Rough encrypt
This commit is contained in:
parent
65a34f5b65
commit
f8f37fe6e2
26
classes/index.php
Executable file
26
classes/index.php
Executable file
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright (C) 2018 josh.north@point808.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
||||
ini_set('session.gc_probability', 1); // GC RATES
|
||||
ini_set('session.gc_divisor', 100); // TIMES
|
||||
ini_set('session.use_cookies', '1');
|
||||
ini_set('session.use_only_cookies', '1');
|
||||
ini_set('session.cookie_lifetime', '0');
|
||||
ini_set('session.cookie_secure', '0');
|
||||
ini_set('session.cookie_httponly', '0');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
189
classes/misc/csrf.php
Normal file
189
classes/misc/csrf.php
Normal file
@ -0,0 +1,189 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright (C) 2018 josh.north@point808.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace classes\misc;
|
||||
|
||||
class csrf {
|
||||
/**
|
||||
* Generates a new token
|
||||
* @return [object] token
|
||||
*/
|
||||
protected static function setNewToken(string $page, int $expiry) {
|
||||
|
||||
$token = new \stdClass();
|
||||
$token->page = $page;
|
||||
$token->expiry = time() + $expiry;
|
||||
$token->sessiontoken = base64_encode(random_bytes(32));
|
||||
$token->cookietoken = md5(base64_encode(random_bytes(32)));
|
||||
|
||||
setcookie ( self::makeCookieName($page), $token->cookietoken, [
|
||||
'expires' => $token->expiry,
|
||||
'secure' => false,
|
||||
'httponly' => false,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
|
||||
return $_SESSION['csrftokens'][$page] = $token;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns a session token for a page
|
||||
* @param [string] page name
|
||||
* @return [object] token
|
||||
*/
|
||||
protected static function getSessionToken(string $page) {
|
||||
|
||||
return !empty($_SESSION['csrftokens'][$page]) ? $_SESSION['csrftokens'][$page] : null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* [getCookieToken description]
|
||||
* @param [string] page name
|
||||
* @return [string] token string / empty string
|
||||
*/
|
||||
protected static function getCookieToken(string $page) : string {
|
||||
|
||||
$value = self::makeCookieName($page);
|
||||
|
||||
return !empty($_COOKIE[$value]) ? $_COOKIE[$value] : '';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Centralised method to make the cookie name
|
||||
* @param [string] page name
|
||||
* @return [string] cookie token name / empty string
|
||||
*/
|
||||
protected static function makeCookieName(string $page) : string {
|
||||
|
||||
if (empty($page)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
return 'csrftoken-' . substr(md5($page), 0, 10);
|
||||
}
|
||||
|
||||
/**
|
||||
* Confirms that the superglobal $_SESSION exists
|
||||
* @return [bool] Whether the session exists or not
|
||||
*/
|
||||
protected static function confirmSessionStarted() : bool {
|
||||
|
||||
if (!isset($_SESSION)) {
|
||||
trigger_error('Session has not been started.', E_USER_ERROR);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a page's token.
