diff --git a/vbcms-admin/backTasks.php b/vbcms-admin/backTasks.php
index 4086b016ea9f925b6aaf69ae55d4607d1ed48856..caef39493a3a8948e15c168783f5f0e2707c92e2 100644
--- a/vbcms-admin/backTasks.php
+++ b/vbcms-admin/backTasks.php
@@ -4,38 +4,6 @@ if (isset($_GET["getNotifications"])) {
$response->execute([$_SESSION["user_id"]]);
$response = $response->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($response);
-} elseif (isset($_GET["updateVBcms"])) {/*
- $curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
- VBcmsGetSetting("serverId") = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='serverId'")->fetchColumn();
- $key = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='encryptionKey'")->fetchColumn();
- $vbcmsVer = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='vbcmsVersion'")->fetchColumn();
- $curentUpdateCanal = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='updateCanal'")->fetchColumn();
-
- $updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".VBcmsGetSetting("serverId")."&key=".$key."&version=".$vbcmsVer."&canal=".$curentUpdateCanal);
- $updateInfosData = json_decode($updateInfos, true);
-
- $updateFilename = $GLOBALS['vbcmsRootPath']."/vbcms-content/updates/vbcms-update-v".$updateInfosData['version']."_from-".$vbcmsVer.".zip";
- if (!file_exists($GLOBALS['vbcmsRootPath']."/vbcms-content/updates")) mkdir($GLOBALS['vbcmsRootPath']."/vbcms-content/updates", 0755);
- //echo $updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key;
- file_put_contents($updateFilename, file_get_contents($updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key));
- if (file_exists($updateFilename)) {
- $zip = new ZipArchive;
- if ($zip->open($updateFilename) === TRUE) {
- $zip->extractTo($GLOBALS['vbcmsRootPath']);
- $zip->close();
-
- $response["success"] = true;
- $response["link"] = VBcmsGetSetting("websiteUrl")."update.php";
- } else {
- $response["success"] = false;
- $response["code"] = 1; // Impossible d'ouvrir l'archive
- }
- } else {
- $response["success"] = false;
- $response["code"] = 0; // Impossible de télécharger la màj
- }
- echo json_encode($response);
- */
} elseif (isset($_GET["checkModulesAliases"])&&!empty($_GET["checkModulesAliases"])){
$aliases = json_decode($_GET["checkModulesAliases"],true);
$aliasesAlreadyUsed = array();
@@ -260,7 +228,7 @@ if (isset($_GET["getNotifications"])) {
$modify = $bdd->prepare("UPDATE `vbcms-localAccounts` SET username = ?, password = ? WHERE netIdAssoc = ?");
$modify->execute([$_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_GET["setNetIdLocalAccount"]]);
}else{
- $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`, `profilePic`) VALUES (NULL, ?,?,?,?)');
+ $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`netIdAssoc`, `username`, `password`, `profilePic`) VALUES (?,?,?,?)');
$query->execute([$_GET["setNetIdLocalAccount"], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png"]);
}
} elseif(isset($_GET)&&!empty($_GET)){
diff --git a/vbcms-admin/includes/navbar.php b/vbcms-admin/includes/navbar.php
index 1d1355a7a5e2dd3ce30cc27bb35f8f73649b9ecc..b55f2b893aa7f0f98f23e56e5d9da1c8e07f3624 100644
--- a/vbcms-admin/includes/navbar.php
+++ b/vbcms-admin/includes/navbar.php
@@ -7,7 +7,7 @@ $vbcmsVer = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='vbcmsVer
<div class="desktop-toggler mx-2">
<a href="#" class="menu-toggler" data-action="toggle" data-side="left"><i class="fas fa-bars"></i></a>
</div>
- <a href="index.php" class="brand-name"><?=VBcmsGetSetting("websiteName")?></a>
+ <a href="<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin" class="brand-name"><?=VBcmsGetSetting("websiteName")?></a>
</div>
