diff --git a/db/qq/QP.php b/db/qq/QP.php index d134086..534b5d7 100644 --- a/db/qq/QP.php +++ b/db/qq/QP.php @@ -27,7 +27,7 @@ class QP { public static function QI($params,$params_mys = null){ $qq = self::QQ($params,$params_mys); - return $qq->affectedRows() != (0||null);} + return $qq->affectedRows() != (0||null);} //override this protected static function query(){ throw new \SYSTEM\LOG\ERROR('query function of your QP Class not overwritten!');} diff --git a/dbd/qq/SYS_SAIMOD_SECURITY_USERS.php b/dbd/qq/SYS_SAIMOD_SECURITY_USERS.php index 39261f3..34b1a86 100644 --- a/dbd/qq/SYS_SAIMOD_SECURITY_USERS.php +++ b/dbd/qq/SYS_SAIMOD_SECURITY_USERS.php @@ -5,8 +5,7 @@ class SYS_SAIMOD_SECURITY_USERS extends \SYSTEM\DB\QP { protected static function query(){ return new \SYSTEM\DB\QQuery(get_class(), //pg -'SELECT id,username,email,joindate,locale, EXTRACT(EPOCH FROM last_active) as last_active ,account_flag FROM system.user WHERE username LIKE $1 OR email LIKE $1 ORDER BY last_active DESC LIMIT 100;', +'SELECT id,username,email,joindate,locale, EXTRACT(EPOCH FROM last_active) as last_active, account_flag FROM system.user WHERE username LIKE $1 OR email LIKE $1 ORDER BY last_active DESC LIMIT 100;', //mys -'SELECT id,username,email,joindate,locale,last_active,account_flag FROM system_user WHERE username LIKE ? OR email LIKE ? ORDER BY last_active DESC LIMIT 100;' -);}} - +'SELECT id,username,email,joindate,locale,unix_timestamp(last_active)as last_active, account_flag FROM system_user WHERE username LIKE ? OR email LIKE ? ORDER BY last_active DESC LIMIT 100;' +);}} \ No newline at end of file diff --git a/dbd/qq/SYS_SECURITY_LOGIN_MD5.php b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php index a0b6b8f..e74f06c 100644 --- a/dbd/qq/SYS_SECURITY_LOGIN_MD5.php +++ b/dbd/qq/SYS_SECURITY_LOGIN_MD5.php @@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_MD5 extends \SYSTEM\DB\QP { return new \SYSTEM\DB\QQuery(get_class(), //pg 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'. ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $3 );', //mys 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'. ' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );' );}} \ No newline at end of file diff --git a/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php index c703809..b8de069 100644 --- a/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php +++ b/dbd/qq/SYS_SECURITY_LOGIN_SHA1.php @@ -6,10 +6,10 @@ class SYS_SECURITY_LOGIN_SHA1 extends \SYSTEM\DB\QP { return new \SYSTEM\DB\QQuery(get_class(), //pg 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower($1))'. ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;', //mys 'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS. -' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'. +' WHERE (lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?) OR lower('.\SYSTEM\DBD\system_user::FIELD_EMAIL.') LIKE lower(?))'. ' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;' );}} \ No newline at end of file diff --git a/dbd/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php b/dbd/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php index 9c3ca97..c405f5a 100644 --- a/dbd/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php +++ b/dbd/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php @@ -10,10 +10,10 @@ class SYS_SECURITY_UPDATE_LASTACTIVE extends \SYSTEM\DB\QP { return new \SYSTEM\DB\QQuery(get_class(), //pg 'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG. -' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1)'. -' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;', +' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.' = NOW()'. +' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $1;', //mys 'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS. -' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ?'