From dfec0c8e5714c59bb7e8ee86b7d0a39562ddfd13 Mon Sep 17 00:00:00 2001 From: Bastian Allgeier Date: Tue, 3 Jul 2018 11:40:53 +0200 Subject: [PATCH] Update to Kirby 2.5.11 --- kirby/.travis.yml | 3 +- kirby/composer.json | 11 +- kirby/composer.lock | 18 +-- kirby/kirby.php | 2 +- kirby/test/FieldTest.php | 34 +++--- kirby/vendor/composer/installed.json | 106 +++++++++--------- kirby/vendor/getkirby/toolkit/.travis.yml | 3 +- kirby/vendor/getkirby/toolkit/composer.json | 4 +- .../vendor/getkirby/toolkit/lib/password.php | 40 +++++-- kirby/vendor/getkirby/toolkit/lib/toolkit.php | 2 +- .../getkirby/toolkit/test/CollectionTest.php | 72 ++++++------ panel/app/src/panel.php | 8 +- panel/app/src/panel/login.php | 61 +++++----- panel/app/src/panel/models/page/ui.php | 22 ++-- panel/app/src/panel/models/user.php | 30 +++-- panel/app/src/panel/models/user/avatar.php | 14 ++- 16 files changed, 236 insertions(+), 194 deletions(-) diff --git a/kirby/.travis.yml b/kirby/.travis.yml index 24ae660..a97fa23 100644 --- a/kirby/.travis.yml +++ b/kirby/.travis.yml @@ -1,10 +1,9 @@ language: php sudo: false php: - - 5.4 - - 5.5 - 5.6 - 7.0 - 7.1 + - 7.2 matrix: fast_finish: true diff --git a/kirby/composer.json b/kirby/composer.json index 7d801bb..50ad155 100644 --- a/kirby/composer.json +++ b/kirby/composer.json @@ -21,13 +21,14 @@ "files": ["composer.php"] }, "require": { - "php": ">=5.4.0", + "php": ">=5.6.0", "ext-mbstring": "*", "ext-gd": "*", - "erusev/parsedown-extra": "0.7.*", - "michelf/php-smartypants": "1.8.*", - "getkirby/toolkit": "2.5.10", - "filp/whoops": "2.1.*" + "erusev/parsedown": "1.7.1", + "erusev/parsedown-extra": "0.7.1", + "michelf/php-smartypants": "1.8.1", + "getkirby/toolkit": "2.5.11", + "filp/whoops": "2.1.14" }, "archive": { "exclude": [ diff --git a/kirby/composer.lock b/kirby/composer.lock index 6c3ad93..7108668 100644 --- a/kirby/composer.lock +++ b/kirby/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "67ae981ed68498455eab3b1d4ccaf140", - "content-hash": "b4a16f422b9421854cd34b0b397456a9", + "hash": "94a561ec769d6b11923db85ea6dacd19", + "content-hash": "ca6b8d48a449d7e3e38469787af28d5a", "packages": [ { "name": "erusev/parsedown", @@ -160,20 +160,20 @@ }, { "name": "getkirby/toolkit", - "version": "2.5.10", + "version": "2.5.11", "source": { "type": "git", "url": "https://github.com/getkirby/toolkit.git", - "reference": "c9323735246028b22e945f2641e733dc0d774d1a" + "reference": "e8068633422da93b47c404b92241b15d42fc0e3f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/getkirby/toolkit/zipball/c9323735246028b22e945f2641e733dc0d774d1a", - "reference": "c9323735246028b22e945f2641e733dc0d774d1a", + "url": "https://api.github.com/repos/getkirby/toolkit/zipball/e8068633422da93b47c404b92241b15d42fc0e3f", + "reference": "e8068633422da93b47c404b92241b15d42fc0e3f", "shasum": "" }, "require": { - "php": ">=5.4.0" + "php": ">=5.6.0" }, "type": "library", "autoload": { @@ -197,7 +197,7 @@ "keywords": [ "toolkit" ], - "time": "2018-03-16 08:50:46" + "time": "2018-07-03 09:33:34" }, { "name": "michelf/php-smartypants", @@ -304,7 +304,7 @@ "prefer-stable": false, "prefer-lowest": false, "platform": { - "php": ">=5.4.0", + "php": ">=5.6.0", "ext-mbstring": "*", "ext-gd": "*" }, diff --git a/kirby/kirby.php b/kirby/kirby.php index 8ce43a2..99537fc 100644 --- a/kirby/kirby.php +++ b/kirby/kirby.php @@ -10,7 +10,7 @@ class Kirby { - static public $version = '2.5.10'; + static public $version = '2.5.11'; static public $instance; static public $hooks = array(); static public $triggered = array(); diff --git a/kirby/test/FieldTest.php b/kirby/test/FieldTest.php index 9c27f4b..f65c4d2 