Commit dc394c37 authored by p4bl0's avatar p4bl0

big new feature: multi-domain ; better menu link management ; small fixes

parent 09751c43
......@@ -10,7 +10,7 @@ On Debian and derivatives, `sudo apt install nginx php-fpm php-sqlite3 php-zip`
1. Drop the `cigala.php`, `cigala.css`, and `cigala.png` files in any web-facing directory that your web server has write-permission for.
2. Edit the default credentials in `cigala.php` (you will find them on line 23).
2. Edit the default credentials in `cigala.php` (you will find them on line 19).
3. Go to `cigala.php` in your web browser, log in and start editing your website.
......
......@@ -138,12 +138,21 @@ elseif (isset($_GET['password'])) {
<span>&nbsp;</span>
<span><small>You will receive a link by email to create a new password.</small></span>
</p>
<?php if ($config['multidomain']): ?>
<p>
<span>&nbsp;</span>
<span><small>Your login is your complete domain name (e.g., “demo.cygale.net”, not just “demo”).</small></span>
</p>
<?php endif; ?>
</form>
<h3>Update my email</h3>
<form action="account.php?email" method="POST">
<p>
<label for="email_login">Login :</label>
<input type="text" name="email_login" id="email_login" />
<?php if ($config['multidomain']): ?>
<small>Enter your complete domain name (e.g., “demo.cygale.net”).</small>
<?php endif; ?>
</p>
<p>
<label for="email_password">Password :</label>
......
This diff is collapsed.
......@@ -2,6 +2,7 @@
return array(
'singleuser' => false,
'multidomain' => false,
'admin' => 'cigala',
'password' => sha1(sha1('passwd').'cigala'),
'users' => '../users.db',
......
......@@ -8,7 +8,7 @@ if (isset($_GET['logout']) || !isset($_SESSION['user'])) {
if (isset($_GET['logout']) ||
!isset($_SERVER['PHP_AUTH_USER']) ||
$_SERVER['PHP_AUTH_USER'] != $config['admin'] ||
sha1(sha1($_SERVER['PHP_AUTH_PW']).'cigaladmin') != $config['password']) {
sha1(sha1($_SERVER['PHP_AUTH_PW']).'cigala') != $config['password']) {
unset($_SESSION['user']);
header('WWW-Authenticate: Basic realm="Cigala Manager"');
header('HTTP/1.1 401 Unauthorized');
......@@ -50,17 +50,31 @@ elseif (isset($_POST['delete'])) {
exit;
}
function dirsize ($dir) {
$size = 0;
foreach (glob(rtrim($dir, '/').'/*', GLOB_NOSORT) as $f) { $size += filesize($f) + (is_dir($f) ? dirsize($f) : 0); }
return $size;
}
$db = new SQLite3($config['users']);
$res = $db->query("select name, email from users order by name asc");
$res = $db->query("select name, email, password from users order by name asc");
$users = array();
while ($usr = $res->fetchArray(SQLITE3_ASSOC)) {
if (in_array($usr['name'], array('mail', 'webmail'))) continue;
$udb = new SQLite3($config['home'].$usr['name'].'.db');
$diskinfo = $udb->querySingle("select (select value from settings where key='diskusage') as usage, (select value from settings where key='diskquota') as quota", true);
if ($usr['password'] == '') continue;
if ($config['multidomain']) {
list($name, $domain, $tld) = explode('.', $usr['name'], 3);
$home = str_replace('%DOMAIN%', $domain, $config['home']).$name;
}
else {
$home = $config['home'].$usr['name'];
}
$udb = new SQLite3($home.'.db');
$usr['quota'] = $udb->querySingle("select value from settings where key='diskquota'");
$udb->close();
$diskinfo['usage'] += filesize($config['home'].$usr['name'].'.db');
$diskinfo['usage'] += @filesize($config['home'].$usr['name'].'.zip');
$users[] = array_merge($usr, $diskinfo);
$usr['usage'] = dirsize($home);
$usr['usage'] += filesize($home.'.db');
$usr['usage'] += @filesize($home.'.zip');
$users[] = $usr;
}
$db->close();
?><!doctype HTML>
......@@ -102,9 +116,13 @@ $db->close();
<p><span><em>Username</em></span><span><em>Disk usage</em></span><span><em>Actions</em></span></p>
<?php foreach ($users as $u): ?>
<p>
<?php if ($config['multidomain']): ?>
<span><a href="https://<?php echo $u['name']; ?>/"><?php echo $u['name']; ?></a></span>
<?php else: ?>
<span><a href="https://<?php echo $u['name']; ?>.cygale.net/"><?php echo $u['name']; ?></a></span>
<?php endif; ?>
<span>
<span style="display:inline-block; position:relative; width:250px; background-color:#aaa; z-index:5; text-align:center;"><span style="display:inline-block; position:absolute; left:0; top:0; z-index:6; width:<?php echo round(($u['usage'] / $u['quota']) * 250); ?>px; background-color: #08f; ">&nbsp;</span><span style="position:relative; z-index:7; color:#fff;"><?php echo round($u['usage'] / 1024, 2); ?>KB / <?php echo ($u['quota'] / (1024 * 1024)); ?>MB</span></span>
<span style="display:inline-block; position:relative; width:200px; background-color:#aaa; z-index:5; text-align:center;"><span style="display:inline-block; position:absolute; left:0; top:0; z-index:6; width:<?php echo round(($u['usage'] / $u['quota']) * 200); ?>px; background-color: #08f; ">&nbsp;</span><span style="position:relative; z-index:7; color:#fff;"><?php echo round($u['usage'] / 1024, 2); ?>KB / <?php echo ($u['quota'] / (1024 * 1024)); ?>MB</span></span>
</span>
<span>
<button type="submit" name="quota" value="<?php echo $u['name']; ?>">Update quota</button>
......