. +' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.' = NOW()'. ' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;' );}} \ No newline at end of file diff --git a/dbd/sql/mysql/data/sai_api.sql b/dbd/sql/mysql/data/sai_api.sql index 4c4a20d..b758d89 100644 --- a/dbd/sql/mysql/data/sai_api.sql +++ b/dbd/sql/mysql/data/sai_api.sql @@ -33,5 +33,16 @@ INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `nam INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (51, 42, 3, 3, 'error', 'error', 'INT'); INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (52, 42, 0, 3, 'stats', 'name', null); INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (53, 42, 3, 52, null, 'filter', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (54, 42, 2, 3, 'user', 'username', 'STRING'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (55, 42, 2, 3, 'addright', 'id', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (56, 42, 2, 3, 'addright', 'name', 'STRING'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (57, 42, 2, 3, 'addright', 'description', 'STRING'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (58, 42, 2, 3, 'deleteright', 'id', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (59, 42, 2, 3, 'deleterightconfirm', 'id', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (60, 42, 2, 3, 'addrightuser', 'rightid', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (61, 42, 2, 3, 'addrightuser', 'userid', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (62, 42, 2, 3, 'deleterightuser', 'rightid', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (63, 42, 2, 3, 'deleterightuser', 'userid', 'UINT'); +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (120, 42, 3, 3, 'users', 'search', 'STRING'); -INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (300, 42, 4, -1, NULL, '_lang', 'LANG'); \ No newline at end of file +INSERT INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (300, 42, 4, -1, NULL, '_lang', 'LANG'); diff --git a/dbd/sql/mysql/data/system_rights.sql b/dbd/sql/mysql/data/system_rights.sql new file mode 100644 index 0000000..72f0b4c --- /dev/null +++ b/dbd/sql/mysql/data/system_rights.sql @@ -0,0 +1,5 @@ +INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (6, 'SYS_SAI_SECURITY_RIGHTS_EDIT', 'Allows deleting, editing and adding of Right in the SAI module Security'); +INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (5, 'SYS_SAI_SECURITY', 'Allows access to the Security Module in SAI'); +INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (10, 'SYS_SAI_LOCALE', 'Allows access to the Locale Module in SAI to edit or add Multilanguage Text'); +INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (15, 'SYS_SAI_IMG', 'Allows access to the Image Module in SAI to delete or add Pictures'); +INSERT INTO `system_rights` (`ID`, `name`, `description`) VALUES (1, 'SYS_SAI', 'SAI access right'); \ No newline at end of file diff --git a/dbd/sql/mysql/schema/system_api.sql b/dbd/sql/mysql/schema/system_api.sql new file mode 100644 index 0000000..24887b5 --- /dev/null +++ b/dbd/sql/mysql/schema/system_api.sql @@ -0,0 +1,12 @@ +CREATE TABLE `system_api` ( + `ID` INT(10) UNSIGNED NOT NULL, + `group` INT(10) UNSIGNED NOT NULL, + `type` TINYINT(3) UNSIGNED NOT NULL, + `parentID` INT(11) NOT NULL, + `parentValue` CHAR(50) NULL DEFAULT NULL, + `name` CHAR(50) NOT NULL, + `verify` CHAR(50) NULL DEFAULT NULL, + PRIMARY KEY (`ID`, `group`) +) +COLLATE='utf8_general_ci' +ENGINE=MyISAM; \ No newline at end of file diff --git a/dbd/sql/mysql/schema/system_locale_string.sql b/dbd/sql/mysql/schema/system_locale_string.sql new file mode 100644 index 0000000..8727700 --- /dev/null +++ b/dbd/sql/mysql/schema/system_locale_string.sql @@ -0,0 +1,10 @@ +CREATE TABLE `system_locale_string` ( + `id` CHAR(35) NOT NULL, + `category` INT(10) UNSIGNED NOT NULL, + `enUS` TEXT NOT NULL, + `deDE` TEXT NOT NULL, + PRIMARY KEY (`id`) +) +COMMENT='Shall hold strings and its translation' +COLLATE='utf8_general_ci' +ENGINE=MyISAM; \ No newline at end of file diff --git a/dbd/sql/mysql/schema/system_rights.sql b/dbd/sql/mysql/schema/system_rights.sql new file mode 100644 index 0000000..2a9fe88 --- /dev/null +++ b/dbd/sql/mysql/schema/system_rights.sql @@ -0,0 +1,9 @@ +CREATE TABLE `system_rights` ( + `ID` INT(10) NOT NULL AUTO_INCREMENT, + `name` CHAR(50) NOT NULL, + `description` CHAR(255) NOT NULL, + PRIMARY KEY (`ID`) +) +COLLATE='utf8_general_ci' +ENGINE=MyISAM +AUTO_INCREMENT=16; \ No newline at end of file diff --git a/dbd/sql/mysql/schema/system_user.sql b/dbd/sql/mysql/schema/system_user.sql new file mode 100644 index 0000000..65e1f64 --- /dev/null +++ b/dbd/sql/mysql/schema/system_user.sql @@ -0,0 +1,15 @@ +CREATE TABLE `system_user` ( + `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `username` CHAR(32) NOT NULL, + `password_sha` CHAR(255) NULL DEFAULT NULL, + `password_md5` CHAR(255) NULL DEFAULT NULL, + `email` CHAR(255) NOT NULL, + `joindate` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + `locale` CHAR(6) NOT NULL DEFAULT 'enUS', + `last_active` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', + `account_flag` INT(10) NULL DEFAULT NULL, + PRIMARY KEY (`id`) +) +COLLATE='utf8_general_ci' +ENGINE=InnoDB +AUTO_INCREMENT=1; \ No newline at end of file diff --git a/dbd/sql/mysql/schema/system_user_to_rights.sql b/dbd/sql/mysql/schema/system_user_to_rights.sql new file mode 100644 index 0000000..ecb3958 --- /dev/null +++ b/dbd/sql/mysql/schema/system_user_to_rights.sql @@ -0,0 +1,7 @@ +CREATE TABLE `system_user_to_rights` ( + `rightID` INT(10) NOT NULL DEFAULT '0', + `userID` INT(10) UNSIGNED NOT NULL DEFAULT '0', + PRIMARY KEY (`rightID`, `userID`) +) +COLLATE='utf8_general_ci' +ENGINE=InnoDB; \ No newline at end of file diff --git a/security/Security.php b/security/Security.php index 6b73352..0c44034 100644 --- a/security/Security.php +++ b/security/Security.php @@ -13,11 +13,11 @@ class Security { $result = \SYSTEM\DBD\SYS_SECURITY_CREATE::QI(array( $username , $password, $email, $locale, 1 )); if(!$result || !self::login($username, $password, $locale)){ return self::FAIL;} - return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK); + return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password),array($username, $username, $password)) : self::OK); } public static function changePassword($username, $password_sha_old, $password_sha_new){ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old)); + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old),array($username, $username, $password_sha_old)); if(!$row){ return self::FAIL;} // old password wrong $userID = $row['id']; @@ -31,9 +31,9 @@ class Security { //Database check if(isset($password_md5)){ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5)); + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::Q1(array($username, $password_sha, $password_md5),array($username, $username, $password_sha, $password_md5)); }else{ - $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha));} + $row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha),array($username, $username, $password_sha));} if(!$row){ new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db"); @@ -65,7 +65,7 @@ class Security { \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)); if(isset($locale)){ \SYSTEM\locale::set($locale);} - \SYSTEM\DBD\SYS_SECURITY_UPDATE_LASTACTIVE::QI(array(microtime(true), $row[\SYSTEM\DBD\system_user::FIELD_ID])); + \SYSTEM\DBD\SYS_SECURITY_UPDATE_LASTACTIVE::QI(array($row[\SYSTEM\DBD\system_user::FIELD_ID])); return ($advancedResult ? $row : self::OK); }