From 98108a1c56b26069b880f2a5483a56978558d6c9 Mon Sep 17 00:00:00 2001
From: SofianeLasri <alasri250@gmail.com>
Date: Fri, 13 Aug 2021 13:10:32 +0200
Subject: [PATCH] 13H10 - Nv comptes
---
vbcms-admin/backTasks.php | 4 +-
vbcms-admin/debug.php | 150 ++++++++++++++++++++++++
vbcms-admin/includes/settings/users.php | 90 +++++++-------
vbcms-admin/index.php | 10 +-
vbcms-content/translations/FR.php | 4 +-
vbcms-core/functions.php | 2 +-
vbcms-core/sessionHandler.php | 34 ++++--
7 files changed, 227 insertions(+), 67 deletions(-)
create mode 100644 vbcms-admin/debug.php
diff --git a/vbcms-admin/backTasks.php b/vbcms-admin/backTasks.php
index 047d598..4086b01 100644
--- a/vbcms-admin/backTasks.php
+++ b/vbcms-admin/backTasks.php
@@ -184,8 +184,8 @@ if (isset($_GET["getNotifications"])) {
} elseif (isset($_GET["changeUserGroup"])&&!empty($_GET["changeUserGroup"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
$modificationDetail = json_decode($_GET["changeUserGroup"], true);
- $query = $bdd->prepare("UPDATE `vbcms-users` SET `groupId` = ? WHERE `vbcms-users`.`netId` = ?");
- $query->execute([$modificationDetail['groupId'], $modificationDetail['netId']]);
+ $query = $bdd->prepare("UPDATE `vbcms-users` SET `groupId` = ? WHERE `vbcms-users`.`id` = ?");
+ $query->execute([$modificationDetail['groupId'], $modificationDetail['id']]);
} elseif (isset($_GET["getPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'viewPermissions')){
if(!empty($_GET["getPermissions"])){
diff --git a/vbcms-admin/debug.php b/vbcms-admin/debug.php
new file mode 100644
index 0000000..0a16d64
--- /dev/null
+++ b/vbcms-admin/debug.php
@@ -0,0 +1,150 @@
+<?php
+$url = "$http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+if(isset($_GET["orderBy"])) $orderBy = $_GET["orderBy"];
+else $orderBy = "id";
+
+if(isset($_GET["order"])) $order = $_GET["order"];
+else $order = "ASC";
+
+if($order=="ASC") $orderInverse = "DESC";
+else $orderInverse = "ASC";
+
+if(isset($_GET["page"])) $page = $_GET["page"];
+else{
+ $query = parse_url($url, PHP_URL_QUERY);
+ if ($query) {
+ $url .= '&page=1';
+ } else {
+ $url .= '?page=1';
+ }
+ header("Location: $url");
+}
+
+if(isset($_GET["limit"])){
+ $limitInt = $_GET["limit"];
+ $limit = "LIMIT ". $_GET["limit"];
+ $offset = "OFFSET ".$_GET["limit"] * ($page-1);
+}else{
+ $limitInt = 25;
+ $limit = "LIMIT ". 25;
+ $offset = "OFFSET ". 25 * ($page-1);
+}
+
+if (isset($_POST['viewAll'])) {
+ $offset = "";
+ $limit = "";
+
+ $query = parse_url($url, PHP_URL_QUERY);
+ if ($query) {
+ $url .= '&viewAll';
+ } else {
+ $url .= '?viewAll';
+ }
+ header("Location: $url");
+} elseif(isset($_POST['showItemsNumber'])){
+ $limit = "LIMIT ".$_POST['showItemsNumber'];
+ $offset = "OFFSET ".$_POST['showItemsNumber'] * ($page-1);
+
+ $query = parse_url($url, PHP_URL_QUERY);
+ if ($query) {
+ $url .= '&limit='.$_POST['showItemsNumber'];
+ } else {
+ $url .= '?limit='.$_POST['showItemsNumber'];
+ }
+ header("Location: $url");
+}
+
+$events = $bdd->query("SELECT * FROM `vbcms-events` ORDER BY $orderBy $order $limit $offset")->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title><?=VBcmsGetSetting("websiteName")?> | Debug Mode</title>
