|
|
@@ -5,12 +5,11 @@
|
|
|
// Web interface core plugin
|
|
|
class YellowWebinterface
|
|
|
{
|
|
|
- const Version = "0.2.7";
|
|
|
+ const Version = "0.2.8";
|
|
|
var $yellow; //access to API
|
|
|
var $users; //web interface users
|
|
|
- var $activeLocation; //web interface location? (boolean)
|
|
|
- var $activeUserFail; //web interface login failed? (boolean)
|
|
|
- var $activeUserEmail; //web interface user currently logged in
|
|
|
+ var $active; //web interface is active location? (boolean)
|
|
|
+ var $loginFailed; //web interface login failed? (boolean)
|
|
|
var $rawDataOriginal; //raw data of page in case of errors
|
|
|
|
|
|
// Initialise plugin
|
|
|
@@ -19,6 +18,7 @@ class YellowWebinterface
|
|
|
$this->yellow = $yellow;
|
|
|
$this->yellow->config->setDefault("webinterfaceLocation", "/edit/");
|
|
|
$this->yellow->config->setDefault("webinterfaceUserFile", "user.ini");
|
|
|
+ $this->yellow->config->setDefault("webinterfaceUserHome", "/");
|
|
|
$this->users = new YellowWebinterfaceUsers($yellow);
|
|
|
$this->users->load($this->yellow->config->get("configDir").$this->yellow->config->get("webinterfaceUserFile"));
|
|
|
}
|
|
|
@@ -27,12 +27,12 @@ class YellowWebinterface
|
|
|
function onRequest($location)
|
|
|
{
|
|
|
$statusCode = 0;
|
|
|
- if($this->checkWebinterfaceLocation($location))
|
|
|
+ if($this->checkLocation($location))
|
|
|
{
|
|
|
list($serverName, $serverBase, $location, $fileName) = $this->yellow->getRequestInformation($this->yellow->config->get("webinterfaceLocation"));
|
|
|
if($this->checkUser()) $statusCode = $this->processRequestAction($serverName, $serverBase, $location, $fileName);
|
|
|
if($statusCode == 0) $statusCode = $this->yellow->processRequest($serverName, $serverBase, $location, $fileName,
|
|
|
- false, $this->activeUserFail ? 401 : 0);
|
|
|
+ false, $this->loginFailed ? 401 : 0);
|
|
|
} else {
|
|
|
if($this->yellow->config->get("webinterfaceLocation") == "$location/")
|
|
|
{
|
|
|
@@ -47,7 +47,7 @@ class YellowWebinterface
|
|
|
// Handle page meta data parsing
|
|
|
function onParseMeta($page, $text)
|
|
|
{
|
|
|
- if($this->isWebinterfaceLocation() && $this->isUser())
|
|
|
+ if($this->isActive() && $this->isUser())
|
|
|
{
|
|
|
if($page == $this->yellow->page)
|
|
|
{
|
|
|
@@ -60,16 +60,16 @@ class YellowWebinterface
|
|
|
function onParseContent($page, $text)
|
|
|
{
|
|
|
$output = NULL;
|
|
|
- if($this->isWebinterfaceLocation() && $this->isUser())
|
|
|
+ if($this->isActive() && $this->isUser())
|
|
|
{
|
|
|
if($page == $this->yellow->page)
|
|
|
{
|
|
|
switch($page->statusCode)
|
|
|
{
|
|
|
- case 424: $language = $this->isUser() ? $this->users->getLanguage($this->activeUserEmail) : $page->get("language");
|
|
|
+ case 424: $language = $this->isUser() ? $this->users->getLanguage() : $page->get("language");
|
|
|
$page->rawData = "---\r\n";
|
|
|
$page->rawData .= "Title: ".$this->yellow->text->getText("webinterface424Title", $language)."\r\n";
|
|
|
- $page->rawData .= "Author: ".$this->users->getName($this->activeUserEmail)."\r\n";
|
|
|
+ $page->rawData .= "Author: ".$this->users->getName()."\r\n";
|
|
|
$page->rawData .= "---\r\n";
|
|
|
$page->rawData .= $this->yellow->text->getText("webinterface424Text", $language);
|
|
|
break;
|
|
|