......@@ -4,21 +4,24 @@ session_start();
$config = require 'config.php';
if (isset($_POST['user_name']) &&
isset($_POST['user_domain']) &&
isset($_POST['user_passwd']) &&
isset($_POST['user_email'])) {
$_SESSION['user_name'] = $_POST['user_name'];
$_SESSION['user_domain'] = $_POST['user_domain'];
$_SESSION['user_email'] = $_POST['user_email'];
$_SESSION['user_name_error'] = false;
$_SESSION['user_passwd_error'] = false;
$_SESSION['user_email_error'] = false;
$db = new SQLite3('../cygale/users.db');
$db = new SQLite3($config['users']);
$errors = array();
$name = $db->escapeString($_POST['user_name']);
$login = $db->escapeString($name.'.'.$_POST['user_domain']);
if (!preg_match('/^[a-z0-9][a-z0-9-]{1,40}[a-z0-9]$/', $name)) {
$errors[] = 'Login must be between 3 and 42 characters long and can only contain latin letters, digits, or hyphens (except for first and last caracters).';
$_SESSION['user_name_error'] = true;
}
elseif ($db->querySingle("select 1 from users where name='$name'")) {
elseif ($db->querySingle("select 1 from users where name='$login'")) {
$errors[] = 'This user name is already taken, please choose another one.';
$_SESSION['user_name_error'] = true;
}
......@@ -37,7 +40,7 @@ if (isset($_POST['user_name']) &&
else {
$passwd = sha1(sha1($_POST['user_passwd']).'cigala');
$token = bin2hex(random_bytes(16));
if (!$db->exec("insert into users values ('$name', '$passwd', '$email', '$token')")) {
if (!$db->exec("insert into users values ('$login', '$passwd', '$email', '$token')")) {
$_SESSION['errors'] = array('Database error. Please try again in a moment. Sorry for that!');
}
else {
......@@ -95,6 +98,7 @@ if (isset($_POST['user_name']) &&
<h2>Register your <kbd>cygale.net</kbd> account</h2>
<?php if (isset($_SESSION['ok'])): ?>
<p>Registration successful!</p>
<p>⚠ Please note that your login is your <em>complete</em> domain name (<strong><?php echo $_SESSION['user_name'].'.'.$_SESSION['user_domain']; ?></strong>).</p>
<p><a href="cigala.php">Login</a></p>
<?php else: ?>
<?php if (isset($_SESSION['errors'])): ?>
......@@ -107,7 +111,18 @@ if (isset($_POST['user_name']) &&
<form action="register.php" method="POST">
<p>
<label for="user_name">Login :</label>
<span><input type="text" name="user_name" id="user_name"<?php if (isset($_SESSION['user_name'])) { echo ' value="',$_SESSION['user_name'],'"'; if ($_SESSION['user_name_error']) echo ' class="error"'; } ?> />.cygale.net</span>
<span>
<input type="text" name="user_name" id="user_name"<?php if (isset($_SESSION['user_name'])) { echo ' value="',$_SESSION['user_name'],'"'; if ($_SESSION['user_name_error']) echo ' class="error"'; } ?> />
<?php if ($config['multidomain']): ?>
<select name="user_domain" id="user_domain">
<?php foreach ($config['domains'] as $d): ?>
<option value="<?php echo $d; ?>"<?php if (isset($_SESSION['user_domain']) && $_SESSION['user_domain'] == $d) { echo ' selected="selected"'; } ?>>.<?php echo $d; ?></option>
<?php endforeach; ?>
</select>
<?php else: ?>
.cygale.net
<?php endif; ?>
</span>
</p>
<p>
<label for="user_passwd">Password :</label>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment