16H42 - LocalAccount

vbcms-admin/backTasks.php

@@ -4,38 +4,6 @@ if (isset($_GET["getNotifications"])) {
 	$response->execute([$_SESSION["user_id"]]);
 	$response = $response->fetchAll(PDO::FETCH_ASSOC);
 	echo json_encode($response);
-} elseif (isset($_GET["updateVBcms"])) {/*
-	$curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
-	VBcmsGetSetting("serverId") = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='serverId'")->fetchColumn();
-	$key = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='encryptionKey'")->fetchColumn();
-	$vbcmsVer = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='vbcmsVersion'")->fetchColumn();
-	$curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
-
-	$updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".VBcmsGetSetting("serverId")."&key=".$key."&version=".$vbcmsVer."&canal=".$curentUpdateCanal);
-	$updateInfosData = json_decode($updateInfos, true);
-
-	$updateFilename = $GLOBALS['vbcmsRootPath']."/vbcms-content/updates/vbcms-update-v".$updateInfosData['version']."_from-".$vbcmsVer.".zip";
-	if (!file_exists($GLOBALS['vbcmsRootPath']."/vbcms-content/updates")) mkdir($GLOBALS['vbcmsRootPath']."/vbcms-content/updates", 0755);
-	//echo $updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key;
-	file_put_contents($updateFilename, file_get_contents($updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key));
-	if (file_exists($updateFilename)) {
-		$zip = new ZipArchive;
-		if ($zip->open($updateFilename) === TRUE) {
-		    $zip->extractTo($GLOBALS['vbcmsRootPath']);
-		    $zip->close();
-
-		    $response["success"] = true;
-		    $response["link"] = VBcmsGetSetting("websiteUrl")."update.php";
-		} else {
-			$response["success"] = false;
-			$response["code"] = 1; // Impossible d'ouvrir l'archive
-		}
-	} else {
-		$response["success"] = false;
-		$response["code"] = 0; // Impossible de télécharger la màj
-	}
-	echo json_encode($response);
-    */
 } elseif (isset($_GET["checkModulesAliases"])&&!empty($_GET["checkModulesAliases"])){
 	$aliases = json_decode($_GET["checkModulesAliases"],true);
 	$aliasesAlreadyUsed = array();
@@ -260,7 +228,7 @@ if (isset($_GET["getNotifications"])) {
 		$modify = $bdd->prepare("UPDATE `vbcms-localAccounts` SET username = ?, password = ? WHERE netIdAssoc = ?");
 		$modify->execute([$_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_GET["setNetIdLocalAccount"]]);
 	}else{
-		$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`, `profilePic`) VALUES (NULL, ?,?,?,?)');
+		$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`netIdAssoc`, `username`, `password`, `profilePic`) VALUES (?,?,?,?)');
 		$query->execute([$_GET["setNetIdLocalAccount"], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png"]);
 	}
 } elseif(isset($_GET)&&!empty($_GET)){

vbcms-admin/includes/navbar.php

@@ -7,7 +7,7 @@ $vbcmsVer = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='vbcmsVer
 			<div class="desktop-toggler mx-2">
 				<a href="#" class="menu-toggler" data-action="toggle" data-side="left"><i class="fas fa-bars"></i></a>
 			</div>
-			<a href="index.php" class="brand-name"><?=VBcmsGetSetting("websiteName")?></a>
+			<a href="<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin" class="brand-name"><?=VBcmsGetSetting("websiteName")?></a>
 		</div>
 
 		<div class="menu d-flex ml-auto justify-content-end">

vbcms-admin/index.php

@@ -14,7 +14,7 @@ if($_SESSION['auth']=='vbcms.net'){
 
 	if(empty($userHasLocalAccount)){
 		if(isset($_POST['localUserUsername']) && !empty($_POST['localUserUsername'])){
-			$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`) VALUES (NULL, ?,?,?)');
+			$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`netIdAssoc`, `username`, `password`) VALUES (?,?,?)');
 			$query->execute([$_SESSION['netId'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT)]);
 
