diff options
author | Yuchen Pei <me@ypei.me> | 2021-07-29 14:17:20 +1000 |
---|---|---|
committer | Yuchen Pei <me@ypei.me> | 2021-07-29 14:17:20 +1000 |
commit | 3ff03dc4f0a72432b34c00da620272cf011e4ddd (patch) | |
tree | 5746711ba17a91aed56c6529ea8cceb06c3ad16a /h-source/admin/Config | |
parent | cd4534aa10ba3b122963992741721289fa50d0ab (diff) |
Publishing h-node.org code.
- this is the h-node.org code, except
- removed a js file (3x copies at three different locations) without license / copyright headers
- /Js/linkToForm.js
- /Public/Js/linkToForm.js
- /admin/Public/Js/linkToForm.js
- removed config files containing credentials
- /Application/Include/params.php
- /Config/Config.php
- /admin/Application/Include/params.php
- /admin/Config/Config.php
- added license and copyright header to one php file
- /admin/Library/ErrorReporting.php (almost identical to /Library/ErrorReporting.php which has the headers)
Diffstat (limited to 'h-source/admin/Config')
-rw-r--r-- | h-source/admin/Config/Autoload.php | 23 | ||||
-rwxr-xr-x | h-source/admin/Config/Reporting.php | 41 | ||||
-rwxr-xr-x | h-source/admin/Config/Restricted.php | 94 | ||||
-rw-r--r-- | h-source/admin/Config/Route.php | 50 |
4 files changed, 208 insertions, 0 deletions
diff --git a/h-source/admin/Config/Autoload.php b/h-source/admin/Config/Autoload.php new file mode 100644 index 0000000..56bb9f6 --- /dev/null +++ b/h-source/admin/Config/Autoload.php @@ -0,0 +1,23 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + +//class containing all the PHP files that have to be loaded at the beginning of the EasyGiant execution +//the files have to be saved in Application/Include +//all the files have to be PHP files!! +class Autoload +{ + + public static $files = array( + 'params.php', + 'distributions.php', + 'myFunctions.php', + 'hardware.php', + 'languages.php', + ); + +}
\ No newline at end of file diff --git a/h-source/admin/Config/Reporting.php b/h-source/admin/Config/Reporting.php new file mode 100755 index 0000000..3f8d858 --- /dev/null +++ b/h-source/admin/Config/Reporting.php @@ -0,0 +1,41 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + +//ERROR REPORTING DIRECTIVES + +//set RUNTIME_CONFIGURATION to true if you can't access the php.ini file of your PHP installation and you need to modify some PHP directives +//set RUNTIME_CONFIGURATION to false if you can access the php.ini file. In this case, modify the PHP directives in the php.ini file. +define ('RUNTIME_CONFIGURATION',true); + +// !!! the following four directives will be applied only if RUNTIME_CONFIGURATION has been set to true !!! + +//set the php.ini error_reporting directive +define ('ERROR_REPORTING_DIRECTIVE',E_ALL); + +//set the php.ini display_errors directive +//set to On or Off +define ('DISPLAY_ERRORS','Off'); + +//set if the error file (see the next directive) has to be created or not +//set ERROR_REPORTING_FILE to true if you want that EasyGiant saves the errors in the LOG_ERROR_FILE (next), otherwise set ERROR_REPORTING_FILE to false +define ('ERROR_REPORTING_FILE',false); + +//only if ERROR_REPORTING_FILE has been set to true +//set the file where the errors will be saved +//default: EasyGiant_root/Logs/Errors.log +//check that the LOG_ERROR_FILE is writeble (by the apache user if you are using mod_apache) +define ('LOG_ERROR_FILE','default'); + + +//max length of each $_POST element +//set MAX_POST_LENGTH equal to 0 if you don't want any checks upon the $_POST elements +define ('MAX_POST_LENGTH',50000); + +//max length of the REQUEST_URI +//set MAX_REQUEST_URI_LENGTH equal to 0 if you don't want to set an upper limit in the length of the REQUEST_URI +define ('MAX_REQUEST_URI_LENGTH',200); diff --git a/h-source/admin/Config/Restricted.php b/h-source/admin/Config/Restricted.php new file mode 100755 index 0000000..9684f08 --- /dev/null +++ b/h-source/admin/Config/Restricted.php @@ -0,0 +1,94 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + + + +//RESRICTED ACCESS PARAMETERS + +//define the hash algoritm to be used in order to protect your password +//only md5 and sha1 are supported +define('PASSWORD_HASH','sha1'); + + + +//ADMINISTRATOR