merge dev

MineWeb · Dec 6, 2021 · 2a1be50 · 2a1be50
2 parents 31031cb + 4fbd34c
commit 2a1be50
Show file tree

Hide file tree

Showing 21 changed files with 817 additions and 288 deletions.
diff --git a/app/Config/Schema/schema.php b/app/Config/Schema/schema.php
@@ -65,10 +65,6 @@ class AppSchema extends CakeSchema
         'server_secretkey' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 50, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'server_timeout' => ['type' => 'float', 'null' => false, 'default' => null, 'unsigned' => false],
         'condition' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 250, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
-        'skype' => ['type' => 'text', 'null' => false, 'default' => null, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
-        'youtube' => ['type' => 'text', 'null' => false, 'default' => null, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
-        'twitter' => ['type' => 'text', 'null' => false, 'default' => null, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
-        'facebook' => ['type' => 'text', 'null' => false, 'default' => null, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'banner_server' => ['type' => 'text', 'null' => true, 'default' => null, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'email_send_type' => ['type' => 'integer', 'null' => true, 'default' => '1', 'length' => 1, 'unsigned' => false, 'comment' => '1 = default, 2 = smtp'],
         'smtpHost' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 30, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
@@ -280,8 +276,9 @@ class AppSchema extends CakeSchema
     ];
     public $social_buttons = [
         'id' => ['type' => 'integer', 'null' => false, 'default' => null, 'unsigned' => true, 'key' => 'primary'],
+        'order' => ['type' => 'integer', 'null' => false, 'default' => null, 'length' => 2, 'unsigned' => false],
         'title' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
-        'img' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 120, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
+        'extra' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 120, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'color' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 30, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'url' => ['type' => 'string', 'null' => true, 'default' => null, 'length' => 120, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
         'indexes' => [
@@ -412,10 +409,6 @@ public function after($event = [], $install = false, $updateContent = [])
                     'server_secretkey' => '',
                     'server_timeout' => 1,
                     'condition' => null,
-                    'skype' => 'http://mineweb.org',
-                    'youtube' => 'http://mineweb.org',
-                    'twitter' => 'http://mineweb.org',
-                    'facebook' => 'http://mineweb.org',
                     'banner_server' => serialize([]),
                     'email_send_type' => '1',
                     'smtpHost' => null,

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
@@ -36,7 +36,7 @@
 class AppController extends Controller
 {
 
-    public $components = ['Util', 'Module', 'Session', 'Cookie', 'Security', 'EyPlugin', 'Lang', 'Theme', 'History', 'Statistics', 'Permissions', 'Update', 'Server'];
+    public $components = ['Util', 'Module', 'Session', 'Cookie', 'Security', 'EyPlugin', 'Lang', 'Theme', 'History', 'Statistics', 'Permissions', 'Update', 'Server', 'EySecurity'];
     public $helpers = ['Session'];
 
     public $view = 'Theme';
@@ -46,7 +46,10 @@ class AppController extends Controller
 
     public function beforeFilter()
     {
-
+        // find any xss vulnability on request data
+        $datas = $this->request->data;
+        $this->request->data = $this->xssProtection($datas);
+        $this->request->data["xss"] = $datas;
         // lowercase to avoid errors when the controller is called with uppercase
         $this->params['controller'] = strtolower($this->params['controller']);
         $this->params['action'] = strtolower($this->params['action']);
@@ -110,6 +113,15 @@ public function beforeFilter()
 
     }
 
+    public function xssProtection($array)
+    {
+        foreach ($array as $key => $value) {
+            $array[$key] = is_array($value) ? $this->xssProtection($value) : $this->EySecurity->xssProtection($value);
+        }
+        return $array;
+
+    }
+
     public function __initConfiguration()
     {
         // configuration générale
@@ -142,7 +154,7 @@ public function __initConfiguration()
         $condition = $this->Configuration->getKey('condition');
 