|
||||
* - Page name is required so that users can browse to multiple pages and allows for each
|
||||
* page to have its own unique token
|
||||
*
|
||||
* @param [string] page name
|
||||
* @param [int] expiry time
|
||||
* @return [mixed] markup to be used in the form, false on data missing
|
||||
*/
|
||||
public static function getInputToken(string $page, int $expiry = 1800) {
|
||||
|
||||
self::confirmSessionStarted();
|
||||
|
||||
if (empty($page)) {
|
||||
trigger_error('Page is missing.', E_USER_ERROR);
|
||||
return false;
|
||||
}
|
||||
|
||||
$token = (self::getSessionToken($page) ?? self::setNewToken($page, $expiry));
|
||||
|
||||
return '<input type="hidden" id="csrftoken" name="csrftoken" value="'. $token->sessiontoken .'">';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Verify's a request token against a session token
|
||||
* @param [string] page name
|
||||
* @param [string] token from the request
|
||||
* @return [bool] whether the request submission is valid or not
|
||||
*/
|
||||
public static function verifyToken(string $page, $removeToken = false, $requestToken = null) : bool {
|
||||
|
||||
self::confirmSessionStarted();
|
||||
|
||||
// if the request token has not been passed, check POST
|
||||
$requestToken = ($requestToken ?? $_POST['csrftoken'] ?? null);
|
||||
|
||||
if (empty($page)) {
|
||||
trigger_error('Page alias is missing', E_USER_WARNING);
|
||||
return false;
|
||||
}
|
||||
else if (empty($requestToken)) {
|
||||
trigger_error('Token is missing', E_USER_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
$token = self::getSessionToken($page);
|
||||
|
||||
// if the time is greater than the expiry form submission window
|
||||
if (empty($token) || time() > (int) $token->expiry) {
|
||||
self::removeToken($page);
|
||||
return false;
|
||||
}
|
||||
|
||||
// check the hash matches the Session / Cookie
|
||||
$sessionConfirm = hash_equals($token->sessiontoken, $requestToken);
|
||||
$cookieConfirm = hash_equals($token->cookietoken, self::getCookieToken($page));
|
||||
|
||||
// remove the token
|
||||
if ($removeToken) {
|
||||
self::removeToken($page);
|
||||
}
|
||||
|
||||
// both session and cookie match
|
||||
if ($sessionConfirm && $cookieConfirm) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Removes a token from the session
|
||||
* @param [string] $page page name
|
||||
* @return [bool] successfully removed or not
|
||||
*/
|
||||
public static function removeToken(string $page) : bool {
|
||||
|
||||
self::confirmSessionStarted();
|
||||
|
||||
if (empty($page)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
unset($_COOKIE[self::makeCookieName($page)], $_SESSION['csrftokens'][$page]);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
} // Csrf
|
20
classes/misc/date.php
Normal file
20
classes/misc/date.php
Normal file
@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
namespace classes\misc;
|
||||
|
||||
class date {
|
||||
|
||||
|
||||
public function getUTC () {
|
||||
return gmdate('Y-m-d H:i:s');
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
26
classes/misc/index.php
Executable file
26
classes/misc/index.php
Executable file
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright (C) 2018 josh.north@point808.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
||||
ini_set('session.gc_probability', 1); // GC RATES
|
||||
ini_set('session.gc_divisor', 100); // TIMES
|
||||
ini_set('session.use_cookies', '1');
|
||||
ini_set('session.use_only_cookies', '1');
|
||||
ini_set('session.cookie_lifetime', '0');
|
||||
ini_set('session.cookie_secure', '0');
|
||||
ini_set('session.cookie_httponly', '0');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
21
classes/misc/simple.php
