Business
/
NickelBox
2
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

Merge BusinessAppTemplate

Browse Source
master
Skylar Ittner 5 years ago
parent c7349c4748 53e158b553
commit a5e20f87fd
42 changed files with 1041 additions and 741 deletions
Show Stats Download Patch File Download Diff File

18
LICENSE.md
Unescape Escape View File

@ -1,19 +1,7 @@
Copyright (c) 2018 Netsyms Technologies. Copyright (c) 2017-2019 Netsyms Technologies. Some rights reserved.
If you modify and redistribute this project, you must replace the branding Licensed under the Mozilla Public License Version 2.0. Files without MPL header
assets with your own. comments, including third party code, may be under a different license.
The branding assets include:
* the application icon
* the Netsyms N punchcard logo
* the Netsyms for Business graph logo
If you are unsure if your usage is allowed, please contact us:
https://netsyms.com/contact
legal@netsyms.com
All other portions of this application,
unless otherwise noted (in comments, headers, etc), are licensed as follows:
Mozilla Public License Version 2.0 Mozilla Public License Version 2.0
================================== ==================================

2
README.md
Unescape Escape View File

@ -2,4 +2,4 @@ NickelBox
========= =========
NickelBox is a point of sale app. It integrates with BinStack for inventory NickelBox is a point of sale app. It integrates with BinStack for inventory
management. management.

26
action.php
Unescape Escape View File

@ -21,11 +21,11 @@ if ($VARS['action'] !== "signout") {
*/ */
function returnToSender($msg, $arg = "") { function returnToSender($msg, $arg = "") {
global $VARS; global $VARS;
if ($arg == "") { $header = "Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg";
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg); if ($arg != "") {
} else { $header .= "&arg=$arg";
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
} }
header($header);
die(); die();
} }
@ -35,7 +35,7 @@ switch ($VARS['action']) {
$error = null; $error = null;
$oktx = null; $oktx = null;
$database->action(function ($database) { $database->action(function ($database) {
global $VARS, $binstack, $error, $oktx; global $VARS, $binstack, $Strings, $error, $oktx;
if (empty($VARS['items'])) { if (empty($VARS['items'])) {
$error = $Strings->get("no items", false); $error = $Strings->get("no items", false);
@ -215,7 +215,7 @@ switch ($VARS['action']) {
$error = null; $error = null;
$oktx = null; $oktx = null;
$database->action(function ($database) { $database->action(function ($database) {
global $VARS, $binstack, $error, $oktx; global $VARS, $binstack, $Strings, $error, $oktx;
$items = $VARS['items']; $items = $VARS['items'];
$payments = $VARS['payments']; $payments = $VARS['payments'];
@ -438,7 +438,7 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "OK", "transactions" => $transactions])); exit(json_encode(["status" => "OK", "transactions" => $transactions]));
case "itemsearch": case "itemsearch":
header("Content-Type: application/json"); header("Content-Type: application/json");
if (!is_empty($VARS['q'])) { if (!empty($VARS['q'])) {
$where["AND"]["OR"] = [ $where["AND"]["OR"] = [
"name[~]" => $VARS['q'], "name[~]" => $VARS['q'],
"code1[~]" => $VARS['q'], "code1[~]" => $VARS['q'],
@ -499,7 +499,7 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "OK", "items" => $items])); exit(json_encode(["status" => "OK", "items" => $items]));
case "customersearch": case "customersearch":
header("Content-Type: application/json"); header("Content-Type: application/json");
if (!is_empty($VARS['q'])) { if (!empty($VARS['q'])) {
$where["AND"]["OR"] = [ $where["AND"]["OR"] = [
"customerid" => $VARS['q'], "customerid" => $VARS['q'],
"name[~]" => $VARS['q'], "name[~]" => $VARS['q'],
@ -533,7 +533,7 @@ switch ($VARS['action']) {
break; break;
case "editcustomer": case "editcustomer":
$insert = true; $insert = true;
if (is_empty($VARS['id'])) { if (empty($VARS['id'])) {
$insert = true; $insert = true;
} else { } else {
if ($database->has('customers', ['customerid' => $VARS['id']])) { if ($database->has('customers', ['customerid' => $VARS['id']])) {
@ -542,7 +542,7 @@ switch ($VARS['action']) {
returnToSender("invalid_customerid"); returnToSender("invalid_customerid");
} }
} }
if (is_empty($VARS['name'])) { if (empty($VARS['name'])) {
returnToSender('invalid_parameters'); returnToSender('invalid_parameters');
} }
@ -673,7 +673,7 @@ switch ($VARS['action']) {
returnToSender("invalid_parameters"); returnToSender("invalid_parameters");
} }
} }
if (is_empty($VARS['name'])) { if (empty($VARS['name'])) {
returnToSender('invalid_parameters'); returnToSender('invalid_parameters');
} }
@ -742,7 +742,7 @@ switch ($VARS['action']) {
} }
} }
if ($insert && (is_empty($code) || $database->has('certificates', ['certcode' => $code]))) { if ($insert && (empty($code) || $database->has('certificates', ['certcode' => $code]))) {
do { do {
$code = random_int(100000000000, 999999999999); $code = random_int(100000000000, 999999999999);
} while ($database->has('certificates', ['certcode' => $code])); } while ($database->has('certificates', ['certcode' => $code]));
@ -775,6 +775,6 @@ switch ($VARS['action']) {
exit(json_encode(["status" => "OK"])); exit(json_encode(["status" => "OK"]));
case "signout": case "signout":
session_destroy(); session_destroy();
header('Location: index.php'); header('Location: index.php?logout=1');
die("Logged out."); die("Logged out.");
} }

33
api.php
Unescape Escape View File

@ -4,35 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
* Simple JSON API to allow other apps to access data from this app.
*
* Requests can be sent via either GET or POST requests. POST is recommended
* as it has a lower chance of being logged on the server, exposing unencrypted
* user passwords.
*/
require __DIR__ . '/required.php';
header("Content-Type: application/json");
$username = $VARS['username']; // Load in new API from legacy location (a.k.a. here)
$password = $VARS['password']; require __DIR__ . "/api/index.php";
$user = User::byUsername($username);
if ($user->exists() !== true || Login::auth($username, $password) !== Login::LOGIN_OK) {
header("HTTP/1.1 403 Unauthorized");
die("\"403 Unauthorized\"");
}
// query max results
$max = 20;
if (preg_match("/^[0-9]+$/", $VARS['max']) === 1 && $VARS['max'] <= 1000) {
$max = (int) $VARS['max'];
}
switch ($VARS['action']) {
case "ping":
$out = ["status" => "OK", "maxresults" => $max, "pong" => true];
exit(json_encode($out));
default:
header("HTTP/1.1 400 Bad Request");
die("\"400 Bad Request\"");
}

5
api/.htaccess
Unescape Escape View File

@ -0,0 +1,5 @@
# Rewrite for Nextcloud Notes API
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ([a-zA-Z0-9]+) index.php?action=$1 [PT]
</IfModule>

9
api/actions/ping.php
Unescape Escape View File

@ -0,0 +1,9 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
sendJsonResp();

15
api/apisettings.php
Unescape Escape View File

@ -0,0 +1,15 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
$APIS = [
"ping" => [
"load" => "ping.php",
"vars" => [
]
]
];

149
api/functions.php
Unescape Escape View File

@ -0,0 +1,149 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/**
* Build and send a simple JSON response.
* @param string $msg A message
* @param string $status "OK" or "ERROR"
* @param array $data More JSON data
*/
function sendJsonResp(string $msg = null, string $status = "OK", array $data = null) {
$resp = [];
if (!is_null($data)) {
$resp = $data;
}
if (!is_null($msg)) {
$resp["msg"] = $msg;
}
$resp["status"] = $status;
header("Content-Type: application/json");
exit(json_encode($resp));
}
function exitWithJson(array $json) {
header("Content-Type: application/json");
exit(json_encode($json));
}
/**
* Get the API key with most of the characters replaced with *s.
* @global string $key
* @return string
*/
function getCensoredKey() {
global $key;
$resp = $key;
if (strlen($key) > 5) {
for ($i = 2; $i < strlen($key) - 2; $i++) {
$resp[$i] = "*";
}
}
return $resp;
}
/**
* Check if the request is allowed
* @global array $VARS
* @return bool true if the request should continue, false if the request is bad
*/
function authenticate(): bool {
global $VARS, $SETTINGS;
// HTTP basic auth
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
} else if (!empty($VARS['username']) && !empty($VARS['password'])) {
$username = $VARS['username'];
$password = $VARS['password'];
} else {
return false;
}
$user = User::byUsername($username);
if (!$user->exists()) {
return false;
}
if ($user->checkPassword($password, true)) {
// Check that the user has permission to access the app
$perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions'];
foreach ($perms as $perm) {
if (!$user->hasPermission($perm)) {
return false;
}
}
return true;
}
return false;
}
/**
* Get the User whose credentials were used to make the request.
*/
function getRequestUser(): User {
global $VARS;
if (!empty($_SERVER['PHP_AUTH_USER'])) {
return User::byUsername($_SERVER['PHP_AUTH_USER']);
} else {
return User::byUsername($VARS['username']);
}
}
function checkVars($vars, $or = false) {
global $VARS;
$ok = [];
foreach ($vars as $key => $val) {
if (strpos($key, "OR") === 0) {
checkVars($vars[$key], true);
continue;
}
// Only check type of optional variables if they're set, and don't
// mark them as bad if they're not set
if (strpos($key, " (optional)") !== false) {
$key = str_replace(" (optional)", "", $key);
if (empty($VARS[$key])) {
continue;
}
} else {
if (empty($VARS[$key])) {
$ok[$key] = false;
continue;
}
}
if (strpos($val, "/") === 0) {
// regex
$ok[$key] = preg_match($val, $VARS[$key]) === 1;
} else {
$checkmethod = "is_$val";
$ok[$key] = !($checkmethod($VARS[$key]) !== true);
}
}
if ($or) {
$success = false;
$bad = "";
foreach ($ok as $k => $v) {
if ($v) {
$success = true;
break;
} else {
$bad = $k;
}
}
if (!$success) {
http_response_code(400);
die("400 Bad request: variable $bad is missing or invalid");
}
} else {
foreach ($ok as $key => $bool) {
if (!$bool) {
http_response_code(400);
die("400 Bad request: variable $key is missing or invalid");
}
}
}
}

