Merge pull request #346 from causefx/cero-dev

Cero dev

.gitignore

@@ -57,10 +57,10 @@ _config.yml
 test.php
 users.db
 config/config.php
-config/config.bak.php
+config/config*.bak.php
 config/users/
 config/users
-config/users.db
-config/users.bak.db
-
+config/users*.db
+config/users*.bak.db
+config/tmp/*
 

README.md

@@ -52,6 +52,6 @@ Do you have quite a bit of services running on your computer or server?  Do you
 [![Feature Requests](http://feathub.com/causefx/Organizr?format=svg)](http://feathub.com/causefx/Organizr)
 
 Thanks to everyone that helped!  
-Special Shout-out to: [elmerfdz](https://github.com/elmerfdz) & [pyrostic](https://github.com/pyrostic) & [rix1337](https://github.com/rix1337)
+Special Shout-out to: [Cerothen](https://github.com/Cerothen) & [elmerfdz](https://github.com/elmerfdz) & [pyrostic](https://github.com/pyrostic) & [rix1337](https://github.com/rix1337)
 
 Theme Distributed with Extended License from Creative Market

error.php

@@ -64,9 +64,9 @@ $errorImage = $codes[$status][2];
 
         <title><?=$errorTitle;?></title>
 
-        <link rel="stylesheet" href="<?php echo dirname($_SERVER['SCRIPT_NAME']); ?>/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <link rel="stylesheet" href="<?php echo dirname($_SERVER['SCRIPT_NAME']); ?>/bower_components/Waves/dist/waves.min.css"> 
-        <link rel="stylesheet" href="<?php echo dirname($_SERVER['SCRIPT_NAME']); ?>/css/style.css">
+        <link rel="stylesheet" href="<?php echo checkRootPath(dirname($_SERVER['SCRIPT_NAME'])); ?>bower_components/bootstrap/dist/css/bootstrap.min.css">
+        <link rel="stylesheet" href="<?php echo checkRootPath(dirname($_SERVER['SCRIPT_NAME'])); ?>bower_components/Waves/dist/waves.min.css"> 
+        <link rel="stylesheet" href="<?php echo checkRootPath(dirname($_SERVER['SCRIPT_NAME'])); ?>css/style.css">
     </head>
     <body class="gray-bg" style="padding: 0;">
         <div class="main-wrapper" style="position: initial;">
@@ -80,7 +80,7 @@ $errorImage = $codes[$status][2];
                                         <h1 class="zero-m text-uppercase" style="color:<?=$topbartext;?>; font-size: 40px;"><?=$errorTitle;?></h1>
                                     </div>
                                     <div class="big-box text-left">
-                                        <center><img src="images/<?=$errorImage;?>.png" style="height: 200px;"></center>
+                                        <center><img src="<?php echo checkRootPath(dirname($_SERVER['SCRIPT_NAME'])); ?>images/<?=$errorImage;?>.png" style="height: 200px;"></center>
                                         <h4 style="color: <?=$topbar;?>;" class="text-center"><?php echo $message;?></h4>
                                         <button style="background:<?=$topbar;?>;" onclick="window.history.back();" type="button" class="btn log-in btn-block btn-primary text-uppercase waves waves-effect waves-float"><text style="color:<?=$topbartext;?>;"><?php echo $language->translate("GO_BACK");?></text></button>
                                     </div>

functions.php

@@ -2,7 +2,7 @@
 
 // ===================================
 // Define Version
- define('INSTALLEDVERSION', '1.34');
+ define('INSTALLEDVERSION', '1.341');
 // ===================================
 
 // Debugging output functions
@@ -762,8 +762,13 @@ function createConfig($array, $path = 'config/config.php', $nest = 0) {
 	// Sort Items
 	ksort($array);
 	
-	// Unset the current version
+	// Update the current config version
+	if (!$nest) {
+		// Inject Current Version
+		$output[] = "\t'CONFIG_VERSION' => '".(isset($array['apply_CONFIG_VERSION'])?$array['apply_CONFIG_VERSION']:INSTALLEDVERSION)."'";
+	}
 	unset($array['CONFIG_VERSION']);
+	unset($array['apply_CONFIG_VERSION']);
 	
 	// Process Settings
 	foreach ($array as $k => $v) {
@@ -793,11 +798,6 @@ function createConfig($array, $path = 'config/config.php', $nest = 0) {
 		}
 	}
 	
-	if (!$nest && !isset($array['CONFIG_VERSION'])) {
-		// Inject Current Version
-		$output[] = "\t'CONFIG_VERSION' => '".INSTALLEDVERSION."'";
-	}
-	
 	// Build output
 	$output = (!$nest?"<?php\nreturn ":'')."array(\n".implode(",\n",$output)."\n".str_repeat("\t",$nest).')'.(!$nest?';':'');
 	
@@ -838,8 +838,10 @@ function loadConfig($path = 'config/config.php') {
 // Commit new values to the configuration
 function updateConfig($new, $current = false) {
 	// Get config if not supplied
-	if (!$current) {
+	if ($current === false) {
 		$current = loadConfig();
+	} else if (is_string($current) && is_file($current)) {
+		$current = loadConfig($current);
 	}
 	
 	// Inject Parts
@@ -956,7 +958,7 @@ function upgradeCheck() {
 		$config = parse_ini_file('databaseLocation.ini.php', true);
 		
 		// Refactor
-		$config['database_Location'] = str_replace('//','/',$config['databaseLocation'].'/');
+		$config['database_Location'] = preg_replace('/\/\/$/','/',$config['databaseLocation'].'/');
 		$config['user_home'] = $config['database_Location'].'users/';
 		unset($config['databaseLocation']);
 		
@@ -974,6 +976,7 @@ function upgradeCheck() {
 		
 		// Write config file
 		$config['CONFIG_VERSION'] = '1.32';
+		copy('config/config.php', 'config/config['.date('Y-m-d_H-i-s').'][pre1.32].bak.php');
 		$createConfigSuccess = createConfig($config);
 		
 		// Create new config
@@ -993,6 +996,7 @@ function upgradeCheck() {
 	$config = loadConfig();
 	if (isset($config['database_Location']) && (!isset($config['CONFIG_VERSION']) || $config['CONFIG_VERSION'] < '1.33')) {
 		// Fix User Directory
+		$config['database_Location'] = preg_replace('/\/\/$/','/',$config['database_Location'].'/');
 		$config['user_home'] = $config['database_Location'].'users/';
 		unset($config['USER_HOME']);
 		
@@ -1008,22 +1012,24 @@ function upgradeCheck() {
 		}
 		
 		// Upgrade database to latest version
-		updateSQLiteDB($config['database_Location']);
+		updateSQLiteDB($config['database_Location'],'1.32');
 		
 		// Update Version and Commit
-		$config['CONFIG_VERSION'] = '1.33';
+		$config['apply_CONFIG_VERSION'] = '1.33';
+		copy('config/config.php', 'config/config['.date('Y-m-d_H-i-s').'][1.32].bak.php');
 		$createConfigSuccess = createConfig($config);
 		unset($config);
 	}
 	
-	// Upgrade to 1.33
+	// Upgrade to 1.34
 	$config = loadConfig();
 	if (isset($config['database_Location']) && (!isset($config['CONFIG_VERSION']) || $config['CONFIG_VERSION'] < '1.34')) {
 		// Upgrade database to latest version
-		updateSQLiteDB($config['database_Location']);
+		updateSQLiteDB($config['database_Location'],'1.33');
 		
 		// Update Version and Commit
 		$config['CONFIG_VERSION'] = '1.34';
+		copy('config/config.php', 'config/config['.date('Y-m-d_H-i-s').'][1.33].bak.php');
 		$createConfigSuccess = createConfig($config);
 		unset($config);
 	}
@@ -1033,6 +1039,13 @@ function upgradeCheck() {
 
 // Check if all software dependancies are met
 function dependCheck() {
+	$output = array();
+	if (!extension_loaded('pdo_sqlite')) { $output[] = 'PDO:SQLite not enabled, please add "extension = php_pdo_sqlite.dll" to php.ini'; }
+	//if (!extension_loaded('sqlite3')) { $output[] = 'SQLite3 not enabled, please add "extension = php_sqlite3.dll" to php.ini'; }
+	
+	if ($output) {
+		debug_out($output,1);
+	}
 	return true;
 }
 
