From 464f4d3497617fadb9d7752868f1175849cfa6d2 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 7 Jan 2012 08:21:00 -0800 Subject: Refactor to separate the framework from the app; drop message stuff, this app is just user management. Add a json view for individual users --- apps/um/controllers/Authenticator.class.php | 57 ++++ apps/um/controllers/Config.class.php | 30 ++ apps/um/controllers/Groups.class.php | 11 + apps/um/controllers/Http404.class.php | 7 + apps/um/controllers/Main.class.php | 9 + apps/um/controllers/Plugins.class.php | 75 +++++ apps/um/controllers/Users.class.php | 371 +++++++++++++++++++++ apps/um/ext/PasswordHash.class.php | 253 ++++++++++++++ apps/um/ext/README.txt | 12 + apps/um/ext/recaptchalib.php | 277 ++++++++++++++++ apps/um/lib/DB.class.php | 164 +++++++++ apps/um/lib/Database.class.php | 403 +++++++++++++++++++++++ apps/um/lib/Hasher.class.php | 18 + apps/um/lib/Login.class.php | 41 +++ apps/um/lib/Plugin.class.php | 25 ++ apps/um/lib/PluginManager.class.php | 99 ++++++ apps/um/lib/Singleton.class.php | 12 + apps/um/lib/Site.class.php | 32 ++ apps/um/models/Auth.class.php | 157 +++++++++ apps/um/models/ContactMethod.class.php | 29 ++ apps/um/models/Group.class.php | 23 ++ apps/um/models/User.class.php | 25 ++ apps/um/plugins/InformationPlugin.class.php | 62 ++++ apps/um/plugins/ReCaptcha.class.php | 47 +++ apps/um/views/Template.class.php | 316 ++++++++++++++++++ apps/um/views/includes/header-include.php | 51 +++ apps/um/views/includes/header.php | 84 +++++ apps/um/views/pages/auth/badrequest.html.php | 11 + apps/um/views/pages/auth/index.html.php | 12 + apps/um/views/pages/auth/login.html.php | 54 +++ apps/um/views/pages/auth/logout.html.php | 6 + apps/um/views/pages/groups/401.html.php | 15 + apps/um/views/pages/http404.html.php | 16 + apps/um/views/pages/index.html.php | 8 + apps/um/views/pages/plugins/401.html.php | 9 + apps/um/views/pages/plugins/index.html.php | 42 +++ apps/um/views/pages/users/401.html.php | 15 + apps/um/views/pages/users/404.html.php | 10 + apps/um/views/pages/users/500.html.php | 15 + apps/um/views/pages/users/created.html.php | 18 + apps/um/views/pages/users/index.csv.php | 27 ++ apps/um/views/pages/users/index.html.php | 104 ++++++ apps/um/views/pages/users/individual.html.php | 147 +++++++++ apps/um/views/pages/users/individual.json.php | 27 ++ apps/um/views/pages/users/new-locked.html.php | 9 + apps/um/views/pages/users/new-logged-in.html.php | 8 + apps/um/views/pages/users/new.html.php | 57 ++++ 47 files changed, 3300 insertions(+) create mode 100644 apps/um/controllers/Authenticator.class.php create mode 100644 apps/um/controllers/Config.class.php create mode 100644 apps/um/controllers/Groups.class.php create mode 100644 apps/um/controllers/Http404.class.php create mode 100644 apps/um/controllers/Main.class.php create mode 100644 apps/um/controllers/Plugins.class.php create mode 100644 apps/um/controllers/Users.class.php create mode 100644 apps/um/ext/PasswordHash.class.php create mode 100644 apps/um/ext/README.txt create mode 100644 apps/um/ext/recaptchalib.php create mode 100644 apps/um/lib/DB.class.php create mode 100644 apps/um/lib/Database.class.php create mode 100644 apps/um/lib/Hasher.class.php create mode 100644 apps/um/lib/Login.class.php create mode 100644 apps/um/lib/Plugin.class.php create mode 100644 apps/um/lib/PluginManager.class.php create mode 100644 apps/um/lib/Singleton.class.php create mode 100644 apps/um/lib/Site.class.php create mode 100644 apps/um/models/Auth.class.php create mode 100644 apps/um/models/ContactMethod.class.php create mode 100644 apps/um/models/Group.class.php create mode 100644 apps/um/models/User.class.php create mode 100644 apps/um/plugins/InformationPlugin.class.php create mode 100644 apps/um/plugins/ReCaptcha.class.php create mode 100644 apps/um/views/Template.class.php create mode 100644 apps/um/views/includes/header-include.php create mode 100644 apps/um/views/includes/header.php create mode 100644 apps/um/views/pages/auth/badrequest.html.php create mode 100644 apps/um/views/pages/auth/index.html.php create mode 100644 apps/um/views/pages/auth/login.html.php create mode 100644 apps/um/views/pages/auth/logout.html.php create mode 100644 apps/um/views/pages/groups/401.html.php create mode 100644 apps/um/views/pages/http404.html.php create mode 100644 apps/um/views/pages/index.html.php create mode 100644 apps/um/views/pages/plugins/401.html.php create mode 100644 apps/um/views/pages/plugins/index.html.php create mode 100644 apps/um/views/pages/users/401.html.php create mode 100644 apps/um/views/pages/users/404.html.php create mode 100644 apps/um/views/pages/users/500.html.php create mode 100644 apps/um/views/pages/users/created.html.php create mode 100644 apps/um/views/pages/users/index.csv.php create mode 100644 apps/um/views/pages/users/index.html.php create mode 100644 apps/um/views/pages/users/individual.html.php create mode 100644 apps/um/views/pages/users/individual.json.php create mode 100644 apps/um/views/pages/users/new-locked.html.php create mode 100644 apps/um/views/pages/users/new-logged-in.html.php create mode 100644 apps/um/views/pages/users/new.html.php (limited to 'apps/um') diff --git a/apps/um/controllers/Authenticator.class.php b/apps/um/controllers/Authenticator.class.php new file mode 100644 index 0000000..0c1bf0c --- /dev/null +++ b/apps/um/controllers/Authenticator.class.php @@ -0,0 +1,57 @@ +login(); break; + case 'logout': $this->logout(); break; + case '' : $this->maybe_login(); break; + default : $this->badrequest(); break; + } + } + private function login() { + $username = ''; + $password = ''; + + $login = -1; + if ( isset($_POST['username']) && isset($_POST['password'])) { + $username = $_POST['username']; + $password = $_POST['password']; + $login = Login::login($username, $password); + } + + $vars = array(); + $vars['login_code'] = $login; + $vars['username'] = $username; + $vars['password'] = $password; + if (isset($_POST['url'])) { + $vars['url'] = $_POST['url']; + } + + $this->showView('auth/login', $vars); + } + private function logout() { + Login::logout(); + $this->showView('auth/logout'); + } + private function maybe_login() { + $uid = Login::isLoggedIn(); + if ($uid===false) { + $this->login(); + } else { + $username = Auth::getInstance($uid)->getName(); + $this->showView('auth/index', + array('username'=>$username)); + } + } + private function badrequest() { + $this->showView('auth/badrequest'); + } +} diff --git a/apps/um/controllers/Config.class.php b/apps/um/controllers/Config.class.php new file mode 100644 index 0000000..dc6a884 --- /dev/null +++ b/apps/um/controllers/Config.class.php @@ -0,0 +1,30 @@ +isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated configuration. + $this->update(); + break; + } + $this->show_index(); + } + private function show_index() { + + } + private function update() { + + } +} diff --git a/apps/um/controllers/Groups.class.php b/apps/um/controllers/Groups.class.php new file mode 100644 index 0000000..9d99d99 --- /dev/null +++ b/apps/um/controllers/Groups.class.php @@ -0,0 +1,11 @@ +http404($routed, $remainder); + } +} diff --git a/apps/um/controllers/Main.class.php b/apps/um/controllers/Main.class.php new file mode 100644 index 0000000..7651b62 --- /dev/null +++ b/apps/um/controllers/Main.class.php @@ -0,0 +1,9 @@ +showView('index'); + } +} diff --git a/apps/um/controllers/Plugins.class.php b/apps/um/controllers/Plugins.class.php new file mode 100644 index 0000000..2ed6e7a --- /dev/null +++ b/apps/um/controllers/Plugins.class.php @@ -0,0 +1,75 @@ +isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated user index. + $this->update(); + break; + } + $this->show_index(); + } + + private function update() { + $db = Database::getInstance(); + + if (isset($_POST['plugins'])) { + $string = $db->arrayToValue($_POST['plugins']); + $db->setSysConf('plugins', $string); + } + + if (isset($_POST['config'])) { + foreach ($_POST['config'] as $plugin_name => $plugin) { + foreach ($plugin as $param => $value) { + $db->setPluginConf($plugin_name, + $param, + $value); + } + } + } + } + + private function show_index() { + $pm = PluginManager::getInstance(); + $all_plugins = $pm->listPlugins(); + $enabled_plugins = $pm->getActivePlugins(); + + $plugin_data = array(); + foreach ($all_plugins as $plugin_name) { + $plugin = array(); + $plugin['name'] = $plugin_name; + $plugin['key'] = 'config['.$plugin_name.']'; + $plugin['active'] = + in_array($plugin_name, $enabled_plugins); + $plugin['description'] = + $pm->staticHook($plugin_name, 'description'); + $plugin['config'] = + $pm->staticHook($plugin_name, 'configList'); + $plugin_data[] = $plugin; + } + + $vars = array(); + $vars['plugins'] = $plugin_data; + $this->showView('plugins/index', $vars); + } + + public function http401($routed, $remainder) { + $this->showView('plugins/401'); + } +} diff --git a/apps/um/controllers/Users.class.php b/apps/um/controllers/Users.class.php new file mode 100644 index 0000000..9978ef8 --- /dev/null +++ b/apps/um/controllers/Users.class.php @@ -0,0 +1,371 @@ +index_dir($routed, $remainder); + } + + /** + * Handle POSTing a new user, or GETing the index. + */ + public function index_dir($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'POST': + // We're POSTing a new user. + if ($this->registrationOpen()) { + $this->create_user(); + } else { + $this->showView('users/new-locked', array()); + exit(); + } + break; + case 'HEAD': // fall-through to GET + case 'GET': + // We're GETing the index. + $this->show_index($routed, $remainder); + break; + } + } + + /** + * Handle PUTing an updated user index, or GETing the index. + */ + public function index_file($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated user index. + $this->update_users(); + break; + } + $this->show_index($routed, $remainder); + } + + // Other Views /////////////////////////////////////////////// + + /** + * Handle GETing the new user form. + * + * I would have named this `new', but that's a keyword. + */ + public function new_user($routed, $vars) { + // since there will never be a remainder to `users/new', we can + // use that parameter to pass in some data. + if (Login::isLoggedIn()) { + $this->showView('users/new-logged-in', array()); + exit(); + } + if (!