100755 --- a/kirby/test/FieldTest.php +++ b/kirby/test/FieldTest.php @@ -8,16 +8,16 @@ public function testField() { $field = new Field('mypage', 'mykey', 'myvalue'); - $field->assertEquals('mypage', $field->page); - $field->assertEquals('mypage', $field->page()); + $this->assertEquals('mypage', $field->page); + $this->assertEquals('mypage', $field->page()); - $field->assertEquals('mykey', $field->key); - $field->assertEquals('mykey', $field->key()); + $this->assertEquals('mykey', $field->key); + $this->assertEquals('mykey', $field->key()); - $field->assertEquals('myvalue', $field->value); - $field->assertEquals('myvalue', $field->value()); - $field->assertEquals('myvalue', $field->toString()); - $field->assertEquals('myvalue', (string)$field); + $this->assertEquals('myvalue', $field->value); + $this->assertEquals('myvalue', $field->value()); + $this->assertEquals('myvalue', $field->toString()); + $this->assertEquals('myvalue', (string)$field); } @@ -29,17 +29,17 @@ public function testModification() { $field->key = 'key-b'; $field->value = 'value-b'; - $field->assertEquals('page-b', $field->page); - $field->assertEquals('page-b', $field->page()); + $this->assertEquals('page-b', $field->page); + $this->assertEquals('page-b', $field->page()); - $field->assertEquals('key-b', $field->key); - $field->assertEquals('key-b', $field->key()); + $this->assertEquals('key-b', $field->key); + $this->assertEquals('key-b', $field->key()); - $field->assertEquals('value-b', $field->value); - $field->assertEquals('value-b', $field->value()); - $field->assertEquals('value-b', $field->toString()); - $field->assertEquals('value-b', (string)$field); + $this->assertEquals('value-b', $field->value); + $this->assertEquals('value-b', $field->value()); + $this->assertEquals('value-b', $field->toString()); + $this->assertEquals('value-b', (string)$field); } -} \ No newline at end of file +} diff --git a/kirby/vendor/composer/installed.json b/kirby/vendor/composer/installed.json index 92b4c81..1cba9cf 100644 --- a/kirby/vendor/composer/installed.json +++ b/kirby/vendor/composer/installed.json @@ -132,7 +132,7 @@ "dev-master": "2.0-dev" } }, - "installation-source": "dist", + "installation-source": "source", "autoload": { "psr-4": { "Whoops\\": "src/Whoops/" @@ -161,34 +161,33 @@ ] }, { - "name": "psr/log", - "version": "1.0.2", - "version_normalized": "1.0.2.0", + "name": "erusev/parsedown", + "version": "1.7.1", + "version_normalized": "1.7.1.0", "source": { "type": "git", - "url": "https://github.com/php-fig/log.git", - "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d" + "url": "https://github.com/erusev/parsedown.git", + "reference": "92e9c27ba0e74b8b028b111d1b6f956a15c01fc1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", - "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", + "url": "https://api.github.com/repos/erusev/parsedown/zipball/92e9c27ba0e74b8b028b111d1b6f956a15c01fc1", + "reference": "92e9c27ba0e74b8b028b111d1b6f956a15c01fc1", "shasum": "" }, "require": { + "ext-mbstring": "*", "php": ">=5.3.0" }, - "time": "2016-10-10 12:19:37", - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.0.x-dev" - } + "require-dev": { + "phpunit/phpunit": "^4.8.35" }, - "installation-source": "source", + "time": "2018-03-08 01:11:30", + "type": "library", + "installation-source": "dist", "autoload": { - "psr-4": { - "Psr\\Log\\": "Psr/Log/" + "psr-0": { + "Parsedown": "" } }, "notification-url": "https://packagist.org/downloads/", @@ -197,37 +196,37 @@ ], "authors": [ { - "name": "PHP-FIG", - "homepage": "http://www.php-fig.org/" + "name": "Emanuil