@@ -92,18 +92,20 @@ class YellowWebinterface
|
|
|
function onHeaderExtra()
|
|
|
{
|
|
|
$header = "";
|
|
|
- if($this->isWebinterfaceLocation())
|
|
|
+ if($this->isActive())
|
|
|
{
|
|
|
$location = $this->yellow->config->getHtml("serverBase").$this->yellow->config->getHtml("pluginLocation");
|
|
|
- $language = $this->isUser() ? $this->users->getLanguage($this->activeUserEmail) : $this->yellow->page->get("language");
|
|
|
+ $language = $this->isUser() ? $this->users->getLanguage() : $this->yellow->page->get("language");
|
|
|
$header .= "<link rel=\"styleSheet\" type=\"text/css\" media=\"all\" href=\"{$location}core-webinterface.css\" />\n";
|
|
|
$header .= "<script type=\"text/javascript\" src=\"{$location}core-webinterface.js\"></script>\n";
|
|
|
$header .= "<script type=\"text/javascript\">\n";
|
|
|
$header .= "// <![CDATA[\n";
|
|
|
if($this->isUser())
|
|
|
{
|
|
|
+ $permissions = $this->checkPermissions($this->yellow->page->location, $this->yellow->page->fileName);
|
|
|
$header .= "yellow.page.rawData = ".json_encode($this->yellow->page->rawData).";\n";
|
|
|
- $header .= "yellow.config = ".json_encode($this->getConfigData($this->activeUserEmail)).";\n";
|
|
|
+ $header .= "yellow.page.permissions = " .json_encode($permissions).";\n";
|
|
|
+ $header .= "yellow.config = ".json_encode($this->getConfigData()).";\n";
|
|
|
}
|
|
|
$header .= "yellow.text = ".json_encode($this->yellow->text->getData("webinterface", $language)).";\n";
|
|
|
if(defined("DEBUG")) $header .= "yellow.debug = ".json_encode(DEBUG).";\n";
|
|
|
@@ -116,7 +118,7 @@ class YellowWebinterface
|
|
|
// Handle command help
|
|
|
function onCommandHelp()
|
|
|
{
|
|
|
- return "user EMAIL PASSWORD [NAME LANGUAGE]\n";
|
|
|
+ return "user EMAIL PASSWORD [NAME LANGUAGE HOME]\n";
|
|
|
}
|
|
|
|
|
|
// Handle command
|
|
|
@@ -135,11 +137,11 @@ class YellowWebinterface
|
|
|
function userCommand($args)
|
|
|
{
|
|
|
$statusCode = 0;
|
|
|
- list($dummy, $command, $email, $password, $name, $language) = $args;
|
|
|
- if(!empty($email) && !empty($password) )
|
|
|
+ list($dummy, $command, $email, $password, $name, $language, $home) = $args;
|
|
|
+ if(!empty($email) && !empty($password) && (empty($home) || $home[0]=='/'))
|
|
|
{
|
|
|
$fileName = $this->yellow->config->get("configDir").$this->yellow->config->get("webinterfaceUserFile");
|
|
|
- $statusCode = $this->users->createUser($fileName, $email, $password, $name, $language) ? 200 : 500;
|
|
|
+ $statusCode = $this->users->createUser($fileName, $email, $password, $name, $language, $home) ? 200 : 500;
|
|
|
if($statusCode != 200) echo "ERROR updating configuration: Can't write file '$fileName'!\n";
|
|
|
echo "Yellow $command: User account ".($statusCode!=200 ? "not " : "");
|
|
|
echo ($this->users->isExisting($email) ? "updated" : "created")."\n";
|
|
|
@@ -156,7 +158,7 @@ class YellowWebinterface
|
|
|
$statusCode = 0;
|
|
|
switch($_POST["action"])
|
|
|
{
|
|
|
- case "edit": if(!empty($_POST["rawdata"]) && $this->checkUserPermissions($location, $fileName))
|
|
|
+ case "edit": if(!empty($_POST["rawdata"]) && $this->checkPermissions($location, $fileName))
|
|
|
{
|
|
|
$this->rawDataOriginal = $_POST["rawdata"];
|
|
|
if($this->yellow->toolbox->createFile($fileName, $_POST["rawdata"]))
|
|
|