$this->registrationOpen()) { + $this->showView('users/new-locked', array()); + exit(); + } + if (!isset($vars['errors'])) $vars['errors'] = array(); + + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $vars['antispam_html'] = $pm->callHook('antispam_html'); + $vars['userlist'] = $db->getSysConf('anon_userlist'); + $this->showView('users/new', $vars); + } + + public function individual($routed, $remainder) { + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $username = implode('/', $remainder); + if ($username == 'all') { + $uids = $db->listUsers(); + } else { + $uids = array($db->getUID($username)); + } + + $vars = array(); + + if (count($uids)<2) { + $user = Auth::getInstance($uid); + + if ($user->isGroup()) $uid = false; // ignore groups. + + if ($uid===false) { + $this->http404($routed, $remainder); + exit(); + } + if (!$user->canRead()) { + $this->http401($routed, $remainder); + exit(); + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing updated user info. + if ($user->canEdit()) { + $vars = $this->update_user($user); + } + break; + } + } + + $config_options = array(); + $pm->callHook('userConfig', &$config_options); + + $vars['users'] = array(); + foreach ($uids as $uid) { + $vars['users'][] = Auth::getInstance($uid); + } + $vars['username'] = $username; + $vars['config_options'] = $config_options; + $vars['groups'] = $db->listGroupNames(); + require_once('ContactMethod.class.php'); + $this->showView('users/individual', $vars); + } + + public function http404($routed, $remainder) { + $username = implode('/', $remainder); + $this->showView('users/404', + array('username'=>$username)); + } + + public function http401($routed, $remainder) { + $this->showView('users/401', array('uid'=>Login::isLoggedIn())); + } + + // Other Functions /////////////////////////////////////////// + + /** + * This will parse POST data to create a new user. + * If successfull it will show a message saying so. + * If not successfull, it will re-show the new-user form with errors + * explained. + */ + private function create_user() { + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $vars = array(); + @$vars['username' ] = $_POST['auth_name']; + @$vars['password1'] = $_POST['auth_password' ]; + @$vars['password2'] = $_POST['auth_password_verify']; + @$vars['email'] = $_POST['user_email']; + + $vars['errors'] = array(); + if ($db->getUID($vars['username'])!==false) + $vars['errors'][] = 'user exists'; + if (!Auth::isNameLegal($vars['username'])) + $vars['errors'][] = 'illegal name'; + $matches = ($vars['password1'] == $vars['password2']); + if (!$matches) { + $vars['errors'][] = 'pw mixmatch'; + } + if ($matches && $vars['password2'] == '') { + $vars['errors'][] = 'no pw'; + } + if ($vars['email'] == '') { + $vars['errors'][] = 'no email'; + } + foreach ($pm->callHook('antispam_verify') as $plugin=>$valid) { + if (!$valid) $vars['errors'][] = 'plugin_'.$plugin; + } + + if (count($vars['errors']) > 0) { + $this->new_user($routed, $vars); + } else { + $username = $vars['username']; + $password = $vars['password1']; + $uid = $db->addUser($username, $password); + if ($uid===false) { + $this->showView('users/500'); + } else { + Login::login($username, $password); + DB::set('users', $uid, 'email', $vars['email']); + $this->showView('users/created', + array('username'=>$username)); + } + } + } + + /** + * This will parse POST (really, PUT) data to update a single user + */ + private function update_user($user) { + $vars = array(); + + $username = $user->getName(); + // Change the username ///////////////////////////////////////// + if (isset($_POST['auth_name'])) { + $new_name = $_POST['auth_name']; + if ($new_name != $username) { + $changed_name = $user->setName($new_name); + $username = $user->getName(); + $vars['changed name'] = $changed_name; + } + } + + // Change the password ///////////////////////////////////////// + @$password1 = $_POST['auth_password' ]; + @$password2 = $_POST['auth_password'.'_verify']; + + // Check the verify box, not main box, so that we don't get + // tripped by browsers annoyingly autocompleting the password. + $is_set = ($password2 != ''); + + if ($is_set) { + $matches = ( $password1 == $password2 ); + if ($matches) { + $user->setPassword($password1); + $vars['pw updated'] = true; + } else { + $vars['pw mixmatch'] = true; + } + } + + // Change information ////////////////////////////////////////// + $config_options = array(); + $pm = PluginManager::getInstance(); + $pm->callHook('userConfig', &$config_options); + + foreach ($config_options as $group=>$options) { + foreach ($options as $option) { + $this->confText($user, $option[0]); + } + } + + // Change contact info ///////////////////////////////////////// + global $CONTACT_METHODS; + foreach ($CONTACT_METHODS as $method) { + $this->confText($user, $method->addr_slug); + } + $this->confArray($user, 'use'); + + // Change groups /////////////////////////////////////////////// + $this->confArray($user, 'groups'); + + return $vars; + } + + private function confArray($user, $key) { + if (isset($_POST[$key]) && is_array($_POST[$key])) { + $user->setConfArray($key, $_POST[$key]); + } + } + + private function confText($user, $name) { + if (isset($_POST["user_$name"])) { + $user->setConf($name, $_POST["user_$name"]); + } + } + + + /** + * This will parse POST (really, PUT) data to update multiple users. + */ + private function update_users() { + $attribs = $this->getIndexAttribs(); + $form = new Form(null, null); + foreach ($attribs as $attrib) { + $key = $attrib['key']; + if (isset($_POST[$key]) && is_array($_POST[$key])) { + $old = $_POST['_old'][$key]; + foreach ($_POST[$key] as $uid => $value) { + @$value_base = $old[$uid]; + $set = DB::set('users', $uid, $key, $value, $value_base); + if (is_string($set)) { + echo "
\n";
+						echo "Error: Value changed elsewhere, ".
+							"and I don't have real handling ".
+							"for this yet.\n";
+						echo "UID: $uid\n";
+						echo "Name: ".$user->getName()."\n";
+						echo "Key: $key\n";
+						echo "Value: Original  : ";
+						var_dump($value_base);
+						echo "Value: Other edit: ";
+						var_dump($value_fork);
+						echo "Value: This edit : ";
+						var_dump($value);
+						echo "
"; + } + } + } + } + } + + /** + * This will show the user index. + */ + private function show_index($routed, $remainder) { + $db = Database::getInstance(); + + $logged_in_user = Auth::getInstance(Login::isLoggedIn()); + $anon_userlist = $db->getSysConf('anon_userlist')=='true'; + if (!$anon_userlist && !$logged_in_user->isUser()) { + $this->http401($routed, $remainder); + exit(); + } + + $vars = array(); + $vars['attribs'] = $this->getIndexAttribs(); + $vars['users'] = array(); + $uids = $db->listUsers(); + foreach ($uids as $uid) { + $vars['users'][$uid] = array(); + foreach ($vars['attribs'] as $attrib) { + $key = $attrib['key']; + $props = DB::get('users', $uid, $key); + $vars['users'][$uid][$key] = $props; + } + } + $this->showView('users/index', $vars); + } + + function attrib($key, $name, $type='string') { + return array('key'=>$key, 'name'=>$name, 'type'=>$type); + } + private function getIndexAttribs() { + $user = Auth::getInstance(Login::isLoggedIn()); + + $attribs = array(); + $attribs[] = $this->attrib('auth_uid', 'UID'); + if ($user->isUser()) { + $attribs[] = $this->attrib('auth_user', 'Active', 'bool'); + if ($user->isAdmin()) { + $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool'); + $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool'); + } + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('hsclass','Class of'); + $attribs[] = $this->attrib('phone','Phone number'); + $attribs[] = $this->attrib('email','Email'); + } + $attribs[] = $this->attrib('auth_name', 'Username'); + + return $attribs; + } + + private function registrationOpen() { + $db = Database::getInstance(); + $val = $db->getSysConf('registration_open'); + switch ($val) { + case 'true': return true; + case 'false': return false; + default: return true; + } + } +} diff --git a/apps/um/ext/PasswordHash.class.php b/apps/um/ext/PasswordHash.class.php new file mode 100644 index 0000000..12958c7 --- /dev/null +++ b/apps/um/ext/PasswordHash.class.php @@ -0,0 +1,253 @@ + in 2004-2006 and placed in +# the public domain. Revised in subsequent years, still public domain. +# +# There's absolutely no warranty. +# +# The homepage URL for this framework is: +# +# http://www.openwall.com/phpass/ +# +# Please be sure to update the Version line if you edit this file in any way. +# It is suggested that you leave the main version number intact, but indicate +# your project name (after the slash) and add your own revision information. +# +# Please do not change the "private" password hashing method implemented in +# here, thereby making your hashes incompatible. However, if you must, please +# change the hash type identifier (the "$P$") to something different. +# +# Obviously, since this code is in the public domain, the above are not +# requirements (there can be none), but merely suggestions. +# +class PasswordHash { + var $itoa64; + var $iteration_count_log2; + var $portable_hashes; + var $random_state; + + function PasswordHash($iteration_count_log2, $portable_hashes) + { + $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + + if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) + $iteration_count_log2 = 8; + $this->iteration_count_log2 = $iteration_count_log2; + + $this->portable_hashes = $portable_hashes; + + $this->random_state = microtime(); + if (function_exists('getmypid')) + $this->random_state .= getmypid(); + } + + function get_random_bytes($count) + { + $output = ''; + if (is_readable('/dev/urandom') && + ($fh = @fopen('/dev/urandom', 'rb'))) { + $output = fread($fh, $count); + fclose($fh); + } + + if (strlen($output) < $count) { + $output = ''; + for ($i = 0; $i < $count; $i += 16) { + $this->random_state = + md5(microtime() . $this->random_state); + $output .= + pack('H*', md5($this->random_state)); + } + $output = substr($output, 0, $count); + } + + return $output; + } + + function encode64($input, $count) + { + $output = ''; + $i = 0; + do { + $value = ord($input[$i++]); + $output .= $this->itoa64[$value & 0x3f]; + if ($i < $count) + $value |= ord($input[$i]) << 8; + $output .= $this->itoa64[($value >> 6) & 0x3f]; + if ($i++ >= $count) + break; + if ($i < $count) + $value |= ord($input[$i]) << 16; + $output .= $this->itoa64[($value >> 12) & 0x3f]; + if ($i++ >= $count) + break; + $output .= $this->itoa64[($value >> 18) & 0x3f]; + } while ($i < $count); + + return $output; + } + + function gensalt_private($input) + { + $output = '$P$'; + $output .= $this->itoa64[min($this->iteration_count_log2 + + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; + $output .