A number of minor fixes
A number of minor fixes

<?php <?php
/** Entry Point for Crypto key - Utilises browser caching so only have to send to the client once per key session /** Entry Point for Crypto key - Utilises browser caching so only have to send to the client once per key session
* *
* Originally had to send twice because expiry was tied to the user's CredLocker session, * Originally had to send twice because expiry was tied to the user's CredLocker session,
* meaning Chrome requested twice (expiry of 0 epoch was sent by the login form). Firefox exhibited an odd behaviour and * meaning Chrome requested twice (expiry of 0 epoch was sent by the login form). Firefox exhibited an odd behaviour and
* ignored the expiry date, so only requested once. * ignored the expiry date, so only requested once.
* *
* *
* Although not currently implemented, this file will eventually define the following * Although not currently implemented, this file will eventually define the following
* *
* - Encryption key for received data * - Encryption key for received data
* - Encryption key for sent data * - Encryption key for sent data
* - Delimiter to use for API requests * - Delimiter to use for API requests
* - API terminology to use (allowing us to replace known calls such as retCred with a random string) * - API terminology to use (allowing us to replace known calls such as retCred with a random string)
* *
* *
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
   
   
// Using gzhandler broke on a few systems. A lot seem to automatically gzip where possible though, so removed gzhandler call // Using gzhandler broke on a few systems. A lot seem to automatically gzip where possible though, so removed gzhandler call
ob_start(); ob_start();
error_reporting(0); error_reporting(0);
   
session_start(); session_start();
define('_CREDLOCK',1); define('_CREDLOCK',1);
   
// Change the current working dir // Change the current working dir
chdir(dirname(__FILE__)."/../"); chdir(dirname(__FILE__)."/../");
   
// Load the framework // Load the framework
require_once 'lib/Framework/main.php'; require_once 'lib/Framework/main.php';
   
$tls = BTMain::getSessVar('tls'); $tls = BTMain::getSessVar('tls');
$expiry = BTMain::getSessVar('KeyExpiry'); $expiry = BTMain::getSessVar('KeyExpiry');
   
   
   
$apiterms = array( $apiterms = array(
"retCred", "retCred",
"checkSess", "checkSess",
"delCred", "delCred",
"delUser", "delUser",
"delCredType", "delCredType",
"delCust", "delCust",
"delGroup" "delGroup"
); );
   
   
   
   
// We only to do key generation if we're not on a SSL connection // We only to do key generation if we're not on a SSL connection or if the system is configured to force use
if (!BTMain::getConnTypeSSL() && !BTMain::getConf()->forceTLS): if (!BTMain::getConnTypeSSL() || BTMain::getConf()->forceTLS){
   
   
// If the key is still valid and we know the browser has already retrieved it, just tell the browser to use the cache // If the key is still valid and we know the browser has already retrieved it, just tell the browser to use the cache
if ((time() < $expiry) && ($_COOKIE['PHPCredLockerKeySet'] == 1) && ($expiry) && (!empty($tls))){ if ((BTMain::getVar('forceload') != 'y') && (time() < $expiry) && ($_COOKIE['PHPCredLockerKeySet'] == 1) && ($expiry) && (!empty($tls))){
header("HTTP/1.1 304 Not Modified"); header("HTTP/1.1 304 Not Modified");
die; die;
} }
   
// Would actually prefer not to include this in an unauthenticated session, but want to put key generation in the most logical place. // Would actually prefer not to include this in an unauthenticated session, but want to put key generation in the most logical place.
require_once 'lib/crypto.php'; require_once 'lib/crypto.php';
   
   
   
// Set MIME-Header // Set MIME-Header
header("Content-Type: text/javascript"); header("Content-Type: text/javascript");
   
   
   
   
   
if (isset($_COOKIE['PHPCredLocker'])): if (isset($_COOKIE['PHPCredLocker'])):
   
foreach ($apiterms as $term){ foreach ($apiterms as $term){
   
$x = 0; $x = 0;
$new = ''; $new = '';
$termlength = mt_rand(4,15); $termlength = mt_rand(4,15);
   
   
while ($x <= $termlength){ while ($x <= $termlength){
$new .= chr(mt_rand(97,122)); $new .= chr(mt_rand(97,122));
if (($x == $termlength) && in_array($new,$usedterms)){ if (($x == $termlength) && in_array($new,$usedterms)){
// Make sure the termcode isn't already in used, if so, start again // Make sure the termcode isn't already in used, if so, start again
$x = 0; $x = 0;
$new = ''; $new = '';
} }
$x++; $x++;
} }
   
$usedterms[] = $new; $usedterms[] = $new;
$terms[$new] = $term; $terms[$new] = $term;
} }
   
   
$expiry = strtotime('+10 minutes'); $expiry = strtotime('+10 minutes');
$seconds_to_cache = $expiry - time(); $seconds_to_cache = $expiry - time();
$gmt = gmdate("D, d M Y H:i:s", $expiry) . " GMT"; $gmt = gmdate("D, d M Y H:i:s", $expiry) . " GMT";
   
// Set caching headers // Set caching headers
header("Expires: $gmt"); header("Expires: $gmt");
header("Pragma: cache"); header("Pragma: cache");
header("Cache-Control: Private, max-age=$seconds_to_cache"); header("Cache-Control: Private, max-age=$seconds_to_cache");
   
// Add the key and it's expiry to the session // Add the key and it's expiry to the session
BTMain::setSessVar('KeyExpiry',$expiry); BTMain::setSessVar('KeyExpiry',$expiry);
BTMain::setSessVar('tls',Crypto::genxorekey()); BTMain::setSessVar('tls',Crypto::genxorekey());
BTMain::setSessVar('apiterms',$terms); BTMain::setSessVar('apiterms',$terms);
   
// By setting a cookie, we provide an easy mechanism for allowing the API to force a key refresh // By setting a cookie, we provide an easy mechanism for allowing the API to force a key refresh
setcookie("PHPCredLockerKeySet", 1, $expiry, dirname($_SERVER["REQUEST_URI"]), $_SERVER['HTTP_HOST'], BTMain::getConf()->forceSSL); setcookie("PHPCredLockerKeySet", 1, $expiry, dirname($_SERVER["REQUEST_URI"]), $_SERVER['HTTP_HOST'], BTMain::getConf()->forceSSL);
   
endif; endif;
   
// We use a different method to generate Auth keys - in case a pattern does somehow appear in the TLS generation stuff we don't want anyone to be // We use a different method to generate Auth keys - in case a pattern does somehow appear in the TLS generation stuff we don't want anyone to be
// able to view those keys without a valid login (at which point they won't really need to do key analysis!) // able to view those keys without a valid login (at which point they won't really need to do key analysis!)
   
$x = 0; $x = 0;
$str = ''; $str = '';
while ($x < 40){ while ($x < 40){
   
$str .= chr(rand(33,126)) .mt_rand(16,45); $str .= chr(rand(33,126)) .mt_rand(16,45);
$x++; $x++;
   
} }
   
   
BTMain::setSessVar('AuthKey',rtrim(base64_encode($str),"=")); BTMain::setSessVar('AuthKey',rtrim(base64_encode($str),"="));
$enabled = 'true'; $enabled = 'true';
   
   
   
else: }else{
// We don't need to generate keys as we're on a SSL connection // We don't need to generate keys as we're on a SSL connection
   
foreach ($apiterms as $value){ foreach ($apiterms as $value){
$terms[$value] = $value; $terms[$value] = $value;
} }
   
BTMain::setSessVar('apiterms',$terms); BTMain::setSessVar('apiterms',$terms);
BTMain::setSessVar('tls',' '); BTMain::setSessVar('tls',' ');
BTMain::setSessVar('AuthKey',' '); BTMain::setSessVar('AuthKey',' ');
$enabled = 'false'; $enabled = 'false';
   
   
   
$expiry = strtotime('+1 day'); $expiry = strtotime('+1 day');
$seconds_to_cache = $expiry - time(); $seconds_to_cache = $expiry - time();
$gmt = gmdate("D, d M Y H:i:s", $expiry) . " GMT"; $gmt = gmdate("D, d M Y H:i:s", $expiry) . " GMT";
   
// Set caching headers // Set caching headers
header("Expires: $gmt"); header("Expires: $gmt");
header("Pragma: cache"); header("Pragma: cache");
header("Cache-Control: Private, max-age=$seconds_to_cache"); header("Cache-Control: Private, max-age=$seconds_to_cache");
   
  }
endif;  
   
   
   
ob_start(); ob_start();
?> ?>
function getKey(){ return '<?php echo base64_encode(BTMain::getSessVar('tls'));?>'; } function getKey(){ return '<?php echo base64_encode(BTMain::getSessVar('tls'));?>'; }
   
   
function getDelimiter(){ return "|..|";} function getDelimiter(){ return "|..|";}
   
   
function getTerminology(a){ function getTerminology(a){
   
if (a == 'undefined' || a == 'null' || a == ''){ if (a == 'undefined' || a == 'null' || a == ''){
return;} return;}
   
<?php foreach ($terms as $key=>$value){ echo "this.$value='".base64_encode($key) ."';"; }?> <?php foreach ($terms as $key=>$value){ echo "this.$value='".base64_encode($key) ."';"; }?>
   
return this[a]; return this[a];
} }
   
   
   
function getAuthKey(){ function getAuthKey(){
return '<?php echo base64_encode(BTMain::getSessVar('AuthKey')); ?>'; return '<?php echo base64_encode(BTMain::getSessVar('AuthKey')); ?>';
} }
   
   
function destroyKeys(){ function destroyKeys(){
window.getKey = ''; window.getKey = '';
window.getDelimiter = ''; window.getDelimiter = '';
window.getTerminology = ''; window.getTerminology = '';
window.getAuthKey = ''; window.getAuthKey = '';
return window.destroyKeys = ''; return window.destroyKeys = '';
} }
   
function enabledEncryption(){ function enabledEncryption(){
return <?php echo $enabled;?>; return <?php echo $enabled;?>;
} }
   
   
   
   
   
   
   
new getTerminology(); new getTerminology();
<?php <?php
   
   
   
echo str_replace("\n","",ob_get_clean()); echo str_replace("\n","",ob_get_clean());
   
ob_end_flush(); ob_end_flush();
/* ************************************************************ /* ************************************************************
Author: Ben Tasker - BenTasker.co.uk Author: Ben Tasker - BenTasker.co.uk
Description: Main Javascript functions for PHPCredLocker. Most Description: Main Javascript functions for PHPCredLocker. Most
functions currently quick and dirty, will improve in future releases! functions currently quick and dirty, will improve in future releases!
   
License: GNU GPL V2 - See http://www.gnu.org/licenses/gpl-2.0.html License: GNU GPL V2 - See http://www.gnu.org/licenses/gpl-2.0.html
   
Repo: https://github.com/bentasker/PHPCredLocker/ Repo: https://github.com/bentasker/PHPCredLocker/
--------------------------------------------------------------- ---------------------------------------------------------------
Copyright (c) 2012 Ben Tasker Copyright (c) 2012 Ben Tasker
   
*/ */
   
   
var counter=false, cancel='', dispcred, interval; var counter=false, cancel='', dispcred, interval;
   
   
   
function genPwd(a,l){ function genPwd(a,l){
var i, var i,
p='', p='',
key="(=?)+.,abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; key="(=?)+.,abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
   
for (i=0; i<l; i++){ for (i=0; i<l; i++){
p+=key.charAt(Math.floor(Math.random()*key.length)); p+=key.charAt(Math.floor(Math.random()*key.length));
} }
   
   
if (a =='r'){ return p; } if (a =='r'){ return p; }
document.getElementById(a).value = p; document.getElementById(a).value = p;
   
   
} }
   
   
   
function resizebkgrnd(){ function resizebkgrnd(){
var width = document.documentElement.clientHeight, height = width, img; var width = document.documentElement.clientHeight, height = width, img;
img = document.getElementById('ContentWrap'); img = document.getElementById('ContentWrap');
img.style.minHeight = eval(height * 0.8)+'px'; img.style.minHeight = eval(height * 0.8)+'px';
   
   
   
} }
   
   
function CreateMenuContent(menu,type,tbl,cellNr, limit, menucode){ function CreateMenuContent(menu,type,tbl,cellNr, limit, menucode){
var menuentry, ind, item, str, var menuentry, ind, item, str,
lim = 0, lim = 0,
menu = document.getElementById(menu), menu = document.getElementById(menu),
table = document.getElementById(tbl); table = document.getElementById(tbl);
if (!table){ return false; } if (!table){ return false; }
for (var r = 0; r < table.rows.length; r++){ for (var r = 0; r < table.rows.length; r++){
if ( lim == limit) { break; } if ( lim == limit) { break; }
ind = table.rows[r].cells[3].innerHTML; ind = table.rows[r].cells[3].innerHTML;
if (ind == type ){ if (ind == type ){
item = document.createElement('li'); item = document.createElement('li');
item.id = menucode + table.rows[r].cells[2].innerHTML; item.id = menucode + table.rows[r].cells[2].innerHTML;
item.innerHTML = "<a href='index.php?option="+table.rows[r].cells[5].innerHTML+"&id="+table.rows[r].cells[2].innerHTML+"'>"+table.rows[r].cells[cellNr].innerHTML+"</a>"; item.innerHTML = "<a href='index.php?option="+table.rows[r].cells[5].innerHTML+"&id="+table.rows[r].cells[2].innerHTML+"'>"+table.rows[r].cells[cellNr].innerHTML+"</a>";
menu.appendChild(item); menu.appendChild(item);
lim = lim + 1; lim = lim + 1;
} }
} }
} }
   
   
   
   
function Credtimer(id) function Credtimer(id)
{ {
var count, var count,
cnt = document.getElementById('PassCount'+id), cnt = document.getElementById('PassCount'+id),
field = document.getElementById('retrievePassword'+id); field = document.getElementById('retrievePassword'+id);
count=cnt.value-1; count=cnt.value-1;
cnt.value = count; cnt.value = count;
if (count <= 0 || cancel == 1) if (count <= 0 || cancel == 1)
{ {
clearInterval(counter); clearInterval(counter);
field.innerHTML = 'Display<span class="DisPwdText"> Password</span>'; field.innerHTML = 'Display<span class="DisPwdText"> Password</span>';
document.getElementById('Address'+id).innerHTML = ''; document.getElementById('Address'+id).innerHTML = '';
document.getElementById('UserName'+id).innerHTML = ''; document.getElementById('UserName'+id).innerHTML = '';
document.getElementById('Password'+id).innerHTML = ''; document.getElementById('Password'+id).innerHTML = '';
document.getElementById('CredPluginOutput'+id).innerHTML = ''; document.getElementById('CredPluginOutput'+id).innerHTML = '';
document.getElementById("clickCount"+id).value = 0; document.getElementById("clickCount"+id).value = 0;
return; return;
} }
   
field.innerHTML = 'Displaying Password for ' +count+ ' seconds'; field.innerHTML = 'Displaying Password for ' +count+ ' seconds';
} }
   
   
   
   
   
function noCredTypes(){ function noCredTypes(){
$(document).ready(function(){ $(document).ready(function(){
var btntop; var btntop;
if (document.getElementById('AddCredBtnTop')){ if (document.getElementById('AddCredBtnTop')){
btntop = document.getElementById('AddCredBtnTop'); btntop = document.getElementById('AddCredBtnTop');
btntop.parentNode.removeChild(btntop); btntop.parentNode.removeChild(btntop);
} }
   
if (document.getElementById('AddCredBtnBottom')){ if (document.getElementById('AddCredBtnBottom')){
btntop = document.getElementById('AddCredBtnBottom'); btntop = document.getElementById('AddCredBtnBottom');
btntop.parentNode.removeChild(btntop); btntop.parentNode.removeChild(btntop);
} }
}); });
} }
   
   
   
   
   
   
/********* Validation Stuff ****/ /********* Validation Stuff ****/
   
   
   
function loginReqProcess(){ function loginReqProcess(){
var i, var i,
a='', a='',
entered = document.getElementById('FrmPassPlace'), entered = document.getElementById('FrmPassPlace'),
pass = document.getElementById('FrmPass'); pass = document.getElementById('FrmPass');
if (!enabledEncryption()){ pass.value = entered.value; return true;} if (!enabledEncryption()){ pass.value = entered.value; return true;}
// Calculate the encrypted value // Calculate the encrypted value
pass.value = Base64.encode(xorestr(entered.value,retAuthKey())); pass.value = Base64.encode(xorestr(entered.value,retAuthKey()));
// Update the placeholder so we're not accompanying our encrypted text with the plaintext value // Update the placeholder so we're not accompanying our encrypted text with the plaintext value
for (i = 0;i < entered.length; i++){ for (i = 0;i < entered.length; i++){
a += "a"; a += "a";
} }
entered.value = a; entered.value = a;
return true; return true;
} }
   
   
function checkNewCust(){ function checkNewCust(){
var nme = document.getElementById('FrmName'), var nme = document.getElementById('FrmName'),
grp = document.getElementById('frmGroup'), grp = document.getElementById('frmGroup'),
email = document.getElementById('FrmEmail'); email = document.getElementById('FrmEmail');
if (email.value.indexOf('@') == -1){ if (email.value.indexOf('@') == -1){
email.className += ' frmEntryMissed'; email.className += ' frmEntryMissed';
return false; return false;
} }
if (grp.options[grp.selectedIndex].value == 'null'){ if (grp.options[grp.selectedIndex].value == 'null'){
grp.className += ' frmEntryMissed'; grp.className += ' frmEntryMissed';
return false; return false;
} }
if (nme.value == ''){ if (nme.value == ''){
nme.className += ' frmEntryMissed'; nme.className += ' frmEntryMissed';
return false; return false;
} }
if (enabledEncryption()){ if (enabledEncryption()){
var fname = document.getElementById('FrmconName'), var fname = document.getElementById('FrmconName'),
sname = document.getElementById('FrmSurname'); sname = document.getElementById('FrmSurname');
// Calculate the encrypted value // Calculate the encrypted value
nme.value = Base64.encode(xorestr(nme.value,retKey())); nme.value = Base64.encode(xorestr(nme.value,retKey()));
email.value = Base64.encode(xorestr(email.value,retKey())); email.value = Base64.encode(xorestr(email.value,retKey()));
fname.value = Base64.encode(xorestr(fname.value,retKey())); fname.value = Base64.encode(xorestr(fname.value,retKey()));
sname.value = Base64.encode(xorestr(sname.value,retKey())); sname.value = Base64.encode(xorestr(sname.value,retKey()));
} }
return true; return true;
} }
   
   
   
function checkNewCred(){ function checkNewCred(){
   
var cred = document.getElementById('frmCredential'), var cred = document.getElementById('frmCredential'),
user = document.getElementById('frmUser'), user = document.getElementById('frmUser'),
addr = document.getElementById('frmAddress'), addr = document.getElementById('frmAddress'),
grp = document.getElementById('frmGroup'); grp = document.getElementById('frmGroup');
if (grp.options[grp.selectedIndex].value == 'null'){ if (grp.options[grp.selectedIndex].value == 'null'){
grp.className += ' frmEntryMissed'; grp.className += ' frmEntryMissed';
return false; return false;
} }
if (cred.value.indexOf("http") !== -1){ if (cred.value.indexOf("http") !== -1){
   
   
if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){ if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){
   
document.getElementById('frmClicky').value = 1; document.getElementById('frmClicky').value = 1;
} }
} }
   
if (enabledEncryption()){ if (enabledEncryption()){
// Calculate the encrypted value // Calculate the encrypted value
cred.value = Base64.encode(xorestr(cred.value,retKey())); cred.value = Base64.encode(xorestr(cred.value,retKey()));
user.value = Base64.encode(xorestr(user.value,retKey())); user.value = Base64.encode(xorestr(user.value,retKey()));
addr.value = Base64.encode(xorestr(addr.value,retKey())); addr.value = Base64.encode(xorestr(addr.value,retKey()));
} }
return true; return true;
   
} }
   
   
   
   
function checkEditCred(){ function checkEditCred(){
   
var cred = document.getElementById('frmCredential'), var cred = document.getElementById('frmCredential'),
user = document.getElementById('frmUser'), user = document.getElementById('frmUser'),
addr = document.getElementById('frmAddress'), addr = document.getElementById('frmAddress'),
grp = document.getElementById('frmGroup'); grp = document.getElementById('frmGroup');
if (grp.options[grp.selectedIndex].value == 'null'){ if (grp.options[grp.selectedIndex].value == 'null'){
grp.className += ' frmEntryMissed'; grp.className += ' frmEntryMissed';
return false; return false;
} }
if (cred.value.indexOf("http") !== -1){ if (cred.value.indexOf("http") !== -1){
   
   
if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){ if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){
   
document.getElementById('frmClicky').value = 1; document.getElementById('frmClicky').value = 1;
} }
   
} }
   
   
// See if any have been blanked // See if any have been blanked
   
if (cred.value == null || cred.value == ''){ if (cred.value == null || cred.value == ''){
cred.value = ' '; cred.value = ' ';
} }
   
if (user.value == null || user.value == ''){ if (user.value == null || user.value == ''){
user.value = ' '; user.value = ' ';
} }
   
if (addr.value == null || addr.value == ''){ if (addr.value == null || addr.value == ''){
addr.value = ' '; addr.value = ' ';
} }
   
if (enabledEncryption()){ if (enabledEncryption()){
// Calculate the encrypted value // Calculate the encrypted value
cred.value = Base64.encode(xorestr(cred.value,retKey())); cred.value = Base64.encode(xorestr(cred.value,retKey()));
user.value = Base64.encode(xorestr(user.value,retKey())); user.value = Base64.encode(xorestr(user.value,retKey()));
addr.value = Base64.encode(xorestr(addr.value,retKey())); addr.value = Base64.encode(xorestr(addr.value,retKey()));
} }
   
return true; return true;
} }
   
   
   
function checkChngPwds(){ function checkChngPwds(){
if(!comparePwds() ){ return false; } if(!comparePwds() ){ return false; }
if (!enabledEncryption()){ return true; } if (!enabledEncryption()){ return true; }
   
var pass = document.getElementById('frmPass'), var pass = document.getElementById('frmPass'),
passconf = document.getElementById('frmPassConf'); passconf = document.getElementById('frmPassConf');
pass.value = Base64.encode(xorestr(pass.value,retKey())); pass.value = Base64.encode(xorestr(pass.value,retKey()));
passconf.value = Base64.encode(xorestr(passconf.value,retKey())); passconf.value = Base64.encode(xorestr(passconf.value,retKey()));
return true; return true;
} }
   
   
function comparePwds(){ function comparePwds(){
var strength, test,testvars, var strength, test,testvars,
pass = document.getElementById('frmPass'), pass = document.getElementById('frmPass'),
nomatch = document.getElementById('PassNoMatch'), nomatch = document.getElementById('PassNoMatch'),
passscore = document.getElementById('passScore'), passscore = document.getElementById('passScore'),
minpass = document.getElementById('minpassStrength'); minpass = document.getElementById('minpassStrength');
if (minpass){ if (minpass){
strength = minpass.value; strength = minpass.value;
if (strength.indexOf("+") >= 0){ if (strength.indexOf("+") >= 0){
if (parseInt(passScore.value) > 45){ if (parseInt(passScore.value) > 45){
test = true; test = true;
}else{ }else{
test = false; test = false;
} }
}else{ }else{
testvars = strength.split("-"); testvars = strength.split("-");
if ((parseInt(passScore.value) > testvars[0])){ if ((parseInt(passScore.value) > testvars[0])){
test = true; test = true;
}else{ }else{
test = false; test = false;
} }
} }
if (!test){ if (!test){
nomatch.innerHTML = "Password is too weak"; nomatch.innerHTML = "Password is too weak";
nomatch.style.display = 'inline-block'; nomatch.style.display = 'inline-block';
return false; return false;
} }
} }
if (pass.value != document.getElementById('frmPassConf').value){ if (pass.value != document.getElementById('frmPassConf').value){
nomatch.innerHTML = "Passwords don't match"; nomatch.innerHTML = "Passwords don't match";
nomatch.style.display = 'inline-block'; nomatch.style.display = 'inline-block';
return false; return false;
} }
if (pass.value == null || pass.value == ''){ if (pass.value == null || pass.value == ''){
document.getElementById('PassNoMatch').innerHTML = "You must set a password"; document.getElementById('PassNoMatch').innerHTML = "You must set a password";
nomatch.style.display = 'inline-block'; nomatch.style.display = 'inline-block';
return false; return false;
} }
nomatch.style.display = 'none'; nomatch.style.display = 'none';
return true; return true;
} }
/********** AJAX *****/ /********** AJAX *****/
function getCreds(id){ function getCreds(id){
   
