webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more stuff for sai todo, security, log, fixes for login, fixed security - now no more dbinfo required

Browse Source
This commit is contained in:
Ulf Gebhardt 2013-09-25 06:13:31 +02:00
parent af31a72e68
commit b3420b9f16
13 changed files with 219 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/api_login.php
View File

@ -18,13 +18,13 @@ class api_login {
*/
public static function call_account_action_login($username, $password_sha, $password_md5){
return \SYSTEM\SECURITY\Security::login(\SYSTEM\system::getSystemDBInfo(), $username, $password_sha, $password_md5);}
return \SYSTEM\SECURITY\Security::login($username, $password_sha, $password_md5);}
public static function call_account_action_logout(){
return \SYSTEM\SECURITY\Security::logout();}
public static function call_account_action_isloggedin(){
return \SYSTEM\SECURITY\Security::isLoggedIn();}
public static function call_account_action_check($rightid){
return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(),$rightid);}
return \SYSTEM\SECURITY\Security::check($rightid);}
public static function call_account_action_create($username, $password_sha, $email, $locale){
return \SYSTEM\SECURITY\Security::create(\SYSTEM\system::getSystemDBInfo(), $username, $password_sha, $email, $locale);}
return \SYSTEM\SECURITY\Security::create($username, $password_sha, $email, $locale);}
}

2
sai/modules/saimod_sys_cache/saimod_sys_cache.php
View File

@ -41,7 +41,7 @@ class saimod_sys_cache extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_cache">Cache</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_cache_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_cache_flag_js(){}

2
sai/modules/saimod_sys_calls/saimod_sys_calls.php
View File

@ -38,7 +38,7 @@ class saimod_sys_calls extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_calls">API Calls</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_calls_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_calls_flag_js(){}

2
sai/modules/saimod_sys_config/saimod_sys_config.php
View File

@ -30,7 +30,7 @@ class saimod_sys_config extends \SYSTEM\SAI\SaiModule {
}
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_config">Config</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_config_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_config_flag_js(){}

2
sai/modules/saimod_sys_docu/saimod_sys_docu.php
View File

@ -8,7 +8,7 @@ class saimod_sys_docu extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_docu">Docu</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_docu_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_docu_flag_js(){}

2
sai/modules/saimod_sys_locale/saimod_sys_locale.php
View File

@ -88,7 +88,7 @@ class saimod_sys_locale extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_locale">DB Text</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_locale_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_locale_flag_js(){