@@ -1201,7 +1214,7 @@ function buildSettings($array) {
 					<div class="col-lg-12">
 						'.(isset($array['customBeforeForm'])?$array['customBeforeForm']:'').'
 						<form class="content-form" name="'.$pageID.'" id="'.$pageID.'_form" onsubmit="return false;">
-							<button type="submit" class="btn waves btn-labeled btn-success btn btn-sm pull-right text-uppercase waves-effect waves-float">
+							<button id="'.$pageID.'_form_submit" class="btn waves btn-labeled btn-success btn btn-sm pull-right text-uppercase waves-effect waves-float">
 							<span class="btn-label"><i class="fa fa-floppy-o"></i></span>Save
 							</button>
 							'.$fields.($tabContent?'
@@ -1226,16 +1239,18 @@ function buildSettings($array) {
 			$(\'#'.$pageID.'_form\').find(\'input, select, textarea\').on(\'change\', function() { $(this).attr(\'data-changed\', \'true\'); });
 			var '.$pageID.'Validate = function() { if (this.value && !RegExp(\'^\'+this.pattern+\'$\').test(this.value)) { $(this).addClass(\'invalid\'); } else { $(this).removeClass(\'invalid\'); } };
 			$(\'#'.$pageID.'_form\').find(\'input[pattern]\').each('.$pageID.'Validate).on(\'keyup\', '.$pageID.'Validate);
-			$(\'#'.$pageID.'_form\').find(\'select[multiple]\').on(\'click\', function() { $(this).attr(\'data-changed\', \'true\'); });
+			$(\'#'.$pageID.'_form\').find(\'select[multiple]\').on(\'change click\', function() { $(this).attr(\'data-changed\', \'true\'); });
 			
-			$(\'#'.$pageID.'_form\').submit(function () {
+			$(\'#'.$pageID.'_form_submit\').on(\'click\', function () {
 				var newVals = {};
 				var hasVals = false;
+				var errorFields = [];
 				$(\'#'.$pageID.'_form\').find(\'[data-changed=true]\').each(function() {
 					hasVals = true;
 					if (this.type == \'checkbox\') {
 						newVals[this.name] = this.checked;
 					} else {
+						if (this.value && this.pattern && !RegExp(\'^\'+this.pattern+\'$\').test(this.value)) { errorFields.push(this.name); }
 						var fieldVal = $(this).val();
 						if (typeof fieldVal == \'object\') {
 							if (typeof fieldVal.join == \'function\') {
@@ -1247,7 +1262,9 @@ function buildSettings($array) {
 						newVals[this.name] = fieldVal;
 					}
 				});
-				if (hasVals) {
+				if (errorFields.length) {
+					parent.notify(\'Fields have errors: \'+errorFields.join(\', \')+\'!\', \'bullhorn\', \'success\', 5000, \'bar\', \'slidetop\');
+				} else if (hasVals) {
 					console.log(newVals);
 					ajax_request(\'POST\', \''.(isset($array['submitAction'])?$array['submitAction']:'update-config').'\', newVals, function(data, code) {
 						$(\'#'.$pageID.'_form\').find(\'[data-changed=true]\').removeAttr(\'data-changed\');
@@ -1609,7 +1626,7 @@ function createSQLiteDB($path = false) {
 }
 
 // Upgrade Database
-function updateSQLiteDB($db_path = false) {
+function updateSQLiteDB($db_path = false, $oldVerNum = false) {
 	if (!$db_path) {
 		if (defined('DATABASE_LOCATION')) {
 			$db_path = DATABASE_LOCATION;
@@ -1638,7 +1655,7 @@ function updateSQLiteDB($db_path = false) {
 	$GLOBALS['file_db'] = null;
 	$pathDigest = pathinfo($db_path.'users.db');
 	if (file_exists($db_path.'users.db')) {
-		rename($db_path.'users.db', $pathDigest['dirname'].'/'.$pathDigest['filename'].'.bak.db');
+		rename($db_path.'users.db', $pathDigest['dirname'].'/'.$pathDigest['filename'].'['.date('Y-m-d_H-i-s').']'.($oldVerNum?'['.$oldVerNum.']':'').'.bak.db');
 	}
 	
 	// Create New Database
@@ -1653,7 +1670,7 @@ function updateSQLiteDB($db_path = false) {
 				reset($tableData);
 				foreach($tableData as $key => $value) {
 					$insertValues[] = '('.implode(',',array_map(function($d) { 
-						return (isset($d)?"'".addslashes($d)."'":'null');
+						return (isset($d)?$GLOBALS['file_db']->quote($d):'null');
 					}, $value)).')';
 				}
 				$GLOBALS['file_db']->query($queryBase.implode(',',$insertValues).';');
@@ -2404,5 +2421,15 @@ function getHeadphonesCalendar($url, $key, $list){
 