Rusev", + "email": "hello@erusev.com", + "homepage": "http://erusev.com" } ], - "description": "Common interface for logging libraries", - "homepage": "https://github.com/php-fig/log", + "description": "Parser for Markdown.", + "homepage": "http://parsedown.org", "keywords": [ - "log", - "psr", - "psr-3" + "markdown", + "parser" ] }, { "name": "getkirby/toolkit", - "version": "2.5.10", - "version_normalized": "2.5.10.0", + "version": "2.5.11", + "version_normalized": "2.5.11.0", "source": { "type": "git", "url": "https://github.com/getkirby/toolkit.git", - "reference": "c9323735246028b22e945f2641e733dc0d774d1a" + "reference": "e8068633422da93b47c404b92241b15d42fc0e3f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/getkirby/toolkit/zipball/c9323735246028b22e945f2641e733dc0d774d1a", - "reference": "c9323735246028b22e945f2641e733dc0d774d1a", + "url": "https://api.github.com/repos/getkirby/toolkit/zipball/e8068633422da93b47c404b92241b15d42fc0e3f", + "reference": "e8068633422da93b47c404b92241b15d42fc0e3f", "shasum": "" }, "require": { - "php": ">=5.4.0" + "php": ">=5.6.0" }, - "time": "2018-03-16 08:50:46", + "time": "2018-07-03 09:33:34", "type": "library", "installation-source": "source", "autoload": { @@ -253,33 +252,34 @@ ] }, { - "name": "erusev/parsedown", - "version": "1.7.1", - "version_normalized": "1.7.1.0", + "name": "psr/log", + "version": "1.0.2", + "version_normalized": "1.0.2.0", "source": { "type": "git", - "url": "https://github.com/erusev/parsedown.git", - "reference": "92e9c27ba0e74b8b028b111d1b6f956a15c01fc1" + "url": "https://github.com/php-fig/log.git", + "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/erusev/parsedown/zipball/92e9c27ba0e74b8b028b111d1b6f956a15c01fc1", - "reference": "92e9c27ba0e74b8b028b111d1b6f956a15c01fc1", + "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", + "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", "shasum": "" }, "require": { - "ext-mbstring": "*", "php": ">=5.3.0" }, - "require-dev": { - "phpunit/phpunit": "^4.8.35" - }, - "time": "2018-03-08 01:11:30", + "time": "2016-10-10 12:19:37", "type": "library", - "installation-source": "dist", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "installation-source": "source", "autoload": { - "psr-0": { - "Parsedown": "" + "psr-4": { + "Psr\\Log\\": "Psr/Log/" } }, "notification-url": "https://packagist.org/downloads/", @@ -288,16 +288,16 @@ ], "authors": [ { - "name": "Emanuil Rusev", - "email": "hello@erusev.com", - "homepage": "http://erusev.com" + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" } ], - "description": "Parser for Markdown.", - "homepage": "http://parsedown.org", + "description": "Common interface for logging libraries", + "homepage": "https://github.com/php-fig/log", "keywords": [ - "markdown", - "parser" + "log", + "psr", + "psr-3" ] } ] diff --git a/kirby/vendor/getkirby/toolkit/.travis.yml b/kirby/vendor/getkirby/toolkit/.travis.yml index fdb6f4c..487310f 100644 --- a/kirby/vendor/getkirby/toolkit/.travis.yml +++ b/kirby/vendor/getkirby/toolkit/.travis.yml @@ -2,10 +2,9 @@ language: php dist: trusty sudo: false php: - - 5.4 - - 5.5 - 5.6 - 7.0 - 7.1 + - 7.2 matrix: fast_finish: true diff --git a/kirby/vendor/getkirby/toolkit/composer.json b/kirby/vendor/getkirby/toolkit/composer.json index d7f2e38..a93e966 100644 --- a/kirby/vendor/getkirby/toolkit/composer.json +++ b/kirby/vendor/getkirby/toolkit/composer.json @@ -21,9 +21,9 @@ "files": ["bootstrap.php"] }, "require": { - "php": ">=5.4.0" + "php": ">=5.6.0" }, "archive": { "exclude": ["/.gitignore", "/.travis.yml", "/phpunit.xml", "/test"] } -} \ No newline at end of file +} diff --git a/kirby/vendor/getkirby/toolkit/lib/password.php b/kirby/vendor/getkirby/toolkit/lib/password.php index 2fd1bb0..b4d019b 100644 --- a/kirby/vendor/getkirby/toolkit/lib/password.php +++ b/kirby/vendor/getkirby/toolkit/lib/password.php @@ -2,10 +2,10 @@ /** * Password - * + * * Password encryption class - * - * @package Kirby Toolkit + * + * @package Kirby Toolkit * @author Bastian Allgeier * @link http://getkirby.com * @copyright Bastian Allgeier @@ -13,36 +13,52 @@ */ class Password { + /** * Generates a salted hash for a plaintext password - * + * * @param string $plaintext * @return string */ public static function hash($plaintext) { - $salt = substr(str_replace('+', '.', base64_encode(sha1(str::random(), true))), 0, 22); - return crypt($plaintext, '$2a$10$' . $salt); + return password_hash($plaintext, PASSWORD_DEFAULT); } /** * Checks if a given string is already a hash - * + * * @param string * @return boolean */ public static function isHash($hash) { - return preg_match('!^\$2a\$10\$!', $hash); + return password_get_info($hash)['algo'] !== 0; + } + + /** + * Checks if a password is still hashed + * with the old crypt method + * + * @param string $hash + * @return boolean + */ + public static function isCryptHash($hash) { + return preg_match('!^\$2a\$10\$!', $hash) === 1 ? true : false; } /** * Checks if a password matches the encrypted hash - * + * * @param string $plaintext * @param string $hash * @return boolean */ public static function match($plaintext, $hash) { - return crypt($plaintext, $hash) === $hash; - } -} \ No newline at end of file + if (static::isCryptHash($hash) === true) { + return hash_equals(crypt($plaintext, $hash), $hash); + } + + return password_verify($plaintext, $hash) === true; + } + +} diff --git a/kirby/vendor/getkirby/toolkit/lib/toolkit.php b/kirby/vendor/getkirby/toolkit/lib/toolkit.php index 0d0f5a3..de05b63 100644 --- a/kirby/vendor/getkirby/toolkit/lib/toolkit.php +++ b/kirby/vendor/getkirby/toolkit/lib/toolkit.php @@ -11,7 +11,7 @@ */ class Toolkit { - public static $version = '2.5.10'; + public static $version = '2.5.11'; public static function version() { return static::$version; diff --git a/kirby/vendor/getkirby/toolkit/test/CollectionTest.php b/kirby/vendor/getkirby/toolkit/test/CollectionTest.php index 4ba1be1..108963d 100755 --- a/kirby/vendor/getkirby/toolkit/test/CollectionTest.php +++ b/kirby/vendor/getkirby/toolkit/test/CollectionTest.php @@ -6,127 +6,129 @@ class CollectionTest extends PHPUnit_Framework_TestCase { protected $data; protected $collection; - + protected function setUp() { - + $this->data = array( 'first' => 'My first element', 'second' => 'My second element', 'third' => 'My third element', ); - + $this->collection = new Collection($this->data); - + } - + public function tearDown() { - // reset the collection + // reset the collection $this->collection = new Collection($this->data); } - + public function testInitializeCollection() { $this->assertInstanceOf('Collection', $this->collection); } - + public function testGetters() { $this->assertEquals('My first element', $this->collection->first); $this->assertEquals('My second element', $this->collection->second); $this->assertEquals('My third element', $this->collection->third); - + $this->assertEquals('My first element', $this->collection->first()); $this->assertEquals('My second element', $this->collection->second()); $this->assertEquals('My third element', $this->collection->third()); - + $this->assertEquals('My first element', $this->collection->get('first')); $this->assertEquals('My second element', $this->collection->get('second')); $this->assertEquals('My third element', $this->collection->get('third')); } - + public