81
api/index.php
Unescape Escape View File

@ -0,0 +1,81 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
require __DIR__ . '/../required.php';
require __DIR__ . '/functions.php';
require __DIR__ . '/apisettings.php';
header("Access-Control-Allow-Origin: *");
$VARS = $_GET;
if ($_SERVER['REQUEST_METHOD'] != "GET") {
$VARS = array_merge($VARS, $_POST);
}
$requestbody = file_get_contents('php://input');
$requestjson = json_decode($requestbody, TRUE);
if (json_last_error() == JSON_ERROR_NONE) {
$VARS = array_merge($VARS, $requestjson);
}
// If we're not using the old api.php file, allow more flexible requests
if (strpos($_SERVER['REQUEST_URI'], "/api.php") === FALSE) {
$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/") + 4));
if (count($route) >= 1) {
$VARS["action"] = $route[0];
}
if (count($route) >= 2 && strpos($route[1], "?") !== 0) {
for ($i = 1; $i < count($route); $i++) {
if (empty($route[$i]) || strpos($route[$i], "=") === false) {
continue;
}
$key = explode("=", $route[$i], 2)[0];
$val = explode("=", $route[$i], 2)[1];
$VARS[$key] = $val;
}
}
if (strpos($route[count($route) - 1], "?") === 0) {
$morevars = explode("&", substr($route[count($route) - 1], 1));
foreach ($morevars as $var) {
$key = explode("=", $var, 2)[0];
$val = explode("=", $var, 2)[1];
$VARS[$key] = $val;
}
}
}
if (!authenticate()) {
header('WWW-Authenticate: Basic realm="' . $SETTINGS['site_title'] . '"');
header('HTTP/1.1 401 Unauthorized');
die("401 Unauthorized: you need to supply valid credentials.");
}
if (empty($VARS['action'])) {
http_response_code(404);
die("404 No action specified");
}
if (!isset($APIS[$VARS['action']])) {
http_response_code(404);
die("404 Action not defined");
}
$APIACTION = $APIS[$VARS["action"]];
if (!file_exists(__DIR__ . "/actions/" . $APIACTION["load"])) {
http_response_code(404);
die("404 Action not found");
}
if (!empty($APIACTION["vars"])) {
checkVars($APIACTION["vars"]);
}
require_once __DIR__ . "/actions/" . $APIACTION["load"];

62
app.php
Unescape Escape View File

@ -1,5 +1,4 @@
<?php <?php
/* This Source Code Form is subject to the terms of the Mozilla Public /* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@ -14,7 +13,7 @@ if ($_SESSION['loggedin'] != true) {
require_once __DIR__ . "/pages.php"; require_once __DIR__ . "/pages.php";
$pageid = "home"; $pageid = "home";
if (isset($_GET['page']) && !is_empty($_GET['page'])) { if (!empty($_GET['page'])) {
$pg = strtolower($_GET['page']); $pg = strtolower($_GET['page']);
$pg = preg_replace('/[^0-9a-z_]/', "", $pg); $pg = preg_replace('/[^0-9a-z_]/', "", $pg);
if (array_key_exists($pg, PAGES) && file_exists(__DIR__ . "/pages/" . $pg . ".php")) { if (array_key_exists($pg, PAGES) && file_exists(__DIR__ . "/pages/" . $pg . ".php")) {
@ -40,7 +39,7 @@ header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", fals
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo SITE_TITLE; ?></title> <title><?php echo $SETTINGS['site_title']; ?></title>
<link rel="icon" href="static/img/logo.svg"> <link rel="icon" href="static/img/logo.svg">
@ -66,28 +65,35 @@ header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", fals
<?php <?php
// Alert messages // Alert messages
if (isset($_GET['msg']) && !is_empty($_GET['msg']) && array_key_exists($_GET['msg'], MESSAGES)) { if (!empty($_GET['msg'])) {
// optional string generation argument if (array_key_exists($_GET['msg'], MESSAGES)) {
if (!isset($_GET['arg']) || is_empty($_GET['arg'])) { // optional string generation argument
$alertmsg = $Strings->get(MESSAGES[$_GET['msg']]['string'], false); if (empty($_GET['arg'])) {
$alertmsg = $Strings->get(MESSAGES[$_GET['msg']]['string'], false);
} else {
$alertmsg = $Strings->build(MESSAGES[$_GET['msg']]['string'], ["arg" => strip_tags($_GET['arg'])], false);
}
$alerttype = MESSAGES[$_GET['msg']]['type'];
$alerticon = "square-o";
switch (MESSAGES[$_GET['msg']]['type']) {
case "danger":
$alerticon = "times";
break;
case "warning":
$alerticon = "exclamation-triangle";
break;
case "info":
$alerticon = "info-circle";
break;
case "success":
$alerticon = "check";
break;
}
} else { } else {
$alertmsg = $Strings->build(MESSAGES[$_GET['msg']]['string'], ["arg" => strip_tags($_GET['arg'])], false); // We don't have a message for this, so just assume an error and escape stuff.
} $alertmsg = htmlentities($Strings->get($_GET['msg'], false));
$alerttype = MESSAGES[$_GET['msg']]['type']; $alerticon = "times";
$alerticon = "square-o"; $alerttype = "danger";
switch (MESSAGES[$_GET['msg']]['type']) {
case "danger":
$alerticon = "times";
break;
case "warning":
$alerticon = "exclamation-triangle";
break;
case "info":
$alerticon = "info-circle";
break;
case "success":
$alerticon = "check";
break;
} }
echo <<<END echo <<<END
<div class="row justify-content-center" id="msg-alert-box"> <div class="row justify-content-center" id="msg-alert-box">
@ -121,7 +127,7 @@ END;
</button> </button>
<a class="navbar-brand py-0 mr-auto" href="app.php"> <a class="navbar-brand py-0 mr-auto" href="app.php">
<img src="static/img/logo.svg" alt="" class="d-none d-<?php echo $navbar_breakpoint; ?>-inline brand-img py-0" /> <img src="static/img/logo.svg" alt="" class="d-none d-<?php echo $navbar_breakpoint; ?>-inline brand-img py-0" />
<?php echo SITE_TITLE; ?> <?php echo $SETTINGS['site_title']; ?>
</a> </a>
<div class="collapse navbar-collapse py-0" id="navbar-collapse"> <div class="collapse navbar-collapse py-0" id="navbar-collapse">
@ -157,7 +163,7 @@ END;
</div> </div>
<div class="navbar-nav ml-auto py-0" id="navbar-right"> <div class="navbar-nav ml-auto py-0" id="navbar-right">
<span class="nav-item py-<?php echo $navbar_breakpoint; ?>-0"> <span class="nav-item py-<?php echo $navbar_breakpoint; ?>-0">
<a class="nav-link py-<?php echo $navbar_breakpoint; ?>-0" href="<?php echo PORTAL_URL; ?>"> <a class="nav-link py-<?php echo $navbar_breakpoint; ?>-0" href="<?php echo $SETTINGS['accounthub']['home']; ?>">
<i class="fas fa-user fa-fw"></i><span>&nbsp;<?php echo $_SESSION['realname'] ?></span> <i class="fas fa-user fa-fw"></i><span>&nbsp;<?php echo $_SESSION['realname'] ?></span>
</a> </a>
</span> </span>
@ -177,8 +183,8 @@ END;
?> ?>
</div> </div>
<div class="footer"> <div class="footer">
<?php echo FOOTER_TEXT; ?><br /> <?php echo $SETTINGS['footer_text']; ?><br />
Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?> Copyright &copy; <?php echo date('Y'); ?> <?php echo $SETTINGS['copyright']; ?>
</div> </div>
</div> </div>
<script src="static/js/jquery-3.3.1.min.js"></script> <script src="static/js/jquery-3.3.1.min.js"></script>

