Commit 2cd97cca authored by Hugo Leisink's avatar Hugo Leisink

Release 1.2

parent 2bd2bc0a
<IfModule rewrite_module>
RewriteEngine On
RewriteBase /
RewriteRule . /public/$1 [QSA]
</IfModule>
monitor (1.2) stable; urgency=low
* Banshee framework updated to 5.0.
* Design made responsive.
* Database changes:
CREATE TABLE `organisations` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(50) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`), UNIQUE KEY `name_2` (`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
ALTER TABLE `users` ADD `organisation_id` INT UNSIGNED NOT NULL AFTER `id`, ADD INDEX ( `organisation_id` );
ALTER TABLE `users` ADD `cert_serial` INT UNSIGNED NULL AFTER `one_time_key`;
ALTER TABLE `users` CHANGE `password` `password` VARCHAR( 128 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;
Run 'database/private_pages' to update the table 'roles'.
Run 'database/fix_settings' to add missing settings.
* Small improvements.
-- Hugo Leisink <hugo@leisink.net> Sun, 21 Jun 2015 11:53:02 +0200
monitor (1.1) stable; urgency=low
* Support for failed login logging.
......
<?php
class admin_hostname_controller extends controller {
public function execute() {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/* Handle form submit
*/
if ($this->model->update_hostnames($_POST["hostname"]) == false) {
$this->output->add_tag("result", "Error while updating hostname.");
} else {
$this->output->add_tag("result", "Hostnames have been updated.");
}
} else {
/* Show hostname form
*/
if (($hostnames = $this->model->get_hostnames()) === false) {
$this->output->add_tag("result", "Database error.");
} else {
$this->output->open_tag("hostnames");
foreach ($hostnames as $hostname) {
$this->output->add_tag("hostname", $hostname["hostname"], array(
"id" => $hostname["id"],
"visible" => show_boolean($hostname["visible"])));
}
$this->output->close_tag();
}
}
}
}
?>
<?php
class system_error_controller extends controller {
class banshee_error_controller extends controller {
public function execute() {
#header("Status: ".$this->page->http_code);
header("Status: ".$this->page->http_code);
$this->output->add_tag("website_error", $this->page->http_code);
$this->output->add_tag("webmaster_email", $this->settings->webmaster_email);
......
<?php
class banshee_login_controller extends controller {
public function execute() {
header("Status: 401");
$this->output->description = "Login";
$this->output->keywords = "login";
$this->output->title = "Login";
$this->output->add_javascript("banshee/".PASSWORD_HASH.".js");
$this->output->add_javascript("banshee/login.js");
$this->output->run_javascript("set_focus(); hash = window['".PASSWORD_HASH."'];");
$this->output->open_tag("login");
$this->output->add_tag("url", $_SERVER["REQUEST_URI"]);
if ($_SERVER["REQUEST_METHOD"] != "POST") {
$this->output->add_tag("bind");
} else {
$this->output->add_tag("username", $_POST["username"]);
if (is_true($_POST["bind_ip"])) {
$this->output->add_tag("bind");
}
}
$this->output->add_tag("remote_addr", $_SERVER["REMOTE_ADDR"]);
$this->output->add_tag("challenge", $_SESSION["challenge"]);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (strpos($_POST["username"], "'") !== false) {
$this->output->add_message("Sorry, this application does not support SQL injection.");
header("X-Hiawatha-Monitor: exploit_attempt");
} else {
$this->output->add_message("Login incorrect");
}
}
$this->output->close_tag();
}
}
?>
<?php
class banshee_page_controller extends controller {
public function execute() {
if (($page = $this->model->get_page($this->page->url)) == false) {
$this->output->add_tag("website_error", 500);
return;
}
/* Page header
*/
if (trim($page["description"]) != "") {
$this->output->description = $page["description"];
}
if (trim($page["keywords"]) != "") {
$this->output->keywords = $page["keywords"];
}
$this->output->title = $page["title"];
if ($page["style"] != null) {
$this->output->inline_css = $page["style"];
}
$this->output->language = $page["language"];
$this->output->set_layout($page["layout"]);
$this->output->allow_hiawatha_cache();
/* Page content
*/
$this->output->open_tag("page");
$this->output->add_tag("title", $page["title"]);
$page["content"] = $this->output->secure_string($page["content"]);
$this->output->add_tag("content", $page["content"]);
if (is_true($page["back"])) {
$parts = explode("/", $this->page->page);
array_pop($parts);
$this->output->add_tag("back", implode("/", $parts));
}
$this->output->close_tag();
}
}
?>
<?php
class admin_controller extends controller {