function testSetters() { $this->collection->fourth = 'My fourth element'; $this->collection->fifth = 'My fifth element'; - + $this->assertEquals('My fourth element', $this->collection->fourth); $this->assertEquals('My fifth element', $this->collection->fifth); - + $this->assertEquals('My fourth element', $this->collection->fourth()); $this->assertEquals('My fifth element', $this->collection->fifth()); - + $this->assertEquals('My fourth element', $this->collection->get('fourth')); $this->assertEquals('My fifth element', $this->collection->get('fifth')); } - + public function testMethods() { $this->assertEquals($this->data, $this->collection->toArray()); - + $this->assertEquals('My first element', $this->collection->first()); $this->assertEquals('My third element', $this->collection->last()); $this->assertEquals(3, $this->collection->count()); $this->assertEquals('second', $this->collection->keyOf('My second element')); $this->assertEquals(1, $this->collection->indexOf('My second element')); - + // isset $this->assertTrue(isset($this->collection->first)); $this->assertFalse(isset($this->collection->super)); - + // traversing $this->assertEquals('My second element', $this->collection->next()); $this->assertEquals('My third element', $this->collection->next()); $this->assertEquals('My second element', $this->collection->prev()); - + // nth child $this->assertEquals('My first element', $this->collection->nth(0)); $this->assertEquals('My second element', $this->collection->nth(1)); $this->assertEquals('My third element', $this->collection->nth(2)); $this->assertFalse($this->collection->nth(3)); - + // get all keys $this->assertEquals(array('first', 'second', 'third'), $this->collection->keys()); - + // shuffle without destroying the keys $this->assertInstanceOf('Collection', $this->collection->shuffle()); - + $this->isUntouched(); - $func = create_function('$element', 'return ($element == "My second element") ? true : false;'); + $func = function ($element) { + return ($element == "My second element") ? true : false; + }; $filtered = $this->collection->filter($func); - + $this->assertEquals('My second element', $filtered->first()); $this->assertEquals('My second element', $filtered->last()); $this->assertEquals(1, $filtered->count()); - + $this->isUntouched(); - + // remove elements $this->assertEquals('My second element', $this->collection->not('first')->first()); $this->assertEquals(1, $this->collection->not('second')->not('third')->count()); $this->assertEquals(0, $this->collection->not('first', 'second', 'third')->count()); - + // also check the alternative $this->assertEquals('My second element', $this->collection->without('first')->first()); $this->assertEquals(1, $this->collection->without('second')->not('third')->count()); $this->assertEquals(0, $this->collection->without('first', 'second', 'third')->count()); - + $this->isUntouched(); - + // slice the data $this->assertEquals(array_slice($this->data, 1), $this->collection->slice(1)->toArray()); $this->assertEquals(2, $this->collection->slice(1)->count()); $this->assertEquals(array_slice($this->data, 0, 1), $this->collection->slice(0,1)->toArray()); $this->assertEquals(1, $this->collection->slice(0,1)->count()); - + $this->assertEquals(array_slice($this->data, 1), $this->collection->offset(1)->toArray()); $this->assertEquals(array_slice($this->data, 0, 1), $this->collection->limit(1)->toArray()); $this->assertEquals(array_slice($this->data, 1, 1), $this->collection->offset(1)->limit(1)->toArray()); - + $this->isUntouched(); - + $this->assertEquals(array_reverse($this->data, true), $this->collection->flip()->toArray()); $this->assertEquals($this->data, $this->collection->flip()->flip()->toArray()); - + $this->isUntouched(); - + } public function testGroup() { @@ -159,7 +161,7 @@ public function testGroup() { $this->assertEquals('peter', $firstAdmin['username']); } - + public function testGroupBy() { $collection = new Collection(); diff --git a/panel/app/src/panel.php b/panel/app/src/panel.php index d6f4cd0..2077bfa 100644 --- a/panel/app/src/panel.php +++ b/panel/app/src/panel.php @@ -35,13 +35,13 @@ class Panel { - static public $version = '2.5.10'; + static public $version = '2.5.11'; // minimal requirements static public $requires = array( - 'php' => '5.4.0', - 'toolkit' => '2.5.10', - 'kirby' => '2.5.10' + 'php' => '5.6.0', + 'toolkit' => '2.5.11', + 'kirby' => '2.5.11' ); static public $instance; diff --git a/panel/app/src/panel/login.php b/panel/app/src/panel/login.php index 5f816e3..10dfce6 100644 --- a/panel/app/src/panel/login.php +++ b/panel/app/src/panel/login.php @@ -7,6 +7,7 @@ use Data; use Dir; use Kirby; +use Password; use Str; use Visitor; @@ -21,7 +22,7 @@ class Login { protected $maxUntrustedAttempts = 10; /** - * Setup the login class with some + * Setup the login class with some * basic ingredients */ public function __construct() { @@ -34,7 +35,7 @@ public function __construct() { } /** - * Setup and check the logfile + * Setup and check the logfile */ protected function setup() { @@ -55,7 +56,7 @@ protected function setup() { /** * Run an attempt to login - * + * * @param string $username * @param string $password */ @@ -69,13 +70,16 @@ public function attempt($username, $password) { if($this->isInvalidUsername() || $this->isInvalidPassword()) { throw new Exception(l('login.error')); } - - $user = $this->user(); - + + $user = $this->user(); + if(!$user->login($this->password)) { throw new Exception(l('login.error')); } - + + // update the password hashing if necessary + $user->updatePassword($this->password); + $this->clearLog($this->visitorId()); return true; @@ -91,10 +95,10 @@ public function attempt($username, $password) { } /** - * Checks if the login form can be + * Checks if the login form can be * bypassed, because the user is already * authenticated - * + * * @return boolean */ public function isAuthenticated() { @@ -107,9 +111,9 @@ public function isAuthenticated() { } /** - * Checks if a brute force attack has + * Checks if a brute force attack has * probably been executed - * + * * @return boolean */ public function isBlocked() { @@ -118,7 +122,7 @@ public function isBlocked() { /** * Fetch the user for the entered username - * + * * @return User */ protected function user() { @@ -127,7 +131,7 @@ protected function user() { /** * Returns all logdata in an array - * + * * @return array */ protected function logdata() { @@ -139,20 +143,20 @@ protected function logdata() { $login = $this; // remove old entries - $data = array_filter($data, function($entry) use($login) { + $data = array_filter($data, function($entry) use($login) { return ($entry['time'] > (time() - $login->logexpiry)); - }); + }); return $this->logdata = $data; } } /** - * Stores a new login attempt to + * Stores a new login attempt to * make it trackable later * * The store contains a sha1 hash of the ip - * + * * @return boolean */ protected function log() { @@ -173,7 +177,7 @@ protected function log() { /** * Return a hashed version of the visitor ip - * + * * @return string */ protected function visitorId() { @@ -183,7 +187,7 @@ protected function visitorId() { /** * Returns the number of attempts for * the current visitor - * + * * @return int */ protected function attempts() { @@ -200,7 +204,7 @@ protected function attempts() { /** * Checks if an invalid username has been entered - * + * * @return boolean */ protected function isInvalidUsername() { @@ -209,7 +213,7 @@ protected function isInvalidUsername() { /** * Checks if an invalid password has been entered - * + * * @return boolean */ protected function isInvalidPassword() { @@ -217,19 +221,24 @@ protected function isInvalidPassword() { } /** - * Create a random pause between 0 and 3 + * Create a random pause between 1 and 3 * seconds to make it harder for attackers * to execute many sequent attacks */ protected function pause() { - sleep(rand(1, 3)); + if (password::isCryptHash($this->user()->password()) === true) { + // sleep longer for users with old passwords + sleep(rand(2, 4)); + } else { + sleep(rand(1, 3)); + } } /** * Delete log entries by visitor id */ - protected function clearLog($id) { - + protected function clearLog($id) { + $data = array_filter($this->logdata(), function($entry) use($id) { return $entry['id'] !== $id; }); @@ -243,4 +252,4 @@ protected function clearLog($id) { } -} \ No newline at end of file +} diff --git a/panel/app/src/panel/models/page/ui.php b/panel/app/src/panel/models/page/ui.php index 3eb64b4..8b9da85 100644 --- a/panel/app/src/panel/models/page/ui.php +++ b/panel/app/src/panel/models/page/ui.php @@ -1,4 +1,4 @@ -page->event('read:ui')->isAllowed(); + return $this->page->event('read:ui')->isAllowed(); } public function create() { if($this->page->options()->create() === false) { return false; } else { - return $this->page->event('create:ui')->isAllowed(); + return $this->page->event('create:ui')->isAllowed(); } } @@ -30,7 +30,7 @@ public function update() { if($this->page->options()->update() === false) { return false; } else { - return $this->page->event('update:ui')->isAllowed(); + return $this->page->event('update:ui')->isAllowed(); } } @@ -38,7 +38,7 @@ public function delete() { if($this->page->options()->delete() === false) { return false; } else { - return $this->page->event('delete:ui')->isAllowed(); + return $this->page->event('delete:ui')->isAllowed(); } } @@ -46,7 +46,7 @@ public function url() { if($this->page->options()->url() === false) { return false; } else { - return $this->page->event('url:ui')->isAllowed(); + return $this->page->event('url:ui')->isAllowed(); } } @@ -54,7 +54,7 @@ public function template() { if($this->page->options()->template() === false) { return false; } else { - return $this->page->event('template:ui')->isAllowed(); + return $this->page->event('template:ui')->isAllowed(); } } @@ -62,7 +62,7 @@ public function visibility() { if($this->page->options()->visibility() === false) { return false; } else { - return $this->page->event('visibility:ui')->isAllowed(); + return $this->page->event('visibility:ui')->isAllowed(); } } @@ -71,15 +71,15 @@ public function pages() { } public function files() { - return $this->page->options()->files(); + return $this->page->options()->files() && $this->page->blueprint()->files()->hide() !== true; } public function upload() { if($this->page->options()->upload() === false) { return false; } else { - return $this->page->event('upload:ui')->isAllowed(); + return $this->page->event('upload:ui')->isAllowed(); } } -} \ No newline at end of file +} diff --git a/panel/app/src/panel/models/user.php b/panel/app/src/panel/models/user.php index 292956f..2656908 100644 --- a/panel/app/src/panel/models/user.php +++ b/panel/app/src/panel/models/user.php @@ -4,6 +4,7 @@ use A; use Exception; +use Password; use Str; use Kirby\Panel\Event; @@ -28,7 +29,7 @@ public function url($action = 'edit') { return panel()->urls()->index() . '/' . $this->uri($action); } - public function form($action, $callback) { + public function form($action, $callback) { return panel()->form('users/' . $action, $this, $callback); } @@ -65,7 +66,7 @@ public function update($data = array()) { parent::update($data); - // flush the cache in case if the user data is + // flush the cache in case if the user data is // used somewhere on the site (i.e. for profiles) kirby()->cache()->flush(); @@ -75,13 +76,24 @@ public function update($data = array()) { } + public function updatePassword($newPassword) { + if (password::isCryptHash($this->password()) === true) { + error_log($newPassword); + return parent::update([ + 'password' => $newPassword + ]); + } + + return true; + } + public function isLastAdmin() { if($this->isAdmin()) { if(panel()->users()->filterBy('role', 'admin')->count() == 1) { return true; } } else { - return false; + return false; } } @@ -89,7 +101,7 @@ public function delete() { // create the delete event $event = $this->event('delete:action'); - + // check for permissions $event->check(); @@ -101,7 +113,7 @@ public function delete() { // delete the user parent::delete(); - // flush the cache in case if the user data is + // flush the cache in case if the user data is // used somewhere on the site (i.e. for profiles) kirby()->cache()->flush(); @@ -111,7 +123,7 @@ public function delete() { public function avatar($crop = null) { if($crop === null) { - return new Avatar($this); + return new Avatar($this); } else { $avatar = $this->avatar(); if($avatar->exists()) { @@ -133,7 +145,7 @@ public function history() { public function topbar($topbar) { $topbar->append(purl('users'), l('users')); - $topbar->append($this->url(), $this->username()); + $topbar->append($this->url(), $this->username()); } @@ -162,10 +174,10 @@ static public function current() { } } - public function event($type, $args = []) { + public function event($type, $args = []) { return new Event('panel.user.' . $type, array_merge([ 'user' => $this ], $args)); } -} \ No newline at end of file +} diff --git a/panel/app/src/panel/models/user/avatar.php b/panel/app/src/panel/models/user/avatar.php index b7ddfd7..4419d1b 100644 --- a/panel/app/src/panel/models/user/avatar.php +++ b/panel/app/src/panel/models/user/avatar.php @@ -2,6 +2,7 @@ namespace Kirby\Panel\Models\User; +use Dir; use Exception; use Error; use F; @@ -39,6 +40,9 @@ public function upload() { $event = $this->event('upload:action'); } + // create the avatar folder if it does not exist + Dir::make(kirby()->roots()->avatars()); + $upload = new Upload($root, array( 'accept' => function($upload) use($event) { if($upload->type() != 'image') { @@ -60,7 +64,7 @@ public function upload() { // $this->root() still points to the root of the old avatar! if($upload->to() != $this->root()) f::remove($this->root()); - // flush the cache in case if the user data is + // flush the cache in case if the user data is // used somewhere on the site (i.e. for profiles) kirby()->cache()->flush(); @@ -83,9 +87,9 @@ public function delete() { // delete the avatar file if(!parent::delete()) { throw new Exception(l('users.avatar.delete.error')); - } + } - // flush the cache in case if the user data is + // flush the cache in case if the user data is // used somewhere on the site (i.e. for profiles) kirby()->cache()->flush(); @@ -97,11 +101,11 @@ public function ui() { return new AvatarUI($this); } - public function event($type, $args = []) { + public function event($type, $args = []) { return new Event('panel.avatar.' . $type, array_merge([ 'user' => $this->user, 'avatar' => $this ], $args)); } -} \ No newline at end of file +}