Skip to content
Snippets Groups Projects
Select Git revision
  • pre-2.1b default protected
  • pre-2.1
  • pre-2.0
  • testTag
  • pre2.1b
5 results

backTasks.php

Blame
  • backTasks.php 15.04 KiB
    <?php
    if (isset($_GET["getNotifications"])) {
    	$response = $bdd->prepare("SELECT * FROM `vbcms-notifications` WHERE userId='0' OR userId=?");
    	$response->execute([$_SESSION["user_id"]]);
    	$response = $response->fetchAll(PDO::FETCH_ASSOC);
    	echo json_encode($response);
    } elseif (isset($_GET["updateVBcms"])) {/*
    	$curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
    	VBcmsGetSetting("serverId") = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='serverId'")->fetchColumn();
    	$key = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='encryptionKey'")->fetchColumn();
    	$vbcmsVer = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='vbcmsVersion'")->fetchColumn();
    	$curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
    
    	$updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".VBcmsGetSetting("serverId")."&key=".$key."&version=".$vbcmsVer."&canal=".$curentUpdateCanal);
    	$updateInfosData = json_decode($updateInfos, true);
    
    	$updateFilename = $GLOBALS['vbcmsRootPath']."/vbcms-content/updates/vbcms-update-v".$updateInfosData['version']."_from-".$vbcmsVer.".zip";
    	if (!file_exists($GLOBALS['vbcmsRootPath']."/vbcms-content/updates")) mkdir($GLOBALS['vbcmsRootPath']."/vbcms-content/updates", 0755);
    	//echo $updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key;
    	file_put_contents($updateFilename, file_get_contents($updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key));
    	if (file_exists($updateFilename)) {
    		$zip = new ZipArchive;
    		if ($zip->open($updateFilename) === TRUE) {
    		    $zip->extractTo($GLOBALS['vbcmsRootPath']);
    		    $zip->close();
    
    		    $response["success"] = true;
    		    $response["link"] = VBcmsGetSetting("websiteUrl")."update.php";
    		} else {
    			$response["success"] = false;
    			$response["code"] = 1; // Impossible d'ouvrir l'archive
    		}
    	} else {
    		$response["success"] = false;
    		$response["code"] = 0; // Impossible de télécharger la màj
    	}
    	echo json_encode($response);
        */
    } elseif (isset($_GET["checkModulesAliases"])&&!empty($_GET["checkModulesAliases"])){
    	$aliases = json_decode($_GET["checkModulesAliases"],true);
    	$aliasesAlreadyUsed = array();
    	if(isset($aliases['adminAccess'])){
    		$response = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE adminAccess=?");
    		$response->execute([$aliases['adminAccess']]);
    		if(!empty($response->fetch())) $aliasesAlreadyUsed['adminAccess'] = true;
    		else $aliasesAlreadyUsed['adminAccess'] = false;
    	}
    	if(isset($aliases['clientAccess'])){
    		$response = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE clientAccess=?");
    		$response->execute([$aliases['clientAccess']]);
    		if(!empty($response->fetch())) $aliasesAlreadyUsed['clientAccess'] = true;
    		else $aliasesAlreadyUsed['clientAccess'] = false;
    	}
    	echo json_encode($aliasesAlreadyUsed);
    	
    } elseif (isset($_GET["enableExtension"])&&!empty($_GET["enableExtension"])){
    	$extensionToEnable = json_decode($_GET["enableExtension"],true);
    	
    	// On va scanner le dossier des extensions pour les afficher dans la page
    	$extensionsFolder = $GLOBALS['vbcmsRootPath'].'/vbcms-content/extensions/';
    	$extensionsFolderContent = scandir($extensionsFolder);
    	foreach ($extensionsFolderContent as $extensionFolder){
    		if(!in_array($extensionFolder,[".", ".."]) && is_dir($extensionsFolder.$extensionFolder)){ // Ici on check qu'il s'agisse bien d'un dossier
    			if(file_exists($extensionsFolder.$extensionFolder.'/extensionInfos.json')){
    				unset($extensionInfos);
    				$extensionInfos = json_decode(file_get_contents($extensionsFolder.$extensionFolder.'/extensionInfos.json'),true);
    				if($extensionInfos["name"]==$extensionToEnable["name"]){
    					$extensionInfos["path"] = $extensionFolder;
    					break;
    				}
    			}
    		}
    	}
    