Normal file
21
classes/misc/simple.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
|
||||
namespace classes\misc;
|
||||
use App\LobbySIO\Config\Registry;
|
||||
|
||||
class simple {
|
||||
|
||||
public function getHideFooter () {
|
||||
return Registry::HIDEFOOTER;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
114
encrypt-test.php
Normal file
114
encrypt-test.php
Normal file
@ -0,0 +1,114 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright (C) 2018 josh.north@point808.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
||||
ini_set('session.gc_probability', 1); // GC RATES
|
||||
ini_set('session.gc_divisor', 100); // TIMES
|
||||
ini_set('session.use_cookies', '1');
|
||||
ini_set('session.use_only_cookies', '0');
|
||||
ini_set('session.cookie_lifetime', '0');
|
||||
ini_set('session.cookie_secure', '1');
|
||||
ini_set('session.cookie_httponly', '0');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
||||
session_save_path('.tmp'); // TEMP
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use Defuse\Crypto\Crypto;
|
||||
use Defuse\Crypto\Key;
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
if (Registry::AUTHMETHOD == 'SAML') {
|
||||
//simplesaml
|
||||
require_once('../simplesamlphp/lib/_autoload.php');
|
||||
$auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP);
|
||||
//$auth->requireAuth();
|
||||
$auth->isAuthenticated();
|
||||
if (!$auth->isAuthenticated()) {
|
||||
$attributes = 'none';
|
||||
} else {
|
||||
$attributes = $auth->getAttributes();
|
||||
$saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0];
|
||||
$saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0");
|
||||
$saml_user_id = $saml_user_info["0"]["users_id"];
|
||||
}
|
||||
$session = \SimpleSAML\Session::getSessionFromRequest();
|
||||
$session->cleanup();
|
||||
}
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
||||
if (isset($saml_user_id)) {
|
||||
$sessuserid=$saml_user_id;
|
||||
} else {
|
||||
$sessuserid=$_SESSION['user_id'];
|
||||
}
|
||||
} elseif (!isset($_SESSION['user_id'])) {
|
||||
if (isset($saml_user_id)) {
|
||||
$sessuserid=$saml_user_id;
|
||||
} else {
|
||||
$sessuserid='2';
|
||||
}
|
||||
$session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
|
||||
if (isset($session_user)) { // GET UID OR SET TO KIOSK
|
||||
$uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
|
||||
$app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP LANGUAGE
|
||||
if(!isset($app_disp_lang)) {
|
||||
$app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
|
||||
$siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP SITE
|
||||
foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
|
||||
$lookup_array[$arr['sites_id']]=1; }
|
||||
if(isset($lookup_array[$siteidcookie])) {
|
||||
$siteid = $siteidcookie; } else { $siteid = "1"; }
|
||||
if(!isset($siteid)) { $siteid="1"; }
|
||||
$Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR
|
||||
$transLang = $Translate->userLanguage();
|
||||
$VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo(); // ADDITIONAL CLASSES
|
||||
$IDTypeInfo = new \App\LobbySIO\Database\IDTypeInfo();
|
||||
$VisitInfo = new \App\LobbySIO\Database\VisitInfo();
|
||||
$VisitActions = new \App\LobbySIO\Database\VisitActions();
|
||||
$app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP
|
||||
$app_current_pageicon = '<i class="fas fa-home"></i> ';
|
||||
require_once("inc/header.inc.php");
|
||||
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
|
||||
//header("X-Frame-Options: SAMEORIGIN");
|
||||
//header("X-Content-Type-Options: nosniff");
|
||||
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
|
||||
if (!empty($_GET['a'])) {
|
||||
echo '<pre>' . print_r($_POST, true) . '</pre>';
|
||||
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
|
||||
|
||||
<?php if ($StaticFunctions->getUserSessionStatus() == false) {
|
||||
die; //do not run if not authenticated
|
||||
} else {
|
||||
$samplekey = Key::createNewRandomKey();
|
||||
$samplekeysafe = $samplekey->saveToAsciiSafeString();
|
||||
echo "Sample Keys (Reload page for more...)<br />";
|
||||
for ($i=0; $i < 10; $i++) {
|
||||
$samplekey = Key::createNewRandomKey();
|
||||
$samplekeysafe = $samplekey->saveToAsciiSafeString();
|
||||
$samplekeysafelength=strlen($samplekeysafe);
|
||||
print $samplekeysafe." (".$samplekeysafelength.")<br/>";
|
||||
}
|
||||
}
|
||||
|
133
encrypt.php.example
Normal file
133
encrypt.php.example
Normal file
@ -0,0 +1,133 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright (C) 2018 josh.north@point808.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
||||
ini_set('session.gc_probability', 1); // GC RATES
|
||||
ini_set('session.gc_divisor', 100); // TIMES
|
||||
ini_set('session.use_cookies', '1');
|
||||
ini_set('session.use_only_cookies', '0');
|
||||
ini_set('session.cookie_lifetime', '0');
|
||||
ini_set('session.cookie_secure', '1');
|
||||
ini_set('session.cookie_httponly', '0');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
||||
session_save_path('.tmp'); // TEMP
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use Defuse\Crypto\Crypto;
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
if (Registry::AUTHMETHOD == 'SAML') {
|
||||
//simplesaml
|
||||
require_once('../simplesamlphp/lib/_autoload.php');
|
||||
$auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP);
|
||||
//$auth->requireAuth();
|
||||
$auth->isAuthenticated();
|
||||
if (!$auth->isAuthenticated()) {
|
||||
$attributes = 'none';
|
||||
} else {
|
||||
$attributes = $auth->getAttributes();
|
||||
$saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0];
|
||||
$saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0");
|
||||
$saml_user_id = $saml_user_info["0"]["users_id"];
|
||||
}
|
||||
$session = \SimpleSAML\Session::getSessionFromRequest();
|
||||
$session->cleanup();
|
||||
}
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
||||
if (isset($saml_user_id)) {
|
||||
$sessuserid=$saml_user_id;
|
||||
} else {
|
||||
$sessuserid=$_SESSION['user_id'];
|
||||
}
|
||||
} elseif (!isset($_SESSION['user_id'])) {
|
||||
if (isset($saml_user_id)) {
|
||||
$sessuserid=$saml_user_id;
|
||||
} else {
|
||||
$sessuserid='2';
|
||||
}
|
||||
$session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
|
||||
if (isset($session_user)) { // GET UID OR SET TO KIOSK
|
||||
$uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
|
||||
$app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP LANGUAGE
|
||||
if(!isset($app_disp_lang)) {
|
||||
$app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
|
||||
$siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP SITE
|
||||
foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
|
||||
$lookup_array[$arr['sites_id']]=1; }
|
||||
if(isset($lookup_array[$siteidcookie])) {
|
||||
$siteid = $siteidcookie; } else { $siteid = "1"; }
|
||||
if(!isset($siteid)) { $siteid="1"; }
|
||||
$Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR
|
||||
$transLang = $Translate->userLanguage();
|
||||
$VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo(); // ADDITIONAL CLASSES
|
||||
$IDTypeInfo = new \App\LobbySIO\Database\IDTypeInfo();
|
||||
$VisitInfo = new \App\LobbySIO\Database\VisitInfo();
|
||||
$VisitActions = new \App\LobbySIO\Database\VisitActions();
|
||||
$app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP
|
||||
$app_current_pageicon = '<i class="fas fa-home"></i> ';
|
||||
require_once("inc/header.inc.php");
|
||||
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
|
||||
//header("X-Frame-Options: SAMEORIGIN");
|
||||
//header("X-Content-Type-Options: nosniff");
|
||||
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
|
||||
if (!empty($_GET['a'])) {
|
||||
echo '<pre>' . print_r($_POST, true) . '</pre>';
|
||||
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
|
||||
|
||||
<?php if ($StaticFunctions->getUserSessionStatus() == false) {
|
||||
die;
|
||||
} else {
|
||||
$query = "
|
||||
SELECT
|
||||
" . Registry::DB_PRFX . "visits.id as visits_id,
|
||||
" . Registry::DB_PRFX . "visits.firstname as visits_firstname,
|
||||
" . Registry::DB_PRFX . "visits.lastname as visits_lastname,
|
||||
" . Registry::DB_PRFX . "visits.company as visits_company,
|
||||
" . Registry::DB_PRFX . "visits.escort as visits_escort,
|
||||
" . Registry::DB_PRFX . "visits.carnum as visits_carnum
|
||||
FROM " . Registry::DB_PRFX . "visits";
|
||||
$database = new \App\LobbySIO\Database\Connect();
|
||||
$rows = $database->getQuery($query);
|
||||
foreach ($rows as $tr) {
|
||||
$visits_id = $tr['visits_id'];
|
||||
$visits_firstname_e = Crypto::encrypt($tr['visits_firstname'], $encKey);
|
||||
$visits_lastname_e = Crypto::encrypt($tr['visits_lastname'], $encKey);
|
||||
$visits_company_e = Crypto::encrypt($tr['visits_company'], $encKey);
|
||||
$visits_escort_e = Crypto::encrypt($tr['visits_escort'], $encKey);
|
||||
$visits_carnum_e = Crypto::encrypt($tr['visits_carnum'], $encKey);
|
||||
$query = "
|
||||
UPDATE " . Registry::DB_PRFX . "visits
|
||||
SET " . Registry::DB_PRFX . "visits.firstname = \"$visits_firstname_e\",
|
||||
" . Registry::DB_PRFX . "visits.lastname = \"$visits_lastname_e\",
|
||||
" . Registry::DB_PRFX . "visits.company = \"$visits_company_e\",
|
||||
" . Registry::DB_PRFX . "visits.escort = \"$visits_escort_e\",
|
||||
" . Registry::DB_PRFX . "visits.carnum = \"$visits_carnum_e\"
|
||||
WHERE " . Registry::DB_PRFX . "visits.id = \"$visits_id\"
|
||||
";
|
||||
$database = new \App\LobbySIO\Database\Connect();
|
||||
$count = $database->runQuery($query);
|
||||
}
|
||||
}
|
@ -22,7 +22,7 @@
|
||||
<div class="container-fluid">
|
||||
<div class="row"> </div>
|
||||
<div class="row row-cols-3">
|
||||
<?php if($StaticFunctions->getHideFooter()=='false' || $app_current_pagename == $transLang['LOGIN']){ ?>
|
||||
<?php if(Classes\Misc\Simple::GetHideFooter()=='false' || $app_current_pagename == $transLang['LOGIN']){ ?>
|
||||
<div class="col-sm text-muted text-start"><?php echo $transLang['SERVER_TIME'] . ": " . $StaticFunctions->getUTC(); ?></div>
|
||||
<div class="col-sm text-muted text-center"><?php echo $transLang['LOCAL_TIME'] . ": " . $timenow; ?></div>
|
||||
<div class="col-sm text-muted text-end">
|
||||
|
14
index.php
14
index.php
@ -25,9 +25,12 @@
|
||||
ini_set('session.cookie_httponly', '0');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
||||
session_save_path('.tmp'); // TEMP
|
||||
spl_autoload_register();
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use Defuse\Crypto\Crypto;
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
if (Registry::AUTHMETHOD == 'SAML') {
|
||||
//simplesaml
|
||||
@ -47,6 +50,7 @@
|
||||
$session->cleanup();
|
||||
}
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
||||
if (isset($saml_user_id)) {
|
||||
@ -87,7 +91,7 @@
|
||||
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
|
||||
if (!empty($_GET['a'])) {
|
||||
echo '<pre>' . print_r($_POST, true) . '</pre>';
|
||||
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
||||
echo 'Verification has been : ' . (Classes\Misc\Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
||||
}
|
||||
?>
|
||||
|
||||
@ -249,9 +253,9 @@ $form_data = filter_input_array(INPUT_POST, [
|
||||
$form_data['fd_manualTimeDate'] = $StaticFunctions->getUTC(); // OTHERWISE USE NOW()UTC
|
||||
}
|
||||
$visitid = $VisitActions->newVisit( // ADD VISIT RECORD
|
||||
$form_data['fd_firstName'],
|
||||
$form_data['fd_lastName'],
|
||||
$form_data['fd_visitorCompany'],
|
||||
Crypto::encrypt($form_data['fd_firstName'], $encKey),
|
||||
Crypto::encrypt($form_data['fd_lastName'], $encKey),
|
||||
Crypto::encrypt($form_data['fd_visitorCompany'], $encKey),
|
||||
$form_data['fd_visitType'],
|
||||
$form_data['fd_manualTimeDate'],
|
||||
$form_data['fd_visitorSignature'],
|
||||
@ -946,7 +950,7 @@ if ($db_vendorinfo_workcompleted === 1 && $db_vendorinfo_sitecleanup === 1) { $f
|
||||
<span class="badge bg-light text-dark"><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $row['visits_reason'])[0]["visittypes_name"]]; ?></span>
|
||||
</div>
|
||||
</td>
|
||||
<td class="small"><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" nonce="<?=$_SESSION['nonceStr']?>"></img></td>
|
||||
<td class="small"><?php echo Crypto::decrypt($row['visits_lastname'], $encKey) . ", " . Crypto::decrypt($row['visits_firstname'], $encKey); ?><br><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" nonce="<?=$_SESSION['nonceStr']?>"></img></td>
|
||||
<td class="small"><?php if (!empty($row['visits_escort'])) {echo $row['visits_escort'] . '<br /><img src="' . $row['visits_escort_signature'] . '" width="200" height="50" nonce="'.$_SESSION['nonceStr'].'"></img>'; } ?></td>
|
||||
<td class="small">
|
||||
<?php if($row['visits_approved'] === 2) { ?>
|
||||
|
17
reports.php
17
reports.php
@ -27,7 +27,9 @@
|
||||
session_save_path('.tmp'); // TEMP
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use Defuse\Crypto\Crypto;
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
if (Registry::AUTHMETHOD == 'SAML') {
|
||||
//simplesaml
|
||||
@ -47,6 +49,7 @@
|
||||
$session->cleanup();
|
||||
}
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
||||
if (isset($saml_user_id)) {
|
||||
@ -221,9 +224,9 @@ $form_data = filter_input_array(INPUT_POST, [
|
||||
<td><?php echo $timein_disp; ?></td>
|
||||
<td><?php if (!empty($row['visits_outtime'])) {echo $timeout_disp; } else {echo $transLang['IN'];} ?></td>
|
||||
<td><?php echo $SiteInfo->getSite($row['visits_site_id'], $uid, "0", "0")[0]["sites_name"]; ?></td>
|
||||
<td><?php echo $row['visits_company']; ?></td>
|
||||
<td><?php echo Crypto::decrypt($row['visits_company'], $encKey); ?></td>
|
||||
<td><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $row['visits_reason'])[0]['visittypes_name']]; ?></td>
|
||||
<td><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" alt="Signature" /></td>
|
||||
<td><?php echo Crypto::decrypt($row['visits_lastname'], $encKey) . ", " . Crypto::decrypt($row['visits_firstname'], $encKey); ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" alt="Signature" /></td>
|
||||
<td><?php if (!empty($row['visits_escort'])) {echo $row['visits_escort'] . '<br /><img src="' . $row['visits_escort_signature'] . '" width="200" height="50" alt="Escort Signature" />'; } ?></td>
|
||||
<td><?php echo $row['visits_badge']; ?></td>
|
||||
<td><?php if(!empty($Users->readUserFirstAndLast($row['visits_initials']))){ echo $Users->readUserFirstAndLast($row['visits_initials'])[0]["users_firstname"] . " " . $Users->readUserFirstAndLast($row['visits_initials'])[0]["users_lastname"]; } ?></td>
|
||||
@ -293,9 +296,9 @@ $form_data = filter_input_array(INPUT_POST, [
|
||||
<td><?php echo $timein_disp; ?></td>
|
||||
<td><?php if (!empty($row['visits_outtime'])) {echo $timeout_disp; } else {echo $transLang['IN'];} ?></td>
|
||||