 }
 
+function checkRootPath($string){
+    if($string == "\\" || $string == "/"){
+        return "/";
+    }else{
+        return str_replace("\\", "/", $string) . "/";
+    }
+}
+
+
 
-?>
+// Always run this
+dependCheck();

index.php

@@ -8,7 +8,6 @@ upgradeCheck();
 // Lazyload settings
 $databaseConfig = configLazy('config/config.php');
 
-
 //Set some variables
 ini_set("display_errors", 1);
 ini_set("error_reporting", E_ALL | E_STRICT);

settings.php

@@ -589,7 +589,7 @@ echo buildSettings(
                 <div class="email-content homepage-box white-bg">
 <?php
 // Qualify most typical hostnames prior to form submission
-$urlPattern = '([hH][tT][tT][pP][sS]?):\/\/([\w\.]{1,250})(?::(\d{1,5}))?((?:\/[^?.\s]+))?';
+$urlPattern = '([hH][tT][tT][pP][sS]?):\/\/([\w\.\-]{1,250})(?::(\d{1,5}))?((?:\/[^?.\s]+))?';
 
 // Once configurable user groups is added change to select-multi to allow specific group selection
 $userSelectType = 'select'; 
@@ -1211,7 +1211,7 @@ echo buildSettings(
 						'placeholder' => 'mail.provider.com',
 						'labelTranslate' => 'SMTP_HOST',
 						'name' => 'smtpHost',
-						'pattern' => '([\w\.]{1,250})',
+						'pattern' => '([\w\.\-]{1,250})',
 						'value' => SMTPHOST,
 					),
 					array(

user.php

@@ -502,8 +502,7 @@ EOT;
 		 * is profile information that can be set, but in no way
 		 * needs to be, in the user's profile section
 		 */
-		function register_user($username, $email, $sha1, &$registration_callback = false, $settings)
-		{
+		function register_user($username, $email, $sha1, &$registration_callback = false, $settings) {
 			$username = strtolower($username);
 			$dbpassword = $this->token_hash_password($username, $sha1, "");
 			if($dbpassword==$sha1) die("password hashing is not implemented.");
@@ -514,7 +513,7 @@ EOT;
             }
 			// Does user already exist? (see notes on safe reporting)
 			if(User::unsafe_reporting) {
-				$query = "SELECT username FROM users WHERE username LIKE '$username'";
+				$query = "SELECT username FROM users WHERE username LIKE '$username' COLLATE NOCASE";
 				foreach($this->database->query($query) as $data) {
 					$this->info("user account for $username not created.");
 					$this->error = "this user name is already being used by someone else.";
@@ -532,7 +531,7 @@ EOT;
 			}
 			// Is email address already in use? (see notes on safe reporting)
 			if (isset($email) && $email) {
-				$query = "SELECT * FROM users WHERE email = '$email'";
+				$query = "SELECT * FROM users WHERE email = '$email' COLLATE NOCASE";
 				foreach($this->database->query($query) as $data) {
 					$this->info("user account for $username not created.");
 					$this->error = "this email address is already in use by someone else.";
@@ -602,7 +601,7 @@ EOT;
 				default: // Internal
 					if (!$authSuccess) {
 						// perform the internal authentication step
-						$query = "SELECT password FROM users WHERE LOWER(username) = '".strtolower($username)."'";
+						$query = "SELECT password FROM users WHERE username = '".$username."' COLLATE NOCASE";
 						foreach($this->database->query($query) as $data) {
 							if (password_verify($password, $data["password"])) { // Better
 								$authSuccess = true;
@@ -619,7 +618,7 @@ EOT;
 			