266
index.php
Unescape Escape View File

@ -1,175 +1,131 @@
<?php <?php
/* This Source Code Form is subject to the terms of the Mozilla Public /*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
require_once __DIR__ . "/required.php"; require_once __DIR__ . "/required.php";
// if we're logged in, we don't need to be here. // if we're logged in, we don't need to be here.
if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) { if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {
header('Location: app.php'); header('Location: app.php');
die();
} }
if (isset($_GET['permissionerror'])) { /**
$alert = $Strings->get("no access permission", false); * Show a simple HTML page with a line of text and a button. Matches the UI of
* the AccountHub login flow.
*
* @global type $SETTINGS
* @global type $SECURE_NONCE
* @global type $Strings
* @param string $title Text to show, passed through i18n
* @param string $button Button text, passed through i18n
* @param string $url URL for the button
*/
function showHTML(string $title, string $button, string $url) {
global $SETTINGS, $SECURE_NONCE, $Strings;
?>
<!DOCTYPE html>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo $SETTINGS['site_title']; ?></title>
<link rel="icon" href="static/img/logo.svg">
<link href="static/css/bootstrap.min.css" rel="stylesheet">
<style nonce="<?php echo $SECURE_NONCE; ?>">
.display-5 {
font-size: 2.5rem;
font-weight: 300;
line-height: 1.2;
}
.banner-image {
max-height: 100px;
margin: 2em auto;
border: 1px solid grey;
border-radius: 15%;
}
</style>
<div class="container mt-4">
<div class="row justify-content-center">
<div class="col-12 text-center">
<img class="banner-image" src="./static/img/logo.svg" />
</div>
<div class="col-12 text-center">
<h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>
</div>
<div class="col-12 col-sm-8 col-lg-6">
<div class="card mt-4">
<div class="card-body">
<a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>
</div>
</div>
</div>
</div>
</div>
<?php
} }
/* Authenticate user */ if (!empty($_GET['logout'])) {
$userpass_ok = false; showHTML("You have been logged out.", "Log in again", "./index.php");
$multiauth = false; die();
if (Login::checkLoginServer()) { }
if (empty($VARS['progress'])) { if (empty($_SESSION["login_code"])) {
// Easy way to remove "undefined" warnings. $redirecttologin = true;
} else if ($VARS['progress'] == "1") { } else {
if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) { try {
$autherror = ""; $uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);
$user = User::byUsername($VARS['username']); if ($uidinfo["status"] == "ERROR") {
if ($user->exists()) { throw new Exception();
$status = $user->getStatus()->getString(); }
switch ($status) { if (is_numeric($uidinfo['uid'])) {
case "LOCKED_OR_DISABLED": $user = new User($uidinfo['uid'] * 1);
$alert = $Strings->get("account locked", false); foreach ($SETTINGS['permissions'] as $perm) {
break; if (!$user->hasPermission($perm)) {
case "TERMINATED": showHTML("no access permission", "sign out", "./action.php?action=signout");
$alert = $Strings->get("account terminated", false); die();
break;
case "CHANGE_PASSWORD":
$alert = $Strings->get("password expired", false);
break;
case "NORMAL":
$username_ok = true;
break;
case "ALERT_ON_ACCESS":
$mail_resp = $user->sendAlertEmail();
if (DEBUG) {
var_dump($mail_resp);
}
$username_ok = true;
break;
default:
if (!is_empty($error)) {
$alert = $error;
} else {
$alert = $Strings->get("login error", false);
}
break;
}
if ($username_ok) {
if ($user->checkPassword($VARS['password'])) {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if ($user->has2fa()) {
$multiauth = true;
} else {
Session::start($user);
header('Location: app.php');
die("Logged in, go to app.php");
}
} else {
$alert = $Strings->get("login incorrect", false);
}
} }
} else { // User does not exist anywhere
$alert = $Strings->get("login incorrect", false);
} }
} else {
$alert = $Strings->get("captcha error", false);
}
} else if ($VARS['progress'] == "2") {
$user = User::byUsername($VARS['username']);
if ($_SESSION['passok'] !== true) {
// stop logins using only username and authcode
sendError("Password integrity check failed!");
}
if ($user->check2fa($VARS['authcode'])) {
Session::start($user); Session::start($user);
$_SESSION["login_code"] = null;
header('Location: app.php'); header('Location: app.php');
die("Logged in, go to app.php"); showHTML("Logged in", "Continue", "./app.php");
die();
} else { } else {
$alert = $Strings->get("2fa incorrect", false); throw new Exception();
} }
} catch (Exception $ex) {
$redirecttologin = true;
} }
} else {
$alert = $Strings->get("login server unavailable", false);
} }
header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false); if ($redirecttologin) {
header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false); try {
header("Link: <static/css/index.css>; rel=preload; as=style", false); $urlbase = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "");
header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false); $iconurl = $urlbase . str_replace("index.php", "", $_SERVER["REQUEST_URI"]) . "static/img/logo.svg";
header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", false); $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"], "appicon" => $iconurl]);
?>
<!DOCTYPE html> if ($codedata['status'] != "OK") {
<html> throw new Exception($Strings->get("login server unavailable", false));
<head> }
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> $redirecturl = $urlbase . $_SERVER['REQUEST_URI'];
<meta name="viewport" content="width=device-width, initial-scale=1">
$_SESSION["login_code"] = $codedata["code"];
<title><?php echo SITE_TITLE; ?></title>
$locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl);
<link rel="icon" href="static/img/logo.svg"> header("Location: $locationurl");
showHTML("Continue", "Continue", $locationurl);
<link href="static/css/bootstrap.min.css" rel="stylesheet"> die();
<link href="static/css/material-color/material-color.min.css" rel="stylesheet"> } catch (Exception $ex) {
<link href="static/css/index.css" rel="stylesheet"> sendError($ex->getMessage());
<?php if (CAPTCHA_ENABLED) { ?> }
<script src="<?php echo CAPTCHA_SERVER ?>/captcheck.dist.js"></script> }
<?php } ?>
</head>
<body>
<div class="row justify-content-center">
<div class="col-auto">
<img class="banner-image" src="static/img/logo.svg" />
</div>
</div>
<div class="row justify-content-center">
<div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
<div class="card-body">
<h5 class="card-title"><?php $Strings->get("sign in"); ?></h5>
<form action="" method="POST">
<?php
if (!empty($alert)) {
?>
<div class="alert alert-danger">
<i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
</div>
<?php
}
if ($multiauth != true) {
?>
<input type="text" class="form-control" name="username" placeholder="<?php $Strings->get("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="password" class="form-control" name="password" placeholder="<?php $Strings->get("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
<?php if (CAPTCHA_ENABLED) { ?>
<div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
<br />
<?php } ?>
<input type="hidden" name="progress" value="1" />
<?php
} else if ($multiauth) {
?>
<div class="alert alert-info">
<?php $Strings->get("2fa prompt"); ?>
</div>
<input type="text" class="form-control" name="authcode" placeholder="<?php $Strings->get("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
<input type="hidden" name="progress" value="2" />
<input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
<?php
}
?>
<button type="submit" class="btn btn-primary">
<?php $Strings->get("continue"); ?>
</button>
</form>
</div>
</div>
</div>
<div class="footer">
<?php echo FOOTER_TEXT; ?><br />
Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
</div>
</div>
<script src="static/js/jquery-3.3.1.min.js"></script>
<script src="static/js/bootstrap.bundle.min.js"></script>
</body>
</html>

21
langs/en/core.json
Unescape Escape View File

@ -1,26 +1,7 @@
{ {
"sign in": "Sign In",
"username": "Username",
"password": "Password",
"continue": "Continue",
"authcode": "Authentication code",
"2fa prompt": "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect": "Authentication code incorrect.",
"login incorrect": "Login incorrect.",
"login server unavailable": "Login server unavailable. Try again later or contact technical support.",
"account locked": "This account has been disabled. Contact technical support.",
"password expired": "You must change your password before continuing.",
"account terminated": "Account terminated. Access denied.",
"account state error": "Your account state is not stable. Log out, restart your browser, and try again.",
"welcome user": "Welcome, {user}!",
"sign out": "Sign out", "sign out": "Sign out",
"settings": "Settings",
"options": "Options",
"404 error": "404 Error", "404 error": "404 Error",
"page not found": "Page not found.", "page not found": "Page not found.",
"invalid parameters": "Invalid request parameters.", "invalid parameters": "Invalid request parameters.",
"login server error": "The login server returned an error: {arg}", "login server error": "The login server returned an error: {arg}"
"login server user data error": "The login server refused to provide account information. Try again or contact technical support.",
"captcha error": "There was a problem with the CAPTCHA (robot test). Try again.",
"no access permission": "You do not have permission to access this system."
} }

8
langs/en/index.json
Unescape Escape View File

@ -0,0 +1,8 @@
{
"You have been logged out.": "You have been logged out.",
"Log in again": "Log in again",
"login server unavailable": "Login server unavailable. Try again later or contact technical support.",
"no access permission": "You do not have permission to access this system.",
"Logged in": "Logged in",
"Continue": "Continue"
}

4
langs/en/titles.json
Unescape Escape View File

@ -1,4 +1,4 @@
{ {
"home": "Home", "Home": "Home",
"test": "Test" "Form": "Form"
} }

4
langs/messages.php
Unescape Escape View File

@ -41,6 +41,10 @@ define("MESSAGES", [
"string" => "cash opened", "string" => "cash opened",
"type" => "success" "type" => "success"
], ],
"cash_closed" => [
"string" => "cash closed",
"type" => "success"
],
"register_saved" => [ "register_saved" => [
"string" => "register saved", "string" => "register saved",
"type" => "success" "type" => "success"

56
lib/AccountHubApi.lib.php
Unescape Escape View File

@ -0,0 +1,56 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
class AccountHubApi {
public static function get(string $action, array $data = null, bool $throwex = false) {
global $SETTINGS;
$content = [
"action" => $action,
"key" => $SETTINGS['accounthub']['key']
];
if (!is_null($data)) {
$content = array_merge($content, $data);
}
$options = [
'http' => [
'method' => 'POST',
'content' => json_encode($content),
'header' => "Content-Type: application/json\r\n" .
"Accept: application/json\r\n",
"ignore_errors" => true
]
];
$context = stream_context_create($options);
$result = file_get_contents($SETTINGS['accounthub']['api'], false, $context);
$response = json_decode($result, true);
if ($result === false || !AccountHubApi::checkHttpRespCode($http_response_header) || json_last_error() != JSON_ERROR_NONE) {
if ($throwex) {
throw new Exception($result);
} else {
sendError($result);
}
}
return $response;
}
private static function checkHttpRespCode(array $headers): bool {
foreach ($headers as $header) {
if (preg_match("/HTTP\/[0-9]\.[0-9] [0-9]{3}.*/", $header)) {
$respcode = explode(" ", $header)[1] * 1;
if ($respcode >= 200 && $respcode < 300) {
return true;
}
}
}
return false;
}
}

326
lib/FormBuilder.lib.php
Unescape Escape View File

@ -0,0 +1,326 @@
<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
class FormBuilder {
private $items = [];
private $hiddenitems = [];
private $title = "";
private $icon = "";
private $buttons = [];
private $action = "action.php";
private $method = "POST";
private $id = "editform";
/**
* Create a form with autogenerated HTML.
*
* @param string $title Form title/heading
* @param string $icon FontAwesone icon next to the title.
* @param string $action URL to submit the form to.
* @param string $method Form submission method (POST, GET, etc.)
*/
public function __construct(string $title = "Untitled Form", string $icon = "fas fa-file-alt", string $action = "action.php", string $method = "POST") {
$this->title = $title;
$this->icon = $icon;
$this->action = $action;
$this->method = $method;
}
/**
* Set the title of the form.
* @param string $title
*/
public function setTitle(string $title) {
$this->title = $title;
}
/**
* Set the icon for the form.
* @param string $icon FontAwesome icon (example: "fas fa-toilet-paper")
*/
public function setIcon(string $icon) {
$this->icon = $icon;
}
/**
* Set the URL the form will submit to.
* @param string $action
*/
public function setAction(string $action) {
$this->action = $action;
}
/**
* Set the form submission method (GET, POST, etc)
* @param string $method
*/
public function setMethod(string $method = "POST") {
$this->method = $method;
}
/**
* Set the form ID.
* @param string $id
*/
public function setID(string $id = "editform") {
$this->id = $id;
}
/**
* Add an input to the form.
*
* @param string $name Element name
* @param string $value Element value
* @param string $type Input type (text, number, date, select, tel...)
* @param bool $required If the element is required for form submission.
* @param string $id Element ID
* @param array $options Array of [value => text] pairs for a select element
* @param string $label Text label to display near the input
* @param string $icon FontAwesome icon (example: "fas fa-toilet-paper")
* @param int $width Bootstrap column width for the input, out of 12.
* @param int $minlength Minimum number of characters for the input.
* @param int $maxlength Maximum number of characters for the input.
* @param string $pattern Regex pattern for custom client-side validation.
* @param string $error Message to show if the input doesn't validate.
*/
public function addInput(string $name, string $value = "", string $type = "text", bool $required = true, string $id = null, array $options = null, string $label = "", string $icon = "", int $width = 4, int $minlength = 1, int $maxlength = 100, string $pattern = "", string $error = "") {
$item = [
"name" => $name,
"value" => $value,
"type" => $type,
"required" => $required,
"label" => $label,
"icon" => $icon,
"width" => $width,
"minlength" => $minlength,
"maxlength" => $maxlength
];
if (!empty($id)) {
$item["id"] = $id;
}
if (!empty($options) && $type == "select") {
$item["options"] = $options;
}
if (!empty($pattern)) {
$item["pattern"] = $pattern;
}
if (!empty($error)) {
$item["error"] = $error;
}
$this->items[] = $item;
}
/**
* Add a text input.
*
* @param string $name Element name
* @param string $value Element value
* @param bool $required If the element is required for form submission.
* @param string $id Element ID
* @param string $label Text label to display near the input
* @param string $icon FontAwesome icon (example: "fas fa-toilet-paper")
* @param int $width Bootstrap column width for the input, out of 12.
* @param int $minlength Minimum number of characters for the input.
* @param int $maxlength Maximum number of characters for the input.
* @param string $pattern Regex pattern for custom client-side validation.
* @param string $error Message to show if the input doesn't validate.
*/
public function addTextInput(string $name, string $value = "", bool $required = true, string $id = "", string $label = "", string $icon = "", int $width = 4, int $minlength = 1, int $maxlength = 100, string $pattern = "", string $error = "") {
$this->addInput($name, $value, "text", $required, $id, null, $label, $icon, $width, $minlength, $maxlength, $pattern, $error);
}
/**
* Add a select dropdown.
*
* @param string $name Element name
* @param string $value Element value
* @param bool $required If the element is required for form submission.
* @param string $id Element ID
* @param array $options Array of [value => text] pairs for a select element
* @param string $label Text label to display near the input
* @param string $icon FontAwesome icon (example: "fas fa-toilet-paper")
* @param int $width Bootstrap column width for the input, out of 12.
*/
public function addSelect(string $name, string $value = "", bool $required = true, string $id = null, array $options = null, string $label = "", string $icon = "", int $width = 4) {
$this->addInput($name, $value, "select", $required, $id, $options, $label, $icon, $width);
}
/**
* Add a button to the form.
*
* @param string $text Text string to show on the button.
* @param string $icon FontAwesome icon to show next to the text.
* @param string $href If not null, the button will actually be a hyperlink.
* @param string $type Usually "button" or "submit". Ignored if $href is set.
* @param string $id The element ID.
* @param string $name The element name for the button.
* @param string $value The form value for the button. Ignored if $name is null.
* @param string $class The CSS classes for the button, if a standard success-colored one isn't right.
*/
public function addButton(string $text, string $icon = "", string $href = null, string $type = "button", string $id = null, string $name = null, string $value = "", string $class = "btn btn-success") {
$button = [
"text" => $text,
"icon" => $icon,
"class" => $class,
"type" => $type,
"id" => $id,
"href" => $href,
"name" => $name,
"value" => $value
];
$this->buttons[] = $button;
}
/**
* Add a hidden input.
* @param string $name
* @param string $value
*/
public function addHiddenInput(string $name, string $value) {
$this->hiddenitems[$name] = $value;
}
/**
* Generate the form HTML.
* @param bool $echo If false, returns HTML string instead of outputting it.
*/
public function generate(bool $echo = true) {
$html = <<<HTMLTOP
<form action="$this->action" method="$this->method" id="$this->id">
<div class="card">
<h3 class="card-header d-flex">
<div>
<i class="$this->icon"></i> $this->title
</div>
</h3>
<div class="card-body">
<div class="row">
HTMLTOP;
foreach ($this->items as $item) {
$required = $item["required"] ? "required" : "";
$id = empty($item["id"]) ? "" : "id=\"$item[id]\"";
$pattern = empty($item["pattern"]) ? "" : "pattern=\"$item[pattern]\"";
if (empty($item['type'])) {
$item['type'] = "text";
}
$itemhtml = "";
$itemlabel = "";
if ($item['type'] == "textarea") {
$itemlabel = "<label class=\"mb-0\"><i class=\"$item[icon]\"></i> $item[label]:</label>";
} else if ($item['type'] != "checkbox") {
$itemlabel = "<label class=\"mb-0\">$item[label]:</label>";
}
$strippedlabel = strip_tags($item['label']);
$itemhtml .= <<<ITEMTOP
\n\n <div class="col-12 col-md-$item[width]">
<div class="form-group mb-3">
$itemlabel
ITEMTOP;
$inputgrouptop = <<<INPUTG
\n <div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="$item[icon]"></i></span>
</div>
INPUTG;
switch ($item['type']) {
case "select":
$itemhtml .= $inputgrouptop;
$itemhtml .= <<<SELECT
\n <select class="form-control" name="$item[name]" aria-label="$strippedlabel" $required>
SELECT;
foreach ($item['options'] as $value => $label) {
$selected = "";
if (!empty($item['value']) && $value == $item['value']) {
$selected = " selected";
}
$itemhtml .= "\n <option value=\"$value\"$selected>$label</option>";
}
$itemhtml .= "\n </select>";
break;
case "checkbox":
$itemhtml .= $inputgrouptop;
$itemhtml .= <<<CHECKBOX
\n <div class="form-group form-check">
<input type="checkbox" name="$item[name]" $id class="form-check-input" value="$item[value]" $required aria-label="$strippedlabel">
<label class="form-check-label">$item[label]</label>
</div>
CHECKBOX;
break;
case "textarea":
$val = htmlentities($item['value']);
$itemhtml .= <<<TEXTAREA
\n <textarea class="form-control" id="info" name="$item[name]" aria-label="$strippedlabel" minlength="$item[minlength]" maxlength="$item[maxlength]" $required>$val</textarea>
TEXTAREA;
break;
default:
$itemhtml .= $inputgrouptop;
$itemhtml .= <<<INPUT
\n <input type="$item[type]" name="$item[name]" $id class="form-control" aria-label="$strippedlabel" minlength="$item[minlength]" maxlength="$item[maxlength]" $pattern value="$item[value]" $required />
INPUT;
break;
}
if (!empty($item["error"])) {
$itemhtml .= <<<ERROR
\n <div class="invalid-feedback">
$item[error]
</div>
ERROR;
}
if ($item["type"] != "textarea") {
$itemhtml .= "\n </div>";
}
$itemhtml .= <<<ITEMBOTTOM
\n </div>
</div>\n
ITEMBOTTOM;
$html .= $itemhtml;
}
$html .= <<<HTMLBOTTOM
</div>
</div>
HTMLBOTTOM;
if (!empty($this->buttons)) {
$html .= "\n <div class=\"card-footer d-flex\">";
foreach ($this->buttons as $btn) {
$btnhtml = "";
$inner = "<i class=\"$btn[icon]\"></i> $btn[text]";
$id = empty($btn['id']) ? "" : "id=\"$btn[id]\"";
if (!empty($btn['href'])) {
$btnhtml = "<a href=\"$btn[href]\" class=\"$btn[class]\" $id>$inner</a>";
} else {
$name = empty($btn['name']) ? "" : "name=\"$btn[name]\"";
$value = (!empty($btn['name']) && !empty($btn['value'])) ? "value=\"$btn[value]\"" : "";
$btnhtml = "<button type=\"$btn[type]\" class=\"$btn[class]\" $id $name $value>$inner</button>";
}
$html .= "\n $btnhtml";
}
$html .= "\n </div>";
}
$html .= "\n </div>";
foreach ($this->hiddenitems as $name => $value) {
$value = htmlentities($value);
$html .= "\n <input type=\"hidden\" name=\"$name\" value=\"$value\" />";
}
$html .= "\n</form>\n";
if ($echo) {
echo $html;
}
return $html;
}
}

