Browse Source

Merge ssh://source.netsyms.com:2322/Business/BusinessAppTemplate

# Conflicts:
#	.gitignore
#	README.md
#	action.php
#	api.php
#	app.php
#	composer.json
#	composer.lock
#	index.php
#	lang/en_us.php
#	lang/messages.php
#	lib/iputils.php
#	lib/login.php
#	lib/userinfo.php
#	mobile/index.php
#	nbproject/project.properties
#	nbproject/project.xml
#	pages.php
#	pages/404.php
#	pages/home.php
#	required.php
#	settings.template.php
#	static/css/app.css
#	static/img/logo.png
#	static/img/logo.svg
#	static/js/app.js
Skylar Ittner 1 year ago
parent
commit
99a852787d
17 changed files with 66 additions and 20 deletions
  1. 1
    1
      .gitignore
  2. 1
    1
      README.md
  3. 1
    1
      action.php
  4. 1
    1
      api.php
  5. 9
    1
      app.php
  6. 6
    1
      index.php
  7. 1
    1
      lang/en_us.php
  8. 1
    1
      lib/iputils.php
  9. 27
    0
      lib/login.php
  10. 1
    1
      lib/userinfo.php
  11. 7
    3
      mobile/index.php
  12. 1
    1
      pages/404.php
  13. 1
    1
      pages/home.php
  14. 5
    3
      required.php
  15. 1
    1
      settings.template.php
  16. 1
    1
      static/css/app.css
  17. 1
    1
      static/js/app.js

+ 1
- 1
.gitignore View File

@@ -2,4 +2,4 @@ vendor
2 2
 settings.php
3 3
 nbproject/private
4 4
 *.sync-conflict*
5
-database.mwb.bak
5
+database.mwb.bak

+ 1
- 1
README.md View File

@@ -16,4 +16,4 @@ Installing
16 16
 4. Set the location of the AccountHub API in `settings.php` (see "PORTAL_API") and enter an API key ("PORTAL_KEY")
17 17
 5. Set the location of the AccountHub home page ("PORTAL_URL")
18 18
 6. Set the URL of this app ("URL")
19
-7. Run `composer install` (or `composer.phar install`) to install dependency libraries.
19
+7. Run `composer install` (or `composer.phar install`) to install dependency libraries.

+ 1
- 1
action.php View File

@@ -256,4 +256,4 @@ switch ($VARS['action']) {
256 256
         die("Logged out.");
257 257
     default:
258 258
         die("Invalid action");
259
-}
259
+}

+ 1
- 1
api.php View File

@@ -38,4 +38,4 @@ switch ($VARS['action']) {
38 38
     default:
39 39
         header("HTTP/1.1 400 Bad Request");
40 40
         die("\"400 Bad Request\"");
41
-}
41
+}

+ 9
- 1
app.php View File

@@ -18,6 +18,12 @@ if (!is_empty($_GET['page'])) {
18 18
         $pageid = "404";
19 19
     }
20 20
 }
21
+
22
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
23
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
24
+header("Link: <static/css/app.css>; rel=preload; as=style", false);
25
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
26
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
21 27
 ?>
22 28
 <!DOCTYPE html>
23 29
 <html>
@@ -43,6 +49,7 @@ if (!is_empty($_GET['page'])) {
43 49
         if (isset(PAGES[$pageid]['styles'])) {
44 50
             foreach (PAGES[$pageid]['styles'] as $style) {
45 51
                 echo "<link href=\"$style\" rel=\"stylesheet\">\n";
52
+                header("Link: <$style>; rel=preload; as=style", false);
46 53
             }
47 54
         }
48 55
         ?>
@@ -169,8 +176,9 @@ END;
169 176
         if (isset(PAGES[$pageid]['scripts'])) {
170 177
             foreach (PAGES[$pageid]['scripts'] as $script) {
171 178
                 echo "<script src=\"$script\"></script>\n";
179
+                header("Link: <$script>; rel=preload; as=script", false);
172 180
             }
173 181
         }
174 182
         ?>
175 183
     </body>
176
-</html>
184
+</html>

+ 6
- 1
index.php View File

@@ -72,6 +72,11 @@ if (checkLoginServer()) {
72 72
 } else {
73 73
     $alert = lang("login server unavailable", false);
74 74
 }
75
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
76
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
77
+header("Link: <static/css/index.css>; rel=preload; as=style", false);
78
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
79
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
75 80
 ?>
76 81
 <!DOCTYPE html>
77 82
 <html>
@@ -147,4 +152,4 @@ if (checkLoginServer()) {
147 152
     <script src="static/js/jquery-3.3.1.min.js"></script>
148 153
     <script src="static/js/bootstrap.min.js"></script>
149 154
 </body>
150
-</html>
155
+</html>

+ 1
- 1
lang/en_us.php View File

@@ -136,4 +136,4 @@ define("STRINGS", [
136 136
     "group assignments" => "Group Assignments",
137 137
     "group id" => "Group ID",
138 138
     "group name" => "Group Name"
139
-]);
139
+]);

+ 1
- 1
lib/iputils.php View File

@@ -25,7 +25,7 @@ function ip4_in_cidr($ip, $cidr) {
25 25
  * @param string $ip IP to check in IPV6 format
26 26
  * @param string $cidr CIDR netmask
27 27
  * @return boolean true if the IP is in this range, false otherwise.
28
- * @author MW. <https://stackoverflow.com/a/7952169>
28
+ * @author MW. <https://stackoverflow.com/a/7952169/2534036>
29 29
  */
30 30
 function ip6_in_cidr($ip, $cidr) {
31 31
     $address = inet_pton($ip);

