diff --git a/action.php b/action.php index c8ec748..ae0b1a7 100644 --- a/action.php +++ b/action.php @@ -32,7 +32,7 @@ function returnToSender($msg, $arg = "") { switch ($VARS['action']) { case "signout": session_destroy(); - header('Location: index.php'); + header('Location: index.php?logout=1'); die("Logged out."); case "savenote": if (!isset($VARS['content']) || empty($VARS['noteid'])) { @@ -81,7 +81,7 @@ switch ($VARS['action']) { echo $note->getHTML(false); break; case "odt": - if (PANDOC_BIN != "") { + if ($SETTINGS['pandoc'] != "") { header("Content-Type: application/vnd.oasis.opendocument.text"); header("Content-disposition: attachment; filename=\"" . $note->getCleanTitle() . "_" . $note->getModified() . ".odt\""); $pandoc = new Pandoc\Pandoc(); diff --git a/api.php b/api.php index 03178ea..d68b923 100644 --- a/api.php +++ b/api.php @@ -4,35 +4,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/** - * Simple JSON API to allow other apps to access data from this app. - * - * Requests can be sent via either GET or POST requests. POST is recommended - * as it has a lower chance of being logged on the server, exposing unencrypted - * user passwords. - */ -require __DIR__ . '/required.php'; -header("Content-Type: application/json"); -$username = $VARS['username']; -$password = $VARS['password']; -$user = User::byUsername($username); -if ($user->exists() !== true || Login::auth($username, $password) !== Login::LOGIN_OK) { - header("HTTP/1.1 403 Unauthorized"); - die("\"403 Unauthorized\""); -} - -// query max results -$max = 20; -if (preg_match("/^[0-9]+$/", $VARS['max']) === 1 && $VARS['max'] <= 1000) { - $max = (int) $VARS['max']; -} - -switch ($VARS['action']) { - case "ping": - $out = ["status" => "OK", "maxresults" => $max, "pong" => true]; - exit(json_encode($out)); - default: - header("HTTP/1.1 400 Bad Request"); - die("\"400 Bad Request\""); -} \ No newline at end of file +// Load in new API from legacy location (a.k.a. here) +require __DIR__ . "/api/index.php"; \ No newline at end of file diff --git a/api/.htaccess b/api/.htaccess new file mode 100644 index 0000000..9a4efe4 --- /dev/null +++ b/api/.htaccess @@ -0,0 +1,5 @@ +# Rewrite for Nextcloud Notes API + + RewriteEngine on + RewriteRule ([a-zA-Z0-9]+) index.php?action=$1 [PT] + \ No newline at end of file diff --git a/api/actions/ping.php b/api/actions/ping.php new file mode 100644 index 0000000..c764967 --- /dev/null +++ b/api/actions/ping.php @@ -0,0 +1,9 @@ + [ + "load" => "ping.php", + "vars" => [ + ] + ] +]; diff --git a/api/functions.php b/api/functions.php new file mode 100644 index 0000000..78e84c1 --- /dev/null +++ b/api/functions.php @@ -0,0 +1,123 @@ + 5) { + for ($i = 2; $i < strlen($key) - 2; $i++) { + $resp[$i] = "*"; + } + } + return $resp; +} + +/** + * Check if the request is allowed + * @global type $VARS + * @global type $database + * @return bool true if the request should continue, false if the request is bad + */ +function authenticate(): bool { + global $VARS, $database; + if (empty($VARS['key'])) { + return false; + } else { + $key = $VARS['key']; + if ($database->has('apikeys', ['key' => $key]) !== TRUE) { + engageRateLimit(); + http_response_code(403); + Log::insert(LogType::API_BAD_KEY, null, "Key: " . $key); + return false; + } + } + return true; +} + +function checkVars($vars, $or = false) { + global $VARS; + $ok = []; + foreach ($vars as $key => $val) { + if (strpos($key, "OR") === 0) { + checkVars($vars[$key], true); + continue; + } + + // Only check type of optional variables if they're set, and don't + // mark them as bad if they're not set + if (strpos($key, " (optional)") !== false) { + $key = str_replace(" (optional)", "", $key); + if (empty($VARS[$key])) { + continue; + } + } else { + if (empty($VARS[$key])) { + $ok[$key] = false; + continue; + } + } + $checkmethod = "is_$val"; + if ($checkmethod($VARS[$key]) !