37
sai/modules/saimod_sys_log/saimod_sys_log.php
View File

@ -6,7 +6,7 @@ namespace SYSTEM\SAI;
class saimod_sys_log extends \SYSTEM\SAI\SaiModule {
private static function truncate_syslog(){
if(\SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI)){
if(\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI)){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
$res = $con->query('TRUNCATE system.sys_log;');
return true;
@ -41,13 +41,13 @@ class saimod_sys_log extends \SYSTEM\SAI\SaiModule {
$now = microtime(true);
$result = '<div id="table-wrapper"><table class="table table-hover table-condensed" style="overflow: auto;">'.
'<tr>'.'<th>'.'time ago in sec'.'</th>'.'<th>'.'time'.'</th>'.'<th>'.'class'.'</th>'.'<th>'.'message'.'</th>'.'<th>'.'code'.'</th>'.'<th>'.'file'.'</th>'.'<th>'.'line'.'</th>'.'<th>'.'ip'.'</th>'.'<th>'.'querytime'.'</tr>';
'<tr>'.'<th>'.'time ago'.'</th>'.'<th>'.'time'.'</th>'.'<th>'.'class'.'</th>'.'<th>'.'message'.'</th>'.'<th>'.'code'.'</th>'.'<th>'.'file'.'</th>'.'<th>'.'line'.'</th>'.'<th>'.'ip'.'</th>'.'<th>'.'querytime'.'</tr>';
while($r = $res->next()){
//TODO make time conversion on database
if(\SYSTEM\system::isSystemDbInfoPG()){
$result .= '<tr class="'.self::tablerow_class($r['class']).'">'.'<td>'.(int)($now - strtotime($r['time'])).'</td>'.'<td>'.$r['time'].'</td>'.'<td>'.$r['class'].'</td>'.'<td>'.$r['message'].'</td>'.'<td>'.$r['code'].'</td>'.'<td style="word-break: break-all;">'.$r['file'].'</td>'.'<td>'.$r['line'].'</td>'.'<td>'.$r['ip'].'</td>'.'<td>'.$r['querytime'].'</td>'.'</tr>';
$result .= '<tr class="'.self::tablerow_class($r['class']).'">'.'<td>'.self::time_elapsed_string(strtotime($r['time'])).'</td>'.'<td>'.$r['time'].'</td>'.'<td>'.$r['class'].'</td>'.'<td>'.$r['message'].'</td>'.'<td>'.$r['code'].'</td>'.'<td style="word-break: break-all;">'.$r['file'].'</td>'.'<td>'.$r['line'].'</td>'.'<td>'.$r['ip'].'</td>'.'<td>'.$r['querytime'].'</td>'.'</tr>';
} else {
$result .= '<tr class="'.self::tablerow_class($r['class']).'">'.'<td>'.(int)($now - $r['time']).'</td>'.'<td>'.$r['time'].'</td>'.'<td>'.$r['class'].'</td>'.'<td>'.$r['message'].'</td>'.'<td>'.$r['code'].'</td>'.'<td style="word-break: break-all;">'.$r['file'].'</td>'.'<td>'.$r['line'].'</td>'.'<td>'.$r['ip'].'</td>'.'<td>'.$r['querytime'].'</td>'.'</tr>';
$result .= '<tr class="'.self::tablerow_class($r['class']).'">'.'<td>'.self::time_elapsed_string($r['time']).'</td>'.'<td>'.$r['time'].'</td>'.'<td>'.$r['class'].'</td>'.'<td>'.$r['message'].'</td>'.'<td>'.$r['code'].'</td>'.'<td style="word-break: break-all;">'.$r['file'].'</td>'.'<td>'.$r['line'].'</td>'.'<td>'.$r['ip'].'</td>'.'<td>'.$r['querytime'].'</td>'.'</tr>';
}
}
$result .= '</table></div>';
@ -56,6 +56,33 @@ class saimod_sys_log extends \SYSTEM\SAI\SaiModule {
}
private static function time_elapsed_string($ptime)
{
$etime = time() - $ptime;
if ($etime < 1)
{
return '0 seconds';
}
$a = array( 12 * 30 * 24 * 60 * 60 => 'year',
30 * 24 * 60 * 60 => 'month',
24 * 60 * 60 => 'day',
60 * 60 => 'hour',
60 => 'minute',
1 => 'second'
);
foreach ($a as $secs => $str)
{
$d = $etime / $secs;
if ($d >= 1)
{
$r = round($d);
return $r . ' ' . $str . ($r > 1 ? 's' : '') . ' ago';
}
}
}
public static function sai_mod__SYSTEM_SAI_saimod_sys_log(){
@ -124,7 +151,7 @@ class saimod_sys_log extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_log">Log</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_log_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_log_flag_js(){