 			$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");

vbcms-admin/login.php

@@ -12,22 +12,43 @@ if (isset($_POST['login'])) { // Ne s'éxécute que si le formulaire de connexio
     if ((isset($_POST['username']) AND !empty($_POST['username'])) AND (isset($_POST['password']) AND !empty($_POST['password']))){
 
 		// Permet de savoir si l'utilisateur s'est connecté avec une adresse mail
-		if(strpos($_POST['username'], '@') !== false) {
-			$response = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE email=?");
-		} else {
 		$response = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE username=?");
-		}
 		$response->execute([$_POST['username']]);
 		$user = $response->fetch(PDO::FETCH_ASSOC);
 		if(!empty($user)){
 			if(hash_equals($user["password"], crypt($_POST["password"], $user["password"]))){
+				$_SESSION['auth'] = "vbcms.net";
 				$_SESSION['loginType'] = "local";
-				$_SESSION['user_id'] = $user['id'];
+
+				$userDetails = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
+				$userDetails->execute([$user["netIdAssoc"]]);
+				$userDetails = $userDetails->fetch(PDO::FETCH_ASSOC);
+
+				$_SESSION['user_id'] = $userDetails['id'];
+				$_SESSION['netId'] = $user['netIdAssoc'];
 				$_SESSION['user_username'] = $user['username'];
-				$_SESSION['user_role'] = $user['role'];
-				$_SESSION['user_profilePic'] = "VBcmsGetSetting("websiteUrl")/vbcms-admin/images/misc/programmer.png";
-				$geoPlugin_array = unserialize( file_get_contents('http://www.geoplugin.net/php.gp?ip=' . $_SERVER['REMOTE_ADDR']) );
-				$_SESSION['language'] = $geoPlugin_array['geoplugin_countryCode'];
+
+				$userProfilPic = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'profilPic'");
+				$userProfilPic->execute([$userDetails['id']]);
+
+				$_SESSION['user_profilePic'] = $userProfilPic->fetchColumn();
+				$language = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'language'");
+				$language->execute([$userDetails['id']]);
+				
+				$_SESSION['language'] = $language->fetchColumn();
+
+				// On va chercher le groupe auquel il appartient
+				$userGroup = $bdd->prepare("SELECT * FROM `vbcms-userGroups` WHERE groupId=?");
+				$userGroup->execute([$userDetails["groupId"]]);
+				$userGroup = $userGroup->fetch(PDO::FETCH_ASSOC);
+				if(empty($userGroup)){
+					// il sera un client si le groupe n'existe pas/plus
+					$userGroup = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'users'")->fetch(PDO::FETCH_ASSOC);
+				}
+
+				// On va appliquer les variables session
+				$_SESSION['groupName'] = $userGroup['groupName'];
+				$_SESSION['accessAdmin'] = $userGroup['accessAdmin'];
 				header('Location: '.urldecode($redirect));
 			} else {
 				$error = "Vous avez renseigné un mauvais couple identifiant/mot de passe.";

vbcms-admin/updater.php

+<?php
+$curentUpdateCanal = VBcmsGetSetting('updateCanal');
+$serverId = VBcmsGetSetting('serverId');
+$key = VBcmsGetSetting('encryptionKey');
+$vbcmsVer = VBcmsGetSetting('vbcmsVersion');
+$curentUpdateCanal = VBcmsGetSetting('updateCanal');
+
+$updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".$serverId."&key=".$key."&version=".$vbcmsVer."&canal=".$curentUpdateCanal);
+if(isJson($updateInfos)){
+    $updateInfosData = json_decode($updateInfos, true);
+    if (!$updateInfosData["upToDate"]) {
+        $response = $bdd->query("UPDATE `vbcms-settings` SET `value` = 0 WHERE `vbcms-settings`.`name` = 'upToDate'");
+    
+        $response = $bdd->query("SELECT COUNT(*) FROM `vbcms-notifications` WHERE origin = '[\"vbcms-updater\", \"notifyUpdate\"]'")->fetchColumn();
+        if ($response!=1) {
+            $response = $bdd->prepare("INSERT INTO `vbcms-notifications` (`id`, `origin`, `link`, `content`, `removable`, `date`, `userId`) VALUES (NULL, '[\"vbcms-updater\", \"notifyUpdate\"]', '/vbcms-admin/updater\"', ?, '0', ?, 0)");
+            $response->execute([translate("isNotUpToDate"), date("Y-m-d H:i:s")]);
+        }
+    } else{
+        $response = $bdd->query("UPDATE `vbcms-settings` SET `value` = 1 WHERE `vbcms-settings`.`name` = 'upToDate'");
+        $bdd->query("DELETE FROM `vbcms-notifications` WHERE origin = '[\"vbcms-updater\", \"notifyUpdate\"]'");
+    } 
+} else {
+    $error = "Impossible de vérifier les mises à jour:".$updateInfos;
+    $updateInfosData['version'] = translate("unknownF");
+}
+
+$response = $bdd->prepare("UPDATE `vbcms-settings` SET `value` = ? WHERE `vbcms-settings`.`name` = 'lastUpdateCheck'");
+$response->execute([date("Y-m-d H:i:s")]);
+
+$isUpToDate = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'upToDate'")->fetchColumn();
+$lastUpdateCheck = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'lastUpdateCheck'")->fetchColumn();
+if ($isUpToDate == 1) {
+    $updateMessage = translate("isUpToDate");
+    $textColor = "success";
+} else {
+    $updateMessage = translate("isNotUpToDate");
+    $textColor = "danger";
+}
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title><?=VBcmsGetSetting("websiteName")?> | <?=translate("update")?></title>
+    <?php include 'includes/depedencies.php';?>
+</head>
+<body>
+    <?php 
+    include ('includes/navbar.php');
+    ?>
+
+    <!-- Contenu -->
+    <div class="dashboardTopCard" leftSidebar="240" rightSidebar="0">
+        <h3><?=translate("updateVBcms")?></h3>
+        <div class="d-flex mt-5">
+            <div class="vbcms-logo">
+                <img src="<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/images/vbcms-logo/raccoon-in-box-512x.png">
+            </div>
+            <div class="ml-5">
+                <h4>VBcms <small><?=$vbcmsVer?></small></h4>
+                <p><strong><?=$updateMessage?></strong><br>
+                    <?=translate("lastChecked")?>: <?=$lastUpdateCheck?></p>
+
+                <?php
+                    if ($isUpToDate == 1) {
+                        #
+                    } else {
+                        echo '<p>Test</p>';
+                        echo '<button type="button" onclick="$(\'#updateModal\').modal(\'toggle\');" class="btn btn-light">'.translate("downloadAndInstall").'</button>';
+                    }
+                    
+                ?>
+            </div>
+        </div>
+    </div>
+
+    <div class="page-content notTop" leftSidebar="240" rightSidebar="0">
+        <div class="row">
+            <div class="col">
+                <h5>Détail de la mise à jour</h5>
+                <p><span class="text-muted">Installée: </span><span class="text-<?=$textColor?>"><?=$vbcmsVer?></span>
+                <?php
+                if ($isUpToDate == 0) echo '<br><span class="text-muted">Disponible: </span><span class="text-success">'.$updateInfosData["version"].'</span>';
+                ?>
+                <br><span class="text-muted">Canal de mise à jour: </span>
+                <?php
+                if ($curentUpdateCanal == "release") {
+                    echo '<span class="text-success">Release</span>';
+                } elseif ($curentUpdateCanal == "dev") {
+                    echo '<span class="text-danger">Développement</span>';
+                } elseif ($curentUpdateCanal == "nightly") {
+                    echo '<span class="text-warning">Bêta</span>';
+                }
+                
+                ?></p>
+
+
+            </div>
+            <div class="col-8"">
+                <h4>Détail de la mise à jour</h4>
+            </div>
+            <div class="col">
+                <h5>Obtenir de l'aide</h5>
+                <a class="text-dark" target="_blank" href="https://vbcms.net/doc"><i class="fas fa-book"></i> Documentation</a><br>
+                <a class="text-dark" target="_blank" href="https://vbcms.net/doc/faq"><i class="fas fa-question-circle"></i> Questions réponses</a><br>
+                <a class="text-dark" target="_blank" href="https://vbcms.net/manager/support"><i class="fas fa-life-ring"></i> Support</a><br>
+                <a class="text-dark" target="_blank" href="https://discord.gg/DpfF8Kz"><i class="fab fa-discord"></i> Notre discord</a>
+            </div>
+        </div>
+
+        <div class="modal fade" id="updateModal" tabindex="-1">
+			<div class="modal-dialog">
+				<div class="modal-content">
+					<div class="modal-header">
+						<h5>Mettre à jour VBcms</h5>
+	      			</div>
+			      	<div class="modal-body">
+			        	<p>Vous êtes sur le point de télécharger et d'installer une mise à jour. Tout se fera automatiquement, vous serez automatiquement redirigé après l'installation effectuée.</p>
+			        	<p><strong>Note : Il se peut que d'autres mises à jours suivent celle-ci, référez-vous à notre documentation pour en savoir plus.</strong></p>
+			      	</div>
+	      			<div class="modal-footer">
+				        <button type="button" class="btn btn-secondary" data-dismiss="modal">Peut-être plus-tard</button>
+				        <button type="button" data-dismiss="modal" onclick="updateVBcms()" class="btn btn-success">Faire la mise à jour</button>
+	      			</div>
+	    		</div>
+	  		</div>
+		</div>
+
+    </div>
+    <script type="text/javascript">
+    $( document ).ready(function() {
+        <?php
+        if(isset($error)&&!empty($error)){
+            echo('SnackBar({
+                message: "Check la console",
+                status: "danger",
+                timeout: false
+            });');
+            echo('console.log(atob(\''.base64_encode($error).'\'));');
+        }
+        ?>
+    });
+    	async function updateVBcms(){
+    		$.get("<?=VBcmsGetSetting("websiteUrl")?>backTasks?updateVBcms", function(data) {
+				if (data=="") {
+					SnackBar({
+                        message: "backTasks ne retourne rien: "+data,
+                        status: "danger",
+                        timeout: false
+                    });
+				}else{
+					details = JSON.parse(data);
+                    if (details.success == true) {
+                        window.location.replace(details.link);
+                    } else {
+                        if (details.code == 0) {
+                            SnackBar({
+                                message: "Impossible de télécharger la mise à jour",
+                                status: "danger",
+                                timeout: false
+                            });
+                        } else if(details.code == 1) {
+                            SnackBar({
+                                message: "Impossible d'ouvrir l'archive de la mise à jour",
+                                status: "danger",
+                                timeout: false
+                            });
+                        }
+                    }
+				}
+			});
+    	}
+    </script>
+</body>
+</html>
\ No newline at end of file

vbcms-core/clientBackTasks.php

 <?php
+if (isset($_GET["netAccess"]) && !empty($_GET["netAccess"])) {
+	$decryption_iv = '1106737252181743';
+	$ciphering = "AES-128-CTR";
+	$iv_length = openssl_cipher_iv_length($ciphering);
+	$options = 0;
+    $decryption_key = VBcmsGetSetting('encryptionKey');
+    $instructions= openssl_decrypt($_GET["netAccess"], $ciphering,  $decryption_key, $options, $decryption_iv);
+
+    // On a réussi la connexion à distance, on va créer une session superadmin
+
+    if (isJson($instructions)) {
+    	$instructions = json_decode($instructions, true);
+    	switch ($instructions["command"]) {
+    		case 'getVersionInfo':
+    			echo VBcmsGetSetting('vbcmsVersion');
+    			break;
+
+            case 'autoUpdate':
+                $autoUpdate = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'autoUpdate'")->fetchColumn();
+                if ($autoUpdate=="1") {
+                    $updateState = json_decode(file_get_contents(VBcmsGetSetting("websiteUrl")."backTasks/?updateVBcms"), true);
+                    if ($updateState["success"]==true) {
+                        file_get_contents(VBcmsGetSetting("websiteUrl")."update.php?silentUpdate");
+                        $result["result"] = "success";
+                        echo json_encode($result);
+                    } else {
+                        $result["result"] = "error";
+                        $result["code"] = $updateState["code"];
+                        $result["message"] = $updateState["error"];
+                        echo json_encode($result);
+                    }
+                    
+                } else {
+                   echo "Auto update is not enabled";
+                }
+                break;
+            
+            case 'criticalUpdate':
+                $response=$bdd->prepare("UPDATE `vbcms-settings` SET value = ? WHERE name = 'updateCanal'");
+                $response->execute(["release"]);
+
+                $updateState = json_decode(file_get_contents(VBcmsGetSetting("websiteUrl")."backTasks/?updateVBcms"), true);
+                if ($updateState["success"]==true) {
+                    file_get_contents(VBcmsGetSetting("websiteUrl")."update.php?silentUpdate");
+                    $result["result"] = "success";
+                    echo json_encode($result);
+                } else {
+                    $result["result"] = "error";
+                    $result["code"] = $updateState["code"];
+                    $result["message"] = $updateState["error"];
+                    echo json_encode($result);
+                } 
+                
+                break;
+
+    		default:
+    			echo "unrecognized command";
+    			break;
+    	}
+    }
+} elseif (isset($_GET["updateVBcms"])) {
+	$updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".VBcmsGetSetting("serverId")."&key=".VBcmsGetSetting('encryptionKey')."&version=".VBcmsGetSetting('vbcmsVersion')."&canal=".VBcmsGetSetting('updateCanal'));
+	if(isJson($updateInfos)){
+		$updateInfosData = json_decode($updateInfos, true);
+
+		$updateFilename = $GLOBALS['vbcmsRootPath']."/vbcms-content/updates/vbcms-update-v".$updateInfosData['version']."_from-".$vbcmsVer.".zip";
+		if (!file_exists($GLOBALS['vbcmsRootPath']."/vbcms-content/updates")) mkdir($GLOBALS['vbcmsRootPath']."/vbcms-content/updates", 0755);
+		//echo $updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key;
+		file_put_contents($updateFilename, file_get_contents($updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key));
+		if (file_exists($updateFilename)) {
+			$zip = new ZipArchive;
+			if ($zip->open($updateFilename) === TRUE) {
+				$zip->extractTo($GLOBALS['vbcmsRootPath']);
+				$zip->close();
+	
+				$response["success"] = true;
+				$response["link"] = VBcmsGetSetting("websiteUrl")."update.php";
+			} else {
+				$response["success"] = false;
+				$response["code"] = 2; // Impossible d'ouvrir l'archive
+			}
+		} else {
+			$response["success"] = false;
+			$response["code"] = 1; // Impossible de télécharger la màj
+		}
+		echo json_encode($response);
+	} else {
+		$response["success"] = false;
+		$response["code"] = 0; // Impossible de lire la réponse -> !JSON
+	}
+    
+} 
\ No newline at end of file

vbcms-core/sessionHandler.php

@@ -44,6 +44,8 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
 			$insertSettings->execute([$userExistInDB['id'], 'profilPic', $sessionData["user_profilePic"]]);
 			$insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
 			$insertSettings->execute([$userExistInDB['id'], 'joinedDate', date("Y-m-d H:i:s")]);
+			$insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
+			$insertSettings->execute([$userExistInDB['id'], 'language', $sessionData["language"]]);
 		}
 
 		// On va pouvoir associer l'id local