Skip to content

Commit

Permalink
Merge pull request #464 from causefx/develop
Browse files Browse the repository at this point in the history 
v1.40 Changes
  • Loading branch information
@causefx
causefx authored Jul 7, 2017
2 parents ba98fa2 + 9daaca4 commit 4d5eb1b
Show file tree
Hide file tree
Showing 26 changed files with 9,357 additions and 431 deletions.
138 changes: 80 additions & 58 deletions ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
break;
case 'emby-streams':
qualifyUser(EMBYHOMEAUTH, true);
echo getEmbyStreams(12);
echo getEmbyStreams(12, EMBYSHOWNAMES, $GLOBALS['USER']->role);
die();
break;
case 'plex-streams':
Expand Down Expand Up @@ -72,65 +72,87 @@
}
break;
case 'POST':
// Check if the user is an admin and is allowed to commit values
qualifyUser('admin', true);
switch ($action) {
case 'check-url':
sendResult(frameTest($_POST['checkurl']), "flask", $_POST['checkurl'], "IFRAME_CAN_BE_FRAMED", "IFRAME_CANNOT_BE_FRAMED");
break;
case 'upload-images':
uploadFiles('images/', array('jpg', 'png', 'svg', 'jpeg', 'bmp'));
sendNotification(true);
break;
case 'remove-images':
removeFiles('images/'.(isset($_POST['file'])?$_POST['file']:''));
sendNotification(true);
break;
case 'update-config':
sendNotification(updateConfig($_POST));
break;
case 'update-appearance':
// Custom CSS Special Case START
if (isset($_POST['customCSS'])) {
if ($_POST['customCSS']) {
write_ini_file($_POST['customCSS'], 'custom.css');
} else {
unlink('custom.css');
}
$response['parent']['reload'] = true;
// Check if the user is an admin and is allowed to commit values
switch ($action) {
case 'search-plex':
$response = searchPlex($_POST['searchtitle']);
break;
case 'validate-invite':
$response = inviteCodes("check", $_POST['invitecode']);
$response['notify'] = sendResult($response, "check", $_POST['checkurl'], "CODE_SUCCESS", "CODE_ERROR");
break;
case 'use-invite':
//$response = inviteCodes("check", $_POST['invitecode']);
//$response = inviteCodes("use", $_POST['invitecode']);
if(inviteCodes("check", $_POST['invitecode'])){
$response = inviteCodes("use", $_POST['invitecode'], $_POST['inviteuser']);
$response['notify'] = sendResult(plexUserShare($_POST['inviteuser']), "check", $_POST['checkurl'], "INVITE_SUCCESS", "INVITE_ERROR");
}
unset($_POST['customCSS']);
// Custom CSS Special Case END
$response['notify'] = sendNotification(updateDBOptions($_POST),false,false);
break;
case 'deleteDB':
deleteDatabase();
sendNotification(true, 'Database Deleted!');
break;
case 'upgradeInstall':
upgradeInstall();
$response['notify'] = sendNotification(true, 'Performing Checks', false);
$response['tab']['goto'] = 'updatedb.php';
break;
case 'forceBranchInstall':
upgradeInstall(GIT_BRANCH);
$response['notify'] = sendNotification(true, 'Performing Checks', false);
$response['tab']['goto'] = 'updatedb.php';
break;
case 'deleteLog':
sendNotification(unlink(FAIL_LOG));
break;
case 'deleteOrgLog':
sendNotification(unlink("org.log"));
break;
case 'submit-tabs':
$response['notify'] = sendNotification(updateTabs($_POST) , false, false);
$response['show_apply'] = true;
break;
default:
sendNotification(false, 'Unsupported Action!');
}
break;
case 'join-plex':
$response = plexJoin($_POST['joinuser'], $_POST['joinemail'], $_POST['joinpassword']);
$response['notify'] = sendResult($response, "check", $_POST['checkurl'], "JOIN_SUCCESS", "JOIN_ERROR");
break;
default: // Stuff that you need admin for
qualifyUser('admin', true);
switch ($action) {
case 'check-url':
sendResult(frameTest($_POST['checkurl']), "flask", $_POST['checkurl'], "IFRAME_CAN_BE_FRAMED", "IFRAME_CANNOT_BE_FRAMED");
break;
case 'upload-images':
uploadFiles('images/', array('jpg', 'png', 'svg', 'jpeg', 'bmp'));
sendNotification(true);
break;
case 'remove-images':
removeFiles('images/'.(isset($_POST['file'])?$_POST['file']:''));
sendNotification(true);
break;
case 'update-config':
sendNotification(updateConfig($_POST));
break;
case 'update-appearance':
// Custom CSS Special Case START
if (isset($_POST['customCSS'])) {
if ($_POST['customCSS']) {
write_ini_file($_POST['customCSS'], 'custom.css');
} else {
unlink('custom.css');
}
$response['parent']['reload'] = true;
}
unset($_POST['customCSS']);
// Custom CSS Special Case END
$response['notify'] = sendNotification(updateDBOptions($_POST),false,false);
break;
case 'deleteDB':
deleteDatabase();
sendNotification(true, 'Database Deleted!');
break;
case 'upgradeInstall':
upgradeInstall();
$response['notify'] = sendNotification(true, 'Performing Checks', false);
$response['tab']['goto'] = 'updatedb.php';
break;
case 'forceBranchInstall':
upgradeInstall(GIT_BRANCH);
$response['notify'] = sendNotification(true, 'Performing Checks', false);
$response['tab']['goto'] = 'updatedb.php';
break;
case 'deleteLog':
sendNotification(unlink(FAIL_LOG));
break;
case 'deleteOrgLog':
sendNotification(unlink("org.log"));
break;
case 'submit-tabs':
$response['notify'] = sendNotification(updateTabs($_POST) , false, false);
$response['show_apply'] = true;
break;
default:
sendNotification(false, 'Unsupported Action!');
}
}
break;
case 'PUT':
sendNotification(false, 'Unsupported Action!');
break;
Expand Down
83 changes: 33 additions & 50 deletions auth.php
View file
Original file line number Diff line number Diff line change
@@ -1,56 +1,39 @@
<?php

$data = false;

function getBannedUsers($string){

if (strpos($string, ',') !== false) {

$banned = explode(",", $string);

}elseif (strpos($string, ',') == false) {

$banned = array($string);

}

return $banned;

}

if (isset($_GET['ban'])) : $ban = strtoupper($_GET['ban']); else : $ban = ""; endif;

$debug = false;
require_once("user.php");
$USER = new User("registration_callback");
$ban = isset($_GET['ban']) ? strtoupper($_GET['ban']) : "";
$whitelist = isset($_GET['whitelist']) ? $_GET['whitelist'] : false;
$currentIP = get_client_ip();

if ($whitelist) {
$skipped = false;
if(in_array($currentIP, getWhitelist($whitelist))) {
!$debug ? exit(http_response_code(200)) : die("$currentIP Whitelist Authorized");
}else{
$skipped = true;
}
}
if (isset($_GET['admin'])) {
if($USER->authenticated && $USER->role == "admin" && !in_array(strtoupper($USER->username), getBannedUsers($ban))) {
!$debug ? exit(http_response_code(200)) : die("$USER->username Authorized At Admin Level");
} else {
!$debug ? exit(http_response_code(401)) : die("$USER->username Not Authorized At Admin Level");
}
}
if (isset($_GET['user'])) {
if($USER->authenticated && !in_array(strtoupper($USER->username), getBannedUsers($ban))) {
!$debug ? exit(http_response_code(200)) : die("$USER->username Authorized At User Level");
} else {
!$debug ? exit(http_response_code(401)) : die("$USER->username Not Authorized At User Level");
}
}
if (!isset($_GET['user']) && !isset($_GET['admin']) && !isset($_GET['whitelist'])) {
!$debug ? exit(http_response_code(401)) : die("Not Authorized Due To No Parameters Set");
}

if (isset($_GET['admin'])) :

if($USER->authenticated && $USER->role == "admin" && !in_array(strtoupper($USER->username), getBannedUsers($ban))) :

exit(http_response_code(200));

else :

exit(http_response_code(401));

endif;

elseif (isset($_GET['user'])) :

if($USER->authenticated && !in_array(strtoupper($USER->username), getBannedUsers($ban))) :

exit(http_response_code(200));

else :

exit(http_response_code(401));

endif;

elseif (!isset($_GET['user']) && !isset($_GET['admin'])) :

exit(http_response_code(401));

endif;
if ($skipped) {
!$debug ? exit(http_response_code(401)) : die("$USER->username on $currentIP $skipped Not Authorized Nor On Whitelist");
}

?>
Loading

0 comments on commit 4d5eb1b

Please sign in to comment.