From e66280e07a4015839ec049673d3a38453932866d Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Fri, 4 Jan 2019 17:29:08 -0700 Subject: [PATCH 1/4] FormBuilder: add d-flex to footer --- lib/FormBuilder.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/FormBuilder.lib.php b/lib/FormBuilder.lib.php index 35e8fe3..fa12936 100644 --- a/lib/FormBuilder.lib.php +++ b/lib/FormBuilder.lib.php @@ -242,7 +242,7 @@ ITEMBOTTOM; HTMLBOTTOM; if (!empty($this->buttons)) { - $html .= "\n
"; + $html .= "\n
"; foreach ($this->buttons as $btn) { $btnhtml = ""; $inner = " $btn[text]"; From 7173a50c36f7ecec20e368216fa778e1a63265d0 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Fri, 4 Jan 2019 17:53:01 -0700 Subject: [PATCH 2/4] Add textarea to FormBuilder --- lib/FormBuilder.lib.php | 26 +++++++++++++++++++++----- pages/form.php | 1 + 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/lib/FormBuilder.lib.php b/lib/FormBuilder.lib.php index fa12936..13567cc 100644 --- a/lib/FormBuilder.lib.php +++ b/lib/FormBuilder.lib.php @@ -178,7 +178,10 @@ HTMLTOP; } $itemhtml = ""; $itemlabel = ""; - if ($item['type'] != "checkbox") { + + if ($item['type'] == "textarea") { + $itemlabel = ""; + } else if ($item['type'] != "checkbox") { $itemlabel = ""; } $strippedlabel = strip_tags($item['label']); @@ -186,13 +189,16 @@ HTMLTOP; \n\n
$itemlabel -
+ITEMTOP; + $inputgrouptop = <<
-ITEMTOP; +INPUTG; switch ($item['type']) { case "select": + $itemhtml .= $inputgrouptop; $itemhtml .= <<"; break; case "checkbox": + $itemhtml .= $inputgrouptop; $itemhtml .= << @@ -213,7 +220,14 @@ SELECT;
CHECKBOX; break; + case "textarea": + $val = htmlentities($item['value']); + $itemhtml .= << +TEXTAREA; + break; default: + $itemhtml .= $inputgrouptop; $itemhtml .= << INPUT; @@ -227,9 +241,11 @@ INPUT;
ERROR; } + if ($item["type"] != "textarea") { + $itemhtml .= "\n
"; + } $itemhtml .= << -
+\n
\n ITEMBOTTOM; $html .= $itemhtml; diff --git a/pages/form.php b/pages/form.php index 3a9cc52..d047a5f 100644 --- a/pages/form.php +++ b/pages/form.php @@ -18,6 +18,7 @@ $form->addHiddenInput("page", "form"); $form->addInput("name", "John", "text", true, null, null, "Your name", "fas fa-user", 6, 5, 20, "John(ny)?|Steve", "Invalid name, please enter John, Johnny, or Steve."); $form->addInput("location", "", "select", true, null, ["1" => "Here", "2" => "There"], "Location", "fas fa-map-marker"); +$form->addInput("textbox", "Hello world", "textarea", true, null, null, "Text area", "fas fa-font"); $form->addInput("box", "1", "checkbox", true, null, null, "I agree to the terms of service"); $form->addButton("Submit", "fas fa-save", null, "submit", "savebtn"); From 7d30251cd60310bcbb13c33b1d5aeddcfa6a554c Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Mon, 7 Jan 2019 22:18:02 -0700 Subject: [PATCH 3/4] Add CORS header to API --- api/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/index.php b/api/index.php index 8875860..23cb28c 100644 --- a/api/index.php +++ b/api/index.php @@ -10,6 +10,8 @@ require __DIR__ . '/../required.php'; require __DIR__ . '/functions.php'; require __DIR__ . '/apisettings.php'; +header("Access-Control-Allow-Origin: *"); + $VARS = $_GET; if ($_SERVER['REQUEST_METHOD'] != "GET") { $VARS = array_merge($VARS, $_POST); From 3ca062d995bdbe7c991da0a2611f05ae80b9d781 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Mon, 11 Feb 2019 16:19:27 -0700 Subject: [PATCH 4/4] Enforce app passwords in API for users with two-factor enabled --- api/functions.php | 28 +++++++++++++--------------- lib/User.lib.php | 6 ++++-- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/api/functions.php b/api/functions.php index b0e6d09..1f41d85 100644 --- a/api/functions.php +++ b/api/functions.php @@ -55,24 +55,22 @@ function authenticate(): bool { global $VARS; // HTTP basic auth if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { - $user = User::byUsername($_SERVER['PHP_AUTH_USER']); - if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) { - return false; - } - return true; - } - // Form auth - if (empty($VARS['username']) || empty($VARS['password'])) { - return false; - } else { + $username = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + } else if (!empty($VARS['username']) && !empty($VARS['password'])) { $username = $VARS['username']; $password = $VARS['password']; - $user = User::byUsername($username); - if ($user->exists() !== true || Login::auth($username, $password) !== Login::LOGIN_OK) { - return false; - } + } else { + return false; + } + $user = User::byUsername($username); + if (!$user->exists()) { + return false; + } + if ($user->checkPassword($password, true)) { + return true; } - return true; + return false; } /** diff --git a/lib/User.lib.php b/lib/User.lib.php index 763acc5..adaeb28 100644 --- a/lib/User.lib.php +++ b/lib/User.lib.php @@ -88,10 +88,11 @@ class User { /** * Check the given plaintext password against the stored hash. * @param string $password + * @param bool $apppass Set to true to enforce app passwords when 2fa is on. * @return bool */ - function checkPassword(string $password): bool { - $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password]); + function checkPassword(string $password, bool $apppass = false): bool { + $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password, 'apppass' => ($apppass ? "1" : "0")]); if ($resp['status'] == "OK") { return true; } else { @@ -99,6 +100,7 @@ class User { } } + function check2fa(string $code): bool { if (!$this->has2fa) { return true;