26
lib/GenerateReceipt.lib.php
Unescape Escape View File

@ -13,14 +13,14 @@ class GenerateReceipt {
const RECEIPT_TYPE_Z = 3; const RECEIPT_TYPE_Z = 3;
private static function saleReceipt($transaction) { private static function saleReceipt($transaction) {
global $database; global $database, $Strings, $SETTINGS;
$receipt = new Receipt(); $receipt = new Receipt();
$tx = $database->get('transactions', ['txid', 'txdate', 'customerid', 'type', 'cashier', 'discountpercent'], ['txid' => $transaction]); $tx = $database->get('transactions', ['txid', 'txdate', 'customerid', 'type', 'cashier', 'discountpercent'], ['txid' => $transaction]);
// Info // Info
$txid = $tx['txid']; $txid = $tx['txid'];
$datetime = date(DATETIME_FORMAT, strtotime($tx['txdate'])); $datetime = date($SETTINGS['datetime_format'], strtotime($tx['txdate']));
$type = $tx['type']; $type = $tx['type'];
$cashier = getUserByID($tx['cashier'])['name']; $cashier = (new User($tx['cashier']))->getName();
$customerid = $tx['customerid']; $customerid = $tx['customerid'];
// Items // Items
@ -89,14 +89,14 @@ class GenerateReceipt {
} }
private static function returnReceipt($transaction) { private static function returnReceipt($transaction) {
global $database; global $database, $Strings, $SETTINGS;
$receipt = new Receipt(); $receipt = new Receipt();
$tx = $database->get('transactions', ['txid', 'txdate', 'customerid', 'type', 'cashier', 'discountpercent'], ['txid' => $transaction]); $tx = $database->get('transactions', ['txid', 'txdate', 'customerid', 'type', 'cashier', 'discountpercent'], ['txid' => $transaction]);
// Info // Info
$txid = $tx['txid']; $txid = $tx['txid'];
$datetime = date(DATETIME_FORMAT, strtotime($tx['txdate'])); $datetime = date($SETTINGS['datetime_format'], strtotime($tx['txdate']));
$type = $tx['type']; $type = $tx['type'];
$cashier = getUserByID($tx['cashier'])['name']; $cashier = (new User($tx['cashier']))->getName();
$customerid = $tx['customerid']; $customerid = $tx['customerid'];
// Items // Items
@ -165,7 +165,7 @@ class GenerateReceipt {
} }
static function xReceipt($registerid) { static function xReceipt($registerid) {
global $database; global $database, $Strings, $SETTINGS;
$receipt = new Receipt(); $receipt = new Receipt();
$registername = $database->get('registers', 'registername', ['registerid' => $registerid]); $registername = $database->get('registers', 'registername', ['registerid' => $registerid]);
@ -191,7 +191,7 @@ class GenerateReceipt {
$receipt->appendHeader(new ReceiptLine($Strings->get("x report", false), "", "", ReceiptLine::LINEFORMAT_BOLD | ReceiptLine::LINEFORMAT_CENTER)); $receipt->appendHeader(new ReceiptLine($Strings->get("x report", false), "", "", ReceiptLine::LINEFORMAT_BOLD | ReceiptLine::LINEFORMAT_CENTER));
$receipt->appendLine(new ReceiptLine("Printed:", "", date(DATETIME_FORMAT))); $receipt->appendLine(new ReceiptLine("Printed:", "", date($SETTINGS['datetime_format'])));
$receipt->appendLine(new ReceiptLine("Register:", "", $registername)); $receipt->appendLine(new ReceiptLine("Register:", "", $registername));
$receipt->appendLine(new ReceiptLine("Transactions:", "", $transactioncount)); $receipt->appendLine(new ReceiptLine("Transactions:", "", $transactioncount));
@ -199,7 +199,7 @@ class GenerateReceipt {
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Opening", "", "", ReceiptLine::LINEFORMAT_CENTER)); $receipt->appendLine(new ReceiptLine("Opening", "", "", ReceiptLine::LINEFORMAT_CENTER));
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Date:", "", date(DATETIME_FORMAT, strtotime($cash['open'])))); $receipt->appendLine(new ReceiptLine("Date:", "", date($SETTINGS['datetime_format'], strtotime($cash['open']))));
$receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['start_amount'], 2))); $receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['start_amount'], 2)));
$receipt->appendBlank(); $receipt->appendBlank();
@ -220,7 +220,7 @@ class GenerateReceipt {
} }
static function zReceipt($cashid) { static function zReceipt($cashid) {
global $database; global $database, $Strings, $SETTINGS;
$receipt = new Receipt(); $receipt = new Receipt();
$cash = $database->get('cash_drawer', ['open', 'close', 'start_amount', 'end_amount', 'cashid', 'registerid'], ['cashid' => $cashid]); $cash = $database->get('cash_drawer', ['open', 'close', 'start_amount', 'end_amount', 'cashid', 'registerid'], ['cashid' => $cashid]);
@ -246,7 +246,7 @@ class GenerateReceipt {
$receipt->appendHeader(new ReceiptLine($Strings->get("z report", false), "", "", ReceiptLine::LINEFORMAT_BOLD | ReceiptLine::LINEFORMAT_CENTER)); $receipt->appendHeader(new ReceiptLine($Strings->get("z report", false), "", "", ReceiptLine::LINEFORMAT_BOLD | ReceiptLine::LINEFORMAT_CENTER));
$receipt->appendLine(new ReceiptLine("Printed:", "", date(DATETIME_FORMAT))); $receipt->appendLine(new ReceiptLine("Printed:", "", date($SETTINGS['datetime_format'])));
$receipt->appendLine(new ReceiptLine("Register:", "", $registername)); $receipt->appendLine(new ReceiptLine("Register:", "", $registername));
$receipt->appendLine(new ReceiptLine("Transactions:", "", $transactioncount)); $receipt->appendLine(new ReceiptLine("Transactions:", "", $transactioncount));
@ -254,14 +254,14 @@ class GenerateReceipt {
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Opening", "", "", ReceiptLine::LINEFORMAT_CENTER)); $receipt->appendLine(new ReceiptLine("Opening", "", "", ReceiptLine::LINEFORMAT_CENTER));
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Date:", "", date(DATETIME_FORMAT, strtotime($cash['open'])))); $receipt->appendLine(new ReceiptLine("Date:", "", date($SETTINGS['datetime_format'], strtotime($cash['open']))));
$receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['start_amount'], 2))); $receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['start_amount'], 2)));
$receipt->appendBlank(); $receipt->appendBlank();
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Closing", "", "", ReceiptLine::LINEFORMAT_CENTER)); $receipt->appendLine(new ReceiptLine("Closing", "", "", ReceiptLine::LINEFORMAT_CENTER));
$receipt->appendBreak(); $receipt->appendBreak();
$receipt->appendLine(new ReceiptLine("Date:", "", date(DATETIME_FORMAT, strtotime($cash['close'])))); $receipt->appendLine(new ReceiptLine("Date:", "", date($SETTINGS['datetime_format'], strtotime($cash['close']))));
$receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['end_amount'], 2))); $receipt->appendLine(new ReceiptLine("Cash:", "", '$' . number_format($cash['end_amount'], 2)));
$receipt->appendBlank(); $receipt->appendBlank();

53
lib/Login.lib.php
Unescape Escape View File

@ -45,50 +45,13 @@ class Login {
return Login::LOGIN_OK; return Login::LOGIN_OK;
} }
public static function verifyCaptcha(string $session, string $answer, string $url): bool {
$data = [
'session_id' => $session,
'answer_id' => $answer,
'action' => "verify"
];
$options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
]
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$resp = json_decode($result, TRUE);
if (!$resp['result']) {
return false;
} else {
return true;
}
}
/** /**
* Check the login server API for sanity * Check the login server API for sanity
* @return boolean true if OK, else false * @return boolean true if OK, else false
*/ */
public static function checkLoginServer() { public static function checkLoginServer() {
try { try {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("ping");
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "ping"
]
]);
if ($response->getStatusCode() != 200) {
return false;
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return true; return true;
} else { } else {
@ -107,19 +70,7 @@ class Login {
*/ */
function checkAPIKey($key) { function checkAPIKey($key) {
try { try {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("ping", null, true);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => $key,
'action' => "ping"
]
]);
if ($response->getStatusCode() === 200) {
return true;
}
return false; return false;
} catch (Exception $e) { } catch (Exception $e) {
return false; return false;

30
lib/Notifications.lib.php
Unescape Escape View File

@ -32,27 +32,15 @@ class Notifications {
$timestamp = date("Y-m-d H:i:s", strtotime($timestamp)); $timestamp = date("Y-m-d H:i:s", strtotime($timestamp));
} }
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("addnotification", [
'uid' => $user->getUID(),
$response = $client 'title' => $title,
->request('POST', PORTAL_API, [ 'content' => $content,
'form_params' => [ 'timestamp' => $timestamp,
'key' => PORTAL_KEY, 'url' => $url,
'action' => "addnotification", 'sensitive' => $sensitive
'uid' => $user->getUID(), ]
'title' => $title, );
'content' => $content,
'timestamp' => $timestamp,
'url' => $url,
'sensitive' => $sensitive
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['id'] * 1; return $resp['id'] * 1;
} else { } else {

4
lib/Strings.lib.php
Unescape Escape View File

@ -21,6 +21,10 @@ class Strings {
$this->load("en"); $this->load("en");
if ($language == "en") {
return;
}
if (file_exists(__DIR__ . "/../langs/$language/")) { if (file_exists(__DIR__ . "/../langs/$language/")) {
$this->language = $language; $this->language = $language;
$this->load($language); $this->load($language);

163
lib/User.lib.php
Unescape Escape View File

@ -17,22 +17,7 @@ class User {
public function __construct(int $uid, string $username = "") { public function __construct(int $uid, string $username = "") {
// Check if user exists // Check if user exists
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("userexists", ["uid" => $uid]);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "userexists",
'uid' => $uid
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK" && $resp['exists'] === true) { if ($resp['status'] == "OK" && $resp['exists'] === true) {
$this->exists = true; $this->exists = true;
} else { } else {
@ -43,22 +28,7 @@ class User {
if ($this->exists) { if ($this->exists) {
// Get user info // Get user info
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("userinfo", ["uid" => $uid]);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "userinfo",
'uid' => $uid
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
$this->uid = $resp['data']['uid'] * 1; $this->uid = $resp['data']['uid'] * 1;
$this->username = $resp['data']['username']; $this->username = $resp['data']['username'];
@ -71,22 +41,7 @@ class User {
} }
public static function byUsername(string $username): User { public static function byUsername(string $username): User {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("userinfo", ["username" => $username]);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'username' => $username,
'action' => "userinfo"
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if (!isset($resp['status'])) { if (!isset($resp['status'])) {
sendError("Login server error: " . $resp); sendError("Login server error: " . $resp);
} }
@ -105,22 +60,8 @@ class User {
if (!$this->exists) { if (!$this->exists) {
return false; return false;
} }
$client = new GuzzleHttp\Client();
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "hastotp",
'username' => $this->username
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE); $resp = AccountHubApi::get("hastotp", ['username' => $this->username]);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['otp'] == true; return $resp['otp'] == true;
} else { } else {
@ -147,26 +88,11 @@ class User {
/** /**
* Check the given plaintext password against the stored hash. * Check the given plaintext password against the stored hash.
* @param string $password * @param string $password
* @param bool $apppass Set to true to enforce app passwords when 2fa is on.
* @return bool * @return bool
*/ */
function checkPassword(string $password): bool { function checkPassword(string $password, bool $apppass = false): bool {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password, 'apppass' => ($apppass ? "1" : "0")]);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "auth",
'username' => $this->username,
'password' => $password
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return true; return true;
} else { } else {
@ -174,27 +100,13 @@ class User {
} }
} }
function check2fa(string $code): bool { function check2fa(string $code): bool {
if (!$this->has2fa) { if (!$this->has2fa) {
return true; return true;
} }
$client = new GuzzleHttp\Client();
$response = $client $resp = AccountHubApi::get("verifytotp", ['username' => $this->username, 'code' => $code]);
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "verifytotp",
'username' => $this->username,
'code' => $code
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['valid']; return $resp['valid'];
} else { } else {
@ -209,23 +121,7 @@ class User {
* @return boolean TRUE if the user has the permission (or admin access), else FALSE * @return boolean TRUE if the user has the permission (or admin access), else FALSE
*/ */
function hasPermission(string $code): bool { function hasPermission(string $code): bool {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("permission", ['username' => $this->username, 'code' => $code]);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "permission",
'username' => $this->username,
'code' => $code
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['has_permission']; return $resp['has_permission'];
} else { } else {
@ -238,23 +134,7 @@ class User {
* @return \AccountStatus * @return \AccountStatus
*/ */
function getStatus(): AccountStatus { function getStatus(): AccountStatus {
$resp = AccountHubApi::get("acctstatus", ['username' => $this->username]);
$client = new GuzzleHttp\Client();
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "acctstatus",
'username' => $this->username
]
]);
if ($response->getStatusCode() > 299) {
sendError("Login server error: " . $response->getBody());
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return AccountStatus::fromString($resp['account']); return AccountStatus::fromString($resp['account']);
} else { } else {
@ -262,24 +142,13 @@ class User {
} }
} }
function sendAlertEmail(string $appname = SITE_TITLE) { function sendAlertEmail(string $appname = null) {
$client = new GuzzleHttp\Client(); global $SETTINGS;
if (is_null($appname)) {
$response = $client $appname = $SETTINGS['site_title'];
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "alertemail",
'username' => $this->username,
'appname' => SITE_TITLE
]
]);
if ($response->getStatusCode() > 299) {
return "An unknown error occurred.";
} }
$resp = AccountHubApi::get("alertemail", ['username' => $this->username, 'appname' => $SETTINGS['site_title']]);
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return true; return true;
} else { } else {