var xmlhttp, resp, limit, cnt, count, option, var xmlhttp, resp, limit, cnt, count, option,
clicky = document.getElementById('retrievePassword'+id), clicky = document.getElementById('retrievePassword'+id),
Address = document.getElementById('Address'+id), Address = document.getElementById('Address'+id),
User = document.getElementById('UserName'+id), User = document.getElementById('UserName'+id),
Pass = document.getElementById('Password'+id), Pass = document.getElementById('Password'+id),
Pluginout = document.getElementById('CredPluginOutput'+id), Pluginout = document.getElementById('CredPluginOutput'+id),
key = retKey(), key = retKey(),
clickcount = document.getElementById("clickCount"+id); clickcount = document.getElementById("clickCount"+id);
   
if (clickcount.value != 0){ if (clickcount.value != 0){
return; return;
} }
clickcount.value = 1; clickcount.value = 1;
clicky.innerHTML = '<i>Retrieving.....</i>'; clicky.innerHTML = '<i>Retrieving.....</i>';
   
   
if (window.XMLHttpRequest) if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest(); xmlhttp=new XMLHttpRequest();
} }
else else
{// code for IE6, IE5 {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
} }
xmlhttp.onreadystatechange=function() xmlhttp.onreadystatechange=function()
{ {
if (xmlhttp.readyState==4 && xmlhttp.status==200) if (xmlhttp.readyState==4 && xmlhttp.status==200)
{ {
resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider()); resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider());
// Check for an invalid verb response // Check for an invalid verb response
if (resp[1] == 2){ if (resp[1] == 2){
return unknownAPICommand(); return unknownAPICommand();
} }
if (resp[1] == 0){ if (resp[1] == 0){
// Request failed, authentication issue maybe? // Request failed, authentication issue maybe?
clicky.innerHTML = 'Failed to retrieve credentials. Click to try again'; clicky.innerHTML = 'Failed to retrieve credentials. Click to try again';
return false; return false;
} }
limit = document.getElementById('defaultInterval').value; limit = document.getElementById('defaultInterval').value;
cnt = document.getElementById('PassCount'+id); cnt = document.getElementById('PassCount'+id);
cnt.value = limit; cnt.value = limit;
count = limit; count = limit;
Address.innerHTML = resp[3]; Address.innerHTML = resp[3];
Pass.innerHTML = resp[2]; Pass.innerHTML = resp[2];
User.innerHTML = resp[4]; User.innerHTML = resp[4];
Pluginout.innerHTML = resp[5]; Pluginout.innerHTML = resp[5];
clicky.innerHTML = 'Displaying Password for ' +count+ ' seconds'; clicky.innerHTML = 'Displaying Password for ' +count+ ' seconds';
if (counter){ if (counter){
cancel=1; cancel=1;
document.getElementById("clickCount"+dispcred).value = 0; document.getElementById("clickCount"+dispcred).value = 0;
dispcred=id; dispcred=id;
setTimeout(function() {cancel=false; counter=setInterval("Credtimer('"+id+"')", 1000);},1000); setTimeout(function() {cancel=false; counter=setInterval("Credtimer('"+id+"')", 1000);},1000);
return; return;
} }
dispcred=id; dispcred=id;
counter=setInterval("Credtimer('"+id+"')", 1000); counter=setInterval("Credtimer('"+id+"')", 1000);
} }
   
} }
option = cryptReq('retCred'); option = cryptReq('retCred');
xmlhttp.open("POST","api.php",true); xmlhttp.open("POST","api.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"); xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send('option='+option+'&id='+id); xmlhttp.send('option='+option+'&id='+id);
} }
   
   
   
   
   
   
function checkSession(){ function checkSession(){
   
var xmlhttp, resp, cookies, option, key = retKey(); var xmlhttp, resp, cookies, option, key = retKey();
   
   
   
if (window.XMLHttpRequest) if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest(); xmlhttp=new XMLHttpRequest();
} }
else else
{// code for IE6, IE5 {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
} }
xmlhttp.onreadystatechange=function() xmlhttp.onreadystatechange=function()
{ {
if (xmlhttp.readyState==4 && xmlhttp.status==200) if (xmlhttp.readyState==4 && xmlhttp.status==200)
{ {
resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider()); resp = xmlhttp.responseText.split(getDivider());
// Check for an invalid verb response // Check for an invalid verb response
if (resp[1] == 2){ if (resp[1] == 2){
return unknownAPICommand(); return unknownAPICommand();
} }
if (resp[1] == 0){ if (resp[1] == 0){
// Session Invalid // Session Invalid
  removeCurrKey(0);
   
cookies = document.cookie.split(";"); cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++){ for (var i = 0; i < cookies.length; i++){
KillCookie(cookies[i].split("=")[0]); KillCookie(cookies[i].split("=")[0]);
} }
window.location.href = "index.php?notif=InvalidSession"; window.location.href = "index.php?notif=InvalidSession";
return false; return false;
} }
} }
   
} }
option = cryptReq('checkSess'); option = cryptReq('checkSess');
// Add an id, it's completely pointless but sessioncheck requests are the only ones not specifying an id - bit easy to check // Add an id, it's completely pointless but sessioncheck requests are the only ones not specifying an id - bit easy to check
xmlhttp.open("POST","api.php",true); xmlhttp.open("POST","api.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"); xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send('option='+option+'&id='+Math.floor((Math.random()*100)+1)); xmlhttp.send('option='+option+'&id='+Math.floor((Math.random()*100)+1));
} }
   
   
function DelCust(id){ function DelCust(id){
   
var xmlhttp, resp, credrow, notify, option, key = retKey(); var xmlhttp, resp, credrow, notify, option, key = retKey();
   
   
if (!confirm("Are you sure you want to delete this customer and all associated credentials?")){ if (!confirm("Are you sure you want to delete this customer and all associated credentials?")){
return false; return false;
} }
   
   
credrow = document.getElementById('CustDisp'+id); credrow = document.getElementById('CustDisp'+id);
notify = document.getElementById('NotificationArea'); notify = document.getElementById('NotificationArea');
if (document.getElementById('Custmenu'+id)){ if (document.getElementById('Custmenu'+id)){
var menu = document.getElementById('Custmenu'+id); var menu = document.getElementById('Custmenu'+id);
} }
   
   
if (window.XMLHttpRequest) if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest(); xmlhttp=new XMLHttpRequest();
} }
else else
{// code for IE6, IE5 {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
} }
xmlhttp.onreadystatechange=function() xmlhttp.onreadystatechange=function()
{ {
if (xmlhttp.readyState==4 && xmlhttp.status==200) if (xmlhttp.readyState==4 && xmlhttp.status==200)
{ {
resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider()); resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider());
// Check for an invalid verb response // Check for an invalid verb response
if (resp[1] == 2){ if (resp[1] == 2){
return unknownAPICommand(); return unknownAPICommand();
} }
if (resp[1] == 0 || resp[2] == 0){ if (resp[1] == 0 || resp[2] == 0){
// Request failed, authentication issue maybe? // Request failed, authentication issue maybe?
notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>'; notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
return false; return false;
} }
credrow.parentNode.removeChild(credrow); credrow.parentNode.removeChild(credrow);
notify.innerHTML += '<div class="alert alert-success">Customer and all associated credentials Deleted</div>'; notify.innerHTML += '<div class="alert alert-success">Customer and all associated credentials Deleted</div>';
   
   
if (menu){ if (menu){
menu.parentNode.removeChild(menu); menu.parentNode.removeChild(menu);
} }
} }
   
} }
option = cryptReq('delCust'); option = cryptReq('delCust');
xmlhttp.open("POST","api.php",true); xmlhttp.open("POST","api.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"); xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send('option='+option+'&id='+id); xmlhttp.send('option='+option+'&id='+id);
} }
   
   
function DelCred(id){ function DelCred(id){
   
var xmlhttp, resp, credrow, notify, option, key = retKey(); var xmlhttp, resp, credrow, notify, option, key = retKey();
   
   
if (!confirm("Are you sure you want to delete this credential?")){ if (!confirm("Are you sure you want to delete this credential?")){
return false; return false;
} }
   
   
credrow = document.getElementById('CredDisp'+id); credrow = document.getElementById('CredDisp'+id);
notify = document.getElementById('NotificationArea'); notify = document.getElementById('NotificationArea');
   
   
if (window.XMLHttpRequest) if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest(); xmlhttp=new XMLHttpRequest();
} }
else else
{// code for IE6, IE5 {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
} }
xmlhttp.onreadystatechange=function() xmlhttp.onreadystatechange=function()
{ {
if (xmlhttp.readyState==4 && xmlhttp.status==200) if (xmlhttp.readyState==4 && xmlhttp.status==200)
{ {
resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider()); resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider());
// Check for an invalid verb response // Check for an invalid verb response
if (resp[1] == 2){ if (resp[1] == 2){
return unknownAPICommand(); return unknownAPICommand();
} }
if (resp[1] == 0 || resp[2] == 0){ if (resp[1] == 0 || resp[2] == 0){
// Request failed, authentication issue maybe? // Request failed, authentication issue maybe?
notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>'; notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
return false; return false;
} }
credrow.parentNode.removeChild(credrow); credrow.parentNode.removeChild(credrow);
notify.innerHTML += '<div class="alert alert-success">Credential Deleted</div>'; notify.innerHTML += '<div class="alert alert-success">Credential Deleted</div>';
} }
   
} }
option = cryptReq('delCred'); option = cryptReq('delCred');
xmlhttp.open("POST","api.php",true); xmlhttp.open("POST","api.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"); xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send('option='+option+'&id='+id); xmlhttp.send('option='+option+'&id='+id);
} }
   
   
   
   
   
   
   
   
/**** SEARCH FUNCTIONS *******/ /**** SEARCH FUNCTIONS *******/
   
   
function positionResults(SearchBox,ResBox){ function positionResults(SearchBox,ResBox){
var search = document.getElementById(SearchBox), var search = document.getElementById(SearchBox),
res = document.getElementById(ResBox); res = document.getElementById(ResBox);
res.style.left = search.offsetLeft +'px'; res.style.left = search.offsetLeft +'px';
// Set the position, but account for bootstrap's border and padding // Set the position, but account for bootstrap's border and padding
res.style.top = eval( search.offsetTop + search.offsetHeight + 6 )+'px'; res.style.top = eval( search.offsetTop + search.offsetHeight + 6 )+'px';
res.style.width = search.offsetWidth +'px'; res.style.width = search.offsetWidth +'px';
} }
   
   
function SearchTable(val,tbl,dispdiv,cellNr,e){ function SearchTable(val,tbl,dispdiv,cellNr,e){
// Many thanks to http://www.vonloesch.de/node/23 for the headstart on this function! // Many thanks to http://www.vonloesch.de/node/23 for the headstart on this function!
   
var disp, suche, table, res, num=0, id, ele, add, r, var disp, suche, table, res, num=0, id, ele, add, r,
keynum = 0; keynum = 0;
   
if(window.event) { keynum = window.event.keyCode; } // IE (sucks) if(window.event) { keynum = window.event.keyCode; } // IE (sucks)
else if(e.which) { keynum = e.which; } // Netscape/Firefox/Opera else if(e.which) { keynum = e.which; } // Netscape/Firefox/Opera
   
if(keynum === 38) { // up if(keynum === 38) { // up
//Move selection up //Move selection up
selectResult('up'); selectResult('up');
return; return;
} }
   
if(keynum === 40) { // down if(keynum === 40) { // down
//Move selection down //Move selection down
selectResult('down'); selectResult('down');
return; return;
} }
   
   
   
