diff options
author | Yuchen Pei <hi@ypei.me> | 2021-10-15 09:52:00 +1100 |
---|---|---|
committer | Yuchen Pei <hi@ypei.me> | 2021-10-15 09:52:00 +1100 |
commit | 71b0e901f5fb1cfcd162d8acc23120d3f77a3152 (patch) | |
tree | 323c00faef1edc7dea2e88ff581cc2258b2b6432 /admin/Config | |
parent | 72cce24864b064b5762f4fe97fdf40d8d2ad4b51 (diff) | |
parent | 07f5140771388c9e0c8a99b0dd2e5d950bdb173b (diff) |
Merge branch 'development' into h-node
Diffstat (limited to 'admin/Config')
-rw-r--r-- | admin/Config/Autoload.php | 23 | ||||
-rwxr-xr-x | admin/Config/Config.php | 41 | ||||
-rwxr-xr-x | admin/Config/Reporting.php | 41 | ||||
-rwxr-xr-x | admin/Config/Restricted.php | 94 | ||||
-rw-r--r-- | admin/Config/Route.php | 50 |
5 files changed, 249 insertions, 0 deletions
diff --git a/admin/Config/Autoload.php b/admin/Config/Autoload.php new file mode 100644 index 0000000..56bb9f6 --- /dev/null +++ b/admin/Config/Autoload.php @@ -0,0 +1,23 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + +//class containing all the PHP files that have to be loaded at the beginning of the EasyGiant execution +//the files have to be saved in Application/Include +//all the files have to be PHP files!! +class Autoload +{ + + public static $files = array( + 'params.php', + 'distributions.php', + 'myFunctions.php', + 'hardware.php', + 'languages.php', + ); + +}
\ No newline at end of file diff --git a/admin/Config/Config.php b/admin/Config/Config.php new file mode 100755 index 0000000..3f7866d --- /dev/null +++ b/admin/Config/Config.php @@ -0,0 +1,41 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + +define('DB', 'hnode'); +define('USER', 'root'); +define('PWD', ''); +define('HOST', 'localhost'); + +/*default controller name*/ +define('DEFAULT_CONTROLLER','adminusers'); + +/*default action*/ +define('DEFAULT_ACTION','login'); + +/*website parameters*/ +define('DOMAIN_NAME','localhost/admin'); + +/*type of database.*/ +//it can be: Mysql, Mysqli or None (first letter in uppercase) +define('DATABASE_TYPE','Mysqli'); + +/*error controller*/ +/*if you set ERROR_CONTROLLER to false, than EasyGiant will set ERROR_CONTROLLER equal to DEFAULT_CONTROLLER*/ +define('ERROR_CONTROLLER','panel'); + +/*error action*/ +/*if you set ERROR_ACTION to false, than EasyGiant will set ERROR_ACTION equal to DEFAULT_ACTION*/ +define('ERROR_ACTION','main'); + +/*charset*/ +// set the charset used by all the functions that manage multi byte strings (mb_string functions, htmlentitites, etc) +define('DEFAULT_CHARSET','UTF-8'); + +/*rewrite settings*/ +//set MOD_REWRITE_MODULE to true if you have installed the mod_rewrite module of the server, otherwise MOD_REWRITE_MODULE to false +define('MOD_REWRITE_MODULE',true); diff --git a/admin/Config/Reporting.php b/admin/Config/Reporting.php new file mode 100755 index 0000000..3f8d858 --- /dev/null +++ b/admin/Config/Reporting.php @@ -0,0 +1,41 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + +//ERROR REPORTING DIRECTIVES + +//set RUNTIME_CONFIGURATION to true if you can't access the php.ini file of your PHP installation and you need to modify some PHP directives +//set RUNTIME_CONFIGURATION to false if you can access the php.ini file. In this case, modify the PHP directives in the php.ini file. +define ('RUNTIME_CONFIGURATION',true); + +// !!! the following four directives will be applied only if RUNTIME_CONFIGURATION has been set to true !!! + +//set the php.ini error_reporting directive +define ('ERROR_REPORTING_DIRECTIVE',E_ALL); + +//set the php.ini display_errors directive +//set to On or Off +define ('DISPLAY_ERRORS','Off'); + +//set if the error file (see the next directive) has to be created or not +//set ERROR_REPORTING_FILE to true if you want that EasyGiant saves the errors in the LOG_ERROR_FILE (next), otherwise set ERROR_REPORTING_FILE to false +define ('ERROR_REPORTING_FILE',false); + +//only if ERROR_REPORTING_FILE has been set to true +//set the file where the errors will be saved +//default: EasyGiant_root/Logs/Errors.log +//check that the LOG_ERROR_FILE is writeble (by the apache user if you are using mod_apache) +define ('LOG_ERROR_FILE','default'); + + +//max length of each $_POST element +//set MAX_POST_LENGTH equal to 0 if you don't want any checks upon the $_POST elements +define ('MAX_POST_LENGTH',50000); + +//max length of the REQUEST_URI +//set MAX_REQUEST_URI_LENGTH equal to 0 if you don't want to set an upper