diff --git a/.gitignore b/.gitignore index bb3ebe2..7fad67c 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,7 @@ data/css node_modules plugins/search settings/settings.yaml +settings/secrets.yaml settings/license.yaml settings/users zips diff --git a/data/security/securitylog.txt b/data/security/securitylog.txt index 9d5981e..5a0192f 100644 --- a/data/security/securitylog.txt +++ b/data/security/securitylog.txt @@ -4,3 +4,7 @@ 127.0.0.1;2024-04-22 14:38:20;loginlink: loginlink for user member is not activated. 127.0.0.1;2024-04-23 11:16:24;loginlink: invalid data 127.0.0.1;2024-09-01 13:59:35;login: invalid data +127.0.0.1;2025-02-27 19:22:45;login: wrong password +127.0.0.1;2025-02-27 19:23:07;login: wrong password +127.0.0.1;2025-02-27 19:25:24;login: invalid data +127.0.0.1;2025-02-27 20:14:02;login: wrong password diff --git a/settings/secrets.yaml b/settings/secrets.yaml new file mode 100644 index 0000000..8d750e4 --- /dev/null +++ b/settings/secrets.yaml @@ -0,0 +1 @@ +chatgptKey: notneeded diff --git a/system/typemill/Extensions/TwigUserExtension.php b/system/typemill/Extensions/TwigUserExtension.php index 2038bba..dc38940 100644 --- a/system/typemill/Extensions/TwigUserExtension.php +++ b/system/typemill/Extensions/TwigUserExtension.php @@ -3,16 +3,25 @@ namespace Typemill\Extensions; use Twig\Extension\AbstractExtension; +use Typemill\Models\User; class TwigUserExtension extends AbstractExtension { + protected $acl; + + public function __construct($acl) + { + $this->acl = $acl; + } + public function getFunctions() { return [ + new \Twig\TwigFunction('get_username', array($this, 'getUsername' )), + new \Twig\TwigFunction('is_loggedin', array($this, 'isLoggedin' )), + new \Twig\TwigFunction('is_allowed', array($this, 'isAllowed' )), new \Twig\TwigFunction('is_role', array($this, 'isRole' )), new \Twig\TwigFunction('get_role', array($this, 'getRole' )), - new \Twig\TwigFunction('get_username', array($this, 'getUsername' )), - new \Twig\TwigFunction('is_loggedin', array($this, 'isLoggedin' )) ]; } @@ -26,11 +35,33 @@ class TwigUserExtension extends AbstractExtension return false; } + public function getUsername() + { + if(isset($_SESSION['username'])) + { + return $_SESSION['username']; + } + + return false; + } + public function isRole($role) { - if(isset($_SESSION['role']) && $_SESSION['role'] == $role) + if(isset($_SESSION['username'])) { - return true; + $username = $_SESSION['username']; + + $usermodel = new User(); + $user = $usermodel->setUser($username); + + if($user) + { + $userrole = $usermodel->getValue('userrole'); + if($userrole === $role) + { + return true; + } + } } return false; @@ -38,20 +69,42 @@ class TwigUserExtension extends AbstractExtension public function getRole() { - if(isset($_SESSION['role'])) + if(isset($_SESSION['username'])) { - return $_SESSION['role']; + $username = $_SESSION['username']; + + $usermodel = new User(); + $user = $usermodel->setUser($username); + + if($user) + { + $userrole = $usermodel->getValue('userrole'); + return $userrole; + } } + return false; } - - public function getUsername() + + public function isAllowed($resource, $action) { - if(isset($_SESSION['user'])) + if(isset($_SESSION['username'])) { - return $_SESSION['user']; + $username = $_SESSION['username']; + $usermodel = new User(); + $user = $usermodel->setUser($username); + + if($user) + { + $userrole = $usermodel->getValue('userrole'); + + if($this->acl->isAllowed($userrole, $resource, $action)) + { + return true; + } + } } - + return false; } } \ No newline at end of file diff --git a/system/typemill/Middleware/OldInputMiddleware.php b/system/typemill/Middleware/OldInputMiddleware.php index fbbc619..2da4a77 100644 --- a/system/typemill/Middleware/OldInputMiddleware.php +++ b/system/typemill/Middleware/OldInputMiddleware.php @@ -22,6 +22,7 @@ class OldInputMiddleware if(isset($_SESSION['old'])) { $this->view->getEnvironment()->addGlobal('old', $_SESSION['old']); + unset($_SESSION['old']); } if(!empty($request->getParsedBody())) { diff --git a/system/typemill/settings/defaults.yaml b/system/typemill/settings/defaults.yaml index 335b878..3fb81ba 100644 --- a/system/typemill/settings/defaults.yaml +++ b/system/typemill/settings/defaults.yaml @@ -1,4 +1,4 @@ -version: '2.14.4' +version: '2.14.5' title: 'Typemill' author: 'Unknown' copyright: false diff --git a/system/typemill/system.php b/system/typemill/system.php index fda3e99..472c371 100644 --- a/system/typemill/system.php +++ b/system/typemill/system.php @@ -310,7 +310,7 @@ $container->set('assets', function() use ($assets){ return $assets; }); * TWIG TO CONTAINER * ****************************/ -$container->set('view', function() use ($settings, $TwigGlobals, $urlinfo, $translations, $dispatcher) { +$container->set('view', function() use ($settings, $TwigGlobals, $urlinfo, $translations, $dispatcher, $acl) { $twig = Twig::create( [ @@ -335,7 +335,7 @@ $container->set('view', function() use ($settings, $TwigGlobals, $urlinfo, $tran # add extensions $twig->addExtension(new DebugExtension()); - $twig->addExtension(new TwigUserExtension()); + $twig->addExtension(new TwigUserExtension($acl)); $twig->addExtension(new TwigUrlExtension($urlinfo)); $twig->addExtension(new TwigLanguageExtension( $translations )); $twig->addExtension(new TwigMarkdownExtension($urlinfo['baseurl'], $settings, $dispatcher));