62
sai/modules/saimod_sys_login/sai_sys_login_submit.js
View File

@ -32,25 +32,27 @@ function init__SYSTEM_SAI_saimod_sys_login() {
}
});
$.getJSON('./?module=user&action=area&getUserDetails=1', function(data){
$('#user_email_input').attr('value', data.email);
$('span#user_username').text(data.username);
$('span#user_email').text(data.email);
$('span#user_joindate').text(data.joindate);
$('span#user_last_active').text(new Date(data.last_active * 1000).toString('yyyy-MM-dd h:mm:ss'));
$('span#user_locale').text(data.locale);
$.getJSON(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=userinfo', function(data){
if(data){
$('#user_email_input').attr('value', data.email);
$('span#user_username').text(data.username);
$('span#user_email').text(data.email);
$('span#user_joindate').text(data.joindate);
$('span#user_last_active').text(new Date(data.last_active * 1000).toString('yyyy-MM-dd h:mm:ss'));
$('span#user_locale').text(data.locale);
}
});
$("#register_link").click(function(){
$('div#content-wrapper').load(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=registerform');
$('div#content-wrapper').load(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=registerform',function(){
init__SYSTEM_SAI_saimod_sys_login_register();
});
});
$('#btn_user_registration_cancel').click(function(){
$('#site-content-wrapper').slideUp('slow');
site_content_is_visible = false;
showNavbarControls();
$('#navigation-left').children().children().removeClass('active');
$("#map-link").parent().attr('class', 'active');
};
function init__SYSTEM_SAI_saimod_sys_login_register(){
$('#btn_user_registration_cancel').click(function(){
loadModuleContent('.SYSTEM.SAI.saimod_sys_login');
});
@ -58,7 +60,7 @@ function init__SYSTEM_SAI_saimod_sys_login() {
$("#register_user_form input").not("[type=submit]").jqBootstrapValidation({
preventSubmit: true,
submitError: function (form, event, errors) {},
submitSuccess: function($form, event){
submitSuccess: function($form, event){
var username = document.getElementById('register_username').value;
var email = document.getElementById('register_email').value;
var password = document.getElementById('user_register_password2').value;
@ -71,33 +73,17 @@ function init__SYSTEM_SAI_saimod_sys_login() {
}
}
//alert(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password_sha='+$.sha1(password)+'&password_md5='+$.md5(password)+'&email='+email+'&locale='+locale);
$.ajax({
dataType: "json",
url: SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password_sha='+$.sha1(password)+'&email='+email+'&locale='+locale,
url: SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_login&action=register&username='+username+'&password='+$.sha1(password)+'&email='+email+'&locale='+locale,
data: null,
success: function (dataCreate) {
if(dataCreate.status === true){ // reload -> user will be loged in
success: function (dataCreate) {
if(dataCreate === 1){ // reload -> user will be loged in
window.location.href = location.href.replace(/#/g, "");
}else{ // show errors
var result = dataCreate.result;
var code = result.code;
var msg = result.message;
switch (code){
case 1: // username invalid
case 2: // username already exists
$('#register-help-block-username').html('<ul role="alert"><li><font color="red">'+msg+'</font></li></ul>');
break;
case 3: // invalid email
$('#register-help-block-email').html('<ul role="alert"><li><font color="red">'+msg+'</font></li></ul>');
break;
case 4: //registration failed
alert(msg);
break;
default:
break;
}
//todo
}
}
});
@ -105,4 +91,4 @@ function init__SYSTEM_SAI_saimod_sys_login() {
event.preventDefault();
}
});
};
}

18
sai/modules/saimod_sys_login/saimod_sys_login.php
View File

@ -11,7 +11,7 @@ class saimod_sys_login extends \SYSTEM\SAI\SaiModule {
$vars['loginPassword'] = 'Password';
$vars['login_username_too_short'] = 'Username to short.';
$vars['login_password_too_short'] = 'Password to short.';
$vars['isadmin'] = \SYSTEM\SECURITY\Security::check(new \DBD\dasensePostgres(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI) ? "yes" : "no";
$vars['isadmin'] = \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI) ? "yes" : "no";
$vars = array_merge($vars, \SYSTEM\locale::getStrings(\DBD\locale_string::VALUE_CATEGORY_DASENSE_USERSTATISTICS));
if(\SYSTEM\SECURITY\Security::isLoggedIn()){
@ -23,9 +23,19 @@ class saimod_sys_login extends \SYSTEM\SAI\SaiModule {
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_logout(){
return \SYSTEM\SECURITY\Security::logout();}
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_login($username,$password_sha,$password_md5){
return \SYSTEM\SECURITY\Security::login(new \DBD\dasensePostgres(), $username, $password_sha, $password_md5);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_register($username,$password_sha,$password_md5,$email, $locale = 'deDE'){
return \SYSTEM\SECURITY\Security::create(new \DBD\dasensePostgres(), $username, $password_sha, $password_md5, $email, $locale);}
return \SYSTEM\SECURITY\Security::login($username, $password_sha, $password_md5);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_register($username,$password,$email, $locale = 'deDE'){
return \SYSTEM\SECURITY\Security::create($username, $password, $email, $locale);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_userinfo(){
$user = \SYSTEM\SECURITY\Security::getUser();
if(!$user){
return;}
return json_encode(array( 'username' => $user->username,
'email' => $user->email,
'joindate' => $user->creationDate,
'locale' => $user->locale,
'last_active' => $user->lastLoginDate));
}
public static function sai_mod__SYSTEM_SAI_saimod_sys_login_action_registerform(){
$vars = \SYSTEM\locale::getStrings(\DBD\locale_string::VALUE_CATEGORY_DASENSE);

2
sai/modules/saimod_sys_mod/saimod_sys_mod.php
View File

@ -37,7 +37,7 @@ class saimod_sys_mod extends \SYSTEM\SAI\SaiModule {
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_mod">SAI Mods</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_mod_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_mod_flag_js(){

32
sai/modules/saimod_sys_security/saimod_sys_security.php
View File

@ -38,7 +38,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
$result = '<table class="table table-hover table-condensed" style="overflow: auto;">'.
'<tr>'.'<th>'.'ID'.'</th>'.'<th>'.'Username'.'</th>'.'<th>'.'E-Mail'.'</th>'.'<th>'.'JoinDate'.'</th>'.'<th>'.'Locale'.'</th>'.'<th>'.'Last Active'.'</th>'.'<th>'.'Flag'.'</th>'.'<th style="width: 110px;">'.'Rights'.'</th><th>reset password</th>'.'</tr>';
while($r = $res->next()){
$result .= '<tr class="'.self::tablerow_class($r['last_active']).'">'.'<td>'.$r['id'].'</td>'.'<td>'.$r['username'].' <input type="submit" class="btn-danger" value="delete" user="'.$r['id'].'" action="delete">'.'</td>'.'<td>'.$r['email'].'</td>'.'<td>'.$r['joindate'].'</td>'.'<td>'.$r['locale'].'</td>'.'<td>'.$r['last_active'].'</td>'.'<td>'.$r['account_flag'].'</td>'.'<td>'.'<input type="submit" class="btn" value="edit" user="'.$r['id'].'" action="edit"><input type="submit" class="btn-danger" value="delete" user="'.$r['id'].'" action="delete"></td><td><button type="submit" class="btn" value="reset_password" user="'.$r['id'].'" email="'.$r['email'].'">send EMail</button>'.'</td>'.'</tr>';
$result .= '<tr class="'.self::tablerow_class($r['last_active']).'">'.'<td>'.$r['id'].'</td>'.'<td>'.$r['username'].'</td>'.'<td>'.$r['email'].'</td>'.'<td>'.$r['joindate'].'</td>'.'<td>'.$r['locale'].'</td>'.'<td>'.self::time_elapsed_string($r['last_active']).'</td>'.'<td>'.$r['account_flag'].'</td>'.'<td>'.'<input type="submit" class="btn" value="edit" user="'.$r['id'].'" action="edit"><input type="submit" class="btn-danger" value="delete" user="'.$r['id'].'" action="delete"></td><td><button type="submit" class="btn" value="reset_password" user="'.$r['id'].'" email="'.$r['email'].'">send EMail</button>'.'</td>'.'</tr>';
}
$result .= '</table>';
return $result;
@ -65,9 +65,37 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
return 'error';
}
private static function time_elapsed_string($ptime)
{
$etime = time() - $ptime;
if ($etime < 1)
{
return '0 seconds';
}
$a = array( 12 * 30 * 24 * 60 * 60 => 'year',
30 * 24 * 60 * 60 => 'month',
24 * 60 * 60 => 'day',
60 * 60 => 'hour',
60 => 'minute',
1 => 'second'
);
foreach ($a as $secs => $str)
{
$d = $etime / $secs;
if ($d >= 1)
{
$r = round($d);
return $r . ' ' . $str . ($r > 1 ? 's' : '') . ' ago';
}
}
}
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_security">Security</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_security_flag_css(){return \SYSTEM\LOG\JsonResult::toString(
array(\SYSTEM\WEBPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security.css')));}

88
sai/modules/saimod_sys_todo/saimod_sys_todo.php
View File

@ -2,20 +2,92 @@
namespace SYSTEM\SAI;
class saimod_sys_todo extends \SYSTEM\SAI\SaiModule {
public static function sai_mod__SYSTEM_SAI_saimod_sys_todo(){
public static function sai_mod__SYSTEM_SAI_saimod_sys_todo(){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->query('SELECT * FROM system.todo LEFT JOIN system_user ON system_todo.author = system_user.ID ORDER BY state, time DESC;');
} else {
$res = $con->query('SELECT * FROM system_todo LEFT JOIN system_user ON system_todo.author = system_user.ID ORDER BY state, time DESC;');
}
$result = '<div id="table-wrapper"><table class="table table-hover table-condensed" style="overflow: auto;">'.
'<tr>'.'<th>'.'time ago in days'.'</th>'.'<th>'.'time'.'</th>'.'<th>'.'reporttype'.'</th>'.'<th>'.'message'.'</th>'.'<th>'.'suggestion'.'</th>'.'<th>'.'additional sources'.'</th>'.'<th>'.'author'.'</th>'.'<th>'.'assigned'.'</th>'.'<th>'.'state of todo(closed/in progress)'.'</th>'.'<th>'.'action'.'</th>'.'</tr>'.
'<tr class="info">'.'<td>'.'5d'.'</td>'.'<td>'.'5days ago obviously'.'</td>'.'<td>'.'Feature Request'.'</td>'.'<td>'.'Do some new stuff the old stuff sucks.'.'</td>'.'<td>'.'not a valid field for this type of report(ment for error suggestions)'.'</td>'.'<td>'.'http:... here some fancy examples what i want'.'</td>'.'<td>'.'Mr. Pink'.'</td>'.'<td>'.'I_S and many more'.'</td>'.'<td>'.'in progress'.'</td>'.'<td>'.'<input type="submit" class="btn-danger" value="delete">'.'<input type="submit" class="btn" value="edit">'.'<input type="submit" class="btn" value="assign">'.'</th>'.'</tr>'.
'<tr class="error">'.'<td>'.'5d'.'</td>'.'<td>'.'5days ago obviously'.'</td>'.'<td>'.'Bugreport'.'</td>'.'<td>'.'Do some new stuff the old stuff sucks.'.'</td>'.'<td>'.'not a valid field for this type of report(ment for error suggestions)'.'</td>'.'<td>'.'http:... here some fancy examples what i want'.'</td>'.'<td>'.'Mr. Pink'.'</td>'.'<td>'.'I_S and many more'.'</td>'.'<td>'.'in progress'.'</td>'.'<td>'.'<input type="submit" class="btn-danger" value="delete">'.'<input type="submit" class="btn" value="edit">'.'<input type="submit" class="btn" value="assign">'.'</th>'.'</tr>'.
'<tr class="warning">'.'<td>'.'5d'.'</td>'.'<td>'.'5days ago obviously'.'</td>'.'<td>'.'Unasigned Category - what is this?'.'</td>'.'<td>'.'Do some new stuff the old stuff sucks.'.'</td>'.'<td>'.'not a valid field for this type of report(ment for error suggestions)'.'</td>'.'<td>'.'http:... here some fancy examples what i want'.'</td>'.'<td>'.'Mr. Pink'.'</td>'.'<td>'.'I_S and many more'.'</td>'.'<td>'.'in progress'.'</td>'.'<td>'.'<input type="submit" class="btn-danger" value="delete">'.'<input type="submit" class="btn" value="edit">'.'<input type="submit" class="btn" value="assign">'.'</th>'.'</tr>'.
