Ejemplo n.º 1
0
 public static function menu()
 {
     if (Privileges::access(__METHOD__) !== true || !G::isLoggedIn()) {
         return '';
     }
     $html = Tag::hTag('b') . 'Database Menu' . Tag::_hTag('b') . Tag::form(['method' => 'get']) . Response::factory()->action(__CLASS__ . '->index()')->toHidden(false) . Lists::select('tblName', self::TABLES_SQL, ['size' => '10', 'onClick' => 'submit();']) . Tag::_form();
     return $html;
 }
Ejemplo n.º 2
0
 public function index()
 {
     if (!G::isLoggedIn()) {
         return Login::controller(Login::DEF);
     }
     $crud = new CRUD('tblConfig', ['insDefaults' => ['fldUserID' => G::getUserID()], 'primaryKey' => 'fldKey']);
     $crud->setColDisplay('fldUserID', CRUD::HIDDEN);
     $crud->columnAttrib('fldValue', ['size' => 60]);
     return $crud->index();
 }
Ejemplo n.º 3
0
 private static function getScope($scope = self::USER_SCOPE)
 {
     if (self::$overrideScope) {
         $uid = self::$overrideScope;
     } else {
         if ($scope == self::USER_SCOPE) {
             $uid = G::get('fldUserID', self::GLOBAL_SCOPE);
         } else {
             $uid = self::GLOBAL_SCOPE;
         }
     }
     return $uid;
 }
Ejemplo n.º 4
0
    private function displayUserDetails()
    {
        $jQuery = <<<JS
    \$().ready(function() {
        \$('#hoverimage').hover( function () { \$('#extralinks').fadeIn('fast'); },
                                function () { setTimeout("\$('#extralinks').fadeOut('slow');", 3000 ); });
    });
JS;
        $resp = new Response();
        $html = JS::library(JS::JQUERY) . JS::javaScript($jQuery) . Tag::table() . Tag::tr() . Tag::td(['id' => 'hoverimage', 'class' => 'logindetails', 'nowrap' => 'nowrap']) . 'Welcome ' . $this->getDisplayName() . Gravatar::icon(G::get('fldUser')) . Tag::_td() . Tag::_tr() . Tag::tr() . Tag::td(['id' => 'extralinks', 'style' => 'display: none;']) . Tag::ul(['id' => 'vertMenu']) . Tag::li() . Tag::hRef('ajax.php?' . $resp->action('\\Jackbooted\\Admin\\Login->logout()')->toUrl(), 'Logout') . Tag::_li();
        foreach ($this->loggedInMenuItems as $name => $act) {
            $html .= Tag::li() . Tag::hRef('?' . $resp->action($act)->toUrl(), $name) . Tag::_li();
        }
        $html .= Tag::_ul() . Tag::_td() . Tag::_tr() . Tag::_table();
        return $html;
    }
Ejemplo n.º 5
0
 public static function check()
 {
     if (($val = Request::get(self::KEY)) == '') {
         return self::NOGUARD;
     } else {
         $values = explode(self::DELIM, $val);
         if (count($values) != 6) {
             return 'Incorrect TimeGuard format';
         } else {
             if ($values[0] != G::get('fldUser', 'GUEST')) {
                 return 'The user has changed in the submission of this url';
             } else {
                 if ($values[1] != $_SERVER['HTTP_HOST']) {
                     return 'Host server has been compromised';
                 } else {
                     if ($values[2] != $_SERVER['HTTP_USER_AGENT']) {
                         return 'Browser has been compromised';
                     } else {
                         if ($values[3] != session_id()) {
                             return 'PHP Session ID has been compromised';
                         } else {
                             if (strpos($_SERVER['SCRIPT_NAME'], $values[4]) === false) {
                                 return 'URL has been reused for target file name';
                             } else {
                                 $diff = time() - $values[5];
                                 if ($diff < 0 || $diff > self::EXPIRY) {
                                     return 'URL has expired';
                                 } else {
                                     return true;
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
Ejemplo n.º 6
0
    public static function access($action = null)
    {
        if (!Cfg::get('check_priviliages')) {
            return true;
        }
        if ($action == null) {
            $action = Request::get(WebPage::ACTION);
        }
        if (isset(self::$cache[$action])) {
            return self::$cache[$action];
        }
        if (($priviliagesIDs = self::getPriviliageIDs($action)) === false) {
            self::$log->warn('No priviliages found for action: ' . $action);
            return self::$cache[$action] = true;
        }
        $uid = G::get('fldUserID', '0');
        $groupIDs = self::getGroupIDs($uid);
        $params = [];
        $privIdIn = DB::in($priviliagesIDs, $params);
        $params[] = $uid;
        $params[] = (int) G::get('fldLevel', 7);
        $groupIn = DB::in($groupIDs, $params);
        $now = time();
        $sql = <<<SQL
            SELECT count(*) FROM tblSecPrivUserMap
            WHERE fldPrivilegeID IN ( {$privIdIn} )
            AND   ( fldStartDate=0 OR fldStartDate < {$now} )
            AND   ( fldEndDate=0   OR fldEndDate > {$now} )
            AND   ( ( fldUserID  IS NOT NULL AND fldUserID<>''  AND fldUserID=? )  OR
                    ( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? )  OR
                      fldGroupID IN ( {$groupIn} ) )
SQL;
        if (DB::oneValue(DB::DEF, $sql, $params) > 0) {
            return self::$cache[$action] = true;
        }
        return self::canLogin($priviliagesIDs);
    }
Ejemplo n.º 7
0
 protected function reloadPreferences()
 {
     Login::loadPreferences(G::get('fldUser'));
     return 'Reloaded Preferences';
 }
Ejemplo n.º 8
0
 protected function getDisplayName()
 {
     $name = G::get('fldFirstName') . ' ' . G::get('fldLastName');
     if (G::isLoggedIn() && G::accessLevel(Privileges::getSecurityLevel('SITE ADMIN'))) {
         $uName = Tag::hRef('superadmin.php', $name, ['class' => 'admin']);
     } else {
         $uName = Tag::e($name);
     }
     return $uName;
 }
Ejemplo n.º 9
0
 public function editAccountSave()
 {
     $uid = Request::get('fldUserID', G::get('fldUserID'));
     $messages = [];
     $sqls = [];
     $params = [];
     $pw = Request::get('fldPassword');
     $pwCheck = Request::get('fldPassword_CHK');
     $pwOld = Request::get('fldPassword_OLD');
     if ($pw != '' && $pwCheck != '') {
         if (!$this->checkOldPassword($uid, $pwOld)) {
             $messages[] = '<font color=red>Old Password is not correct<font>';
         } else {
             if ($pw != $pwCheck) {
                 $messages[] = '<font color=red>Passwords are not the same<font>';
             } else {
                 if ($pwOld == $pw) {
                     $messages[] = '<font color=red>No Change, old and new passwords same<font>';
                 } else {
                     if (DB::driver() == DB::MYSQL) {
                         $sqls[] = 'UPDATE tblUser SET fldPassword=PASSWORD(?),fldModified=UNIX_TIMESTAMP() WHERE fldUserID=?';
                         $params[] = [$pw, $uid];
                     } else {
                         $sqls[] = 'UPDATE tblUser SET fldPassword=?,fldModified=strftime(\'%s\',\'now\') WHERE fldUserID=?';
                         $params[] = [hash('md5', $pw), $uid];
                     }
                 }
             }
         }
     }
     $sqls[] = 'UPDATE tblUser SET fldSalutation=?,fldModified=' . time() . ' WHERE fldUserID=?';
     $params[] = [Request::get('fldSalutation'), $uid];
     if (Request::get('fldFirstName') == '') {
         $messages[] = '<font color=red>First name cannot be empty<font>';
     } else {
         $sqls[] = 'UPDATE tblUser SET fldFirstName=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldFirstName'), $uid];
     }
     if (Request::get('fldLastName') == '') {
         $messages[] = '<font color=red>Last name cannot be empty<font>';
     } else {
         $sqls[] = 'UPDATE tblUser SET fldLastName=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldLastName'), $uid];
     }
     if (Request::get('fldTimeZone') != '') {
         $sqls[] = 'UPDATE tblUser SET fldTimeZone=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldTimeZone'), $uid];
     }
     if (Request::get('fldUser') != '') {
         $sqls[] = 'UPDATE tblUser SET fldUser=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldUser'), $uid];
     }
     if (Request::get('fldLevel') != '') {
         $sqls[] = 'UPDATE tblUser SET fldLevel=?,fldModified=' . time() . ' WHERE fldUserID=?';
         $params[] = [Request::get('fldLevel'), $uid];
     }
     if (count($messages) != 0) {
         return join('<br>', $messages) . $this->editAccount();
     } else {
         foreach ($sqls as $idx => $sql) {
             DB::exec(DB::DEF, $sql, $params[$idx]);
         }
         if ($uid == G::get('fldUserID')) {
             foreach (DB::oneRow(DB::DEF, 'SELECT * FROM tblUser WHERE fldUserID=?', $uid) as $key => $val) {
                 G::set($key, $val);
             }
         }
         return 'Sucessfully updated user account details' . $this->editAccount();
     }
 }
Ejemplo n.º 10
0
 private static function setUpSession()
 {
     Login::initSession();
     // See if we can log the user in
     if (!Login::loadPreferencesFromCookies()) {
         if (G::isLoggedIn()) {
             Login::logOut();
         }
     }
 }
Ejemplo n.º 11
0
                            <td nowrap="nowrap" valign="top" align="right" width="100%">
                                <?php 
echo \Jackbooted\Admin\FancyLogin::controller();
?>
                            </td>
                        </tr>
                    </table>
                </td>
            </tr>
            <tr>
                <td height="600px" width="100%">
                    <table width="100%" height="100%" cellpadding="5" cellspacing="0">
                        <tr>
                            <td nowrap="nowrap" valign="top">
                                <?php 
echo \Jackbooted\G::isLoggedIn() ? \Jackbooted\Util\MenuUtils::display() : '&nbsp;';
?>
                            </td>
                            <td align="left" valign="top" width="100%">
                                <?php 
echo \Jackbooted\Html\WebPage::controller(Cfg::get('def_display'));
?>
                            </td>
                        </tr>
                    </table>
                </td>
            </tr>
            <tr>
                <td width="100%">
                    <table width="100%" cellpadding="0" cellspacing="0">
                        <tr>