USERS LOGIN DIRECTIVES: + +//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds) +define('ADMIN_TIME_AFTER_FAILURE','5'); + +//redirect to panel when successfully logged in: +define('ADMIN_PANEL_CONTROLLER', 'panel'); +define('ADMIN_PANEL_MAIN_ACTION', 'main'); + +//redirect to login form if access not allowed: +define('ADMIN_USERS_CONTROLLER', 'adminusers'); +define('ADMIN_USERS_LOGIN_ACTION', 'login'); + +//admin cookie: +define('ADMIN_COOKIE_NAME','uid'); +define('ADMIN_SESSION_EXPIRE', '3600'); +define('ADMIN_COOKIE_PATH', '/'); +define('ADMIN_COOKIE_DOMAIN', ''); +define('ADMIN_COOKIE_SECURE', false); + +//tables: +define('ADMIN_USERS_TABLE','adminusers'); +define('ADMIN_GROUPS_TABLE','admingroups'); +define('ADMIN_SESSIONS_TABLE','adminsessions'); +define('ADMIN_MANYTOMANY_TABLE','adminusers_groups'); +define('ADMIN_ACCESSES_TABLE','accesses'); + +//hijacking checks +define('ADMIN_HIJACKING_CHECK',true); //can be true or false +//session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking +define('ADMIN_ON_HIJACKING_EVENT','forceout'); //it can be 'forceout' or 'redirect' +//only if ADMIN_ON_HIJACKING_EVENT = 'redirect' +//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking +define('ADMIN_HIJACKING_ACTION','retype'); + + + + +//REGISTERED USERS LOGIN DIRECTIVES: + +//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds) +define('REG_TIME_AFTER_FAILURE','5'); + +//redirect to home when successfully logged in: +define('REG_PANEL_CONTROLLER', 'home'); +define('REG_PANEL_MAIN_ACTION', 'index'); + +//redirect to login form if access not allowed: +define('REG_USERS_CONTROLLER', 'users'); +define('REG_USERS_LOGIN_ACTION', 'login'); + +//registered cookie: +//NB: REG_COOKIE_NAME must be different from ADMIN_COOKIE_NAME!!! +define('REG_COOKIE_NAME','uidr'); +define('REG_SESSION_EXPIRE', '3600'); +define('REG_COOKIE_PATH', '/'); +define('REG_COOKIE_DOMAIN', ''); +define('REG_COOKIE_SECURE', false); + +//tables: +define('REG_USERS_TABLE','regusers'); +define('REG_GROUPS_TABLE','reggroups'); +define('REG_SESSIONS_TABLE','regsessions'); +define('REG_MANYTOMANY_TABLE','regusers_groups'); +define('REG_ACCESSES_TABLE','regaccesses'); + +//hijacking checks +define('REG_HIJACKING_CHECK',true); //can be true or false +//session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking +//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking +define('REG_ON_HIJACKING_EVENT','forceout'); //it can be 'forceout' or 'redirect' +//only if ADMIN_ON_HIJACKING_EVENT = 'redirect' +//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking +define('REG_HIJACKING_ACTION','retype'); diff --git a/h-source/admin/Config/Route.php b/h-source/admin/Config/Route.php new file mode 100644 index 0000000..ac9748e --- /dev/null +++ b/h-source/admin/Config/Route.php @@ -0,0 +1,50 @@ +<?php + +// All EasyGiant code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. +// See COPYRIGHT.txt and LICENSE.txt. + +if (!defined('EG')) die('Direct access not allowed!'); + +class Route +{ + + //controller,action couples that can be reached by the browser + //set 'all' if you want that all the controller,action couples can be reached by the browser + public static $allowed = array( + 'adminissues,main', + 'adminissues,form', + 'adminpassword,form', + 'adminusers,login', + 'adminusers,logout', + 'adminusers,forceout', + 'adminusers,retype', + 'adminusers,main', + 'adminusers,form', + 'adminusers,associate', + 'admintalk,main', + 'admintalk,form', + 'adminregusers,main', + 'adminregusers,associate', + 'adminhardware,main', + 'adminhardware,ask', + 'adminhardware,form', + 'admindeletion,main', + 'adminparams,form', + 'adminnews,main', + 'adminnews,form', + 'adminboxes,main', + 'adminboxes,form', + 'adminmessages,main', + 'adminmessages,form', + 'adminhistory,main', + ); + + //it can be 'yes' or 'no' + //set $rewrite to 'yes' if you want that EasyGiant rewrites the URLs according to what specified in $map + public static $rewrite = 'no'; + + //define the urls of your website + //you have to set $rewrite to 'yes' + public static $map = array(); + +}
\ No newline at end of file |