Skip to content

Commit

Permalink
UserSpice 5.8.1 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@mudmin
mudmin committed Jan 26, 2025
1 parent a415dc9 commit 513f043
Show file tree
Hide file tree
Showing 49 changed files with 2,294 additions and 892 deletions.
4 changes: 4 additions & 0 deletions users/classes/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,12 +132,14 @@ public function login($username = null, $password = null, $remember = false)
$this->_db->insert('us_ip_list', [
'user_id' => $this->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
} else {
$f = $q->first();
$this->_db->update('us_ip_list', $f->id, [
'user_id' => $this->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
}

Expand Down Expand Up @@ -205,12 +207,14 @@ public function loginEmail($email = null, $password = null, $remember = false, $
$this->_db->insert('us_ip_list', [
'user_id' => $this->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
} else {
$f = $q->first();
$this->_db->update('us_ip_list', $f->id, [
'user_id' => $this->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
}

Expand Down
136 changes: 135 additions & 1 deletion users/helpers/helpers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,11 +126,13 @@ function money($ugly)
if (!function_exists('display_errors')) {
function display_errors($errors = [])
{
$display = [];
foreach ($errors as $k => $v) {
if (array_key_exists($errors[$k][1], $errors)) {
unset($errors[$k][1]);
}
}

sessionValMessages($errors);
}
}
Expand Down Expand Up @@ -177,7 +179,7 @@ function email($to, $subject, $body, $opts = [], $attachment = null)
$mail->Password = html_entity_decode($results->email_pass); // SMTP password
$mail->SMTPSecure = $results->transport; // Enable TLS encryption, `ssl` also accepted
$mail->Port = $results->smtp_port;
if($results->authtype != ""){
if ($results->authtype != "") {
$mail->AuthType = $results->authtype;
}

Expand Down Expand Up @@ -386,3 +388,135 @@ function safefilerewrite($fileName, $dataToSave)
}
}
}


function getLangFilesStoragePath() {
global $abs_us_root, $us_url_root;
return $abs_us_root . $us_url_root . 'usersc/scripts/langFiles.json';
}

function spiceUpdateBegins() {
global $abs_us_root, $us_url_root, $settings, $user, $db, $config;

// Include external script if it exists
$beginsScript = $abs_us_root . $us_url_root . 'usersc/scripts/spice_update_begins.php';
if (file_exists($beginsScript)) {
include $beginsScript;
}

// Proceed only if language purge is not disabled
if (!isset($no_language_purge) || !$no_language_purge) {
$langPath = $abs_us_root . $us_url_root . 'users/lang/*.php';
$langFiles = glob($langPath);

// Define the storage path for language files list
$storagePath = getLangFilesStoragePath();

// Convert the file paths to a JSON array
$langFilesJson = json_encode($langFiles, JSON_PRETTY_PRINT);

// Attempt to write the JSON data to the storage file
if (file_put_contents($storagePath, $langFilesJson) === false) {
usError("Failed to write language files list to {$storagePath}. Language cleanup will not happen.");


}
}
}

function spiceUpdateSuccess() {
global $abs_us_root, $us_url_root, $settings, $user, $db;

// Include external script if it exists
$successScript = $abs_us_root . $us_url_root . 'usersc/scripts/spice_update_success.php';
if (file_exists($successScript)) {
include $successScript;
}


if (!isset($no_language_purge) || !$no_language_purge) {

$storagePath = getLangFilesStoragePath();

// Check if the storage file exists
if (file_exists($storagePath)) {
// Read the JSON data from the storage file
$storedLangFilesJson = file_get_contents($storagePath);
if ($storedLangFilesJson === false) {
usError("Failed to read language files list from {$storagePath}. Skipping language cleanup.");

return;
}

// Decode the JSON data into an array
$storedLangFiles = json_decode($storedLangFilesJson, true);
if (!is_array($storedLangFiles)) {
usError("Invalid JSON format in {$storagePath}. Skipping language cleanup.");

return;
}

// Verify that there is at least one PHP file in the stored list
$hasPhpFiles = false;
foreach ($storedLangFiles as $file) {
if (strtolower(pathinfo($file, PATHINFO_EXTENSION)) === 'php') {
$hasPhpFiles = true;
break;
}
}

if ($hasPhpFiles) {
$currentLangPath = $abs_us_root . $us_url_root . 'users/lang/*.php';
$currentLangFiles = glob($currentLangPath);

foreach ($currentLangFiles as $file) {
// If the current file was not in the stored list, attempt to delete it
if (!in_array($file, $storedLangFiles)) {
if (unlink($file)) {

}

}
}
} else {
usError("No PHP language files found in the stored list. Skipping language cleanup.");

}

// Remove the storage file after processing
if (!unlink($storagePath)) {
usError("Failed to delete storage file: {$storagePath}");


}

} else {
usError("Storage file {$storagePath} does not exist. Skipping language cleanup.");

}
}
}

function spiceUpdateFail() {
global $abs_us_root, $us_url_root, $settings, $user, $db;

// Include external script if it exists
$failScript = $abs_us_root . $us_url_root . 'usersc/scripts/spice_update_fail.php';
if (file_exists($failScript)) {
include $failScript;
}

// Define the storage path for language files list
$storagePath = getLangFilesStoragePath();

// Attempt to delete the storage file to clean up
if (file_exists($storagePath)) {
if (!unlink($storagePath)) {
usError("Failed to delete storage file after update failure: {$storagePath}");
}
}
if(file_exists($abs_us_root . $us_url_root . "usupdate.zip")){
unlink($abs_us_root . $us_url_root . "usupdate.zip");
}
}

142 changes: 142 additions & 0 deletions users/helpers/us_helpers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,8 @@ function lang($key, $markers = null)
} else {
$missing = 'Missing Text';
}
//This both allows the dev to figure out which key is missing and gives the end user a clue of what you are trying to say.
$missing = $missing . " - " . $key;
//if nothing is found, let's check to see if the language is English.
if (isset($lang['THIS_CODE']) && $lang['THIS_CODE'] != 'en-US') {
$save = $lang['THIS_CODE'];
Expand Down Expand Up @@ -1703,3 +1705,143 @@ function userSpicePasswordScore($password)

return $score;
}


// Active logging
// users/init.php set
//define('USERSPICE_ACTIVE_LOGGING', true);
//to turn on file based active logging


//to prevent logging on a page
//add this to the top of the page above init.php
// define('USERSPICE_DO_NOT_LOG', true);
// or add the page name to the array in usersc/includes/active_logging_custom.php

//usersc/includes/active_logging_custom.php
function userspiceActiveLog($currentPage, $user = null, $additionalData = []) {
global $abs_us_root, $us_url_root;
// Only proceed if active logging is enabled and page isn't excluded
if (!defined('USERSPICE_ACTIVE_LOGGING') || !USERSPICE_ACTIVE_LOGGING) {
return false;
}

if(file_exists($abs_us_root . $us_url_root . 'usersc/includes/active_logging_custom.php')){

include $abs_us_root . $us_url_root . 'usersc/includes/active_logging_custom.php';
}

if(!isset($do_not_log_files)){
$do_not_log_files = ["heartbeat.php", "fetchMessages.php"];
}

if(in_array($currentPage, $do_not_log_files)){
return false;
}

// Fields that should not be logged
if(!isset($do_not_log_fields)){
$do_not_log_fields = ["password", "password_confirm", "confirm"];
}

// Check if this page should be excluded from logging
if (defined('USERSPICE_DO_NOT_LOG') && USERSPICE_DO_NOT_LOG) {
return false;
}



// Get full URL
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https://" : "http://";
$fullUrl = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

// Prepare log entry
$logEntry = [
'timestamp' => date('Y-m-d H:i:s'),
'ip' => $_SERVER['REMOTE_ADDR'],
'user_id' => ($user && isset($user->data()->id)) ? $user->data()->id : 0,
'page' => $currentPage,
'full_url' => $fullUrl,
'request_method' => $_SERVER['REQUEST_METHOD'],
'get_data' => [],
'post_data' => [],
'json_data' => [],
'additional_data' => $additionalData
];

// Process GET data
foreach ($_GET as $k => $v) {
$logEntry['get_data'][$k] = Input::sanitize($v);
}

// Process POST data (excluding sensitive fields)
foreach ($_POST as $k => $v) {
if (!in_array($k, $do_not_log_fields)) {
$logEntry['post_data'][$k] = Input::sanitize($v);
}
}

// Process JSON input if content type is application/json
$contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : '';
if (stripos($contentType, 'application/json') !== false) {
$json_data = json_decode(file_get_contents('php://input'), true);
if ($json_data) {
// Remove sensitive fields from JSON data
array_walk_recursive($json_data, function(&$value, $key) use ($do_not_log_fields) {
if (in_array($key, $do_not_log_fields)) {
$value = '[REDACTED]';
}
});
$logEntry['json_data'] = $json_data;
}
}

// Add user agent
$logEntry['user_agent'] = $_SERVER['HTTP_USER_AGENT'] ?? '';

// Convert to JSON and append to file
$jsonEntry = json_encode($logEntry) . "\n";

// Append log entry to file
return file_put_contents($filename, $jsonEntry, FILE_APPEND | LOCK_EX);
}

function cleanupLogs($daysToKeep = 30) {
global $abs_us_root, $us_url_root;
$logDir = $abs_us_root . $us_url_root . 'users/logs';
$files = glob($logDir . '/*.log.php');
$cutoffDate = strtotime("-{$daysToKeep} days");

foreach ($files as $file) {
$dateFromFilename = substr(basename($file), 0, 8); // Extract YYYYMMDD
$fileDate = DateTime::createFromFormat('Ymd', $dateFromFilename);

if ($fileDate && $fileDate->getTimestamp() < $cutoffDate) {
unlink($file);
}
}
}

function isHTTPSConnection() {
// Direct HTTPS check
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
return true;
}

// Proxy headers check for HTTPS
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
return true;
}

// Additional proxy SSL header check
if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on') {
return true;
}

// Port check for SSL
if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] === '443') {
return true;
}

return false;
}
6 changes: 4 additions & 2 deletions users/helpers/users.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ function echousername($id)
function updateUser($column, $id, $value)
{
global $db, $user;
if (isset($user->data()->column)) { //check for a valid column
if (isset($user->data()->$column)) { //check for a valid column
$result = $db->query("UPDATE users SET $column = ? WHERE id = ?", [$value, $id]);
return $result;
} else {
Expand All @@ -198,7 +198,7 @@ function updateUser($column, $id, $value)
}

if (!function_exists('fetchUserName')) {
//Fetchs CONCAT of Fname Lname
//Fetches CONCAT of Fname Lname
function fetchUserName($username = null, $token = null, $id = null)
{
global $db;
Expand Down Expand Up @@ -400,12 +400,14 @@ function socialLogin($email, $username, $idArray, $fields)
$db->insert('us_ip_list', [
'user_id' => $user->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
} else {
$f = $q->first();
$db->update('us_ip_list', $f->id, [
'user_id' => $user->data()->id,
'ip' => $ip,
'timestamp' => date('Y-m-d H:i:s'),
]);
}

Expand Down
Loading

0 comments on commit 513f043

Please sign in to comment.