chatpack.db',
 			'config' => 'config/config.php',
 			'database' => DATABASE_LOCATION.'users.db'

+ 2 - 2
lang/de.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Angemeldet bleiben"
 FORGOT_PASSWORD = "Passwort vergessen"
 RESET_PASSWORD = "Passwort zurücksetzen"
 DATABASE_PATH = "Datenbankverzeichnis"
-SPECIFY_LOCATION = "Festlegen, wo Datenbankdateien gespeichert werden sollen."
+SPECIFY_LOCATION = "Festlegen, wo Datenbankdateien gespeichert werden sollen.  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Aktuelles Verzeichnis"
 PARENT_DIRECTORY = "Überverzeichnis"
 SET_DATABASE_LOCATION = "Datenbankverzeichnis festlegen"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "Wir benötigen immer Hilfe bei der Übersetzung. Sollten S
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Hintergrund Ladebildschirm"
 HOVER_TEXT = "Einblendungs-Text"
-COOKIE_PASSWORD = "Cookie-Passwort"
+COOKIE_PASSWORD = "Cookie-Passwort - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Konto registrieren"
 ENTER_PASSWORD_TO_REGISTER = "Registrierungspasswort eingeben"
 SUBMIT = "Absenden"

+ 1 - 1
lang/en.ini

@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "We always need help with translations.  If you speak anoth
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Loading Background"
 HOVER_TEXT = "Hover Text"
-COOKIE_PASSWORD = "Cookie Password"
+COOKIE_PASSWORD = "Cookie Password - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Create Account"
 ENTER_PASSWORD_TO_REGISTER = "Enter Password To Register"
 SUBMIT = "Submit"

+ 2 - 2
lang/es.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Recuérdame"
 FORGOT_PASSWORD = "¿Has olvidado tu contraseña?"
 RESET_PASSWORD = "Restablecimiento de contraseña"
 DATABASE_PATH = "Camino de la base de datos"
-SPECIFY_LOCATION = "¿Dónde quieres guardar los archivos de la base de datos?"
+SPECIFY_LOCATION = "¿Dónde quieres guardar los archivos de la base de datos?  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Directorio actual"
 PARENT_DIRECTORY = "Directorio matriz"
 SET_DATABASE_LOCATION = "Establecer la localización de la base de datos"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "We always need help with translations.  If you speak anoth
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Loading Background"
 HOVER_TEXT = "Hover Text"
-COOKIE_PASSWORD = "Cookie Password"
+COOKIE_PASSWORD = "Cookie Password - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Create Account"
 ENTER_PASSWORD_TO_REGISTER = "Enter Password To Register"
 SUBMIT = "Submit"

+ 2 - 2
lang/fr.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Se souvenir de moi"
 FORGOT_PASSWORD = "Mot de passe oublié"
 RESET_PASSWORD = "Réinitialiser le mot de passe"
 DATABASE_PATH = "Chemin de la base de donnés"
-SPECIFY_LOCATION = "Spécifier l'emplacement dans laquelle vous voulez sauvegarder les fichiers de la base de données."
+SPECIFY_LOCATION = "Spécifier l'emplacement dans laquelle vous voulez sauvegarder les fichiers de la base de données.  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Répertoire actuel"
 PARENT_DIRECTORY = "Répertoire parent"
 SET_DATABASE_LOCATION = "Définir l'emplacement de la base de données"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "We always need help with translations.  If you speak anoth
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Loading Background"
 HOVER_TEXT = "Hover Text"
-COOKIE_PASSWORD = "Cookie Password"
+COOKIE_PASSWORD = "Cookie Password - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Create Account"
 ENTER_PASSWORD_TO_REGISTER = "Enter Password To Register"
 SUBMIT = "Submit"

+ 2 - 2
lang/it.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Ricordami"
 FORGOT_PASSWORD = "Password dimenticata"
 RESET_PASSWORD = "Ripristina la password"
 DATABASE_PATH = "Percorso del database"
-SPECIFY_LOCATION = "Specifica dove vuoi salvare i tuoi file del database"
+SPECIFY_LOCATION = "Specifica dove vuoi salvare i tuoi file del database.  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Cartella corrente"
 PARENT_DIRECTORY = "Cartella superiore"
 SET_DATABASE_LOCATION = "Imposta posizione del database"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "We always need help with translations.  If you speak anoth
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Loading Background"
 HOVER_TEXT = "Hover Text"
-COOKIE_PASSWORD = "Cookie Password"
+COOKIE_PASSWORD = "Cookie Password - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Create Account"
 ENTER_PASSWORD_TO_REGISTER = "Enter Password To Register"
 SUBMIT = "Submit"

+ 2 - 2
lang/nl.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Onthouden"
 FORGOT_PASSWORD = "Wachtwoord vergeten"
 RESET_PASSWORD = "Reset wachtwoord"
 DATABASE_PATH = "Database Pad"
-SPECIFY_LOCATION = "Specificeer de locatie waar je de database bestanden op wilt slaan."
+SPECIFY_LOCATION = "Specificeer de locatie waar je de database bestanden op wilt slaan.  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Huidige map"
 PARENT_DIRECTORY = "Bovenliggende map"
 SET_DATABASE_LOCATION = "Database locatie instellen"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "We always need help with translations.  If you speak anoth
 UPGRADE = "Upgrade"
 LOADING_COLOR = "Loading Background"
 HOVER_TEXT = "Hover Text"
-COOKIE_PASSWORD = "Cookie Password"
+COOKIE_PASSWORD = "Cookie Password - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Create Account"
 ENTER_PASSWORD_TO_REGISTER = "Enter Password To Register"
 SUBMIT = "Submit"

+ 2 - 2
lang/pl.ini

@@ -21,7 +21,7 @@ REMEMBER_ME = "Zapamiętaj mnie"
 FORGOT_PASSWORD = "Zapomniane hasło"
 RESET_PASSWORD = "Resetuj hasło"
 DATABASE_PATH = "Ścieżka bazy danych"
-SPECIFY_LOCATION = "Określ położenie, gdzie chcesz zapisywać swoje pliki baz danych."
+SPECIFY_LOCATION = "Określ położenie, gdzie chcesz zapisywać swoje pliki baz danych.  Please choose a location outside of Web Root!  Your DB files will contain sensitive information!"
 CURRENT_DIRECTORY = "Aktualny katalog"
 PARENT_DIRECTORY = "Nadrzędny katalog"
 SET_DATABASE_LOCATION = "Ustaw położenie bazy danych"
@@ -149,7 +149,7 @@ TRANSLATIONS_ABOUT = "Zawsze potrzebujemy pomocy z tłumaczeniami.  Jeżeli znas
 UPGRADE = "Ulepsz"
 LOADING_COLOR = "Tło ładowania"
 HOVER_TEXT = "Tekst przy najechaniu kursorem"
-COOKIE_PASSWORD = "Hasło ciasteczek"
+COOKIE_PASSWORD = "Hasło ciasteczek - used for Multiple Logins, Cookie Authorization and auth_request"
 CREATE_USER = "Stwórz konto"
 ENTER_PASSWORD_TO_REGISTER = "Wpisz hasło by zarejestrować"
 SUBMIT = "Prześlij"

+ 3 - 8
settings.php

@@ -617,6 +617,7 @@ echo buildSettings(
 							'buttonType' => 'dark',
 							'buttonDrop' => '
 							<ul class="dropdown-menu">
+								<li class="dropdown-header">Choose a Theme Below</li>
 								<li id="open-themes" box="themes-box" onclick"" data-toggle="tooltip" data-placement="top" title="" data-original-title="Custom Themes Created by The Community"><a onclick="" href="#">Themes</a></li>
 								<li id="layerCakeDefault" data-toggle="tooltip" data-placement="top" title="" data-original-title="A 7 color theme based on Organizr"><a onclick="layerCake(\'Basic\',\'layerCake\');$(\'#customCSS_id\').attr(\'data-changed\', \'true\');" href="#">LAYER#CAKE Basic</a></li>
 								<li id="layerCakeCustom" data-toggle="tooltip" data-placement="top" title="" data-original-title="A 32 color theme based on Organizr"><a onclick="layerCake(\'Advanced\',\'layerCake\');$(\'#customCSS_id\').attr(\'data-changed\', \'true\');" href="#">LAYER#CAKE Advanced</a></li>
@@ -1824,12 +1825,6 @@ echo buildSettings(
 							'onclick' => 'if ($(\'#git_branch_id[data-changed]\').length) { alert(\'Branch was altered, save settings first!\') } else { if (confirm(\''.translate('GIT_FORCE_CONFIRM').'\')) { performUpdate(); ajax_request(\'POST\', \'forceBranchInstall\'); } }',
 						),
 					),
-					array(
-						'type' => 'checkbox',
-						'labelTranslate' => 'MULTIPLE_LOGINS',
-						'name' => 'multipleLogin',
-						'value' => MULTIPLELOGIN,
-					),
 				),
 			),
 			array(
@@ -2855,14 +2850,14 @@ echo buildSettings(
                             <div class="email-inner-section">
                                 <div class="small-box" id="loginlog">
                                     <div>
-                                        <?php if(file_exists("org.log")){ ?>
+                                        <?php if(file_exists(DATABASE_LOCATION."org.log")){ ?>
                                         <button id="viewOrgLogs" class="btn waves btn-labeled gray-bg text-uppercase waves-effect waves-float" type="button"><span class="btn-label"><i class="fa fa-terminal"></i></span>Organizr Log </button>
                                         <?php } if(file_exists(FAIL_LOG)){ ?>
                                         <button id="viewLoginLogs" class="btn waves btn-labeled grayish-blue-bg text-uppercase waves-effect waves-float" type="button" style="display: none"><span class="btn-label"><i class="fa fa-user"></i></span>Login Log </button>
                                         <?php } ?>
                                     </div>
 
-                                    <?php if(file_exists("org.log")){ ?>
+                                    <?php if(file_exists(DATABASE_LOCATION."org.log")){ ?>
                                     <div id="orgLogTable" class="table-responsive" style="display: none">
                                         <table id="orgLogs" class="datatable display">
                                             <thead>

+ 17 - 16
user.php

@@ -19,7 +19,7 @@
 
     if(file_exists('custom.css')) : define('CUSTOMCSS', 'true'); else : define('CUSTOMCSS', 'false'); endif;
     $notifyExplode = explode("-", NOTIFYEFFECT);
-    define('FAIL_LOG', 'loginLog.json');
+    define('FAIL_LOG', DATABASE_LOCATION.'loginLog.json');
     @date_default_timezone_set(TIMEZONE);
     function guestHash($start, $end){
         $ip   = $_SERVER['REMOTE_ADDR'];
@@ -450,11 +450,11 @@
 			if($this->is_user_active($username)===false) { return false; }
 			// logged in, but do the tokens match?
 			$token = $this->get_user_token($username);
-            if(isset($_COOKIE["Organizr"])){
-                if($_COOKIE["Organizr"] == $token){
-					// active, using the correct token -> authenticated
-					setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
-					return true;
+			//Check Token with Session
+			if($token == $_SESSION["token"]) { setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN); return true; }
+            if(isset($_COOKIE["Organizr"]) && isset($_COOKIE["OrganizrU"]) && isset($_COOKIE["cookiePassword"])){
+                if($_COOKIE["cookiePassword"] == COOKIEPASSWORD && strlen($_COOKIE["Organizr"]) == 32){
+                    return true;
                 }else{
                     $this->error("cookie token mismatch for $username");
                     unset($_COOKIE['Organizr']);
@@ -474,16 +474,8 @@
 		            setcookie("mpt", '', time() - 3600, '/');
                     return false;
                 }
-            }else{
-                if($token != $_SESSION["token"]) {
-                    $this->error("token mismatch for $username");
-                    return false;
-                }else{
-					// active, using the correct token -> authenticated
-	                 setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
-	                 return true;
-				}
-            }
+			}
+			return false;
 		}
 		/**
 		 * Unicode friendly(ish) version of strtolower
@@ -527,11 +519,20 @@
 		function register_user($username, $email, $sha1, &$registration_callback = false, $settings, $validate) {
 			//Admin bypass
 			if($validate == null){
+				$override = false;
 				$adminList = $this->get_admin_list();
 				if($adminList){
 					if(in_arrayi($_SESSION["username"], $adminList)){
 						$token = $this->get_user_token($_SESSION["username"]);
 						if($token == $_SESSION["token"]) {
+							$override = true;
+						}
+						if(isset($_COOKIE["Organizr"]) && isset($_COOKIE["OrganizrU"]) && isset($_COOKIE["cookiePassword"])){
+			                if($_COOKIE["cookiePassword"] == COOKIEPASSWORD && strlen($_COOKIE["Organizr"]) == 32){
+			                    $override = true;
+			                }
+						}
+						if($override == true) {
 							$validate = true;
 							writeLog("success", "Admin Override on registration for $username info");
 						}