public function post($ext) { if ((int) $this->check_access() < 9) { $this->response(null, null, 401); } if (empty($ext)) { $this->response(null, null, 400); } $settings = array(); foreach ($ext["settings"] as $set) { $settings[$set["name"]] = $set["value"]; } $db = new RazorDB(); $db->connect("extension"); $options = array("amount" => 1); $search = array(array("column" => "extension", "value" => $ext["extension"]), array("column" => "type", "value" => $ext["type"]), array("column" => "handle", "value" => $ext["handle"])); $extension = $db->get_rows($search, $options); if ($extension["count"] == 1) { $db->edit_rows($search, array("json_settings" => json_encode($settings))); } else { // add new $row = array("extension" => $ext["extension"], "type" => $ext["type"], "handle" => $ext["handle"], "json_settings" => json_encode($settings), "user_id" => $this->user["id"], "access_level" => 0); $db->add_rows($row); } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("user"); // check link unique $search = array("column" => "id", "value" => $this->user["id"]); $row = array("name" => $data["name"], "email_address" => $data["email_address"]); if (isset($data["new_password"])) { $row["password"] = $this->create_hash($data["new_password"]); } $db->edit_rows($search, $row); $db->disconnect(); // return the basic user details if (isset($data["new_password"])) { $this->response(array("reload" => true), "json"); } $this->response("success", "json"); }
public function post($data) { // no email if (empty($data["email"])) { $this->response("User not found", "json", 404); } // try find user $db = new RazorDB(); $db->connect("user"); $options = array("amount" => 1); $search = array("column" => "email_address", "value" => $data["email"]); $user = $db->get_rows($search); $db->disconnect(); // check for match if ($user["count"] != 1) { $this->response("User not found", "json", 404); } // check attempts $user = $user["result"][0]; if ($user["reminder_time"] > time() - 600) { $this->response("Only one password request allowed per hour", "json", 401); } /* Match found, attempts good, carry on */ // now we will store token and send it via email $user_agent = $_SERVER["HTTP_USER_AGENT"]; $ip_address = $_SERVER["REMOTE_ADDR"]; $pass_hash = $user["password"]; $reminder_time = time(); $reminder_token = sha1($reminder_time . $user_agent . $ip_address . $pass_hash); // set new reminder $db->connect("user"); $search = array("column" => "id", "value" => $user["id"]); $row = array("reminder_token" => $reminder_token, "reminder_time" => $reminder_time); $db->edit_rows($search, $row); $db->disconnect(); // email user pasword reset email $server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]); $reminder_link = RAZOR_BASE_URL . "admin#/password-reset/{$reminder_token}_{$user["id"]}"; $message = <<<EOT <html> <head> <title>razorCMS - Password Reset</title> </head> <body> <h1>Reset your razorCMS Account Password</h1> <p>This email address has requested a password reset for the account on razorCMS ({$_SERVER["SERVER_NAME"]}). If this was not you that requested this, please ignore this email and the password reset will expire in 1 hour.</p> <p>If you did request this, then you can reset your password using the link below.</p> <a href="{$reminder_link}">{$reminder_link}</a> </body> </html> EOT; $this->email("no-reply@{$server_email}", $user["email_address"], "razorCMS Account Password Reset", $message); $this->response("success", "json"); }
public function post($data) { // no email if (empty($data["email"])) { $this->response("User not found", "json", 404); } // try find user $db = new RazorDB(); $db->connect("user"); $options = array("amount" => 1); $search = array("column" => "email_address", "value" => $data["email"]); $user = $db->get_rows($search); $db->disconnect(); // check for match if ($user["count"] != 1) { $this->response("User not found", "json", 404); } // check attempts $user = $user["result"][0]; if ($user["reminder_time"] > time() - 600) { $this->response("Only one password request allowed per hour", "json", 401); } /* Match found, attempts good, carry on */ // now we will store token and send it via email $user_agent = $_SERVER["HTTP_USER_AGENT"]; $ip_address = $_SERVER["REMOTE_ADDR"]; $pass_hash = $user["password"]; $reminder_time = time(); $reminder_token = sha1($reminder_time . $user_agent . $ip_address . $pass_hash); // set new reminder $db->connect("user"); $search = array("column" => "id", "value" => $user["id"]); $row = array("reminder_token" => $reminder_token, "reminder_time" => $reminder_time); $db->edit_rows($search, $row); $db->disconnect(); // get setting $db->connect("setting"); $setting = $db->get_rows(array("column" => "name", "value" => "forgot_password_email")); $forgot_password_email = $setting["result"][0]["value"]; $db->disconnect(); // email user pasword reset email $server_email = str_replace("www.", "", $_SERVER["SERVER_NAME"]); $reminder_link = RAZOR_BASE_URL . "login#/password-reset/{$reminder_token}_{$user["id"]}"; // email text replacement $search = array("**server_name**", "**user_email**", "**forgot_password_link**"); $replace = array($_SERVER["SERVER_NAME"], $user["email_address"], $reminder_link); $message = str_replace($search, $replace, $forgot_password_email); $this->email("no-reply@{$server_email}", $user["email_address"], "{$_SERVER["SERVER_NAME"]} Account Password Reset", $message); $this->response("success", "json"); }
public function post($data) { // check present, token ok, password and password confirm ok if (!isset($data["token"], $data["passwords"]["password"], $data["passwords"]["repeat_password"])) { $this->response("Bad data", null, 400); } if (empty($data["token"]) || strlen($data["token"]) < 20) { $this->response("Bad data", null, 400); } if (empty($data["passwords"]["password"]) || empty($data["passwords"]["repeat_password"]) || $data["passwords"]["password"] !== $data["passwords"]["repeat_password"]) { $this->response("Bad data", null, 400); } $token_data = explode("_", $data["token"]); if (count($token_data) != 2 || empty($token_data[0]) || empty($token_data[1])) { $this->response("Bad data", null, 400); } /* data present and pre check good, lets do a user search and check */ // try find user $db = new RazorDB(); $db->connect("user"); $search = array("column" => "id", "value" => (int) $token_data[1]); $user = $db->get_rows($search); $db->disconnect(); // no valid user found if ($user["count"] != 1) { $this->response("Bad data", null, 400); } $user = $user["result"][0]; // check token if (empty($user["reminder_token"]) || $token_data[0] != $user["reminder_token"] || $user["reminder_time"] + 3600 < time()) { $this->response("Bad data", null, 400); } /* user ok, token ok, lets change password */ $password = RazorAPI::create_hash($data["passwords"]["password"]); // set new reminder $db->connect("user"); $search = array("column" => "id", "value" => $user["id"]); $row = array("password" => $password, "reminder_token" => ""); $db->edit_rows($search, $row); $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } // update content $db = new RazorDB(); $db->connect("page"); // set options $search = array("column" => "id", "value" => $data["id"]); // ensure we only have changes we want $changes = array("active" => $data["active"], "name" => $data["name"], "title" => $data["title"], "link" => $data["link"], "theme" => $data["theme"], "keywords" => $data["keywords"], "description" => $data["description"]); $db->edit_rows($search, $changes); $db->disconnect(); // return the basic user details $this->response($data, "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("site"); $search = array("column" => "id", "value" => 1); $row = array(); if (isset($data["name"])) { $row["name"] = $data["name"]; } if (isset($data["google_analytics_code"])) { $row["google_analytics_code"] = $data["google_analytics_code"]; } $db->edit_rows($search, $row); $db->disconnect(); $this->response("success", "json"); }
public function get($id) { if (strlen($id) < 20) { $this->response("Activation key not set", 400); } $db = new RazorDB(); $db->connect("user"); $search = array("column" => "activate_token", "value" => $id); $user = $db->get_rows($search); if ($user["count"] != 1) { $this->response(null, null, 409); } // now we know token is ok, lets activate user // set new reminder $search = array("column" => "id", "value" => $user["result"][0]["id"]); $row = array("activate_token" => null, "active" => true); $db->edit_rows($search, $row); $db->disconnect(); // if all ok, redirect to login page and set activate message off $redirect = RAZOR_BASE_URL . "login#/user-activated"; header("Location: {$redirect}"); exit; }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 9) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("setting"); if (isset($data["name"])) { $search = array("column" => "name", "value" => "name"); $res = $db->edit_rows($search, array("value" => $data["name"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "name", "value" => (string) $data["name"], "type" => "string")); } } if (isset($data["google_analytics_code"])) { $search = array("column" => "name", "value" => "google_analytics_code"); $res = $db->edit_rows($search, array("value" => $data["google_analytics_code"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "google_analytics_code", "value" => (string) $data["google_analytics_code"], "type" => "string")); } } if (isset($data["forgot_password_email"])) { $search = array("column" => "name", "value" => "forgot_password_email"); $res = $db->edit_rows($search, array("value" => (string) $data["forgot_password_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "forgot_password_email", "value" => (string) $data["forgot_password_email"], "type" => "string")); } } if (isset($data["allow_registration"])) { $search = array("column" => "name", "value" => "allow_registration"); $res = $db->edit_rows($search, array("value" => (string) $data["allow_registration"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "allow_registration", "value" => (string) $data["allow_registration"], "type" => "bool")); } } if (isset($data["manual_activation"])) { $search = array("column" => "name", "value" => "manual_activation"); $res = $db->edit_rows($search, array("value" => (string) $data["manual_activation"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "manual_activation", "value" => (string) $data["manual_activation"], "type" => "bool")); } } if (isset($data["registration_email"])) { $search = array("column" => "name", "value" => "registration_email"); $res = $db->edit_rows($search, array("value" => (string) $data["registration_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "registration_email", "value" => (string) $data["registration_email"], "type" => "string")); } } if (isset($data["activation_email"])) { $search = array("column" => "name", "value" => "activation_email"); $res = $db->edit_rows($search, array("value" => (string) $data["activation_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "activation_email", "value" => (string) $data["activation_email"], "type" => "string")); } } if (isset($data["activate_user_email"])) { $search = array("column" => "name", "value" => "activate_user_email"); $res = $db->edit_rows($search, array("value" => (string) $data["activate_user_email"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "activate_user_email", "value" => (string) $data["activate_user_email"], "type" => "string")); } } if (isset($data["cookie_message"])) { $search = array("column" => "name", "value" => "cookie_message"); $res = $db->edit_rows($search, array("value" => (string) $data["cookie_message"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "cookie_message", "value" => (string) $data["cookie_message"], "type" => "string")); } } if (isset($data["cookie_message_button"])) { $search = array("column" => "name", "value" => "cookie_message_button"); $res = $db->edit_rows($search, array("value" => (string) $data["cookie_message_button"])); if ($res["count"] == 0) { $db->add_rows(array("name" => "cookie_message_button", "value" => (string) $data["cookie_message_button"], "type" => "string")); } } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } // menu item $db = new RazorDB(); $db->connect("menu_item"); // 1. grab all menus in position order $options = array("order" => array("column" => "position", "direction" => "asc")); $search = array("column" => "id", "not" => true, "value" => null); $all_menu_items = $db->get_rows($search, $options); $all_menu_items = $all_menu_items["result"]; // 2. make flat arrays $new_menus_flat = array(); foreach ($data as $menu) { // set up menu item arrays if (!isset($new_menus_flat[$menu["id"]])) { $new_menus_flat[$menu["id"]] = array(); } foreach ($menu["menu_items"] as $mi) { if (isset($mi["id"])) { $new_menus_flat[$menu["id"]][] = $mi["id"]; } if (isset($mi["sub_menu"]) & !empty($mi["sub_menu"])) { foreach ($mi["sub_menu"] as $sub_menu_item) { if (isset($sub_menu_item["id"])) { $new_menus_flat[$menu["id"]][] = $sub_menu_item["id"]; } } } } } $current_menus_flat = array(); foreach ($all_menu_items as $ami) { // set up menu item arrays if (!isset($current_menus_flat[$ami["menu_id"]])) { $current_menus_flat[$ami["menu_id"]] = array(); } $current_menus_flat[$ami["menu_id"]][] = $ami["id"]; // at same time remove any items missing