== true) { + $ok[$key] = false; + } else { + $ok[$key] = true; + } + } + if ($or) { + $success = false; + $bad = ""; + foreach ($ok as $k => $v) { + if ($v) { + $success = true; + break; + } else { + $bad = $k; + } + } + if (!$success) { + http_response_code(400); + die("400 Bad request: variable $bad is missing or invalid"); + } + } else { + foreach ($ok as $key => $bool) { + if (!$bool) { + http_response_code(400); + die("400 Bad request: variable $key is missing or invalid"); + } + } + } +} diff --git a/api/index.php b/api/index.php new file mode 100644 index 0000000..59d0c2a --- /dev/null +++ b/api/index.php @@ -0,0 +1,77 @@ + 1) { + $VARS["action"] = $route[0]; + } + if (count($route) >= 2 && strpos($route[1], "?") !== 0) { + $VARS["key"] = $route[1]; + + for ($i = 2; $i < count($route); $i++) { + $key = explode("=", $route[$i], 2)[0]; + $val = explode("=", $route[$i], 2)[1]; + $VARS[$key] = $val; + } + } + + if (strpos($route[count($route) - 1], "?") === 0) { + $morevars = explode("&", substr($route[count($route) - 1], 1)); + foreach ($morevars as $var) { + $key = explode("=", $var, 2)[0]; + $val = explode("=", $var, 2)[1]; + $VARS[$key] = $val; + } + } +} + +if (!authenticate()) { + http_response_code(403); + die("403 Unauthorized"); +} + +if (empty($VARS['action'])) { + http_response_code(404); + die("404 No action specified"); +} + +if (!isset($APIS[$VARS['action']])) { + http_response_code(404); + die("404 Action not defined"); +} + +$APIACTION = $APIS[$VARS["action"]]; + +if (!file_exists(__DIR__ . "/actions/" . $APIACTION["load"])) { + http_response_code(404); + die("404 Action not found"); +} + +if (!empty($APIACTION["vars"])) { + checkVars($APIACTION["vars"]); +} + +require_once __DIR__ . "/actions/" . $APIACTION["load"]; diff --git a/app.php b/app.php index c0ad3e0..fa55ca5 100644 --- a/app.php +++ b/app.php @@ -39,7 +39,7 @@ header("Link: ; rel=preload; as=script", fals - <?php echo SITE_TITLE; ?> + <?php echo $SETTINGS['site_title']; ?> @@ -127,7 +127,7 @@ END; - +
-
- Copyright © +
+ Copyright ©
diff --git a/cron.php b/cron.php index 101ef2f..92b936a 100644 --- a/cron.php +++ b/cron.php @@ -13,20 +13,20 @@ $libs = glob(__DIR__ . "/lib/*.lib.php"); foreach ($libs as $lib) { require_once $lib; } -$Strings = new Strings(LANGUAGE); -date_default_timezone_set(TIMEZONE); +$Strings = new Strings($SETTINGS['language']); +date_default_timezone_set($SETTINGS['timezone']); use Medoo\Medoo; $database; try { $database = new Medoo([ - 'database_type' => DB_TYPE, - 'database_name' => DB_NAME, - 'server' => DB_SERVER, - 'username' => DB_USER, - 'password' => DB_PASS, - 'charset' => DB_CHARSET + 'database_type' => $SETTINGS['database']['type'], + 'database_name' => $SETTINGS['database']['name'], + 'server' => $SETTINGS['database']['server'], + 'username' => $SETTINGS['database']['user'], + 'password' => $SETTINGS['database']['password'], + 'charset' => $SETTINGS['database']['charset'] ]); } catch (Exception $ex) { echo "Database error: $ex\n"; @@ -51,7 +51,7 @@ foreach ($reminders as $r) { $lines = explode("\n", $note->getText(), $linelimit); if (count($lines) == $linelimit) { array_pop($lines); - $lines[] = $Strings->build("Open {app} to read more", ["app" => SITE_TITLE], false); + $lines[] = $Strings->build("Open {app} to read more", ["app" => $SETTINGS['site_title']], false); } $content = implode("\n", $lines); Notifications::add($note->getOwner(), $Strings->get("Note Reminder", false), $content); diff --git a/index.php b/index.php index 1f8f76f..e4cafd8 100644 --- a/index.php +++ b/index.php @@ -1,175 +1,115 @@ get("no access permission", false); -} +if (!empty($_GET['logout'])) { + // Show a logout message instead of immediately redirecting to login flow + ?> + + + + -/* Authenticate user */ -$userpass_ok = false; -$multiauth = false; -if (Login::checkLoginServer()) { - if (empty($VARS['progress'])) { - // Easy way to remove "undefined" warnings. - } else if ($VARS['progress'] == "1") { - if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) { - $autherror = ""; - $user = User::byUsername($VARS['username']); - if ($user->exists()) { - $status = $user->getStatus()->getString(); - switch ($status) { - case "LOCKED_OR_DISABLED": - $alert = $Strings->get("account locked", false); - break; - case "TERMINATED": - $alert = $Strings->get("account terminated", false); - break; - case "CHANGE_PASSWORD": - $alert = $Strings->get("password expired", false); - break; - case "NORMAL": - $username_ok = true; - break; - case "ALERT_ON_ACCESS": - $mail_resp = $user->sendAlertEmail(); - if (DEBUG) { - var_dump($mail_resp); - } - $username_ok = true; - break; - default: - if (!empty($error)) { - $alert = $error; - } else { - $alert = $Strings->get("login error", false); - } - break; - } - if ($username_ok) { - if ($user->checkPassword($VARS['password'])) { - $_SESSION['passok'] = true; // stop logins using only username and authcode - if ($user->has2fa()) { - $multiauth = true; - } else { - Session::start($user); - header('Location: app.php'); - die("Logged in, go to app.php"); - } - } else { - $alert = $Strings->get("login incorrect", false); - } - } - } else { // User does not exist anywhere - $alert = $Strings->get("login incorrect", false); - } - } else { - $alert = $Strings->get("captcha error", false); + <?php echo $SETTINGS['site_title']; ?> + + + + + + + +
-
- +
+
-
-
-
-
-
get("sign in"); ?>
-
- -
- -
- - " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
- " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" />
- -
-
- - - -
- get("2fa prompt"); ?> -
- " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
- - - - -
+ +
+

get("You have been logged out.") ?>

+
+ +
+
+
+ get("Log in again"); ?> +
-
-
- Copyright © -
- - - - \ No newline at end of file + + + $_SESSION["login_code"]]); + if ($uidinfo["status"] == "ERROR") { + throw new Exception(); + } + if (is_numeric($uidinfo['uid'])) { + $user = new User($uidinfo['uid'] * 1); + Session::start($user); + $_SESSION["login_code"] = null; + header('Location: app.php'); + die("Logged in, go to app.php"); + } else { + throw new Exception(); + } + } catch (Exception $ex) { + $redirecttologin = true; + } +} + +if ($redirecttologin) { + try { + $urlbase = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : ""); + $iconurl = $urlbase . str_replace("index.php", "", $_SERVER["REQUEST_URI"]) . "static/img/logo.svg"; + $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"], "appicon" => $iconurl]); + + if ($codedata['status'] != "OK") { + throw new Exception($Strings->get("login server unavailable", false)); + } + + $redirecturl = $urlbase . $_SERVER['REQUEST_URI']; + + $_SESSION["login_code"] = $codedata["code"]; + + header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl)); + } catch (Exception $ex) { + sendError($ex->getMessage()); + } +} \ No newline at end of file diff --git a/langs/en/core.json b/langs/en/core.json index 5e55996..20eac0a 100644 --- a/langs/en/core.json +++ b/langs/en/core.json @@ -1,17 +1,7 @@ { - "sign in": "Sign In", - "username": "Username", - "password": "Password", - "continue": "Continue", - "authcode": "Authentication code", - "2fa prompt": "Enter the six-digit code from your mobile authenticator app.", - "2fa incorrect": "Authentication code incorrect.", - "login incorrect": "Login incorrect.", + "You have been logged out.": "You have been logged out.", + "Log in again": "Log in again", "login server unavailable": "Login server unavailable. Try again later or contact technical support.", - "account locked": "This account has been disabled. Contact technical support.", - "password expired": "You must change your password before continuing.", - "account terminated": "Account terminated. Access denied.", - "account state error": "Your account state is not stable. Log out, restart your browser, and try again.", "welcome