diff --git a/.gitignore b/.gitignore index 382cbe4..7664bcb 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ modules/* !modules/welcome !modules/admin !modules/phatemplates +!modules/phangoapp settings/config.php setting/config_test.php diff --git a/index.php b/index.php index 70de78e..a6ba863 100644 --- a/index.php +++ b/index.php @@ -4,8 +4,8 @@ use PhangoApp\PhaUtils\Utils; ob_start(); -include('libraries/Utils.php'); -include('libraries/Routes.php'); +//include('libraries/Utils.php'); +//include('libraries/Routes.php'); if(is_file(__DIR__.'/vendor/autoload.php')) { @@ -15,8 +15,6 @@ if(is_file(__DIR__.'/vendor/autoload.php')) { //ob_start(); -Utils::load_config('config'); - spl_autoload_register(function($class_name) { //Simple autoload for modules, first element is module, second element is the file to load. @@ -26,23 +24,34 @@ spl_autoload_register(function($class_name) { if(count($arr_library)>1) { $module=strtolower($arr_library[0]); - $library=strtolower($arr_library[1]); - + + $last_path=implode('/', array_slice($arr_library, 1, count($arr_library))); + + $library=strtolower($last_path); + if(is_file('modules/'.$module.'/libraries/'.$library.'.php')) { include('modules/'.$module.'/libraries/'.$library.'.php'); } + else if(is_file('modules/'.$module.'/libraries/'.strtolower($arr_library[1]).'.php')) { + + include('modules/'.$module.'/libraries/'.strtolower($arr_library[1]).'.php'); + + } } }); +Utils::load_config('config'); + if(!PhangoApp\PhaRouter\Config::$on_other) { - + if(!PhangoApp\PhaRouter\Config::$get_path_info) { - + $path_info=isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : ''; + } else { diff --git a/libraries/Routes.php b/libraries/Routes.php index 8d8bffa..ba4cbb5 100644 --- a/libraries/Routes.php +++ b/libraries/Routes.php @@ -32,7 +32,7 @@ class Config { * Url: http://domain.com/index.php/{module}/index/{arg1}/{arg2} -> modules/module/controller_index.php AppController->App($args); */ -function get_controller($controller, $args=[]) { +function get_controller($path_info, $controller, $args=[]) { $controller=__DIR__.'/../'.$controller; @@ -44,6 +44,8 @@ function get_controller($controller, $args=[]) { $controller=new \AppController(); + $controller->path_info=$path_info; + //return $controller->App($args); return call_user_func_array(array($controller, 'App'), $args); @@ -75,7 +77,7 @@ function get_controller($controller, $args=[]) { //Route is: /module/file/switch/parameter1/parameter2 function get_route($path_info) { - + if($path_info!='') { $arr_path=filter_path($path_info); @@ -86,7 +88,7 @@ function get_route($path_info) { $controller=\PhangoApp\PhaRouter\Config::$modules_allowed[\PhangoApp\PhaRouter\Config::$home_module].'/controllers/app.php'; - return \PhangoApp\PhaRouter\get_controller($controller, []); + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); break; @@ -98,7 +100,7 @@ function get_route($path_info) { $controller=$module_path.'/controllers/app.php'; - return \PhangoApp\PhaRouter\get_controller($controller, []); + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); } @@ -112,7 +114,7 @@ function get_route($path_info) { $controller=$module_path.'/controllers/'.$arr_path[2].'.php'; - return \PhangoApp\PhaRouter\get_controller($controller, []); + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); } @@ -128,7 +130,7 @@ function get_route($path_info) { $args=array_slice($arr_path, 2, count($arr_path)); - return \PhangoApp\PhaRouter\get_controller($controller, $args); + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, $args); } @@ -141,7 +143,7 @@ function get_route($path_info) { $controller=\PhangoApp\PhaRouter\Config::$modules_allowed[\PhangoApp\PhaRouter\Config::$home_module].'/controllers/app.php'; - return \PhangoApp\PhaRouter\get_controller($controller, []); + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); } @@ -225,6 +227,8 @@ class Url { class Controller { + public $path_info=''; + public function json($arr_return) { $final_return=json_encode($arr_return); diff --git a/modules/admin/controllers/app.php b/modules/admin/controllers/app.php index 7218511..33b1e67 100644 --- a/modules/admin/controllers/app.php +++ b/modules/admin/controllers/app.php @@ -86,8 +86,8 @@ class AppController extends TplController{ if($num_tries<5) { - $username=trim($_POST['username']); - $password=trim($_POST['password']); + $username=trim($_POST['username'] ?? ''); + $password=trim($_POST['password'] ?? ''); if($username=='') { @@ -104,6 +104,7 @@ class AppController extends TplController{ $error=0; $_SESSION['admin_login']=1; + $_SESSION['date_login']=date("Y-m-d H:i:s"); if($arr_user['double_auth']) { @@ -253,15 +254,32 @@ class AppController extends TplController{ break; - case 'double_auth': + case 'check_auth': + + //Session expired. + + if($this->check_login()) { - echo $this->tpl->load_template('check_auth', ['title' => 'Double auth']); + if($_SERVER['REQUEST_METHOD']=='POST') { + + + + } + else { + + echo $this->tpl->load_template('check_auth', ['title' => 'Double auth']); + + } + + } break; case 'logout': unset($_SESSION['admin_login']); + unset($_SESSION['double_auth']); + unset($_SESSION['date_login']); header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin')); diff --git a/modules/admin/libraries/tplcontroller.php b/modules/admin/libraries/tplcontroller.php index a86a9e1..a0c4ff7 100644 --- a/modules/admin/libraries/tplcontroller.php +++ b/modules/admin/libraries/tplcontroller.php @@ -26,11 +26,24 @@ class TplController extends PhangoApp\PhaRouter\Controller { if(isset($_SESSION['admin_login'])) { - if(isset($_SESSION['double_auth'])) { + if(isset($_SESSION['double_auth']) && $this->path_info!='/admin/app/check_auth') { - //header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['check_auth'])); + header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['check_auth'])); die; + } else { + + $now=date("Y-m-d H:i:s"); + + $timestamp_5_min=strtotime($now)-300; + $timestamp_last_login=strtotime($_SESSION['date_login']); + + if($timestamp_5_min>$timestamp_last_login) { + + header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['logout'])); + + } + } return true; diff --git a/modules/admin/templates/check_auth.php b/modules/admin/templates/check_auth.php index f5269a3..dd16dbd 100644 --- a/modules/admin/templates/check_auth.php +++ b/modules/admin/templates/check_auth.php @@ -1,8 +1,9 @@ layout('login_tpl', ['title' => $title])?> start('content')?>
+

