diff --git a/DB.sql b/DB.sql index 5391204..14f8e65 100644 --- a/DB.sql +++ b/DB.sql @@ -3,8 +3,8 @@ -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 --- Generation Time: Oct 03, 2023 at 08:51 AM --- Server version: 10.5.19-MariaDB-0+deb11u2 +-- Generation Time: Oct 24, 2023 at 06:33 PM +-- Server version: 10.5.21-MariaDB-0+deb11u1 -- PHP Version: 7.4.33 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; @@ -119,15 +119,18 @@ CREATE TABLE `system` ( `shoutbox` int(11) NOT NULL DEFAULT 1, `discordlinking` int(1) NOT NULL DEFAULT 1, `discordlogging` int(1) NOT NULL DEFAULT 0, - `relinkdiscord` int(1) NOT NULL DEFAULT 1 + `relinkdiscord` int(1) NOT NULL DEFAULT 1, + `cap_service` int(1) NOT NULL DEFAULT 1, + `cap_key` varchar(255) DEFAULT NULL, + `cap_secret` varchar(255) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; -- -- Dumping data for table `system` -- -INSERT INTO `system` (`status`, `version`, `news`, `maintenance`, `frozen`, `freezingtime`, `invites`, `shoutbox`, `discordlinking`, `discordlogging`, `relinkdiscord`) VALUES -(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 1, 0, 1, 0, 1); +INSERT INTO `system` (`status`, `version`, `news`, `maintenance`, `frozen`, `freezingtime`, `invites`, `shoutbox`, `discordlinking`, `discordlogging`, `relinkdiscord`, `cap_service`, `cap_key`, `cap_secret`) VALUES +(0, 1, 'Welcome to znixv2-panel-edit by anditv21!', 0, 0, 0, 1, 0, 1, 0, 1, 0, 'test', 'test2'); -- -------------------------------------------------------- @@ -150,7 +153,8 @@ CREATE TABLE `userlogs` ( -- INSERT INTO `userlogs` (`id`, `username`, `action`, `browser`, `os`, `ip`, `time`) VALUES -(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46'); +(278, 'admin2', 'Flushed all logs', 'Chrome', 'Windows 10', 'localhost', 'August 12 th, 22:46'), +(435, 'admin', 'Flushed all logs', 'Google Chrome', 'Windows 10', 'localhost', 'October 24 th, 19:28'); -- -------------------------------------------------------- @@ -192,8 +196,8 @@ CREATE TABLE `users` ( -- INSERT INTO `users` (`uid`, `username`, `displayname`, `password`, `hwid`, `admin`, `supp`, `sub`, `username_change`, `frozen`, `banned`, `invitedBy`, `createdAt`, `lastIP`, `currentLogin`, `lastLogin`, `banreason`, `resetcount`, `lastreset`, `invites`, `invitescount`, `discord_access_token`, `discord_refresh_token`, `dcid`, `muted`, `loginfails`) VALUES -(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', 'e7b81f23-815f-433f-8cb7-bbb5c41596ef', 1, 1, '2023-06-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-10-03 10:46:49', '2023-10-03 10:35:45', 'none', 13, '2023-07-30', 26, 0, NULL, NULL, '854024514781315082', 0, 0), -(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 15, 0, NULL, '', '1005948935690522665', 0, 0); +(1, 'admin', 'andi_arbeit', '$2y$10$7wOzYc.AXpXc1nE/b0IqLOsP2w1cK9LZXDUi6hoSyuWBDj3DoBjOK', NULL, 1, 1, '2023-06-01', NULL, 0, 0, '', '2022-07-05 22:04:37', 'localhost', '2023-10-24 19:28:46', '2023-10-24 19:25:12', 'none', 13, '2023-07-30', 26, 0, NULL, NULL, NULL, 0, 0), +(2, 'admin2', NULL, '$argon2i$v=19$m=65536,t=4,p=1$dUNwRW5vNkJ1S1FubGJjRg$0hKtX7rVveuPpCeatmqb2iX55kEo/qBERXkZkiGGJ8E', NULL, 0, 0, '2089-04-28', NULL, 0, 0, 'System', '2023-07-01 14:06:00', 'localhost', '2023-08-13 12:49:39', '2023-08-12 22:49:20', 'none', 0, NULL, 15, 0, NULL, NULL, NULL, 0, 0); -- -- Indexes for dumped tables @@ -261,7 +265,7 @@ ALTER TABLE `users` -- AUTO_INCREMENT for table `login` -- ALTER TABLE `login` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=37; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=54; -- -- AUTO_INCREMENT for table `shoutbox` @@ -273,7 +277,7 @@ ALTER TABLE `shoutbox` -- AUTO_INCREMENT for table `userlogs` -- ALTER TABLE `userlogs` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=385; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=436; -- -- AUTO_INCREMENT for table `users` diff --git a/src/admin/system.php b/src/admin/system.php index 34cf8f0..856165f 100644 --- a/src/admin/system.php +++ b/src/admin/system.php @@ -19,92 +19,118 @@ // if post request if (Util::securevar($_SERVER["REQUEST_METHOD"]) === "POST") { - if (isset($_POST["SystemStatus"])) { - $Systemstatus = Util::securevar($_POST["SystemStatus"]); - } - if (isset($_POST["SystemMaint"])) { - $SystemMaint = Util::securevar($_POST["SystemMaint"]); - } - if (isset($_POST["SystemVersion"])) { - $SystemVersion = Util::securevar($_POST["SystemVersion"]); - } - if (isset($_POST["invite"])) { - $invite = Util::securevar($_POST["invite"]); - } - if (isset($_POST['Systemfreeze'])) { - $Systemfreeze = Util::securevar($_POST['Systemfreeze']); - } - if (isset($_POST['flushchat'])) { - $flushchat = Util::securevar($_POST['flushchat']); - } - if (isset($_POST['shoutbox'])) { - $shoutbox = Util::securevar($_POST['shoutbox']); - } - if (isset($_POST['setnews'])) { - $news = Util::securevar($_POST['setnews']); - } - if (isset($_POST['invwave'])) { - $invwave = Util::securevar($_POST['invwave']); - } - if (isset($_POST['discordlinking'])) { - $discordlinking = Util::securevar($_POST['discordlinking']); - } - if (isset($_POST['discordrelinking'])) { - $discordrelinking = Util::securevar($_POST['discordrelinking']); - } - if (isset($_POST['discordlogging'])) { - $discordlogging = Util::securevar($_POST['discordlogging']); - } + if (isset($_POST["SystemStatus"])) { + $Systemstatus = Util::securevar($_POST["SystemStatus"]); + } + if (isset($_POST["SystemMaint"])) { + $SystemMaint = Util::securevar($_POST["SystemMaint"]); + } + if (isset($_POST["SystemVersion"])) { + $SystemVersion = Util::securevar($_POST["SystemVersion"]); + } + if (isset($_POST["invite"])) { + $invite = Util::securevar($_POST["invite"]); + } + if (isset($_POST['Systemfreeze'])) { + $Systemfreeze = Util::securevar($_POST['Systemfreeze']); + } + if (isset($_POST['flushchat'])) { + $flushchat = Util::securevar($_POST['flushchat']); + } + if (isset($_POST['shoutbox'])) { + $shoutbox = Util::securevar($_POST['shoutbox']); + } + if (isset($_POST['setnews'])) { + $news = Util::securevar($_POST['setnews']); + } + if (isset($_POST['invwave'])) { + $invwave = Util::securevar($_POST['invwave']); + } + if (isset($_POST['discordlinking'])) { + $discordlinking = Util::securevar($_POST['discordlinking']); + } + if (isset($_POST['discordrelinking'])) { + $discordrelinking = Util::securevar($_POST['discordrelinking']); + } + if (isset($_POST['discordlogging'])) { + $discordlogging = Util::securevar($_POST['discordlogging']); + } - Util::adminCheck(); + if (isset($_POST['service'])) { + $service = Util::securevar($_POST['service']); + } - if (isset($Systemstatus)) { - $admin->setSystemStatus(); - } + if (isset($_POST['setkey'])) { + $key = Util::securevar($_POST['site_key']); + } - if (isset($SystemMaint)) { - $admin->setSystemMaint(); - } + if (isset($_POST['setsecret'])) { + $secret = Util::securevar($_POST['site_secret']); + } - if (isset($SystemVersion)) { - $ver = floatval(Util::securevar($_POST["version"])); - $admin->setSystemVersion($ver); - } - if (isset($invite)) { - $admin->setinvite(); - } + Util::adminCheck(); - if (isset($news)) { - $news = Util::securevar($_POST["msg"]); - $admin->setnews($news); - } + if (isset($Systemstatus)) { + $admin->setSystemStatus(); + } - if (isset($Systemfreeze)) { - $admin->setSystemfreeze(); - } + if (isset($SystemMaint)) { + $admin->setSystemMaint(); + } - if (isset($flushchat)) { - $admin->flushchat(); - } + if (isset($SystemVersion)) { + $ver = floatval(Util::securevar($_POST["version"])); + $admin->setSystemVersion($ver); + } - if (isset($shoutbox)) { - $admin->setshoutbox(); - } + if (isset($invite)) { + $admin->setinvite(); + } - if (isset($invwave)) { - $admin->invwave(); - } - if (isset($discordlinking)) { - $admin->setDiscordLink(); - } - if (isset($discordrelinking)) { - $admin->setDiscordReLink(); - } - if (isset($discordlogging)) { - $admin->setDiscordLogging(); - } - header("location: system.php"); + if (isset($news)) { + $news = Util::securevar($_POST["msg"]); + $admin->setnews($news); + } + + if (isset($Systemfreeze)) { + $admin->setSystemfreeze(); + } + + if (isset($flushchat)) { + $admin->flushchat(); + } + + if (isset($shoutbox)) { + $admin->setshoutbox(); + } + + if (isset($invwave)) { + $admin->invwave(); + } + if (isset($discordlinking)) { + $admin->setDiscordLink(); + } + if (isset($discordrelinking)) { + $admin->setDiscordReLink(); + } + if (isset($discordlogging)) { + $admin->setDiscordLogging(); + } + if(isset($service)) + { + $admin->setCaptchaSystem($service); + } + if(isset($key)) + { + $admin->setCaptchaKey($key); + } + if(isset($secret)) + { + $admin->setCaptchaSecret($secret); + } + + header("location: system.php"); } @@ -165,11 +191,11 @@

getSystemData()->maintenance == "-" + $System->getSystemData()->maintenance == "-" ) : ?>
No
getSystemData()->maintenance == "UNDER" + $System->getSystemData()->maintenance == "UNDER" ) : ?>
Yes
@@ -189,11 +215,11 @@

getSystemData()->invites == "0" + $System->getSystemData()->invites == "0" ) : ?>
Disabled
getSystemData()->invites == "1" + $System->getSystemData()->invites == "1" ) : ?>
Enabled
@@ -213,9 +239,9 @@

getSystemData()->frozen == 1) { - Util::display("Frozen"); + Util::display("Frozen"); } else { - Util::display("Normal"); + Util::display("Normal"); } ?>

sub-status
@@ -231,9 +257,9 @@

getSystemData()->shoutbox == 1) { - Util::display("Enabled"); + Util::display("Enabled"); } else { - Util::display("Disabled"); + Util::display("Disabled"); } ?>

shoutbox-status
@@ -250,9 +276,9 @@

getSystemData()->discordlinking == 1) { - Util::display("Enabled"); + Util::display("Enabled"); } else { - Util::display("Disabled"); + Util::display("Disabled"); } ?>

discord-linking
@@ -269,9 +295,9 @@

getSystemData()->relinkdiscord == 1) { - Util::display("Enabled"); + Util::display("Enabled"); } else { - Util::display("Disabled"); + Util::display("Disabled"); } ?>

discord-re-linking
@@ -288,9 +314,9 @@

getSystemData()->discordlogging == 1) { - Util::display("Enabled"); + Util::display("Enabled"); } else { - Util::display("Disabled"); + Util::display("Disabled"); } ?>

discord-logging
@@ -298,6 +324,32 @@
+
+
+
+
+

+
+
+

getSystemData()->cap_service; + if ($service == 1) { + Util::display("Turnstile"); + } elseif ($service == 2) { + Util::display("hCaptcha"); + } elseif ($service == 3) { + Util::display("reCaptcha"); + } elseif ($service == 0) { + Util::display("None"); + } + ?> +