    	// Maintenant on va créer l'instance de l'extension et l'activer
    	if($extensionInfos["type"]=="module"){
    		$calledmodule = new module($extensionInfos["name"]);
        	$calledmodule->initModule($extensionInfos["name"], $extensionInfos["path"], $extensionInfos["adminAccess"], $extensionInfos["clientAccess"], $extensionInfos["compatible"], $extensionInfos["workshopId"]);
    	}
    	
    } elseif (isset($_GET["disableExtension"])&&!empty($_GET["disableExtension"])){
    	$extensionToDisable = json_decode($_GET["disableExtension"],true);
    	
    	// On va récupérer les informations de l'extension en question
    	$extensionInfos = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE name = ?");
    	$extensionInfos->execute([$extensionToDisable['name']]);
    	$extensionInfos = $extensionInfos->fetch(PDO::FETCH_ASSOC);
    
    	if(empty($extensionInfos)) echo "L'extension ".$extensionToDisable['name']." n'a pas été trouvée dans la base de données.";
    	else {
    		// Maintenant on va créer l'instance de l'extension et la désactiver
    		if($extensionInfos["type"]=="module"){
    			$calledmodule = new module($extensionInfos["name"]);
    			$calledmodule->disableModule($extensionToDisable['deleteData']);
    		}
    	}
    
    	// Elle peut être utilisée comme fonction de base
    	$baseFunctions = $bdd->prepare("SELECT * FROM `vbcms-baseModulesAssoc` WHERE extensionName = ?");
    	$baseFunctions->execute([$extensionToDisable['name']]);
    	foreach($baseFunctions as $baseFunction){
    		$fixedAssoc = $bdd->prepare("UPDATE `vbcms-baseModulesAssoc` SET extensionName = '' WHERE name = ?");
    		$fixedAssoc->execute([$baseFunction['name']]);
    	}
    	
    } elseif (isset($_GET["checkModulesAliases"])&&!empty($_GET["checkModulesAliases"])){
    	$aliases = json_decode($_GET["checkModulesAliases"],true);
    	$aliasesAlreadyUsed = array();
    	if(isset($aliases['adminAccess'])){
    		$response = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE adminAccess=?");
    		$response->execute([$aliases['adminAccess']]);
    		if(!empty($response->fetch())) $aliasesAlreadyUsed['adminAccess'] = true;
    		else $aliasesAlreadyUsed['adminAccess'] = false;
    	}
    	if(isset($aliases['clientAccess'])){
    		$response = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE clientAccess=?");
    		$response->execute([$aliases['clientAccess']]);
    		if(!empty($response->fetch())) $aliasesAlreadyUsed['clientAccess'] = true;
    		else $aliasesAlreadyUsed['clientAccess'] = false;
    	}
    	echo json_encode($aliasesAlreadyUsed);
    	
    } elseif (isset($_GET["getSettingsHTML"])&&!empty($_GET["getSettingsHTML"])){
    	$moduleToCall = json_decode($_GET["getSettingsHTML"],true);
    	if($moduleToCall['moduleName']=="VBcms"){
    		require_once $GLOBALS['vbcmsRootPath']."/vbcms-admin/includes/settingsPage.php";
    		getSettingsHTML($moduleToCall['parameters']);
    	} else {
    		$moduleExist = $bdd->prepare("SELECT * FROM `vbcms-activatedExtensions` WHERE name=?");
    		$moduleExist->execute([$moduleToCall['moduleName']]);
    		$moduleExist=$moduleExist->fetch(PDO::FETCH_ASSOC);
    
    		if(!empty($moduleExist)){
    			$extensionsFolder = $GLOBALS['vbcmsRootPath'].'/vbcms-content/extensions/';
    			$calledModule = new module($moduleToCall['moduleName']);
    			$calledModule->getSettingsPage($moduleToCall['parameters']);
    		}else{
    			echo "<h5>Impossible d'afficher la page</h5><p>L'extension <code>".$moduleToCall['moduleName']."</code> n'a pas été trouvée. 😢</p>";
    		}
    	}
    	
