diff --git a/admin/assets/admin.css b/admin/assets/admin.css index f2752de..daea524 100755 --- a/admin/assets/admin.css +++ b/admin/assets/admin.css @@ -1373,6 +1373,59 @@ header .stream{ display: block; } +/*Confirm Window*/ +.overlay { + position: fixed; + left: 0; + right: 0; + top: 0; + bottom: 0; + background: rgba(0, 0, 0, 0.4); + z-index: 99; +} + +.window-confirm, .window-confirm .head { + text-align: center; + left: calc(50vw - 175px); + width: 100%; + max-width: 350px; + top: 40px; + background: #fff; + padding: 10px 10px 20px; + box-shadow: 0 2px 2px 0 rgba(0, 0, 0, .14), 0 3px 1px -2px rgba(0, 0, 0, .2), 0 1px 5px 0 rgba(0, 0, 0, .12); + z-index: 1; + border-radius: 2px; + position: fixed; + overflow: auto; + max-height: calc(100vh - 80px); + height: auto; +} + +.window-confirm .head { + margin: -10px -10px 10px 0; + text-align: left; + padding: 10px 10px; + background: #eaeaea; + border-radius: 2px 2px 0 0; + -moz-user-select: -moz-none; + -webkit-user-select: none; + user-select: none; + cursor: default; + position: fixed; +} + +.window-confirm .head .closeMsg { + color: #212121; +} + +.window-confirm .head .closeMsg:hover { + color: #5d5d5d; +} + +.window-confirm #content { + margin-top: 30px; +} + @media screen and (max-width: 450px) { header .options span.usr_info { display: none; diff --git a/admin/general_config.php b/admin/general_config.php index 52fed64..c9d33a2 100755 --- a/admin/general_config.php +++ b/admin/general_config.php @@ -87,7 +87,6 @@ tinymce(); $appUri = '../apps/'; foreach ($apps->getApps() as $app => $appconf) { - require $appUri . $app . '/config.php'; if (isset($_CONF['general_conf']) && $_CONF['general_conf'] != '' && file_exists($appUri . $app . '/' . $_CONF['general_conf'])) { diff --git a/admin/lang/lang.de.php b/admin/lang/lang.de.php index eaed915..7e1c485 100755 --- a/admin/lang/lang.de.php +++ b/admin/lang/lang.de.php @@ -88,6 +88,14 @@ $lang['general_database'] = 'Datenbank'; $lang['general_create_backup'] = 'Datenbank Backup erstellen'; $lang['general_go_phpmyadmin'] = 'Zu phpmyadmin'; +//Legitimation +$lang['legitimate_title'] = 'Legitimierung benötigt'; +$lang['legitimate_text'] = 'Dieser Vorgang benötigt eine Passwortbestätigung.'; +$lang['legitimate_confirm'] = 'Bestätigen'; +$lang['legitimate_abort'] = 'Abbrechen'; +$lang['legitimate_error'] = 'Beim Legitimieren ist ein Fehler aufgetreten.'; +$lang['legitimate_fail'] = 'Falsches Passwort.'; + /* * Manage Admins */ diff --git a/admin/login.php b/admin/login.php index 99f3fe3..30e653e 100755 --- a/admin/login.php +++ b/admin/login.php @@ -5,78 +5,109 @@ require_once '../inc/config.php'; require_once '../inc/libs/password.php'; require_once '../inc/libs/functions.php'; -$db->setCol('system_admins'); -$db->data['username'] = $_POST['username']; -$db->get(); -if($db->data[0]['id'] != '') +if(isset($_POST['username'])) { - if(password_verify($_POST['pw'], $db->data[0]['pass'])) + $db->setCol('system_admins'); + $db->data['username'] = $_POST['username']; + $db->get(); + if (isset($db->data[0]) && $db->data[0]['id'] != '') { - session_regenerate_id(); - $uid = $db->data[0]['id']; - - //Token - $token = random(64); - $_SESSION['token'] = $token; - $db->clear(); - $db->setCol('system_loggedin'); - $db->data['user'] = $uid; - $db->data['user_agent'] = $_SERVER['HTTP_USER_AGENT']; - $db->data['ip'] = $_SERVER['REMOTE_ADDR']; - $db->data['time'] = time(); - $db->data['token'] = $token; - //if($db->insert()) echo 'token'; else echo 'hm'; - $db->insert(); - //echo $token; - - $db->clear(); - $db->setCol('system_admins'); - $db->data['id'] = $uid; - $db->get(); - if($db->data[0]['secret'] != '') + if (password_verify($_POST['pw'], $db->data[0]['pass'])) { - if(isset($_POST['2fa']) && $_POST['2fa'] == '') - { - echo '2fa'; - exit; - } - else - { - require_once '../inc/libs/2fa.php'; - $authenticator = new php2FA(); + session_regenerate_id(); + $uid = $db->data[0]['id']; - if($authenticator->verifyCode($db->data[0]['secret'], $_POST['2fa'], 3)) + //Token + $token = random(64); + $_SESSION['token'] = $token; + $db->clear(); + $db->setCol('system_loggedin'); + $db->data['user'] = $uid; + $db->data['user_agent'] = $_SERVER['HTTP_USER_AGENT']; + $db->data['ip'] = $_SERVER['REMOTE_ADDR']; + $db->data['time'] = time(); + $db->data['token'] = $token; + //if($db->insert()) echo 'token'; else echo 'hm'; + $db->insert(); + //echo $token; + + $db->clear(); + $db->setCol('system_admins'); + $db->data['id'] = $uid; + $db->get(); + if ($db->data[0]['secret'] != '') + { + if (isset($_POST['2fa']) && $_POST['2fa'] == '') { - echo 'success'; - stream_message('{user} has logged in.', 4); - } - else - { - echo '2fafail'; + echo '2fa'; exit; - } - } - } - else - { - echo 'success'; - } + } else + { + require_once '../inc/libs/2fa.php'; + $authenticator = new php2FA(); - //Session - $_SESSION['user'] = $db->data[0]['username']; - $_SESSION['userid'] = $db->data[0]['id']; - $_SESSION['lvl'] = $db->data[0]['lvl']; - $_SESSION['mail'] = $db->data[0]['mail']; - $_SESSION['guestview'] = 'true'; - - stream_message('{user} has logged in.', 4); - } - else + if ($authenticator->verifyCode($db->data[0]['secret'], $_POST['2fa'], 3)) + { + echo 'success'; + stream_message('{user} has logged in.', 4); + } else + { + echo '2fafail'; + exit; + } + } + } else + { + echo 'success'; + } + + //Session + $_SESSION['user'] = $db->data[0]['username']; + $_SESSION['userid'] = $db->data[0]['id']; + $_SESSION['lvl'] = $db->data[0]['lvl']; + $_SESSION['mail'] = $db->data[0]['mail']; + $_SESSION['guestview'] = 'true'; + + stream_message('{user} has logged in.', 4); + } else + { + echo 'fail'; + } + } else { echo 'fail'; } } -else + +//Check for password - needed for user's confirmation +if(isset($_GET['checkPassword'])) { - echo 'fail'; + if(is_loggedin()) + { + if(isset($_POST['pw'])) + { + $db->setCol('system_admins'); + $db->data['id'] = $_SESSION['userid']; + $db->get(); + if (isset($db->data[0]) && $db->data[0]['id'] != '') + { + if (password_verify($_POST['pw'], $db->data[0]['pass'])) + { + echo 'success'; + } + else + { + echo 'fail'; + } + } + else + { + echo 'fail'; + } + } + } + else + { + echo 'login first.'; + } } \ No newline at end of file diff --git a/admin/new_user.php b/admin/new_user.php index 4b75089..5d64266 100755 --- a/admin/new_user.php +++ b/admin/new_user.php @@ -50,6 +50,7 @@ if (hasPerm('manage_admins'))
+

get('admins_cn_username'); ?>:

get('admins_cn_password'); ?>: diff --git a/admin/permissions.php b/admin/permissions.php index 482d274..933cb2a 100755 --- a/admin/permissions.php +++ b/admin/permissions.php @@ -35,7 +35,7 @@ if (hasPerm('edit_permissions')) } } else { - echo '

'; + echo '
'; //Admin Groups $db->get(); $role_names = []; diff --git a/admin/roles.php b/admin/roles.php index cae3b91..6322d38 100755 --- a/admin/roles.php +++ b/admin/roles.php @@ -42,6 +42,7 @@ if (hasPerm('manage_groups')) ?>
+

get('admins_roles_delete_confirm');?>

get('general_no');?> @@ -69,6 +70,7 @@ if (hasPerm('manage_groups')) ?>
+

get('admins_roles_user_delete_confirm');?>

get('general_no');?> @@ -133,6 +135,7 @@ if (hasPerm('manage_groups')) { ?> + get('admins_roles_add_user');?>:
diff --git a/admin/user_settings.php b/admin/user_settings.php index 163abd8..d36e4cb 100755 --- a/admin/user_settings.php +++ b/admin/user_settings.php @@ -275,6 +275,7 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid']) ?>
+

get('username'); ?>:

diff --git a/inc/footer.php b/inc/footer.php index c671632..3955728 100755 --- a/inc/footer.php +++ b/inc/footer.php @@ -4,203 +4,252 @@ if (!isset($_GET['direct'])) ?> -
-
- - +
+
+ + - + - - - - + } + }).fail(function (e) { + if (e.status == 404) { + showMsg('get('404_not_found');?> (' + e.statusText + ')'); + } else { + showMsg('Error.'); + } + }); + } + } + } + }); + + +