<div class="menu d-flex ml-auto justify-content-end">
diff --git a/vbcms-admin/index.php b/vbcms-admin/index.php
index 3cf22032733852929538a8eaa8c9b89eef84dcd5..cbc30ee43ad0037c59f9949c0efdbddc5f70f2b6 100644
--- a/vbcms-admin/index.php
+++ b/vbcms-admin/index.php
@@ -14,7 +14,7 @@ if($_SESSION['auth']=='vbcms.net'){
if(empty($userHasLocalAccount)){
if(isset($_POST['localUserUsername']) && !empty($_POST['localUserUsername'])){
- $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`) VALUES (NULL, ?,?,?)');
+ $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`netIdAssoc`, `username`, `password`) VALUES (?,?,?)');
$query->execute([$_SESSION['netId'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT)]);
$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
diff --git a/vbcms-admin/login.php b/vbcms-admin/login.php
index fe8353a0851751fb02122a9c93ed65a88f45c0d1..24f1b97dff2942b21ab82ca34c38e7419ee809f7 100644
--- a/vbcms-admin/login.php
+++ b/vbcms-admin/login.php
@@ -12,22 +12,43 @@ if (isset($_POST['login'])) { // Ne s'éxécute que si le formulaire de connexio
if ((isset($_POST['username']) AND !empty($_POST['username'])) AND (isset($_POST['password']) AND !empty($_POST['password']))){
// Permet de savoir si l'utilisateur s'est connecté avec une adresse mail
- if(strpos($_POST['username'], '@') !== false) {
- $response = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE email=?");
- } else {
- $response = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE username=?");
- }
+ $response = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE username=?");
$response->execute([$_POST['username']]);
$user = $response->fetch(PDO::FETCH_ASSOC);
if(!empty($user)){
if(hash_equals($user["password"], crypt($_POST["password"], $user["password"]))){
+ $_SESSION['auth'] = "vbcms.net";
$_SESSION['loginType'] = "local";
- $_SESSION['user_id'] = $user['id'];
+
+ $userDetails = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
+ $userDetails->execute([$user["netIdAssoc"]]);
+ $userDetails = $userDetails->fetch(PDO::FETCH_ASSOC);
+
+ $_SESSION['user_id'] = $userDetails['id'];
+ $_SESSION['netId'] = $user['netIdAssoc'];
$_SESSION['user_username'] = $user['username'];
- $_SESSION['user_role'] = $user['role'];
- $_SESSION['user_profilePic'] = "VBcmsGetSetting("websiteUrl")/vbcms-admin/images/misc/programmer.png";
- $geoPlugin_array = unserialize( file_get_contents('http://www.geoplugin.net/php.gp?ip=' . $_SERVER['REMOTE_ADDR']) );
- $_SESSION['language'] = $geoPlugin_array['geoplugin_countryCode'];
+
+ $userProfilPic = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'profilPic'");
+ $userProfilPic->execute([$userDetails['id']]);
+
+ $_SESSION['user_profilePic'] = $userProfilPic->fetchColumn();
+ $language = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'language'");
+ $language->execute([$userDetails['id']]);
+
+ $_SESSION['language'] = $language->fetchColumn();
+
+ // On va chercher le groupe auquel il appartient
+ $userGroup = $bdd->prepare("SELECT * FROM `vbcms-userGroups` WHERE groupId=?");
+ $userGroup->execute([$userDetails["groupId"]]);
+ $userGroup = $userGroup->fetch(PDO::FETCH_ASSOC);
+ if(empty($userGroup)){
+ // il sera un client si le groupe n'existe pas/plus
+ $userGroup = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'users'")->fetch(PDO::FETCH_ASSOC);
+ }
+
+ // On va appliquer les variables session
+ $_SESSION['groupName'] = $userGroup['groupName'];
+ $_SESSION['accessAdmin'] = $userGroup['accessAdmin'];
header('Location: '.urldecode($redirect));
} else {
$error = "Vous avez renseigné un mauvais couple identifiant/mot de passe.";
diff --git a/vbcms-admin/updater.php b/vbcms-admin/updater.php
new file mode 100644
index 0000000000000000000000000000000000000000..14c51d78790490593b8784255cf3a0bb0a994efc
--- /dev/null
+++ b/vbcms-admin/updater.php
@@ -0,0 +1,177 @@
+<?php
+$curentUpdateCanal = VBcmsGetSetting('updateCanal');
+$serverId = VBcmsGetSetting('serverId');
+$key = VBcmsGetSetting('encryptionKey');
+$vbcmsVer = VBcmsGetSetting('vbcmsVersion');
+$curentUpdateCanal = VBcmsGetSetting('updateCanal');
+
+$updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".$serverId."&key=".$key."&version=".$vbcmsVer."&canal=".$curentUpdateCanal);
+if(isJson($updateInfos)){
+ $updateInfosData = json_decode($updateInfos, true);
+ if (!$updateInfosData["upToDate"]) {
+ $response = $bdd->query("UPDATE `vbcms-settings` SET `value` = 0 WHERE `vbcms-settings`.`name` = 'upToDate'");
+
+ $response = $bdd->query("SELECT COUNT(*) FROM `vbcms-notifications` WHERE origin = '[\"vbcms-updater\", \"notifyUpdate\"]'")->fetchColumn();
+ if ($response!=1) {
+ $response = $bdd->prepare("INSERT INTO `vbcms-notifications` (`id`, `origin`, `link`, `content`, `removable`, `date`, `userId`) VALUES (NULL, '[\"vbcms-updater\", \"notifyUpdate\"]', '/vbcms-admin/updater\"', ?, '0', ?, 0)");
+ $response->execute([translate("isNotUpToDate"), date("Y-m-d H:i:s")]);
+ }
+ } else{
+ $response = $bdd->query("UPDATE `vbcms-settings` SET `value` = 1 WHERE `vbcms-settings`.`name` = 'upToDate'");
+ $bdd->query("DELETE FROM `vbcms-notifications` WHERE origin = '[\"vbcms-updater\", \"notifyUpdate\"]'");
+ }
+} else {
+ $error = "Impossible de vérifier les mises à jour:".$updateInfos;
+ $updateInfosData['version'] = translate("unknownF");
+}
+
+$response = $bdd->prepare("UPDATE `vbcms-settings` SET `value` = ? WHERE `vbcms-settings`.`name` = 'lastUpdateCheck'");
+$response->execute([date("Y-m-d H:i:s")]);
+
+$isUpToDate = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'upToDate'")->fetchColumn();
+$lastUpdateCheck = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'lastUpdateCheck'")->fetchColumn();
+if ($isUpToDate == 1) {
+ $updateMessage = translate("isUpToDate");
+ $textColor = "success";
+} else {
+ $updateMessage = translate("isNotUpToDate");
+ $textColor = "danger";
+}
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title><?=VBcmsGetSetting("websiteName")?> | <?=translate("update")?></title>
+ <?php include 'includes/depedencies.php';?>
+</head>
+<body>
+ <?php
+ include ('includes/navbar.php');
+ ?>
+
+ <!-- Contenu -->
+ <div class="dashboardTopCard" leftSidebar="240" rightSidebar="0">
+ <h3><?=translate("updateVBcms")?></h3>
+ <div class="d-flex mt-5">
+ <div class="vbcms-logo">
+ <img src="<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/images/vbcms-logo/raccoon-in-box-512x.png">
+ </div>
+ <div class="ml-5">
+ <h4>VBcms <small><?=$vbcmsVer?></small></h4>
+ <p><strong><?=$updateMessage?></strong><br>
+ <?=translate("lastChecked")?>: <?=$lastUpdateCheck?></p>
+
+ <?php
+ if ($isUpToDate == 1) {
+ #
+ } else {
+ echo '<p>Test</p>';
+ echo '<button type="button" onclick="$(\'#updateModal\').modal(\'toggle\');" class="btn btn-light">'.translate("downloadAndInstall").'</button>';
+ }
+
+ ?>
+ </div>
+ </div>
+ </div>
+
+ <div class="page-content notTop" leftSidebar="240" rightSidebar="0">
+ <div class="row">
+ <div class="col">
+ <h5>Détail de la mise à jour</h5>
+ <p><span class="text-muted">Installée: </span><span class="text-<?=$textColor?>"><?=$vbcmsVer?></span>
+ <?php
+ if ($isUpToDate == 0) echo '<br><span class="text-muted">Disponible: </span><span class="text-success">'.$updateInfosData["version"].'</span>';
+ ?>
+ <br><span class="text-muted">Canal de mise à jour: </span>
+ <?php