if (!in_array($ami["id"], $new_menus_flat[$ami["menu_id"]])) { $db->delete_rows(array("column" => "id", "value" => (int) $ami["id"])); } } // 3. update all of sent menu data, by looping through the new $data foreach ($data as $new_menu) { $pos = 1; // each menu foreach ($new_menu["menu_items"] as $nmi) { if (isset($nmi["id"]) && in_array($nmi["id"], $current_menus_flat[$new_menu["id"]])) { // update menu item $search = array("column" => "id", "value" => $nmi["id"]); $db->edit_rows($search, array("position" => $pos)); } else { // add new item $row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 1, "page_id" => $nmi["page_id"], "link_id" => 0); $db->add_rows($row); } $pos++; // now check for sub menu if (isset($nmi["sub_menu"]) && !empty($nmi["sub_menu"])) { foreach ($nmi["sub_menu"] as $nsmi) { if (isset($nsmi["id"]) && in_array($nsmi["id"], $current_menus_flat[$new_menu["id"]])) { // update menu item $search = array("column" => "id", "value" => $nsmi["id"]); $db->edit_rows($search, array("position" => $pos)); } else { // add new item $row = array("menu_id" => (int) $new_menu["id"], "position" => $pos, "level" => 2, "page_id" => $nsmi["page_id"], "link_id" => 0); $db->add_rows($row); } $pos++; } } } } $db->disconnect(); $this->response("success", "json"); }
public function check_access($access_timeout = RARS_ACCESS_TIMEOUT) { // retrieve token from incoming request $token = isset($_SERVER["HTTP_AUTHORIZATION"]) ? $_SERVER["HTTP_AUTHORIZATION"] : (isset($_SERVER["REDIRECT_HTTP_AUTHORIZATION"]) ? $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] : (isset($_COOKIE["token"]) ? $_COOKIE["token"] : null)); if (empty($token)) { return false; } // extract token and id $token_data = explode("_", $token); if (count($token_data) != 2) { return false; } $token = preg_replace("/[^a-zA-Z0-9]/", '', $token_data[0]); $id = (int) $token_data[1]; // find user $db = new RazorDB(); $db->connect("user"); $search = array("column" => "id", "value" => $id); $options = array("amount" => 1); $res = $db->get_rows($search, $options); $db->disconnect(); // no user found or no access in XXX seconds if ($res["count"] != 1) { return false; } $user = $res["result"][0]; if ($user["last_accessed"] < time() - $access_timeout) { return false; } /* all ok, so go verify user */ // need to create a token and last logged stamp $last_logged = $user["last_logged_in"]; $user_agent = preg_replace("/[^0-9a-zA-Z.:;-_]/", '', substr($_SERVER["HTTP_USER_AGENT"], 0, 250)); $ip_address = preg_replace("/[^0-9.]/", '', substr($_SERVER["REMOTE_ADDR"], 0, 50)); $pass_hash = $user["password"]; $gen_token = sha1($last_logged . $user_agent . $ip_address . $pass_hash); if ($gen_token !== $token) { return false; } // set user and return $this->user = array("id" => $user["id"], "name" => $user["name"], "email_address" => $user["email_address"], "last_logged_in" => $user["last_logged_in"], "access_level" => $user["access_level"]); // update access time to keep connection alive, only do this once an hour to keep writes to db down for user table // connection will stay live for a day anyway so we do not need to be this heavy on the last access time writes if ($user["last_accessed"] > time() - 3600) { return $this->user["access_level"]; } $db = new RazorDB(); $db->connect("user"); $search = array("column" => "id", "value" => $this->user["id"]); $changes = array("last_accessed" => time()); $db->edit_rows($search, $changes); $db->disconnect(); return $this->user["access_level"]; }
public function post($data) { // check we have a logged in user if ((int) $this->check_access() < 1) { $this->response(null, null, 401); } if (empty($data)) { $this->response(null, null, 400); } $db = new RazorDB(); $db->connect("user"); if (!isset($data["id"])) { // do you have access to make create new user if ($this->check_access() != 10) { $this->response(null, null, 401); } if (!isset($data["new_password"]) || empty($data["new_password"])) { $this->response(null, null, 400); } // check email is unique $search = array("column" => "email_address", "value" => $data["email_address"]); $user = $db->get_rows($search); if ($user["count"] > 0) { $this->response(null, null, 409); } // create new user $row = array("name" => $data["name"], "email_address" => $data["email_address"], "access_level" => (int) $data["access_level"] < 10 ? $data["access_level"] : 1, "active" => $data["active"], "password" => $this->create_hash($data["new_password"])); $db->add_rows($row); } elseif ($this->user["id"] == $data["id"]) { // check email is unique if changed if ($data["email_address"] != $this->user["email_address"]) { $search = array("column" => "email_address", "value" => $data["email_address"]); $user = $db->get_rows($search); if ($user["count"] > 0) { $this->response(null, null, 409); } } // if this is your account, alter name, email or password $search = array("column" => "id", "value" => $this->user["id"]); $row = array("name" => $data["name"], "email_address" => $data["email_address"]); if (isset($data["new_password"])) { $row["password"] = $this->create_hash($data["new_password"]); } $db->edit_rows($search, $row); // return the basic user details if (isset($data["new_password"])) { $this->response(array("reload" => true), "json"); } } elseif ($this->check_access() == 10) { // if not account owner, but acces of 10, alter access level or active // do not allow anyone to be set to level 10, only one account aloud if (isset($data["access_level"]) && $data["access_level"] == 10) { $this->response(null, null, 400); } $search = array("column" => "id", "value" => $data["id"]); $row = array("access_level" => $data["access_level"], "active" => $data["active"]); $db->edit_rows($search, $row); } else { $this->response(null, null, 401); } $db->disconnect(); $this->response("success", "json"); }
public function post($data) { // login check - if fail, return no data to stop error flagging to user if ((int) $this->check_access() < 10) { $this->response(null, null, 401); } if (!isset($data["content"])) { $this->response(null, null, 400); } // update content $db = new RazorDB(); $db->connect("content"); // update or add content $new_content_map = array(); foreach ($data["content"] as $key => $content) { if (!isset($content["content_id"]) || !isset($content["content"]) || empty($content["content"])) { unset($data["content"][$key]); continue; } if (stripos($content["content_id"], "new-") === false) { // update $search = array("column" => "id", "value" => $content["content_id"]); $db->edit_rows($search, array("content" => $content["content"], "name" => $content["name"])); } else { // add new content and map the ID to the new id for locations table $row = array("content" => $content["content"], "name" => $content["name"]); $result = $db->add_rows($row); $new_content_map[$content["content_id"]] = $result["result"][0]["id"]; } } $db->disconnect(); // update or add locations $db = new RazorDB(); $db->connect("page_content"); // 1. first take snapshot of current $search = array("column" => "page_id", "value" => (int) $data["page_id"]); $current_page_content = $db->get_rows($search); $current_page_content = $current_page_content["result"]; // 2. iterate through updating or adding, make a note of all id's $page_content_map = array(); foreach ($data["locations"] as $location => $columns) { foreach ($columns as $column => $blocks) { foreach ($blocks as $pos => $block) { if ($block["id"] != "new") { // update $search = array("column" => "id", "value" => $block["id"]); $row = array("location" => $location, "column" => (int) $column, "position" => $pos + 1, "json_settings" => json_encode($block["settings"])); if (isset($block["extension"])) { $row["extension"] = $block["extension"]; } $db->edit_rows($search, $row); $page_content_map[] = $block["id"]; } else { // add new, if new, add, if new but already present add, else add as ext $new_content_id = isset($block["content_id"], $new_content_map[$block["content_id"]]) ? $new_content_map[$block["content_id"]] : (isset($block["content_id"]) && is_numeric($block["content_id"]) ? $block["content_id"] : null); if (!empty($new_content_id) || isset($block["extension"])) { $row = array("page_id" => (int) $data["page_id"], "content_id" => $new_content_id, "location" => $location, "column" => (int) $column, "position" => $pos + 1); if (isset($block["extension"])) { $row["extension"] = $block["extension"]; $row["json_settings"] = isset($block["settings"]) ? json_encode($block["settings"]) : null; } $result = $db->add_rows($row); $page_content_map[] = $result["result"][0]; } } } } } // 3. run through id's affected against snapshot, if any missing, remove them. foreach ($current_page_content as $row) { if (!in_array($row["id"], $page_content_map)) { $db->delete_rows(array("column" => "id", "value" => (int) $row["id"])); } } $db->disconnect(); // return the basic user details $this->response("success", "json"); }