= $this->encode64($input, 6); + + return $output; + } + + function crypt_private($password, $setting) + { + $output = '*0'; + if (substr($setting, 0, 2) == $output) + $output = '*1'; + + $id = substr($setting, 0, 3); + # We use "$P$", phpBB3 uses "$H$" for the same thing + if ($id != '$P$' && $id != '$H$') + return $output; + + $count_log2 = strpos($this->itoa64, $setting[3]); + if ($count_log2 < 7 || $count_log2 > 30) + return $output; + + $count = 1 << $count_log2; + + $salt = substr($setting, 4, 8); + if (strlen($salt) != 8) + return $output; + + # We're kind of forced to use MD5 here since it's the only + # cryptographic primitive available in all versions of PHP + # currently in use. To implement our own low-level crypto + # in PHP would result in much worse performance and + # consequently in lower iteration counts and hashes that are + # quicker to crack (by non-PHP code). + if (PHP_VERSION >= '5') { + $hash = md5($salt . $password, TRUE); + do { + $hash = md5($hash . $password, TRUE); + } while (--$count); + } else { + $hash = pack('H*', md5($salt . $password)); + do { + $hash = pack('H*', md5($hash . $password)); + } while (--$count); + } + + $output = substr($setting, 0, 12); + $output .= $this->encode64($hash, 16); + + return $output; + } + + function gensalt_extended($input) + { + $count_log2 = min($this->iteration_count_log2 + 8, 24); + # This should be odd to not reveal weak DES keys, and the + # maximum valid value is (2**24 - 1) which is odd anyway. + $count = (1 << $count_log2) - 1; + + $output = '_'; + $output .= $this->itoa64[$count & 0x3f]; + $output .= $this->itoa64[($count >> 6) & 0x3f]; + $output .= $this->itoa64[($count >> 12) & 0x3f]; + $output .= $this->itoa64[($count >> 18) & 0x3f]; + + $output .= $this->encode64($input, 3); + + return $output; + } + + function gensalt_blowfish($input) + { + # This one needs to use a different order of characters and a + # different encoding scheme from the one in encode64() above. + # We care because the last character in our encoded string will + # only represent 2 bits. While two known implementations of + # bcrypt will happily accept and correct a salt string which + # has the 4 unused bits set to non-zero, we do not want to take + # chances and we also do not want to waste an additional byte + # of entropy. + $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + + $output = '$2a$'; + $output .= chr(ord('0') + $this->iteration_count_log2 / 10); + $output .= chr(ord('0') + $this->iteration_count_log2 % 10); + $output .= '$'; + + $i = 0; + do { + $c1 = ord($input[$i++]); + $output .= $itoa64[$c1 >> 2]; + $c1 = ($c1 & 0x03) << 4; + if ($i >= 16) { + $output .= $itoa64[$c1]; + break; + } + + $c2 = ord($input[$i++]); + $c1 |= $c2 >> 4; + $output .= $itoa64[$c1]; + $c1 = ($c2 & 0x0f) << 2; + + $c2 = ord($input[$i++]); + $c1 |= $c2 >> 6; + $output .= $itoa64[$c1]; + $output .= $itoa64[$c2 & 0x3f]; + } while (1); + + return $output; + } + + function HashPassword($password) + { + $random = ''; + + if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { + $random = $this->get_random_bytes(16); + $hash = + crypt($password, $this->gensalt_blowfish($random)); + if (strlen($hash) == 60) + return $hash; + } + + if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { + if (strlen($random) < 3) + $random = $this->get_random_bytes(3); + $hash = + crypt($password, $this->gensalt_extended($random)); + if (strlen($hash) == 20) + return $hash; + } + + if (strlen($random) < 6) + $random = $this->get_random_bytes(6); + $hash = + $this->crypt_private($password, + $this->gensalt_private($random)); + if (strlen($hash) == 34) + return $hash; + + # Returning '*' on error is safe here, but would _not_ be safe + # in a crypt(3)-like function used _both_ for generating new + # hashes and for validating passwords against existing hashes. + return '*'; + } + + function CheckPassword($password, $stored_hash) + { + $hash = $this->crypt_private($password, $stored_hash); + if ($hash[0] == '*') + $hash = crypt($password, $stored_hash); + + return $hash == $stored_hash; + } +} + +?> diff --git a/apps/um/ext/README.txt b/apps/um/ext/README.txt new file mode 100644 index 0000000..78c4f70 --- /dev/null +++ b/apps/um/ext/README.txt @@ -0,0 +1,12 @@ +These are class files that I've gathered from around the internet. + +I've renamed the files to follow a standard scheme. + +This is where each file came from: + +My Name : Original Name : From +PasswordHash.class.php : PasswordHash.php : http://www.openwall.com/phpass/ +recaptchalib.php : recaptchalib.php : https://code.google.com/p/recaptcha/ + +~ Luke Shumaker +Happy Hacking! diff --git a/apps/um/ext/recaptchalib.php b/apps/um/ext/recaptchalib.php new file mode 100644 index 0000000..32c4f4d --- /dev/null +++ b/apps/um/ext/recaptchalib.php @@ -0,0 +1,277 @@ + $value ) + $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + + // Cut the last '&' + $req=substr($req,0,strlen($req)-1); + return $req; +} + + + +/** + * Submits an HTTP POST to a reCAPTCHA server + * @param string $host + * @param string $path + * @param array $data + * @param int port + * @return array response + */ +function _recaptcha_http_post($host, $path, $data, $port = 80) { + + $req = _recaptcha_qsencode ($data); + + $http_request = "POST $path HTTP/1.0\r\n"; + $http_request .= "Host: $host\r\n"; + $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; + $http_request .= "Content-Length: " . strlen($req) . "\r\n"; + $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; + $http_request .= "\r\n"; + $http_request .= $req; + + $response = ''; + if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { + die ('Could not open socket'); + } + + fwrite($fs, $http_request); + + while ( !feof($fs) ) + $response .= fgets($fs, 1160); // One TCP-IP packet + fclose($fs); + $response = explode("\r\n\r\n", $response, 2); + + return $response; +} + + + +/** + * Gets the challenge HTML (javascript and non-javascript version). + * This is called from the browser, and the resulting reCAPTCHA HTML widget + * is embedded within the HTML form it was called from. + * @param string $pubkey A public key for reCAPTCHA + * @param string $error The error given by reCAPTCHA (optional, default is null) + * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) + + * @return string - The HTML to be embedded in the user's form. + */ +function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) +{ + if ($pubkey == null || $pubkey == '') { + die ("To use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin/create"); + } + + if ($use_ssl) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ($error) { + $errorpart = "&error=" . $error; + } + return ' + + '; +} + + + + +/** + * A ReCaptchaResponse is returned from recaptcha_check_answer() + */ +class ReCaptchaResponse { + var $is_valid; + var $error; +} + + +/** + * Calls an HTTP POST function to verify if the user's guess was correct + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * @return ReCaptchaResponse + */ +function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) +{ + if ($privkey == null || $privkey == '') { + die ("To use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin/create"); + } + + if ($remoteip == null || $remoteip == '') { + die ("For security reasons, you must pass the remote ip to reCAPTCHA"); + } + + + + //discard spam submissions + if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { + $recaptcha_response = new ReCaptchaResponse(); + $recaptcha_response->is_valid = false; + $recaptcha_response->error = 'incorrect-captcha-sol'; + return $recaptcha_response; + } + + $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify", + array ( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + + $answers = explode ("\n", $response [1]); + $recaptcha_response = new ReCaptchaResponse(); + + if (trim ($answers [0]) == 'true') { + $recaptcha_response->is_valid = true; + } + else { + $recaptcha_response->is_valid = false; + $recaptcha_response->error = $answers [1]; + } + return $recaptcha_response; + +} + +/** + * gets a URL where the user can sign up for reCAPTCHA. If your application + * has a configuration page where you enter a key, you should provide a link + * using this function. + * @param string $domain The domain where the page is hosted + * @param string $appname The name of your application + */ +function recaptcha_get_signup_url ($domain = null, $appname = null) { + return "https://www.google.com/recaptcha/admin/create?" . _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname)); +} + +function _recaptcha_aes_pad($val) { + $block_size = 16; + $numpad = $block_size - (strlen ($val) % $block_size); + return str_pad($val, strlen ($val) + $numpad, chr($numpad)); +} + +/* Mailhide related code */ + +function _recaptcha_aes_encrypt($val,$ky) { + if (! function_exists ("mcrypt_encrypt")) { + die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); + } + $mode=MCRYPT_MODE_CBC; + $enc=MCRYPT_RIJNDAEL_128; + $val=_recaptcha_aes_pad($val); + return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +} + + +function _recaptcha_mailhide_urlbase64 ($x) { + return strtr(base64_encode ($x), '+/', '-_'); +} + +/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ +function recaptcha_mailhide_url($pubkey, $privkey, $email) { + if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { + die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . + "you can do so at http://www.google.com/recaptcha/mailhide/apikey"); + } + + + $ky = pack('H*', $privkey); + $cryptmail = _recaptcha_aes_encrypt ($email, $ky); + + return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); +} + +/** + * gets the parts of the email to expose to the user. + * eg, given johndoe@example,com return ["john", "example.com"]. + * the email is then displayed as john...@example.com + */ +function _recaptcha_mailhide_email_parts ($email) { + $arr = preg_split("/@/", $email ); + + if (strlen ($arr[0]) <= 4) { + $arr[0] = substr ($arr[0], 0, 1); + } else if (strlen ($arr[0]) <= 6) { + $arr[0] = substr ($arr[0], 0, 3); + } else { + $arr[0] = substr ($arr[0], 0, 4); + } + return $arr; +} + +/** + * Gets html to display an email address given a public an private key. + * to get a key, go to: + * + * http://www.google.com/recaptcha/mailhide/apikey + */ +function recaptcha_mailhide_html($pubkey, $privkey, $email) { + $emailparts = _recaptcha_mailhide_email_parts ($email); + $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); + + return htmlentities($emailparts[0]) . "...@" . htmlentities ($emailparts [1]); + +} + + +?> diff --git a/apps/um/lib/DB.class.php b/apps/um/lib/DB.class.php new file mode 100644 index 0000000..ac8dafe --- /dev/null +++ b/apps/um/lib/DB.class.php @@ -0,0 +1,164 @@ +getConfString($key); + $someone_else_changed_it = + $value_fork != $value_base; + if ($someone_else_changed_it) { + if ($value == $value_fork) { + // we might as well not have + $we_changed_it = false; + } else { + $forked = true; + } + } + } + if (!