/**
* Verify toHTML gives an output when there is not token file
* @test
*/
public function test_toHTML_no_tokens_file()
{
self::login_as_admin();
self::delete_tokens_file();
$this->expectOutputString("");
$guest_token = new GuestToken();
$guest_token->toHTML();
}
/**
* Display the rights on website, and let
* the admin edit them.
*
* @author Thibaud Rohmer
*/
public function toHTML()
{
echo "<div class='adminrights'>\n";
echo "<h3>Infos</h3>";
echo $this->infos;
echo "<h3>Access</h3>";
if ($this->public) {
echo "<div class='pure-g'><div class='pure-u-1-3'>";
echo "<a href='?t=Pri{$this->webpath}'class='button-round button-success'><i class='fa fa-unlock'></i></a></div>";
echo "<div class='pure-u-2-3'>" . Settings::_("judge", "public") . "</div></div>";
} else {
echo "<div class='pure-g'><div class='pure-u-1-3'>";
echo "<a href='?t=Pub{$this->webpath}'class='button-round button-error'><i class='fa fa-lock'></i></a></div>";
echo "<div class='pure-u-2-3'>" . Settings::_("judge", "priv") . "</div></div>";
}
echo "<form action='?t=Rig{$this->webpath}' method='post' class='pure-form pure-form-aligned'>";
if (!$this->public) {
echo "<h3>" . Settings::_("judge", "accounts") . "</h3>";
echo "<ul>";
foreach (Account::findAll() as $account) {
if (in_array($account['login'], $this->users)) {
$checked = "checked";
} else {
$checked = "";
}
echo "<label class='pure-checkbox'><input type='checkbox' value='" . $account['login'] . "' name='users[]' {$checked} > " . htmlentities($account['login'], ENT_QUOTES, 'UTF-8') . "</label>";
}
echo "</ul>";
echo "<h3>" . Settings::_("judge", "groups") . "</h3>";
echo "<ul>";
foreach (Group::findAll() as $group) {
if ($group['name'] == "root") {
continue;
}
if (in_array($group['name'], $this->groups)) {
$checked = "checked";
} else {
$checked = "";
}
echo "<label class='pure-checkbox'><input type='checkbox' value='" . $group['name'] . "' name='groups[]' {$checked} > " . htmlentities($group['name'], ENT_QUOTES, 'UTF-8') . " </label>";
}
echo "<input type='submit' class='pure-button pure-button-primary button-small' value='" . Settings::_("judge", "set") . "'>\n";
echo "</ul>";
echo "<h3>Guest Tokens</h3>";
if (!$this->multi) {
// Token creation
$tokens = GuestToken::find_for_path($this->file);
if ($tokens && !empty($tokens)) {
echo "<ul>";
$i = 0;
foreach ($tokens as $token) {
$i++;
echo "<a class='pure-button button-small button-warning' href='" . GuestToken::get_url($token['key']) . "' >Guest Token {$i}</a><br />\n";
}
echo "</ul>";
}
echo "<ul><a href='?t=CTk{$this->webpath}' class='pure-button button-secondary button-small'>" . Settings::_("token", "createtoken") . "</a></ul>";
}
}
echo "</form>\n";
echo "</div>\n";
}
/**
* Create admin page
*
* @author Thibaud Rohmer
*/
public function __construct()
{
/// Check that current user is an admin or an uploader
if (!(CurrentUser::$admin || CurrentUser::$uploader)) {
return;
}
/// Get actions available for Uploaders too
if (isset($_GET['a'])) {
switch ($_GET['a']) {
case "Abo":
$this->page = new AdminAbout();
break;
case "Upl":
if (isset($_POST['path'])) {
AdminUpload::upload();
CurrentUser::$path = File::r2a(stripslashes($_POST['path']));
}
break;
case "Mov":
if (isset($_POST['pathFrom'])) {
try {
CurrentUser::$path = File::r2a(dirname(stripslashes($_POST['pathFrom'])));
} catch (Exception $e) {
CurrentUser::$path = Settings::$photos_dir;
}
}
Admin::move();
if (isset($_POST['move']) && $_POST['move'] == "rename") {
try {
if (is_dir(File::r2a(stripslashes($_POST['pathFrom'])))) {
CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['pathFrom']))) . "/" . stripslashes($_POST['pathTo']);
}
} catch (Exception $e) {
CurrentUser::$path = Settings::$photos_dir;
}
}
break;
case "Del":
if (isset($_POST['del'])) {
if (!is_array($_POST['del'])) {
CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['del'])));
} else {
CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['del'][0])));
}
Admin::delete();
}
break;
}
}
/// Check that current user is an admin
if (!CurrentUser::$admin) {
return;
}
/// Get action
if (isset($_GET['a'])) {
switch ($_GET['a']) {
case "Sta":
$this->page = new AdminStats();
break;
case "VTk":
$this->page = new GuestToken();
break;
case "DTk":
if (isset($_POST['tokenkey'])) {
GuestToken::delete($_POST['tokenkey']);
}
$this->page = new GuestToken();
break;
case "Acc":
if (isset($_POST['edit'])) {
Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email'], NULL, $_POST['language']);
}
if (isset($_POST['login'])) {
$this->page = new Account($_POST['login']);
} else {
$this->page = CurrentUser::$account;
}
break;
case "GC":
Group::create($_POST['group']);
$this->page = new Group();
break;
case "AAc":
Account::create($_POST['login'], $_POST['password'], $_POST['verif']);
$this->page = new Group();
break;
case "AGA":
$a = new Account($_POST['acc']);
$a->add_group($_POST['group']);
$a->save();
$this->page = CurrentUser::$account;
break;
case "AGR":
$a = new Account($_POST['acc']);
$a->remove_group($_POST['group']);
$a->save();
$this->page = CurrentUser::$account;
break;
case "ADe":
Account::delete($_POST['name']);
$this->page = new Group();
break;
case "GEd":
Group::edit($_POST);
$this->page = new Group();
break;
case "GDe":
Group::delete($_GET['g']);
$this->page = new Group();
break;
case "CDe":
CurrentUser::$path = File::r2a($_POST['image']);
Comments::delete($_POST['id']);
$this->page = new MainPage();
break;
case "JS":
break;
case "EdA":
$this->page = new Group();
break;
case "GAl":
if (isset($_POST['path'])) {
Settings::gener_all(File::r2a(stripslashes($_POST['path'])));
}
case "Set":
if (isset($_POST['name'])) {
Settings::set();
}
$this->page = new Settings();
break;
}
}
if (!isset($this->page)) {
$this->page = new AdminAbout();
}
/// Create menu
$this->menu = new AdminMenu();
}
/**
* Creates a new token in the base
*
* @param string $key
* @param array $path
* @author Franck Royer
*/
public static function create($path, $key = NULL)
{
// A token with no path is useless
// Only admin can create a token for now
if (!isset($path) || !CurrentUser::$admin) {
return false;
}
if (!isset($key)) {
$key = self::generate_key();
}
if (self::exist($key)) {
error_log("ERROR/GuestToken: Key " . $key . " already exist, aborting creation");
return false;
}
if (!file_exists(CurrentUser::$tokens_file) || sizeof(self::findAll()) == 0) {
// Create file
$xml = new SimpleXMLElement('<tokens></tokens>');
$xml->asXML(CurrentUser::$tokens_file);
}
// I like big keys
if (strlen($key) < 10) {
return false;
}
$token = new GuestToken();
$token->key = $key;
$token->path = File::a2r($path);
$token->save();
return true;
}
/**
* create a token and give you the ouput
* actually it's a bit of cheating
* if a token already exist for the given path we return it
* otherwise, we create a new one
*/
public function create_token($path = NULL)
{
// default path is the token folder
if (!isset($path)) {
$path = Settings::$photos_dir . "/tokenfolder";
}
// do we already have a token ?
$tokens = GuestToken::find_for_path(File::a2r($path), true);
if (!empty($tokens)) {
return $tokens[0]['key'];
}
// No token found, Creating a token to allow guest view for the given path
$key = Guesttoken::generate_key();
if (!GuestToken::create($path, $key)) {
throw new Exception("Cannot create token for path " . $path . "\n");
}
return $key;
}
/**
* Retrieves info for the current user account
*
* @author Thibaud Rohmer
*/
public static function init()
{
CurrentUser::$accounts_file = Settings::$conf_dir . "/accounts.xml";
CurrentUser::$groups_file = Settings::$conf_dir . "/groups.xml";
CurrentUser::$tokens_file = Settings::$conf_dir . "/guest_tokens.xml";
if (isset($_GET['login']) && isset($_GET['pass'])) {
try {
CurrentUser::login(stripslashes($_GET['login']), stripslashes($_GET['pass']));
} catch (Exception $e) {
}
}
if (isset($_GET['token'])) {
$token = $_GET['token'];
if (GuestToken::exist($token)) {
if (isset($_SESSION['login']) || isset(CurrentUser::$account)) {
CurrentUser::logout();
}
CurrentUser::$token = $token;
$_SESSION['token'] = CurrentUser::$token;
}
} elseif (isset($_SESSION['token'])) {
CurrentUser::$token = $_SESSION['token'];
}
/// Set path
if (isset($_GET['f'])) {
if (is_array($_GET['f'])) {
if (sizeof($_GET['f']) > 1) {
foreach ($_GET['f'] as $file) {
CurrentUser::$path[] = stripslashes(File::r2a($file));
}
} else {
CurrentUser::$path = stripslashes(File::r2a($_GET['f'][0]));
}
} else {
CurrentUser::$path = stripslashes(File::r2a($_GET['f']));
}
if (isset($_GET['p'])) {
switch ($_GET['p']) {
case 'n':
CurrentUser::$path = File::next(CurrentUser::$path);
break;
case 'p':
CurrentUser::$path = File::prev(CurrentUser::$path);
break;
}
}
} else {
/// Path not defined in URL
CurrentUser::$path = Settings::$photos_dir;
}
/// Set CurrentUser account
if (isset($_SESSION['login'])) {
self::$account = new Account($_SESSION['login']);
// groups sometimes can be null
$groups = self::$account->groups === NULL ? array() : self::$account->groups;
self::$admin = in_array("root", $groups);
self::$uploader = in_array("uploaders", $groups);
Settings::set_lang(self::$account->language);
$_SESSION['token'] = "";
}
/// Set action (needed for page layout)
if (isset($_GET['t'])) {
switch ($_GET['t']) {
case "Rss":
case "Page":
case "Img":
case "Vid":
case "Thb":
CurrentUser::$action = $_GET['t'];
break;
case "Big":
case "BDl":
case "Zip":
if (!Settings::$nodownload) {
CurrentUser::$action = $_GET['t'];
}
break;
case "Reg":
if (isset($_POST['login']) && isset($_POST['password'])) {
if (!Account::create($_POST['login'], $_POST['password'], $_POST['verif'])) {
echo "Error creating account.";
}
}
case "Login":
if (isset($_POST['login']) && isset($_POST['password'])) {
try {
if (!CurrentUser::login($_POST['login'], $_POST['password'])) {
echo "Wrong password";
}
} catch (Exception $e) {
echo "Account not found";
}
}
if (!isset(CurrentUser::$account)) {
CurrentUser::$action = $_GET['t'];
}
break;
case "Logout":
if (isset($_SESSION['login'])) {
CurrentUser::logout();
echo "logged out";
}
break;
case "Log":
if (isset($_SESSION['login'])) {
CurrentUser::logout();
echo "logged out";
break;
}
if (isset($_POST['login']) && isset($_POST['password'])) {
try {
if (!CurrentUser::login($_POST['login'], $_POST['password'])) {
echo "Wrong password";
}
} catch (Exception $e) {
echo "Account not found";
}
}
if (!isset(CurrentUser::$account)) {
CurrentUser::$action = $_GET['t'];
}
break;
case "Acc":
if (isset($_POST['old_password'])) {
Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email'], NULL, $_POST['language']);
unset($_POST['old_password']);
CurrentUser::init();
return;
}
CurrentUser::$action = "Acc";
break;
case "Adm":
if (CurrentUser::$admin) {
CurrentUser::$action = "Adm";
}
break;
case "Com":
Comments::add(CurrentUser::$path, $_POST['content'], $_POST['login']);
break;
case "Rig":
Judge::edit(CurrentUser::$path, $_POST['users'], isset($_POST['groups']) ? $_POST['groups'] : null, true);
CurrentUser::$action = "Judge";
break;
case "CTk":
GuestToken::create(CurrentUser::$path);
CurrentUser::$action = "Judge";
break;
case "Pub":
Judge::edit(CurrentUser::$path);
CurrentUser::$action = "Judge";
break;
case "Pri":
Judge::edit(CurrentUser::$path, array(), array(), true);
CurrentUser::$action = "Judge";
break;
case "Inf":
CurrentUser::$action = "Inf";
break;
case "Fs":
if (is_file(CurrentUser::$path)) {
CurrentUser::$action = "Fs";
}
break;
default:
CurrentUser::$action = "Page";
break;
}
} else {
CurrentUser::$action = "Page";
}
if (isset($_GET['a']) && CurrentUser::$action != "Adm") {
if (CurrentUser::$admin || CurrentUser::$uploader) {
new Admin();
}
}
if (isset($_GET['j'])) {
CurrentUser::$action = "JS";
}
/// Set default action
if (!isset(CurrentUser::$action)) {
CurrentUser::$action = "Page";
}
/// Throw exception if accounts file is missing
if (!file_exists(CurrentUser::$accounts_file)) {
throw new Exception("Accounts file missing", 69);
}
/// Create Group File if it doesn't exist
if (!file_exists(CurrentUser::$groups_file)) {
Group::create_group_file();
}
if (isset(CurrentUser::$account)) {
CurrentUser::$admin = in_array("root", CurrentUser::$account->groups);
}
}