private $menu = array(
"Authentication and authorization" => array(
"Users" => array("admin/user", "users.png"),
"Roles" => array("admin/role", "roles.png"),
"Access" => array("admin/access", "access.png")),
"Support and testing" => array(
"Action log" => array("admin/action", "action.png"),
"User switch" => array("admin/switch", "switch.png")),
"Content" => array(
"Hostnames" => array("admin/hostname", "hostname.gif"),
"Menu" => array("admin/menu", "menu.png"),
"News" => array("admin/news", "news.png"),
"Pages" => array("admin/page", "page.png"),
"Settings" => array("admin/settings", "settings.png"),
"Webservers" => array("admin/webserver", "webserver.png")));
class cms_controller extends controller {
public function execute() {
if (($this->user->id == 1) && ($this->user->password == "08b5411f848a2581a41672a759c87380")) {
$this->output->add_system_message("Don't forget to change the password of the admin account!");
$menu = array(
"Authentication, authorization & system" => array(
"Users" => array("cms/user", "users.png"),
"Roles" => array("cms/role", "roles.png"),
"Organisations" => array("cms/organisation", "organisations.png"),
"Access" => array("cms/access", "access.png"),
"User switch" => array("cms/switch", "switch.png"),
"Action log" => array("cms/action", "action.png"),
"Settings" => array("cms/settings", "settings.png")),
"Content" => array(
"Files" => array("cms/file", "file.png"),
"Hostnames" => array("cms/hostname", "hostname.gif"),
#"Languages" => array("cms/language", "language.png"),
"Menu" => array("cms/menu", "menu.png"),
"Pages" => array("cms/page", "page.png"),
"Webservers" => array("cms/webserver", "webserver.png")));
if (($this->user->id == 1) && ($this->user->password == "610706e9a48f85476e04d270bd6dc7492cdcd9ad7e91878007dff629ab11f195")) {
$this->output->add_system_warning("Don't forget to change the password of the admin account!");
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_message("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
if ($this->settings->secret_website_code == "CHANGE_ME_INTO_A_RANDOM_STRING") {
$this->output->add_system_warning("Don't forget to change the secret_website_code setting.");
}
if (is_true(DEBUG_MODE)) {
$this->output->add_system_message("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
$this->output->add_system_warning("Website is running in debug mode. Set DEBUG_MODE in settings/website.conf to 'no'.");
}
if ($this->page->pathinfo[1] != null) {
$this->output->add_system_warning("The administration module '%s' does not exist.", $this->page->pathinfo[1]);
}
if (is_false(MULTILINGUAL)) {
unset($menu["Content"]["Languages"]);
}
$access_list = page_access_list($this->db, $this->user);
......@@ -34,11 +43,11 @@
$this->output->open_tag("menu");
foreach ($this->menu as $text => $section) {
foreach ($menu as $text => $section) {
$this->output->open_tag("section", array(
"text" => $text,
"class" => str_replace(" ", "_", strtolower($text))));
"class" => strtr(strtolower($text), " &", "__")));
foreach ($section as $text => $info) {
list($page, $icon) = $info;
......@@ -48,14 +57,14 @@
}
if (isset($access_list[$page])) {
$access = show_boolean($access_list[$page] > 0);
$access = $access_list[$page] > 0;
} else {
$access = show_boolean(true);
$access = true;
}
$this->output->add_tag("entry", $page, array(
"text" => $text,
"access" => $access,
"access" => show_boolean($access),
"icon" => $icon));
}
......
<?php
class admin_access_controller extends controller {
class cms_access_controller extends controller {
public function execute() {
if (($users = $this->model->get_all_users()) === false) {
$this->output->add_tag("result", "Database error.");
......
<?php
class admin_action_controller extends controller {
class cms_action_controller extends controller {
public function execute() {
if (valid_input($this->page->pathinfo[2], VALIDATE_NUMBERS, VALIDATE_NONEMPTY) == false) {
$offset = 0;
......@@ -26,13 +26,22 @@
foreach ($log as $entry) {
$user_id = $entry["user_id"];
list($user_id, $switch_id) = explode(":", $user_id);
if (isset($users[$user_id]) == false) {
if (($user = $this->model->get_user($user_id)) !== false) {
$users[$user_id] = $user["username"];
}
}
if (isset($users[$switch_id]) == false) {
if (($switch = $this->model->get_user($switch_id)) !== false) {
$users[$switch_id] = $switch["username"];
}
}
$entry["username"] = isset($users[$user_id]) ? $users[$user_id] : "-";
$entry["switch"] = isset($users[$switch_id]) ? $users[$switch_id] : "-";
$this->output->record($entry, "entry");
}
......
<?php
class cms_file_controller extends controller {
public function execute() {
$base_dir = FILES_PATH;
if (($sub_dir = implode("/", $this->page->parameters)) != "") {
$sub_dir = "/".$sub_dir;
}
$directory = $base_dir.$sub_dir;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["submit_button"] == "Create directory") {
/* Create directory
*/
if ($this->model->directory_oke($_POST["create"], $directory) == false) {
$this->output->add_tag("create", $_POST["create"]);
} else if ($this->model->create_directory($_POST["create"], $directory) == false) {
$this->output->add_tag("create", $_POST["create"]);
$this->output->add_message("Error creating directory.");
}
} else if ($_POST["submit_button"] == "Upload file") {
/* Upload file
*/
if ($this->model->upload_oke($_FILES["file"], $directory)) {
if ($this->model->import_uploaded_file($_FILES["file"], $directory) == false) {
$this->output->add_message("Error while importing file.");
} else {
$this->user->log_action("file '%s' uploaded", $_FILES["file"]["name"]);
}
}
} else if ($_POST["submit_button"] == "delete") {
/* Delete file
*/
if ($this->model->delete_file($_POST["filename"], $directory) == false) {
$this->output->add_message("Error while deleting file.");
} else {
$this->user->log_action("file '%s' deleted", $_POST["filename"]);
}
}
}
if (($files = $this->model->directory_listing($directory)) === false) {
$this->output->add_tag("result", "Error reading directory");
} else {
$this->output->open_tag("files", array("dir" => $sub_dir));
/* One directory up
*/
$back = $this->page->parameters;
if (count($back) > 0) {
array_pop($back);
if (($back = implode("/", $back)) != "") {
$back = "/".$back;
}
$this->output->add_tag("back", "/".$this->page->module.$back);
}
/* Directories
*/
foreach ($files["dirs"] as $filename) {
$file = array(
"name" => $filename,
"link" => "/".$this->page->module.$sub_dir."/".$filename,
"size" => $this->model->get_file_size($directory."/".$filename),
"delete" => show_boolean($this->model->directory_empty($filename, $directory)));
$this->output->record($file, "dir");
}
/* Files
*/
foreach ($files["files"] as $filename) {
$file = array(
"name" => $filename,
"link" => "/".$directory."/".rawurlencode($filename),
"size" => $this->model->get_file_size($directory."/".$filename),
"delete" => "yes");
$this->output->record($file, "file");
}
$this->output->close_tag();
}
}
}
?>
<?php
class cms_hostname_controller extends controller {
private function show_hostnames() {
if (($hostnames = $this->model->get_hostnames()) === false) {
$this->output->add_tag("result", "Database error.");
} else {
$this->output->open_tag("hostnames");
foreach ($hostnames as $hostname) {
$this->output->add_tag("hostname", $hostname["hostname"], array(
"id" => $hostname["id"],
"visible" => show_boolean($hostname["visible"])));
}
$this->output->close_tag();
}
}
public function execute() {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/* Delete hostnames
*/
if (is_array($_POST["delete"])) foreach ($_POST["delete"] as $hostname_id) {
if (($hostname = $this->model->get_hostname($hostname_id)) != false) {
if ($this->model->delete_hostname($hostname_id) == false) {
$this->output->add_system_warning("Error while deleting hostname %s.", $hostname);
} else {
$this->output->add_system_message("Hostname %s has been deleted.", $hostname);
$this->user->log_action("hostname %s deleted", $hostname);
}
}
}
/* Update hostnames
*/
if ($this->model->update_hostnames($_POST["hostname"]) == false) {
$this->output->add_system_warning("Error while updating hostname visibility.");
} else {
$this->output->add_system_message("Hostname visibility has been updated.");
}
}
$this->show_hostnames();
}
}
?>
<?php
class cms_language_controller extends tablemanager_controller {
protected $name = "Language";
protected $pathinfo_offset = 2;
protected $icon = "language.png";
protected $back = "cms";
public function execute() {
if (is_a($this->language, "language")) {
parent::execute();
} else {
$this->output->open_tag("tablemanager");
$this->output->add_tag("name", "Language");
$this->output->add_tag("result", "Multiple languages are not supported by this website.", array("url" => "admin", "seconds" => "5"));
$this->output->close_tag();
}
}
}
?>
<?php
class admin_menu_controller extends controller {
class cms_menu_controller extends controller {
private function show_menu($menu) {
if (is_array($menu) == false) {
$menu = array();
......@@ -19,12 +19,11 @@
}
private function show_menu_form($menu) {
$this->output->add_javascript("jquery/jquery.js");
$this->output->add_javascript("jquery/jquery-ui.js");
$this->output->add_javascript("jquery/jquery.menueditor.js");
$this->output->add_javascript("admin/menu.js");
$this->output->add_javascript("banshee/jquery.menueditor.js");
$this->output->add_javascript("cms/menu.js");
$this->output->add_css("includes/menueditor.css");
$this->output->add_css("banshee/menueditor.css");
$this->output->open_tag("edit");
$this->show_menu($menu);
......
<?php
class cms_organisation_controller extends tablemanager_controller {
protected $name = "Organisation";
protected $back = "cms";
protected $pathinfo_offset = 2;
protected $icon = "organisations.png";
public function show_item_form($item) {
if (valid_input($item["id"], VALIDATE_NUMBERS, VALIDATE_NONEMPTY)) {
if (($users = $this->model->get_users($item["id"])) !== false) {
$this->output->open_tag("users");