You have 5 minutes for put the code sended to your email.

-

+

@@ -42,7 +43,7 @@ $('#csrf_token').attr('value', data.csrf_token); - $('#username_error').html(data.error_form.username_error); + $('#auth_code_error').html(data.error_form.username_error); } }, diff --git a/modules/phangoapp/libraries/pharouter.php b/modules/phangoapp/libraries/pharouter.php new file mode 100644 index 0000000..1b23043 --- /dev/null +++ b/modules/phangoapp/libraries/pharouter.php @@ -0,0 +1,242 @@ + 'modules/welcome']; + + static public $libraries_allowed=[]; + + static public $base_url=''; + + static public $data=[]; + + static public $index_file='index.php/'; + + static public $get_path_info=false; + + static public $on_other=false; + + static public $on_proxy=false; + +} + +/*Examples +* Url: http://domain.com/ +* Url: http://domain.com/index.php/{module} +* Url: http://domain.com/index.php/{module}/app/{arg1}/{arg2} -> modules/module/controller_app.php controller($args); +* Url: http://domain.com/index.php/{module}/index/{arg1}/{arg2} -> modules/module/controller_index.php AppController->App($args); +*/ + +function get_controller($path_info, $controller, $args=[]) { + + $controller=__DIR__.'/../../../'.$controller; + + if(is_file($controller)) { + + include_once($controller); + + if(class_exists('AppController')) { + + $controller=new \AppController(); + + $controller->path_info=$path_info; + + //return $controller->App($args); + return call_user_func_array(array($controller, 'App'), $args); + + } + else { + + return call_user_func_array('controller', $args); + } + + } + else { + + echo 'Page not found'; + + if(!\PhangoApp\PhaRouter\Config::$on_other) { + + http_response_code(404); + + } + + exit(1); + + } + +} + +//Route is: /module/switch/ +//Route is: /module/file/switch/ +//Route is: /module/file/switch/parameter1/parameter2 + +function get_route($path_info) { + + if($path_info!='') { + + $arr_path=filter_path($path_info); + + switch (count($arr_path)) { + + case 0: + + $controller=\PhangoApp\PhaRouter\Config::$modules_allowed[\PhangoApp\PhaRouter\Config::$home_module].'/controllers/app.php'; + + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); + + break; + + case 1: + + if(isset(Config::$modules_allowed[$arr_path[1]])) { + + $module_path=Config::$modules_allowed[$arr_path[1]]; + + $controller=$module_path.'/controllers/app.php'; + + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); + + } + + break; + + case 2: + + if(isset(Config::$modules_allowed[$arr_path[1]])) { + + $module_path=Config::$modules_allowed[$arr_path[1]]; + + $controller=$module_path.'/controllers/'.$arr_path[2].'.php'; + + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); + + } + + break; + + default: + + if(isset(Config::$modules_allowed[$arr_path[1]])) { + + $module_path=Config::$modules_allowed[$arr_path[1]]; + + $controller=$module_path.'/controllers/'.$arr_path[2].'.php'; + + $args=array_slice($arr_path, 2, count($arr_path)); + + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, $args); + + } + + break; + + } + + } + else { + + $controller=\PhangoApp\PhaRouter\Config::$modules_allowed[\PhangoApp\PhaRouter\Config::$home_module].'