Commit 5b6e0e13 authored by thiaramus's avatar thiaramus
Browse files

Removed front-end related code

parent 5d53678d
<?php
/*
* webJAM - A modern JAM MessageBase Editor
* Copyright (C) 2017 Philipp Giebel (stimpy@kuehlbox.wtf)
*
* This program is free software: you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program.
* If not, see (http://www.gnu.org/licenses/).
*
* * filename: init.inc.php
* * description: All the initialisation is done here.
*
*/
$bv = '%VERSION%';
if ($bv == "%VERSION%") {
define('VERSION', '0.1.5-dev');
} else {
define('VERSION', $bv);
}
unset($bv);
require_once 'config.inc.php';
spl_autoload_register(function ($name) use ($cfg) {
$classFileName = $name . '.class.php';
$classPath = $cfg['classesDir'] . DIRECTORY_SEPARATOR . $classFileName;
if (file_exists($classPath) && !is_dir($classPath) && is_readable($classPath)) {
require_once $classPath;
}
});
if ($cfg['debug']) {
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
} else {
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED);
}
if (version_compare(PHP_VERSION, '7.0.0', '<')) {
require_once 'compat.inc.php';
}
require_once 'auth.inc.php';
if (!array_key_exists('semaphores', $cfg)) {
$cfg['semaphores']['echoscan'] = false;
$cfg['semaphores']['netscan'] = false;
}
if (!array_key_exists('echoscan', $cfg['semaphores'])) $cfg['semaphores']['echoscan'] = false;
if (!array_key_exists('netscan', $cfg['semaphores'])) $cfg['semaphores']['netscan'] = false;
\ No newline at end of file
<?php
/*
* webJAM - A modern JAM MessageBase Editor
* Copyright (C) 2017 Philipp Giebel (stimpy@kuehlbox.wtf)
*
* This program is free software: you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program.
* If not, see (http://www.gnu.org/licenses/).
*
* * filename: init.inc.php
* * description: All the initialisation is done here.
*
*/
$bv = '%VERSION%';
if ( $bv == "%VERSION%" ) {
define( 'VERSION', '0.1.5-dev' );
} else {
define( 'VERSION', $bv );
}
unset( $bv );
require_once 'config.inc.php';
if ( $cfg['debug'] ) {
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
} else {
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED);
}
session_start();
if ( version_compare( PHP_VERSION, '7.0.0', '<' ) ) {
require_once 'compat.inc.php';
}
$echos = parse_ini_file( 'areas.ini', true );
include( 'assets/classes/jam.class.php' );
$jam = new jam();
include( 'assets/classes/nodelist.class.php' );
$nodelist = new nodelist();
include( 'assets/classes/helper.class.php' );
$amb = new amb();
$echo = filter_input( INPUT_GET, 'echo', FILTER_SANITIZE_STRING );
if ( !$echo ) $echo = filter_input( INPUT_POST, 'echo', FILTER_SANITIZE_STRING );
$msgid = filter_input( INPUT_GET, 'msgid', FILTER_SANITIZE_NUMBER_INT );
if ( !$msgid ) $msgid = filter_input( INPUT_POST, 'msgid', FILTER_SANITIZE_NUMBER_INT );
$user = false;
$username = filter_input( INPUT_POST, 'username', FILTER_SANITIZE_STRING );
$password = filter_input( INPUT_POST, 'password', FILTER_SANITIZE_STRING );
$pwc = filter_input( INPUT_POST, 'pwc', FILTER_SANITIZE_STRING );
$stay = intval( filter_input( INPUT_POST, 'stay', FILTER_SANITIZE_NUMBER_INT ) );
if ( $username != NULL ) {
if ( $pwc != NULL ) {
$password = $pwc;
} else {
$password = hash( 'sha256', $password );
}
if ( hash_equals( hash( 'sha256', $password ), $cfg['users'][$username]['password'] ) ) {
$_SESSION['pwc'] = $password;
$_SESSION['username'] = $username;
if ( $stay === 1 ) {
setcookie( "webjam[pwc]", hash( 'sha256', hash( 'sha256', hash( 'sha256', $password ) ) ), time()+315360000);
setcookie( "webjam[username]", $username, time()+315360000);
}
}
}
$action = filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
if ( $action == 'logout' ) {
$_SESSION['pwc'] = '';
$_SESSION['username'] = '';
unset( $_SESSION['pwc'] );
unset( $_SESSION['username'] );
setcookie( "webjam[pwc]", "", time() - 3600 );
setcookie( "webjam[username]", "", time() - 3600) ;
session_destroy();
}
$token = filter_input( INPUT_POST, 'token', FILTER_SANITIZE_STRING );
if ( $token != NULL ) {
foreach ( array_keys( $cfg['users'] ) as $u ) {
if ( ( hash( 'sha256', $cfg['users'][$u]['password'] ) == $token ) AND ( $user == false ) ) {
$user = $cfg['users'][$u];
$username = $u;
}
}
unset( $token );
} elseif ( array_key_exists( 'pwc', $_SESSION ) ) {
if ( hash_equals( hash( 'sha256', $_SESSION['pwc'] ), $cfg['users'][$_SESSION['username']]['password'] ) ) {
$user = $cfg['users'][$_SESSION['username']];
$username = $_SESSION['username'];
}
} elseif ( ( array_key_exists( 'webjam', $_COOKIE ) ) AND ( $action != 'logout' ) ) {
if ( array_key_exists( 'pwc', $_COOKIE['webjam'] ) ) {
if ( hash_equals( $_COOKIE['webjam']['pwc'], hash( 'sha256', hash( 'sha256', $cfg['users'][$_COOKIE['webjam']['username']]['password'] ) ) ) ) {
$user = $cfg['users'][$_COOKIE['webjam']['username']];
$username = $_COOKIE['webjam']['username'];
}
}
}
if ( $user != false ) {
$user['username'] = $username;
unset( $username );
}
$message_headers = false;
if ( !array_key_exists( 'semaphores', $cfg ) ) {
$cfg['semaphores']['echoscan'] = false;
$cfg['semaphores']['netscan'] = false;
}
if ( !array_key_exists( 'echoscan', $cfg['semaphores'] ) ) $cfg['semaphores']['echoscan'] = false;
if ( !array_key_exists( 'netscan', $cfg['semaphores'] ) ) $cfg['semaphores']['netscan'] = false;
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment