diff --git a/ajax/ajax_appMgmtData.php b/ajax/ajax_appMgmtData.php index d0ac2b01..182a0257 100644 --- a/ajax/ajax_appMgmtData.php +++ b/ajax/ajax_appMgmtData.php @@ -50,104 +50,123 @@ $tpl->assign('actionId', $actionId); $tpl->assign('isView', false); switch ($actionId) { -case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW: - $tpl->assign('header', _('Ver Usuario')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $tpl->assign('isView', true); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getUser(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT: - $tpl->assign('header', _('Editar Usuario')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getUser(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW: - $tpl->assign('header', _('Nuevo Usuario')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getUser(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_VIEW: - $tpl->assign('header', _('Ver Grupo')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $tpl->assign('isView', true); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getGroup(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT: - $tpl->assign('header', _('Editar Grupo')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getGroup(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW: - $tpl->assign('header', _('Nuevo Grupo')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getGroup(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_VIEW: - $tpl->assign('header', _('Ver Perfil')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $tpl->assign('isView', true); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getProfile(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT: - $tpl->assign('header', _('Editar Perfil')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getProfile(); - break; -case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW: - $tpl->assign('header', _('Nuevo Perfil')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); - $controller = new SP\Controller\UsersMgmtC($tpl); - $controller->getProfile(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_VIEW: - $tpl->assign('header', _('Ver Cliente')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $tpl->assign('isView', true); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCustomer(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT: - $tpl->assign('header', _('Editar Cliente')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCustomer(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW: - $tpl->assign('header', _('Nuevo Cliente')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCustomer(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_VIEW: - $tpl->assign('header', _('Ver Categoría')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $tpl->assign('isView', true); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCategory(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT: - $tpl->assign('header', _('Editar Categoría')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCategory(); - break; -case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW: - $tpl->assign('header', _('Nueva Categoría')); - $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); - $controller = new SP\Controller\AccountsMgmtC($tpl); - $controller->getCategory(); - break; -default : - exit(); - break; + case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW: + $tpl->assign('header', _('Ver Usuario')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $tpl->assign('isView', true); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getUser(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT: + $tpl->assign('header', _('Editar Usuario')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getUser(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW: + $tpl->assign('header', _('Nuevo Usuario')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getUser(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_VIEW: + $tpl->assign('header', _('Ver Grupo')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $tpl->assign('isView', true); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getGroup(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT: + $tpl->assign('header', _('Editar Grupo')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getGroup(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW: + $tpl->assign('header', _('Nuevo Grupo')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getGroup(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_VIEW: + $tpl->assign('header', _('Ver Perfil')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $tpl->assign('isView', true); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getProfile(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT: + $tpl->assign('header', _('Editar Perfil')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getProfile(); + break; + case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW: + $tpl->assign('header', _('Nuevo Perfil')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getProfile(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_VIEW: + $tpl->assign('header', _('Ver Cliente')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $tpl->assign('isView', true); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCustomer(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT: + $tpl->assign('header', _('Editar Cliente')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCustomer(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW: + $tpl->assign('header', _('Nuevo Cliente')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCustomer(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_VIEW: + $tpl->assign('header', _('Ver Categoría')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $tpl->assign('isView', true); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCategory(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT: + $tpl->assign('header', _('Editar Categoría')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCategory(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW: + $tpl->assign('header', _('Nueva Categoría')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM); + $controller = new SP\Controller\AccountsMgmtC($tpl); + $controller->getCategory(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_VIEW: + $tpl->assign('header', _('Ver Autorización')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $tpl->assign('isView', true); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getToken(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW: + $tpl->assign('header', _('Nueva Autorización')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getToken(); + break; + case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT: + $tpl->assign('header', _('Editar Autorización')); + $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); + $controller = new SP\Controller\UsersMgmtC($tpl); + $controller->getToken(); + break; + default : + exit(); + break; } $controller->view(); \ No newline at end of file diff --git a/ajax/ajax_appMgmtSave.php b/ajax/ajax_appMgmtSave.php index ffa57a93..166c4e4a 100644 --- a/ajax/ajax_appMgmtSave.php +++ b/ajax/ajax_appMgmtSave.php @@ -183,8 +183,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW SP\Common::printJSON(_('Error al eliminar el usuario')); } - - SP\Common::printJSON(_('Acción Inválida')); } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_DELETE @@ -247,8 +245,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW SP\Common::printJSON(_('Error al eliminar el grupo')); } } - - SP\Common::printJSON(_('Acción Inválida')); } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_DELETE @@ -316,8 +312,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW SP\Common::printJSON(_('Error al eliminar el perfil')); } } - - SP\Common::printJSON(_('Acción Inválida')); } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_DELETE @@ -362,8 +356,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW SP\Common::printJSON(_('Cliente eliminado'), 0, $doActionOnClose); } - - SP\Common::printJSON(_('Acción Inválida')); } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_DELETE @@ -409,6 +401,58 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW SP\Common::printJSON(_('Categoría eliminada'), 0, $doActionOnClose); } +} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW + || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT + || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE +) { + // Variables POST del formulario + $frmUserId = SP\Request::analyze('users', 0); + $frmTokenActionId = SP\Request::analyze('actions', 0); + $frmRefreshToken = SP\Request::analyze('refreshtoken', false, false, true); + if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW + || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT) + { + if ($frmUserId === 0 || $frmTokenActionId === 0) { + SP\Common::printJSON(_('Usuario o acción no indicado'), 2); + } + + $ApiTokens = new \SP\ApiTokens(); + $ApiTokens->setUserId($frmUserId); + $ApiTokens->setActionId($frmTokenActionId); + $ApiTokens->setTokenId($itemId); + $ApiTokens->setRefreshToken($frmRefreshToken); + + if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW){ + try { + $ApiTokens->addToken(); + } catch (\SP\SPException $e) { + SP\Common::printJSON($e->getMessage(), 2); + } + + SP\Common::printJSON(_('Autorización creada'), 0, $doActionOnClose); + } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT){ + try { + $ApiTokens->updateToken(); + } catch (\SP\SPException $e) { + SP\Common::printJSON($e->getMessage(), 2); + } + + SP\Common::printJSON(_('Autorización actualizada'), 0, $doActionOnClose); + } + + } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE){ + $ApiTokens = new \SP\ApiTokens(); + $ApiTokens->setTokenId($itemId); + + try { + $ApiTokens->deleteToken(); + } catch (\SP\SPException $e) { + SP\Common::printJSON($e->getMessage(), 2); + } + + SP\Common::printJSON(_('Autorización eliminada'), 0, $doActionOnClose); + } +} else { SP\Common::printJSON(_('Acción Inválida')); } \ No newline at end of file diff --git a/ajax/ajax_getContent.php b/ajax/ajax_getContent.php index d8ed8252..df9c6cae 100644 --- a/ajax/ajax_getContent.php +++ b/ajax/ajax_getContent.php @@ -121,6 +121,7 @@ switch ($actionId) { $controller->getUsersList(); $controller->getGroupsList(); $controller->getProfilesList(); + $controller->getAPITokensList(); break; case \SP\Controller\ActionsInterface::ACTION_MGM: $controller = new SP\Controller\AccountsMgmtC($tpl); diff --git a/api.php b/api.php new file mode 100644 index 00000000..4525e978 --- /dev/null +++ b/api.php @@ -0,0 +1,68 @@ +. + * + */ + +define('APP_ROOT', '.'); + +require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; + +$userLogin = \SP\Request::analyze('u'); +$userPass = \SP\Request::analyze('up'); +$authToken = \SP\Request::analyze('t'); +$actionId = \SP\Request::analyze('a', 0); + +if (!$userLogin || !$authToken || !$actionId){ + \SP\Common::printJSON(_('Parámetros incorrectos')); +} + +try { + switch ($actionId) { + case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW: + $itemId = \SP\Request::analyze('i', 0); + + $Api = new \SP\Api($userLogin, $actionId, $authToken); + $out = $Api->getAccountData($itemId); + break; + case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW_PASS: + $itemId = \SP\Request::analyze('i', 0); + + $Api = new \SP\Api($userLogin, $actionId, $authToken, $userPass); + $out = $Api->getAccountPassword($itemId); + break; + case \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH: + $search = \SP\Request::analyze('s'); + $count = \SP\Request::analyze('c', 10); + + $Api = new \SP\Api($userLogin, $actionId, $authToken); + $out = $Api->getAccountSearch($search, $count); + break; + default: + throw new Exception(_('Acción Inválida')); + } +} catch (Exception $e) { + \SP\Common::printJSON($e->getMessage(), 1, $actionId); +} + +header('Content-type: application/json'); +echo $out; \ No newline at end of file diff --git a/inc/Account.class.php b/inc/Account.class.php index 83fe1a87..f7e63385 100644 --- a/inc/Account.class.php +++ b/inc/Account.class.php @@ -294,8 +294,8 @@ class Account extends AccountBase implements AccountInterface . 'category_name,' . 'account_login,' . 'account_url,' - . 'account_pass,' - . 'account_IV,' +// . 'account_pass,' +// . 'account_IV,' . 'account_notes,' . 'account_countView,' . 'account_countDecrypt,' diff --git a/inc/AccountSearch.class.php b/inc/AccountSearch.class.php index 49b1bd55..07cd3101 100644 --- a/inc/AccountSearch.class.php +++ b/inc/AccountSearch.class.php @@ -229,7 +229,7 @@ class AccountSearch $arrFilterUser = array(); $arrQueryWhere = array(); - switch ($this->getSortKey()) { + switch ($this->_sortKey) { case self::SORT_NAME: $orderKey = 'account_name'; break; @@ -250,18 +250,18 @@ class AccountSearch break; } - if ($this->getTxtSearch()) { + if ($this->_txtSearch) { // Analizar la cadena de búsqueda por etiquetas especiales $stringFilters = $this->analyzeQueryString(); - if($stringFilters !== false){ + if ($stringFilters !== false) { $i = 0; - foreach($stringFilters as $column => $value){ + foreach ($stringFilters as $column => $value) { $parameter = 'P_' . $column . $i; $rel = '='; - if (preg_match('/name/i', $column)){ + if (preg_match('/name/i', $column)) { $rel = 'LIKE'; $value = '%' . $value . '%'; } @@ -277,23 +277,23 @@ class AccountSearch $arrFilterCommon[] = 'account_url LIKE :url'; $arrFilterCommon[] = 'account_notes LIKE :notes'; - $data['name'] = '%' . $this->getTxtSearch() . '%'; - $data['login'] = '%' . $this->getTxtSearch() . '%'; - $data['url'] = '%' . $this->getTxtSearch() . '%'; - $data['notes'] = '%' . $this->getTxtSearch() . '%'; + $data['name'] = '%' . $this->_txtSearch . '%'; + $data['login'] = '%' . $this->_txtSearch . '%'; + $data['url'] = '%' . $this->_txtSearch . '%'; + $data['notes'] = '%' . $this->_txtSearch . '%'; } } - if ($this->getCategoryId() !== 0) { + if ($this->_categoryId !== 0) { $arrFilterSelect[] = 'category_id = :categoryId'; - $data['categoryId'] = $this->getCategoryId(); + $data['categoryId'] = $this->_categoryId; } - if ($this->getCustomerId() !== 0) { + if ($this->_customerId !== 0) { $arrFilterSelect[] = 'account_customerId = :customerId'; - $data['customerId'] = $this->getCustomerId(); + $data['customerId'] = $this->_customerId; } if (count($arrFilterCommon) > 0) { @@ -304,7 +304,7 @@ class AccountSearch $arrQueryWhere[] = '(' . implode(' AND ', $arrFilterSelect) . ')'; } - if (!$isAdmin && !$this->getGlobalSearch()) { + if (!$isAdmin && !$this->_globalSearch) { $subQueryGroupsA = '(SELECT user_groupId FROM usrData WHERE user_id = :userIduA UNION ALL SELECT usertogroup_groupId FROM usrToGroups WHERE usertogroup_userId = :userIdgA)'; $subQueryGroupsB = '(SELECT user_groupId FROM usrData WHERE user_id = :userIduB UNION ALL SELECT usertogroup_groupId FROM usrToGroups WHERE usertogroup_userId = :userIdgB)'; @@ -329,53 +329,50 @@ class AccountSearch $arrQueryWhere[] = '(' . implode(' OR ', $arrFilterUser) . ')'; } - $orderDir = ($this->getSortOrder() === 0) ? 'ASC' : 'DESC'; + $orderDir = ($this->_sortOrder === 0) ? 'ASC' : 'DESC'; $queryOrder = 'ORDER BY ' . $orderKey . ' ' . $orderDir; - if ($this->getLimitCount() != 99) { + if ($this->_limitCount != 99) { $queryLimit = 'LIMIT :limitStart,:limitCount'; - $data['limitStart'] = $this->getLimitStart(); - $data['limitCount'] = $this->getLimitCount(); + $data['limitStart'] = $this->_limitStart; + $data['limitCount'] = $this->_limitCount; } if (count($arrQueryWhere) === 1) { - $queryWhere = ' WHERE ' . implode($arrQueryWhere) . ' '; -// $query = $querySelect . ' WHERE ' . implode($arrQueryWhere) . ' ' . $queryOrder . ' ' . $queryLimit; + $queryWhere = ' WHERE ' . implode($arrQueryWhere); } elseif (count($arrQueryWhere) > 1) { - $queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere . ' '); -// $queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere) . ' ' . $queryOrder . ' ' . $queryLimit; + $queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere); } else { $queryWhere = ''; -// $query = $querySelect . ' ' . $queryOrder . ' ' . $queryLimit; } - $query = 'SELECT DISTINCT ' - . 'account_id,' - . 'account_customerId,' - . 'category_name,' - . 'account_name,' - . 'account_login,' - . 'account_url,' - . 'account_notes,' - . 'account_userId,' - . 'account_userGroupId,' - . 'BIN(account_otherUserEdit) AS account_otherUserEdit,' - . 'BIN(account_otherGroupEdit) AS account_otherGroupEdit,' - . 'usergroup_name,' - . 'customer_name,' - . 'count(accfile_id) as num_files ' - . 'FROM accounts ' - . 'LEFT JOIN accFiles ON account_id = accfile_accountId ' - . 'LEFT JOIN categories ON account_categoryId = category_id ' - . 'LEFT JOIN usrGroups ug ON account_userGroupId = usergroup_id ' - . 'LEFT JOIN customers ON customer_id = account_customerId ' - . 'LEFT JOIN accUsers ON accuser_accountId = account_id ' - . 'LEFT JOIN accGroups ON accgroup_accountId = account_id ' - . $queryWhere - . 'GROUP BY account_id ' - . $queryOrder . ' ' - . $queryLimit . ' '; + $query = 'SELECT DISTINCT ' . + 'account_id,' . + 'account_customerId,' . + 'category_name,' . + 'account_name,' . + 'account_login,' . + 'account_url,' . + 'account_notes,' . + 'account_userId,' . + 'account_userGroupId,' . + 'BIN(account_otherUserEdit) AS account_otherUserEdit,' . + 'BIN(account_otherGroupEdit) AS account_otherGroupEdit,' . + 'usergroup_name,' . + 'customer_name,' . + 'count(accfile_id) as num_files ' . + 'FROM accounts ' . + 'LEFT JOIN accFiles ON account_id = accfile_accountId ' . + 'LEFT JOIN categories ON account_categoryId = category_id ' . + 'LEFT JOIN usrGroups ug ON account_userGroupId = usergroup_id ' . + 'LEFT JOIN customers ON customer_id = account_customerId ' . + 'LEFT JOIN accUsers ON accuser_accountId = account_id ' . + 'LEFT JOIN accGroups ON accgroup_accountId = account_id ' . + $queryWhere . ' ' . + 'GROUP BY account_id ' . + $queryOrder . ' ' . + $queryLimit; // print_r($query); // error_log($query); @@ -404,6 +401,43 @@ class AccountSearch return $queryRes; } + /** + * Analizar la cadena de consulta por eqituetas especiales y devolver un array + * con las columnas y los valores a buscar. + * + * @return array|bool + */ + private function analyzeQueryString() + { + preg_match('/:(user|group|file)\s(.*)/i', $this->_txtSearch, $filters); + + if (!is_array($filters) || count($filters) === 0) { + return false; + } + + switch ($filters[1]) { + case 'user': + return array( + 'account_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])), + 'accuser_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])) + ); + break; + case 'group': + return array( + 'account_userGroupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])), + 'accgroup_groupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])) + ); + break; + case 'file': + return array( + 'accfile_name' => Html::sanitize($filters[2]) + ); + break; + default: + return false; + } + } + /** * Obtiene el número de cuentas que un usuario puede ver. * @@ -437,41 +471,4 @@ class AccountSearch return $queryRes->numacc; } - - /** - * Analizar la cadena de consulta por eqituetas especiales y devolver un array - * con las columnas y los valores a buscar. - * - * @return array|bool - */ - private function analyzeQueryString() - { - preg_match('/:(user|group|file)\s(.*)/i', $this->_txtSearch, $filters); - - if(count($filters) === 1){ - return false; - } - - switch ($filters[1]){ - case 'user': - return array( - 'account_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])), - 'accuser_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])) - ); - break; - case 'group': - return array( - 'account_userGroupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])), - 'accgroup_groupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])) - ); - break; - case 'file': - return array( - 'accfile_name' => Html::sanitize($filters[2]) - ); - break; - default: - return false; - } - } } \ No newline at end of file diff --git a/inc/Acl.class.php b/inc/Acl.class.php index 9a09eb92..c044894b 100644 --- a/inc/Acl.class.php +++ b/inc/Acl.class.php @@ -105,7 +105,7 @@ class Acl implements Controller\ActionsInterface return ($curUserIsAdminApp || $curUserProfile->isEvl()); } - Log::writeNewLog(__FUNCTION__, _('Denegado acceso