limit in the length of the REQUEST_URI +define ('MAX_REQUEST_URI_LENGTH',200); diff --git a/admin/Config/Restricted.php b/admin/Config/Restricted.php new file mode 100755 index 0000000..9684f08 --- /dev/null +++ b/admin/Config/Restricted.php @@ -0,0 +1,94 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + + +//RESRICTED ACCESS PARAMETERS + +//define the hash algoritm to be used in order to protect your password +//only md5 and sha1 are supported +define('PASSWORD_HASH','sha1'); + + + +//ADMINISTRATOR USERS LOGIN DIRECTIVES: + +//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds) +define('ADMIN_TIME_AFTER_FAILURE','5'); + +//redirect to panel when successfully logged in: +define('ADMIN_PANEL_CONTROLLER', 'panel'); +define('ADMIN_PANEL_MAIN_ACTION', 'main'); + +//redirect to login form if access not allowed: +define('ADMIN_USERS_CONTROLLER', 'adminusers'); +define('ADMIN_USERS_LOGIN_ACTION', 'login'); + +//admin cookie: +define('ADMIN_COOKIE_NAME','uid'); +define('ADMIN_SESSION_EXPIRE', '3600'); +define('ADMIN_COOKIE_PATH', '/'); +define('ADMIN_COOKIE_DOMAIN', ''); +define('ADMIN_COOKIE_SECURE', false); + +//tables: +define('ADMIN_USERS_TABLE','adminusers'); +define('ADMIN_GROUPS_TABLE','admingroups'); +define('ADMIN_SESSIONS_TABLE','adminsessions'); +define('ADMIN_MANYTOMANY_TABLE','adminusers_groups'); +define('ADMIN_ACCESSES_TABLE','accesses'); + +//hijacking checks +define('ADMIN_HIJACKING_CHECK',true); //can be true or false +//session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking +define('ADMIN_ON_HIJACKING_EVENT','forceout'); //it can be 'forceout' or 'redirect' +//only if ADMIN_ON_HIJACKING_EVENT = 'redirect' +//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking +define('ADMIN_HIJACKING_ACTION','retype'); + + + + +//REGISTERED USERS LOGIN DIRECTIVES: + +//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds) +define('REG_TIME_AFTER_FAILURE','5'); + +//redirect to home when successfully logged in: +define('REG_PANEL_CONTROLLER', 'home'); +define('REG_PANEL_MAIN_ACTION', 'index'); + +//redirect to login form if access not allowed: +define('REG_USERS_CONTROLLER', 'users'); +define('REG_USERS_LOGIN_ACTION', 'login'); + +//registered cookie: +//NB: REG_COOKIE_NAME must be different from ADMIN_COOKIE_NAME!!! +define('REG_COOKIE_NAME','uidr'); +define('REG_SESSION_EXPIRE', '3600'); +define('REG_COOKIE_PATH', '/'); +define('REG_COOKIE_DOMAIN', ''); +define('REG_COOKIE_SECURE', false); + +//tables: +define('REG_USERS_TABLE','regusers'); +define('REG_GROUPS_TABLE','reggroups'); +define('REG_SESSIONS_TABLE','regsessions'); +define('REG_MANYTOMANY_TABLE','regusers_groups'); +define('REG_ACCESSES_TABLE','regaccesses'); + +//hijacking checks +define('REG_HIJACKING_CHECK',true); //can be true or false +//session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking +define('REG_ON_HIJACKING_EVENT','forceout'); //it can be 'forceout' or 'redirect' +//only if ADMIN_ON_HIJACKING_EVENT = 'redirect' +//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking +define('REG_HIJACKING_ACTION','retype'); diff --git a/admin/Config/Route.php b/admin/Config/Route.php new file mode 100644 index 0000000..ac9748e --- /dev/null +++ b/admin/Config/Route.php @@ -0,0 +1,50 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + +class Route +{ + + //controller,action couples that can be reached by the browser + //set 'all' if you want that all the controller,action couples can be reached by the browser + public static $allowed = array( + 'adminissues,main', + 'adminissues,form', + 'adminpassword,form', + 'adminusers,login', + 'adminusers,logout', + 'adminusers,forceout', + 'adminusers,retype', + 'adminusers,main', + 'adminusers,form', + 'adminusers,associate', + 'admintalk,main', + 'admintalk,form', + 'adminregusers,main', + 'adminregusers,associate', + 'adminhardware,main', + 'adminhardware,ask', + 'adminhardware,form', + 'admindeletion,main', + 'adminparams,form', + 'adminnews,main', + 'adminnews,form', + 'adminboxes,main', + 'adminboxes,form', + 'adminmessages,main', + 'adminmessages,form', + 'adminhistory,main', + ); + + //it can be 'yes' or 'no' + //set $rewrite to 'yes' if you want that EasyGiant rewrites the URLs according to what specified in $map + public static $rewrite = 'no'; + + //define the urls of your website + //you have to set $rewrite to 'yes' + public static $map = array(); + +}
\ No newline at end of file |