mirror of
https://github.com/icecoder/ICEcoder.git
synced 2026-03-03 07:13:59 +01:00
d6c282a70a
Session accountUsername is now just username Settings filename now may contain the username if available from a post or session var setPWorLogin is now login by default, set password if we create a new config file Instead of the posted accountPassword value, we now look to the value of the submit button and if it contains 'set password' or not Set session username to the posted value on login or set password and set to itself on every load accountPassword form field now just password Focus on the username or password field, depending on the 1st one shown on page Set the value of the submit button to 'set password / login' if multiUser
383 lines
17 KiB
PHP
383 lines
17 KiB
PHP
<?php
|
|
// Display & log all errors
|
|
ini_set('display_errors', 1);
|
|
ini_set('log_errors', 1);
|
|
ini_set('error_log', dirname(__FILE__).'/../error-log.txt');
|
|
error_reporting(-1);
|
|
|
|
// Set our default timezone and supress warning with @
|
|
@date_default_timezone_set(date_default_timezone_get());
|
|
|
|
// Set a stream context timeout for file reading
|
|
$context = stream_context_create(array('http'=>
|
|
array(
|
|
'timeout' => 60 // secs
|
|
)
|
|
));
|
|
|
|
// Start a session if we haven't already
|
|
if(!isset($_SESSION)) {session_start();}
|
|
|
|
// Logout if that's the action we're taking
|
|
if (isset($_GET['logout'])) {
|
|
$_SESSION['loggedIn']=false;
|
|
$_SESSION['username']=false;
|
|
session_destroy();
|
|
header("Location: dirname(__FILE__)./?loggedOut");
|
|
}
|
|
|
|
// If magic quotes are still on (attempted to switch off in php.ini)
|
|
if (get_magic_quotes_gpc ()) {
|
|
function stripslashes_deep($value) {
|
|
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
|
|
return $value;
|
|
}
|
|
$_POST = (isset($_POST) && !empty($_POST)) ? array_map('stripslashes_deep', $_POST) : array();
|
|
$_GET = (isset($_GET) && !empty($_GET)) ? array_map('stripslashes_deep', $_GET) : array();
|
|
$_COOKIE = (isset($_COOKIE) && !empty($_COOKIE)) ? array_map('stripslashes_deep', $_COOKIE) : array();
|
|
$_REQUEST = (isset($_REQUEST) && !empty($_REQUEST)) ? array_map('stripslashes_deep', $_REQUEST) : array();
|
|
}
|
|
|
|
// Function to handle salted hashing
|
|
define('SALT_LENGTH',9);
|
|
function generateHash($plainText,$salt=null) {
|
|
if ($salt === null) {
|
|
$salt = substr(md5(uniqid(rand(), true)),0,SALT_LENGTH);
|
|
} else {
|
|
$salt = substr($salt,0,SALT_LENGTH);
|
|
}
|
|
return $salt.sha1($salt.$plainText);
|
|
}
|
|
|
|
// returns converted entities which have HTML entity equivalents
|
|
function strClean($var) {
|
|
return htmlentities($var, ENT_QUOTES, "UTF-8");
|
|
}
|
|
|
|
// returns a number, whole or decimal or null
|
|
function numClean($var) {
|
|
return is_numeric($var) ? floatval($var) : false;
|
|
}
|
|
|
|
// returns a UTF8 based string with any UFT8 BOM removed
|
|
function toUTF8noBOM($string,$message) {
|
|
// Attempt to detect encoding
|
|
$encType = mb_detect_encoding($string);
|
|
// Get rid of any UTF-8 BOM
|
|
$string = preg_replace('/\x{EF}\x{BB}\x{BF}/','',$string);
|
|
// Test for any bad characters
|
|
$teststring = $string;
|
|
$teststringBroken = utf8_decode($teststring);
|
|
$teststringConverted = iconv("UTF-8", "UTF-8//IGNORE", $teststringBroken);
|
|
// If we have a matching length, UTF8 encode it
|
|
if ($encType != "ASCII" && strlen($teststringConverted) == strlen($teststringBroken)) {
|
|
$string = utf8_encode($string);
|
|
if ($message) {
|
|
echo "<script>top.ICEcoder.message('Your document doesn\'t appear to be in UTF-8 encoding so has been converted.');</script>";
|
|
}
|
|
}
|
|
return $string;
|
|
}
|
|
|
|
// Settings are stored in this file
|
|
$settingsTemplate = 'config-template.php';
|
|
$username = "";
|
|
if (isset($_POST['username']) && $_POST['username'] != "") {$username = strClean($_POST['username']."-");};
|
|
if (isset($_SESSION['username']) && $_SESSION['username'] != "") {$username = strClean($_SESSION['username']."-");};
|
|
$settingsFile = 'config-'.$username.str_replace(".","_",$_SERVER['SERVER_NAME']).'.php';
|
|
$setPWorLogin = "login";
