diff --git a/inc/config.php.sample b/doc/config.php.sample similarity index 100% rename from inc/config.php.sample rename to doc/config.php.sample diff --git a/inc/Ban.inc.php b/inc/Ban.inc.php index e9dcd4b..942070a 100644 --- a/inc/Ban.inc.php +++ b/inc/Ban.inc.php @@ -1,11 +1,22 @@ array(),'BANS'=>array()),true).";\n?>"); include IPBANS_FILENAME; + // Signal a failed login. Will ban the IP if too many failures: + // ============================================================ function ban_loginFailed() { $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; @@ -34,6 +47,7 @@ } // Signals a successful login. Resets failed login counter. + // ======================================================== function ban_loginOk() { $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; @@ -44,6 +58,7 @@ } // Checks if the user CAN login. If 'true', the user can try to login. + // =================================================================== function ban_canLogin() { $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; @@ -63,6 +78,7 @@ } // Returns user IP + // =============== function user_ip() { $ip = $_SERVER["REMOTE_ADDR"]; diff --git a/inc/CSRF.inc.php b/inc/CSRF.inc.php index 8586b6c..6420b20 100644 --- a/inc/CSRF.inc.php +++ b/inc/CSRF.inc.php @@ -1,21 +1,31 @@ = (time() - $time)) + if(session_id() == '') + session_start(); + + if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && isset($_POST['token'])) { + if($_SESSION[$name.'_token'] == $_POST['token']) { + if($_SESSION[$name.'_token_time'] >= (time() - (int) $time)) return true; + } + } return false; } diff --git a/inc/Invoices.class.php b/inc/Invoices.class.php index 3249bf0..05aa780 100644 --- a/inc/Invoices.class.php +++ b/inc/Invoices.class.php @@ -1,4 +1,5 @@ 'text' ); + // Getters + // ======= public function getId() { return $this->id; } @@ -38,6 +41,8 @@ return $this->what; } + // Setters + // ======= public function setId($id) { $this->id = (int) $id; } @@ -65,7 +70,8 @@ $this->what = $what; } - + // Load overload => TODO + // ============= public function load_invoices($fields = NULL) { $return = array(); $invoices = $this->load($fields); diff --git a/inc/Storage.class.php b/inc/Storage.class.php index 712c5a8..6dac485 100644 --- a/inc/Storage.class.php +++ b/inc/Storage.class.php @@ -12,7 +12,8 @@ class Storage { $this->disconnect(); } - //Connect / Disconnect functions + // Connection functions + // ==================== public function connect() { $this->connection = new PDO('mysql:host='.MYSQL_HOST.';dbname='.MYSQL_DB, MYSQL_LOGIN, MYSQL_PASSWORD); $this->connection->query('SET NAMES utf8'); @@ -22,7 +23,8 @@ class Storage { $this->connection = null; } - //Function to get and set vars + // Getters + // ======= public function getHost() { return $this->host; } @@ -39,6 +41,8 @@ class Storage { return $this->db; } + // Setters + // ======= public function setHost($host) { $this->host = host; } @@ -55,6 +59,8 @@ class Storage { $this->db = $db; } + // Translates types in class to SQL types + // ====================================== public function typeToSQL($type) { $return = false; switch($type) { @@ -86,6 +92,8 @@ class Storage { } } + // Load function + // ============= public function load($fields = NULL) { $query = 'SELECT '; $i = false; @@ -118,6 +126,8 @@ class Storage { return $query->fetchAll(); } + // Storing function + // ================ public function save() { if(!empty($this->id)) { $query = 'UPDATE '.MYSQL_PREFIX.$this->TABLE_NAME.' SET '; @@ -172,6 +182,8 @@ class Storage { $this->id = (!isset($this->id) ? $this->connection->lastInsertId() : $this->id); } + // Delete function + // =============== public function delete() { $query = 'DELETE FROM '.MYSQL_PREFIX.$this->TABLE_NAME.' WHERE '; diff --git a/inc/User.class.php b/inc/User.class.php index 9cdafbf..c60b5f4 100644 --- a/inc/User.class.php +++ b/inc/User.class.php @@ -17,6 +17,8 @@ class User extends Storage { parent::__construct(); } + // Getters + // ======= public function getLogin() { return $this->login; } @@ -33,6 +35,8 @@ class User extends Storage { return $this->admin; } + // Setters + // ======= public function setId($id) { $this->id = (int) $id; } @@ -53,6 +57,8 @@ class User extends Storage { $this->admin = (bool) $admin; } + // Password functions + // ================== public function encrypt($text) { return crypt($text, SALT); } @@ -61,6 +67,8 @@ class User extends Storage { return User::encrypt($password) == $this->password; } + // Check if a user exists by login and load it + // =========================================== public function exists() { $user_data = $this->load(array('login'=>$this->login)); if(count($user_data) == 1) { @@ -76,6 +84,8 @@ class User extends Storage { } } + // Session storage + // =============== public function sessionStore() { return serialize(array('id'=>$this->id, 'login'=>$this->login, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin)); } @@ -93,6 +103,8 @@ class User extends Storage { $this->setAdmin($user_data['admin']); } + // Load overload => TODO + // ============= public function load_users($fields = NULL) { $return = array(); $users = $this->load($fields); @@ -121,6 +133,9 @@ class User extends Storage { } } + // Check wether a user already exists or not + // (a user = aunique login and display_name) + // ========================================= public function isUnique() { if(count($this->load_users(array('login'=>$this->login))) == 0 && count($this->load_users(array('display_name'=>$this->display_name)))) { return true; diff --git a/install.php b/install.php index f7c554d..7826415 100644 --- a/install.php +++ b/install.php @@ -1,7 +1,7 @@ Your Bouffe@Ulm instance is already configured. You should either delete data/config.php to access this page or delete the install.php for security reasons if you are ok with the configuration.
Go to your instance.

'); if(!function_exists("file_get_contents") && !function_exists("file_put_contents")) { $error = "Functions file_get_contents and file_put_contents seems to not be available on your PHP installation. You should enable them first.";