// Reset the display div // Reset the display div
disp = document.getElementById(dispdiv); disp = document.getElementById(dispdiv);
disp.innerHTML = ''; disp.innerHTML = '';
   
// Only search after 3 chars have been entered // Only search after 3 chars have been entered
if (val.length < 3){ if (val.length < 3){
return; return;
} }
document.getElementById('SelectedValue').value=0; document.getElementById('SelectedValue').value=0;
positionResults("SearchBox",dispdiv); positionResults("SearchBox",dispdiv);
suche = val.toLowerCase(); suche = val.toLowerCase();
table = document.getElementById(tbl); table = document.getElementById(tbl);
   
for ( r = 0; r < table.rows.length; r++){ for ( r = 0; r < table.rows.length; r++){
ele = table.rows[r].cells[cellNr].innerHTML.replace(/<[^>]+>/g,""); ele = table.rows[r].cells[cellNr].innerHTML.replace(/<[^>]+>/g,"");
if ((ele.toLowerCase().indexOf(suche)>=0 ) || ((suche.indexOf(":") >= 0) && (table.rows[r].cells[1].innerHTML.toLowerCase().indexOf(suche)>=0))){ if ((ele.toLowerCase().indexOf(suche)>=0 ) || ((suche.indexOf(":") >= 0) && (table.rows[r].cells[1].innerHTML.toLowerCase().indexOf(suche)>=0))){
num=num+1; num=num+1;
// Work out how to display // Work out how to display
res = document.createElement('div'); res = document.createElement('div');
res.id = 'SearchResult'+num; res.id = 'SearchResult'+num;
res.className = 'SearchResult'; res.className = 'SearchResult';
res.setAttribute('link',table.rows[r].cells[5].innerHTML); res.setAttribute('link',table.rows[r].cells[5].innerHTML);
res.setAttribute('entID',table.rows[r].cells[2].innerHTML); res.setAttribute('entID',table.rows[r].cells[2].innerHTML);
if (table.rows[r].cells[4].innerHTML != null && table.rows[r].cells[4].innerHTML != ''){ if (table.rows[r].cells[4].innerHTML != null && table.rows[r].cells[4].innerHTML != ''){
id = table.rows[r].cells[4].innerHTML; id = table.rows[r].cells[4].innerHTML;
}else{ }else{
id = 'id'; id = 'id';
} }
if (table.rows[r].cells[6]){ if (table.rows[r].cells[6]){
   
   
  add = table.rows[r].cells[6].innerHTML.split("=");
   
  res.setAttribute('entid2',add[0]);
  res.setAttribute('entid2val',add[1]);
add = "&"+ table.rows[r].cells[6].innerHTML; add = "&"+ table.rows[r].cells[6].innerHTML;
   
   
   
   
   
}else{ }else{
add = ''; add = '';
} }
res.setAttribute('onclick',"window.location.href = 'index.php?option="+table.rows[r].cells[5].innerHTML + "&"+id+"="+table.rows[r].cells[2].innerHTML+add+"';"); res.setAttribute('onclick',"window.location.href = 'index.php?option="+table.rows[r].cells[5].innerHTML + "&"+id+"="+table.rows[r].cells[2].innerHTML+add+"';");
res.setAttribute('frmName',id); res.setAttribute('frmName',id);
res.innerHTML = table.rows[r].cells[1].innerHTML + " " +table.rows[r].cells[cellNr].innerHTML; res.innerHTML = table.rows[r].cells[1].innerHTML + " " +table.rows[r].cells[cellNr].innerHTML;
disp.appendChild(res); disp.appendChild(res);
disp.style.display = 'block'; disp.style.display = 'block';
   
} }
} }
} }
   
   
function selectResult(dir){ function selectResult(dir){
var ind, SearchResult, var ind, SearchResult,
SelIndex = document.getElementById('SelectedValue'), SelIndex = document.getElementById('SelectedValue'),
SearchLength = document.getElementById('SearchResBox').childNodes.length; SearchLength = document.getElementById('SearchResBox').childNodes.length;
   
if (dir == 'down'){ if (dir == 'down'){
if (SelIndex.value != 0){ if (SelIndex.value != 0){
document.getElementById("SearchResult" + parseInt(SelIndex.value)).className = 'SearchResult'; document.getElementById("SearchResult" + parseInt(SelIndex.value)).className = 'SearchResult';
} }
if (SearchLength == SelIndex.value){ if (SearchLength == SelIndex.value){
SelIndex.value=0; SelIndex.value=0;
} }
ind = eval(parseInt(SelIndex.value) + 1); ind = eval(parseInt(SelIndex.value) + 1);
   
}else{ }else{
document.getElementById("SearchResult" + parseInt(SelIndex.value)).className = 'SearchResult'; document.getElementById("SearchResult" + parseInt(SelIndex.value)).className = 'SearchResult';
if (SelIndex.value == 1){ if (SelIndex.value == 1){
ind = SearchLength; ind = SearchLength;
}else{ }else{
ind = eval(parseInt(SelIndex.value) - 1); ind = eval(parseInt(SelIndex.value) - 1);
} }
} }
SearchResult = document.getElementById('SearchResult'+ind); SearchResult = document.getElementById('SearchResult'+ind);
SearchResult.className = 'SearchResult SearchResultActive'; SearchResult.className = 'SearchResult SearchResultActive';
SelIndex.value = ind; SelIndex.value = ind;
document.getElementById('SrchOpt').value = SearchResult.getAttribute('link'); document.getElementById('SrchOpt').value = SearchResult.getAttribute('link');
document.getElementById('SrchID').name = SearchResult.getAttribute('frmName'); document.getElementById('SrchID').name = SearchResult.getAttribute('frmName');
document.getElementById('SrchID').value = SearchResult.getAttribute('entID'); document.getElementById('SrchID').value = SearchResult.getAttribute('entID');
  document.getElementById('SrchID2').name = SearchResult.getAttribute('entid2');
  document.getElementById('SrchID2').value = SearchResult.getAttribute('entid2val');
document.getElementById('SearchBox').focus(); document.getElementById('SearchBox').focus();
} }
   
   
function hideSearchDiv(dispdiv){ function hideSearchDiv(dispdiv){
var div = document.getElementById(dispdiv); var div = document.getElementById(dispdiv);
for (opacity = 10; opacity > 0; opacity--){ for (opacity = 10; opacity > 0; opacity--){
div.style.opacity = '0.'+opacity; div.style.opacity = '0.'+opacity;
} }
div.style.display = 'none'; div.style.display = 'none';
div.style.opacity = '1'; div.style.opacity = '1';
} }
   
   
function checkExistingSearch(val,div){ function checkExistingSearch(val,div){
if (val.length > 3){ if (val.length > 3){
document.getElementById(div).style.display = 'block'; document.getElementById(div).style.display = 'block';
} }
} }
   
   
function setUpMenus(){ function setUpMenus(){
   
jQuery(document).ready(function() { jQuery(document).ready(function() {
   
if (!document.getElementById('SearchListing')){ return; } if (!document.getElementById('SearchListing')){ return; }
var menu,ele; var menu,ele;
CreateMenuContent('TypeDropDownMenu',2,'SearchListing',0, 100, 'TypeMenu'); CreateMenuContent('TypeDropDownMenu',2,'SearchListing',0, 100, 'TypeMenu');
CreateMenuContent('CustDropDownMenu',1,'SearchListing',0, 5, 'Custmenu'); CreateMenuContent('CustDropDownMenu',1,'SearchListing',0, 5, 'Custmenu');
menu = document.getElementById('CustDropDownMenu'); menu = document.getElementById('CustDropDownMenu');
ele = document.createElement('li'); ele = document.createElement('li');
ele.className='divider'; ele.className='divider';
   
menu.appendChild(ele); menu.appendChild(ele);
   
ele = document.createElement('li'); ele = document.createElement('li');
ele.className = 'viewAll'; ele.className = 'viewAll';
ele.innerHTML = "<a href='index.php?option=viewCustomers'>View All</a></li>"; ele.innerHTML = "<a href='index.php?option=viewCustomers'>View All</a></li>";
menu.appendChild(ele); menu.appendChild(ele);
}); });
   
   
   
} }
   
   
/***** Crypto Functions ******/ /***** Crypto Functions ******/
   
   
/** Use bitwise Xor to encrypt the supplied string with the supplied key and return a base64 encoded representation of the character codes /** Use bitwise Xor to encrypt the supplied string with the supplied key and return a base64 encoded representation of the character codes
* Did try converting back to char, but things broke quite monumentally. Realistically makes little difference to an attacker, though it is a pain * Did try converting back to char, but things broke quite monumentally. Realistically makes little difference to an attacker, though it is a pain
* as it means a longer request. * as it means a longer request.
* *
*/ */
function xorestr(str,key){ function xorestr(str,key){
if (!enabledEncryption()){ return str; } if (!enabledEncryption()){ return str; }
var a, b, var a, b,
enc='', enc='',
keypos = 0; keypos = 0;
   
for (var i=0; i<str.length;i++) { for (var i=0; i<str.length;i++) {
   
   
a = str.charCodeAt(i); a = str.charCodeAt(i);
b = a ^ key.charCodeAt(keypos) ; b = a ^ key.charCodeAt(keypos) ;
enc += b.toString()+" "; enc += b.toString()+" ";
   
keypos++; keypos++;
if (keypos >= key.length){ keypos = 0;} if (keypos >= key.length){ keypos = 0;}
} }
   
   
   
   
   
return enc; return enc;
} }
   
   
function xordstr(str,key){ function xordstr(str,key){
   
if (!enabledEncryption()){ return str; } if (!enabledEncryption()){ return str; }
var a, b, var a, b,
enc='', enc='',
keypos = 0, keypos = 0,
str = str.split(" "); str = str.split(" ");
   
for (var i=0; i<str.length;i++) { for (var i=0; i<str.length;i++) {
   
if (str[i].length == 0){ continue; } if (str[i].length == 0){ continue; }
a = str[i]; a = str[i];
b = a ^ key.charCodeAt(keypos) ; b = a ^ key.charCodeAt(keypos) ;
enc += String.fromCharCode(b); enc += String.fromCharCode(b);
   
keypos++; keypos++;
if (keypos >= key.length){ keypos = 0;} if (keypos >= key.length){ keypos = 0;}
} }
   
return enc; return enc;
} }
   
   
function unknownAPICommand(){ function unknownAPICommand(){
// The API reports that the verb used wasn't recognised. We need to refresh the key file // The API reports that the verb used wasn't recognised. We need to refresh the key file
var sess,sessid,parent,frm,notify; var notify = document.getElementById('NotificationArea');
   
   
   
   
   
sess = document.getElementById("kFile");  
sessid = sess.getAttribute('src');  
parent = sess.parentNode;  
notify = document.getElementById('NotificationArea')  
clearInterval(sesscheck); clearInterval(sesscheck);
notify.innerHTML += "<div id='apiError' class='alert alert-error'>API Error Detected</div>"; notify.innerHTML += "<div id='apiError' class='alert alert-error'>API Error Detected</div>";
if (!enabledEncryption()){ return; } if (!enabledEncryption()){ return; }
if(!confirm("The API reported an error, attempting to rectify. Click OK to try and rectify")){ if(!confirm("The API reported an error, attempting to rectify. Click OK to try and rectify")){
return; return;
} }
notify.removeChild(document.getElementById('apiError')); notify.removeChild(document.getElementById('apiError'));
notify.innerHTML = "<div id='apiError' class='alert alert-info'>Attempting to rectify API issue. Window will refresh when ready</div>"; notify.innerHTML = "<div id='apiError' class='alert alert-info'>Attempting to rectify API issue. Window will refresh when ready</div>";
destroyKeys(); destroyKeys();
  removeCurrKey(1);
   