|
|
if (!file_exists(dirname(__FILE__)."/".$settingsFile)) {
|
|
if (!copy(dirname(__FILE__)."/".$settingsTemplate, dirname(__FILE__)."/".$settingsFile)) {
|
|
die("Couldn't create $settingsFile. Maybe you need write permissions on the lib folder?");
|
|
}
|
|
$setPWorLogin = "set password";
|
|
}
|
|
include(dirname(__FILE__)."/".$settingsFile);
|
|
|
|
// Add ICEcoder settings to beginning of $ICEcoder array
|
|
$ICEcoder = array(
|
|
"versionNo" => "2.5",
|
|
"codeMirrorDir" => "CodeMirror-3.13",
|
|
"demoMode" => false,
|
|
"devMode" => false,
|
|
"multiUser" => true,
|
|
"lineEnding" => "\n"
|
|
)+$ICEcoder;
|
|
|
|
$onLoadExtras = "";
|
|
$pluginsDisplay = "";
|
|
|
|
if ($ICEcoder['demoMode'] && $ICEcoder['accountPassword']!="") {$_SESSION['loggedIn']=true;};
|
|
$demoMode = $ICEcoder['demoMode'];
|
|
|
|
// Update this config file?
|
|
if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset($_POST["theme"]) && $_POST["theme"]) {
|
|
$settingsContents = file_get_contents($settingsFile,false,$context);
|
|
// Replace our settings vars
|
|
$repPosStart = strpos($settingsContents,'"root"');
|
|
$repPosEnd = strpos($settingsContents,'"previousFiles"');
|
|
|
|
// Prepare all our vars
|
|
$ICEcoder["root"] = strClean($_POST['root']);
|
|
$ICEcoder["checkUpdates"] = isset($_POST['checkUpdates']) && $_POST['checkUpdates'] ? "true" : "false";
|
|
$ICEcoder["openLastFiles"] = isset($_POST['openLastFiles']) && $_POST['openLastFiles'] ? "true" : "false";
|
|
$ICEcoder["findFilesExclude"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['findFilesExclude']))).'")';
|
|
$ICEcoder["codeAssist"] = isset($_POST['codeAssist']) && $_POST['codeAssist'] ? "true" : "false";
|
|
$ICEcoder["visibleTabs"] = isset($_POST['visibleTabs']) && $_POST['visibleTabs'] ? "true" : "false";
|
|
$ICEcoder["lockedNav"] = isset($_POST['lockedNav']) && $_POST['lockedNav'] ? "true" : "false";
|
|
if (strpos($_POST['submit'],"set password")>-1) {$ICEcoder["accountPassword"] = generateHash(strClean($_POST['password']));};
|
|
$ICEcoder["bannedFiles"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedFiles']))).'")';
|
|
$ICEcoder["bannedPaths"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedPaths']))).'")';
|
|
$ICEcoder["allowedIPs"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['allowedIPs']))).'")';
|
|
$ICEcoder["plugins"] = 'array('.PHP_EOL.' array('.PHP_EOL.' '.str_replace('====================','),'.PHP_EOL.' array(',$_POST['plugins']).'))';
|
|
$ICEcoder["theme"] = strClean($_POST['theme']);
|
|
$ICEcoder["fontSize"] = strClean($_POST['fontSize']);
|
|
$ICEcoder["lineWrapping"] = strClean($_POST['lineWrapping']);
|
|
$ICEcoder["indentWithTabs"] = strClean($_POST['indentWithTabs']);
|
|
$ICEcoder["indentSize"] = numClean($_POST['indentSize']);
|
|
|
|
$settingsArray = array("root","checkUpdates","openLastFiles","findFilesExclude","codeAssist","visibleTabs","lockedNav","accountPassword","bannedFiles","bannedPaths","allowedIPs","plugins","theme","fontSize","lineWrapping","indentWithTabs","indentSize");
|
|
$settingsNew = "";
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
$settingsNew .= '"'.$settingsArray[$i].'"'.PHP_EOL.' => ';
|
|
$settingWrap = $settingsArray[$i]=="root"||$settingsArray[$i]=="accountPassword"||$settingsArray[$i]=="theme"||$settingsArray[$i]=="fontSize" ? '"' : '';
|
|
$settingsNew .= $settingWrap.$ICEcoder[$settingsArray[$i]].$settingWrap.','.PHP_EOL.PHP_EOL;
|
|
}
|
|
|
|
// Compile our new settings
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$settingsNew.substr($settingsContents,($repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
|
|
// OK, now the config file has been updated, update our current session with new arrays
|
|
$settingsArray = array("findFilesExclude","bannedFiles","allowedIPs");
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]] = explode(",",str_replace(" ","",strClean($_POST[$settingsArray[$i]])));
|
|
}
|
|
// Work out the theme to use now
|
|
$ICEcoder["theme"]=="default" ? $themeURL = 'lib/editor.css' : $themeURL = $ICEcoder["codeMirrorDir"].'/theme/'.$ICEcoder["theme"].'.css';
|
|
// Do we need a file manager refresh?
|
|
$refreshFM = $_POST['changedFileSettings']=="true" ? "true" : "false";
|
|
// With all that worked out, we can now hide the settings screen and apply the new settings
|
|
echo "<script>top.ICEcoder.settingsScreen('hide');top.ICEcoder.useNewSettings('".$themeURL."',".$ICEcoder["codeAssist"].",".$ICEcoder["lockedNav"].",".$ICEcoder["visibleTabs"].",'".$ICEcoder["fontSize"]."',".$ICEcoder["lineWrapping"].",".$ICEcoder["indentWithTabs"].",".$ICEcoder["indentSize"].",".$refreshFM.");</script>";
|
|
}
|
|
|
|
// Establish our user level
|
|
if (!isset($_SESSION['loggedIn'])) {$_SESSION['loggedIn'] = false;};
|
|
if (!isset($_SESSION['username'])) {$_SESSION['username'] = false;};
|
|
if(isset($_POST['submit']) && $setPWorLogin=="login" && generateHash(strClean($_POST['password']),$ICEcoder["accountPassword"])==$ICEcoder["accountPassword"]) {
|
|
if ($ICEcoder["multiUser"]) {
|
|
$_SESSION['username'] = $_POST['username'];
|
|
}
|
|
$_SESSION['loggedIn'] = true;
|
|
header('Location: ../');
|
|
};
|
|
$_SESSION['loggedIn'] = $_SESSION['loggedIn'];
|
|
$_SESSION['username'] = $_SESSION['username'];
|
|
|
|
// Define the serverType, docRoot & iceRoot
|
|
$serverType = stristr($_SERVER['SERVER_SOFTWARE'], "win") ? "Windows" : "Linux";
|
|
$docRoot = rtrim(str_replace("\\","/",$_SERVER['DOCUMENT_ROOT']));
|
|
$iceRoot = rtrim(str_replace("\\","/",$ICEcoder["root"]));
|
|
if ($_SESSION['loggedIn']) {
|
|
echo "<script>top.docRoot='".$docRoot."';top.iceRoot='".$iceRoot."'</script>";
|
|
}
|
|
|
|
// Setup our file security vars
|
|
$settingsArray = array("findFilesExclude","bannedFiles","allowedIPs");
|
|
for ($i=0;$i<count($settingsArray);$i++) {
|
|
if (!isset($_SESSION[$settingsArray[$i]])) {$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]];}
|
|
}
|
|
|
|
// Determin our allowed IP addresses
|
|
$allowedIP = false;
|
|
for($i=0;$i<count($_SESSION['allowedIPs']);$i++) {
|
|
if ($_SESSION['allowedIPs'][$i]==$_SERVER["REMOTE_ADDR"]||$_SESSION['allowedIPs'][$i]=="*") {
|
|
$allowedIP = true;
|
|
}
|
|
}
|
|
// If user not allowed to view, boot to site root
|
|
if (!$allowedIP) {
|
|
echo '<script>top.window.location="/";</script>';
|
|
};
|
|
|
|
// Save the currently opened files for next time
|
|
if ($_SESSION['loggedIn'] && isset($_GET["saveFiles"]) && $_GET['saveFiles']) {
|
|
$settingsContents = file_get_contents($settingsFile,false,$context);
|
|
|
|
// Replace our previousFiles var with the the current
|
|
$repPosStart = strpos($settingsContents,'previousFiles" => "')+20;
|
|
$repPosEnd = strpos($settingsContents,'",',$repPosStart)-$repPosStart;
|
|
if (!$demoMode) {
|
|
if ($_GET['saveFiles']!="CLEAR") {
|
|
$saveFiles=strClean($_GET['saveFiles']);
|
|
$saveFilesArray = explode(",",$saveFiles);
|
|
$saveFiles="";
|
|
for ($i=0;$i<count($saveFilesArray);$i++) {
|
|
$saveFilesArray[$i] = str_replace("/","|",$docRoot).$saveFilesArray[$i];
|
|
$saveFiles .= $saveFilesArray[$i].",";
|
|
}
|
|
$saveFiles = rtrim($saveFiles,",");
|
|
} else {
|
|
$saveFilesArray = array();
|
|
$saveFiles = "";
|
|
}
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$saveFiles.substr($settingsContents,($repPosStart+$repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
|
|
// Update our last10Files var?
|
|
$last10FilesArray = explode(",",$ICEcoder["last10Files"]);
|
|
for ($i=0;$i<count($saveFilesArray);$i++) {
|
|
$inLast10Files = in_array($saveFilesArray[$i],$last10FilesArray);
|
|
if (!$inLast10Files && $saveFilesArray[$i] !="") {
|
|
$repPosStart = strpos($settingsContents,'last10Files" => "')+18;
|
|
$repPosEnd = strpos($settingsContents,'"',$repPosStart)-$repPosStart;
|
|
$commaExtra = $ICEcoder["last10Files"]!="" ? "," : "";
|
|
if (count($last10FilesArray)>=10) {$ICEcoder["last10Files"]=substr($ICEcoder["last10Files"],0,strrpos($ICEcoder["last10Files"],','));};
|
|
$settingsContents = substr($settingsContents,0,$repPosStart).$saveFilesArray[$i].$commaExtra.$ICEcoder["last10Files"].substr($settingsContents,($repPosStart+$repPosEnd),strlen($settingsContents));
|
|
// Now update the config file
|
|
if (is_writeable($settingsFile)) {
|
|
$fh = fopen($settingsFile, 'w');
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
} else {
|
|
echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/".$settingsFile." and try again');</script>";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
echo '<script>top.ICEcoder.serverMessage();top.ICEcoder.serverQueue("del",0);</script>';
|
|
}
|
|
|
|
// If we're updating, do/redo plugins
|
|
if ($_SESSION['loggedIn']) {
|
|
// If we're updating, we need to recreate the plugins array
|
|
if (isset($_POST["theme"]) && $_POST["theme"]) {
|
|
$ICEcoder["plugins"] = array();
|
|
$pluginsArray = explode("====================",str_replace("\"","",str_replace("\r","",str_replace("\n","",$_POST['plugins']))));
|
|
for ($i=0;$i<count($pluginsArray);$i++) {
|
|
array_push($ICEcoder["plugins"], explode(",",$pluginsArray[$i]));
|
|
}
|
|
}
|
|
|
|
// Work out the plugins to display to the user
|
|
$pluginsDisplay = "";
|
|
for ($i=0;$i<count($ICEcoder["plugins"]);$i++) {
|
|
$target = explode(":",$ICEcoder["plugins"][$i][4]);
|
|
$pluginsDisplay .= '<a href="'.$ICEcoder["plugins"][$i][3].'" title="'.$ICEcoder["plugins"][$i][0].'" target="'.$target[0].'"><img src="'.$ICEcoder["plugins"][$i][1].'" style="'.$ICEcoder["plugins"][$i][2].'" alt="'.$ICEcoder["plugins"][$i][0].'"></a>';
|
|
};
|
|
|
|
// If we're updating, replace the plugin display with our newly established one
|
|
echo "<script>if(top.document.getElementById('pluginsContainer')) {top.document.getElementById('pluginsContainer').innerHTML = '".$pluginsDisplay."'};</script>";
|
|
|
|
// Work out what plugins we'll need to set on a setInterval
|
|
$onLoadExtras = "";
|
|
for ($i=0;$i<count($ICEcoder["plugins"]);$i++) {
|
|
if ($ICEcoder["plugins"][$i][5]!="") {
|
|
$onLoadExtras .= ";top.ICEcoder.startPluginIntervals(".$i.",'".$ICEcoder["plugins"][$i][3]."','".$ICEcoder["plugins"][$i][4]."','".$ICEcoder["plugins"][$i][5]."')";
|
|
};
|
|
};
|
|
|
|
// If we're updating our settings, clear existing setIntervals & the array refs, then start new ones
|
|
if (isset($_POST["theme"]) && $_POST["theme"]) {
|
|
?>
|
|
<script>
|
|
for (i=0;i<=top.ICEcoder.pluginIntervalRefs.length-1;i++) {
|
|
clearInterval(top.ICEcoder['plugTimer'+top.ICEcoder.pluginIntervalRefs[i]]);
|
|
}
|
|
top.ICEcoder.pluginIntervalRefs = [];
|
|
<?php echo $onLoadExtras.PHP_EOL; ?>
|
|
</script>
|
|
<?php
|
|
}
|
|
|
|
// Finally, show server data
|
|
$onLoadExtras .= ";top.ICEcoder.content.style.visibility='visible'";
|
|
}
|
|
|
|
if ((!$_SESSION['loggedIn'] || $ICEcoder["accountPassword"] == "") && !strpos($_SERVER['SCRIPT_NAME'],"lib/settings.php")) {
|
|
header('Location: lib/settings.php');
|
|
// If we're due to show the settings screen
|
|
} elseif (!$_SESSION['loggedIn']) {
|
|
// If the password hasn't been set and we're setting it
|
|
if ($ICEcoder["accountPassword"] == "" && isset($_POST['submit']) && (strpos($_POST['submit'],"set password")>-1)) {
|
|
$password = generateHash(strClean($_POST['password']));
|
|
$settingsFile = $settingsFile;
|
|
$settingsContents = file_get_contents($settingsFile,false,$context);
|
|
// Replace our empty password with the one submitted by user
|
|
$settingsContents = str_replace('"accountPassword" => "",','"accountPassword" => "'.$password.'",',$settingsContents);
|
|
// Also set the update checker preference
|
|
$checkUpdates = $_POST['checkUpdates']=="true" ? "true" : "false";
|
|
// once to cover the true setting, once to cover false
|
|
$settingsContents = str_replace('"checkUpdates" => true,','"checkUpdates" => '.$checkUpdates.',',$settingsContents);
|
|
$settingsContents = str_replace('"checkUpdates" => false,','"checkUpdates" => '.$checkUpdates.',',$settingsContents);
|
|
// Now update the config file
|
|
$fh = fopen($settingsFile, 'w') or die("Can't update config file. Please set public write permissions on ".$settingsFile." and press refresh");
|
|
fwrite($fh, $settingsContents);
|
|
fclose($fh);
|
|
// Set the session user level
|
|
if ($ICEcoder["multiUser"]) {
|
|
$_SESSION['username']=$_POST['username'];
|
|
}
|
|
$_SESSION['loggedIn'] = true;
|
|
// Finally, load again as now this file has changed and auto login
|
|
header('Location: ../');
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
<head>
|
|
<title>ICEcoder <?php
|
|
echo $ICEcoder["versionNo"]." : ";
|
|
echo $ICEcoder["accountPassword"] == "" && !$ICEcoder["multiUser"] ? "Setup" : "Login";
|
|
?></title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<meta name="robots" content="noindex, nofollow">
|
|
<link rel="stylesheet" type="text/css" href="ice-coder.css">
|
|
<link rel="icon" type="image/png" href="../favicon.png">
|
|
</head>
|
|
|
|
<body onLoad="document.settingsUpdate.<?php echo $ICEcoder["multiUser"] ? "username" : "password";?>.focus()">
|
|
|
|
<div class="screenContainer" style="background-color: #141414">
|
|
<div class="screenVCenter">
|
|
<div class="screenCenter">
|
|
<img src="../images/ice-coder.png">
|
|
<div class="version">v <?php echo $ICEcoder["versionNo"];?></div>
|
|
<form name="settingsUpdate" action="settings.php" method="POST">
|
|
<?php if ($ICEcoder["multiUser"]) {echo '<input type="text" name="username" class="accountPassword"><br><br>';};?>
|
|
<input type="password" name="password" class="accountPassword"><br><br>
|
|
<input type="submit" name="submit" value="<?php if ($ICEcoder["multiUser"]) {echo "set password / login";} else {echo $ICEcoder["accountPassword"] == "" ? "set password" : "login";}; ?>" class="button">
|
|
<?php
|
|
if ($ICEcoder["accountPassword"] == "") {
|
|
echo '<div class="text"><input type="checkbox" name="checkUpdates" value="true" checked> auto-check for updates</div>';
|
|
}
|
|
if (!$ICEcoder["multiUser"]) { echo '<div class="text"><a href="javascript:alert(\'To put into multi-user mode, open lib/settings.php and change multiUser to true then reload this page\')">multi-user?</a></div>';};
|
|
?>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
<?php
|
|
} elseif ($_SESSION['loggedIn'] && $ICEcoder["accountPassword"]=="") {
|
|
header("Location: ../?logout");
|
|
}
|
|
?>
|