+ <?php include 'includes/depedencies.php';?>
+</head>
+<body>
+ <?php
+ include ('includes/navbar.php');
+ ?>
+
+ <!-- Contenu -->
+ <div class="page-content" leftSidebar="240" rightSidebar="0">
+ <h3>Debug Mode</h3>
+ <p>Si un problème intervient, il sera peut-être répertorié ici. <strong>Les évènements de plus de 30 jours sont supprimés.</strong></p>
+
+ <div class="mt-5">
+ <h5>Évènements</h5>
+ <form class="form-inline mb-2" method="POST">
+ <div class="form-check">
+ <input class="form-check-input" type="checkbox" value="" name="viewAll">
+ <label class="form-check-label">Tout voir</label>
+ </div>
+ <div class="form-group mx-sm-3">
+ <label>Nombre d'éléments à afficher</label>
+ <select class="form-control form-control-sm" name="showItemsNumber">
+ <option>25</option>
+ <option>50</option>
+ <option>100</option>
+ <option>250</option>
+ <option>500</option>
+ </select>
+ </div>
+ <button type="submit" class="btn btn-brown btn-sm">Appliquer</button>
+ </form>
+ <table class="table">
+ <thead class="thead-brown">
+ <tr>
+ <th scope="col"><a id="id" href="?orderBy=id&order=<?=$orderInverse?>" class="text-white">ID</a></th>
+ <th scope="col"><a id="date" href="?orderBy=date&order=<?=$orderInverse?>" class="text-white">Date</a></th>
+ <th scope="col"><a id="module" href="?orderBy=module&order=<?=$orderInverse?>" class="text-white">Module</a></th>
+ <th scope="col"><a id="content" href="?orderBy=content&order=<?=$orderInverse?>" class="text-white">Content</a></th>
+ <th scope="col"><a id="url" href="?orderBy=url&order=<?=$orderInverse?>" class="text-white">Url</a></th>
+ <th scope="col"><a id="ip" href="?orderBy=ip&order=<?=$orderInverse?>" class="text-white">IP</a></th>
+ </tr>
+ </thead>
+ <tbody>
+ <!--
+ <tr>
+ <th scope="row">1</th>
+ <td>11/12/2001</td>
+ <td>vbcms-website</td>
+ <td>Load page /index.php</td>
+ <td>https://vbcms.net/</td>
+ <td>Un ip</td>
+ </tr>
+ -->
+ <?php
+ foreach ($events as $event) {
+ echo '<tr>
+ <th scope="row">'.$event['id'].'</th>
+ <td>'.$event['date'].'</td>
+ <td>'.$event['module'].'</td>
+ <td>'.$event['content'].'</td>
+ <td>'.$event['url'].'</td>
+ <td>'.$event['ip'].'</td>
+ </tr>';
+ }
+ ?>
+ </tbody>
+ </table>
+
+ <span>
+ <?php
+ $query = $_GET;
+
+
+ if($page != 1){
+ $query['page'] = $page-1;
+ echo'<a href="?'.http_build_query($query).'" class="btn btn-outline-brown">Précédent</a>';
+ }
+ $count = $bdd->query("SELECT COUNT(*) FROM `vbcms-events`")->fetchColumn();
+ if (($count - $limitInt * ($page)) > 0){
+ $query['page'] = $page+1;
+ echo '<a class="btn btn-outline-brown mx-2" href="?'.http_build_query($query).'">Suivant</a>';
+ }
+ ?></span>
+ </div>
+ </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/vbcms-admin/includes/settings/users.php b/vbcms-admin/includes/settings/users.php
index 04d48a0..90e6d76 100644
--- a/vbcms-admin/includes/settings/users.php
+++ b/vbcms-admin/includes/settings/users.php
@@ -27,26 +27,20 @@
$users=$users->fetchAll(PDO::FETCH_ASSOC);
foreach($users as $user){
- $userProfilPic = file_get_contents("https://api.vbcms.net/profiles/v1/get/".$user['netId']);