    		
    } elseif (isset($_GET["saveSettings"])&& (isset($_POST)&&!empty($_POST))){	
    	$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='websiteName'");
    	$response->execute([$_POST["websiteName"]]);
    
    	$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='websiteDescription'");
    	$response->execute([$_POST["websiteDescription"]]);
    
    	$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='websiteMetaColor'");
    	$response->execute([$_POST["websiteMetaColor"]]);
    
    	if(isset($_POST["websiteLogo"])){
    		$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='websiteLogo'");
    		$response->execute([$_POST["websiteLogo"]]);
    	}
    
    	$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='steamApiKey'");
    	$response->execute([$_POST["steamApiKey"]]);
    
    	$response = $bdd->prepare("UPDATE `vbcms-settings` SET value=? WHERE name='updateCanal'");
    	$response->execute([$_POST["updateCanal"]]);
    
    	if (isset($_POST["debugMode"])) $response = $bdd->query("UPDATE `vbcms-settings` SET value='1' WHERE name='debugMode'");
    	else $response = $bdd->query("UPDATE `vbcms-settings` SET value='0' WHERE name='debugMode'");
    
    	if (isset($_POST["autoUpdatesSearch"])) $response = $bdd->query("UPDATE `vbcms-settings` SET value='1' WHERE name='autoUpdatesSearch'");
    	else $response = $bdd->query("UPDATE `vbcms-settings` SET value='0' WHERE name='autoUpdatesSearch'");
    	if (isset($_POST["autoUpdatesInstall"])) $response = $bdd->query("UPDATE `vbcms-settings` SET value='1' WHERE name='autoUpdatesInstall'");
    	else $response = $bdd->query("UPDATE `vbcms-settings` SET value='0' WHERE name='autoUpdatesInstall'");
    	if (isset($_POST["autoInstallCriticalUpdates"])) $response = $bdd->query("UPDATE `vbcms-settings` SET value='1' WHERE name='autoInstallCriticalUpdates'");
    	else $response = $bdd->query("UPDATE `vbcms-settings` SET value='0' WHERE name='autoInstallCriticalUpdates'");
    	
    }elseif (isset($_GET["fixBaseFunctionAssoc"])&& (isset($_POST)&&!empty($_POST))) {
    	foreach ($_POST as $assocName => $extName){
    		$fixedAssoc = $bdd->prepare("UPDATE `vbcms-baseModulesAssoc` SET extensionName = ? WHERE name = ?");
    		$fixedAssoc->execute([$extName, $assocName]);
    	}
    } elseif (isset($_GET["getNetIdLocalAccount"])&&!empty($_GET["getNetIdLocalAccount"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
    	$localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
    	$localAccountExist->execute([$_GET["getNetIdLocalAccount"]]);
    	$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
    	echo json_encode($localAccountExist);
    	
    } elseif (isset($_GET["changeUserGroup"])&&!empty($_GET["changeUserGroup"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
    	$modificationDetail = json_decode($_GET["changeUserGroup"], true);
    	$query = $bdd->prepare("UPDATE `vbcms-users` SET `groupId` = ? WHERE `vbcms-users`.`netId` = ?");
    	$query->execute([$modificationDetail['groupId'], $modificationDetail['netId']]);
    	
    } elseif (isset($_GET["getPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'viewPermissions')){
    	if(!empty($_GET["getPermissions"])){
    		if(isJson(urldecode($_GET["getPermissions"]))){
    			$requestDetails = json_decode($_GET["getPermissions"], true);
    
    		}
    	}
    	$permissions = array();
    	$activatedExtensions = $bdd->query("SELECT * FROM `vbcms-activatedExtensions`")->fetchAll(PDO::FETCH_ASSOC);
    
    	// On va ajouter vbcms au début
    	$vbcmsExt['name'] = 'vbcms';
    	array_unshift($activatedExtensions, $vbcmsExt);
    	foreach ($activatedExtensions as $activatedExtension){
    		$permissions[$activatedExtension['name']] = array();
    
    		if($activatedExtension['name'] == 'vbcms'){
    			$extPermissions = getVBcmsPermissions();
    		} else {
    			$ext = new module($activatedExtension['name']);
    			$extPermissions = $ext->getPermissions();
    		}
    
    		foreach ($extPermissions as $permission){
    			$permissionDetail['name'] = $permission;
    			if(isset($requestDetails['type'])&&isset($requestDetails['id'])){
    				if($requestDetails['type']=="user"){
    					$permissionDetail['access'] = verifyUserPermission($requestDetails['id'], $activatedExtension['name'], $permission);
    				}elseif($requestDetails['type']=="group"){
    					$permissionDetail['access'] = verifyGroupPermission($requestDetails['id'], $activatedExtension['name'], $permission);
    				}
    			}
    			array_push($permissions[$activatedExtension['name']], $permissionDetail);
    		}
    	}
    	echo json_encode($permissions);
    	
    } elseif (isset($_GET["editPermissions"])&&!empty($_GET["editPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'editPermissions')) {
    	if(isJson(urldecode($_GET["editPermissions"]))){
    		$requestDetails = json_decode($_GET["editPermissions"], true);
    
    		if($requestDetails['type'] == 'group' && $requestDetails['id']!=1){ // Le groupe n°1 étant celui des superadmins, ils auront tj tous les droits
    			$query = $bdd->prepare('DELETE FROM `vbcms-groupsPerms` WHERE groupId=?'); // On vide les perms du groupe
    			$query->execute([$requestDetails['id']]);
    			foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
    				$permissionDetail = json_decode(urldecode($permissionJson), true);
    				$query = $bdd->prepare('INSERT INTO `vbcms-groupsPerms` (`groupId`, `extensionName`, `permission`) VALUES (?,?,?)');
    				$query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
    			}
    		}elseif($requestDetails['type'] == 'user'){
    			$query = $bdd->prepare('DELETE FROM `vbcms-usersPerms` WHERE userId=?'); // On vide les perms du groupe
    			$query->execute([$requestDetails['id']]);
    			foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
    				$permissionDetail = json_decode(urldecode($permissionJson), true);
    				$query = $bdd->prepare('INSERT INTO `vbcms-usersPerms` (`userId`, `extensionName`, `permission`) VALUES (?,?,?)');
    				$query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
    			}
    		}else{
    			echo 'Paramètre non reconnu.';
    		}
    		
    	} else {
    		echo translate('error').': '.translate('thisIsNotJSON');
    	}
    } elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
    	$localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
    	$localAccountExist->execute([$_GET["setNetIdLocalAccount"]]);
    	$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
    	
    	if(!empty($localAccountExist)){
    		$modify = $bdd->prepare("UPDATE `vbcms-localAccounts` SET username = ?, password = ? WHERE netIdAssoc = ?");
    		$modify->execute([$_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_GET["setNetIdLocalAccount"]]);
    	}else{
    		$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`, `profilePic`) VALUES (NULL, ?,?,?,?)');
    		$query->execute([$_GET["setNetIdLocalAccount"], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png"]);
    	}
    } elseif(isset($_GET)&&!empty($_GET)){
    	echo "Commande \"".array_key_first($_GET)."(".$_GET[array_key_first($_GET)].")\" non reconnue.";
    } else {?>
    <!DOCTYPE html>
    <html>
    <head>
    	<meta charset="utf-8">
    	<title><?=VBcmsGetSetting("websiteName")?> | Tâches de fond</title>
    	<?php include 'includes/depedencies.php';?>
    </head>
    <body>
    	<?php 
    	include ('includes/navbar.php');
    	?>
    
    	<!-- Contenu -->
    	<div class="page-content" leftSidebar="240" rightSidebar="0">
    		<div class="d-flex flex-column">
    			<div class="align-self-center text-center">
    				<img src="<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/images/vbcms-logo/raccoon-512x.png">
    				<h1 class="mt-5">Tâches de fond</h1>
    				<p>Cette page n'est pas accessible en tant que telle. Seuls les addons peuvent communiquer avec. :D</p>
    			</div>
    		</div>
    	</div>
    </body>
    </html>
    <?php } ?>