user": "Welcome, {user}!", "sign out": "Sign out", "settings": "Settings", diff --git a/lib/AccountHubApi.lib.php b/lib/AccountHubApi.lib.php new file mode 100644 index 0000000..4d23f9e --- /dev/null +++ b/lib/AccountHubApi.lib.php @@ -0,0 +1,56 @@ + $action, + "key" => $SETTINGS['accounthub']['key'] + ]; + if (!is_null($data)) { + $content = array_merge($content, $data); + } + $options = [ + 'http' => [ + 'method' => 'POST', + 'content' => json_encode($content), + 'header' => "Content-Type: application/json\r\n" . + "Accept: application/json\r\n", + "ignore_errors" => true + ] + ]; + + $context = stream_context_create($options); + $result = file_get_contents($SETTINGS['accounthub']['api'], false, $context); + $response = json_decode($result, true); + if ($result === false || !AccountHubApi::checkHttpRespCode($http_response_header) || json_last_error() != JSON_ERROR_NONE) { + if ($throwex) { + throw new Exception($result); + } else { + sendError($result); + } + } + return $response; + } + + private static function checkHttpRespCode(array $headers): bool { + foreach ($headers as $header) { + if (preg_match("/HTTP\/[0-9]\.[0-9] [0-9]{3}.*/", $header)) { + $respcode = explode(" ", $header)[1] * 1; + if ($respcode >= 200 && $respcode < 300) { + return true; + } + } + } + return false; + } + +} diff --git a/lib/FormBuilder.lib.php b/lib/FormBuilder.lib.php new file mode 100644 index 0000000..fddbff2 --- /dev/null +++ b/lib/FormBuilder.lib.php @@ -0,0 +1,257 @@ +title = $title; + $this->icon = $icon; + $this->action = $action; + $this->method = $method; + } + + /** + * Set the title of the form. + * @param string $title + */ + public function setTitle(string $title) { + $this->title = $title; + } + + /** + * Set the icon for the form. + * @param string $icon FontAwesome icon (example: "fas fa-toilet-paper") + */ + public function setIcon(string $icon) { + $this->icon = $icon; + } + + /** + * Set the URL the form will submit to. + * @param string $action + */ + public function setAction(string $action) { + $this->action = $action; + } + + /** + * Set the form submission method (GET, POST, etc) + * @param string $method + */ + public function setMethod(string $method = "POST") { + $this->method = $method; + } + + /** + * Set the form ID. + * @param string $id + */ + public function setID(string $id = "editform") { + $this->id = $id; + } + + /** + * Add an input to the form. + * + * @param string $name Element name + * @param string $value Element value + * @param string $type Input type (text, number, date, select, tel...) + * @param bool $required If the element is required for form submission. + * @param string $id Element ID + * @param array $options Array of [value => text] pairs for a select element + * @param string $label Text label to display near the input + * @param string $icon FontAwesome icon (example: "fas fa-toilet-paper") + * @param int $width Bootstrap column width for the input, out of 12. + * @param int $minlength Minimum number of characters for the input. + * @param int $maxlength Maximum number of characters for the input. + * @param string $pattern Regex pattern for custom client-side validation. + * @param string $error Message to show if the input doesn't validate. + */ + public function addInput(string $name, string $value = "", string $type = "text", bool $required = true, string $id = null, array $options = null, string $label = "", string $icon = "", int $width = 4, int $minlength = 1, int $maxlength = 100, string $pattern = "", string $error = "") { + $item = [ + "name" => $name, + "value" => $value, + "type" => $type, + "required" => $required, + "label" => $label, + "icon" => $icon, + "width" => $width, + "minlength" => $minlength, + "maxlength" => $maxlength + ]; + if (!empty($id)) { + $item["id"] = $id; + } + if (!empty($options) && $type == "select") { + $item["options"] = $options; + } + if (!empty($pattern)) { + $item["pattern"] = $pattern; + } + if (!empty($error)) { + $item["error"] = $error; + } + $this->items[] = $item; + } + + /** + * Add a button to the form. + * + * @param string $text Text string to show on the button. + * @param string $icon FontAwesome icon to show next to the text. + * @param string $href If not null, the button will actually be a hyperlink. + * @param string $type Usually "button" or "submit". Ignored if $href is set. + * @param string $id The element ID. + * @param string $name The element name for the button. + * @param string $value The form value for the button. Ignored if $name is null. + * @param string $class The CSS classes for the button, if a standard success-colored one isn't right. + */ + public function addButton(string $text, string $icon = "", string $href = null, string $type = "button", string $id = null, string $name = null, string $value = "", string $class = "btn btn-success") { + $button = [ + "text" => $text, + "icon" => $icon, + "class" => $class, + "type" => $type, + "id" => $id, + "href" => $href, + "name" => $name, + "value" => $value + ]; + $this->buttons[] = $button; + } + + /** + * Add a hidden input. + * @param string $name + * @param string $value + */ + public function addHiddenInput(string $name, string $value) { + $this->hiddenitems[$name] = $value; + } + + /** + * Generate the form HTML. + * @param bool $echo If false, returns HTML string instead of outputting it. + */ + public function generate(bool $echo = true) { + $html = << +
+

+
+ $this->title +
+

+ +
+
+HTMLTOP; + + foreach ($this->items as $item) { + $required = $item["required"] ? "required" : ""; + $id = empty($item["id"]) ? "" : "id=\"$item[id]\""; + $pattern = empty($item["pattern"]) ? "" : "pattern=\"$item[pattern]\""; + + $itemhtml = ""; + $itemhtml .= << +
+ +
+
+ +
+ITEMTOP; + if (empty($item['type']) || $item['type'] != "select") { + $itemhtml .= << +INPUT; + } else { + $itemhtml .= <<"; + } + + if (!empty($item["error"])) { + $itemhtml .= << + $item[error] +
+ERROR; + } + $itemhtml .= << +
+
\n +ITEMBOTTOM; + $html .= $itemhtml; + } + + $html .= << +
+HTMLBOTTOM; + + if (!empty($this->buttons)) { + $html .= "\n
"; + foreach ($this->buttons as $btn) { + $btnhtml = ""; + $inner = " $btn[text]"; + $id = empty($btn['id']) ? "" : "id=\"$btn[id]\""; + if (!empty($btn['href'])) { + $btnhtml = "$inner"; + } else { + $name = empty($btn['name']) ? "" : "name=\"$btn[name]\""; + $value = (!empty($btn['name']) && !empty($btn['value'])) ? "value=\"$btn[value]\"" : ""; + $btnhtml = ""; + } + $html .= "\n $btnhtml"; + } + $html .= "\n
"; + } + + $html .= "\n
"; + foreach ($this->hiddenitems as $name => $value) { + $value = htmlentities($value); + $html .= "\n "; + } + $html .= "\n\n"; + + if ($echo) { + echo $html; + } + return $html; + } + +} diff --git a/lib/Login.lib.php b/lib/Login.lib.php index fe22a38..b136c6c 100644 --- a/lib/Login.lib.php +++ b/lib/Login.lib.php @@ -74,21 +74,7 @@ class Login { */ public static function checkLoginServer() { try { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "ping" - ] - ]); - - if ($response->getStatusCode() != 200) { - return false; - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("ping"); if ($resp['status'] == "OK") { return true; } else { @@ -107,19 +93,7 @@ class Login { */ function checkAPIKey($key) { try { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => $key, - 'action' => "ping" - ] - ]); - - if ($response->getStatusCode() === 200) { - return true; - } + $resp = AccountHubApi::get("ping", null, true); return false; } catch (Exception $e) { return false; diff --git a/lib/Note.lib.php b/lib/Note.lib.php index c490278..2a4f554 100644 --- a/lib/Note.lib.php +++ b/lib/Note.lib.php @@ -116,6 +116,7 @@ class Note { * @return string */ public function getHTML(bool $fragment = true): string { + global $SETTINGS; $parsedown = new ParsedownCheckbox(); $html = $parsedown->text($this->content); $safehtml = Htmlawed::filter($html, ['safe' => 1]); @@ -126,7 +127,7 @@ class Note { . "\n" . "\n" . "getOwner()->getName()) . "\">\n" - . "\n" + . "\n" . "\n" . "getModified())) . "\">\n" . "\n" diff --git a/lib/Notifications.lib.php b/lib/Notifications.lib.php index c1d93a9..812af26 100644 --- a/lib/Notifications.lib.php +++ b/lib/Notifications.lib.php @@ -32,27 +32,15 @@ class Notifications { $timestamp = date("Y-m-d H:i:s", strtotime($timestamp)); } - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "addnotification", - 'uid' => $user->getUID(), - 'title' => $title, - 'content' => $content, - 'timestamp' => $timestamp, - 'url' => $url, - 'sensitive' => $sensitive - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("addnotification", [ + 'uid' => $user->getUID(), + 'title' => $title, + 'content' => $content, + 'timestamp' => $timestamp, + 'url' => $url, + 'sensitive' => $sensitive + ] + ); if ($resp['status'] == "OK") { return $resp['id'] * 1; } else { diff --git a/lib/User.lib.php b/lib/User.lib.php index 7852e31..763acc5 100644 --- a/lib/User.lib.php +++ b/lib/User.lib.php @@ -17,22 +17,7 @@ class User { public function __construct(int $uid, string $username = "") { // Check if user exists - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "userexists", - 'uid' => $uid - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("userexists", ["uid" => $uid]); if ($resp['status'] == "OK" && $resp['exists'] === true) { $this->exists = true; } else { @@ -43,22 +28,7 @@ class User { if ($this->exists) { // Get user info - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "userinfo", - 'uid' => $uid - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("userinfo", ["uid" => $uid]); if ($resp['status'] == "OK") { $this->uid = $resp['data']['uid'] * 1; $this->username = $resp['data']['username']; @@ -71,22 +41,7 @@ class User { } public static function byUsername(string $username): User { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'username' => $username, - 'action' => "userinfo" - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("userinfo", ["username" => $username]); if (!isset($resp['status'])) { sendError("Login server error: " . $resp); } @@ -105,22 +60,8 @@ class User { if (!$this->exists) { return false; } - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "hastotp", - 'username' => $this->username - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("hastotp", ['username' => $this->username]); if ($resp['status'] == "OK") { return $resp['otp'] == true; } else { @@ -150,23 +91,7 @@ class User { * @return bool */ function checkPassword(string $password): bool { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "auth", - 'username' => $this->username, - 'password' => $password - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password]); if ($resp['status'] == "OK") { return true; } else { @@ -178,23 +103,8 @@ class User { if (!$this->has2fa) { return true; } - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "verifytotp", - 'username' => $this->username, - 'code' => $code - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("verifytotp", ['username' => $this->username, 'code' => $code]); if ($resp['status'] == "OK") { return $resp['valid']; } else { @@ -209,23 +119,7 @@ class User { * @return boolean TRUE if the user has the permission (or admin access), else FALSE */ function hasPermission(string $code): bool { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "permission", - 'username' => $this->username, - 'code' => $code - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("permission", ['username' => $this->username, 'code' => $code]); if ($resp['status'] == "OK") { return $resp['has_permission']; } else { @@ -238,23 +132,7 @@ class User { * @return \AccountStatus */ function getStatus(): AccountStatus { - - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "acctstatus", - 'username' => $this->username - ] - ]); - - if ($response->getStatusCode() > 299) { - sendError("Login server error: " . $response->getBody()); - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("acctstatus", ['username' => $this->username]); if ($resp['status'] == "OK") { return AccountStatus::fromString($resp['account']); } else { @@ -262,24 +140,13 @@ class User { } } - function sendAlertEmail(string $appname = SITE_TITLE) { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "alertemail", - 'username' => $this->username, - 'appname' => SITE_TITLE - ] - ]); - - if ($response->getStatusCode() > 299) { - return "An unknown error occurred."; + function sendAlertEmail(string $appname = null) { + global $SETTINGS; + if (is_null($appname)) { + $appname = $SETTINGS['site_title']; } + $resp = AccountHubApi::get("alertemail", ['username' => $this->username, 'appname' => $SETTINGS['site_title']]); - $resp = json_decode($response->getBody(), TRUE); if ($resp['status'] == "OK") { return true; } else { diff --git a/lib/nextcloudnotes.php b/lib/nextcloudnotes.php index 62f6910..b7b952f 100644 --- a/lib/nextcloudnotes.php +++ b/lib/nextcloudnotes.php @@ -16,7 +16,7 @@ $route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_U // HTTP authentication if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="' . SITE_TITLE . '"'); + header('WWW-Authenticate: Basic realm="' . $SETTINGS['site_title'] . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } else { diff --git a/mobile/index.php b/mobile/index.php index de36d52..dbb10f3 100644 --- a/mobile/index.php +++ b/mobile/index.php @@ -23,21 +23,7 @@ if ($VARS['action'] == "ping") { } function mobile_enabled() { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - 'action' => "mobileenabled" - ] - ]); - - if ($response->getStatusCode() > 299) { - return false; - } - - $resp = json_decode($response->getBody(), TRUE); + $resp = AccountHubApi::get("mobileenabled"); if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) { return true; } else { @@ -46,26 +32,15 @@ function mobile_enabled() { } function mobile_valid($username, $code) { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', PORTAL_API, [ - 'form_params' => [ - 'key' => PORTAL_KEY, - "code" => $code, - "username" => $username, - 'action' => "mobilevalid" - ] - ]); + try { + $resp = AccountHubApi::get("mobilevalid", ["code" => $code, "username" => $username], true); - if ($response->getStatusCode() > 299) { - return false; - } - - $resp = json_decode($response->getBody(), TRUE); - if ($resp['status'] == "OK" && $resp['valid'] === TRUE) { - return true; - } else { + if ($resp['status'] == "OK" && $resp['valid'] === TRUE) { + return true; + } else { + return false; + } + } catch (Exception $ex) { return false; } } diff --git a/pages.php b/pages.php index 64f10fa..6be5e53 100644 --- a/pages.php +++ b/pages.php @@ -45,4 +45,4 @@ define("PAGES", [ "static/js/editnote.js" ] ] -]); \ No newline at end of file +]); diff --git a/pages/form.php b/pages/form.php new file mode 100644 index 0000000..7cd7fdd --- /dev/null +++ b/pages/form.php @@ -0,0 +1,24 @@ +setID("sampleform"); + +$form->addHiddenInput("page", "form"); + +$form->addInput("name", "John", "text", true, null, null, "Your name", "fas fa-user", 6, 5, 20, "John(ny)?|Steve", "Invalid name, please enter John, Johnny, or Steve."); +$form->addInput("location", "", "select", true, null, ["1" => "Here", "2" => "There"], "Location", "fas fa-map-marker"); + +$form->addButton("Submit", "fas fa-save", null, "submit", "savebtn"); + +$form->generate(); \ No newline at end of file diff --git a/pages/home.php b/pages/home.php index 2b92ce7..5680bf4 100644 --- a/pages/home.php +++ b/pages/home.php @@ -154,7 +154,7 @@ foreach ($colors as $c) { get('Office'); ?> diff --git a/required.php b/required.php index 6753401..3fe1060 100644 --- a/required.php +++ b/required.php @@ -32,7 +32,7 @@ session_start(); // stick some cookies in it // renew session cookie setcookie(session_name(), session_id(), time() + $session_length, "/", false, false); -$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : ""); +$captcha_server = ($SETTINGS['captcha']['enabled'] === true ? preg_replace("/http(s)?:\/\//", "", $SETTINGS['captcha']['server']) : ""); if ($_SESSION['mobile'] === TRUE) { header("Content-Security-Policy: " . "default-src 'self';" @@ -69,7 +69,7 @@ foreach ($libs as $lib) { require_once $lib; } -$Strings = new Strings(LANGUAGE); +$Strings = new Strings($SETTINGS['language']); /** * Kill off the running process and spit out an error message @@ -93,7 +93,7 @@ function sendError($error) { . "

" . htmlspecialchars($error) . "

"); } -date_default_timezone_set(TIMEZONE); +date_default_timezone_set($SETTINGS['timezone']); // Database settings // Also inits database and stuff @@ -102,12 +102,12 @@ use Medoo\Medoo; $database; try { $database = new Medoo([ - 'database_type' => DB_TYPE, - 'database_name' => DB_NAME, - 'server' => DB_SERVER, - 'username' => DB_USER, - 'password' => DB_PASS, - 'charset' => DB_CHARSET + 'database_type' => $SETTINGS['database']['type'], + 'database_name' => $SETTINGS['database']['name'], + 'server' => $SETTINGS['database']['server'], + 'username' => $SETTINGS['database']['user'], + 'password' => $SETTINGS['database']['password'], + 'charset' => $SETTINGS['database']['charset'] ]); } catch (Exception $ex) { //header('HTTP/1.1 500 Internal Server Error'); @@ -115,7 +115,7 @@ try { } -if (!DEBUG) { +if (!$SETTINGS['debug']) { error_reporting(0); } else { error_reporting(E_ALL); @@ -158,7 +158,7 @@ function checkDBError($specials = []) { function redirectIfNotLoggedIn() { if ($_SESSION['loggedin'] !== TRUE) { - header('Location: ' . URL . '/index.php'); + header('Location: ' . $SETTINGS['url'] . '/index.php'); die(); } } diff --git a/settings.template.php b/settings.template.php index 8aa4762..b1a61fa 100644 --- a/settings.template.php +++ b/settings.template.php @@ -1,50 +1,60 @@ false, + // Database connection settings + // See http://medoo.in/api/new for info + "database" => [ + "type" => "mysql", + "name" => "notepost", + "server" => "localhost", + "user" => "notepost", + "password" => "", + "charset" => "utf8" + ], + // Name of the app. + "site_title" => "NotePost", + // Location of the pandoc binary. Enables exporting notes as ODT. + // Leave as an empty string to hide/disable this feature in the GUI. + "pandoc" => "/usr/bin/pandoc", + // Settings for connecting to the AccountHub server. + "accounthub" => [ + // URL for the API endpoint + "api" => "http://localhost/accounthub/api/", + // URL of the home page + "home" => "http://localhost/accounthub/home.php", + // API key + "key" => "123" + ], + // For supported values, see http://php.net/manual/en/timezones.php + "timezone" => "America/Denver", + // Use Captcheck on login screen to slow down bots + // https://captcheck.netsyms.com + "captcha" => [ + "enabled" => false, + "server" => "https://captcheck.netsyms.com" + ], + // Language to use for localization. See langs folder to add a language. + "language" => "en", + // Shown in the footer of all the pages. + "footer_text" => "", + // Also shown in the footer, but with "Copyright " in front. + "copyright" => "Netsyms Technologies", + // Base URL for building links relative to the location of the app. + // Only used when there's no good context for the path. + // The default is almost definitely fine. + "url" => "." +]; diff --git a/static/js/form.js b/static/js/form.js new file mode 100644 index 0000000..21c9f53 --- /dev/null +++ b/static/js/form.js @@ -0,0 +1,16 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + + +$("#savebtn").click(function (event) { + var form = $("#sampleform"); + + if (form[0].checkValidity() === false) { + event.preventDefault(); + event.stopPropagation(); + } + form.addClass('was-validated'); +}); \ No newline at end of file