yurec
/
virt2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
virt2/api/soft/fm/include/admin.php

613 lines
22 KiB
PHP
Raw Normal View History

Исправлен модуль login - починил авторизацию, написал документацию
2023-02-23 19:36:50 +05:00
<?php
// ensure this file is being included by a parent file
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
/**
* @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
* @package eXtplorer
* @copyright soeren 2007-2015
* @author The eXtplorer project (http://extplorer.net)
* @author The The QuiX project (http://quixplorer.sourceforge.net)
* @license
* @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
* The contents of this file are subject to the Mozilla Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*
* Alternatively, the contents of this file may be used under the terms
* of the GNU General Public License Version 2 or later (the "GPL"), in
* which case the provisions of the GPL are applicable instead of
* those above. If you wish to allow use of your version of this file only
* under the terms of the GPL and not to allow others to use
* your version of this file under the MPL, indicate your decision by
* deleting the provisions above and replace them with the notice and
* other provisions required by the GPL. If you do not delete
* the provisions above, a recipient may use your version of this file
* under either the MPL or the GPL."
*
*/
/**
* Comment:
* Administrative Functions
*
*
*
/**
* Creates a form to manage users + passwords
*
* @param boolean $admin
* @param string $dir
*/
function admin($admin, $dir) {
if( $GLOBALS["permissions"] < 7 || $_SESSION['credentials_extplorer']['username'] == 'admin' && $_SESSION['credentials_extplorer']['password'] == extEncodePassword('admin') ) {
$activeTab = '0';
} else {
$activeTab = '1';
}
?>
{
"xtype": "tabpanel",
"width": "450",
"id": "dialog_tabpanel",
"dialogtitle": "<?php echo ext_Lang::msg('actadmin') ?>",
"listeners": {
"afterrender": {
fn: function(cmp) {
cmp.activate(<?php echo $activeTab ?>);
}
}
},
"items":
[{
"xtype": "form",
"id": "passform",
"autoHeight": "true",
"headerAsText": false,
"labelWidth": 125,
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
"title": "<?php echo ext_Lang::msg('actchpwd', true) ?>",
"frame": true,
"items": [{
"xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscoldpass', true ) ?>",
"name": "oldpwd",
"inputType": "password",
"allowBlank":false
},
{ "xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscnewpass', true ) ?>",
"name": "newpwd1",
"hiddenName": "newpwd1",
"inputType": "password",
"allowBlank":false
},
{ "xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
"name": "newpwd2",
"hiddenName": "newpwd2",
"inputType": "password",
"allowBlank":false
}],
"buttons": [{
"text": "<?php echo ext_Lang::msg( 'btnchange', true ) ?>",
"handler": function() {
frm = Ext.getCmp("passform").getForm();
if(frm.findField('newpwd1').getValue() != frm.findField('newpwd2').getValue() ) {
Ext.Msg.alert("Error!", "<?php echo ext_Lang::msg('miscnopassmatch', true ); ?>");
return false;
}
if(frm.findField('oldpwd').getValue() ==frm.findField('newpwd1').getValue()) {
Ext.Msg.alert("Error!", "<?php echo ext_Lang::err('miscnopassdiff', true ); ?>");
return false;
}
statusBarMessage( "Please wait...", true );
frm.submit({
//reset: true,
reset: false,
"success": function(form, action) {
statusBarMessage( action.result.message, false, true );
Ext.getCmp("dialog").destroy();
},
"failure": function(form, action) {
if( !action.result ) return;
Ext.MessageBox.alert("Error!", action.result.error);
statusBarMessage( action.result.error, false, false );
},
"scope": Ext.getCmp("passform"),
// add some vars to the request, similar to hidden fields
"params": {
option: "com_extplorer",
"action": "admin",
"action2": "chpwd",
"token": "<?php echo ext_getToken() ?>"
}
})
}
}]
<?php
if($admin) {
?>
},{
"xtype": "form",
"id": "userlist",
"autoHeight": "true",
"headerAsText": false,
"labelWidth": 125,
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
title: "<?php echo ext_Lang::msg('actusers', true) ?>",
"frame": true,
"items": [{
<?php
$cnt=count($GLOBALS["users"]);
for($i=0;$i<$cnt;++$i) {
// Username & Home dir:
$user=$GLOBALS["users"][$i][0]; if(strlen($user)>15) $user=substr($user,0,12)."...";
$home=$GLOBALS["users"][$i][2]; if(strlen($home)>30) $home=substr($home,0,27)."...";
?>
"xtype": "radio",
"name": "nuser",
"inputValue": "<?php echo $GLOBALS["users"][$i][0] ?>",
"fieldLabel": "<?php echo $user ?>",
"boxLabel": "<?php echo '<strong>Homedir:</strong> '.$home.'; '
.($GLOBALS["users"][$i][4] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]).'; '
.$GLOBALS["users"][$i][6].'; '
.($GLOBALS["users"][$i][7] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]);
?>"
}
<?php
echo $i+1<$cnt ? ', {' : '';
}
?>
],
"buttons": [{
"text": "<?php echo ext_Lang::msg( 'btnadd', true ) ?>",
"handler": function() {
Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
"params": { "option": "com_extplorer","action": "admin","action2": "adduser",
"token": "<?php echo ext_getToken() ?>" },
"callback": function(oElement, bSuccess, oResponse) {
if( !bSuccess ) {
Ext.Msg.alert( "Ajax communication failure!");
}
if( oResponse && oResponse.responseText ) {
try{ json = Ext.decode( oResponse.responseText );
if( json.error && typeof json.error != 'xml' ) {
Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
dialog.destroy();
return false;
}
} catch(e) { return false; }
Ext.getCmp("dialog_tabpanel").add( json );
Ext.getCmp("dialog_tabpanel").activate(json.id);
Ext.getCmp("dialog").syncSize();
}
}
});
}
},
{
"text": "<?php echo ext_Lang::msg( 'btnedit', true ) ?>",
"handler": function() {
frm = Ext.getCmp("userlist").getForm();
try {
theUser = frm.findField(0).getGroupValue();
} catch(e) {
Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
return;
}
Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
"params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser,
"token": "<?php echo ext_getToken() ?>" },
"callback": function(oElement, bSuccess, oResponse) {
if( !bSuccess ) {
Ext.Msg.alert( "Ajax communication failure!");
}
if( oResponse && oResponse.responseText ) {
try{ json = Ext.decode( oResponse.responseText );
if( json.error && typeof json.error != 'xml' ) {
Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
dialog.destroy();
return false;
}
} catch(e) { return false; }
Ext.getCmp("dialog_tabpanel").add( json );
Ext.getCmp("dialog_tabpanel").activate(json.id);
Ext.getCmp("dialog").syncSize();
}
}
});
}
},
{
"text": "<?php echo ext_Lang::msg( 'btnremove', true ) ?>",
"handler": function() {
frm = Ext.getCmp("userlist").getForm();
try {
theUser = frm.findField(0).getGroupValue();
} catch(e) {
Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
return;
}
Ext.Msg.confirm( "", String.format( "<?php echo ext_Lang::err('miscdeluser', true ) ?>", theUser ), function( btn ) {
if( btn != 'yes') return;
statusBarMessage( "Please wait...", true );
frm.submit({
"success": function(form, action) {
statusBarMessage( action.result.message, false, true );
},
"failure": function(form, action) {
if( !action.result ) return;
Ext.MessageBox.alert("Error!", action.result.error);
statusBarMessage( action.result.error, false, false );
},
"scope": Ext.getCmp("userlist").getForm(),
// add some vars to the request, similar to hidden fields
"params": {
"option": "com_extplorer",
"action": "admin",
"action2": "rmuser",
"user": theUser,
"token": "<?php echo ext_getToken() ?>"
}
});
});
}
}
]
<?php
}
?>
}]
}
<?php
}
//------------------------------------------------------------------------------
function changepwd($dir) { // Change Password
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
}
if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) {
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
}
$data=ext_find_user( $GLOBALS['__SESSION']['credentials_extplorer']['username'],null );
// Username not existing
if( $data === NULL ) {
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
}
require_once( _EXT_PATH.'/libraries/PasswordHash.php');
$hasher = new PasswordHash(8, FALSE);
$result = $hasher->CheckPassword($GLOBALS['__POST']["oldpwd"], $data[1]);
if(!$result) {
$data=ext_find_user($GLOBALS['__SESSION']['credentials_extplorer']['username'],md5(stripslashes($GLOBALS['__POST']["oldpwd"])));
if($data==NULL) {
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
}
}
$data[1]=extEncodePassword(stripslashes($GLOBALS['__POST']["newpwd1"]));
if(!ext_update_user($data[0],$data)) {
ext_Result::sendResult('changepwd', false, $data[0].": ".$GLOBALS["error_msg"]["chpass"]);
}
require_once(_EXT_PATH.'/include/authentication/extplorer.php');
$auth = new ext_extplorer_authentication();
$auth->onAuthenticate(array('username'=>$data[0],'password'=>$data[1]));
ext_Result::sendResult('changepwd', true, ext_Lang::msg('change_password_success'));
}
//------------------------------------------------------------------------------
function adduser($dir) { // Add User
if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true" && ext_checkToken($GLOBALS['__POST']["token"]) ) {
$user=stripslashes($GLOBALS['__POST']["nuser"]);
if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
}
if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) {
ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
}
$data=ext_find_user($user,NULL);
if($data!=NULL) {
ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
}
$data=array($user,extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])),
stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]),
$GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]),
$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
if(!ext_add_user($data)) {
ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["adduser"]);
}
ext_Result::sendResult('adduser', true, $user.": The user has been added");
return;
}
show_userform();
}
//------------------------------------------------------------------------------
function edituser($dir) { // Edit User
$user=stripslashes($GLOBALS['__POST']["nuser"]);
$data=ext_find_user($user,NULL);
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
}
if($data==NULL) {
ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
}
if($self=($user==$GLOBALS['__SESSION']['credentials_extplorer']['username'])) $dir="";
if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
$nuser=stripslashes($GLOBALS['__POST']["nuser"]);
if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="") {
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
}
if(isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"]=="on") {
if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
$pass=extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass=$data[1];
}
if($self) $GLOBALS['__POST']["active"]=1;
$data=array($nuser,$pass,stripslashes($GLOBALS['__POST']["home_dir"]),
stripslashes($GLOBALS['__POST']["home_url"]),$GLOBALS['__POST']["show_hidden"],
stripslashes($GLOBALS['__POST']["no_access"]),$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
if(!ext_update_user($user,$data)) {
ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["saveuser"]);
}
/*if($self) {
activate_user($nuser,NULL);
}*/
ext_Result::sendResult('edituser', true, $user.": ".ext_Lang::msg('User Profile has been updated'));
}
show_userform( $data);
}
function show_userform( $data = null ) {
if( $data == null ) { $data = array('', '', '', '', '', '', '' ); }
$formname = @$data[0] ? 'frmedituser' : 'frmadduser';
?>
{
"xtype": "form",
"id" : "<?php echo $formname ?>",
"renderTo": Ext.getCmp("dialog_tabpanel").getEl(),
"hidden": true,
"closable":true,
"autoHeight": "true",
"labelWidth": 125,
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
"title": "<?php
if( !empty( $data[0] )) {
printf($GLOBALS["messages"]["miscedituser"],$data[0]);
} else {
echo $GLOBALS["messages"]["miscadduser"];
}
?>" ,
items: [{
"xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscusername', true ) ?>",
"name": "nuser",
"value": "<?php echo @$data[0] ?>",
"width":175,
"allowBlank":false
},{
"xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfpass', true ) ?>",
"name": "pass1",
"inputType": "password",
"width":175
},
{ "xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
"name": "pass2",
"inputType": "password",
"width":175
},
<?php
if( !empty($data[0])) { ?>
{ "xtype": "checkbox",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscchpass', true ) ?>",
"name": "chpass",
"hiddenValue": "true"
},
<?php
} ?>
{
"xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'mischomedir', true ) ?>",
"name": "home_dir",
"value": "<?php echo !empty($data[2]) ? $data[2] : $_SERVER['DOCUMENT_ROOT'] ?>",
"width":175,
"allowBlank":false
},
{ "xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'mischomeurl', true ) ?>",
"name": "home_url",
"value": "<?php echo !empty($data[3]) ? $data[3] : $GLOBALS["home_url"] ?>",
"width":175,
"allowBlank":false
},{
"xtype": "combo",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscshowhidden', true ) ?>",
"store": [
["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
],
"hiddenName": "show_hidden",
"disableKeyFilter": true,
"value": "<?php echo ( !empty($data[4]) ? $data[4] : (int)$data[4] ) ?>",
"editable": false,
"triggerAction": "all",
"mode": "local",
"allowBlank": false,
"selectOnFocus":true
},
{ "xtype": "textfield",
"fieldLabel": "<?php echo ext_Lang::msg( 'mischidepattern', true ) ?>",
"name": "no_access",
"value": "<?php echo @$data[5] ?>",
"width":175,
"allowBlank":true
},
{
"xtype": "combo",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscperms', true ) ?>",
"store": [<?php
$permvalues = array(0,1,2,3,7);
$permcount = count($GLOBALS["messages"]["miscpermnames"]);
for($i=0;$i<$permcount;++$i) {
if( $permvalues[$i]==7) $index = 4;
else $index = $i;
echo '["'.$permvalues[$i].'", "'.ext_lang::msg( array('miscpermnames' => $index)).'" ]'."\n";
if( $i+1<$permcount) echo ',';
}
?>
],
"hiddenName": "permissions",
"disableKeyFilter": true,
"value": "<?php echo (int)@$data[6] ?>",
"editable": false,
"triggerAction": "all",
"mode": "local"
},
{ "xtype": "combo",
"fieldLabel": "<?php echo ext_Lang::msg( 'miscactive', true ) ?>",
"store": [
["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
],
"hiddenName": "active",
"disableKeyFilter": true,
"value": "<?php echo ( !empty($data[7]) ? $data[7] : 0 ) ?>",
"disabled": <?php echo !empty($self) ? 'true' : 'false' ?>,
"editable": false,
"triggerAction": "all",
"mode": "local",
"allowBlank": false,
"selectOnFocus":true
}
],
"buttons": [ {
"text": "<?php echo ext_Lang::msg( 'btnsave', true ) ?>",
"handler": function() {
userform = Ext.getCmp("<?php echo $formname ?>").getForm();
if(userform.findField('nuser').getValue()=="" || userform.findField('home_dir').getValue()=="") {
Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscfieldmissed', true ); ?>");
return false;
}
if( userform.findField('chpass') ) {
if(userform.findField('chpass').getValue() &&
userform.findField('pass1').getValue() != userform.findField('pass2').getValue())
{
Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscnopassmatch', true ); ?>");
return false;
}
}
statusBarMessage( 'Please wait...', true );
userform.submit({
"success": function(form, action) {
statusBarMessage( action.result.message, false, true );
Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>");
},
"failure": function(form, action) {
if( !action.result ) return;
Ext.Msg.alert('Error!', action.result.error);
statusBarMessage( action.result.error, false, true );
},
"scope": userform,
// add some vars to the request, similar to hidden fields
"params": {option: 'com_extplorer',
user: "<?php echo @$data[0] ?>",
"action": 'admin',
"action2": "<?php echo @$data[0] ? 'edituser' : 'adduser' ?>",
"confirm": "true",
"token": "<?php echo ext_getToken() ?>"
}
})
}
},{
"text": "<?php echo ext_Lang::msg( 'btncancel', true ) ?>",
"handler": function() { Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>"); }
}]
}
<?php
}
//------------------------------------------------------------------------------
function removeuser($dir) { // Remove User
$user=stripslashes($GLOBALS['__POST']["user"]);
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
}
if($user==$GLOBALS['__SESSION']['credentials_extplorer']['username']) {
ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]);
}
if(!ext_remove_user($user)) {
ext_Result::sendResult('removeuser', false, $user.": ".$GLOBALS["error_msg"]["deluser"]);
}
ext_Result::sendResult('removeuser', true, $user." was successfully removed." );
}
//------------------------------------------------------------------------------
function ext_show_admin($dir) { // Execute Admin Action
$pwd=(($GLOBALS["permissions"]&2)==2);
$admin=(($GLOBALS["permissions"]&4)==4);
if(!$GLOBALS["require_login"]) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["miscnofunc"]);
if(!$pwd && !$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"];
elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"];
else $action2="";
switch($action2) {
case "chpwd":
changepwd($dir);
break;
case "adduser":
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
adduser($dir);
break;
case "edituser":
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
edituser($dir);
break;
case "rmuser":
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
removeuser($dir);
break;
default:
admin($admin,$dir);
}
}
//------------------------------------------------------------------------------