/controllers/app.php'; + + return \PhangoApp\PhaRouter\get_controller($path_info, $controller, []); + + } + + //If not return, page not found. + + echo 'Page not found'; + + if(!\PhangoApp\PhaRouter\Config::$on_other) { + + http_response_code(404); + + } + + exit(1); + + +} + +function filter_path($path_info) { + + $final_path=[]; + + $arr_path=explode('/', $path_info); + + if($arr_path[count($arr_path)-1]=='') { + + unset($arr_path[count($arr_path)-1]); + + } + + $z=1; + + unset($arr_path[0]); + + foreach($arr_path as $k => $info) { + + $v=Utils::slugify($info); + + if($v!='') { + + $final_path[$z]=$v; + + $z++; + + } + } + + return $final_path; + +} + +class Url { + + static public function make_url($module, $script='', $args=[]) { + + $url=$module; + + if($script!='') { + + $url.='/'.$script; + + } + + if(count($args)>0) { + + $url.='/'.implode('/', $args); + + } + + return Config::$base_url.Config::$index_file.$url; + + } + + static public function make_media_url($file) { + + return Config::$base_url.$file; + + } + +} + +class Controller { + + public $path_info=''; + + public function json($arr_return) { + + $final_return=json_encode($arr_return); + + header('Content-Type: application/json; charset=utf-8'); + + return $final_return; + + } + +} diff --git a/modules/phangoapp/libraries/phautils/utils.php b/modules/phangoapp/libraries/phautils/utils.php new file mode 100644 index 0000000..575ddf5 --- /dev/null +++ b/modules/phangoapp/libraries/phautils/utils.php @@ -0,0 +1,698 @@ +/', '/"/', '/\'/', "/ /"); + $arr_entities=array('<', '>', '"', ''', ' '); + + if($br==1) + { + + $text = preg_replace($arr_tags, $arr_entities, $text); + + $arr_text = explode("\n\r\n", $text); + + $c=count($arr_text); + + if($c>1) + { + for($x=0;$x<$c;$x++) + { + + $arr_text[$x]='

'.trim($arr_text[$x]).' 

'; + + } + } + + + $text=implode('', $arr_text); + + $arr_text = explode("\n", $text); + + $c=count($arr_text); + + if($c>1) + { + for($x=0;$x<$c;$x++) + { + + $arr_text[$x]=trim($arr_text[$x]).'
'; + + } + } + + $text=implode('', $arr_text); + + } + + + $text = Utils::make_slashes( $text ); + + return $text; + + } + + /** + * Function used for add slashes from _POST and _GET variables. + * + * + * @param string $string String for add slashes + */ + + static public function make_slashes( $string ) + { + return addslashes( $string ); + } + + /** + * Function used for strip slashes from _POST and _GET variables. + * + * + * @param string $string String for strip slashes + */ + + static public function unmake_slashes( $string ) + { + return stripslashes( $string ); + } + + /** + * This function is used to clean up the text of undesirable html tags + * + * @param string $text Input text for clean undesirable html tags + * @param array $allowedtags An array with allow tags on the text. + */ + + static public function form_text_html( $text , $allowedtags=array()) + { + + settype( $text, "string" ); + + //If no html editor \r\n=

+ + /*$text=preg_replace("//", "\n", $text);*/ + + /*if(Utils::$textbb_type!='') + { + + $text=str_replace("\r", '', $text); + $text=str_replace("\n", '', $text); + + } + else + { + + //Make

+ + $arr_text = explode("\n\r\n", $text); + + $c=count($arr_text); + + if($c>1) + { + for($x=0;$x<$c;$x++) + { + + $arr_text[$x]='

'.trim($arr_text[$x]).' 