+ captcha-service +
+
+
+
+
"> @@ -324,8 +376,8 @@ -
-
+
+
@@ -342,7 +394,7 @@ ">
- +
@@ -352,13 +404,51 @@ ">
- +
+
"> +
+
+
+ +
+
+
+
+ +
+
+
+
"> +
+
+ +
+
+ +
+
+
+
"> +
+
+ +
+
+ +
+
+
diff --git a/src/app/controllers/AdminController.php b/src/app/controllers/AdminController.php index d034014..1805d42 100644 --- a/src/app/controllers/AdminController.php +++ b/src/app/controllers/AdminController.php @@ -220,4 +220,19 @@ public function getIPArray() { return $this->IPArray(); } + + public function setCaptchaSystem($service) + { + return $this->cahngeCaptchaSystem($service); + } + + public function setCaptchaKey($key) + { + return $this->cahngeCaptchaKey($key); + } + + public function setCaptchaSecret($secret) + { + return $this->cahngeCaptchaSecret($secret); + } } diff --git a/src/app/controllers/SystemController.php b/src/app/controllers/SystemController.php index 8cb11ee..0d22c39 100644 --- a/src/app/controllers/SystemController.php +++ b/src/app/controllers/SystemController.php @@ -13,8 +13,95 @@ public function getSystemData() return $this->SystemData(); } - public function getCaptcha() + public function getCaptchaImports() + { + return $this->getCaptcha(); + } + + private function getSecret() + { + return $this->getCaptchaSecret(); + } + + protected function getCapService() { return $this->getCaptchaService(); } + + public function vaildateCaptcha() + { + $captcha_service = $this->getCapService(); + + $secret = $this->getSecret(); + if ($captcha_service == 1) + { + $hdata = array( + 'secret' => $secret, + 'response' => Util::securevar($_POST['cf-turnstile-response']) + ); + $verify = curl_init(); + curl_setopt($verify, CURLOPT_URL, "https://challenges.cloudflare.com/turnstile/v0/siteverify"); + curl_setopt($verify, CURLOPT_POST, true); + curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($hdata)); + curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($verify); + // var_dump($response); + $responseData = json_decode($response); + if ($responseData->success) { + return True; + } + else + { + return False; + } + } + elseif($captcha_service == 2) + { + $hdata = array( + 'secret' => $secret, + 'response' => Util::securevar($_POST['h-captcha-response']) + ); + $verify = curl_init(); + curl_setopt($verify, CURLOPT_URL, "https://hcaptcha.com/siteverify"); + curl_setopt($verify, CURLOPT_POST, true); + curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($hdata)); + curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($verify); + // var_dump($response); + $responseData = json_decode($response); + if ($responseData->success) { + return True; + } + else + { + return False; + } + } + elseif($captcha_service == 3) + { + $hdata = array( + 'secret' => $secret, + 'response' => Util::securevar($_POST['g-recaptcha-response']) + ); + $verify = curl_init(); + curl_setopt($verify, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify"); + curl_setopt($verify, CURLOPT_POST, true); + curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($hdata)); + curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($verify); + // var_dump($response); + $responseData = json_decode($response); + if ($responseData->success) { + return True; + } + else + { + return False; + } + } + elseif($captcha_service == 0) + { + return True; + } + } } diff --git a/src/app/models/AdminModel.php b/src/app/models/AdminModel.php index a923024..1b816f2 100644 --- a/src/app/models/AdminModel.php +++ b/src/app/models/AdminModel.php @@ -810,4 +810,28 @@ protected function IPArray() return $result; } } + + protected function cahngeCaptchaSystem($service) + { + if ($this->checkadmin()) { + $this->prepare('UPDATE `system` SET `cap_service` = ?'); + $this->statement->execute([$service]); + } + } + + protected function cahngeCaptchaKey($key) + { + if ($this->checkadmin()) { + $this->prepare('UPDATE `system` SET `cap_key` = ?'); + $this->statement->execute([$key]); + } + } + + protected function cahngeCaptchaSecret($secret) + { + if ($this->checkadmin()) { + $this->prepare('UPDATE `system` SET `cap_secret` = ?'); + $this->statement->execute([$secret]); + } + } } diff --git a/src/app/models/SystemModel.php b/src/app/models/SystemModel.php index 3799a0a..dc63659 100644 --- a/src/app/models/SystemModel.php +++ b/src/app/models/SystemModel.php @@ -29,32 +29,53 @@ protected function SystemData() // Discord Re-Link $result->relinkdiscord = (int) $result->relinkdiscord; + + // Auth captcha + $result->cap_service = (int) $result->cap_service; return $result; } - protected function getCaptchaService() + protected function getCaptcha() { $this->prepare('SELECT * FROM `system`'); $this->statement->execute(); $result = $this->statement->fetch(); - return $result; + $service = $result->cap_service; $site_key = $result->cap_key; - if ($service == 1) - { + if ($service == 1) { return ' -
'; - } - elseif ($service == 2) - { +
'; + } elseif ($service == 2) { return ' -
'; +
'; + } elseif ($service == 3) { + return ' +
'; } - elseif ($service == 3) + elseif ($service == 0) { - return ' -
'; - } + return 0; + } + } + + protected function getCaptchaSecret() + { + $this->prepare('SELECT * FROM `system`'); + $this->statement->execute(); + $result = $this->statement->fetch(); + + return $result->cap_secret; + } + + protected function getCaptchaService() + { + $this->prepare('SELECT * FROM `system`'); + $this->statement->execute(); + $result = $this->statement->fetch(); + + return $result->cap_service; } + } diff --git a/src/auth/login.php b/src/auth/login.php index c40b00e..d1cb65e 100644 --- a/src/auth/login.php +++ b/src/auth/login.php @@ -1,24 +1,37 @@ loginUser($data); + if (isset($_POST)) { + $data = Util::securevar($_POST); + } + + $captcha = $system->vaildateCaptcha($data); + if($captcha == True) + { + $error = $user->loginUser($data); + } + else + { + $error = "Captcha failed or not completed"; + } + + } if (isset($_COOKIE["login_cookie"])) { - $cookie = Util::securevar($_COOKIE["login_cookie"]); - if (isset($cookie)) { - $error = $user->tokenlogin($cookie); - } + $cookie = Util::securevar($_COOKIE["login_cookie"]); + if (isset($cookie)) { + $error = $user->tokenlogin($cookie); + } } Util::head('Login'); Util::navbar(); @@ -58,7 +71,7 @@
-
+
@@ -81,9 +94,9 @@
Don't have an account?
- +
+ getCaptchaImports()); ?> -
diff --git a/src/auth/register.php b/src/auth/register.php index 406cfd2..2b31ec5 100644 --- a/src/auth/register.php +++ b/src/auth/register.php @@ -8,13 +8,22 @@ Session::init(); if (Session::isLogged()) { - Util::redirect('/'); + Util::redirect('/'); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { - if (isset($_POST)) { - $data = Util::securevar($_POST); - $error = $user->registerUser($data); - } + if (isset($_POST)) { + $data = Util::securevar($_POST); + } + + $captcha = $System->vaildateCaptcha($data); + if($captcha == True) + { + $error = $user->registerUser($data); + } + else + { + $error = "Captcha failed or not completed"; + } } Util::head('Register'); @@ -58,7 +67,7 @@
-
+
@@ -93,6 +102,8 @@
Already have an account?
+
+ getCaptchaImports()); ?>