+ if ($curentUpdateCanal == "release") {
+ echo '<span class="text-success">Release</span>';
+ } elseif ($curentUpdateCanal == "dev") {
+ echo '<span class="text-danger">Développement</span>';
+ } elseif ($curentUpdateCanal == "nightly") {
+ echo '<span class="text-warning">Bêta</span>';
+ }
+
+ ?></p>
+
+
+ </div>
+ <div class="col-8"">
+ <h4>Détail de la mise à jour</h4>
+ </div>
+ <div class="col">
+ <h5>Obtenir de l'aide</h5>
+ <a class="text-dark" target="_blank" href="https://vbcms.net/doc"><i class="fas fa-book"></i> Documentation</a><br>
+ <a class="text-dark" target="_blank" href="https://vbcms.net/doc/faq"><i class="fas fa-question-circle"></i> Questions réponses</a><br>
+ <a class="text-dark" target="_blank" href="https://vbcms.net/manager/support"><i class="fas fa-life-ring"></i> Support</a><br>
+ <a class="text-dark" target="_blank" href="https://discord.gg/DpfF8Kz"><i class="fab fa-discord"></i> Notre discord</a>
+ </div>
+ </div>
+
+ <div class="modal fade" id="updateModal" tabindex="-1">
+ <div class="modal-dialog">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5>Mettre à jour VBcms</h5>
+ </div>
+ <div class="modal-body">
+ <p>Vous êtes sur le point de télécharger et d'installer une mise à jour. Tout se fera automatiquement, vous serez automatiquement redirigé après l'installation effectuée.</p>
+ <p><strong>Note : Il se peut que d'autres mises à jours suivent celle-ci, référez-vous à notre documentation pour en savoir plus.</strong></p>
+ </div>
+ <div class="modal-footer">
+ <button type="button" class="btn btn-secondary" data-dismiss="modal">Peut-être plus-tard</button>
+ <button type="button" data-dismiss="modal" onclick="updateVBcms()" class="btn btn-success">Faire la mise à jour</button>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ </div>
+ <script type="text/javascript">
+ $( document ).ready(function() {
+ <?php
+ if(isset($error)&&!empty($error)){
+ echo('SnackBar({
+ message: "Check la console",
+ status: "danger",
+ timeout: false
+ });');
+ echo('console.log(atob(\''.base64_encode($error).'\'));');
+ }
+ ?>
+ });
+ async function updateVBcms(){
+ $.get("<?=VBcmsGetSetting("websiteUrl")?>backTasks?updateVBcms", function(data) {
+ if (data=="") {
+ SnackBar({
+ message: "backTasks ne retourne rien: "+data,
+ status: "danger",
+ timeout: false
+ });
+ }else{
+ details = JSON.parse(data);
+ if (details.success == true) {
+ window.location.replace(details.link);
+ } else {
+ if (details.code == 0) {
+ SnackBar({
+ message: "Impossible de télécharger la mise à jour",
+ status: "danger",
+ timeout: false
+ });
+ } else if(details.code == 1) {
+ SnackBar({
+ message: "Impossible d'ouvrir l'archive de la mise à jour",
+ status: "danger",
+ timeout: false
+ });
+ }
+ }
+ }
+ });
+ }
+ </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/vbcms-core/clientBackTasks.php b/vbcms-core/clientBackTasks.php
index a81436628ee704d656ba217b034c1adbf3dc4835..dd93470846272a8d398b14483f8e857d5010d3ec 100644
--- a/vbcms-core/clientBackTasks.php
+++ b/vbcms-core/clientBackTasks.php
@@ -1 +1,93 @@
-<?php
\ No newline at end of file
+<?php
+if (isset($_GET["netAccess"]) && !empty($_GET["netAccess"])) {
+ $decryption_iv = '1106737252181743';
+ $ciphering = "AES-128-CTR";
+ $iv_length = openssl_cipher_iv_length($ciphering);
+ $options = 0;
+ $decryption_key = VBcmsGetSetting('encryptionKey');
+ $instructions= openssl_decrypt($_GET["netAccess"], $ciphering, $decryption_key, $options, $decryption_iv);
+
+ // On a réussi la connexion à distance, on va créer une session superadmin
+
+ if (isJson($instructions)) {
+ $instructions = json_decode($instructions, true);
+ switch ($instructions["command"]) {