@@ -171,12 +173,20 @@ class YellowWebinterface
|
|
|
}
|
|
|
}
|
|
|
break;
|
|
|
- case "login": $statusCode = 303;
|
|
|
- $locationHeader = $this->yellow->toolbox->getHttpLocationHeader($serverName, $serverBase, $location);
|
|
|
- $this->yellow->sendStatus($statusCode, $locationHeader);
|
|
|
+ case "login": $home = $this->users->getHome();
|
|
|
+ if(substru($location, 0, strlenu($home)) == $home)
|
|
|
+ {
|
|
|
+ $statusCode = 303;
|
|
|
+ $locationHeader = $this->yellow->toolbox->getHttpLocationHeader($serverName, $serverBase, $location);
|
|
|
+ $this->yellow->sendStatus($statusCode, $locationHeader);
|
|
|
+ } else {
|
|
|
+ $statusCode = 302;
|
|
|
+ $locationHeader = $this->yellow->toolbox->getHttpLocationHeader($serverName, $serverBase, $home);
|
|
|
+ $this->yellow->sendStatus($statusCode, $locationHeader);
|
|
|
+ }
|
|
|
break;
|
|
|
case "logout": $this->users->destroyCookie("login");
|
|
|
- $this->activeUserEmail = "";
|
|
|
+ $this->users->email = "";
|
|
|
$statusCode = 302;
|
|
|
$locationHeader = $this->yellow->toolbox->getHttpLocationHeader($serverName, $this->yellow->config->get("serverBase"), $location);
|
|
|
$this->yellow->sendStatus($statusCode, $locationHeader);
|
|
|
@@ -189,7 +199,7 @@ class YellowWebinterface
|
|
|
$locationHeader = $this->yellow->toolbox->getHttpLocationHeader($serverName, $serverBase, "$location/");
|
|
|
$this->yellow->sendStatus($statusCode, $locationHeader);
|
|
|
} else {
|
|
|
- $statusCode = $this->checkUserPermissions($location, $fileName) ? 424 : 404;
|
|
|
+ $statusCode = $this->checkPermissions($location, $fileName) ? 424 : 404;
|
|
|
$this->yellow->processRequest($serverName, $serverBase, $location, $fileName, false, $statusCode);
|
|
|
}
|
|
|
}
|
|
|
@@ -198,14 +208,14 @@ class YellowWebinterface
|
|
|
}
|
|
|
|
|
|
// Check web interface location
|
|
|
- function checkWebinterfaceLocation($location)
|
|
|
+ function checkLocation($location)
|
|
|
{
|
|
|
$locationLength = strlenu($this->yellow->config->get("webinterfaceLocation"));
|
|
|
- $this->activeLocation = substru($location, 0, $locationLength) == $this->yellow->config->get("webinterfaceLocation");
|
|
|
- return $this->isWebinterfaceLocation();
|
|
|
+ $this->active = substru($location, 0, $locationLength) == $this->yellow->config->get("webinterfaceLocation");
|
|
|
+ return $this->isActive();
|
|
|
}
|
|
|
|
|
|
- // Check user login
|
|
|
+ // Check web interface user
|
|
|
function checkUser()
|
|
|
{
|
|
|
if($_POST["action"] == "login")
|
|
|
@@ -215,47 +225,57 @@ class YellowWebinterface
|
|
|
if($this->users->checkUser($email, $password))
|
|
|
{
|
|
|
$this->users->createCookie("login", $email);
|
|
|
- $this->activeUserEmail = $email;
|
|
|
+ $this->users->email = $email;
|
|
|
} else {
|
|
|
- $this->activeUserFail = true;
|
|
|
+ $this->loginFailed = true;
|
|
|
}
|
|
|
} else if(isset($_COOKIE["login"])) {
|
|
|
$cookie = $_COOKIE["login"];
|
|
|
if($this->users->checkCookie($cookie))
|
|
|
{
|
|
|
- $this->activeUserEmail = $this->users->getCookieEmail($cookie);
|
|
|
+ $this->users->email = $this->users->getCookieEmail($cookie);
|
|
|
} else {
|
|
|
- $this->activeUserFail = true;
|
|
|
+ $this->loginFailed = true;
|
|
|
}
|
|
|
}
|
|
|
return $this->isUser();
|
|
|
}
|
|
|
-
|
|
|