8
lib/reports.php
Unescape Escape View File

@ -38,7 +38,7 @@ if (LOADED) {
} }
function getCashFlowReport($register = null, $start = null, $end = null) { function getCashFlowReport($register = null, $start = null, $end = null) {
global $database, $Strings; global $database, $Strings, $SETTINGS;
$where = []; $where = [];
if (!is_null($register) && $database->has('registers', ['registerid' => $register])) { if (!is_null($register) && $database->has('registers', ['registerid' => $register])) {
@ -85,11 +85,11 @@ function getCashFlowReport($register = null, $start = null, $end = null) {
foreach ($cash as $c) { foreach ($cash as $c) {
$registers[$c['registerid']]['name'] = $c['registername']; $registers[$c['registerid']]['name'] = $c['registername'];
$registers[$c['registerid']]['id'] = $c['registerid']; $registers[$c['registerid']]['id'] = $c['registerid'];
$registers[$c['registerid']]['open'] = date(DATETIME_FORMAT, strtotime($c['open'])); $registers[$c['registerid']]['open'] = date($SETTINGS['datetime_format'], strtotime($c['open']));
if (is_null($c['close'])) { if (is_null($c['close'])) {
$registers[$c['registerid']]['close'] = date(DATETIME_FORMAT); $registers[$c['registerid']]['close'] = date($SETTINGS['datetime_format']);
} else { } else {
$registers[$c['registerid']]['close'] = date(DATETIME_FORMAT, strtotime($c['close'])); $registers[$c['registerid']]['close'] = date($SETTINGS['datetime_format'], strtotime($c['close']));
} }
if (!isset($registers[$c['registerid']][$c['typename']])) { if (!isset($registers[$c['registerid']][$c['typename']])) {
$registers[$c['registerid']][$c['typename']] = 0.0; $registers[$c['registerid']][$c['typename']] = 0.0;

62
mobile/index.php
Unescape Escape View File

@ -8,10 +8,6 @@
* Mobile app API * Mobile app API
*/ */
// The name of the permission needed to log in.
// Set to null if you don't need it.
$access_permission = null;
require __DIR__ . "/../required.php"; require __DIR__ . "/../required.php";
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -23,21 +19,7 @@ if ($VARS['action'] == "ping") {
} }
function mobile_enabled() { function mobile_enabled() {
$client = new GuzzleHttp\Client(); $resp = AccountHubApi::get("mobileenabled");
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "mobileenabled"
]
]);
if ($response->getStatusCode() > 299) {
return false;
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) { if ($resp['status'] == "OK" && $resp['mobile'] === TRUE) {
return true; return true;
} else { } else {
@ -46,26 +28,15 @@ function mobile_enabled() {
} }
function mobile_valid($username, $code) { function mobile_valid($username, $code) {
$client = new GuzzleHttp\Client(); try {
$resp = AccountHubApi::get("mobilevalid", ["code" => $code, "username" => $username], true);
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
"code" => $code,
"username" => $username,
'action' => "mobilevalid"
]
]);
if ($response->getStatusCode() > 299) { if ($resp['status'] == "OK" && $resp['valid'] === TRUE) {
return false; return true;
} } else {
return false;
$resp = json_decode($response->getBody(), TRUE); }
if ($resp['status'] == "OK" && $resp['valid'] === TRUE) { } catch (Exception $ex) {
return true;
} else {
return false; return false;
} }
} }
@ -75,7 +46,7 @@ if (mobile_enabled() !== TRUE) {
} }
// Make sure we have a username and access key // Make sure we have a username and access key
if (is_empty($VARS['username']) || is_empty($VARS['key'])) { if (empty($VARS['username']) || empty($VARS['key'])) {
http_response_code(401); http_response_code(401);
die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."])); die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
} }
@ -95,13 +66,14 @@ switch ($VARS['action']) {
if ($user->exists()) { if ($user->exists()) {
if ($user->getStatus()->getString() == "NORMAL") { if ($user->getStatus()->getString() == "NORMAL") {
if ($user->checkPassword($VARS['password'])) { if ($user->checkPassword($VARS['password'])) {
if (is_null($access_permission) || $user->hasPermission($access_permission)) { foreach ($SETTINGS['permissions'] as $perm) {
Session::start($user); if (!$user->hasPermission($perm)) {
$_SESSION['mobile'] = true; exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no permission", false)]));
exit(json_encode(["status" => "OK"])); }
} else {
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("no admin permission", false)]));
} }
Session::start($user);
$_SESSION['mobile'] = true;
exit(json_encode(["status" => "OK"]));
} }
} }
} }

8
pages.php
Unescape Escape View File

@ -138,5 +138,13 @@ define("PAGES", [
], ],
"404" => [ "404" => [
"title" => "404 error" "title" => "404 error"
],
"form" => [
"title" => "Form",
"navbar" => true,
"icon" => "fas fa-file-alt",
"scripts" => [
"static/js/form.js"
]
] ]
]); ]);

2
pages/certificates.php
Unescape Escape View File

@ -39,7 +39,7 @@ $cards = $database->select('certificates', ['certid (id)', 'certcode (code)', 'a
<td><?php echo $c['code']; ?></td> <td><?php echo $c['code']; ?></td>
<td>$<?php echo number_format($c['amount'], 2); ?></td> <td>$<?php echo number_format($c['amount'], 2); ?></td>
<td>$<?php echo number_format($c['start'], 2); ?></td> <td>$<?php echo number_format($c['start'], 2); ?></td>
<td><?php echo date(DATETIME_FORMAT, strtotime($c['issued'])); ?></td> <td><?php echo date($SETTINGS['datetime_format'], strtotime($c['issued'])); ?></td>
</tr> </tr>
<?php <?php
} }

2
pages/editcertificate.php
Unescape Escape View File

@ -16,7 +16,7 @@ $carddata = [
$editing = false; $editing = false;
if (!empty($VARS['id']) && !is_empty($VARS['id'])) { if (!empty($VARS['id'])) {
if ($database->has('certificates', ['certid' => $VARS['id']])) { if ($database->has('certificates', ['certid' => $VARS['id']])) {
$editing = true; $editing = true;
$carddata = $database->get( $carddata = $database->get(

2
pages/editcustomer.php
Unescape Escape View File

@ -18,7 +18,7 @@ $custdata = [
$editing = false; $editing = false;
if (!empty($VARS['id']) && !is_empty($VARS['id'])) { if (!empty($VARS['id'])) {
if ($database->has('customers', ['customerid' => $VARS['id']])) { if ($database->has('customers', ['customerid' => $VARS['id']])) {
$editing = true; $editing = true;
$custdata = $database->get( $custdata = $database->get(

4
pages/editregister.php
Unescape Escape View File

@ -70,9 +70,9 @@ if ($editing) {
for ($i = count($cash) - 1; $i >= 0; $i--) { for ($i = count($cash) - 1; $i >= 0; $i--) {
$c = $cash[$i]; $c = $cash[$i];
echo "<option value=\"$c[cashid]\">" echo "<option value=\"$c[cashid]\">"
. date(DATETIME_FORMAT, strtotime($c['open'])) . date($SETTINGS['datetime_format'], strtotime($c['open']))
. ' - ' . ' - '
. date(DATETIME_FORMAT, strtotime($c['close'])) . date($SETTINGS['datetime_format'], strtotime($c['close']))
. "</option>"; . "</option>";
} }
?> ?>

2
pages/pos.php
Unescape Escape View File

@ -18,7 +18,7 @@ if (isset($_GET['switch']) || !isset($_SESSION['register']) || !$registeropen) {
require_once __DIR__ . "/../lib/chooseregister.php"; require_once __DIR__ . "/../lib/chooseregister.php";
} else { } else {
$register = $database->get('registers', ['registerid (id)', 'registername (name)'], ['registerid' => $_SESSION['register']]); $register = $database->get('registers', ['registerid (id)', 'registername (name)'], ['registerid' => $_SESSION['register']]);
$showgridbydefault = $binstack->count('items', ['AND' => ['price[!]' => null, 'price[!]' => 0]]) <= GRID_BY_DEFAULT_MAX_ITEMS; $showgridbydefault = $binstack->count('items', ['AND' => ['price[!]' => null, 'price[!]' => 0]]) <= $SETTINGS['grid_default_max_items'];
$items = []; $items = [];
$payments = []; $payments = [];
$editing = false; $editing = false;

4
pages/registers.php
Unescape Escape View File

@ -65,8 +65,8 @@ $registers = $database->select('registers', ['registerid (id)', 'registername (n
$balance += $row; $balance += $row;
} }
} }
$open = date(DATETIME_FORMAT, strtotime($cash['open'])); $open = date($SETTINGS['datetime_format'], strtotime($cash['open']));
$close = is_null($cash['close']) ? $Strings->get("still open", false) : date(DATETIME_FORMAT, strtotime($cash['close'])); $close = is_null($cash['close']) ? $Strings->get("still open", false) : date($SETTINGS['datetime_format'], strtotime($cash['close']));
} }
?> ?>
<tr> <tr>

3
public/lib/item.php
Unescape Escape View File

@ -108,7 +108,8 @@ class ItemImage {
} }
function getAbsoluteUrl(): string { function getAbsoluteUrl(): string {
return BINSTACK_URL_IMAGEPHP . "?i=" . $this->url; global $SETTINGS;
return $SETTINGS['binstack_image.php'] . "?i=" . $this->url;
} }
function isPrimary(): bool { function isPrimary(): bool {

2
public/parts/account.php
Unescape Escape View File

@ -34,7 +34,7 @@ if ($loggedin !== true || is_null($account)) {
} }
?> ?>
<div class="list-group-item"> <div class="list-group-item">
Date: <?php echo date(DATETIME_FORMAT, strtotime($o['txdate'])); ?><br /> Date: <?php echo date($SETTINGS['datetime_format'], strtotime($o['txdate'])); ?><br />
Type: <?php Type: <?php
switch ($o['type']) { switch ($o['type']) {
case 1: case 1:

43
public/required.php
Unescape Escape View File

@ -40,8 +40,8 @@ header("Content-Security-Policy: "
. "frame-src 'self'; " . "frame-src 'self'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; " . "style-src 'self' 'nonce-$SECURE_NONCE'; "
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); . "script-src 'self' 'nonce-$SECURE_NONCE'");
// //
// Composer // Composer
@ -69,7 +69,7 @@ function sendError($error) {
. "<p>" . htmlspecialchars($error) . "</p>"); . "<p>" . htmlspecialchars($error) . "</p>");
} }
date_default_timezone_set(TIMEZONE); date_default_timezone_set($SETTINGS['timezone']);
// Database settings // Database settings
// Also inits database and stuff // Also inits database and stuff
@ -79,20 +79,20 @@ $database;
$binstack; $binstack;
try { try {
$database = new Medoo([ $database = new Medoo([
'database_type' => DB_TYPE, 'database_type' => $SETTINGS['database']['type'],
'database_name' => DB_NAME, 'database_name' => $SETTINGS['database']['name'],
'server' => DB_SERVER, 'server' => $SETTINGS['database']['server'],
'username' => DB_USER, 'username' => $SETTINGS['database']['user'],
'password' => DB_PASS, 'password' => $SETTINGS['database']['password'],
'charset' => DB_CHARSET 'charset' => $SETTINGS['database']['charset']
]); ]);
$binstack = new Medoo([ $binstack = new Medoo([
'database_type' => BINSTACK_DB_TYPE, 'database_type' => $SETTINGS['binstack_database']['type'],
'database_name' => BINSTACK_DB_NAME, 'database_name' => $SETTINGS['binstack_database']['name'],
'server' => BINSTACK_DB_SERVER, 'server' => $SETTINGS['binstack_database']['server'],
'username' => BINSTACK_DB_USER, 'username' => $SETTINGS['binstack_database']['user'],
'password' => BINSTACK_DB_PASS, 'password' => $SETTINGS['binstack_database']['password'],
'charset' => BINSTACK_DB_CHARSET 'charset' => $SETTINGS['binstack_database']['charset']
]); ]);
} catch (Exception $ex) { } catch (Exception $ex) {
//header('HTTP/1.1 500 Internal Server Error'); //header('HTTP/1.1 500 Internal Server Error');
@ -100,7 +100,7 @@ try {
} }
if (!DEBUG) { if (!$SETTINGS['debug']) {
error_reporting(0); error_reporting(0);
} else { } else {
error_reporting(E_ALL); error_reporting(E_ALL);
@ -127,13 +127,4 @@ if (!empty($_SESSION['shop_account'])) {
} else { } else {
$account = null; $account = null;
} }
} }
/**
* Checks if a string or whatever is empty.
* @param $str The thingy to check
* @return boolean True if it's empty or whatever.
*/
function is_empty($str) {
return (is_null($str) || !isset($str) || $str == '');
}

100
required.php
Unescape Escape View File

@ -32,7 +32,6 @@ session_start(); // stick some cookies in it
// renew session cookie // renew session cookie
setcookie(session_name(), session_id(), time() + $session_length, "/", false, false); setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
if ($_SESSION['mobile'] === TRUE) { if ($_SESSION['mobile'] === TRUE) {
header("Content-Security-Policy: " header("Content-Security-Policy: "
. "default-src 'self';" . "default-src 'self';"
@ -42,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'self'; " . "frame-src 'self'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'unsafe-inline' $captcha_server; " . "style-src 'self' 'unsafe-inline'; "
. "script-src 'self' 'unsafe-inline' $captcha_server"); . "script-src 'self' 'unsafe-inline'");
} else { } else {
header("Content-Security-Policy: " header("Content-Security-Policy: "
. "default-src 'self';" . "default-src 'self';"
@ -53,8 +52,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'self'; " . "frame-src 'self'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; " . "style-src 'self' 'nonce-$SECURE_NONCE'; "
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); . "script-src 'self' 'nonce-$SECURE_NONCE'");
} }
// //
@ -69,7 +68,7 @@ foreach ($libs as $lib) {
require_once $lib; require_once $lib;
} }
$Strings = new Strings(LANGUAGE); $Strings = new Strings($SETTINGS['language']);
/** /**
* Kill off the running process and spit out an error message * Kill off the running process and spit out an error message
@ -93,7 +92,7 @@ function sendError($error) {
. "<p>" . htmlspecialchars($error) . "</p>"); . "<p>" . htmlspecialchars($error) . "</p>");
} }
date_default_timezone_set(TIMEZONE); date_default_timezone_set($SETTINGS['timezone']);
// Database settings // Database settings
// Also inits database and stuff // Also inits database and stuff
@ -103,20 +102,20 @@ $database;
$binstack; $binstack;
try { try {
$database = new Medoo([ $database = new Medoo([
'database_type' => DB_TYPE, 'database_type' => $SETTINGS['database']['type'],
'database_name' => DB_NAME, 'database_name' => $SETTINGS['database']['name'],
'server' => DB_SERVER, 'server' => $SETTINGS['database']['server'],
'username' => DB_USER, 'username' => $SETTINGS['database']['user'],
'password' => DB_PASS, 'password' => $SETTINGS['database']['password'],
'charset' => DB_CHARSET 'charset' => $SETTINGS['database']['charset']
]); ]);
$binstack = new Medoo([ $binstack = new Medoo([
'database_type' => BINSTACK_DB_TYPE, 'database_type' => $SETTINGS['binstack_database']['type'],
'database_name' => BINSTACK_DB_NAME, 'database_name' => $SETTINGS['binstack_database']['name'],
'server' => BINSTACK_DB_SERVER, 'server' => $SETTINGS['binstack_database']['server'],
'username' => BINSTACK_DB_USER, 'username' => $SETTINGS['binstack_database']['user'],
'password' => BINSTACK_DB_PASS, 'password' => $SETTINGS['binstack_database']['password'],
'charset' => BINSTACK_DB_CHARSET 'charset' => $SETTINGS['binstack_database']['charset']
]); ]);
} catch (Exception $ex) { } catch (Exception $ex) {
//header('HTTP/1.1 500 Internal Server Error'); //header('HTTP/1.1 500 Internal Server Error');
@ -124,7 +123,7 @@ try {
} }
if (!DEBUG) { if (!$SETTINGS['debug']) {
error_reporting(0); error_reporting(0);
} else { } else {
error_reporting(E_ALL); error_reporting(E_ALL);
@ -141,20 +140,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
define("GET", true); define("GET", true);
} }
/**
* Checks if a string or whatever is empty.
* @param $str The thingy to check
* @return boolean True if it's empty or whatever.
*/
function is_empty($str) {
return (is_null($str) || !isset($str) || $str == '');
}
function dieifnotloggedin() { function dieifnotloggedin() {
global $SETTINGS;
if ($_SESSION['loggedin'] != true) { if ($_SESSION['loggedin'] != true) {
sendError("Session expired. Please log out and log in again."); sendError("Session expired. Please log out and log in again.");
} }
$user = new User($_SESSION['uid']);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
session_destroy();
die("You don't have permission to be here.");
}
}
} }
/** /**
@ -174,41 +171,18 @@ function checkDBError($specials = []) {
} }
} }
/*
* http://stackoverflow.com/a/20075147
*/
if (!function_exists('base_url')) {
function base_url($atRoot = FALSE, $atCore = FALSE, $parse = FALSE) {
if (isset($_SERVER['HTTP_HOST'])) {
$http = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
$hostname = $_SERVER['HTTP_HOST'];
$dir = str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
$core = preg_split('@/@', str_replace($_SERVER['DOCUMENT_ROOT'], '', realpath(dirname(__FILE__))), NULL, PREG_SPLIT_NO_EMPTY);
$core = $core[0];
$tmplt = $atRoot ? ($atCore ? "%s://%s/%s/" : "%s://%s/") : ($atCore ? "%s://%s/%s/" : "%s://%s%s");
$end = $atRoot ? ($atCore ? $core : $hostname) : ($atCore ? $core : $dir);
$base_url = sprintf($tmplt, $http, $hostname, $end);
} else
$base_url = 'http://localhost/';
if ($parse) {
$base_url = parse_url($base_url);
if (isset($base_url['path']))
if ($base_url['path'] == '/')
$base_url['path'] = '';
}
return $base_url;
}
}
function redirectIfNotLoggedIn() { function redirectIfNotLoggedIn() {
global $SETTINGS;
if ($_SESSION['loggedin'] !== TRUE) { if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/index.php'); header('Location: ' . $SETTINGS['url'] . '/index.php');
die(); die();
} }
$user = new User($_SESSION['uid']);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
session_destroy();
header('Location: ./index.php');
die("You don't have permission to be here.");
}
}
} }

131
settings.template.php
Unescape Escape View File

@ -1,65 +1,76 @@
<?php <?php
/* This Source Code Form is subject to the terms of the Mozilla Public /*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
// Whether to show debugging data in output. // Settings for the app.
// DO NOT SET TO TRUE IN PRODUCTION!!! // Copy to settings.php and customize.
define("DEBUG", false);
// Database connection settings $SETTINGS = [
// See http://medoo.in/api/new for info // Whether to output debugging info like PHP notices, warnings,
define("DB_TYPE", "mysql"); // and stacktraces.
define("DB_NAME", "nickelbox"); // Turning this on in production is a security risk and can sometimes break
define("DB_SERVER", "localhost"); // things, such as JSON output where extra content is not expected.
define("DB_USER", "nickelbox"); "debug" => false,
define("DB_PASS", ""); // Database connection settings
define("DB_CHARSET", "utf8"); // See http://medoo.in/api/new for info
"database" => [
// BinStack database connection settings "type" => "mysql",
define("BINSTACK_DB_TYPE", "mysql"); "name" => "nickelbox",
define("BINSTACK_DB_NAME", "inventory"); "server" => "localhost",
define("BINSTACK_DB_SERVER", "localhost"); "user" => "",
define("BINSTACK_DB_USER", "inventory"); "password" => "",
define("BINSTACK_DB_PASS", ""); "charset" => "utf8"
define("BINSTACK_DB_CHARSET", "utf8"); ],
// BinStack database
// Absolute path to image.php in the BinStack installation folder // Needed for integration
// Required for item images to load "binstack_database" => [
define("BINSTACK_URL_IMAGEPHP", "/binstack/image.php"); "type" => "mysql",
"name" => "binstack",
// Name of the app. "server" => "localhost",
define("SITE_TITLE", "NickelBox"); "user" => "",
"password" => "",
// If there are this many or fewer items, "charset" => "utf8"
// load the POS grid view automatically ],
define("GRID_BY_DEFAULT_MAX_ITEMS", 20); // Name of the app.
"site_title" => "NickelBox",
// URL of the AccountHub API endpoint // Settings for connecting to the AccountHub server.
define("PORTAL_API", "http://localhost/accounthub/api.php"); "accounthub" => [
// URL of the AccountHub home page // URL for the API endpoint
define("PORTAL_URL", "http://localhost/accounthub/home.php"); "api" => "http://localhost/accounthub/api/",
// AccountHub API Key // URL of the home page
define("PORTAL_KEY", "123"); "home" => "http://localhost/accounthub/home.php",
// API key
// For supported values, see http://php.net/manual/en/timezones.php "key" => "123"
define("TIMEZONE", "America/Denver"); ],
// Absolute path to image.php in the BinStack installation folder
define("DATETIME_FORMAT", "M j Y g:i A"); // 12 hour time // Required for item images to load
#define("DATETIME_FORMAT", "M j Y G:i"); // 24 hour time "binstack_image.php" => "/binstack/image.php",
// If there are this many or fewer items,
// Base URL for site links. // load the POS grid view automatically
define('URL', '.'); "grid_default_max_items" => 20,
// PHP date() format string for date display
// Use Captcheck on login screen "datetime_format" => "M j Y g:i A",
// https://captcheck.netsyms.com // List of required user permissions to access this app.
define("CAPTCHA_ENABLED", FALSE); "permissions" => [
define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com'); ],
// List of permissions required for API access. Remove to use the value of
// See lang folder for language options // "permissions" instead.
define('LANGUAGE', "en_us"); "api_permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php
define("FOOTER_TEXT", ""); "timezone" => "America/Denver",
define("COPYRIGHT_NAME", "Netsyms Technologies"); // Language to use for localization. See langs folder to add a language.
"language" => "en",
// Shown in the footer of all the pages.
"footer_text" => "",
// Also shown in the footer, but with "Copyright <current_year>" in front.
"copyright" => "Netsyms Technologies",
// Base URL for building links relative to the location of the app.
// Only used when there's no good context for the path.
// The default is almost definitely fine.
"url" => "."
];

12
static/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

15
static/css/index.css
Unescape Escape View File

@ -1,15 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
.banner-image {
max-height: 100px;
margin: 2em auto;
border: 1px solid grey;
border-radius: 15%;
}
.footer {
margin-top: 10em;
text-align: center;
}

6
static/css/svg-with-js.min.css vendored
Unescape Escape View File

@ -1,5 +1 @@
/*! .svg-inline--fa,svg:not(:root).svg-inline--fa{overflow:visible}.svg-inline--fa{display:inline-block;font-size:inherit;height:1em;vertical-align:-.125em}.svg-inline--fa.fa-lg{vertical-align:-.225em}.svg-inline--fa.fa-w-1{width:.0625em}.svg-inline--fa.fa-w-2{width:.125em}.svg-inline--fa.fa-w-3{width:.1875em}.svg-inline--fa.fa-w-4{width:.25em}.svg-inline--fa.fa-w-5{width:.3125em}.svg-inline--fa.fa-w-6{width:.375em}.svg-inline--fa.fa-w-7{width:.4375em}.svg-inline--fa.fa-w-8{width:.5em}.svg-inline--fa.fa-w-9{width:.5625em}.svg-inline--fa.fa-w-10{width:.625em}.svg-inline--fa.fa-w-11{width:.6875em}.svg-inline--fa.fa-w-12{width:.75em}.svg-inline--fa.fa-w-13{width:.8125em}.svg-inline--fa.fa-w-14{width:.875em}.svg-inline--fa.fa-w-15{width:.9375em}.svg-inline--fa.fa-w-16{width:1em}.svg-inline--fa.fa-w-17{width:1.0625em}.svg-inline--fa.fa-w-18{width:1.125em}.svg-inline--fa.fa-w-19{width:1.1875em}.svg-inline--fa.fa-w-20{width:1.25em}.svg-inline--fa.fa-pull-left{margin-right:.3em;width:auto}.svg-inline--fa.fa-pull-right{margin-left:.3em;width:auto}.svg-inline--fa.fa-border{height:1.5em}.svg-inline--fa.fa-li{width:2em}.svg-inline--fa.fa-fw{width:1.25em}.fa-layers svg.svg-inline--fa{bottom:0;left:0;margin:auto;position:absolute;right:0;top:0}.fa-layers{display:inline-block;height:1em;position:relative;text-align:center;vertical-align:-.125em;width:1em}.fa-layers svg.svg-inline--fa{transform-origin:center center}.fa-layers-counter,.fa-layers-text{display:inline-block;position:absolute;text-align:center}.fa-layers-text{left:50%;top:50%;transform:translate(-50%,-50%);transform-origin:center center}.fa-layers-counter{background-color:#ff253a;border-radius:1em;box-sizing:border-box;color:#fff;height:1.5em;line-height:1;max-width:5em;min-width:1.5em;overflow:hidden;padding:.25em;right:0;text-overflow:ellipsis;top:0;transform:scale(.25);transform-origin:top right}.fa-layers-bottom-right{bottom:0;right:0;top:auto;transform:scale(.25);transform-origin:bottom right}.fa-layers-bottom-left{bottom:0;left:0;right:auto;top:auto;transform:scale(.25);transform-origin:bottom left}.fa-layers-top-right{right:0;top:0;transform:scale(.25);transform-origin:top right}.fa-layers-top-left{left:0;right:auto;top:0;transform:scale(.25);transform-origin:top left}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{animation:fa-spin 2s infinite linear}.fa-pulse{animation:fa-spin 1s infinite steps(8)}@keyframes fa-spin{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";transform:scaleX(-1)}.fa-flip-vertical{transform:scaleY(-1)}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical{transform:scale(-1)}:root .fa-flip-both,:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{display:inline-block;height:2em;position:relative;width:2.5em}.fa-stack-1x,.fa-stack-2x{bottom:0;left:0;margin:auto;position:absolute;right:0;top:0}.svg-inline--fa.fa-stack-1x{height:1em;width:1.25em}.svg-inline--fa.fa-stack-2x{height:2em;width:2.5em}.fa-inverse{color:#fff}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}
* Font Awesome Free 5.3.1 by @fontawesome - https://fontawesome.com
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
*/
.svg-inline--fa,svg:not(:root).svg-inline--fa{overflow:visible}.svg-inline--fa{display:inline-block;font-size:inherit;height:1em;vertical-align:-.125em}.svg-inline--fa.fa-lg{vertical-align:-.225em}.svg-inline--fa.fa-w-1{width:.0625em}.svg-inline--fa.fa-w-2{width:.125em}.svg-inline--fa.fa-w-3{width:.1875em}.svg-inline--fa.fa-w-4{width:.25em}.svg-inline--fa.fa-w-5{width:.3125em}.svg-inline--fa.fa-w-6{width:.375em}.svg-inline--fa.fa-w-7{width:.4375em}.svg-inline--fa.fa-w-8{width:.5em}.svg-inline--fa.fa-w-9{width:.5625em}.svg-inline--fa.fa-w-10{width:.625em}.svg-inline--fa.fa-w-11{width:.6875em}.svg-inline--fa.fa-w-12{width:.75em}.svg-inline--fa.fa-w-13{width:.8125em}.svg-inline--fa.fa-w-14{width:.875em}.svg-inline--fa.fa-w-15{width:.9375em}.svg-inline--fa.fa-w-16{width:1em}.svg-inline--fa.fa-w-17{width:1.0625em}.svg-inline--fa.fa-w-18{width:1.125em}.svg-inline--fa.fa-w-19{width:1.1875em}.svg-inline--fa.fa-w-20{width:1.25em}.svg-inline--fa.fa-pull-left{margin-right:.3em;width:auto}.svg-inline--fa.fa-pull-right{margin-left:.3em;width:auto}.svg-inline--fa.fa-border{height:1.5em}.svg-inline--fa.fa-li{width:2em}.svg-inline--fa.fa-fw{width:1.25em}.fa-layers svg.svg-inline--fa{bottom:0;left:0;margin:auto;position:absolute;right:0;top:0}.fa-layers{display:inline-block;height:1em;position:relative;text-align:center;vertical-align:-.125em;width:1em}.fa-layers svg.svg-inline--fa{transform-origin:center center}.fa-layers-counter,.fa-layers-text{display:inline-block;position:absolute;text-align:center}.fa-layers-text{left:50%;top:50%;transform:translate(-50%,-50%);transform-origin:center center}.fa-layers-counter{background-color:#ff253a;border-radius:1em;box-sizing:border-box;color:#fff;height:1.5em;line-height:1;max-width:5em;min-width:1.5em;overflow:hidden;padding:.25em;right:0;text-overflow:ellipsis;top:0;transform:scale(.25);transform-origin:top right}.fa-layers-bottom-right{bottom:0;right:0;top:auto;transform:scale(.25);transform-origin:bottom right}.fa-layers-bottom-left{bottom:0;left:0;right:auto;top:auto;transform:scale(.25);transform-origin:bottom left}.fa-layers-top-right{right:0;top:0;transform:scale(.25);transform-origin:top right}.fa-layers-top-left{left:0;right:auto;top:0;transform:scale(.25);transform-origin:top left}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{animation:fa-spin 2s infinite linear}.fa-pulse{animation:fa-spin 1s infinite steps(8)}@keyframes fa-spin{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";transform:scaleX(-1)}.fa-flip-vertical{transform:scaleY(-1)}.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-horizontal.fa-flip-vertical{transform:scale(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{-webkit-filter:none;filter:none}.fa-stack{display:inline-block;height:2em;position:relative;width:2em}.fa-stack-1x,.fa-stack-2x{bottom:0;left:0;margin:auto;position:absolute;right:0;top:0}.svg-inline--fa.fa-stack-1x{height:1em;width:1em}.svg-inline--fa.fa-stack-2x{height:2em;width:2em}.fa-inverse{color:#fff}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}

3
static/js/app.js
Unescape Escape View File

@ -13,7 +13,7 @@ $(document).ready(function () {
var gone = 20; var gone = 20;
var msgticker = setInterval(function () { var msgticker = setInterval(function () {
if ($('#msg-alert-box .alert:hover').length) { if ($("#msg-alert-box .alert:hover").length) {
msginteractiontick = 0; msginteractiontick = 0;
} else { } else {
msginteractiontick++; msginteractiontick++;
@ -55,7 +55,6 @@ $(document).ready(function () {
$("#msg-alert-box").on("mouseenter", function () { $("#msg-alert-box").on("mouseenter", function () {
$("#msg-alert-box").css("opacity", "1"); $("#msg-alert-box").css("opacity", "1");
msginteractiontick = 0; msginteractiontick = 0;
console.log("👈😎👈 zoop");
}); });
$("#msg-alert-box").on("click", ".close", function (e) { $("#msg-alert-box").on("click", ".close", function (e) {
$("#msg-alert-box").fadeOut("slow"); $("#msg-alert-box").fadeOut("slow");

6
static/js/bootstrap.bundle.min.js vendored
View File

File diff suppressed because one or more lines are too long

6
static/js/fontawesome-all.min.js vendored
View File

File diff suppressed because one or more lines are too long
Write Preview
Loading…
Cancel
Save