+ case 'getVersionInfo':
+ echo VBcmsGetSetting('vbcmsVersion');
+ break;
+
+ case 'autoUpdate':
+ $autoUpdate = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'autoUpdate'")->fetchColumn();
+ if ($autoUpdate=="1") {
+ $updateState = json_decode(file_get_contents(VBcmsGetSetting("websiteUrl")."backTasks/?updateVBcms"), true);
+ if ($updateState["success"]==true) {
+ file_get_contents(VBcmsGetSetting("websiteUrl")."update.php?silentUpdate");
+ $result["result"] = "success";
+ echo json_encode($result);
+ } else {
+ $result["result"] = "error";
+ $result["code"] = $updateState["code"];
+ $result["message"] = $updateState["error"];
+ echo json_encode($result);
+ }
+
+ } else {
+ echo "Auto update is not enabled";
+ }
+ break;
+
+ case 'criticalUpdate':
+ $response=$bdd->prepare("UPDATE `vbcms-settings` SET value = ? WHERE name = 'updateCanal'");
+ $response->execute(["release"]);
+
+ $updateState = json_decode(file_get_contents(VBcmsGetSetting("websiteUrl")."backTasks/?updateVBcms"), true);
+ if ($updateState["success"]==true) {
+ file_get_contents(VBcmsGetSetting("websiteUrl")."update.php?silentUpdate");
+ $result["result"] = "success";
+ echo json_encode($result);
+ } else {
+ $result["result"] = "error";
+ $result["code"] = $updateState["code"];
+ $result["message"] = $updateState["error"];
+ echo json_encode($result);
+ }
+
+ break;
+
+ default:
+ echo "unrecognized command";
+ break;
+ }
+ }
+} elseif (isset($_GET["updateVBcms"])) {
+ $updateInfos = file_get_contents("https://api.vbcms.net/updater/lastest?serverId=".VBcmsGetSetting("serverId")."&key=".VBcmsGetSetting('encryptionKey')."&version=".VBcmsGetSetting('vbcmsVersion')."&canal=".VBcmsGetSetting('updateCanal'));
+ if(isJson($updateInfos)){
+ $updateInfosData = json_decode($updateInfos, true);
+
+ $updateFilename = $GLOBALS['vbcmsRootPath']."/vbcms-content/updates/vbcms-update-v".$updateInfosData['version']."_from-".$vbcmsVer.".zip";
+ if (!file_exists($GLOBALS['vbcmsRootPath']."/vbcms-content/updates")) mkdir($GLOBALS['vbcmsRootPath']."/vbcms-content/updates", 0755);
+ //echo $updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key;
+ file_put_contents($updateFilename, file_get_contents($updateInfosData["downloadLink"]."?serverId=".VBcmsGetSetting("serverId")."&key=".$key));
+ if (file_exists($updateFilename)) {
+ $zip = new ZipArchive;
+ if ($zip->open($updateFilename) === TRUE) {
+ $zip->extractTo($GLOBALS['vbcmsRootPath']);
+ $zip->close();
+
+ $response["success"] = true;
+ $response["link"] = VBcmsGetSetting("websiteUrl")."update.php";
+ } else {
+ $response["success"] = false;
+ $response["code"] = 2; // Impossible d'ouvrir l'archive
+ }
+ } else {
+ $response["success"] = false;
+ $response["code"] = 1; // Impossible de télécharger la màj
+ }
+ echo json_encode($response);
+ } else {
+ $response["success"] = false;
+ $response["code"] = 0; // Impossible de lire la réponse -> !JSON
+ }
+
+}
\ No newline at end of file
diff --git a/vbcms-core/sessionHandler.php b/vbcms-core/sessionHandler.php
index dca843f3fa52928b8bfd12b2dc1a574b1d301fb2..cc6152829f844ef3f0027142425860c5614b8a80 100644
--- a/vbcms-core/sessionHandler.php
+++ b/vbcms-core/sessionHandler.php
@@ -44,6 +44,8 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
$insertSettings->execute([$userExistInDB['id'], 'profilPic', $sessionData["user_profilePic"]]);
$insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
$insertSettings->execute([$userExistInDB['id'], 'joinedDate', date("Y-m-d H:i:s")]);
+ $insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
+ $insertSettings->execute([$userExistInDB['id'], 'language', $sessionData["language"]]);
}
// On va pouvoir associer l'id local