<td><?php echo $SiteInfo->getSite($row['visits_site_id'], $uid, "0", "0")[0]["sites_name"]; ?></td>
|
||||
<td><?php echo $row['visits_company']; ?></td>
|
||||
<td><?php echo Crypto::decrypt($row['visits_company'], $encKey); ?></td>
|
||||
<td><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $row['visits_reason'])[0]['visittypes_name']]; ?></td>
|
||||
<td><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" alt="Signature" /></td>
|
||||
<td><?php echo Crypto::decrypt($row['visits_lastname'], $encKey) . ", " . Crypto::decrypt($row['visits_firstname'], $encKey); ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" alt="Signature" /></td>
|
||||
<td><?php echo $row['visits_badge']; ?></td>
|
||||
<td><?php if(!empty($Users->readUserFirstAndLast($row['visits_initials']))){ echo $Users->readUserFirstAndLast($row['visits_initials'])[0]["users_firstname"] . " " . $Users->readUserFirstAndLast($row['visits_initials'])[0]["users_lastname"]; } ?></td>
|
||||
<?php if($selsite=="%" || $SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_region"] == "EMEA") { ?>
|
||||
@ -332,11 +335,11 @@ $form_data = filter_input_array(INPUT_POST, [
|
||||
<input type="hidden" name="form_data_timein" id="form_data_timein" value="<?php echo $timein_disp; ?>" />
|
||||
<input type="hidden" name="form_data_timeout" id="form_data_timeout" value="<?php if (!empty($row['visits_outtime'])) {echo $timeout_disp; } else {echo $transLang['IN'];} ?>" />
|
||||
<input type="hidden" name="form_data_sitename" id="form_data_sitename" value="<?php echo $SiteInfo->getSite($row['visits_site_id'], $uid, "0", "0")[0]["sites_name"]; ?>" />
|
||||
<input type="hidden" name="form_data_firstname" id="form_data_firstname" value="<?php echo $row['visits_firstname']; ?>" />
|
||||
<input type="hidden" name="form_data_lastname" id="form_data_lastname" value="<?php echo $row['visits_lastname']; ?>" />
|
||||
<input type="hidden" name="form_data_firstname" id="form_data_firstname" value="<?php echo Crypto::decrypt($row['visits_firstname'], $encKey); ?>" />
|
||||
<input type="hidden" name="form_data_lastname" id="form_data_lastname" value="<?php echo Crypto::decrypt($row['visits_lastname'], $encKey); ?>" />
|
||||
<input type="hidden" name="form_data_carnum" id="form_data_carnum" value="<?php echo $form_data['form_data_carnum']; ?>" />
|
||||
<input type="hidden" name="form_data_ssanum" id="form_data_ssanum" value="<?php echo $form_data['form_data_ssanum']; ?>" />
|
||||
<input type="hidden" name="form_data_company" id="form_data_company" value="<?php echo $row['visits_company']; ?>" />
|
||||
<input type="hidden" name="form_data_company" id="form_data_company" value="<?php echo Crypto::decrypt($row['visits_company'], $encKey); ?>" />
|
||||
<input type="hidden" name="form_data_contact1" id="form_data_contact1" value="<?php echo $db_vendorinfo_contact1; ?>" />
|
||||
<input type="hidden" name="form_data_contact2" id="form_data_contact2" value="<?php echo $db_vendorinfo_contact2; ?>" />
|
||||
<input type="hidden" name="form_data_workstart" id="form_data_workstart" value="<?php echo $db_vendorinfo_workstart; ?>" />
|
||||
|
@ -27,8 +27,12 @@
|
||||
session_save_path('.tmp'); // TEMP
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use Defuse\Crypto\Crypto;
|
||||
use App\LobbySIO\Misc\Csrf; // ANTICSRF
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
||||
@ -94,7 +98,7 @@ if (empty($form_data['fd_vendorContact2'])) { $db_vendorinfo_contact2="";} else
|
||||
if (empty($form_data['fd_workStartTime'])) { $db_vendorinfo_workstart="";} else {$db_vendorinfo_workstart=$form_data['fd_workStartTime'];}
|
||||
if (empty($form_data['fd_workEndTime'])) { $db_vendorinfo_workend="";} else {$db_vendorinfo_workend=$form_data['fd_workEndTime'];}
|
||||
