Project-Pro/crmPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c2a42a66f336cfc274dae32ba1a6d24c1ff8c9e
crmPRO/index.php

196 lines
6.4 KiB
PHP
Raw Blame History

<?php
error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT ^ E_WARNING ^ E_DEPRECATED);
function __autoload_my_classes($classname)
{
$q = explode('\\', $classname);
$c = array_pop($q);
$base_path = 'autoload/' . implode('/', $q) . '/';
$f = $base_path . $c . '.php';
if ( !file_exists( $f ) )
$f = $base_path . 'class.' . $c . '.php';
if (file_exists($f)) {
require_once($f);
}
}
spl_autoload_register('__autoload_my_classes');
date_default_timezone_set('Europe/Warsaw');
require_once 'config.php';
require_once 'libraries/medoo/medoo.php';
require_once 'libraries/grid/config.php';
require_once 'libraries/phpmailer/class.phpmailer.php';
require_once 'libraries/phpmailer/class.smtp.php';
require_once 'libraries/rb.php';
session_start();
if (!isset($_SESSION['check'])) {
session_regenerate_id();
$_SESSION['check'] = true;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['ip'] !== $_SERVER['REMOTE_ADDR']) {
session_destroy();
header('Location: /');
exit;
}
\R::setup('mysql:host=' . $database['host'] . ';dbname=' . $database['name'], $database['user'], $database['password']);
\R::ext('xdispense', function ($type) {
return R::getRedBean() -> dispense($type);
});
$mdb = new medoo([
'database_type' => 'mysql',
'database_name' => $database['name'],
'server' => $database['host'],
'username' => $database['user'],
'password' => $database['password'],
'charset' => 'utf8'
]);
$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$cookie_name = str_replace( '.', '-', $domain );
$settings = array_merge( $settings, \factory\Crm::settings());
$clear_remember_cookie = function() use ( $cookie_name, $domain )
{
setcookie( $cookie_name, '', [
'expires' => strtotime( '-1 year' ),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
] );
};
$cleanup_remember_tokens = function() use ( $mdb )
{
$mdb -> query( 'DELETE FROM `users_remember_tokens` WHERE COALESCE(`last_used_at`, `created_at`) < DATE_SUB(NOW(), INTERVAL 6 MONTH)' );
};
if ( empty( $_SESSION['_db_migrated_v5'] ) )
{
$col = $mdb -> query( "SHOW COLUMNS FROM `users` LIKE 'remember_token'" ) -> fetch();
if ( !$col )
$mdb -> pdo -> exec( "ALTER TABLE `users` ADD COLUMN `remember_token` VARCHAR(64) DEFAULT NULL" );
$tbl = $mdb -> query( "SHOW TABLES LIKE 'users_permissions'" ) -> fetch();
if ( !$tbl )
{
$mdb -> pdo -> exec( "
CREATE TABLE `users_permissions` (
`user_id` INT UNSIGNED NOT NULL PRIMARY KEY,
`tasks` TINYINT(1) NOT NULL DEFAULT 1,
`projects` TINYINT(1) NOT NULL DEFAULT 1,
`projects_view` TINYINT(1) NOT NULL DEFAULT 1,
`projects_add` TINYINT(1) NOT NULL DEFAULT 1,
`projects_edit` TINYINT(1) NOT NULL DEFAULT 1,
`projects_delete` TINYINT(1) NOT NULL DEFAULT 1,
`finances` TINYINT(1) NOT NULL DEFAULT 0,
`wiki` TINYINT(1) NOT NULL DEFAULT 1,
`crm` TINYINT(1) NOT NULL DEFAULT 0,
`work_time` TINYINT(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8
" );
}
else
{
$col_z = $mdb -> query( "SHOW COLUMNS FROM `users_permissions` LIKE 'zaplecze'" ) -> fetch();
if ( $col_z )
$mdb -> pdo -> exec( "ALTER TABLE `users_permissions` DROP COLUMN `zaplecze`" );
$project_permission_columns = [ 'projects_view', 'projects_add', 'projects_edit', 'projects_delete' ];
foreach ( $project_permission_columns as $permission_column )
{
$col_perm = $mdb -> query( "SHOW COLUMNS FROM `users_permissions` LIKE '" . $permission_column . "'" ) -> fetch();
if ( !$col_perm )
{
$mdb -> pdo -> exec( "ALTER TABLE `users_permissions` ADD COLUMN `" . $permission_column . "` TINYINT(1) NOT NULL DEFAULT 1" );
$mdb -> pdo -> exec( "UPDATE `users_permissions` SET `" . $permission_column . "` = `projects`" );
}
}
}
$tbl_tokens = $mdb -> query( "SHOW TABLES LIKE 'users_remember_tokens'" ) -> fetch();
if ( !$tbl_tokens )
{
$mdb -> pdo -> exec( "
CREATE TABLE `users_remember_tokens` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
`user_id` INT UNSIGNED NOT NULL,
`token_hash` CHAR(64) NOT NULL,
`created_at` DATETIME NOT NULL,
`last_used_at` DATETIME NULL,
`user_agent` VARCHAR(255) NULL,
`ip` VARCHAR(45) NULL,
UNIQUE KEY `uniq_token_hash` (`token_hash`),
KEY `idx_user_id` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
" );
}
$_SESSION['_db_migrated_v5'] = true;
}
if ( isset( $_COOKIE[$cookie_name] ) && !isset( $_SESSION['user'] ) )
{
$cleanup_remember_tokens();
$remember_token = $_COOKIE[$cookie_name];
if ( is_string( $remember_token ) && strlen( $remember_token ) === 64 && ctype_xdigit( $remember_token ) )
{
$token_hash = hash( 'sha256', $remember_token );
$token_row = $mdb -> get( 'users_remember_tokens', '*', [ 'token_hash' => $token_hash ] );
if ( $token_row )
{
$user_tmp = $mdb -> get( 'users', '*', [ 'id' => $token_row['user_id'] ] );
if ( $user_tmp )
{
\S::set_session( 'user', $user_tmp );
$mdb -> update( 'users_remember_tokens', [
'last_used_at' => date( 'Y-m-d H:i:s' ),
'user_agent' => substr( (string)($_SERVER['HTTP_USER_AGENT'] ?? ''), 0, 255 ),
'ip' => (string)($_SERVER['REMOTE_ADDR'] ?? '')
], [ 'id' => (int)$token_row['id'] ] );
}
else
{
$mdb -> delete( 'users_remember_tokens', [ 'id' => (int)$token_row['id'] ] );
$clear_remember_cookie();
}
}
else
{
$clear_remember_cookie();
}
}
else
{
// stale cookie w nieaktualnym formacie - usuniecie
$clear_remember_cookie();
}
}
$user = \S::get_session('user');
$request_path = parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
$request_path = is_string( $request_path ) ? rtrim( $request_path, '/' ) : '';
if ( $request_path === '' )
$request_path = '/';
if ( !$user and !in_array( $request_path, [ '/logowanie', '/rejestracja', '/users/login', '/cron/main_view' ], true ) )
{
header( 'Location: /logowanie' );
exit;
}
if ( $user and $request_path === '/logowanie' )
{
header( 'Location: /tasks/main_view/' );
exit;
}
echo \view\Site::show();
Reference in New Issue View Git Blame Copy Permalink