  }
   
   
   
  function removeCurrKey(n){
   
  var frm,
  sess = document.getElementById("kFile"),
  sessid = sess.getAttribute('src'),
  parent = sess.parentNode;
   
parent.removeChild(sess); parent.removeChild(sess);
// We need to delete the cookie, but can't do that from the current location // We need to delete the cookie, but can't do that from the current location
frm = document.createElement('iframe'); frm = document.createElement('iframe');
frm.setAttribute('id','kfile'); frm.setAttribute('id','kfile');
frm.setAttribute('src',sessid); frm.setAttribute('src',sessid+'&forceload=y');
frm.style.width = '0px'; frm.style.width = '0px';
frm.style.height = '0px'; frm.style.height = '0px';
frm.style.border = '0px'; frm.style.border = '0px';
document.body.appendChild(frm); document.body.appendChild(frm);
// Wait 500 milliseconds so we can be sure it's loaded // Wait 500 milliseconds so we can be sure it's loaded
interval = setInterval("reloadKeyf('"+sessid+"')",500); interval = setInterval("reloadKeyf('"+sessid+"',"+n+")",500);
   
  }
}  
   
   
  function reloadKeyf(sessid,n){
function reloadKeyf(sessid){  
var frm, date, notify; var frm, date, notify;
clearInterval(interval); clearInterval(interval);
frm = document.getElementById('kfile'); frm = document.getElementById('kfile');
frm.contentWindow.document.cookie = 'PHPCredLockerKeySet=0;'; frm.contentWindow.document.cookie = 'PHPCredLockerKeySet=0;';
frm.parentNode.removeChild(frm); frm.parentNode.removeChild(frm);
date = new Date(); date = new Date();
frm = document.createElement('script'); frm = document.createElement('script');
frm.setAttribute('id','kFile'); frm.setAttribute('id','kFile');
// Append a string to ensure the browser doesn't use the cache. // Append a string to ensure the browser doesn't use the cache.
frm.setAttribute('src',sessid+date.getTime()); frm.setAttribute('src',sessid+'&forceload=y'+'&rand='+date.getTime());
document.getElementsByTagName("head")[0].appendChild(frm); document.getElementsByTagName("head")[0].appendChild(frm);
if (window.getKey != ''){ if (window.getKey != '' && n == 1){
   
notify = document.getElementById('apiError'); notify = document.getElementById('apiError');
notify.parentNode.removeChild(notify); notify.parentNode.removeChild(notify);
sesscheck = setInterval("checkSession()",120000); sesscheck = setInterval("checkSession()",120000);
} }
} }
   
   
   
   
   
   
   
function decryptAPIResp(str,key){ function decryptAPIResp(str,key){
if (!enabledEncryption()){ return str; } if (!enabledEncryption()){ return str; }
return Base64.decode(xordstr(Base64.decode(str),key)); return Base64.decode(xordstr(Base64.decode(str),key));
} }
   
   
function getDivider(){ function getDivider(){
return getDelimiter(); return getDelimiter();
} }
   
   
function getTerms(a){ function getTerms(a){
return Base64.decode(getTerminology(a)); return Base64.decode(getTerminology(a));
} }
   
   
function cryptReq(str){ function cryptReq(str){
/* We retrieve the key here (even though it's available to the parent) /* We retrieve the key here (even though it's available to the parent)
* because we may want to implement a second key used for sending requests, * because we may want to implement a second key used for sending requests,
* whether that's a symmetric or asymetric key. * whether that's a symmetric or asymetric key.
*/ */
var ciphert,key = retKey(), var ciphert,key = retKey(),
div = getDivider(); div = getDivider();
ciphert = genPadding() + div + getTerms(str) + div + genPadding(); ciphert = genPadding() + div + getTerms(str) + div + genPadding();
if (!enabledEncryption()){ return ciphert; } if (!enabledEncryption()){ return ciphert; }
return encodeURIComponent(Base64.encode(xorestr(Base64.encode(ciphert),key))); return encodeURIComponent(Base64.encode(xorestr(Base64.encode(ciphert),key)));
} }
   
   
/** Really not that familiar with random string generation in JS, but this seems to work! */ /** Really not that familiar with random string generation in JS, but this seems to work! */
function genPadding(){ function genPadding(){
if (!enabledEncryption()){ return 'a'; } if (!enabledEncryption()){ return 'a'; }
var i,c, var i,c,
a=''; a='';
   
c = Math.random().toString(10).substring(2,3); c = Math.random().toString(10).substring(2,3);
for (i=0;i < c;i++){ for (i=0;i < c;i++){
a += Math.random().toString(10).substring(Math.random().toString(10).substring(2,3)); a += Math.random().toString(10).substring(Math.random().toString(10).substring(2,3));
} }
   
return a; return a;
} }
   
   
function retAuthKey(){ function retAuthKey(){
return Base64.decode(getAuthKey()); return Base64.decode(getAuthKey());
} }
   
function retKey(){ function retKey(){
return Base64.decode(getKey()); return Base64.decode(getKey());
} }
   
   
function checkKeyAvailable(){ function checkKeyAvailable(){
if(typeof getKey != 'function') { if(typeof getKey != 'function') {
if (confirm("Key retrieval failed - Attempting to rectify, Click OK to continue - Screen will refresh")){ if (confirm("Key retrieval failed - Attempting to rectify, Click OK to continue - Screen may refresh")){
var i, var i,
cookies = document.cookie.split(";"); cookies = document.cookie.split(";");
for (i = 0; i < cookies.length; i++){ for (i = 0; i < cookies.length; i++){
KillCookie(cookies[i].split("=")[0]); KillCookie(cookies[i].split("=")[0]);
} }
window.location.href = location.reload(); removeCurrKey();
   
  if(typeof getKey == 'function') {
  alert("Keys retrieved successfully");
  return true;
   
  }
   
  window.location.reload(true);
return false; return false;
} }
} }
return true; return true;
} }
   
   
   
   
   
   
/********* MMMMMMMMMMMM COOKIES! ******/ /********* MMMMMMMMMMMM COOKIES! ******/
   
   
function KillCookie(name) { function KillCookie(name) {
createCookie(name,"",-1); createCookie(name,"",-1);
} }
   
   
   
function createCookie(nme,val,expire) { function createCookie(nme,val,expire) {
var expires, date; var expires, date;
if (expire) { if (expire) {
date = new Date(); date = new Date();
date.setTime(date.getTime()+(expire*24*60*60*1000)); date.setTime(date.getTime()+(expire*24*60*60*1000));
expires = "; expires="+date.toGMTString(); expires = "; expires="+date.toGMTString();
} }
else expires = ""; else expires = "";
document.cookie = nme+"="+val+expires+"; path=/"; document.cookie = nme+"="+val+expires+"; path=/";
} }
   
<?php <?php
/** Plugins Configuration /** Plugins Configuration
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
   
   
   
   
$plugins->Auth = array(); $plugins->Auth = array();
$plugins->Logging = array('AffinityLive'); $plugins->Logging = array('AffinityLive');
$plugins->Customers = array(); $plugins->Customers = array();
$plugins->Creds = array('AutoAuth'); $plugins->Creds = array('AutoAuth');
$plugins->CredTypes = array('AutoAuth'); $plugins->CredTypes = array('AutoAuth');
$plugins->Cron = array(); $plugins->Cron = array();
  $plugins->Resources = array('ExternalResources');
   
   
   
  <?php
  /** ExternalResources plugin Config
  *
  * Copyright (C) 2012 B Tasker
  * Released under GNU GPL V2
  * See LICENSE
  *
  */
  defined('_CREDLOCK') or die;
 
  // Set this to false to disable the plugin
  $this->active = false;
 
 
  // URL to prefix resources with (don't include a trailing slash)
  $this->url = "";
 
 
  ?>
 
<?php <?php
/** API call Handler /** API call Handler
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
   
ob_start(); ob_start();
   
require_once 'lib/lang.php'; require_once 'lib/lang.php';
require_once 'lib/auth.class.php'; require_once 'lib/auth.class.php';
require_once 'lib/db/loggingdb.class.php'; require_once 'lib/db/loggingdb.class.php';
require_once 'lib/plugins.php'; require_once 'lib/plugins.php';
require_once 'lib/crypto.php'; require_once 'lib/crypto.php';
   
$plg = new Plugins; $plg = new Plugins;
$crypt = new Crypto; $crypt = new Crypto;
   
/** /**
Implemented so that we can treat the divider as a key and reduce the likelihood/effectiveness Implemented so that we can treat the divider as a key and reduce the likelihood/effectiveness
of a known plaintext attack by changing it occasionally throughout the session. Just need to of a known plaintext attack by changing it occasionally throughout the session. Just need to
work out a good mechanism for doing so first! work out a good mechanism for doing so first!
*/ */
$opDivider = "|..|"; $opDivider = "|..|";
   
   
   
// See if the user has an active session (must have to continue) // See if the user has an active session (must have to continue)
if (BTMain::getsessVar('Session')){ if (BTMain::getsessVar('Session')){
$auth = new ProgAuth; $auth = new ProgAuth;
$auth->SetUserDets(BTMain::getsessVar('Session')); $auth->SetUserDets(BTMain::getsessVar('Session'));
} }
   
   
if (empty(BTMain::getUser()->name)){ if (empty(BTMain::getUser()->name)){
ob_end_flush(); ob_end_flush();
$op = BTMain::getip().$opDivider."0".$opDivider."Access Denied".$opDivider; echo BTMain::getip().$opDivider."0".$opDivider."Access Denied".$opDivider;
   
   
if (!BTMain::getConnTypeSSL()){  
$op = base64_encode($crypt->xorestring(base64_encode($op),$tlskey));  
}  
   
echo $op;  
die; die;
} }
   
   
echo "1".$opDivider; echo "1".$opDivider;
   
// Decrypt the request // Decrypt the request
   
$option = BTMain::getVar('option'); $option = BTMain::getVar('option');
   
   
   
   
if (!BTMain::getConnTypeSSL()){ if (!BTMain::getConnTypeSSL()){
$tlskey = BTMain::getsessVar('tls'); $tlskey = BTMain::getsessVar('tls');
$option = base64_decode($crypt->xordstring(base64_decode($option),$tlskey)); $option = base64_decode($crypt->xordstring(base64_decode($option),$tlskey));
} }
   
   
$option = explode($opDivider,$option); $option = explode($opDivider,$option);
   
$terms = BTMain::getSessVar('apiterms'); $terms = BTMain::getSessVar('apiterms');
   
$option = $terms[$option[1]]; $option = $terms[$option[1]];
   
   
switch($option){ switch($option){
   
   
case 'retCred': case 'retCred':
require_once 'lib/db/Credentials.php'; require_once 'lib/db/Credentials.php';
   
$db = new CredDB; $db = new CredDB;
$cred = $db->FetchCredential(BTMain::getVar('id')); $cred = $db->FetchCredential(BTMain::getVar('id'));
   
$crypt->safety = 0; $crypt->safety = 0;
   
$key = 'Cre'.$cred->CredType; $key = 'Cre'.$cred->CredType;
   
// Build the response // Build the response
$pass = htmlspecialchars($crypt->decrypt($cred->Hash,$key)); $pass = htmlspecialchars($crypt->decrypt($cred->Hash,$key));
$address = htmlspecialchars($crypt->decrypt($cred->Address,$key)); $address = htmlspecialchars($crypt->decrypt($cred->Address,$key));
$uname = htmlspecialchars($crypt->decrypt($cred->UName,$key)); $uname = htmlspecialchars($crypt->decrypt($cred->UName,$key));
   
if ($cred->Clicky){ if ($cred->Clicky){
$pass = "<a href='$pass' target=_blank title='Click to Open'>$pass</a>"; $pass = "<a href='$pass' target=_blank title='Click to Open'>$pass</a>";
} }
   
   
echo $pass.$opDivider."<a href='$address' target=_blank>".$address."</a>" .$opDivider. echo $pass.$opDivider."<a href='$address' target=_blank>".$address."</a>" .$opDivider.
$uname . $opDivider; $uname . $opDivider;
   
   
// Call any configured plugins // Call any configured plugins
$data->cred = $cred; $data->cred = $cred;
$data->cred->id = BTMain::getVar('id'); $data->cred->id = BTMain::getVar('id');
$data->action = 'display'; $data->action = 'display';
   
echo $plg->loadPlugins("Creds",$data)->plgOutput; echo $plg->loadPlugins("Creds",$data)->plgOutput;
   
break; break;
   