if (empty($form_data['fd_clientImpacted'])) { $db_vendorinfo_customerimpacted="";} else {$db_vendorinfo_customerimpacted=$form_data['fd_clientImpacted'];}
|
||||
$visitid = $VisitActions->newVisit($form_data['fd_firstName'], $form_data['fd_lastName'], $form_data['fd_visitorCompany'], $form_data['fd_visitType'], $StaticFunctions->getUTC(), $form_data['fd_visitorSignature'], $form_data['fd_siteId'], "1", $form_data['fd_escortSignature'], $form_data['fd_escortName'], $carnum, $ssanum, $isvendor);
|
||||
$visitid = $VisitActions->newVisit(Crypto::encrypt($form_data['fd_firstName'], $encKey), Crypto::encrypt($form_data['fd_lastName'], $encKey), Crypto::encrypt($form_data['fd_visitorCompany'], $encKey), $form_data['fd_visitType'], $StaticFunctions->getUTC(), $form_data['fd_visitorSignature'], $form_data['fd_siteId'], "1", $form_data['fd_escortSignature'], $form_data['fd_escortName'], $carnum, $ssanum, $isvendor);
|
||||
if($form_data['fd_isVendor'] === (int)"1") {
|
||||
$vendorid = $VisitActions->setInfoVendorVisitNew($visitid, $db_vendorinfo_contact1, $db_vendorinfo_contact2, $db_vendorinfo_workstart, $db_vendorinfo_workend, $db_vendorinfo_customerimpacted);
|
||||
}
|
||||
|
@ -129,7 +129,7 @@ if(empty($form_data['fd_formAction'])){
|
||||
<tr>
|
||||
<td><?=$row['visits_badge']?></td>
|
||||
<td><?=$timein_disp?></td>
|
||||
<td><?php echo $row['visits_lastname'] . ", " . $row['visits_firstname']; ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" /></td>
|
||||
<td><?php echo Crypto::decrypt($row['visits_lastname'], $encKey) . ", " . Crypto::decrypt($row['visits_firstname'], $encKey); ?><br /><img src="<?php echo $row['visits_signature']; ?>" width="200" height="50" /></td>
|
||||
<td><?php if (!empty($row['visits_escort'])) {echo $row['visits_escort'] . '<br /><img src="' . $row['visits_escort_signature'] . '" width="200" height="50" />'; } ?></td>
|
||||
<td><nobr><?php if($isvendor===0){ ?><button type="submit" name="fd_endVisitForId" value="<?php echo $row['visits_id']; ?>" class="btn btn-warning btn-lg"><i class="fas fa-sign-out-alt"></i><?=$transLang['SIGNOUT']?></button>
|
||||
<?php } elseif($isvendor===1){
|
||||
|
@ -41,5 +41,8 @@ class Registry { const
|
||||
DEFAULTTZ = 'America/New_York', // DEFAULT TIME ZONE
|
||||
HIDEFOOTER = 'false', // HIDE TIMESTAMP FOOTER
|
||||
AUTHMETHOD = 'INTERNAL', // Auth users using INTERNAL or SAML
|
||||
AUTHIDP = 'default-sp' // Identity Provider if using SAML
|
||||
AUTHIDP = 'default-sp', // Identity Provider if using SAML
|
||||
ENCKEY = 'def00000231550b3ca99ed79ffe1010c5555d9ff9f6b3d0844c65dd5705aa72da77d427c76a50c7a19e52e5e3c38137f2db2d95a4d845c85b691e384d9ba6ee6e706baac'
|
||||
// CHANGE ME BEFORE USING! Encryption key - 136 char ascii encryption key - generate
|
||||
// online or via encrypt-test.php. WARNING! Changing after in production WILL BREAK YOUR DATA!!!
|
||||
;}
|
||||
|
@ -19,6 +19,7 @@
|
||||
namespace App\LobbySIO\Misc;
|
||||
use App\LobbySIO\Config\Registry;
|
||||
use SimpleSAML\Auth\Simple;
|
||||
use Defuse\Crypto\Key;
|
||||
|
||||
/**
|
||||
* Miscellaneous junk probably not even deserving of a class but whatever
|
||||
@ -26,6 +27,11 @@ use SimpleSAML\Auth\Simple;
|
||||
* @author josh.north
|
||||
*/
|
||||
class StaticFunctions {
|
||||
public function loadEncryptionKeyFromConfig() {
|
||||
$keyAscii = Registry::ENCKEY;
|
||||
return Key::loadFromAsciiSafeString($keyAscii);
|
||||
}
|
||||
|
||||
public function getVersion ($app_disp_lang) {
|
||||
$Translate = new \App\LobbySIO\Language\Translate($app_disp_lang);
|
||||
$transLang = $Translate->userLanguage();
|
||||
|
BIN
src/Misc/defuse-crypto.phar
Normal file
BIN
src/Misc/defuse-crypto.phar
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user