$we_changed_it) { + $doit = false;// nothing to do + } + } + if ($doit) { + return $this->setConf($key, $value); + } + if ($forked) { + return $value_fork; + } + } + + public static function get($table, $unit, $key) { + switch ($table) { + case 'conf': + case 'plugins': + return self::admin_get($unit, $key); + break; + case 'users': + return self::user_get($unit, $key); + break; + default: + return false; + } + } + public static function raw_set($table, $unit, $key, $value) { + switch ($table) { + case 'conf': + case 'plugins': + return self::admin_get($unit, $key, $value); + break; + case 'users': + return self::user_set($unit, $key, $value); + break; + default: + return false; + } + } + + private static function user_get($uid, $key) { + $user = Auth::getInstance($uid); + $logged_in_user = Auth::getInstance(Login::isLoggedIn()); + + $post_key = $key."[$uid]"; + @$value = $_POST[$post_key]; + $editable = $user->canEdit(); + + switch ($key) { + case 'auth_uid': + $value = $user->getUID(); + $editable = false; + break; + case 'auth_name': + $value = $user->getName(); + break; + case 'auth_user': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isUser()?'true':'false'; + break; + case 'auth_admin': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isAdmin()?'true':'false'; + break; + case 'auth_delete': + $editable = $editable && $logged_in_user->isAdmin(); + $value = 'false'; + break; + default: + $value = $user->getConf($key); + if ($value===false) $value=''; + break; + } + + return array('value'=>$value, + 'post_key'=>$post_key, + 'editable'=>$editable); + } + private static function user_set($uid, $key, $value) { + $user = Auth::getInstance($uid); + + switch ($key) { + case 'auth_uid': + return false; + break; + case 'auth_name': + return $user->setName($value); + break; + case 'auth_user': + return $user->setUser($value=='true'); + break; + case 'auth_admin': + return $user->setAdmin($value=='true'); + break; + case 'auth_delete': + if ($value=='true') return $user->delete(); + default: + return $user->setConf($key, $value); + break; + } + } + + private static function admin_get($plugin, $key) { + $db = Database::getInstance(); + $user = Auth::getInstance(Login::isLoggedIn()); + if ($user->isAdmin()) { + $editable = true; + switch ($plugin) { + case 'system': + $value = $db->getSysConf($key); + break; + default: + $value = $db->getPluginConf($plugin, $key); + break; + } + } else { + $editable = false; + $value = false; + } + + return array('value'=>$value, + 'post_key'=>'to be implemented',// FIXME + 'editable'=>$editable); + } + private static function admin_set($plugin, $key, $value) { + $db = Database::getInstance(); + $user = Auth::getInstance(Login::isLoggedIn()); + if (!$user->isAdmin()) { + return false; + } + switch ($plugin) { + case 'system': + return $db->setSysConf($key, $value); + default: + return $db->setPluginConf($plugin, $key, $value); + } + } +} diff --git a/apps/um/lib/Database.class.php b/apps/um/lib/Database.class.php new file mode 100644 index 0000000..a76d891 --- /dev/null +++ b/apps/um/lib/Database.class.php @@ -0,0 +1,403 @@ +conf = $conf_file; + self::$me = $this; + } + public static function getInstance() { + return self::$me; + } + + // Low-Level SQL functions ///////////////////////////////////////////// + + private function mysql() { + if (!isset($this->mysql)) { + $this->mysql_init(); + } + return $this->mysql; + } + private function mysql_init() { + global $db_config; + require($this->conf); + $this->mysql = mysql_connect($db_config['host'], + $db_config['user'], + $db_config['password']); + mysql_set_charset($db_config['charset'], $this->mysql); + mysql_select_db($db_config['name'], $this->mysql); + $this->db_prefix = $db_config['prefix']; + unset($db_config); + } + private function mysql_table($table_name) { + $mysql = $this->mysql(); + $prefix = $this->db_prefix; + return $prefix.mysql_real_escape_string($table_name, $mysql); + } + private function mysql_escape($string) { + $mysql = $this->mysql(); + return mysql_real_escape_string($string, $mysql); + } + private function mysql_query($query) { + $mysql = $this->mysql(); + return mysql_query($query, $mysql); + } + public function mysql_error() { + $mysql = $this->mysql(); + return mysql_error($mysql); + } + + // High-Level SQL functions //////////////////////////////////////////// + + // The 'auth' table + + public function getUID($username) { + $t = $this->mysql_table('auth'); + $v = $this->mysql_escape($username); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE name='$v' ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['uid'])) { + return (int)$user['uid']; + } else { + return false; + } + } + public function getUsername($uid) { + if (!is_int($uid)) return false; + $t = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['name'])) { + return $user['name']; + } else { + return false; + } + } + public function setUsername($uid, $username) { + if (!is_int($uid)) return false; + if ($this->getUID($username) !== false) { + return false; + } + $table = $this->mysql_table('auth'); + $name = $this->mysql_escape($username); + $query = + "UPDATE $table \n". + "SET name='$name' \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function getPasswordHash($uid) { + if (!is_int($uid)) return false; + + $table = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $table \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['hash'])) { + return $user['hash']; + } else { + return false; + } + } + public function setPassword($uid, $password) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + + $hasher = Hasher::getInstance(); + @$hash = $hasher->hash($password); + $query = + "UPDATE $table \n". + "SET hash='$hash' \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function addUser($username, $password) { + $user_exits = $this->getUID($username); + if ($user_exists) { + return false; + } + + $table = $this->mysql_table('auth'); + $user = $this->mysql_escape($username); + $hasher = Hasher::getInstance(); + @$hash = $hasher->hash($password); + $status = 0; + $query = + "INSERT INTO $table ( name, hash , status) \n". + "VALUES ('$user', '$hash', $status) ;"; + $this->mysql_query($query); + $uid = $this->getUID($username); + return $uid; + } + public function getStatus($uid) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $table \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['status'])) { + return (int)$user['status']; + } else { + return false; + } + } + public function setStatus($uid, $status) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + $s = $this->mysql_escape($status); + $query = + "UPDATE $table \n". + "SET status=$s \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function countUsers() { + $table = $this->mysql_table('auth'); + $query = "SELECT COUNT(*) FROM $table;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + $count = $row[0]; + return $count; + } + public function listGroups() { + $table = $this->mysql_table('auth'); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE status=3 ;"; + $q = $this->mysql_query($query); + $groups = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $groups[] = (int)$row[0]; + } + return $groups; + } + public function listGroupNames() { + $table = $this->mysql_table('auth'); + $query = + "SELECT name \n". + "FROM $table \n". + "WHERE status=3 ;"; + $q = $this->mysql_query($query); + $groups = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $groups[] = $row[0].''; + } + return $groups; + } + public function listUsers() { + $table = $this->mysql_table('auth'); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE status < 3 ;"; + $q = $this->mysql_query($query); + $users = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $users[] = (int)$row[0]; + } + return $users; + } + + // The 'users' table + + public function findUser($setting, $value) { + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $v = $this->mysql_escape($value); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k = '$k' \n". + "AND UPPER(v)=UPPER('$v') ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['uid'])) { + return $user['uid']; + } else { + return false; + } + } + public function getUserConf($uid, $setting) { + if (!is_int($uid)) return false; + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' \n". + "AND uid=$uid ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setUserConf($uid, $setting, $value) { + if (!is_int($uid)) return false; + $isset = ($this->getUserConf($uid, $setting) !== false); + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' \n". + "AND uid = $uid ;"; + } else { + $query = + "INSERT INTO $t ( uid, k , v ) \n". + "VALUES ($uid, '$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function getUsersInGroup($groupname) { + $table = $this->mysql_table('users'); + $group = $this->mysql_escape($groupname); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE k='groups' \n". + "AND v LIKE '%,$group,%' ;"; + $q = $this->mysql_query($query); + $users = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $users[] = $row[0]; + } + return $users; + } + + // The 'plugins' table + + public function getPluginConf($plugin, $key) { + $t = $this->mysql_table('plugins'); + $p = $this->mysql_escape($plugin); + $k = $this->mysql_escape($key); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' \n". + "AND plugin='$p' ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setPluginConf($plugin, $key, $value) { + $isset = ($this->getPluginConf($plugin, $key) !== false); + $t = $this->mysql_table('plugins'); + $p = $this->mysql_escape($plugin); + $k = $this->mysql_escape($key); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' \n". + "AND plugin = '$p' ;"; + } else { + $query = + "INSERT INTO $t (plugin, k , v ) \n". + "VALUES ('$p' , '$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + + // The 'conf' table + + public function getSysConf($key) { + $t = $this->mysql_table('conf'); + $k = $this->mysql_escape($key); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setSysConf($key, $value) { + $isset = ($this->getSysConf($key) !== false); + $t = $this->mysql_table('conf'); + $k = $this->mysql_escape($key); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' ;"; + } else { + $query = + "INSERT INTO $t ( k , v ) \n". + "VALUES ('$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + + /** + * Strip out empty group names and duplicates, sort. + */ + private static function sanitizeArray($in) { + $out = array(); + foreach ($in as $item) { + if (($item !