   
   
case 'checkSess': case 'checkSess':
echo "OK"; ob_end_clean();
  echo BTMain::getip().$opDivider."1".$opDivider."OK".$opDivider;
  die;
break; break;
   
   
case 'delCred': case 'delCred':
require_once 'lib/db/Credentials.php'; require_once 'lib/db/Credentials.php';
$db = new CredDB; $db = new CredDB;
if ( $db->DelCredential(BTMain::getVar('id'))){ if ( $db->DelCredential(BTMain::getVar('id'))){
echo "1$opDivider\n"; echo "1$opDivider\n";
}else{ }else{
echo "0$opDivider\n"; echo "0$opDivider\n";
} }
break; break;
   
   
   
case 'delUser': case 'delUser':
BTMain::checkSuperAdmin(); BTMain::checkSuperAdmin();
$db = new AuthDB; $db = new AuthDB;
if ( $db->DelUser(BTMain::getVar('id'))){ if ( $db->DelUser(BTMain::getVar('id'))){
echo "1$opDivider\n"; echo "1$opDivider\n";
}else{ }else{
echo "0$opDivider\n"; echo "0$opDivider\n";
} }
break; break;
   
   
   
case 'delCredType': case 'delCredType':
BTMain::checkSuperAdmin(); BTMain::checkSuperAdmin();
require_once 'lib/db/Credentials.php'; require_once 'lib/db/Credentials.php';
$db = new CredDB; $db = new CredDB;
if ( $db->DelCredentialType(BTMain::getVar('id'))) { if ( $db->DelCredentialType(BTMain::getVar('id'))) {
$data->id = BTMain::getVar('id'); $data->id = BTMain::getVar('id');
$data->action = 'del'; $data->action = 'del';
echo $plg->loadPlugins("CredTypes",$data)->plgOutput; echo $plg->loadPlugins("CredTypes",$data)->plgOutput;
   
echo "1$opDivider\n"; echo "1$opDivider\n";
}else{ }else{
echo "0$opDivider|\n"; echo "0$opDivider|\n";
} }
break; break;
   
   
   
   
case 'delCust': case 'delCust':
require_once 'lib/db/Customer.php'; require_once 'lib/db/Customer.php';
$db = new CustDB; $db = new CustDB;
if ( $db->DelCust(BTMain::getVar('id'))){ if ( $db->DelCust(BTMain::getVar('id'))){
echo "1$opDivider\n"; echo "1$opDivider\n";
}else{ }else{
echo "0$opDivider\n"; echo "0$opDivider\n";
} }
break; break;
   
   
   
   
case 'delGroup': case 'delGroup':
BTMain::checkSuperAdmin(); BTMain::checkSuperAdmin();
$auth = new AuthDB; $auth = new AuthDB;
   
if($auth->delGroup(BTMain::getVar('id'))){ if($auth->delGroup(BTMain::getVar('id'))){
echo "1$opDivider\n"; echo "1$opDivider\n";
}else{ }else{
echo "0$opDivider\n"; echo "0$opDivider\n";
} }
break; break;
   
   
   
default: default:
ob_clean(); ob_clean();
echo "2".$opDivider; echo "2".$opDivider;
break; break;
   
} }
   
   
// Encrypt the output and send back // Encrypt the output and send back
$padding = $crypt->genXorPadding(); $padding = $crypt->genXorPadding();
$endpadding = $crypt->genXorPadding(); $endpadding = $crypt->genXorPadding();
   
$op = $padding.$opDivider.ob_get_clean().$opDivider.$endpadding; $op = $padding.$opDivider.ob_get_clean().$opDivider.$endpadding;
   
if (!BTMain::getConnTypeSSL()){ if (!BTMain::getConnTypeSSL()){
$op = base64_encode($crypt->xorestring(base64_encode($op),$tlskey)); $op = base64_encode($crypt->xorestring(base64_encode($op),$tlskey));
} }
   
echo $op; echo $op;
   
ob_end_flush(); ob_end_flush();
?> ?>
<?php <?php
/** Main HTML Output generation /** Main HTML Output generation
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
   
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
   
   
   
class genOutput{ class genOutput{
   
/** Ouputs the default content for the homepage. Content can be controlled in the notifications config file /** Ouputs the default content for the homepage. Content can be controlled in the notifications config file
* *
*/ */
function genDefaultPage(){ function genDefaultPage(){
global $notifications; global $notifications;
$notifications->setPageTitle("Home"); $notifications->setPageTitle("Home");
   
if (BTMain::getUser()->name){ if (BTMain::getUser()->name){
$notname= 'HomePageTextLoggedIn'; $notname= 'HomePageTextLoggedIn';
}else{ }else{
$notname= 'HomePageTextNotLoggedIn'; $notname= 'HomePageTextNotLoggedIn';
} }
   
   
$notif = $notifications->getNotification($notname); $notif = $notifications->getNotification($notname);
$str = "<div class='{$notif->className}'"; $str = "<div class='{$notif->className}'";
   
   
if (isset($notif->id)){ if (isset($notif->id)){
$str .= " id='{$notif->id}'"; $str .= " id='{$notif->id}'";
} }
   
   
   
return $str . $notif->text . "</div>\n"; return $str . $notif->text . "</div>\n";
   
} }
   
   
   
   
   
/** Call the relevant template /** Call the relevant template
* *
*/ */
function callTemplate(){ function callTemplate(){
// Load the config so we know which template to call // Load the config so we know which template to call
   
$template = BTMain::getConf()->template; $template = BTMain::getConf()->template;
require "templates/$template/index.php"; require "templates/$template/index.php";
   
} }
   
   
/** Load a view and return the output /** Load a view and return the output
* *
* @arg view string * @arg view string
*/ */
function loadView($view){ function loadView($view){
   
ob_start; ob_start;
$template = BTMain::getConf()->template; $template = BTMain::getConf()->template;
$view = str_replace(".","/",$view); $view = str_replace(".","/",$view);
// Check for template level override // Check for template level override
if (file_exists("templates/". $template . "html/views/" . $view . ".php")){ if (file_exists("templates/". $template . "html/views/" . $view . ".php")){
require "templates/". $template . "html/views/" . $view . ".php"; require "templates/". $template . "html/views/" . $view . ".php";
}else{ }else{
require "views/" . $view . ".php"; require "views/" . $view . ".php";
   
} }
return ob_get_clean(); return ob_get_clean();
} }
   
   
/** Output the Breadcrumbs /** Output the Breadcrumbs
* *
*/ */
function BreadCrumbs(){ function BreadCrumbs(){
?> ?>
<ul class="breadcrumb"> <ul class="breadcrumb">
<li> <li>
<a href="index.php">Home</a> <a href="index.php">Home</a>
</li> </li>
<?php foreach ($GLOBALS['BREADCRUMB'] as $crumb){?> <?php foreach ($GLOBALS['BREADCRUMB'] as $crumb){?>
<li> <li>
<span class="divider">/</span> <span class="divider">/</span>
<a href="<?php echo $crumb['url']; ?>"><?php echo $crumb['name']; ?></a> <a href="<?php echo $crumb['url']; ?>"><?php echo $crumb['name']; ?></a>
</li> </li>
   
<?php }?> <?php }?>
</ul> </ul>
<?php <?php
   
} }
   
   
   
/** Generate the HTML for any relevant Notifications /** Generate the HTML for any relevant Notifications
* *
*/ */
function Notifications(){ function Notifications(){
   
global $notifications; global $notifications;
$nots = $notifications->getNotifications(); $nots = $notifications->getNotifications();
  $str = array();
if ($notifications){  
  if ($nots){
foreach ($nots as $not){ foreach ($nots as $not){
$id=''; $id='';
   
if (!empty($not->id)){ if (!empty($not->id)){
$id = " id='{$not->id}'"; $id = " id='{$not->id}'";
} }
   
$str[] = "<div class='{$not->className}'$id>{$not->text}</div>"; $str[] = "<div class='{$not->className}'$id>{$not->text}</div>";
   
} }
   
   
} }
   
return implode("\n",$str); return implode("\n",$str);
   
} }
   
   
   
/** Push the required headers /** Push the required headers
* *
*/ */
function headContents(){ function headContents(){
   
global $notifications; global $notifications;
$page = $notifications->getPageInfo(); $page = $notifications->getPageInfo();
$conf = BTMain::getConf(); $conf = BTMain::getConf();
   
   
  $plg = new Plugins;
   
   
  $resourcespath = "Resources";
   
   
  // Call any configured plugins
  $data->resourcespath = $resourcespath;
  $data->action = 'loadresource';
   
   
  $plgoutput = $plg->loadPlugins("Resources",$data)->plgOutput;
   
  if (!empty($plgoutput)){
  $resourcespath = $plgoutput;
  }
   
   
   
?> ?>
<title><?php echo $conf->ProgName;?> - <?php echo htmlentities($page->title);?></title> <title><?php echo $conf->ProgName;?> - <?php echo htmlentities($page->title);?></title>
<link rel="stylesheet" type="text/css" href="Resources/jquery.tooltip<?php echo $conf->JSMinName;?>.css" /> <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
<link rel="stylesheet" type="text/css" href="Resources/bootstrap/css/bootstrap<?php echo $conf->JSMinName;?>.css" /> <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/bootstrap/css/bootstrap<?php echo $conf->JSMinName;?>.css" />
<link rel="stylesheet" type="text/css" href="Resources/bootstrap/css/bootstrap-responsive<?php echo $conf->JSMinName;?>.css" /> <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/bootstrap/css/bootstrap-responsive<?php echo $conf->JSMinName;?>.css" />
<link rel="stylesheet" type="text/css" href="Resources/jquery.tooltip<?php echo $conf->JSMinName;?>.css" /> <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
   
<?php foreach ($page->css as $css):?> <?php foreach ($page->css as $css):?>
<link rel="stylesheet" type="text/css" href='Resources/<?php echo $css;?>.css'/> <link rel="stylesheet" type="text/css" href='<?php echo $resourcespath; ?>/<?php echo $css;?>.css'/>
<?php endforeach;?> <?php endforeach;?>
   
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
<script type="text/javascript" src="Resources/bootstrap/js/bootstrap<?php echo $conf->JSMinName;?>.js"></script> <script type="text/javascript" src="<?php echo $resourcespath; ?>/bootstrap/js/bootstrap<?php echo $conf->JSMinName;?>.js"></script>
<script type="text/javascript" src="Resources/jquery.tooltip.min.js"></script> <script type="text/javascript" src="<?php echo $resourcespath; ?>/jquery.tooltip.min.js"></script>
<script id='kFile' src="Resources/info.php?<?php echo md5(session_id().$_SERVER['REMOTE_ADDR']); ?>" type="text/javascript"></script> <script id='kFile' src="Resources/info.php?<?php echo md5(session_id().$_SERVER['REMOTE_ADDR']); ?>" type="text/javascript"></script>
<script src="Resources/main<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script> <script src="<?php echo $resourcespath; ?>/main<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
<script src="Resources/base64<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script> <script src="<?php echo $resourcespath; ?>/base64<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
   
<?php foreach ($page->reqscripts as $script):?> <?php foreach ($page->reqscripts as $script):?>
<script src="Resources/<?php echo $script;?><?php echo $conf->JSMinName;?>.js" type="text/javascript"></script> <script src="<?php echo $resourcespath; ?>/<?php echo $script;?><?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
<?php endforeach; if (!empty($page->custJS[0])):?> <?php endforeach; if (!empty($page->custJS[0])):?>
   
<script type="text/javascript"> <script type="text/javascript">
<?php echo implode("\n",$page->custJS);?> <?php echo implode("\n",$page->custJS);?>
</script> </script>
   
<?php endif; ?> <?php endif; ?>
   
<!-- Fire the default scripts when the browser reports document ready --> <!-- Fire the default scripts when the browser reports document ready -->
<script type="text/javascript"> <script type="text/javascript">
var sesscheck; jQuery(document).ready(function() { checkKeyAvailable(); var sesscheck; jQuery(document).ready(function() { checkKeyAvailable();
<?php if (BTMain::getUser()->name):?>sesscheck = setInterval("checkSession()",120000);<?php endif;?>}); <?php if (BTMain::getUser()->name):?>sesscheck = setInterval("checkSession()",120000);<?php endif;?>});
</script> </script>
   
<?php <?php
} }
   
   
   
   
/** Load a module by name /** Load a module by name
* *
* @arg module - string * @arg module - string
* *
*/ */
function loadModule($module){ function loadModule($module){
   