 			if ($authSuccess) {
 				// Make sure user exists in database
-				$query = "SELECT username FROM users WHERE LOWER(username) = '".strtolower($username)."'";
+				$query = "SELECT username FROM users WHERE username = '".$username."' COLLATE NOCASE";
 				$userExists = false;
 				foreach($this->database->query($query) as $data) {
 					$userExists = true;
@@ -678,10 +677,10 @@ EOT;
 		function update_user($username, $email, $sha1, $role)
 		{
 			if($email !="") {
-				$update = "UPDATE users SET email = '$email' WHERE username = '$username'";
+				$update = "UPDATE users SET email = '$email' WHERE username = '$username' COLLATE NOCASE";
 				$this->database->exec($update); }
             if($role !="") {
-				$update = "UPDATE users SET role = '$role' WHERE username = '$username'";
+				$update = "UPDATE users SET role = '$role' WHERE username = '$username' COLLATE NOCASE";
 				$this->database->exec($update); }
 			if($sha1 !="") {
 				$dbpassword = $this->token_hash_password($username, $sha1, $this->get_user_token($username));
@@ -694,7 +693,7 @@ EOT;
 		 */
 		function logout_user($username)
 		{
-			$update = "UPDATE users SET active = 'false' WHERE username = '$username'";
+			$update = "UPDATE users SET active = 'false' WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($update);
 			$this->resetSession();
 			$this->info("Buh-Bye <strong>$username</strong>!");
@@ -714,7 +713,7 @@ EOT;
 		 */
 		function unregister_user($username)
 		{
-			$delete = "DELETE FROM users WHERE username = '$username'";
+			$delete = "DELETE FROM users WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($delete);
 			$this->info("<strong>$username</strong> has been kicked out of Organizr");
 			//$this->resetSession();
@@ -729,7 +728,8 @@ EOT;
 		 */
 		function token_hash_password($username, $sha1, $token)
 		{
-			return hash("sha256", $username . $sha1 . $token);
+			
+			return hash("sha256",($this->database->query('SELECT username FROM users WHERE username = \''.$username.'\' COLLATE NOCASE')->fetch()['username']).$sha1.$token);
 		}
 		/**
 		 * Get a user's email address
@@ -737,7 +737,7 @@ EOT;
 		function get_user_email($username)
 		{
 			if($username && $username !="" && $username !=User::GUEST_USER) {
-				$query = "SELECT email FROM users WHERE username = '$username'";
+				$query = "SELECT email FROM users WHERE username = '$username' COLLATE NOCASE";
 				foreach($this->database->query($query) as $data) { return $data["email"]; }}
 			return "";
 		}
@@ -747,7 +747,7 @@ EOT;
 		function get_user_role($username)
 		{
 			if($username && $username !="" && $username !=User::GUEST_USER) {
-				$query = "SELECT role FROM users WHERE username = '$username'";
+				$query = "SELECT role FROM users WHERE username = '$username' COLLATE NOCASE";
 				foreach($this->database->query($query) as $data) { return $data["role"]; }}
 			return User::GUEST_USER;
 		}
@@ -755,7 +755,7 @@ EOT;
        /* function get_user_group($username)
 		{
 			if($username && $username !="" && $username !=User::GUEST_USER) {
-				$query = "SELECT group FROM users WHERE username = '$username'";
+				$query = "SELECT group FROM users WHERE username = '$username' COLLATE NOCASE";
 				foreach($this->database->query($query) as $data) { return $data["group"]; }}
 			return User::GUEST_USER;
 		}*/
@@ -764,7 +764,7 @@ EOT;
 		 */
 		function get_user_token($username)
 		{
-			$query = "SELECT token FROM users WHERE username = '$username'";
+			$query = "SELECT token FROM users WHERE username = '$username' COLLATE NOCASE";
 			foreach($this->database->query($query) as $data) { return $data["token"]; }
 			return false;
 		}
@@ -775,11 +775,11 @@ EOT;
 		{
 			// update the user's token
 			$token = $this->random_hex_string(32);
-			$update = "UPDATE users SET token = '$token' WHERE username = '$username'";
+			$update = "UPDATE users SET token = '$token' WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($update);
 			// update the user's password
 			$newpassword = $this->token_hash_password($username, $sha1, $token);
-			$update = "UPDATE users SET password = '$newpassword' WHERE username = '$username'";
+			$update = "UPDATE users SET password = '$newpassword' WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($update);
 			if($noMsg == "false"){
                 $this->info("token and password updated for <strong>$username</strong>");   
@@ -791,7 +791,7 @@ EOT;
 		 */
 		function mark_user_active($username)
 		{
-			$update = "UPDATE users SET active = 'true', last = '" . time() . "' WHERE username = '$username'";
+			$update = "UPDATE users SET active = 'true', last = '" . time() . "' WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($update);
 			//$this->info("$username has been marked currently active.");
 			return true;
@@ -803,7 +803,7 @@ EOT;
 		{
 			$last = 0;
 			$active = "false";
-			$query = "SELECT last, active FROM users WHERE username = '$username'";
+			$query = "SELECT last, active FROM users WHERE username = '$username' COLLATE NOCASE";
 			foreach($this->database->query($query) as $data) {
 				$last = intval($data["last"]);
 				$active = $data["active"];