'; + + } + } + + + $text=implode('', $arr_text); + + $arr_text = explode("\n", $text); + + $c=count($arr_text); + + if($c>1) + { + for($x=0;$x<$c;$x++) + { + + $arr_text[$x]=trim($arr_text[$x]).'
'; + + } + } + + $text=implode('', $arr_text); + + }*/ + /*echo htmlentities($text); + die;*/ + + //Check tags + + //Bug : tags deleted ocuppied space. + + //First strip_tags + + $text = trim( $text ); + + //Trim html + + /*$text=str_replace(' ', ' ', $text); + + while(preg_match('/

\s+<\/p>$/s', $text)) + { + + $text=preg_replace('/

\s+<\/p>$/s', '', $text); + + }*/ + + //Now clean undesirable html tags + + if(count($allowedtags)>0) + { + + $text=strip_tags($text, '<'.implode('><', array_keys($allowedtags)).'>' ); + + $arr_tags=array('//', '/"/', '/\'/', "/ /"); + $arr_entities=array('<', '>', '"', ''', ' '); + + $text=preg_replace($arr_tags, $arr_entities, $text); + + $text=str_replace(' ', '  ', $text); + + $arr_tags_clean=array(); + $arr_tags_empty_clean=array(); + + //Close tags. + + //Filter tags + + $final_allowedtags=array(); + + foreach($allowedtags as $tag => $parameters) + { + //If mark how recursive, make a loop + + settype($parameters['recursive'], 'integer'); + + $c_count=0; + $x=0; + + if($parameters['recursive']==1) + { + + $c_count = substr_count( $text, '<'.$tag.'>'); + + } + + for($x=0;$x<=$c_count;$x++) + { + + $text=preg_replace($parameters['pattern'], $parameters['replace'], $text); + + } + + $pos_=strpos($tag, '_'); + + if($pos_!==false) + { + + $tag=substr($tag, 0, $pos_); + + } + + $final_allowedtags[]=$tag.'_tmp'; + + //Destroy open tags. + + $arr_tags_clean[]='/<(.*?)'.$tag.'(.*?)>/'; + + $arr_tags_empty_clean[]=''; + $arr_tags_empty_clean[]=''; + + } + + $text=preg_replace($arr_tags_clean, $arr_tags_empty_clean, $text); + } + + //With clean code, modify (.*?)<\/p>/s", "$1\n\r\n", $text ); + $text = str_replace( "
", "", $text ); + + return $text; + + } + + + /** + * A function for generate a rand token used on sessions. + * + * @param string $length_token A variable used for set the character's length the password. More length, password more secure + */ + + static public function get_token($length_token=24) + { + + $rand_prefix=Utils::generate_random_password($length_token); + + return $rand_prefix; + + } + + /** + * Function used for generate a simple random password. Use random_int php function for get the characters of the password + * + * @param string $length_pass A variable used for set the character's length the password. More length, password more secure + * + */ + + static public function generate_random_password($length_pass=32) + { + + $x=0; + $z=0; + + $abc=array( 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '*', '+', '!', '-', '_', '@', '#', '$'); + + $disorder_abc=[]; + + //Simple disorder using random_int + + while(count($abc)>0) { + + $c_abc=count($abc); + + $num_element_move=random_int(0, $c_abc-1); + + $disorder_abc[]=$abc[$num_element_move]; + + unset($abc[$num_element_move]); + + $abc=array_values($abc); + + } + + //Get randomly elements from the randomly generated array. + + $c=count($disorder_abc)-1; + + $password_final=''; + + for($x=0;$x<$length_pass;$x++) { + + $num_element_pass=random_int(0, $c); + + $password_final.=$disorder_abc[$num_element_pass]; + + } + + //Add strange characters + + return $password_final; + + } + + + /** + * Load libraries, well, simply an alternative include + * + * Very important function used for load the functions and method necessaries on your projects. Is simple, you create a file php and put in a libraries folder. Use the name without php used in file and magically the file is loaded. You can use this function in many places, phango use a little cache for know who file is loaded. + * + * @param string $names The name of php file without .php extension. If you want specific many libraries you can use an array + * @param string $path The base path where search the library if is not in standard path. By default the path is on Utils::$base_path/libraries/ or Utils::$base_path/modules/$module/libraries/ + * @deprecated Use namespaces and composer instead. + */ + + static public function load_libraries($names, $path='') + { + + if(gettype($names)!='array') + { + + $arr_names[]=$names; + + } + else + { + + $arr_names=&$names; + + } + + if($path=='') + { + + $path=Routes::$base_path.'/vendor/'.Routes::$app.'/libraries/'; + + } + else + { + + $path=Routes::$base_path.'/'.$path.'/'; + + } + + + foreach($arr_names as $library) + { + + + if(!isset(Utils::$cache_libraries[$library])) + { + + $old_path=$path; + + if(is_file($path.'/'.$library.'.php')) + { + include($path.$library.'.php'); + + Utils::$cache_libraries[$library]=1; + + } + else + { + //Libraries path + + $path=Routes::$base_path.'/libraries/'; + + if(!include($path.$library.'.php')) + { + + + die(); + + } + else + { + + Utils::$cache_libraries[$library]=1; + + } + + } + + } + + } + + return true; + + } + + /** + * Simple function for replate real quotes for quote html entities. + * + * @param string $text Text to clean. + */ + + static public function replace_quote_text( $text ) + { + + $text = str_replace( "\"", """, $text ); + + return $text; + + } + + /** + * Internal function for set array values without keys inside $array_strip + * + * @param array $array_strip The array with key values for set + * @param array $array_source The array that i want fill with default values + * + */ + + static public function filter_fields_array($array_strip, $array_source) + { + + $array_final=array(); + + if(count($array_strip)>0) + { + foreach($array_strip as $field_strip) + { + + $array_final[$field_strip]=@$array_source[$field_strip]; + + } + + return $array_final; + + } + else + { + + return $array_source; + + } + } + + /** + * Function used for show on stdout a csrf_token used by POST phango controllers for check if is a real POST from phango. + * + * @param string $name_token The name of the token key in session + * @param int $length_token The length of + */ + + static public function set_csrf_key($name_token='csrf_token', $length_token=80) + { + + /*if(!isset($_SESSION['csrf_token'])) + {*/ + + $_SESSION['csrf_token']=Utils::get_token($length_token); + + //} + + return "\n\n"; + + } + + /** + * Function used for show on stdout a csrf_token used by POST phango controllers for check if is a real POST from phango. + * + */ + + static public function generate_csrf_key($length_token=80) + { + + $_SESSION['csrf_token']=Utils::get_token($length_token); + + return $_SESSION['csrf_token']; + + } + + /** + * Function for load config for modules. + * + * + * @param $name_config Name of the config file, optional. Normally load config.php file on folder config. + * @param $path Path where search the config. + */ + + static public function load_config($name_config, $path="settings") + { + + //load_libraries(array($name_config), PhangoVar::$base_path.'/modules/'.$module.'/config/'); + + $file='./'.$path.'/'.$name_config.'.php'; + + if(is_file($file) && !isset(Utils::$cache_config[$file])) + { + include($file); + + Utils::$cache_config[$file]=1; + + return true; + } + else + { + + return false; + + } + + } + + /** + * Function for reload config. + * + * @warning WARNING, use this method only if you don't have any alternative + * + * @param $module Name of the module + * @param $name_config Name of the config file, optional. Normally load config.php file on folder config. + */ + + static public function reload_config($name_config, $path="./settings") + { + + //load_libraries(array($name_config), PhangoVar::$base_path.'/modules/'.$module.'/config/'); + + $file=$path.'/'.$name_config.'.php'; + + if(is_file($file)) + { + + $cont_file_config=file_get_contents($file); + + $cont_file_config=str_replace('', '', $cont_file_config); + + if(eval($cont_file_config)===FALSE) + { + + throw new \Exception('Error: cannot reload the config file: '.$file); + + } + + } + + } + + /** + * Method for wrap words of a string + * + * @param string $text The text to wrap + * @param integer $num_words The number of words of returned text + * @param string $text_explain The string used for show that the texts is more longer + * @param boolean $yes_more_ever Boolean used for activate or disable $text_explain if the size of real string is the same of the new string + */ + + static public function wrap_words($text, $num_words, $text_explain='...', $yes_more_ever=0) + { + + $arr_text=explode(' ', $text); + + $final_text=''; + + $total_num_text=count($arr_text); + + if($total_num_text<$num_words) + { + + $num_words=$total_num_text; + + if($yes_more_ever==0) + { + $text_explain=''; + } + + } + + for($x=0;$x<$num_words;$x++) + { + + $arr_final_text[]=$arr_text[$x]; + + } + + return implode(' ', $arr_final_text).' '.$text_explain; + + } + + +} + +?>