         $this->loadModel('SocialButton');
-        $findSocialButtons = $this->SocialButton->find('all');
+        $findSocialButtons = $this->SocialButton->find('all', ['order' => 'order']);
         $type = "";
         switch ($this->Configuration->getKey('captcha_type')) {
             case "1":
@@ -309,6 +321,11 @@ public function __initAdminNavbar()
                         'permission' => 'MANAGE_SEO',
                         'route' => ['controller' => 'seo', 'action' => 'index', 'admin' => true, 'plugin' => false]
                     ],
+                    'SOCIAL__TITLE' => [
+                        'icon' => 'fas fa-share-alt',
+                        'permission' => 'MANAGE_SOCIAL',
+                        'route' => ['controller' => 'social', 'action' => 'index', 'admin' => true, 'plugin' => false]
+                    ],
                     'MOTD__TITLE' => [
                         'icon' => 'fas fa-sort-amount-up-alt',
                         'permission' => 'MANAGE_MOTD',
@@ -533,7 +550,7 @@ public function __initSeoConfiguration()
         $default = $this->Seo->find('first', ["conditions" => ['page' => null]])['Seo'];
         $current_url = $this->here;
         $get_page = [];
-        $check = $this->Seo->find('first', ['conditions' => ["'" . $current_url . "' LIKE CONCAT(page, '%')"]]);
+        $check = max($this->Seo->find('all', ['conditions' => ["'" . $current_url . "' LIKE CONCAT(page, '%')"]]));
         if ($check && ($check['Seo']["page"] == $current_url || $current_url != "/"))
             $get_page = $check['Seo'];
         $seo_config['title'] = (!empty($default['title']) ? $default['title'] : "{TITLE} - {WEBSITE_NAME}");
@@ -585,6 +602,7 @@ public function sendGetRequest($url)
         ]);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
         $result = curl_exec($ch);
         curl_close($ch);
         return $result;
@@ -606,6 +624,7 @@ public function sendMultipleGetRequests($urls)
             ]);
             curl_setopt($ch, CURLOPT_HEADER, false);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 
             curl_multi_add_handle($multi, $ch);
 

diff --git a/app/Controller/Component/PermissionsComponent.php b/app/Controller/Component/PermissionsComponent.php
@@ -31,6 +31,7 @@ class PermissionsComponent extends CakeObject
         'MANAGE_THEMES',
         'MANAGE_USERS',
         'MANAGE_BAN',
+        'MANAGE_SOCIAL',
         'VIEW_WEBSITE_HISTORY'
     ];
 

diff --git a/app/Controller/ConfigurationController.php b/app/Controller/ConfigurationController.php
@@ -69,6 +69,8 @@ public function admin_index()
                     ['password_hash' => null]
                 );
 
+                $data['end_layout_code'] = $data['xss']['end_layout_code'];
+
                 $this->Configuration->read(null, 1);
                 $this->Configuration->set($data);
                 $this->Configuration->save();

diff --git a/app/Controller/NavbarController.php b/app/Controller/NavbarController.php
@@ -50,11 +50,11 @@ public function admin_index()
     public function admin_save_ajax()
     {
         $this->autoRender = false;
+        $this->response->type('json');
         if ($this->isConnected and $this->Permissions->can('MANAGE_NAV')) {
-
             if ($this->request->is('post')) {
                 if (!empty($this->request->data)) {
-                    $data = $this->request->data['nav'];
+                    $data = $this->request->data['xss']['nav'];
                     $data = explode('&', $data);
                     $i = 1;
                     foreach ($data as $key => $value) {
@@ -68,7 +68,7 @@ public function admin_save_ajax()
                     $data = $data1;
                     $this->loadModel('Navbar');
                     foreach ($data as $key => $value) {
-                        $find = $this->Navbar->find('first', ['conditions' => ['name' => $key]]);
+                        $find = $this->Navbar->find('first', ['conditions' => ['id' => $key]]);
                         if (!empty($find)) {
                             $id = $find['Navbar']['id'];
                             $this->Navbar->read(null, $id);
@@ -82,16 +82,15 @@ public function admin_save_ajax()
                         }
                     }
                     if (empty($error)) {
-                        $this->History->set('EDIT_NAVBAR', 'navbar');
-                        echo $this->Lang->get('NAVBAR__SAVE_SUCCESS') . '|true';
+                        return $this->response->body(json_encode(['statut' => true, 'msg' => $this->Lang->get('NAVBAR__SAVE_SUCCESS')]));
                     } else {
-                        echo $this->Lang->get('ERROR__INTERNAL_ERROR') . '|false';
+                        return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')]));
                     }
                 } else {
-                    echo $this->Lang->get('ERROR__FILL_ALL_FIELDS') . '|false';
+                    return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')]));
                 }
             } else {
-                echo $this->Lang->get('ERROR__BAD_REQUEST') . '|false';
+                return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')]));
             }
         } else {
             $this->redirect('/');