a') . " '" . self::getActionName($action) . "'"); + Log::writeNewLog(__FUNCTION__, sprintf('%s \'%s\'', _('Denegado acceso a'), self::getActionName($action))); return false; } @@ -116,32 +116,33 @@ class Acl implements Controller\ActionsInterface * @param int $action El id de la acción * @return string */ - public static function getActionName($action) + public static function getActionName($action, $shortName = false) { $actionName = array( - self::ACTION_ACC_SEARCH => 'acc_search', - self::ACTION_ACC_VIEW => 'acc_view', - self::ACTION_ACC_COPY => 'acc_copy', - self::ACTION_ACC_NEW => 'acc_new', - self::ACTION_ACC_EDIT => 'acc_edit', - self::ACTION_ACC_EDIT_PASS => 'acc_editpass', - self::ACTION_ACC_VIEW_HISTORY => 'acc_viewhist', - self::ACTION_ACC_VIEW_PASS => 'acc_viewpass', - self::ACTION_ACC_DELETE => 'acc_delete', - self::ACTION_ACC_FILES => 'acc_files', - self::ACTION_ACC_REQUEST => 'acc_request', - self::ACTION_MGM => 'mgm', - self::ACTION_MGM_CATEGORIES => 'mgm_categories', - self::ACTION_MGM_CUSTOMERS => 'mgm_customers', - self::ACTION_USR => 'usr', - self::ACTION_USR_USERS => 'usr_users', - self::ACTION_USR_GROUPS => 'usr_groups', - self::ACTION_USR_PROFILES => 'usr_profiles', - self::ACTION_CFG => 'cfg', - self::ACTION_CFG_GENERAL => 'cfg_general', - self::ACTION_CFG_ENCRYPTION => 'cfg_encryption', - self::ACTION_CFG_BACKUP => 'cfg_backup', - self::ACTION_CFG_IMPORT => 'cfg_import', + self::ACTION_ACC_SEARCH => array('acc_search', _('Buscar Cuentas')), + self::ACTION_ACC_VIEW => array('acc_view', _('Ver Cuenta')), + self::ACTION_ACC_COPY => array('acc_copy', _('Copiar Cuenta')), + self::ACTION_ACC_NEW => array('acc_new', _('Nueva Cuenta')), + self::ACTION_ACC_EDIT => array('acc_edit', _('Editar Cuenta')), + self::ACTION_ACC_EDIT_PASS => array('acc_editpass', _('Editar Clave de Cuenta')), + self::ACTION_ACC_VIEW_HISTORY => array('acc_viewhist', _('Ver Historial')), + self::ACTION_ACC_VIEW_PASS => array('acc_viewpass', _('Ver Clave')), + self::ACTION_ACC_DELETE => array('acc_delete', _('Eliminar Cuenta')), + self::ACTION_ACC_FILES => array('acc_files', _('Archivos')), + self::ACTION_ACC_REQUEST => array('acc_request', _('Peticiones')), + self::ACTION_MGM => array('mgm', _('Gestión Aplicación')), + self::ACTION_MGM_CATEGORIES => array('mgm_categories', _('Gestión Categorías')), + self::ACTION_MGM_CUSTOMERS => array('mgm_customers', _('Gestión Clientes')), + self::ACTION_USR => array('usr', _('Gestión Usuarios')), + self::ACTION_USR_USERS => array('usr_users', _('Gestión Usuarios')), + self::ACTION_USR_GROUPS => array('usr_groups', _('Gestión Grupos')), + self::ACTION_USR_PROFILES => array('usr_profiles', _('Gestión Perfiles')), + self::ACTION_CFG => array('cfg', _('Configuración')), + self::ACTION_CFG_GENERAL => array('cfg_general', _('Configuración General')), + self::ACTION_CFG_ENCRYPTION => array('cfg_encryption', _('Encriptación')), + self::ACTION_CFG_BACKUP => array('cfg_backup', _('Copia de Seguridad')), + self::ACTION_CFG_EXPORT => array('cfg_export', _('Exportar')), + self::ACTION_CFG_IMPORT => array('cfg_import', _('Importar')), self::ACTION_EVL => 'evl' ); @@ -149,7 +150,11 @@ class Acl implements Controller\ActionsInterface return 'action'; } - return $actionName[$action]; + if ($shortName){ + return $actionName[$action][0]; + } + + return $actionName[$action][1]; } /** diff --git a/inc/ActionsInterface.class.php b/inc/ActionsInterface.class.php index 0ba9fe38..7900e2c0 100644 --- a/inc/ActionsInterface.class.php +++ b/inc/ActionsInterface.class.php @@ -54,6 +54,11 @@ interface ActionsInterface { const ACTION_MGM_CUSTOMERS_NEW = 621; const ACTION_MGM_CUSTOMERS_EDIT = 622; const ACTION_MGM_CUSTOMERS_DELETE = 623; + const ACTION_MGM_APITOKENS = 63; + const ACTION_MGM_APITOKENS_NEW = 630; + const ACTION_MGM_APITOKENS_VIEW = 631; + const ACTION_MGM_APITOKENS_EDIT = 632; + const ACTION_MGM_APITOKENS_DELETE = 633; const ACTION_USR = 70; const ACTION_USR_USERS = 71; const ACTION_USR_USERS_VIEW= 710; diff --git a/inc/Api.class.php b/inc/Api.class.php new file mode 100644 index 00000000..afa106e7 --- /dev/null +++ b/inc/Api.class.php @@ -0,0 +1,210 @@ +. + * + */ + +namespace SP; + +use SP\Controller\ActionsInterface; + +defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo')); + +/** + * Class Api para la gestión de peticiones a la API de sysPass + * + * @package SP + */ +class Api +{ + /** + * @var int + */ + private $_userId = 0; + /** + * @var int + */ + private $_actionId = 0; + /** + * @var bool + */ + private $_auth = false; + /** + * @var string + */ + private $_mPass = ''; + + /** + * @param $userLogin string El login del usuario + * @param $actionId int El id de la acción + * @param $authToken string El token de seguridad + * @param null $userPass string La clave del usuario + * @throws SPException + */ + public function __construct($userLogin, $actionId, $authToken, $userPass = null) + { + $this->_userId = UserUtil::getUserIdByLogin($userLogin); + + if (!Auth::checkAuthToken($this->_userId, $actionId, $authToken)) { + throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido')); + } + + $this->_actionId = $actionId; + $this->_auth = true; + + if (!is_null($userPass)) { + $User = new User(); + $User->setUserId($this->_userId); + $User->setUserLogin($userLogin); + $User->setUserPass($userPass); + + if (Auth::authUserMySQL($userLogin, $userPass) + && !UserUtil::checkUserIsDisabled($userLogin) + && UserUtil::checkUserMPass($User) + && UserUtil::checkUserUpdateMPass($userLogin) + && !$User->isUserChangePass() + ) { + $this->_mPass = $User->getUserMPass(true); + } else { + throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido')); + } + } + + Session::setUserId($this->_userId); + } + + /** + * Devolver la clave de una cuenta + * + * @param $accountId + * @return string + */ + public function getAccountPassword($accountId) + { + $this->checkActionAccess(ActionsInterface::ACTION_ACC_VIEW_PASS); + + $Account = new Account($accountId); + $Account->getAccountPassData(); + $Account->incrementDecryptCounter(); + + $ret = array( + 'accountId' => $accountId, + 'pass' => Crypt::getDecrypt($Account->getAccountPass(), $this->_mPass, $Account->getAccountIV()) + ); + + return $this->wrapJSON($ret); + } + + /** + * Comprobar el acceso a la acción + * + * @param $action + * @throws SPException + */ + private function checkActionAccess($action) + { + if ($this->_actionId !== $action) { + throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido')); + } + } + + /** + * Devuelve una respuesta en formato JSON con el estado y el mensaje. + * + * @param string $data Los datos a devolver + * @return bool + * @throws SPException + */ + private function wrapJSON($data) + { + $arrStrFrom = array("\\", '"', "'"); + $arrStrTo = array("\\", '\"', "\'"); + + if (is_array($data) || is_object($data)) { + array_walk($data, + function (&$value) use ($arrStrFrom, $arrStrTo) { + if (is_object($value)) { + foreach ($value as &$attribute) { + str_replace($arrStrFrom, $arrStrTo, $attribute); + } + + return $value; + } else { + return str_replace($arrStrFrom, $arrStrTo, $value); + } + } + ); + } else { + $data = str_replace($arrStrFrom, $arrStrTo, $data); + } + + $json = json_encode(array( + 'action' => Acl::getActionName($this->_actionId, true), + 'data' => $data, + )); + + if ($json === false) { + throw new SPException(SPException::SP_CRITICAL, sprintf('%s : %s', _('Error de codificación'), json_last_error_msg())); + } + + return $json; + } + + /** + * Devolver los resultados de una búsqueda + * + * @param $search + * @return string + */ + public function getAccountSearch($search, $count = 0) + { + $this->checkActionAccess(ActionsInterface::ACTION_ACC_SEARCH); + + $Search = new AccountSearch(); + $Search->setTxtSearch($search); + + if ($count > 0) { + $Search->setLimitCount($count); + } + + $ret = $Search->getAccounts(); + + return $this->wrapJSON($ret); + } + + /** + * Devolver la clave de una cuenta + * + * @param $accountId + * @return string + */ + public function getAccountData($accountId) + { + $this->checkActionAccess(ActionsInterface::ACTION_ACC_VIEW); + + $Account = new Account($accountId); + $ret = $Account->getAccountData(); + $Account->incrementViewCounter(); + + return $this->wrapJSON($ret); + } +} \ No newline at end of file diff --git a/inc/ApiTokens.class.php b/inc/ApiTokens.class.php new file mode 100644 index 00000000..b8e0fbcb --- /dev/null +++ b/inc/ApiTokens.class.php @@ -0,0 +1,330 @@ +. + * + */ + +namespace SP; + +defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo')); + +use SP\Controller\ActionsInterface; + +class ApiTokens +{ + /** + * @var int + */ + private $_tokenId = 0; + /** + * @var int + */ + private $_userId = 0; + /** + * @var int + */ + private $_actionId = 0; + /** + * @var string + */ + private $_token = ''; + /** + * @var bool + */ + private $_refreshToken = false; + + /** + * Obtener los tokens de la API + * + * @param int $tokenId opcional, con el Id del token a consultar + * @param bool $returnRawData Devolver la consulta tal cual + * @return array|false con la lista de tokens + */ + public static function getTokens($tokenId = null, $returnRawData = false) + { + $query = 'SELECT authtoken_id,' . + 'authtoken_userId,' . + 'authtoken_actionId, ' . + 'authtoken_token, ' . + 'user_login ' . + 'FROM authTokens ' . + 'LEFT JOIN usrData ON user_id = authtoken_userId '; + + $data = null; + + if (!is_null($tokenId)) { + $query .= "WHERE authtoken_id = :id LIMIT 1"; + $data['id'] = $tokenId; + } else { + $query .= "ORDER BY user_login"; + } + + if (!$returnRawData) { + DB::setReturnArray(); + } + + $queryRes = DB::getResults($query, __FUNCTION__, $data); + + if ($queryRes === false) { + return false; + } + + if (!$returnRawData) { + foreach ($queryRes as &$token) { + $token->authtoken_actionId = Acl::getActionName($token->authtoken_actionId); + } + } + + return $queryRes; + } + + /** + * Devuelver un array de acciones posibles para los tokens + * + * @return array + */ + public static function getTokenActions() + { + $actions = array( + ActionsInterface::ACTION_ACC_SEARCH => Acl::getActionName(ActionsInterface::ACTION_ACC_SEARCH), + ActionsInterface::ACTION_ACC_VIEW => Acl::getActionName(ActionsInterface::ACTION_ACC_VIEW), + ActionsInterface::ACTION_ACC_VIEW_PASS => Acl::getActionName(ActionsInterface::ACTION_ACC_VIEW_PASS), + ActionsInterface::ACTION_ACC_DELETE => Acl::getActionName(ActionsInterface::ACTION_ACC_DELETE), + ActionsInterface::ACTION_CFG_BACKUP => Acl::getActionName(ActionsInterface::ACTION_CFG_BACKUP), + ActionsInterface::ACTION_CFG_EXPORT => Acl::getActionName(ActionsInterface::ACTION_CFG_EXPORT), + ); + + return $actions; + } + + /** + * @param boolean $refreshToken + */ + public function setRefreshToken($refreshToken) + { + $this->_refreshToken = $refreshToken; + } + + /** + * @param int $tokenId + */ + public function setTokenId($tokenId) + { + $this->_tokenId = $tokenId; + } + + /** + * @param int $userId + */ + public function setUserId($userId) + { + $this->_userId = $userId; + } + + /** + * @param int $actionId + */ + public function setActionId($actionId) + { + $this->_actionId = $actionId; + } + + /** + * Añadir un nuevo token + * + * @throws SPException + */ + public function addToken() + { + $this->checkTokenExist(); + + if ($this->_refreshToken) { + $this->refreshToken(); + } + + $query = 'INSERT INTO authTokens ' . + 'SET authtoken_userId = :userid,' . + 'authtoken_actionId = :actionid,' . + 'authtoken_createdBy = :createdby,' . + 'authtoken_token = :token,' . + 'authtoken_startDate = UNIX_TIMESTAMP()'; + + $data['userid'] = $this->_userId; + $data['actionid'] = $this->_actionId; + $data['createdby'] = Session::getUserId(); + $data['token'] = ($this->getUserToken()) ? $this->_token : sha1(uniqid() . time()); + + try { + DB::getQuery($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + + $Log = new Log(_('Nuevo Token')); + $Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId))); + $Log->writeLog(); + + Email::sendEmail($Log); + } + + /** + * Comprobar si el token ya existe + * + * @return bool + * @throws SPException + */ + private function checkTokenExist() + { + $query = 'SELECT authtoken_id FROM authTokens ' . + 'WHERE authtoken_userId = :userid ' . + 'AND authtoken_actionId = :actionid ' . + 'AND authtoken_id <> :id ' . + 'LIMIT 1'; + + $data['id'] = $this->_tokenId; + $data['userid'] = $this->_userId; + $data['actionid'] = $this->_actionId; + + try { + DB::getResults($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + + if (DB::$lastNumRows === 1) { + throw new SPException(SPException::SP_WARNING, _('La autorización ya existe')); + } + } + + /** + * Actualizar un token + * + * @throws SPException + */ + public function updateToken() + { + $this->checkTokenExist(); + + if ($this->_refreshToken) { + $this->refreshToken(); + } + + $query = 'UPDATE authTokens ' . + 'SET authtoken_userId = :userid,' . + 'authtoken_actionId = :actionid,' . + 'authtoken_createdBy = :createdby,' . + 'authtoken_token = :token,' . + 'authtoken_startDate = UNIX_TIMESTAMP() ' . + 'WHERE authtoken_id = :id LIMIT 1'; + + $data['id'] = $this->_tokenId; + $data['userid'] = $this->_userId; + $data['actionid'] = $this->_actionId; + $data['createdby'] = Session::getUserId(); + $data['token'] = ($this->getUserToken()) ? $this->_token : sha1(uniqid() . time()); + + try { + DB::getQuery($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + + $Log = new Log(_('Actualizar Token')); + $Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId))); + $Log->writeLog(); + + Email::sendEmail($Log); + } + + /** + * Obtener el token de la API de un usuario + * + * @return bool + * @throws SPException + */ + private function getUserToken() + { + $query = 'SELECT authtoken_token FROM authTokens WHERE authtoken_userId = :userid LIMIT 1'; + + $data['userid'] = $this->_userId; + + try { + $queryRes = DB::getResults($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + + if (DB::$lastNumRows === 0) { + return false; + } + + $this->_token = $queryRes->authtoken_token; + + return true; + } + + /** + * Eliminar token + * + * @throws SPException + */ + public function deleteToken() + { + $query = 'DELETE FROM authTokens WHERE authtoken_id = :id LIMIT 1'; + + $data['id'] = $this->_tokenId; + + try { + DB::getQuery($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + + $Log = new Log(_('Eliminar Token')); + $Log->addDescription(sprintf('%d', $this->_tokenId)); + $Log->writeLog(); + + Email::sendEmail($Log); + } + + /** + * Regenerar el hash de los tokens de un usuario + * + * @throws SPException + */ + private function refreshToken() + { + $query = 'UPDATE authTokens SET ' . + 'authtoken_token = :token,' . + 'authtoken_startDate = UNIX_TIMESTAMP() ' . + 'WHERE authtoken_userId = :userid'; + + $data['userid'] = $this->_userId; + $data['token'] = sha1(uniqid() . time()); + + try { + DB::getQuery($query, __FUNCTION__, $data); + } catch (SPException $e) { + throw new SPException(SPException::SP_CRITICAL, _('Error interno')); + } + } +} \ No newline at end of file diff --git a/inc/Auth.class.php b/inc/Auth.class.php index e44bfa7b..82bbc342 100644 --- a/inc/Auth.class.php +++ b/inc/Auth.class.php @@ -167,8 +167,9 @@ class Auth $data['login'] = $userLogin; $data['pass'] = $userPass; - return (DB::getQuery($query, __FUNCTION__, $data) === true && DB::$lastNumRows === 1); -// return ($db->getFullRowCount($query) === 1); + $ret = (DB::getQuery($query, __FUNCTION__, $data) === true && DB::$lastNumRows === 1); + + return $ret; } /** @@ -202,4 +203,29 @@ class Auth return false; } } + + /** + * Comprobar el token de seguridad + * + * @param $userId int El id del usuario + * @param $actionId int El id de la accion + * @param $token string El token de seguridad + * @return bool + */ + public static function checkAuthToken($userId, $actionId, $token) + { + $query = 'SELECT authtoken_id FROM authTokens ' . + 'WHERE authtoken_userId = :userId ' . + 'AND authtoken_actionId = :actionId ' . + 'AND authtoken_token = :token ' . + 'LIMIT 1'; + + $data['userId'] = $userId; + $data['actionId'] = $actionId; + $data['token'] = $token; + + DB::getQuery($query, __FUNCTION__, $data); + + return (DB::$lastNumRows === 1); + } } diff --git a/inc/Controller.class.php b/inc/Controller.class.php index 557af5b2..1d083f10 100644 --- a/inc/Controller.class.php +++ b/inc/Controller.class.php @@ -25,6 +25,7 @@ namespace SP\Controller; +use SP\Session; use SP\SPException; defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo')); @@ -145,7 +146,7 @@ abstract class Controller $checkAction = $action; } - if (!\SP\Acl::checkUserAccess($checkAction)) { + if (!Session::getUserIsAdminApp() && !\SP\Acl::checkUserAccess($checkAction)) { // $this->showError(self::ERR_PAGE_NO_PERMISSION); return false; } diff --git a/inc/Init.class.php b/inc/Init.class.php index 93930919..02d87e92 100644 --- a/inc/Init.class.php +++ b/inc/Init.class.php @@ -398,7 +398,7 @@ class Init private static function checkInitSourceInclude() { $srcScript = pathinfo($_SERVER["SCRIPT_NAME"], PATHINFO_BASENAME); - $skipInit = array('js.php', 'css.php'); + $skipInit = array('js.php', 'css.php', 'api.php'); return (in_array($srcScript, $skipInit)); } diff --git a/inc/LdapADS.class.php b/inc/LdapADS.class.php index 09f45003..878df4e3 100644 --- a/inc/LdapADS.class.php +++ b/inc/LdapADS.class.php @@ -27,6 +27,11 @@ namespace SP; defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo')); +/** + * Class LdapADS para gestión de LDAP de ADS + * + * @package SP + */ class LdapADS extends Ldap { /** diff --git a/inc/UserUtil.class.php b/inc/UserUtil.class.php index 4d70022b..c888ab46 100644 --- a/inc/UserUtil.class.php +++ b/inc/UserUtil.class.php @@ -149,7 +149,9 @@ class UserUtil $queryRes = DB::getResults($query, __FUNCTION__, $data); - return ($queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime); + $ret = ($queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime); + + return $ret; } @@ -291,7 +293,9 @@ class UserUtil $queryRes = DB::getResults($query, __FUNCTION__, $data); - return ($queryRes !== false && intval($queryRes->user_isDisabled) === 1); + $ret = ($queryRes !== false && intval($queryRes->user_isDisabled) === 1); + + return $ret; } /** @@ -530,7 +534,9 @@ class UserUtil } // Comprobamos el hash de la clave del usuario con la guardada - return Crypt::checkHashPass($userMPass, $configMPass); + $ret = Crypt::checkHashPass($userMPass, $configMPass); + + return $ret; } /** diff --git a/inc/themes/material-blue/css/styles.css b/inc/themes/material-blue/css/styles.css index 476080ba..b2f6d7e4 100644 --- a/inc/themes/material-blue/css/styles.css +++ b/inc/themes/material-blue/css/styles.css @@ -1087,7 +1087,7 @@ a:hover, a:active, a:focus { } #fancyContainer #resCheck { - float: left; + display: inline-block; width: 80%; height: 4em; padding: 1em 0; @@ -1295,7 +1295,7 @@ footer img { } .action-in-box { - float: right; + display: inline-block; height: 4em; margin: 0.7em 0; text-align: right; @@ -1391,6 +1391,8 @@ footer img { z-index: 8050; } +.fancybox-inner { overflow: visible !important; } + .passLevel { width: 20px; height: 20px; diff --git a/inc/themes/material-blue/js/functions.js b/inc/themes/material-blue/js/functions.js index 7ac60de5..dafa47b2 100644 --- a/inc/themes/material-blue/js/functions.js +++ b/inc/themes/material-blue/js/functions.js @@ -1296,6 +1296,18 @@ function chosenDetect() { }); }); + $(".sel-chosen-action").each(function(){ + var deselect = $(this).hasClass('sel-chosen-deselect'); + + $(this).chosen({ + allow_single_deselect: deselect, + placeholder_text_single: LANG[39], + disable_search_threshold: searchTreshold, + no_results_text: LANG[26], + width: selectWidth + }); + }); + $(".sel-chosen-ns").chosen({disable_search: true, width: selectWidth}); } diff --git a/inc/themes/material-blue/tokens.inc b/inc/themes/material-blue/tokens.inc new file mode 100644 index 00000000..e7f76f29 --- /dev/null +++ b/inc/themes/material-blue/tokens.inc @@ -0,0 +1,72 @@ +
+

+ +
+ + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ +
authtoken_token; ?>
+ + + + + + + +
+
+
+ +
+
+ \ No newline at end of file diff --git a/inc/themes/material-blue/users.inc b/inc/themes/material-blue/users.inc index 0af0a222..7fe9390b 100644 --- a/inc/themes/material-blue/users.inc +++ b/inc/themes/material-blue/users.inc @@ -42,7 +42,8 @@ - required> $name): ?> $name): ?>