Skip to content
Snippets Groups Projects
Commit 5809b8f8 authored by Sofiane Lasri's avatar Sofiane Lasri
Browse files

24-05-2021-1

parent 7285539c
No related branches found
No related tags found
No related merge requests found
......@@ -10,6 +10,9 @@ if (isset($_GET["loadClientNavbar"])) {
$options = 0;
$decryption_key = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'encryptionKey'")->fetchColumn();
$instructions= openssl_decrypt($_GET["netAccess"], $ciphering, $decryption_key, $options, $decryption_iv);
// On a réussi la connexion à distance, on va créer une session superadmin
if (isJson($instructions)) {
$instructions = json_decode($instructions, true);
switch ($instructions["command"]) {
......@@ -20,11 +23,16 @@ if (isset($_GET["loadClientNavbar"])) {
case 'autoUpdate':
$autoUpdate = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name = 'autoUpdate'")->fetchColumn();
if ($autoUpdate=="1") {
$updateState = json_decode(file_get_contents($websiteUrl."vbcms-admin/backTasks/updateVBcms"), true);
$updateState = json_decode(file_get_contents($websiteUrl."vbcms-admin/backTasks/?updateVBcms&session=".$instructions["arguments"]), true);
if ($updateState["success"]==true) {
file_get_contents($websiteUrl."update.php");
$result["result"] = "success";
echo json_encode($result);
} else {
echo "Update failed with code: ".$updateState["code"];
$result["result"] = "error";
$result["code"] = $updateState["code"];
$result["message"] = $updateState["error"];
echo json_encode($result);
}
} else {
......@@ -36,11 +44,16 @@ if (isset($_GET["loadClientNavbar"])) {
$response=$bdd->prepare("UPDATE `vbcms-settings` SET value = ? WHERE name = 'updateCanal'");
$response->execute(["release"]);
$updateState = json_decode(file_get_contents($websiteUrl."vbcms-admin/backTasks/updateVBcms"), true);
$updateState = json_decode(file_get_contents($websiteUrl."vbcms-admin/backTasks/?updateVBcms&session=".$instructions["arguments"]), true);
if ($updateState["success"]==true) {
file_get_contents($websiteUrl."update.php");
$result["result"] = "success";
echo json_encode($result);
} else {
echo "Update failed with code: ".$updateState["code"];
$result["result"] = "error";
$result["code"] = $updateState["code"];
$result["message"] = $updateState["error"];
echo json_encode($result);
}
break;
......@@ -50,7 +63,6 @@ if (isset($_GET["loadClientNavbar"])) {
break;
}
}
} else {?>
<!DOCTYPE html>
<html>
......
......@@ -21,9 +21,11 @@ else{
}
if(isset($_GET["limit"])){
$limitInt = $_GET["limit"];
$limit = "LIMIT ". $_GET["limit"];
$offset = "OFFSET ".$_GET["limit"] * ($page-1);
}else{
$limitInt = 25;
$limit = "LIMIT ". 25;
$offset = "OFFSET ". 25 * ($page-1);
}
......@@ -137,7 +139,7 @@ $events = $bdd->query("SELECT * FROM `vbcms-events` ORDER BY $orderBy $order $li
echo'<a href="?'.http_build_query($query).'" class="btn btn-outline-brown">Précédent</a>';
}
$count = $bdd->query("SELECT COUNT(*) FROM `vbcms-events`")->fetchColumn();
if (($count - $_GET["limit"] * ($page)) > 0){
if (($count - $limitInt * ($page)) > 0){
$query['page'] = $page+1;
echo '<a class="btn btn-outline-brown mx-2" href="?'.http_build_query($query).'">Suivant</a>';
}
......
......@@ -53,7 +53,7 @@ switch ($language) {
if ($folders[1]=="vbcms-admin") {// Ne s'éxecute que si l'on n'est sur le panneau admin
if (!isset($_SESSION["user_id"])) { // Si l'utilisateur n'est pas connecté
if (basename($_SERVER['PHP_SELF'])!="login.php") { // Évite les boucles de redirection
if (basename($_SERVER['PHP_SELF'])!="login.php" && !isset($jsonData) && !isset($jsonData->error)) { // Évite les boucles de redirection
header("Location: https://vbcms.net/manager/login?from=".urlencode("$http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']));
}
......
......@@ -7,8 +7,18 @@ if (isset($_GET["session"]) && !empty($_GET["session"])) {
session_unset();
}
$json = file_get_contents("https://api.vbcms.net/auth/v1/checkToken/?token=".$_GET["session"]."&ip=".urlencode($ip));
$encryptionKey = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='encryptionKey'")->fetchColumn();
$serverId = $bdd->query("SELECT value FROM `vbcms-settings` WHERE name='serverId'")->fetchColumn();
$json = file_get_contents("https://api.vbcms.net/auth/v1/checkToken/?token=".$_GET["session"]."&ip=".urlencode($ip)."&serverId=".$serverId);
//echo $json;
$jsonData = json_decode($json);
if (isset($jsonData) && !isset($jsonData->error)) {
if ($jsonData->user_id ==0) {
//Connexion par vbcms
$_SESSION["user_id"] = 0;
$_SESSION["user_role"] = "owner";
}else{
foreach ($jsonData as $key => $value) {
$_SESSION[$key] = $value;
}
......@@ -17,6 +27,13 @@ if (isset($_GET["session"]) && !empty($_GET["session"])) {
unset($newUrl["session"]); // Je vide session
$newUrl = http_build_query($newUrl); // J'encode les nouveaux paramètres
header("Location: ".$url["scheme"]."://".$url["host"].$url["path"]."?$newUrl"); // Et je renvoie vers la nouvelle url
}
} elseif(isset($jsonData) && isset($jsonData->error)){
echo $json;
}
} elseif (isset($_GET["logout"]) && isset($_SESSION["user_id"])){
// Ne s'éxecutera que si l'utilisateur est déjà connecté
session_destroy();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment