Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 17:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

* new hooks: LOGIN, LOGIN_ATTEMPT, LOGOUT

Browse Source 
* fixed bug with uninstalling some plugin dirs
* updated TODO
This commit is contained in:
slawkens1 2018-01-14 08:59:37 +01:00
parent b1c72df333
commit 16bcb70863
11 changed files with 120 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
TODO
View File

@ -18,14 +18,21 @@
* Menus in templates * Menus in templates
* move highscores to twig * move highscores to twig
* migrations: option to downgrade the database * migrations: option to downgrade the database
* hooks: login + logout
* create account: create character * create account: create character
1.0: 1.0:
* mobile version
* switch do desktop/mobile version link
* inside templates/mobile
* using Mobile_Detect.php library
* i18n support (issue #1 on github) * i18n support (issue #1 on github)
* New Admin Panel layout and interface * New Admin Panel layout and interface
* most preferably: https://adminlte.io/ * most preferably: https://adminlte.io/
* move all pages administration to this panel (like faq, forum, newses) * move all pages administration to this panel (like faq, forum, newses)
* save plugin configuration in database
* table name: myaac_config_plugins, columns: plugin, name, type, default, required, extra (json data, like options for select)
* plugin auto-update and check-version
* needs support from my-aac.org (plugins database)
* remove tibiacom template, and include it as a plugin * remove tibiacom template, and include it as a plugin
2.0 2.0

6
admin/index.php
View File

@ -23,6 +23,12 @@ define('PAGE', $page);
require(SYSTEM . 'functions.php'); require(SYSTEM . 'functions.php');
require(SYSTEM . 'init.php'); require(SYSTEM . 'init.php');
// event system
require_once(SYSTEM . 'hooks.php');
$hooks = new Hooks();
$hooks->load();
require(SYSTEM . 'status.php'); require(SYSTEM . 'status.php');
require(SYSTEM . 'login.php'); require(SYSTEM . 'login.php');
require(ADMIN . 'includes/functions.php'); require(ADMIN . 'includes/functions.php');

9
index.php
View File

@ -165,6 +165,11 @@ define('PAGE', $page);
$template_place_holders = array(); $template_place_holders = array();
require_once(SYSTEM . 'init.php'); require_once(SYSTEM . 'init.php');
// event system
require_once(SYSTEM . 'hooks.php');
$hooks = new Hooks();
$hooks->load();
require_once(SYSTEM . 'template.php'); require_once(SYSTEM . 'template.php');
require_once(SYSTEM . 'login.php'); require_once(SYSTEM . 'login.php');
require_once(SYSTEM . 'status.php'); require_once(SYSTEM . 'status.php');
@ -191,10 +196,6 @@ else { // register first version
} }
} }
// event system
require_once(SYSTEM . 'hooks.php');
$hooks = new Hooks();
$hooks->load();
$hooks->trigger(HOOK_STARTUP); $hooks->trigger(HOOK_STARTUP);
// anonymous usage statistics // anonymous usage statistics

10
system/functions.php
View File

@ -931,6 +931,16 @@ function str_replace_first($search, $replace, $subject) {
return $subject; return $subject;
} }
function get_browser_real_ip() {
if(isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR']))
return $_SERVER['REMOTE_ADDR'];
else if(isset($_SERVER['HTTP_CLIENT_IP']) && !empty($_SERVER['HTTP_CLIENT_IP']))
return $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
return '0';
}
function setSession($key, $data) { function setSession($key, $data) {
global $config; global $config;
$_SESSION[$config['session_prefix'] . $key] = $data; $_SESSION[$config['session_prefix'] . $key] = $data;

5
system/hooks.php
View File

@ -21,8 +21,11 @@ define('HOOK_CHARACTERS_BEFORE_SIGNATURE', 9);
define('HOOK_CHARACTERS_AFTER_SIGNATURE', 10); define('HOOK_CHARACTERS_AFTER_SIGNATURE', 10);
define('HOOK_CHARACTERS_AFTER_ACCOUNT', 11); define('HOOK_CHARACTERS_AFTER_ACCOUNT', 11);
define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12); define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12);
define('HOOK_LOGIN', 13);
define('HOOK_LOGIN_ATTEMPT', 14);
define('HOOK_LOGOUT', 15);
define('HOOK_FIRST', HOOK_STARTUP); define('HOOK_FIRST', HOOK_STARTUP);
define('HOOK_LAST', HOOK_CHARACTERS_AFTER_CHARACTERS); define('HOOK_LAST', HOOK_LOGOUT);
class Hook class Hook
{ {

7
system/libs/plugins.php
View File

@ -195,8 +195,11 @@ class Plugins {
if($continue) { if($continue) {
if (isset($plugin['install'])) { if (isset($plugin['install'])) {
if (file_exists(BASE . $plugin['install'])) if (file_exists(BASE . $plugin['install'])) {
$db->revalidateCache();
require(BASE . $plugin['install']); require(BASE . $plugin['install']);
$db->revalidateCache();
}
else else
self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.'; self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
} }
@ -270,7 +273,7 @@ class Plugins {
break; break;
} }
$file = BASE . $file; $file = str_replace('/', '\\', BASE . $file);
if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) { if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
$success = false; $success = false;
self::$error = "You don't have rights to delete: " . $file; self::$error = "You don't have rights to delete: " . $file;

9
system/libs/pot/OTS_Account.php
View File

@ -879,14 +879,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
public function logAction($action) public function logAction($action)
{ {
$ip = '0'; $ip = get_browser_real_ip();
if(isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR']))
$ip = $_SERVER['REMOTE_ADDR'];
else if(isset($_SERVER['HTTP_CLIENT_IP']) && !empty($_SERVER['HTTP_CLIENT_IP']))
$ip = $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if(strpos($ip, ":") === false) { if(strpos($ip, ":") === false) {
$ipv6 = '0'; $ipv6 = '0';
} }

21
system/libs/pot/OTS_DB_MySQL.php
View File

@ -180,6 +180,10 @@ class OTS_DB_MySQL extends OTS_Base_DB
return $this->has_table_cache[$name]; return $this->has_table_cache[$name];
} }
return $this->hasTableInternal($name);
}
private function hasTableInternal($name) {
global $config; global $config;
return ($this->has_table_cache[$name] = $this->query("SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = " . $this->quote($config['database_name']) . " AND `TABLE_NAME` = " . $this->quote($name) . " LIMIT 1;")->rowCount() > 0); return ($this->has_table_cache[$name] = $this->query("SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = " . $this->quote($config['database_name']) . " AND `TABLE_NAME` = " . $this->quote($name) . " LIMIT 1;")->rowCount() > 0);
} }
@ -189,8 +193,25 @@ class OTS_DB_MySQL extends OTS_Base_DB
return $this->has_column_cache[$table . '.' . $column]; return $this->has_column_cache[$table . '.' . $column];
} }
return $this->hasColumnInternal($table, $column);
}
private function hasColumnInternal($table, $column) {
return ($this->has_column_cache[$table . '.' . $column] = count($this->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0); return ($this->has_column_cache[$table . '.' . $column] = count($this->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
} }
public function revalidateCache() {
foreach($this->has_table_cache as $key => $value) {
$this->hasTableInternal($key);
}
foreach($this->has_column_cache as $key => $value) {
$explode = explode('.', $key);
if(isset($this->has_table_cache[$explode[0]]) && $this->has_table_cache[$explode[0]]) {// first check if table exist
$this->hasColumnInternal($explode[0], $explode[1]);
}
}
}
} }
/**#@-*/ /**#@-*/