- // Check users permissions for creating new page
|
|
|
- function checkUserPermissions($location, $fileName)
|
|
|
+
|
|
|
+ // Check permissions for changing page
|
|
|
+ function checkPermissions($location, $fileName)
|
|
|
{
|
|
|
- $path = dirname($fileName);
|
|
|
- return is_dir($path) && strlenu(basename($fileName))<128;
|
|
|
+ $permissions = true;
|
|
|
+ foreach($this->yellow->plugins->plugins as $key=>$value)
|
|
|
+ {
|
|
|
+ if(method_exists($value["obj"], "onCheckPermissions"))
|
|
|
+ {
|
|
|
+ $permissions = $value["obj"]->onCheckPermissions($location, $fileName, $this->users);
|
|
|
+ if(!$permissions) break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ $permissions &= is_dir(dirname($fileName)) && strlenu(basename($fileName))<128;
|
|
|
+ return $permissions;
|
|
|
}
|
|
|
|
|
|
// Check if web interface location
|
|
|
- function isWebinterfaceLocation()
|
|
|
+ function isActive()
|
|
|
{
|
|
|
- return $this->activeLocation;
|
|
|
+ return $this->active;
|
|
|
}
|
|
|
|
|
|
// Check if user is logged in
|
|
|
function isUser()
|
|
|
{
|
|
|
- return !empty($this->activeUserEmail);
|
|
|
+ return !empty($this->users->email);
|
|
|
}
|
|
|
|
|
|
- // Return configuration data including user information
|
|
|
- function getConfigData($email)
|
|
|
+ // Return configuration data including information of current user
|
|
|
+ function getConfigData()
|
|
|
{
|
|
|
- $data = array("userEmail" => $email,
|
|
|
- "userName" => $this->users->getName($email),
|
|
|
- "userLanguage" => $this->users->getLanguage($email),
|
|
|
+ $data = array("userEmail" => $this->users->email,
|
|
|
+ "userName" => $this->users->getName(),
|
|
|
+ "userLanguage" => $this->users->getLanguage(),
|
|
|
+ "userHome" => $this->users->getHome(),
|
|
|
"serverName" => $this->yellow->config->get("serverName"),
|
|
|
"serverBase" => $this->yellow->config->get("serverBase"));
|
|
|
return array_merge($data, $this->yellow->config->getData("Location"));
|
|
|
@@ -267,6 +287,7 @@ class YellowWebinterfaceUsers
|
|
|
{
|
|
|
var $yellow; //access to API
|
|
|
var $users; //registered users
|
|
|
+ var $email; //current user
|
|
|
|
|
|
function __construct($yellow)
|
|
|
{
|
|
|
@@ -283,18 +304,30 @@ class YellowWebinterfaceUsers
|
|
|
foreach($fileData as $line)
|
|
|
{
|
|
|
if(preg_match("/^\//", $line)) continue;
|
|
|
- preg_match("/^(.*?),\s*(.*?),\s*(.*?),\s*(.*?)\s*$/", $line, $matches);
|
|
|
+ preg_match("/^(.*?),\s*(.*?),\s*(.*?),\s*(.*?),\s*(.*?)\s*$/", $line, $matches);
|
|
|
if(!empty($matches[1]) && !empty($matches[2]) && !empty($matches[3]) && !empty($matches[4]))
|
|
|
{
|
|
|
- $this->setUser($matches[1], $matches[2], $matches[3], $matches[4]);
|
|
|
+ $this->set($matches[1], $matches[2], $matches[3], $matches[4], $matches[5]);
|
|
|
if(defined("DEBUG") && DEBUG>=3) echo "YellowWebinterfaceUsers::load email:$matches[1] $matches[3]<br/>\n";
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ // Set user data
|
|
|
+ function set($email, $password, $name, $language, $home)
|
|
|
+ {
|
|
|
+ $this->users[$email] = array();
|
|
|
+ $this->users[$email]["email"] = $email;
|
|
|
+ $this->users[$email]["password"] = $password;
|
|
|
+ $this->users[$email]["name"] = $name;
|
|
|
+ $this->users[$email]["language"] = $language;
|
|
|
+ $this->users[$email]["home"] = $home;
|
|
|
+ $this->users[$email]["session"] = hash("sha256", $email.$password.$password.$email);
|
|
|
+ }
|
|
|
+
|
|
|
// Create or update user in file
|
|
|
- function createUser($fileName, $email, $password, $name, $language)
|
|
|
+ function createUser($fileName, $email, $password, $name, $language, $home)
|
|
|
{
|
|
|
$email = strreplaceu(',', '-', $email);
|
|
|
$password = hash("sha256", $email.$password);
|
|
|
@@ -304,14 +337,15 @@ class YellowWebinterfaceUsers
|
|
|
{
|
|
|
foreach($fileData as $line)
|
|
|
{
|
|
|
- preg_match("/^(.*?),\s*(.*?),\s*(.*?),\s*(.*?)\s*$/", $line, $matches);
|
|
|
+ preg_match("/^(.*?),\s*(.*?),\s*(.*?),\s*(.*?),\s*(.*?)\s*$/", $line, $matches);
|
|
|
if(!empty($matches[1]) && !empty($matches[2]) && !empty($matches[3]) && !empty($matches[4]))
|
|
|
{
|
|
|
if($matches[1] == $email)
|
|
|
{
|
|
|
$name = strreplaceu(',', '-', empty($name) ? $matches[3] : $name);
|
|
|
$language = strreplaceu(',', '-', empty($language) ? $matches[4] : $language);
|
|
|
- $fileDataNew .= "$email,$password,$name,$language\n";
|
|
|
+ $home = strreplaceu(',', '-', empty($home) ? $matches[5] : $home);
|
|
|
+ $fileDataNew .= "$email,$password,$name,$language,$home\n";
|
|
|
$fileNewUser = false;
|
|
|
continue;
|
|
|
}
|
|
|
@@ -323,22 +357,12 @@ class YellowWebinterfaceUsers
|
|
|
{
|
|
|
$name = strreplaceu(',', '-', empty($name) ? $this->yellow->config->get("sitename") : $name);
|
|
|
$language = strreplaceu(',', '-', empty($language) ? $this->yellow->config->get("language") : $language);
|
|
|
- $fileDataNew .= "$email,$password,$name,$language\n";
|
|
|
+ $home = strreplaceu(',', '-', empty($home) ? $this->yellow->config->get("webinterfaceUserHome") : $home);
|
|
|
+ $fileDataNew .= "$email,$password,$name,$language,$home\n";
|
|
|
}
|
|
|
return $this->yellow->toolbox->createFile($fileName, $fileDataNew);
|
|
|
}
|
|
|
|
|
|
- // Set user data
|
|
|
- function setUser($email, $password, $name, $language)
|
|
|
- {
|
|
|
- $this->users[$email] = array();
|
|
|
- $this->users[$email]["email"] = $email;
|
|
|
- $this->users[$email]["password"] = $password;
|
|
|
- $this->users[$email]["name"] = $name;
|
|
|
- $this->users[$email]["language"] = $language;
|
|
|
- $this->users[$email]["session"] = hash("sha256", $email.$password.$password.$email);
|
|
|
- }
|
|
|
-
|
|
|
// Check user login
|
|
|
function checkUser($email, $password)
|
|
|
{
|
|
|
@@ -377,16 +401,25 @@ class YellowWebinterfaceUsers
|
|
|
}
|
|
|
|
|
|
// Return user name
|
|
|
- function getName($email)
|
|
|
+ function getName($email = "")
|
|
|
{
|
|
|
+ if(empty($email)) $email = $this->email;
|
|
|
return $this->isExisting($email) ? $this->users[$email]["name"] : "";
|
|
|
}
|
|
|
|
|
|
// Return user language
|
|
|
- function getLanguage($email)
|
|
|
+ function getLanguage($email = "")
|
|
|
{
|
|
|
+ if(empty($email)) $email = $this->email;
|
|
|
return $this->isExisting($email) ? $this->users[$email]["language"] : "";
|
|
|
}
|
|
|
+
|
|
|
+ // Return user home
|
|
|
+ function getHome($email = "")
|
|
|
+ {
|
|
|
+ if(empty($email)) $email = $this->email;
|
|
|
+ return $this->isExisting($email) ? $this->users[$email]["home"] : "";
|
|
|
+ }
|
|
|
|
|
|
// Check if user exists
|
|
|
function isExisting($email)
|
markseu