'<tr class="success">'.'<td>'.'5d'.'</td>'.'<td>'.'5days ago obviously'.'</td>'.'<td>'.'Closed FR/BR/OT'.'</td>'.'<td>'.'Do some new stuff the old stuff sucks.'.'</td>'.'<td>'.'not a valid field for this type of report(ment for error suggestions)'.'</td>'.'<td>'.'http:... here some fancy examples what i want'.'</td>'.'<td>'.'Mr. Pink'.'</td>'.'<td>'.'I_S and many more'.'</td>'.'<td>'.'in progress'.'</td>'.'<td>'.'<input type="submit" class="btn-danger" value="delete">'.'<input type="submit" class="btn" value="edit">'.'<input type="submit" class="btn" value="assign">'.'</th>'.'</tr>'.
'<tr>'.'<td>'.'5d'.'</td>'.'<td>'.'5days ago obviously'.'</td>'.'<td>'.'Note/Reminder'.'</td>'.'<td>'.'Do some new stuff the old stuff sucks.'.'</td>'.'<td>'.'not a valid field for this type of report(ment for error suggestions)'.'</td>'.'<td>'.'http:... here some fancy examples what i want'.'</td>'.'<td>'.'Mr. Pink'.'</td>'.'<td>'.'I_S and many more'.'</td>'.'<td>'.'in progress'.'</td>'.'<td>'.'<input type="submit" class="btn-danger" value="delete">'.'<input type="submit" class="btn" value="edit">'.'<input type="submit" class="btn" value="assign">'.'</th>'.'</tr>';
'<tr>'.'<th>'.'Time ago'.'</th>'.'<th>'.'Time'.'</th>'.'<th>'.'Reporttype'.'</th>'.'<th>'.'Message'.'</th>'.'<th>'.'Author'.'</th>'.'<th>'.'Assigned'.'</th>'.'<th>'.'State'.'</th>'.'<th>'.'Action'.'</th>'.'</tr>';
while($row = $res->next()){
$result .= '<tr class="'.self::trclassbytype($row['type']).'">'.
'<td>'.self::time_elapsed_string(strtotime($row['time'])).'</td>'.'<td>'.$row['time'].'</td>'.
'<td>'.self::reporttype($row['type']).'</td>'.
'<td>'.$row['msg_1'].'</td>'.
'<td>'.$row['username'].'</td>'.
'<td>'.'I_S and many more'.'</td>'.
'<td>'.self::state($row['state']).'</td>'.
'<td>'. self::statebtn($row['state']).
'<input type="submit" class="btn" value="edit">'.
'<input type="submit" class="btn" value="assign">'.
'<input type="submit" class="btn-danger" value="delete">'.'</td>'.'</tr>';
}
$result .= '</table>';
return $result;
}
private static function time_elapsed_string($ptime)
{
$etime = time() - $ptime;
if ($etime < 1)
{
return '0 seconds';
}
$a = array( 12 * 30 * 24 * 60 * 60 => 'year',
30 * 24 * 60 * 60 => 'month',
24 * 60 * 60 => 'day',
60 * 60 => 'hour',
60 => 'minute',
1 => 'second'
);
foreach ($a as $secs => $str)
{
$d = $etime / $secs;
if ($d >= 1)
{
$r = round($d);
return $r . ' ' . $str . ($r > 1 ? 's' : '') . ' ago';
}
}
}
private static function state($state){
if($state == 1){
return 'Closed';}
return 'Open';}
private static function statebtn($state){
if($state == 1){
return '<input type="submit" class="btn-danger" value="reopen">';}
return '<input type="submit" class="btn-danger" value="close">';}
private static function reporttype($type){
switch($type){
case 0: return 'Feature Request';
case 1: return 'Error Report';
case 2: return 'Unasigned Category';
default: return 'Note';
}
}
private static function trclassbytype($type){
switch($type){
case 0: return 'info';
case 1: return 'error';
case 2: return 'warning';
case 3: return 'success';
default: return '';
}
}
public static function html_li_menu(){return '<li><a href="#" saimenu=".SYSTEM.SAI.saimod_sys_todo">ToDo</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function sai_mod__SYSTEM_SAI_saimod_sys_todo_flag_css(){}
public static function sai_mod__SYSTEM_SAI_saimod_sys_todo_flag_js(){}

56
security/Security.php
View File

@ -15,14 +15,14 @@ class Security {
const AVAILABLE_FAIL = false;
const AVAILABLE_OK = true;
public static function create(\SYSTEM\DB\DBInfo $dbinfo, $username, $password, $email, $locale, $advancedResult=false, $checkAvailable = true){
public static function create($username, $password, $email, $locale, $advancedResult=false, $checkAvailable = true){
self::startSession();
// check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
if($checkAvailable && !self::available($dbinfo, $username)){
if($checkAvailable && !self::available($username)){
return self::REGISTER_FAIL;}
$con = new \SYSTEM\DB\Connection($dbinfo);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\UserTable::NAME_PG.
' ('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.','.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.','
@ -37,16 +37,16 @@ class Security {
array( $username , $password, $email, $locale, 1 ));
}
if( !$result || !self::login($dbinfo, $username, $password, $locale)){
if( !$result || !self::login($username, $password, $locale)){
return self::REGISTER_FAIL;}
return ($advancedResult ? $result->next() : self::REGISTER_OK);
}
public static function changePassword(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha_old, $password_sha_new){
public static function changePassword($username, $password_sha_old, $password_sha_new){
$con = new \SYSTEM\DB\Connection($dbinfo);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('',
'SELECT id FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
@ -77,18 +77,16 @@ class Security {
return 1;
}
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession();
if(!isset($password_sha)){
self::trackLogins($dbinfo, NULL, self::LOGIN_FAIL);
self::trackLogins(NULL, self::LOGIN_FAIL);
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
$con = new \SYSTEM\DB\Connection($dbinfo);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(isset($password_md5)){
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('loginAccountStmt',
@ -141,12 +139,18 @@ class Security {
}else{
$pw = $password_sha;
}
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
unset($result);
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
}else{
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_MYS.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = ? WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = ?'.';',
array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
}
$res = $res->next();
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA];
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $pw;
}
// set session variables
@ -163,12 +167,12 @@ class Security {
if(isset($locale)){
\SYSTEM\locale::set($locale);}
// track succesful user login
self::trackLogins($dbinfo, $row[\SYSTEM\DBD\UserTable::FIELD_ID]);
self::trackLogins($row[\SYSTEM\DBD\UserTable::FIELD_ID]);
return ($advancedResult ? $row : self::LOGIN_OK);
}
private static function trackLogins(\SYSTEM\DB\DBInfo $dbinfo, $userID){
$con = new \SYSTEM\DB\Connection($dbinfo);
private static function trackLogins($userID){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$con->prepare( 'trackLoginAccountStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_LAST_ACTIVE.'= to_timestamp($1) '.
@ -192,8 +196,8 @@ class Security {
*
* @param String $username
*/
public static function available(\SYSTEM\DB\DBInfo $dbinfo, $username){
$con = new \SYSTEM\DB\Connection($dbinfo);
public static function available($username){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'availableStmt',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
@ -215,14 +219,14 @@ class Security {
}
//checks for a right for a logged in user
public static function check(\SYSTEM\DB\DBInfo $dbinfo, $rightid){
public static function check($rightid){
//Not logged in? Go away.
//If you think you need rights for your guests ur doing smth wrong ;-)
$user = null;
if(!($user = self::getUser())){
return false;}
$con = new \SYSTEM\DB\Connection($dbinfo);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'security_check',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG.
@ -271,12 +275,12 @@ class Security {
}
//This functions is called from \SYSTEM\locale::set()
public static function _db_setLocale($dbinfo, $lang){
public static function _db_setLocale($lang){
$user = self::getUser();
if(!$user){
throw new \SYSTEM\LOG\ERROR("You need to be logged in");}
$con = new \SYSTEM\DB\Connection($dbinfo);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'updateUserLocaleStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_LOCALE.' = $1 '.