68
system/login.php
View File

@ -14,16 +14,37 @@ $logged_flags = 0;
$action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : ''; $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
define('ACTION', $action); define('ACTION', $action);
if(ACTION == 'logout' && !isset($_REQUEST['account_login'])) // stay-logged with sessions
$current_session = getSession('account');
if($current_session !== false)
{ {
unsetSession('account'); $account_logged = new OTS_Account();
unsetSession('password'); $account_logged->load($current_session);
unsetSession('remember_me'); if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
//&& (!isset($_SESSION['admin']) || admin())
&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used
$logged = true;
}
else {
unsetSession('account');
unset($account_logged);
}
}
if(isset($_REQUEST['redirect'])) if(ACTION == 'logout' && !isset($_REQUEST['account_login'])) {
{ if($hooks->trigger(HOOK_LOGOUT, array('logged' => $logged, 'account' => (isset($account_logged) ? $account_logged : new OTS_Account()), 'password' => getSession('password')))) {
header('Location: ' . urldecode($_REQUEST['redirect'])); unsetSession('account');
exit; unsetSession('password');
unsetSession('remember_me');
$logged = false;
unset($account_logged);
if(isset($_REQUEST['redirect']))
{
header('Location: ' . urldecode($_REQUEST['redirect']));
exit;
}
} }
} }
else else
@ -31,8 +52,9 @@ else
// new login with data from form // new login with data from form
if(!$logged && isset($_POST['account_login']) && isset($_POST['password_login'])) if(!$logged && isset($_POST['account_login']) && isset($_POST['password_login']))
{ {
$login_account = strtoupper($_POST['account_login']); $login_account = $_POST['account_login'];
$login_password = $_POST['password_login']; $login_password = $_POST['password_login'];
$remember_me = isset($_POST['remember_me']);
if(!empty($login_account) && !empty($login_password)) if(!empty($login_account) && !empty($login_password))
{ {
if($cache->enabled()) if($cache->enabled())
@ -71,8 +93,9 @@ else
{ {
setSession('account', $account_logged->getId()); setSession('account', $account_logged->getId());
setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
if(isset($_POST['remember_me'])) if($remember_me) {
setSession('remember_me', true); setSession('remember_me', true);
}
$logged = true; $logged = true;
$logged_flags = $account_logged->getWebFlags(); $logged_flags = $account_logged->getWebFlags();
@ -87,9 +110,13 @@ else
else { else {
$account_logged->setCustomField('web_lastlogin', time()); $account_logged->setCustomField('web_lastlogin', time());
} }
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
} }
else else
{ {
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
// temporary solution for blocking failed login attempts // temporary solution for blocking failed login attempts
if($cache->enabled()) if($cache->enabled())
{ {
@ -116,28 +143,11 @@ else
} }
else { else {
$errors[] = 'Please enter your account ' . (USE_ACCOUNT_NAME ? 'name' : 'password') . ' and password.'; $errors[] = 'Please enter your account ' . (USE_ACCOUNT_NAME ? 'name' : 'password') . ' and password.';
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
} }
} }
// stay-logged with sessions
$current_session = getSession('account');
if($current_session !== false)
{
$account_logged = new OTS_Account();
$account_logged->load($current_session);
if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
//&& (!isset($_SESSION['admin']) || admin())
&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used
$logged = true;
}
else
{
$logged = false;
unsetSession('account');
unset($account_logged);
}
}
if($logged) { if($logged) {
$logged_flags = $account_logged->getWebFlags(); $logged_flags = $account_logged->getWebFlags();
$twig->addGlobal('logged', true); $twig->addGlobal('logged', true);

39
system/pages/accountmanagement.php
View File

@ -18,27 +18,30 @@ $groups = new OTS_Groups_List();
$show_form = true; $show_form = true;
$config_salt_enabled = $db->hasColumn('accounts', 'salt'); $config_salt_enabled = $db->hasColumn('accounts', 'salt');
if(!$logged)
{ if(ACTION == "logout" && !isset($_REQUEST['account_login'])) {
if($action == "logout") { if(!defined('HOOK_LOGOUT_DISPLAY') || HOOK_LOGOUT_DISPLAY) { // plugin will take care of this message
echo $twig->render('account.logout.html.twig'); echo $twig->render('account.logout.html.twig');
} }
else
{ return;
if($action == 'confirm_email') { }
require(PAGES . 'account/' . $action . '.php');
return; if(!$logged)
} {
if(ACTION == 'confirm_email') {
if(!empty($errors)) require(PAGES . 'account/' . ACTION . '.php');
echo $twig->render('error_box.html.twig', array('errors' => $errors)); return;
echo $twig->render('account.login.html.twig', array(
'redirect' => isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : null,
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'error' => isset($errors[0]) ? $errors[0] : null
));
} }
if(!empty($errors))
echo $twig->render('error_box.html.twig', array('errors' => $errors));
echo $twig->render('account.login.html.twig', array(
'redirect' => isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : null,
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'error' => isset($errors[0]) ? $errors[0] : null
));
return; return;
} }

1
system/pages/admin/plugins.php
View File

@ -10,7 +10,6 @@
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
$title = 'Plugin manager'; $title = 'Plugin manager';
require(SYSTEM . 'hooks.php');
require(LIBS . 'plugins.php'); require(LIBS . 'plugins.php');
echo $twig->render('admin.plugins.form.html.twig'); echo $twig->render('admin.plugins.form.html.twig');