+ 27
- 0
lib/login.php View File

@@ -40,6 +40,33 @@ function checkLoginServer() {
40 40
     }
41 41
 }
42 42
 
43
+/**
44
+ * Checks if the given AccountHub API key is valid by attempting to 
45
+ * access the API with it.
46
+ * @param String $key The API key to check
47
+ * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
48
+ */
49
+function checkAPIKey($key) {
50
+    try {
51
+        $client = new GuzzleHttp\Client();
52
+
53
+        $response = $client
54
+                ->request('POST', PORTAL_API, [
55
+            'form_params' => [
56
+                'key' => $key,
57
+                'action' => "ping"
58
+            ]
59
+        ]);
60
+
61
+        if ($response->getStatusCode() === 200) {
62
+            return true;
63
+        }
64
+        return false;
65
+    } catch (Exception $e) {
66
+        return false;
67
+    }
68
+}
69
+
43 70
 ////////////////////////////////////////////////////////////////////////////////
44 71
 //                           Account handling                                 //
45 72
 ////////////////////////////////////////////////////////////////////////////////

+ 1
- 1
lib/userinfo.php View File

@@ -124,4 +124,4 @@ function getManagedUIDs($manageruid) {
124 124
     } else {
125 125
         return [];
126 126
     }
127
-}
127
+}

+ 7
- 3
mobile/index.php View File

@@ -9,6 +9,10 @@
9 9
  * Mobile app API
10 10
  */
11 11
 
12
+// The name of the permission needed to log in.
13
+// Set to null if you don't need it.
14
+$access_permission = "ADMIN";
15
+
12 16
 require __DIR__ . "/../required.php";
13 17
 
14 18
 require __DIR__ . "/../lib/login.php";
@@ -93,9 +97,9 @@ switch ($VARS['action']) {
93 97
         if (user_exists($VARS['username'])) {
94 98
             if (get_account_status($VARS['username']) == "NORMAL") {
95 99
                 if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
96
-                    if (account_has_permission($VARS['username'], "ADMIN")) {
100
+                    if (is_null($access_permission) || account_has_permission($VARS['username'], $access_permission)) {
97 101
                         doLoginUser($VARS['username'], $VARS['password']);
98
-                        $_SESSION['mobile'] = TRUE;
102
+                        $_SESSION['mobile'] = true;
99 103
                         exit(json_encode(["status" => "OK"]));
100 104
                     } else {
101 105
                         exit(json_encode(["status" => "ERROR", "msg" => lang("no admin permission", false)]));
@@ -107,4 +111,4 @@ switch ($VARS['action']) {
107 111
     default:
108 112
         http_response_code(404);
109 113
         die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
110
-}
114
+}

+ 1
- 1
pages/404.php View File

@@ -2,4 +2,4 @@
2 2
     <div class="col-12 col-sm-6 col-md-4 col-lg-4">
3 3
         <div class="alert alert-warning"><b><?php lang("404 error");?></b><br /> <?php lang("page not found"); ?></div>
4 4
     </div>
5
-</div>
5
+</div>

+ 1
- 1
pages/home.php View File

@@ -35,4 +35,4 @@ redirectifnotloggedin();
35 35
             <a href="app.php?page=authlog" class="text-dark"><i class="fa fa-arrow-right fa-fw"></i> <?php lang('view security log'); ?></a>
36 36
         </div>
37 37
     </div>
38
-</div>
38
+</div>

+ 5
- 3
required.php View File

@@ -12,10 +12,12 @@ ob_start(); // allow sending headers after content
12 12
 // Unicode, solves almost all stupid encoding problems
13 13
 header('Content-Type: text/html; charset=utf-8');
14 14
 
15
-// l33t $ecurity h4x
15
+// Strip PHP version
16
+header('X-Powered-By: PHP');
17
+
18
+// Security
16 19
 header('X-Content-Type-Options: nosniff');
17 20
 header('X-XSS-Protection: 1; mode=block');
18
-header('X-Powered-By: PHP'); // no versions makes it harder to find vulns
19 21
 header('X-Frame-Options: "DENY"');
20 22
 header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
21 23
 $SECURE_NONCE = base64_encode(random_bytes(8));
@@ -81,7 +83,7 @@ function sendError($error) {
81 83
             . "<h1>A fatal application error has occurred.</h1>"
82 84
             . "<i>(This isn't your fault.)</i>"
83 85
             . "<h2>Details:</h2>"
84
-            . "<p>". htmlspecialchars($error) . "</p>");
86
+            . "<p>" . htmlspecialchars($error) . "</p>");
85 87
 }
86 88
 
87 89
 date_default_timezone_set(TIMEZONE);

+ 1
- 1
settings.template.php View File

@@ -63,4 +63,4 @@ define('LANGUAGE', "en_us");
63 63
 
64 64
 
65 65
 define("FOOTER_TEXT", "");
66
-define("COPYRIGHT_NAME", "Netsyms Technologies");
66
+define("COPYRIGHT_NAME", "Netsyms Technologies");

+ 1
- 1
static/css/app.css View File

@@ -65,4 +65,4 @@ body {
65 65
 
66 66
 .mobile-app-display {
67 67
     display: none;
68
-}
68
+}

+ 1
- 1
static/js/app.js View File

@@ -23,4 +23,4 @@ try {
23 23
     window.history.replaceState("", "", getniceurl());
24 24
 } catch (ex) {
25 25
 
26
-}
26
+}

Loading…
Cancel
Save