== '')&&(!in_array($item, $out))) { + $out[] = $item; + } + } + natsort($out); + return $out; + } + /** + * Translate an array into a value suitable to be stored into a + * key-value store in the database. + */ + public static function arrayToValue($list) { + $out_list = self::sanitizeArray($list); + return ','.implode(',', $out_list).','; + } + /** + * Translate a value from arrayToValue() back into an array. + */ + public static function valueToArray($value) { + $raw_list = explode(',', $value); + $out_list = self::sanitizeArray($raw_list); + return $out_list; + } + +} diff --git a/apps/um/lib/Hasher.class.php b/apps/um/lib/Hasher.class.php new file mode 100644 index 0000000..dc16d68 --- /dev/null +++ b/apps/um/lib/Hasher.class.php @@ -0,0 +1,18 @@ +pw_hash = new PasswordHash(8, false); + } + + public function hash($password) { + return $this->pw_hash->HashPassword($password); + } + public function check($password, $hash) { + return $this->pw_hash->CheckPassword($password, $hash); + } +} diff --git a/apps/um/lib/Login.class.php b/apps/um/lib/Login.class.php new file mode 100644 index 0000000..bb21928 --- /dev/null +++ b/apps/um/lib/Login.class.php @@ -0,0 +1,41 @@ +getUID($username); + if ($uid!==false && $db->getStatus($uid)>=3) + $uid=false; + if ($uid===false) { + // user does not exist + return 2; + } + $hash = $db->getPasswordHash($uid); + if ($hasher->check($password, $hash)) { + // success + $_SESSION['uid'] = $uid; + return 0; + } else { + // wrong password + return 1; + } + } + public static function isLoggedIn() { + if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) { + return $_SESSION['uid']; + } else { + return false; + } + } + public static function logout() { + $_SESSION['uid'] = ''; + } +} diff --git a/apps/um/lib/Plugin.class.php b/apps/um/lib/Plugin.class.php new file mode 100644 index 0000000..9d2fc2e --- /dev/null +++ b/apps/um/lib/Plugin.class.php @@ -0,0 +1,25 @@ +config[$param])) { + $this->config[$param]=$value; + } + } + + public function userConfig() { return array(); } + protected function addConfigGroup($arr, $group) { + if (!isset($arr[$group])) + $arr[$group] = array(); + } + + public abstract function init(); + + public function antispam_html() { return ''; } + public function antispam_verify() { return true; } +} diff --git a/apps/um/lib/PluginManager.class.php b/apps/um/lib/PluginManager.class.php new file mode 100644 index 0000000..ce5a3ef --- /dev/null +++ b/apps/um/lib/PluginManager.class.php @@ -0,0 +1,99 @@ + $type) { + $value = $db->getPluginConf($plugin_name, $param); + if ($value!==false) { + switch ($type) { + case 'text': + case 'password': + $value = "$value"; + break; + case 'int': + $value = (int)$value; + break; + } + $obj->configSet($param, $value); + } + } + return $obj; + } + + /** + * Return an array of available plugin names. + */ + public function listPlugins() { + $plugins = array(); + + $dirs = explode(PATH_SEPARATOR, PLUGINPATH); + foreach ($dirs as $dir) { + // Find all files in $dir with the ext `.class.php' + $files = glob($dir.'/*.class.php'); + foreach ($files as $file) { + $plugins[] = preg_replace('@\.class\.php$@', '$1', basename($file)); + } + } + + return $plugins; + } + + /** + * Return an array of enabled plugin names. + */ + public function getActivePlugins() { + $db = Database::getInstance(); + $string = $db->getSysConf('plugins'); + return $db->valueToArray($string); + } + + /** + * Set the enabled plugins. + */ + public function setActivePlugins($plugins) { + $db = Database::getInstance(); + $string = $db->arrayToValue($plugins); + return $db->setSysConf('plugins', $string); + } + + /** + * Load the enabled plugins. + */ + public function loadPlugins() { + if ($this->loaded) return; + $plugin_names = $this->getActivePlugins(); + foreach ($plugin_names as $name) { + $this->plugins[$name] = $this->loadPlugin($name); + } + $this->loaded = true; + } + + public function callHook($hook, $arg=null) { + $this->loadPlugins(); + $ret = array(); + foreach ($this->plugins as $name => $plugin) { + $ret[$name] = call_user_func(array($plugin, $hook), + &$arg); + } + return $ret; + } + + public function staticHook($plugin_name, $hook) { + require_once("$plugin_name.class.php"); + return call_user_func("$plugin_name::$hook"); + } + +} diff --git a/apps/um/lib/Singleton.class.php b/apps/um/lib/Singleton.class.php new file mode 100644 index 0000000..2f8c74f --- /dev/null +++ b/apps/um/lib/Singleton.class.php @@ -0,0 +1,12 @@ +/',$html,$matches); + $shortUrl = $matches[1]; + curl_close($ch); + return $shortUrl; + } + + public function baseUrl() { + $base = $_SERVER['REQUEST_URI']; + + $db = Database::getInstance(); + if ($db !== null) { + $b = $db->getSysConf('baseurl'); + if ($b != false) { + $base = $b; + } + } + + return $base; + } +} diff --git a/apps/um/models/Auth.class.php b/apps/um/models/Auth.class.php new file mode 100644 index 0000000..39f627e --- /dev/null +++ b/apps/um/models/Auth.class.php @@ -0,0 +1,157 @@ +getStatus($uid); + switch ($type) { + case 0: // unactivated user + case 1: // user + case 2: $obj = new User($uid); // admin + case 3: $obj = new Group($uid); + case 4: $obj = new Auth($uid); // deleted + } + self::$users[$uid] = $obj; + } + return self::$users[$uid]; + } + + /**********************************************************************\ + * Static stuff * + \**********************************************************************/ + public static function isNameLegal($name) { + // Current rules: + // * Not in "$illegal_names" + // * Does not contain '.' + // * Fewer than 256 characters + $illegal_names = array('', 'new', 'index', 'all'); + return true + && (!in_array($name, $illegal_names)) + && (strpos($name,'.')===false) + && (strpos($name,'!')===false) + && (strlen($name)<256); + } + + /**********************************************************************\ + * Class stuff * + \**********************************************************************/ + protected $uid = false; + public function __construct($uid) { + parent::__construct(); + $this->uid = $uid; + } + public function getUID() { + return $this->uid; + } + + /**********************************************************************\ + * The 'auth' table. * + \**********************************************************************/ + + // Row Type //////////////////////////////////////////////////////////// + /** + * @return 0=unverified 1=user 2=admin 3=group 4=deleted + */ + protected function getType() { + $type = $this->db->getStatus($this->uid); + return $type; + } + protected function setType($type) { + $logged_in_uid = Login::isLoggedIn(); + $logged_in_obj = Auth::getInstance($logged_in_uid); + $is_admin = $logged_in_obj->isAdmin(); + if (!$is_admin) return false; + return $this->db->setStatus($this->uid, $type); + } + public function isUser() { + $type = $this->getType(); + return ($type===1) || ($type===2); + } + public function isAdmin() { + $type = $this->getType(); + return ($type===2); + } + public function isGroup() { + $type = $this->getType(); + return ($type===3); + } + public function setUser($is_user) { + $is_user = ($is_user?true:false); + if ($this->isUser() != $is_user) { + $this->setType($is_user?1:0); + } + } + public function setAdmin($is_admin) { + $is_admin = ($is_admin?true:false); + $is_user = $this->isUser(); + $this->setType($is_admin?2:($is_user?1:0)); + } + public function delete() { + $this->setType(4); + } + + // Permissions ///////////////////////////////////////////////////////// + public function canRead() { + $logged_in_uid = Login::isLoggedIn(); + $is_me = ($logged_in_uid === $this->uid); + + $logged_in_obj = Auth::getInstance($logged_in_uid); + $is_user = $logged_in_obj->isUser(); + + return ($is_me || $is_user); + } + public function canEdit() { + $logged_in_uid = Login::isLoggedIn(); + $is_me = ($logged_in_uid === $this->uid); + + $logged_in_obj = Auth::getInstance($logged_in_uid); + $is_admin = $logged_in_obj->isAdmin(); + + return ($is_me || $is_admin); + } + + // [user|group]name //////////////////////////////////////////////////// + public function getName() { + if ($this->db===null) { + return false; + } else { + return $this->db->getUsername($this->uid); + } + } + public function setName($new_name) { + if (!$this->canEdit()) return false; + if (!self::isNameLegal($new_name)) return false; + return $this->db->setUsername($this->uid, $new_name); + } + + /**********************************************************************\ + * The 'users' table. * + \**********************************************************************/ + + public function getConf($setting) { + if (!$this->canRead()) return false; + return $this->db->getUserConf($this->uid, $setting); + } + public function setConf($setting, $value) { + if (!$this->canEdit()) return false; + return $this->db->setUserConf($this->uid, $setting, $value); + } + public function getConfArray($setting) { + $string = $this->getConf($setting); + return $this->db->valueToArray($string); + } + public function setConfArray($setting, $list) { + $string = $this->db->arrayToValue($list); + return $this->setConf($setting, $string); + } +} diff --git a/apps/um/models/ContactMethod.class.php b/apps/um/models/ContactMethod.class.php new file mode 100644 index 0000000..1dd40ee --- /dev/null +++ b/apps/um/models/ContactMethod.class.php @@ -0,0 +1,29 @@ +verb_slug = $verb_slug; + $this->addr_slug = $addr_slug; + $this->verb_text = $verb_text; + $this->addr_text = $addr_text; + + global $CONTACT_METHODS; + $CONTACT_METHODS[$verb_slug] = $this; + } + public function setHandler($handler) { + $this->handler = $handler; + } +} diff --git a/apps/um/models/Group.class.php b/apps/um/models/Group.class.php new file mode 100644 index 0000000..f981a4f --- /dev/null +++ b/apps/um/models/Group.class.php @@ -0,0 +1,23 @@ +uid; + } + + /**********************************************************************\ + * The 'auth' table. * + \**********************************************************************/ + + /**********************************************************************\ + * The 'users' table. * + \**********************************************************************/ + + public function getMembers() { + return $this->db->getUsersInGroup($this->getName()); + } +} diff --git a/apps/um/models/User.class.php b/apps/um/models/User.class.php new file mode 100644 index 0000000..b6dbede --- /dev/null +++ b/apps/um/models/User.class.php @@ -0,0 +1,25 @@ +uid; + } + + /**********************************************************************\ + * The 'auth' table. * + \**********************************************************************/ + + public function setPassword($password) { + if (!