- if(isJson($userProfilPic)){
- $userProfilPic = json_decode($userProfilPic, true);
- $userProfilPic = $userProfilPic['profilePic'];
- } else {
- // Ici on a soit pas trouvé l'utilisateur, soit les serveurs sont down
- // Du coup on va check dans localAccounts
- $userProfilPic = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
- $userProfilPic->execute([$user['netId']]);
- $userProfilPic=$userProfilPic->fetch(PDO::FETCH_ASSOC);
- if(!empty($userProfilPic)){
- $userProfilPic = $userProfilPic['profilePic'];
- }else{
- // Ici l'utilisateur n'existe pas dans la liste des comptes locaux
- // Donc on va lui mettre une image placeholder
- $userProfilPic = VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png";
- }
+ $userProfilPic = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'profilPic'");
+ $userProfilPic->execute([$user['id']]);
+ $userProfilPic=$userProfilPic->fetchColumn();
+ if(empty($userProfilPic)){
+ $userProfilPic = VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png";
}
-
- $joinedDate = new DateTime($user['localJoinedDate']);
+
+ $joinedDate = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'joinedDate'");
+ $joinedDate->execute([$user['id']]);
+ $joinedDate = $joinedDate->fetchColumn();
+ if(!empty($joinedDate)) {
+ $joinedDate = new DateTime($joinedDate);
+ $joinedDate = $joinedDate->format('l jS F Y');
+ } else $joinedDate = translate('unknownF');
$groupsOptions = null;
foreach($userGroups as $userGroup){
@@ -54,40 +48,36 @@
else $groupsOptions = $groupsOptions."<option value='".$userGroup['groupId']."'>".translate($userGroup['groupName'])."</option>";
}
-
- if($user['username'] != $_SESSION['user_username']){
- echo ('<div class="userCard d-flex flex-column">
+ echo ('<div class="userCard d-flex flex-column">
<div class="d-flex">
<div class="userProfilPic" style="background-image:url(\''.$userProfilPic.'\')"></div>
<div class="ml-2">
<h6 class="mb-n1">'.$user['username'].'</h6>
- <small class="text-muted">'.translate('joinedOn').': '. $joinedDate->format('l jS F Y').'</small><br>
- <small><a href="#" onclick="toogle(\'edit-'.$user['username'].'\')" class="text-brown">'.translate("modifyUser").'</a> <a href="#" onclick="editLocalAccount(\''.$user['netId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a></small>
- </div>
+ <small class="text-muted"><strong>Auth:</strong>'.$user['auth'].' <strong>'.translate('joinedOn').'</strong>: '. $joinedDate.'</small><br>
+ <small>');
+ if($user['id']!=$_SESSION['user_id']){
+ echo ('<a href="#" onclick="toogle(\'edit-'.$user['username'].'\')" class="text-brown">'.translate("modifyUser").'</a>');
+ }
+ if($user['auth']=='vbcms.net'){
+ echo('<a href="#" onclick="editLocalAccount(\''.$user['authId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a>');
+ }
+ echo('</small></div>
</div>');
echo ('<div id="edit-'.$user['username'].'" style="display: none;"><div class="d-flex flex-column mt-2"">
- <div class="form-inline">
- <label>Changer de groupe</label>
- <select class="form-control form-control-sm flex-grow-1 ml-2" id="groupUser'.$user['netId'].'" onchange="changeUserGroup('.$user['netId'].')">
- '.$groupsOptions.'
- </select>
- </div>
- <div class="d-flex mt-2">
- <button class="btn btn-sm btn-brown">Modifier ses permissions</button>
- <button class="btn btn-sm btn-danger ml-2">Expulser</button>
- </div>
- </div></div>');
- }else{
- echo ('<div class="userCard d-flex flex-column">
- <div class="d-flex">
- <div class="userProfilPic" style="background-image:url(\''.$userProfilPic.'\')"></div>
- <div class="ml-2">
- <h6 class="mb-n1">'.$user['username'].'</h6>
- <small class="text-muted">'.translate('joinedOn').': '. $joinedDate->format('l jS F Y').'</small><br>
- <small class="text-brown"><a href="#" onclick="editLocalAccount(\''.$user['netId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a></small>
- </div>
- </div>');
- }
+ <div class="form-inline">
+ <label>Changer de groupe</label>
+ <select class="form-control form-control-sm flex-grow-1 ml-2" id="groupUser'.$user['id'].'" onchange="changeUserGroup('.$user['id'].')">
+ '.$groupsOptions.'
+ </select>
+ </div>
+ <div class="d-flex mt-2">
+ <button class="btn btn-sm btn-brown">Modifier ses permissions</button>');
+ if($user['id']!=$_SESSION['user_id']){
+ echo('<button class="btn btn-sm btn-danger ml-2">Expulser</button>');
+ }
+ echo('</div>
+ </div>');
+ echo('</div>');
echo ('</div>');
}
echo "</div></div>";
@@ -259,10 +249,10 @@ function sendLocalAccountInfos(netId){
});
}
-function changeUserGroup(netId){
+function changeUserGroup(id){
var array = {
- netId: netId,
- groupId: $("#groupUser"+netId).val()
+ id: id,
+ groupId: $("#groupUser"+id).val()
};
$.get("<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks/?changeUserGroup="+JSON.stringify(array), function(data) {
if(data!=""){
diff --git a/vbcms-admin/index.php b/vbcms-admin/index.php
index 9f932d4..3cf2203 100644
--- a/vbcms-admin/index.php
+++ b/vbcms-admin/index.php
@@ -7,18 +7,18 @@ if ($isUpToDate == 1) {
} else {
$updateMessage = translate("isNotUpToDate");
}
-if($_SESSION['loginType']=='vbcms-account'){
+if($_SESSION['auth']=='vbcms.net'){
$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
- $userHasLocalAccount->execute([$_SESSION['user_id']]);
+ $userHasLocalAccount->execute([$_SESSION['netId']]);
$userHasLocalAccount = $userHasLocalAccount->fetch(PDO::FETCH_ASSOC);
if(empty($userHasLocalAccount)){
if(isset($_POST['localUserUsername']) && !empty($_POST['localUserUsername'])){
- $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`, `profilePic`) VALUES (NULL, ?,?,?,?)');
- $query->execute([$_SESSION['user_id'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_SESSION['user_profilePic']]);
+ $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`) VALUES (NULL, ?,?,?)');
+ $query->execute([$_SESSION['netId'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT)]);
$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
- $userHasLocalAccount->execute([$_SESSION['user_id']]);
+ $userHasLocalAccount->execute([$_SESSION['netId']]);
$userHasLocalAccount = $userHasLocalAccount->fetch(PDO::FETCH_ASSOC);
if(empty($userHasLocalAccount)){
$localAccountCreationSuccess=false;
diff --git a/vbcms-content/translations/FR.php b/vbcms-content/translations/FR.php
index 7b2076b..eefc117 100644
--- a/vbcms-content/translations/FR.php
+++ b/vbcms-content/translations/FR.php
@@ -110,8 +110,8 @@ $translation["noPostData"] = "Pas de donnée POST :(";
$translation["modifyLocalAccount"] = "Modifier le compte local";
$translation["createGroup"] = "Créer un groupe";
$translation["deleteGroup"] = "Supprimer le groupe";
-$translation["sample"] = "sample";
-$translation["sample"] = "sample";
+$translation["unknown"] = "Inconnu";
+$translation["unknownF"] = "Inconnue";
$translation["sample"] = "sample";
$translation["sample"] = "sample";
$translation["sample"] = "sample";
diff --git a/vbcms-core/functions.php b/vbcms-core/functions.php
index 4f1d91e..5087700 100644
--- a/vbcms-core/functions.php
+++ b/vbcms-core/functions.php
@@ -181,7 +181,7 @@ function adminNavbarAddItem($moduleName, $icon, $name, $link){
function verifyUserPermission($userId, $extensionName, $permission){
global $bdd;
// On va récupérer les infos de l'utilisateur
- $userInfos = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
+ $userInfos = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE id=?");
$userInfos->execute([$userId]);
$userInfos = $userInfos->fetch(PDO::FETCH_ASSOC);
diff --git a/vbcms-core/sessionHandler.php b/vbcms-core/sessionHandler.php
index 504ce34..dca843f 100644
--- a/vbcms-core/sessionHandler.php
+++ b/vbcms-core/sessionHandler.php
@@ -11,12 +11,17 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
$sessionData = json_decode($sessionJson, true);
if (isset($sessionData) && !isset($sessionData['error'])) {
+ // VBcms.net renvoie user_id, mais nous ici on va le renommer en netId car c'est propre à l'authentification du drm
+ $sessionData['auth'] = 'vbcms.net';
+ $sessionData["netId"] = $sessionData["user_id"];
+ unset($sessionData["user_id"]);
+
// On va rechercher dans la liste des utilisateurs si cet user est présent ou non
- $userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
- $userExistInDB->execute([$sessionData["user_id"]]);
+ $userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
+ $userExistInDB->execute([$sessionData["netId"]]);
$userExistInDB = $userExistInDB->fetch(PDO::FETCH_ASSOC);
if(empty($userExistInDB)){
- // On va l'insérer
+ // A CHANGER
if($sessionData["user_role"]=="owner")
$userGroupID = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'superadmins'")->fetchColumn();
elseif($sessionData["user_role"]=="admin")
@@ -24,15 +29,30 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
else
$userGroupID = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'users'")->fetchColumn();
- $userExistInDB = $bdd->prepare("INSERT INTO `vbcms-users` (`netId`, `username`, `localLanguage`, `localJoinedDate`, `groupId`) VALUES (?,?,?,?,?)");
- $userExistInDB->execute([$sessionData["user_id"], $sessionData["user_username"], $sessionData["language"], date("Y-m-d H:i:s"), $userGroupID]);
+ ///////
+
+
+ $userExistInDB = $bdd->prepare("INSERT INTO `vbcms-users` (`id`,`auth`,`authId`, `username`, `groupId`) VALUES (NULL,'vbcms.net',?,?,?)");
+ $userExistInDB->execute([$sessionData["netId"], $sessionData["user_username"], $userGroupID]);
// Maintenant on va revérifier
- $userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
- $userExistInDB->execute([$sessionData["user_id"]]);
+ $userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
+ $userExistInDB->execute([$sessionData["netId"]]);
$userExistInDB = $userExistInDB->fetch(PDO::FETCH_ASSOC);
+
+ $insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
+ $insertSettings->execute([$userExistInDB['id'], 'profilPic', $sessionData["user_profilePic"]]);
+ $insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
+ $insertSettings->execute([$userExistInDB['id'], 'joinedDate', date("Y-m-d H:i:s")]);
}
+ // On va pouvoir associer l'id local
+ $sessionData['user_id'] = $userExistInDB['id'];
+
+ // On va mettre à jour son image de profil
+ $insertSettings = $bdd->prepare("UPDATE `vbcms-usersSettings` SET `value` = ? WHERE `vbcms-usersSettings`.`userId` = ? AND `vbcms-usersSettings`.`name` = 'profilPic'");
+ $insertSettings->execute([$sessionData["user_profilePic"], $sessionData['user_id']]);
+
// On va chercher le groupe auquel il appartient
$userGroup = $bdd->prepare("SELECT * FROM `vbcms-userGroups` WHERE groupId=?");
$userGroup->execute([$userExistInDB["groupId"]]);
--
GitLab