diff --git a/app/Controller/SocialController.php b/app/Controller/SocialController.php
@@ -0,0 +1,198 @@
+<?php
+
+class SocialController extends AppController
+{
+    private $social_default = [
+        ['title' => 'Discord', 'extra' => 'fab fa-discord', 'color' => '#7289da'],
+        ['title' => 'Twitter', 'extra' => 'fab fa-twitter', 'color' => '#00acee'],
+        ['title' => 'Youtube', 'extra' => 'fab fa-youtube', 'color' => '#c4302b'],
+        ['title' => 'FaceBook', 'extra' => 'fab fa-facebook', 'color' => '#3b5998']
+    ];
+
+    function admin_index() {
+        if (!$this->isConnected || !$this->Permissions->can('MANAGE_SOCIAL'))
+            throw new ForbiddenException();
+
+        $this->set('title_for_layout', $this->Lang->get('SOCIAL__HOME'));
+        $this->layout = 'admin';
+
+        $this->loadModel('SocialButton');
+        $this->set('social_buttons', $this->SocialButton->find('all', ['order' => 'order']));
+    }
+
+    public function admin_save_ajax() {
+        $this->autoRender = false;
+        $this->response->type('json');
+        if ($this->isConnected AND $this->Permissions->can('MANAGE_SOCIAL')) {
+            if ($this->request->is('post')) {
+                if (!empty($this->request->data)) {
+                    $data = $this->request->data['xss']['social_button_order'];
+                    $data = explode('&', $data);
+                    $i = 1;
+                    foreach ($data as $key => $value) {
+                        $data2[] = explode('=', $value);
+                        $data3 = substr($data2[0][0], 0, -2);
+                        $data1[$data3] = $i;
+                        unset($data3);
+                        unset($data2);
+                        $i++;
+                    }
+                    $data = $data1;
+                    $this->loadModel('SocialButton');
+                    foreach ($data as $key => $value) {
+                        $find = $this->SocialButton->find('first', array('conditions' => array('id' => $key)));
+                        if (!empty($find)) {
+                            $id = $find['SocialButton']['id'];
+                            $this->SocialButton->read(null, $id);
+                            $this->SocialButton->set(array(
+                                'order' => $value,
+                            ));
+                            $this->SocialButton->save();
+                        } else {
+                            $error = 1;
+                        }
+                    }
+                    if (empty($error)) {
+                        return $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('SOCIAL__SAVE_SUCCESS'))));
+					} else{
+                        return $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+                    }
+                } else {
+                    return $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+                }
+            } else {
+                return $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+            }
+        } else {
+            $this->redirect('/');
+        }
+    }
+
+    function admin_add() {
+        if (!$this->isConnected || !$this->Permissions->can('MANAGE_SOCIAL'))
+            throw new ForbiddenException();
+
+        $this->set('title_for_layout', $this->Lang->get('SOCIAL__HOME'));
+        $this->layout = 'admin';
+
+        $this->set('social_default', $this->social_default);
+
+        if ($this->request->is('post')) {
+            $this->autoRender = false;
+            $this->response->type('json');
+
+            if (empty($this->request->data('url')))
+                return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')]));
+            if(!empty($this->request->data('img')) && !empty($this->request->data('icon')) && empty($this->request->data('type')))
+                return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('SOCIAL__CANNOT_TOW_TYPE')]));
+
+            $extra = null;
+            if(!empty($this->request->data('type'))) {
+                if($this->request->data('type') == "img") {
+                    $extra = $this->request->data('img');;
+                } else {
+                    $extra = $this->request->data('icon');;
+                }
+            }
+
+            $this->loadModel('SocialButton');
+            $order = $this->SocialButton->find('first', ['order' => ['order' => 'DESC']])['SocialButton']['order'];
+            $order = (empty($order)) ? 1 : $order+1;
+
+            $this->SocialButton->create();
+            $this->SocialButton->set([
+                'order' => $order,
+                'title' => $this->request->data('title'),
+                'extra' => $extra,
+                'color' => $this->request->data('color'),
+                'url' => $this->request->data('url')
+            ]);
+            $this->SocialButton->save();
+
+            $this->History->set('ADD_SOCIAL', 'social network');
+            $this->response->body(json_encode(['statut' => true, 'msg' => $this->Lang->get('SOCIAL__BUTTON_SUCCESS')]));
+        }
+    }
+
+    function admin_edit($id = false) {
+        if (!$this->isConnected || !$this->Permissions->can('MANAGE_SOCIAL'))
+            throw new ForbiddenException();
+
+        if (!$id)
+            throw new NotFoundException();
+
+        $find = $this->SocialButton->find('first', ['order' => 'id desc', 'conditions' => ['id' => $id]]);
+        if (empty($find))
+            throw new NotFoundException();
+
+        $this->set('title_for_layout', $this->Lang->get('SOCIAL__HOME'));
+        $this->layout = 'admin';
+
+        $social_button_type = null;
+        if(!empty($find['SocialButton']['extra'])) {
+            if(strpos($find['SocialButton']['extra'], 'fa-')) {
+                $social_button_type = 'fa';
+            } else {
+                $social_button_type = 'img';
+            }
+        }
+
+
+        $this->set('social_button', $find['SocialButton']);
+        $this->set('social_default', $this->social_default);
+        $this->set('social_button_type', $social_button_type);
+
+        if ($this->request->is('post')) {
+            $this->autoRender = false;
+            $this->response->type('json');
+
+            if (empty($this->request->data('url')))
+                return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')]));
+            if(!empty($this->request->data('img')) && !empty($this->request->data('icon')) && empty($this->request->data('type')))
+                return $this->response->body(json_encode(['statut' => false, 'msg' => $this->Lang->get('SOCIAL__CANNOT_TOW_TYPE')]));
+
+            $extra = null;
+            if(!empty($this->request->data('type'))) {
+                if($this->request->data('type') == "img") {
+                    $extra = $this->request->data('img');;
+                } else {
+                    $extra = $this->request->data('icon');;
+                }
+            }
+
+            $this->loadModel('SocialButton');
+            $this->SocialButton->read(null, $id);
+            $this->SocialButton->set([
+                'title' => $this->request->data('title'),
+                'extra' => $extra,
+                'color' => $this->request->data('color'),
+                'url' => $this->request->data('url')
+            ]);
+            $this->SocialButton->save();
+
+            $this->History->set('EDIT_SOCIAL', 'social network');
+            $this->response->body(json_encode(['statut' => true, 'msg' => $this->Lang->get('SOCIAL__BUTTON_EDIT_SUCCESS')]));
+        }
+    }
+
+    public function admin_delete($id = false) {
+        $this->autoRender = false;
+        if ($this->isConnected and $this->Permissions->can('MANAGE_SOCIAL')) {
+            if ($id != false) {
+
+                $this->loadModel('SocialButton');
+                if ($this->SocialButton->delete($id)) {
+                    $this->History->set('DELETE_SOCIAL', 'social network');
+                    $this->Session->setFlash($this->Lang->get('SOCIAL__BUTTON_DELETE_SUCCESS'), 'default.success');
+                    $this->redirect(['controller' => 'social', 'action' => 'index', 'admin' => true]);
+                } else {
+                    $this->redirect(['controller' => 'social', 'action' => 'index', 'admin' => true]);
+                }
+            } else {
+                $this->redirect(['controller' => 'social', 'action' => 'index', 'admin' => true]);
+            }
+        } else {
+            $this->redirect('/');
+        }
+    }
+}
diff --git a/app/Controller/StatisticsController.php b/app/Controller/StatisticsController.php
@@ -35,17 +35,10 @@ function admin_get_visits()
 
             if ($visits) {
                 foreach ($visits as $key => $value) {
+                    $oldDate = strtotime($key);
+                    $newDate = $oldDate * 1000;
 
-                    $date = strtotime($key);
-                    $date = $date * 1000;
-
-                    $visitsToFormatte[$date] = intval($value);
-
-                }
-
-                $i = 0;
-                foreach ($visitsToFormatte as $key => $value) {
-                    $visitsFormatted[] = [$key, $value];
+                    $visitsFormatted[] = [$newDate, intval($value)];
                 }
 
                 $this->response->body(json_encode($visitsFormatted));