feat: Implement Shares management page.

fix: Fix a possible scurity issue when checking cookies. This security issue is caused by PH7 issue 25. Feature tracking issue #12
Maxwell175 · Aug 24, 2018 · b6d6aa0 · b6d6aa0
1 parent ee2b457
commit b6d6aa0
Show file tree

Hide file tree

Showing 12 changed files with 975 additions and 39 deletions.
diff --git a/Common/common.h b/Common/common.h
@@ -29,7 +29,7 @@
 
 #include <fastpbkdf2.h>
 
-#define ToChr(x) x.toUtf8().data()
+#define ToChr(x) (x).toUtf8().data()
 
 namespace Common {
 const quint8 MAX_RESULTCODE = 5;

diff --git a/SSNFSd/config.sql b/SSNFSd/config.sql
@@ -97,7 +97,7 @@ CREATE TABLE IF NOT EXISTS "Users" (
         `Email`	TEXT NOT NULL UNIQUE,
         `Password_Hash`	TEXT NOT NULL,
         `Updt_TmStmp`	INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP,
-        `Crtd_TmStmp`	INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
+        `Updt_User`	TEXT NOT NULL
 );
 CREATE TABLE IF NOT EXISTS "User_Roles" (
         `User_Key`  INTEGER NOT NULL,

diff --git a/SSNFSd/ssnfswebworker.cpp b/SSNFSd/ssnfswebworker.cpp
diff --git a/SSNFSd/ssnfsworker.cpp b/SSNFSd/ssnfsworker.cpp
@@ -25,8 +25,6 @@
 #define STR(tok) STR_EXPAND(tok)
 #define HELLO_STR "SSNFS server version " STR(_SERVER_VERSION)
 
-#define ToChr(x) x.toUtf8().data()
-
 SSNFSWorker::SSNFSWorker(int socketDescriptor, QObject *parent)
     : QThread(parent), socketDescriptor(socketDescriptor)
 {

diff --git a/SSNFSd/ssnfsworker.h b/SSNFSd/ssnfsworker.h
@@ -67,6 +67,9 @@ class SSNFSWorker : public QThread
     QHash<quint16, QString> knownResultCodes;
     QVector<QString> userPerms;
 
+    // SaveShares
+
+
     void handleRegistration();
 
 private:

diff --git a/SSNFSd/webpanel/approve.php b/SSNFSd/webpanel/approve.php
@@ -6,7 +6,7 @@
  * Copyright 2018 Maxwell Dreytser
  *
 -->
-<?php include_once("check-cookie.php"); ?>
+<?php include_once("check-cookie.php"); if (http_response_code() == 303) exit; ?>
 
 <!DOCTYPE html>
 <html lang="en">

diff --git a/SSNFSd/webpanel/computers.php b/SSNFSd/webpanel/computers.php
@@ -29,21 +29,35 @@
             padding-top: 20px;
             padding-bottom: 20px;
         }
+
+        .panel-default>.panel-heading {
+            color: #fff;
+            background-color: #1d233a;
+            cursor: move;
+        }
+
+        .panel-title {
+            font-size: 1em;
+            font-weight: bold;
+        }
+
+        .panel-body {
+            min-height: 215px;
+            padding: 0 15px;
+        }
+
+        .no-data {
+            color: darkgray;
+            text-align: center;
+        }
     </style>
 </head>
 <body>
     <div class="container">
 
         <?php include_once("navbar.php"); ?>
 
-        <!-- Main component for a primary marketing message or call to action -->
-        <div class="jumbotron">
-            <h1>Navbar example</h1>
-            <p>This example is a quick exercise to illustrate how the default, static navbar and fixed to top navbar work. It includes the responsive CSS and HTML, so it also adapts to your viewport and device.</p>
-            <p>
-                <a class="btn btn-lg btn-primary" href="../../components/#navbar" role="button">View navbar docs &raquo;</a>
-            </p>
-        </div>
+
 
     </div> <!-- /container -->
 </body>

diff --git a/SSNFSd/webpanel/connected.php b/SSNFSd/webpanel/connected.php
@@ -6,7 +6,7 @@
  * Copyright 2018 Maxwell Dreytser
  *
 -->
-<?php include_once("check-cookie.php"); ?>
+<?php include_once("check-cookie.php"); if (http_response_code() == 303) exit; ?>
 <!DOCTYPE html>
 <html lang="en">
 <head>

diff --git a/SSNFSd/webpanel/index.php b/SSNFSd/webpanel/index.php
@@ -6,7 +6,7 @@
  * Copyright 2018 Maxwell Dreytser
  *
 -->
-<?php include_once("check-cookie.php"); ?>
+<?php include_once("check-cookie.php"); if (http_response_code() == 303) exit; ?>
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -162,12 +162,7 @@
                             <tr>
                                 <td><?php echo $pendClient["userName"]; ?></td>
                                 <td><?php echo $pendClient["clientName"]; ?></td>
-                                <td class="moreinfo-icon"><a href="javascript:void(0)" onclick='window.showCompApprove(this,
-                                    <?php echo json_encode($pendClient["pendingClientKey"], JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>,
-                                    <?php echo json_encode($pendClient["userName"], JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>,
-                                    <?php echo json_encode($pendClient["clientName"], JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>,
-                                    <?php echo json_encode($pendClient["submitTmStmp"], JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>,
-                                    <?php echo json_encode($pendClient["submitHost"], JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>)'>
+                                <td class="moreinfo-icon"><a href="javascript:void(0)" onclick='window.showCompApprove(this, <?php echo json_encode($pendClient, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_FORCE_OBJECT); ?>)'>
                                         <i class="fas fa-info-circle"></i></a>
                                 </td>
                             </tr>
@@ -201,18 +196,15 @@
     });
 
     window.currApprovalInfo = {};
-    window.showCompApprove = function(caller, pendingClientKey, userName, clientName, submitTmStmp, submitHost) {
+    window.showCompApprove = function(caller, data) {
         OpenSpeechBubbles.forEach(function(bubble) { bubble.removeBubble(); });
         var approveFrame = document.createElement("iframe");
         approveFrame.src = "approve.php";
         approveFrame.style.border = '0';
         approveFrame.width = '350';
         approveFrame.height = '168';
-        window.currApprovalInfo.pendingClientKey = pendingClientKey;
-        window.currApprovalInfo.userName = userName;
-        window.currApprovalInfo.clientName = clientName;
-        window.currApprovalInfo.submitTmStmp = new Date(submitTmStmp*1000);
-        window.currApprovalInfo.submitHost = submitHost;
+        window.currApprovalInfo = data;
+        window.currApprovalInfo.submitTmStmp = new Date(window.currApprovalInfo.submitTmStmp*1000);
         window.currApprovalInfo.iframe = approveFrame;
         window.currApprovalInfo.approveWindow = SpeechBubble(caller, approveFrame);
         var closeBtn = document.createElement('i');

diff --git a/SSNFSd/webpanel/settings.php b/SSNFSd/webpanel/settings.php
@@ -6,7 +6,7 @@
  * Copyright 2018 Maxwell Dreytser
  *
 -->
-<?php include_once("check-cookie.php"); ?>
+<?php include_once("check-cookie.php"); if (http_response_code() == 303) exit; ?>
 <!DOCTYPE html>
 <html lang="en">
 <head>