$this->canEdit()) return false; + return $this->db->setPassword($this->uid, $password); + } + + /**********************************************************************\ + * The 'users' table. * + \**********************************************************************/ + +} diff --git a/apps/um/plugins/InformationPlugin.class.php b/apps/um/plugins/InformationPlugin.class.php new file mode 100644 index 0000000..70ec8ac --- /dev/null +++ b/apps/um/plugins/InformationPlugin.class.php @@ -0,0 +1,62 @@ +addConfigGroup($arr, $group); + $arr[$group][] = array('firstname','First Name','text'); + $arr[$group][] = array('lastname','Last Name','text'); + $arr[$group][] = array('school','Home School','text'); + $arr[$group][] = array('hsclass','Highschool Class of','text'); + + $group = 'New Member Questions'; + $this->addConfigGroup($arr, $group); + $arr[$group][] = array('q_why_team', + 'Why do you want to be a part of the robotics team?', + 'textarea'); + $arr[$group][] = array('q_strengths', + 'What strengths do you have that can contribute to the robotics team?', + 'textarea'); + $arr[$group][] = array('q_other_activities', + 'Other after school activities--sports, performing arts, extracurricular activities. (January through March)', + 'textarea'); + $arr[$group][] = array('q_other_commitments', + 'After school/weekend work commitments. (January through March)', + 'textarea'); + // TODO: Top 3 subteams + $arr[$group][] = array('q_who_you_know', + 'Who do you know that could possibly help our team this year? '. + 'This includes material resources, supplying or preparing food '. + 'for work nights/competitions, corporate sponsorship, travel, '. + 'engineers, computer programmers, web developers, and fundraisers.', + 'textarea'); + $arr[$group][] = array('x_bogus_recommend', + "List two teachers who we could contact for your recommendation to be a member of this year's team.", + 'paragraph'); + $arr[$group][] = array('q_teacher_recommend1', 'Teacher 1', 'text'); + $arr[$group][] = array('q_teacher_recommend2', 'Teacher 2', 'text'); + $arr[$group][] = array('x_bogus_agreement', + "I understand that if I am chosen to participate ". + "in the robotics project, I will represent my ". + "school in a positive manner. If I fail to do so, ". + "I may be removed from the team at any time. In ". + "addition, if I do not have good attendance ". + "during this project, I will not be allowed to ". + "travel with the team to the competitions. I also ". + "understand that all of the school rules will be ". + "in effect at all times.", + 'paragraph'); + $arr[$group][] = array('q_i_agree', + "I agree", + 'checkbox'); + } + public function sendPrivate($to, $id, $subject, $body) {} + public function sendBroadcast($id, $subject, $body) {} +} diff --git a/apps/um/plugins/ReCaptcha.class.php b/apps/um/plugins/ReCaptcha.class.php new file mode 100644 index 0000000..165493b --- /dev/null +++ b/apps/um/plugins/ReCaptcha.class.php @@ -0,0 +1,47 @@ +'', + 'private_key'=>''); + public static function description() { + return 'Add a reCaptcha to keep out spam users.'; + } + public static function configList() { + return array('public_key'=>'text', + 'private_key'=>'text'); + } + public function init() {} + + private $resp = null; + private function getResp() { + if ($this->resp===null) { + require_once('recaptchalib.php'); + @$response = $_POST['recaptcha_response_field']; + @$challenge = $_POST['recaptcha_challenge_field']; + $this->resp = recaptcha_check_answer($this->config['private_key'], + $_SERVER['REMOTE_ADDR'], + $challenge, + $response); + } + return $this->resp; + } + + private function getError() { + if ($_POST["recaptcha_response_field"] && !$this->antispam_verify()) { + return $this->getResp()->error; + } else { + return false; + } + } + + public function antispam_verify() { + return $this->getResp()->is_valid; + } + + public function antispam_html() { + require_once('recaptchalib.php'); + return recaptcha_get_html($this->config['public_key'], $this->getError()); + } +} diff --git a/apps/um/views/Template.class.php b/apps/um/views/Template.class.php new file mode 100644 index 0000000..9d55b75 --- /dev/null +++ b/apps/um/views/Template.class.php @@ -0,0 +1,316 @@ +ret = $ret; + } + + private function tabs() { + $str = ''; + for ($i=0;$i<$this->indent;$i++) { $str .= "\t"; } + return $str; + } + + private function attr($attr='') { + $tags=''; + if (is_array($attr)) { + foreach($attr as $key=>$value) { + $tags .= " $key=\"$value\""; + } + } + return $tags; + } + + public function tag($tag, $attr='', $content=false) { + $tags = $this->attr($attr); + $str = $this->tabs()."<$tag$tags"; + if ($content===false) { + $str.= " />"; + } else { + $str.= ">$content"; + } + $str.= "\n"; + if ($this->ret) return $str; + echo $str; + } + + public function openTag($tag, $attr='') { + $tags = $this->attr($attr); + $str = $this->tabs()."<$tag$tags>\n"; + $this->indent++; + if ($this->ret) return $str; + echo $str; + } + + public function closeTag($tag) { + $this->indent--; + $str = $this->tabs()."\n"; + if ($this->ret) return $str; + echo $str; + } + + public function text($text) { + $str = $this->tabs().$text."\n"; + if ($this->ret) return $str; + echo $str; + } + + public function paragraph($text, $attr='', $return=false) { + $tabs = $this->tabs(); + $tags = $this->attr($attr); + $str = $tabs.""; + $str.= wordwrap($text, 78-($this->indent*8), "\n$tabs "); + $str.= "

\n"; + if ($this->ret||$return) return $str; + echo $str; + } + + public function link($target, $text, $return=false) { + $ret = $this->ret; + $this->ret |= $return; + $str = $this->tag('a', array('href'=>$target), $text); + $this->ret = $ret; + if ($this->ret||$return) return $str; + echo $str; + } + public function url($page) { + return Site::getInstance()->baseUrl().$page; + } + + public function row($cells) { + $str = $this->openTag('tr'); + foreach ($cells as $cell) + $str.= $this->tag('td', array(), $cell); + $str.= $this->closeTag('tr'); + if ($this->ret) return $str; + echo $str; + } + private function css($file, $media) { + $str.= $this->tag('link', array('rel'=>"stylesheet", + 'type'=>"text/css", + 'href'=>$this->url($file), + 'media'=>$media)); + if ($this->ret) return $str; + echo $str; + } + public function header($title) { + // username=false if not logged in or not connected to DB + $username = Auth::getInstance(Login::isLoggedIn())->getName(); + + $ret = $this->ret; + $this->ret = true; + + $logged_in = ($username!==false); + + $str = ''."\n"; + $str.= ''."\n"; + + $xmlns = "http://www.w3.org/1999/xhtml"; + $str.= $this->openTag('html', array('xmlns'=>$xmlns, + 'lang'=>"en-us", + 'dir'=>"ltr")); + $this->indent = 0; // don't indent for the tag + + $str.= $this->openTag('head'); + $str.= $this->tag('title', array(), htmlspecialchars($title)); + $str.= $this->css('style.css', 'all'); + $str.= $this->css('screen.css', 'screen'); + $str.= $this->css('print.css', 'print'); + $str.= $this->closeTag('head'); + + $body_class = 'logged'.($logged_in?'in':'out'); + $str.= $this->openTag('body', array('class'=>$body_class)); + + $str.= $this->openTag('div', array('class'=>'infobar')); + if ($logged_in) { + $user = htmlentities($username); + + $str.= $this->link($this->url(''), "Home"); + $str.= $this->link($this->url("users/$user"),"@$user"); + $str.= $this->logout_button('Logout'); + } else { + $url=$_SERVER['REQUEST_URI']; + $str.= $this->openTag('form', + array('action'=>$this->url('auth'), + 'method'=>'post')); + $str.= $this->tag('input', array('type'=>'hidden', + 'name'=>'action', + 'value'=>'login')); + $str.= $this->tag('input', array('type'=>'hidden', + 'name'=>'url', + 'value'=>$url)); + $str.= $this->tag('label', + array('for'=>'username'),'Username:'); + $str.= $this->tag('input', array('type'=>'text', + 'name'=>'username', + 'id'=>'username')); + $str.= $this->tag('label', + array('for'=>'password'),'Password:'); + $str.= $this->tag('input', array('type'=>'password', + 'name'=>'password', + 'id'=>'password')); + $str.= $this->tag('input', array('type'=>'submit', + 'value'=>'Login')); + $str.= $this->link($this->url("users/new"),'New Account'); + $str.= $this->closeTag('form'); + } + $str.= $this->closeTag('div'); + + $str.= $this->openTag('div',array('class'=>'main')); + $str.= $this->openTag('div',array('class'=>'main_sub')); + + $this->ret = $ret; + if ($this->ret) return $str; + echo $str; + } + + public function footer() { + $str = $this->closeTag('div'); + $str.= $this->closeTag('div'); + $str.= $this->closeTag('body'); + $str.= $this->closeTag('html'); + + if ($this->ret) return $str; + echo $str; + } + + public function openFieldset($name, $lock=false) { + $class = ($lock?' class="readonly"':''); + $str = $this->text("$name
    "); + $this->indent++; + if ($this->ret) return $str; + echo $str; + } + + public function closeFieldset() { + $this->indent--; + $str = $this->text("
"); + if ($this->ret) return $str; + echo $str; + } + + public function input($id, $label, $hint, $html, $tags=null) { + if ($tags===null) { $tags=array(); } + $str = $this->openTag('li', $tags); + $str.= $this->tag('label', array('for'=>$id), $label); + $str.= $this->text($html); + if (strlen($hint)>0) { + $str.=$this->paragraph($hint, + Array('class'=>'form_data')); + } + $str.= $this->closeTag('li'); + if ($this->ret) return $str; + echo $str; + } + + private function inputStr($type, $id, $default, $lock) { + $value = htmlentities($default); + $tag = ($lock?"readonly='readonly' ":''); + return ""; + } + public function inputTextArea($id, $label, $hint='', $default='', $lock=FALSE) { + $value = htmlentities($default); + $tag = ($lock?"readonly='readonly' ":''); + return $this->input($id, $label, $hint, + "", + array('class'=>'wide')); + } + + public function inputText($id, $label, $hint='', $default='', $lock=FALSE) { + return $this->input($id, $label, $hint, + $this->inputStr('text', $id, $default, $lock)); + } + + public function inputPassword($id, $label, $hint='', $default='', $lock=FALSE) { + return $this->input($id, $label, $hint, + $this->inputStr('password', $id, $default, $lock)); + } + + public function inputNewPassword($id, $label, $default='', $lock=FALSE) { + return $this->input($id, $label, + "Type the same password twice, to make sure you don't mistype.", + $this->inputStr('password', $id, $default, $lock). + "\n".$this->tabs()."\t". + $this->inputStr('password', $id.'_verify', $default,$lock)); + } + public function inputBool($id, $label, $hint='', $default=FALSE, $lock=FALSE) { + $tag = ''; + if ($lock) $tag.= "readonly='readonly' "; + if ($default) $tag.= "checked='checked' "; + return $this->input($id, $label, $hint, + "". + ""); + + $attrib = array('type'=>'checkbox', + 'id'=>$id, + 'name'=>$name.'[]', + 'value'=>$value); + if ($default) $attrib['checked']='checked'; + if ($lock ) $attrib['readonly']='readonly'; + + $str = $this->openTag('li'); + $str.= $this->tag('input', $attrib); + $str.= $this->tag('label', array('for'=>$id), $label); + $str.= $this->closeTag('li'); + + if ($this->ret) return $str; + echo $str; + + } + + public function inputBoolArray($name, $value, $label, $default=FALSE, $lock=FALSE) { + $id = $name.'_'.$value; + $attrib = array('type'=>'checkbox', + 'id'=>$id, + 'name'=>$name.'[]', + 'value'=>$value); + if ($default) $attrib['checked']='checked'; + if ($lock ) $attrib['readonly']='readonly'; + + $str = $this->openTag('li'); + $str.= $this->tag('input', $attrib); + $str.= $this->tag('label', array('for'=>$id), $label); + $str.= $this->closeTag('li'); + + if ($this->ret) return $str; + echo $str; + + } + + public function inputP($text, $error=false) { + $str = $this->openTag('li'); + $str.=$this->paragraph($text, + array('class'=>($error?' error':''))); + $str.= $this->closeTag('li'); + if ($this->ret) return $str; + echo $str; + } + + public function logout_button($text) { + $str = $this->openTag('form',array('action'=>$this->url('auth'), + 'method'=>"post", + 'style'=>'display:inline')); + $str.= $this->tag('input', array('type'=>'hidden', + 'name'=>'action', + 'value'=>'logout')); + $str.= $this->tag('input', array('type'=>'submit', + 'value'=>$text)); + $str.= $this->closeTag('form'); + if ($this->ret) return $str; + echo $str; + } +} diff --git a/apps/um/views/includes/header-include.php b/apps/um/views/includes/header-include.php new file mode 100644 index 0000000..3826b3a --- /dev/null +++ b/apps/um/views/includes/header-include.php @@ -0,0 +1,51 @@ +getName(); +$logged_in = ($username!==false); + +$ret = $this->ret; +$this->ret = true; + +function body_class() { + $body_class = 'logged'.($logged_in?'in':'out'); + echo 'class="'+$body_class+'"'; +} + +require(dirname(__FILE__)+"/header.php"); \ No newline at end of file diff --git a/apps/um/views/includes/header.php b/apps/um/views/includes/header.php new file mode 100644 index 0000000..0a3e161 --- /dev/null +++ b/apps/um/views/includes/header.php @@ -0,0 +1,84 @@ + section and everything up till
+ * + * @package WordPress + * @subpackage Twenty_Eleven + * @since Twenty Eleven 1.0 + */ +?> + + + + +> + + + + +<?php + /* + * Print the <title> tag based on what is being viewed. + */ + global $_title_; + echo $_title_; + ?> + + + + + + * tag of your theme, or you will break many plugins, which + * generally use this hook to add elements to such + * as styles, scripts, and meta tags. + */ + wp_head(); +?> + + +> +
+ + + +
\ No newline at end of file diff --git a/apps/um/views/pages/auth/badrequest.html.php b/apps/um/views/pages/auth/badrequest.html.php new file mode 100644 index 0000000..c1fe726 --- /dev/null +++ b/apps/um/views/pages/auth/badrequest.html.php @@ -0,0 +1,11 @@ +status('400 Bad Request'); +$t->header('Authentication'); +$t->paragraph('The recieved POST request was malformed/invalid. '. + 'If you got here from a link, this is a bug; '. + 'Let the admin know.'. + 'If you got here from outside, then the API is being '. + 'used incorrectly.'); +$t->footer(); diff --git a/apps/um/views/pages/auth/index.html.php b/apps/um/views/pages/auth/index.html.php new file mode 100644 index 0000000..ac80140 --- /dev/null +++ b/apps/um/views/pages/auth/index.html.php @@ -0,0 +1,12 @@ +header('Authentication'); + +$t->openTag('div',array('class'=>'login')); +$t->text("Logged in as ".htmlentities($username).'.'); +$t->logout_button('Logout'); +$t->closeTag('div'); + +$t->footer(); \ No newline at end of file diff --git a/apps/um/views/pages/auth/login.html.php b/apps/um/views/pages/auth/login.html.php new file mode 100644 index 0000000..4e3e0e6 --- /dev/null +++ b/apps/um/views/pages/auth/login.html.php @@ -0,0 +1,54 @@ +status('401 Unauthorized'); break; +case 2: $t->status('404 Not Found'); break; +} + +$t->header('Authentication'); + +$t->openTag('form',array('action'=>$t->url('auth'), 'method'=>"post")); +$t->openFieldset('Login'); +switch ($VARS['login_code']) { +case -1: break; +case 0: + $t->inputP('Successfully logged in as '. + htmlentities($username).'.'); + if (isset($VARS['url'])) { + $url = htmlentities($VARS['url']); + $t->inputP($t->link($url, + 'Return to the page you were on.', + true)); + } + $t->closeFieldset(); + $t->closeTag('form'); + return; + break; +case 1: + $t->inputP("Password does not match username.", + array('class'=>'error')); + break; +case 2: + $t->inputP("Username $username does not exist."); + $username = ''; + break; +} +$t->inputText( 'username', 'Username:', '', $username); +$t->inputPassword('password', 'Password:', '', $password); +$t->openTag('li'); +$t->tag('input', array('type'=>'submit', 'value'=>'Login')); +$t->closeTag('li'); +$t->closeFieldset(); +$t->tag('input', array('type'=>'hidden', + 'name'=>'action', + 'value'=>'login')); +if (isset($VARS['url'])) { + $url = htmlentities($VARS['url']); + $t->tag('input', array('type'=>'hidden', + 'name'=>'url', + 'value'=>$url)); +} +$t->closeTag('form'); diff --git a/apps/um/views/pages/auth/logout.html.php b/apps/um/views/pages/auth/logout.html.php new file mode 100644 index 0000000..2d00998 --- /dev/null +++ b/apps/um/views/pages/auth/logout.html.php @@ -0,0 +1,6 @@ +header('Authentication'); +$t->paragraph('Logged out'); +$t->footer(); diff --git a/apps/um/views/pages/groups/401.html.php b/apps/um/views/pages/groups/401.html.php new file mode 100644 index 0000000..23e3778 --- /dev/null +++ b/apps/um/views/pages/groups/401.html.php @@ -0,0 +1,15 @@ +status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1', array(), "401: Unauthorized"); +if ($VARS['uid']===false) { + // Not logged in + $t->paragraph('You need to be logged in to view group-data.'); +} else { + // Logged in, so the account must not activated + $t->paragraph('Your account needs to be activated by an administrator '. + 'to group-data.'); +} +$t->footer(); diff --git a/apps/um/views/pages/http404.html.php b/apps/um/views/pages/http404.html.php new file mode 100644 index 0000000..730b0ee --- /dev/null +++ b/apps/um/views/pages/http404.html.php @@ -0,0 +1,16 @@ +status('404 Not Found'); +$t->header('Page Not Found'); +$t->tag('h1',array(),"404: Not Found"); +$t->paragraph("Awe man, the page you requested wasn't found."); +$t->paragraph('This folder was found: '. + ''.$t->link($t->url($routed), $routed.'/', true).''); +$t->paragraph("But this file in it wasn't: ". + ''.$full.''); +$t->footer(); diff --git a/apps/um/views/pages/index.html.php b/apps/um/views/pages/index.html.php new file mode 100644 index 0000000..71b0091 --- /dev/null +++ b/apps/um/views/pages/index.html.php @@ -0,0 +1,8 @@ +header('Main Page'); +$t->tag('h1', array(), "Message Manager"); +$t->paragraph($t->link($t->url('users/new'),'Register to be on the team', true), array('style'=>'font-size:5em')); +$t->link($t->url('users'), 'List of all users'); +$t->footer(); diff --git a/apps/um/views/pages/plugins/401.html.php b/apps/um/views/pages/plugins/401.html.php new file mode 100644 index 0000000..5b1b222 --- /dev/null +++ b/apps/um/views/pages/plugins/401.html.php @@ -0,0 +1,9 @@ +status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1',array(),"401: Unauthorized"); +$t->paragraph('You need to be logged in as an admin to edit global plugin '. + 'settings.'); +$t->footer(); diff --git a/apps/um/views/pages/plugins/index.html.php b/apps/um/views/pages/plugins/index.html.php new file mode 100644 index 0000000..b182288 --- /dev/null +++ b/apps/um/views/pages/plugins/index.html.php @@ -0,0 +1,42 @@ +header('Administrator Plugin Management'); +$t->openTag('form',array('method'=>'post','action'=>$t->url('plugins'))); + +foreach ($plugins as $plugin) { + $t->setRet(true); + $props = array('type'=>'checkbox', + 'name'=>'plugins[]', + 'id'=>'plugins_'.$plugin['name'], + 'value'=>$plugin['name']); + if ($plugin['active']==true) { + $props['checked'] = 'checked'; + } + $box = $t->tag('input', $props); + $t->setRet(false); + $t->openFieldset($plugin['name'].$box); + + $t->inputP($plugin['description']); + foreach ($plugin['config'] as $param => $type) { + $name = $plugin['key'].'['.$param.']'; + $value = $db->getPluginConf($plugin['name'], $param); + $hint = "Type: $type"; + switch ($type) { + case 'text': + case 'int': + $t->inputText( $name, $param, $hint, $value); break; + case 'password': + $t->inputPassword($name, $param, $hint, $value); break; + } + } + $t->closeFieldset(); +} + +$t->tag('input', array('type'=>'submit', + 'value'=>'Save/Update')); +$t->closeTag('form'); +$t->footer(); diff --git a/apps/um/views/pages/users/401.html.php b/apps/um/views/pages/users/401.html.php new file mode 100644 index 0000000..0a5a1ce --- /dev/null +++ b/apps/um/views/pages/users/401.html.php @@ -0,0 +1,15 @@ +status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1', array(), "401: Unauthorized"); +if ($VARS['uid']===false) { + // Not logged in + $t->paragraph('You need to be logged in to view user-data.'); +} else { + // Logged in, so the account must not activated + $t->paragraph('Your account needs to be activated by an administrator '. + 'to view user-data.'); +} +$t->footer(); diff --git a/apps/um/views/pages/users/404.html.php b/apps/um/views/pages/users/404.html.php new file mode 100644 index 0000000..00f9dca --- /dev/null +++ b/apps/um/views/pages/users/404.html.php @@ -0,0 +1,10 @@ +status('404 Not Found'); +$t->header('User Not Found'); +$t->tag('h1',array(),"404: Not Found"); +$t->paragraph('No user with the name '. + htmlentities($username).' exists.'); +$t->footer(); diff --git a/apps/um/views/pages/users/500.html.php b/apps/um/views/pages/users/500.html.php new file mode 100644 index 0000000..339fe63 --- /dev/null +++ b/apps/um/views/pages/users/500.html.php @@ -0,0 +1,15 @@ +status('500 Internal Server Error'); +$t->header('Unknown error'); +$t->paragraph("An unknown error was encountered when creating ". + "the user. The username appears to be free, and ". + "the passwords match, so I'm assuming that the ". + "error is on our end. Sorry."); +$t->paragraph("Here's a dump of the SQL error stack, it may ". + "help us find the issue:"); +$t->tag('pre', array(), htmlentities($db->mysql_error())); +$t->footer(); diff --git a/apps/um/views/pages/users/created.html.php b/apps/um/views/pages/users/created.html.php new file mode 100644 index 0000000..d3027cc --- /dev/null +++ b/apps/um/views/pages/users/created.html.php @@ -0,0 +1,18 @@ +status('201 Created'); +header('Location: '.$t->url("users/$username")); +$t->header('User created'); +/*$t->paragraph("You can go ahead and fill out more of your ". + "user information, (click the @username link at ". + "the top) but will need to wait for an ". + "administrator to approve your account before ". + "you can really use the site. Actually, ". + "filling your info out might help approval, so ". + "that the administrator can more easily see who ". + "you are."); +*/ +$t->tag('h2',array(), $t->link($t->url("users/$username"), 'Go on to step 2')); +$t->footer(); diff --git a/apps/um/views/pages/users/index.csv.php b/apps/um/views/pages/users/index.csv.php new file mode 100644 index 0000000..0a69cee --- /dev/null +++ b/apps/um/views/pages/users/index.csv.php @@ -0,0 +1,27 @@ +header('Users'); + +$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.", true)); + +$t->openTag('form', array('action'=>$t->url('users/index'), + 'method'=>'post')); + +if (Login::isLoggedIn()) { + $t->tag('input', array('type'=>'submit', + 'value'=>'Save/Update')); +} + +$t->openTag('table', array('class'=>'sortable', 'id'=>'bar')); + +function table_head($attribs, $t) { + $t->openTag('tr'); + foreach ($attribs as $attrib) { + switch ($attrib['type']) { + case 'bool': $class = 'small'; break; + default: $class = ''; break; + } + $t->tag('th', array('class'=>$class), $attrib['name']); + } + if (Login::isLoggedIn()) { + $t->tag('th', array(), '-'); + } + $t->closeTag('tr'); +} + +$t->openTag('thead'); +table_head($attribs, $t); +$t->closeTag('thead'); + +$t->openTag('tfoot'); +table_head($attribs, $t); +$t->closeTag('tfoot'); + +$t->openTag('tbody'); + +foreach ($users as $user) { + $t->openTag('tr'); + + foreach ($attribs as $attrib) { + $t->openTag('td'); + + $props = $user[$attrib['key']]; + + $bool = $attrib['type']=='bool'; + if ($bool) { + $value = $props['value']=='true'; + } else { + $value = $props['value']; + } + $editable = $props['editable']; + $post_key = $props['post_key']; + + $arr = array('name'=>$post_key); + if (!$editable) { + $arr['readonly'] = 'readonly'; + if ($bool) $arr['disabled'] = $disabled; + } + if ($bool) { + $t->tag('input', array('type'=>'hidden', 'name'=>$post_key, 'value'=>'false')); + if ($value==true) { + $arr['checked'] = 'checked'; + } + $arr['value'] = 'true'; + $arr['type'] = 'checkbox'; + } else { + $t->tag('span', array('class'=>'cell_width'), $value); + $arr['value'] = $value; + $arr['type'] = 'text'; + } + + $t->tag('input', array('name'=>'_old['.$arr['name'].']', + 'value'=>$arr['value'], + 'type'=>'hidden')); + $t->tag('input', $arr); + $t->closeTag('td'); + } + + if (Login::isLoggedIn()) { + $t->openTag('td'); + $t->link($t->url('users/'.$user['auth_name']['value']), 'More'); + $t->closeTag('td'); + } + $t->closeTag('tr'); +} + +$t->closeTag('tbody'); +$t->closeTag('table'); + +if (Login::isLoggedIn()) { + $t->tag('input', array('type'=>'submit', + 'value'=>'Save/Update')); +} + +$t->footer(); diff --git a/apps/um/views/pages/users/individual.html.php b/apps/um/views/pages/users/individual.html.php new file mode 100644 index 0000000..39360b7 --- /dev/null +++ b/apps/um/views/pages/users/individual.html.php @@ -0,0 +1,147 @@ +getConf($key); + $t->inputText("user_$key", $label, $hint, $current_setting, + !$user->canEdit()); +} +function inputTextarea($user, $key, $label, $hint='') { + global $VARS; $t = $VARS['template']; + $current_setting = $user->getConf($key); + $t->inputTextarea("user_$key", $label, $hint, $current_setting, + !$user->canEdit()); +} + +function inputBool($user, $key, $label, $hint='') { + global $VARS; $t = $VARS['template']; + $current_setting = $user->getConf($key)=='true'; + $t->inputBool("user_$key", $label, $hint, $current_setting, + !$user->canEdit()); +} + +function inputArray($user, $key, $arr) { + global $VARS; $t = $VARS['template']; + $defaults = $user->getConfArray($key); + + foreach ($arr as $value => $label) { + $t->inputBoolArray($key, $value, $label, + in_array($value, $defaults), !$user->canEdit()); + } +} + +function inputField($user, $arr) { + $fieldname = $arr[0]; + $fieldlabel = $arr[1]; + $fieldtype = $arr[2]; + + switch ($fieldtype) { + case 'text': + inputText($user, $fieldname, $fieldlabel, ''); + break; + case 'textarea': + inputTextarea($user, $fieldname, $fieldlabel, ''); + break; + case 'paragraph': + global $VARS; $t = $VARS['template']; + $t->inputP($fieldlabel); + break; + case 'checkbox': + inputBool($user, $fieldname, $fieldlabel, ''); + break; + } +} + +//////////////////////////////////////////////////////////////////////////////// + +if (count($users)>1) { + $t->header("Users: $username"); +} else { + $t->header("User: $username"); +} + +foreach($users as $user) { +$username = $user->getName(); + +$t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User $username (UID: ".$user->getUID().")"); + +if ($user->canEdit()) { + $t->openTag('form', array('method'=>'post', + 'action'=>$t->url("users/$username"))); +} else { + $t->openTag('form'); +} + +$t->openFieldset("Login / Authentication"); +// Username //////////////////////////////////////////////////////////////////// +if (isset($VARS['changed name']) && !$VARS['changed name']) { + $t->inputP("Error setting username to ". + "$new_name. This is probably because". + " a user with that name already exists.", + true); +} +$t->inputText('auth_name','Username', + "This is the name you use to log in, but it is also a ". + "short name that is used in various places, think of it ". + "as a sort of Twitter name.", + $user->getName(), !$user->canEdit()); +// Password //////////////////////////////////////////////////////////////////// +if (@$VARS['pw_updated']===true) { + $t->inputP('Password successfully updated.'); +} +if (@$VARS['pw mixmatch']===true) { + $t->inputP("Passwords don't match.", true); +} +if ($user->canEdit()) $t->inputNewPassword('auth_password','Reset Password'); +//////////////////////////////////////////////////////////////////////////////// +$t->closeFieldset(); + +$t->openFieldset("Contact"); +// TODO: I should make this a setting for admins to set. +$hints = array('email'=> + "Right now you can only have one email address, ". + "but I'm working on making it so you can have ". + "multiple.", + 'phone'=> + "A home phone number isn't much use here because it is ". + "used to text-message you (if you enable it), and ". + "contact you at competition." + ); +$use_arr = array(); +foreach ($CONTACT_METHODS as $method) { + inputText($user, + $method->addr_slug, + ucwords($method->addr_text), + $hints[$method->addr_slug]); + $use_arr[$method->verb_slug] = ucwords($method->verb_text); +} + +$t->inputP("When I recieve a message, notify me using the following methods:"); +inputArray($user, 'use', $use_arr); +$t->closeFieldSet(); + +foreach ($VARS['config_options'] as $groupname=>$options) { + $t->openFieldset($groupname); + foreach ($options as $option) { + inputField($user, $option); + } + $t->closeFieldset(); +} + +$t->openFieldSet('Groups'); +$group_arr = array(); +foreach ($VARS['groups'] as $group_name) { + $group_arr[$group_name] = ucwords($group_name); +} +inputArray($user, 'groups', $group_arr); +$t->closeFieldset(); + +if ($user->canEdit()) { + $t->tag('input', array('type'=>'submit', 'value'=>'Save')); +} +$t->closeTag('form'); +} +$t->footer(); diff --git a/apps/um/views/pages/users/individual.json.php b/apps/um/views/pages/users/individual.json.php new file mode 100644 index 0000000..c3dee50 --- /dev/null +++ b/apps/um/views/pages/users/individual.json.php @@ -0,0 +1,27 @@ +getName(); + $user_json['uid'] = $user_obj->getUID(); + foreach ($CONTACT_METHODS as $method) { + $field = $method->addr_slug; + $user_json[$field] = $user_obj->getConf($field); + } + foreach ($VARS['config_options'] as $groupname=>$options) { + foreach ($options as $option) { + $fieldname = $option[0]; + $fieldlabel = $option[1]; + $fieldtype = $option[2]; + $user_json[$fieldname] = $user_obj->getConf($fieldname); + } + } + $json[] = $user_json; +} + +echo json_encode($json); \ No newline at end of file diff --git a/apps/um/views/pages/users/new-locked.html.php b/apps/um/views/pages/users/new-locked.html.php new file mode 100644 index 0000000..dc7ad0d --- /dev/null +++ b/apps/um/views/pages/users/new-locked.html.php @@ -0,0 +1,9 @@ +status('403 Forbidden'); +$t->header('Create new user'); + +$t->paragraph("Sorry, new user registration is disabled."); + +$t->footer(); diff --git a/apps/um/views/pages/users/new-logged-in.html.php b/apps/um/views/pages/users/new-logged-in.html.php new file mode 100644 index 0000000..51823fe --- /dev/null +++ b/apps/um/views/pages/users/new-logged-in.html.php @@ -0,0 +1,8 @@ +header('Create new user'); + +$t->paragraph("Dude, you're logged in, what are you doing creating an account?"); + +$t->footer(); diff --git a/apps/um/views/pages/users/new.html.php b/apps/um/views/pages/users/new.html.php new file mode 100644 index 0000000..9df376f --- /dev/null +++ b/apps/um/views/pages/users/new.html.php @@ -0,0 +1,57 @@ +header('Create new user'); + +$t->openTag('form', array('method'=>'post', + 'action'=>$t->url('users'))); + +$t->openFieldset("New User: Step 1"); + +if ($VARS['userlist']) { + $t->inputP("If you may have already created a username, please, ". + "please check the ". + $t->link($t->url('users/'), 'user-list', true). + " to find your old username, instead of creating a new ". + "user. If you don't like the name, you can log in and ". + "change it."); +} + +if (in_array('illegal name', $VARS['errors'])) { + $t->inputP("That is a forbidden username.", true); +} +if (in_array('user exists', $VARS['errors'])) { + $t->inputP("A user with that name already exists."); +} +$t->inputText('auth_name','Username', + "This is the name you use to log in, but it is also a ". + "short name that is used in various places, think of it ". + "as a sort of Twitter name.",$VARS['username']); + +@$password = $VARS['password1']; +if (in_array('pw mixmatch', $VARS['errors'])) { + $t->inputP("The passwords didn't match.", true); + $password = ''; +} +if (in_array('no pw', $VARS['errors'])) { + $t->inputP("You must set a password.", true); + $password = ''; +} +$t->inputNewPassword('auth_password','Password', $password); + +if (in_array('no email', $VARS['errors'])) { + $t->inputP("You must provide an email address.", true); +} +$t->inputText('user_email', 'Email Address', + 'This is so that we can contact you. (duh).', $VARS['email']); +$t->closeFieldset(); + +foreach ($VARS['antispam_html'] as $html) { + echo $html; +} + +$t->tag('input', array('type'=>'submit', 'value'=>'Go on to Step 2')); + +$t->closeTag('form'); + +$t->footer(); -- cgit v1.2.3-2-g168b