$template = BTMain::getConf()->template; $template = BTMain::getConf()->template;
   
   
// Check for template override // Check for template override
if (file_exists("templates/$template/html/modules/$module/$module.php")){ if (file_exists("templates/$template/html/modules/$module/$module.php")){
require "templates/$template/html/modules/$module/$module.php"; require "templates/$template/html/modules/$module/$module.php";
}else{ }else{
require "modules/$module/$module.php"; require "modules/$module/$module.php";
} }
   
   
   
} }
   
   
   
   
}/** Gen Output Class Ends **/ }/** Gen Output Class Ends **/
   
   
   
   
   
   
   
   
/** Notifications class **/ /** Notifications class **/
class notifications{ class notifications{
   
   
   
   
/** Return an object containing any notification items that have been set (or at least those suited for embedding in the head) /** Return an object containing any notification items that have been set (or at least those suited for embedding in the head)
* *
* @return object * @return object
* *
*/ */
function getPageInfo(){ function getPageInfo(){
   
$page->title = ''; $page->title = '';
$page->css = array(); $page->css = array();
$page->reqscripts = array(); $page->reqscripts = array();
$page->custJS = array(); $page->custJS = array();
   
if (isset($this->pagetitle)){ if (isset($this->pagetitle)){
$page->title = $this->pagetitle; $page->title = $this->pagetitle;
} }
   
if (is_array($this->css)){ if (is_array($this->css)){
$page->css = $this->css; $page->css = $this->css;
} }
   
if (is_array($this->requiredscripts)){ if (is_array($this->requiredscripts)){
$page->reqscripts = $this->requiredscripts; $page->reqscripts = $this->requiredscripts;
} }
   
if (is_array($this->customJS)){ if (is_array($this->customJS)){
$page->custJS = $this->customJS; $page->custJS = $this->customJS;
} }
   
return $page; return $page;
} }
   
   
/** Set the page title /** Set the page title
* *
* @arg title * @arg title
* *
*/ */
function setPageTitle($title){ function setPageTitle($title){
$this->pagetitle = $title; $this->pagetitle = $title;
} }
   
   
   
   
/** Return the content of a single named notification /** Return the content of a single named notification
* *
* @arg notname - string - notification name * @arg notname - string - notification name
* *
* @return object * @return object
* *
*/ */
function getNotification($notname){ function getNotification($notname){
   
if (empty($notname)){ return false; } if (empty($notname)){ return false; }
   
include 'conf/notifications.php'; include 'conf/notifications.php';
   
return $notifs->$notname; return $notifs->$notname;
   
   
} }
   
   
   
   
   
/** Get any notifications that have been triggered /** Get any notifications that have been triggered
* *
* @return object (or false if no notifications) * @return object (or false if no notifications)
* *
*/ */
function getNotifications(){ function getNotifications(){
   
$notif = BTMain::getVar('notif'); $notif = BTMain::getVar('notif');
$triggernotifs = is_array($this->notifications); $triggernotifs = is_array($this->notifications);
   
   
// Check whether there are any notifications to push // Check whether there are any notifications to push
if (!$notif && !$triggernotifs){ if (!$notif && !$triggernotifs){
return false; return false;
} }
   
   
$nots = new stdClass(); $nots = new stdClass();
include 'conf/notifications.php'; include 'conf/notifications.php';
   
// Check for notifications triggered by views // Check for notifications triggered by views
if ($triggernotifs){ if ($triggernotifs){
   
foreach ($this->notifications as $msg){ foreach ($this->notifications as $msg){
$nots->$msg = $notifs->$msg; $nots->$msg = $notifs->$msg;
} }
   
} }
   
   
// Check for notifications triggered by the request // Check for notifications triggered by the request
if ($notif){ if ($notif){
$nots->$notif = $notifs->$notif; $nots->$notif = $notifs->$notif;
} }
   
   
return $nots; return $nots;
} }
   
   
/** Set a notification to display when getNotifications is called /** Set a notification to display when getNotifications is called
* *
* @arg notification - string containing notification name * @arg notification - string containing notification name
* *
*/ */
function setNotification($notification){ function setNotification($notification){
$this->notifications[] = $notification; $this->notifications[] = $notification;
} }
   
   
/** Trigger the inclusion of a CSS file in the document head /** Trigger the inclusion of a CSS file in the document head
* *
* @arg file - filename (Will be automatically prefixed with Resources/ and appended with .css) * @arg file - filename (Will be automatically prefixed with Resources/ and appended with .css)
* *
*/ */
function RequireCSS($file){ function RequireCSS($file){
$this->css[] = $file; $this->css[] = $file;
} }
   
   
/** Trigger the inclusion of a JS file in the document head /** Trigger the inclusion of a JS file in the document head
* *
* @arg file - filename (Will be automatically prefixed with Resources/ and appended with .js) * @arg file - filename (Will be automatically prefixed with Resources/ and appended with .js)
* *
*/ */
function RequireScript($script){ function RequireScript($script){
$this->requiredscripts[] = $script; $this->requiredscripts[] = $script;
} }
   
   
/** Set the breadcrumb path /** Set the breadcrumb path
* *
* @arg path - array * @arg path - array
* *
* Exact schema of the array is dictated by class genOutput but at time of writing, * Exact schema of the array is dictated by class genOutput but at time of writing,
* each breadcrumb item should be an array containing elements name and url * each breadcrumb item should be an array containing elements name and url
* *
*/ */
function setBreadcrumb($path){ function setBreadcrumb($path){
   
$GLOBALS['BREADCRUMB'] = $path; $GLOBALS['BREADCRUMB'] = $path;
   
} }
   
   
/** Embed a JS string into the document head, will automatically be placed between script tags /** Embed a JS string into the document head, will automatically be placed between script tags
* *
* @arg js - string * @arg js - string
* *
*/ */
function setCustomJS($js){ function setCustomJS($js){
$this->customJS[] = "$js"; $this->customJS[] = "$js";
} }
   
   
} }
   
   
   
   
   
?> ?>
<?php <?php
/** Part of Menu module - Table containing data used for search and menu generation. /** Part of Menu module - Table containing data used for search and menu generation.
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
* *
* Usage: each row specifies a record to be parsed by the relevant Javascript function (usually SearchTable or CreateMenuContent) * Usage: each row specifies a record to be parsed by the relevant Javascript function (usually SearchTable or CreateMenuContent)
* *
* *
* <tr> * <tr>
* <td>Text to Display </td> * <td>Text to Display </td>
* <td>Highlighted item (e.g. User:)</td> * <td>Highlighted item (e.g. User:)</td>
* <td>id - the id to append to any URLS</td> * <td>id - the id to append to any URLS</td>
* <td>Classification, used by CreateMenuContent 1 = Customer, 2 = Cred Type</td> * <td>Classification, used by CreateMenuContent 1 = Customer, 2 = Cred Type</td>
* <td>id field - default id, used to form the URI params (so might set frmUsername when linking to user edit page)</td> * <td>id field - default id, used to form the URI params (so might set frmUsername when linking to user edit page)</td>
* <td>option - used to form URI Params</td> * <td>option - used to form URI Params</td>
* <td>Additional Params - Optional </td> * <td>Additional Params - Optional </td>
* </tr> * </tr>
* *
* *
* *
*/ */
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
?> ?>
   
<?php if (BTMain::getUser()->name): <?php if (BTMain::getUser()->name):
   
$custs = new CustDB; $custs = new CustDB;
$crdtypes=new CredDB; $crdtypes=new CredDB;
$crypt = new Crypto; $crypt = new Crypto;
$crypt->safety = 0; $crypt->safety = 0;
   
   
// Output a hidden table so we can use JS to build the menus and implement search funtions (avoids having the cleartext strings in Server memory more than once) // Output a hidden table so we can use JS to build the menus and implement search funtions (avoids having the cleartext strings in Server memory more than once)
?> ?>
   
<!-- Search Table Begins --> <!-- Search Table Begins -->
   
<table id="SearchListing" style="display: none;"> <table id="SearchListing" style="display: none;">
<tr> <tr>
<td>Add <?php echo Lang::_("Customer"); ?></td> <td>Add <?php echo Lang::_("Customer"); ?></td>
<td><?php echo Lang::_("Customer"); ?>:</td> <td><?php echo Lang::_("Customer"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>addCustomer</td> <td>addCustomer</td>
</tr> </tr>
   
<tr> <tr>
<td>View <?php echo Lang::_("Customers"); ?></td> <td>View <?php echo Lang::_("Customers"); ?></td>
<td><?php echo Lang::_("Customer"); ?>:</td> <td><?php echo Lang::_("Customer"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>viewCustomers</td> <td>viewCustomers</td>
</tr> </tr>
   
<?php <?php
foreach ($custs->getAllCustomers() as $customer){ foreach ($custs->getAllCustomers() as $customer){
ob_start(); ob_start();
$plaintext = $crypt->decrypt($customer->Name,'Customer'); $plaintext = $crypt->decrypt($customer->Name,'Customer');
?> ?>
<tr> <tr>
<td><?php echo $plaintext; ?></td> <td><?php echo $plaintext; ?></td>
<td><?php echo Lang::_("Customer"); ?>:</td> <td><?php echo Lang::_("Customer"); ?>:</td>
<td><?php echo $customer->id;?></td> <td><?php echo $customer->id;?></td>
<td>1</td> <td>1</td>
<td></td> <td></td>
<td>viewCust</td> <td>viewCust</td>
</tr> </tr>
   
<?php <?php
$tbl[$plaintext] = ob_get_clean(); $tbl[$plaintext] = ob_get_clean();
} }
   
   
ksort($tbl); ksort($tbl);
echo implode("\n",$tbl); echo implode("\n",$tbl);
   
if (BTMain::checkisSuperAdmin()):?> if (BTMain::checkisSuperAdmin()):?>
   
<tr> <tr>
<td>Add <?php echo Lang::_("Credential Type"); ?></td> <td>Add <?php echo Lang::_("Credential Type"); ?></td>
<td><?php echo Lang::_("Credential Type"); ?>:</td> <td><?php echo Lang::_("Credential Type"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>addCredType</td> <td>addCredType</td>
</tr> </tr>
   
<tr> <tr>
<td>View <?php echo Lang::_("Cred Types"); ?></td> <td>View <?php echo Lang::_("Cred Types"); ?></td>
<td><?php echo Lang::_("Credential Type"); ?>:</td> <td><?php echo Lang::_("Credential Type"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>viewByType</td> <td>viewByType</td>
</tr> </tr>
   
<?php <?php
endif; endif;
   
   
foreach ($crdtypes->getCredTypes() as $credtype){ foreach ($crdtypes->getCredTypes() as $credtype){
ob_start(); ob_start();
$plaintext = $crypt->decrypt($credtype->Name,'CredType'); $plaintext = $crypt->decrypt($credtype->Name,'CredType');
?> ?>
   
<tr> <tr>
<td><?php echo $plaintext; ?></td> <td><?php echo $plaintext; ?></td>
<td><?php echo Lang::_("Credential Type"); ?>:</td> <td><?php echo Lang::_("Credential Type"); ?>:</td>
<td><?php echo $credtype->id;?></td> <td><?php echo $credtype->id;?></td>
<td>2</td> <td>2</td>
<td></td> <td></td>
<td>viewByType</td> <td>viewByType</td>
</tr> </tr>
   
<?php <?php
   
$cred[$plaintext] = ob_get_clean(); $cred[$plaintext] = ob_get_clean();
} }
   
ksort($cred); ksort($cred);
echo implode("\n",$cred); echo implode("\n",$cred);
   
if (BTMain::checkisSuperAdmin()): if (BTMain::checkisSuperAdmin()):
?> ?>
<tr> <tr>
<td>Add User</td> <td>Add User</td>
<td>User:</td> <td>User:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>addUser</td> <td>addUser</td>
</tr> </tr>
   
<tr> <tr>
<td>View Users</td> <td>View Users</td>
<td>User:</td> <td>User:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>viewUsers</td> <td>viewUsers</td>
</tr> </tr>
   
<?php <?php
$auth = new AuthDB; $auth = new AuthDB;
   
foreach($auth->listUsers() as $user){ foreach($auth->listUsers() as $user){
?> ?>
   
<tr> <tr>
<td><?php echo $user->Name . " ({$user->username})"; ?></td> <td><?php echo $user->Name . " ({$user->username})"; ?></td>
<td>User:</td> <td>User:</td>
<td><?php echo $user->username;?></td> <td><?php echo $user->username;?></td>
<td></td> <td></td>
<td>frmUsername</td> <td>frmUsername</td>
<td>editUser</td> <td>editUser</td>
</tr> </tr>
   
<?php <?php
} }
?> ?>
   
   
<tr> <tr>
<td>Add <?php echo Lang::_("UserGroup");?></td> <td>Add <?php echo Lang::_("UserGroup");?></td>
<td><?php echo Lang::_("UserGroup"); ?>:</td> <td><?php echo Lang::_("UserGroup"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>addGrp</td> <td>addGrp</td>
</tr> </tr>
   
   
<tr> <tr>
<td>View <?php echo Lang::_("User Groups");?></td> <td>View <?php echo Lang::_("User Groups");?></td>
<td><?php echo Lang::_("UserGroup"); ?>:</td> <td><?php echo Lang::_("UserGroup"); ?>:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>viewGrps</td> <td>viewGrps</td>
</tr> </tr>
   
<?php <?php
   
foreach ($auth->retrieveGroupNames() as $grp){ foreach ($auth->retrieveGroupNames() as $grp){
?> ?>
   
<tr> <tr>
<td><?php echo $crypt->decrypt($grp->Name,'Groups'); ?></td> <td><?php echo $crypt->decrypt($grp->Name,'Groups'); ?></td>
<td><?php echo Lang::_("UserGroup"); ?>:</td> <td><?php echo Lang::_("UserGroup"); ?>:</td>
<td><?php echo $grp->id;?></td> <td><?php echo $grp->id;?></td>
<td></td> <td></td>
<td></td> <td></td>
<td>editGrp</td> <td>editGrp</td>
</tr> </tr>
   
<?php <?php
} }
   
   
?> ?>
<tr> <tr>
<td>View Plugins</td> <td>View Plugins</td>
<td>Plugin:</td> <td>Plugin:</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>pluginInfo</td> <td>pluginInfo</td>
</tr> </tr>
<?php <?php
   
$plug = new Plugins; $plug = new Plugins;
$plugins = $plug->listloadedPlugins(); $plugins = $plug->listloadedPlugins();
   
if (isset($plugins->Auth)): if (isset($plugins->Auth)):
foreach($plugins->Auth as $plugin=>$status){ foreach($plugins->Auth as $plugin=>$status){
?> ?>
   
<tr> <tr>
<td><?php echo $plugin; ?> (Authentication Plugin)</td> <td><?php echo $plugin; ?> (Authentication Plugin)</td>
<td>Plugin:</td> <td>Plugin:</td>
<td><?php echo $plugin; ?></td> <td><?php echo $plugin; ?></td>
<td></td> <td></td>
<td>plg</td> <td>plg</td>
<td>plgInfo</td> <td>plgInfo</td>
<td>type=Auth</td> <td>type=Auth</td>
</tr> </tr>
   
<?php <?php
} }
   
endif; endif;
   
   
   
   
if (isset($plugins->Cron)): if (isset($plugins->Cron)):
foreach($plugins->Auth as $plugin=>$status){ foreach($plugins->Auth as $plugin=>$status){
?> ?>
   
<tr> <tr>
<td><?php echo $plugin; ?> (Cron Plugin)</td> <td><?php echo $plugin; ?> (Cron Plugin)</td>
<td>Plugin:</td> <td>Plugin:</td>
<td><?php echo $plugin; ?></td> <td><?php echo $plugin; ?></td>
<td></td> <td></td>
<td>plg</td> <td>plg</td>
<td>plgInfo</td> <td>plgInfo</td>
<td>type=Cron</td> <td>type=Cron</td>
</tr> </tr>
   
<?php <?php
} }
   
endif; endif;
   
   
if (isset($plugins->Logging)): if (isset($plugins->Logging)):
foreach($plugins->Logging as $plugin=>$status){ foreach($plugins->Logging as $plugin=>$status){
?> ?>
   
<tr> <tr>
<td><?php echo $plugin; ?> (Logging Plugin)</td> <td><?php echo $plugin; ?> (Logging Plugin)</td>
<td>Plugin:</td> <td>Plugin:</td>
<td><?php echo $plugin; ?></td> <td><?php echo $plugin; ?></td>
<td></td> <td></td>
<td>plg</td> <td>plg</td>
<td>plgInfo</td> <td>plgInfo</td>
<td>type=Logging</td> <td>type=Logging</td>
</tr> </tr>
   
<?php <?php
} }
   
endif; endif;
   
if (isset($plugins->Customers)): if (isset($plugins->Customers)):
foreach($plugins->Customers as $plugin=>$status){ foreach($plugins->Customers as $plugin=>$status){
?> ?>
   
<tr> <tr>
<td><?php echo $plugin; ?> (<?php echo Lang::_('Customers');?> Plugin)</td> <td><?php echo $plugin; ?> (<?php echo Lang::_('Customers');?> Plugin)</td>
<td>Plugin:</td> <td>Plugin:</td>
<td><?php echo $plugin; ?></td> <td><?php echo $plugin; ?></td>
<td></td> <td></td>
<td>plg</td> <td>plg</td>
<td>plgInfo</td> <td>plgInfo</td>
<td>type=Customers</td> <td>type=Customers</td>
</tr> </tr>
   
<?php <?php
} }
   
endif; endif;
   
if (isset($plugins->Creds)): if (isset($plugins->Creds)):
foreach($plugins->Creds as $plugin=>$status){ foreach($plugins->Creds as $plugin=>$status){
?> ?>
   
<tr> <tr>
<td><?php echo $plugin; ?> (<?php echo Lang::_('Credentials');?> Plugin)</td> <td><?php echo $plugin; ?> (<?php echo Lang::_('Credentials');?> Plugin)</td>
<td>Plugin:</td> <td>Plugin:</td>
<td><?php echo $plugin; ?></td> <td><?php echo $plugin; ?></td>
<td></td> <td></td>
<td>plg</td> <td>plg</td>
<td>plgInfo</td> <td>plgInfo</td>
<td>type=Creds</td> <td>type=Creds</td>
</tr> </tr>
   
<?php <?php
} }
   
   
endif; endif;
   
   
  if (isset($plugins->CredTypes)):
  foreach($plugins->CredTypes as $plugin=>$status){
  ?>
   
  <tr>
  <td><?php echo $plugin; ?> (<?php echo Lang::_('Credential Type');?> Plugin)</td>
  <td>Plugin:</td>
  <td><?php echo $plugin; ?></td>
  <td></td>
  <td>plg</td>
  <td>plgInfo</td>
  <td>type=CredTypes</td>
  </tr>
   
  <?php
  }
   
   
  endif;
   
   
   
  if (isset($plugins->Resources)):
  foreach($plugins->Resources as $plugin=>$status){
  ?>
   
  <tr>
  <td><?php echo $plugin; ?> (Resources Plugin)</td>
  <td>Plugin:</td>
  <td><?php echo $plugin; ?></td>
  <td></td>
  <td>plg</td>
  <td>plgInfo</td>
  <td>type=Res</td>
  </tr>
   
  <?php
  }
   
   
  endif;
   
endif;?> endif;?>
   
   
<tr> <tr>
<td>Log Out</td> <td>Log Out</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>logout</td> <td>logout</td>
</tr> </tr>
   
<tr> <tr>
<td>Change Password</td> <td>Change Password</td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td></td> <td></td>
<td>changePassword</td> <td>changePassword</td>
</tr> </tr>
   
   
</table> </table>
   
   
<!-- Search Table Ends ---> <!-- Search Table Ends --->
<?php endif;?> <?php endif;?>
<?php <?php
/** Search Module /** Search Module
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
   
if (!BTMain::getUser()->name){ return; } if (!BTMain::getUser()->name){ return; }
   
   
$custs = new CustDB; $custs = new CustDB;
$crdtypes=new CredDB; $crdtypes=new CredDB;
$crypt = new Crypto; $crypt = new Crypto;
$crypt->safety = 0; $crypt->safety = 0;
   
?> ?>
   
<form class="navbar-search hidden-phone" id='SearchForm' name='SearchForm'> <form class="navbar-search hidden-phone" id='SearchForm' name='SearchForm'>
<input type="hidden" name="option" value="" id="SrchOpt"> <input type="hidden" name="option" value="" id="SrchOpt">
<input type="hidden" name="id" value="" id="SrchID"> <input type="hidden" name="id" value="" id="SrchID">
  <input type="hidden" name="tmp" value="" id="SrchID2">
   
   
<input type="text" <input type="text"
autocomplete="off" autocomplete="off"
class="search-query" class="search-query"
placeholder="Search" placeholder="Search"
id='SearchBox' id='SearchBox'
onfocus='checkExistingSearch(this.value,"SearchResBox");' onfocus='checkExistingSearch(this.value,"SearchResBox");'
onblur='setTimeout("hideSearchDiv(\"SearchResBox\")",300);' onblur='setTimeout("hideSearchDiv(\"SearchResBox\")",300);'
onkeyup="SearchTable(this.value,'SearchListing','SearchResBox',0);"> onkeyup="SearchTable(this.value,'SearchListing','SearchResBox',0);">
   
   
<input type="hidden" id="SelectedValue" autocomplete="off" value="0" disabled="disabled"> <input type="hidden" id="SelectedValue" autocomplete="off" value="0" disabled="disabled">
</form> </form>
   
<div id="SearchResBox" style="display: none"></div> <div id="SearchResBox" style="display: none"></div>
   
   
   
   
   
  <?php
  /** ExternalResources plugin - Allows static assets (JS and CSS) normally in the resources directory to be stored on a seperate server
  *
  * Copyright (C) 2012 B Tasker
  * Released under GNU GPL V2
  * See LICENSE
  *
  */
  defined('_CREDLOCK') or die;
 
 
  /** Resources PLUGIN STARTS **/
 
 
 
  /** Credentials Plugin class
  *
  */
  class plugin_ExternalResources_Resources{
  /** Load the plugin configuration
  *
  */
  function config(){
  require 'conf/plugins/ExternalResources/config.php';
  }
 
 
 
  /** Return the plugin details
  *
  */
  function getDetails(){
  $details->Name = "plg_ExternalResources";
  $details->Description = "Allows the contents of the Resources directory (excluding info.php) to be moved to another server";
  $details->Author = 'B Tasker';
  $details->License = 'GNU GPL V2';
  return $details;
  }
 
 
  /** Get current status
  *
  */
  function getPlgStatus(){
  $this->config();
  return $this->active;
 
  }
 
  /** Class Entry Point
  *
  * @arg data - object, will contain
  *
  */
  function PlgCall($data){
  // Load the plugin config
  $this->config();
 
  // Check the plugin is actually enabled
  if (!$this->active){ return; }
 
 
 
 
 
  switch($data->action){
 
  case 'loadresource':
 
  if ($this->url && (!empty($this->url))){
  return $this->url;
  }
  return false;
  break;
 
 
 
  }
 
 
 
  }
 
 
  }
 
 
 
  ?>
  <h2>Contents</h2>
 
  <ul>
  <li><a href="#about">About AutoAuth</a></li>
  <li><a href="#plgConfig">Plugin Configuration</a>
  <li><a href="#CredType">CredType Configuration</a></li>
  <ul><li><a href="#examples">Example Values</li></ul>
  </li>
  <li><a href="#unsupported">Known incompatible systems</a></li>
 
  </ul>
 
 
  <h3><a name="about">About AutoAuth</a></h3>
  AutoAuth Plugin is a plugin allowing system admins to configure PHPCredLocker to
  display a 'Log In' button for specific credtypes. When enabled, the plugin
  simply generates a form containing the credentials so that users can log into
  linked systems with one click.
  <br />
  <br />
 
  Thanks to <a href="http://www.joomlasuffolk.co.uk/" target=_blank>Joomla User
  Group Suffolk (JUGS)</a> for the feature suggestion!
  <br />
 
 
 
  <h3><a name="plgConfig">Plugin Configuration</a></h3>
 
  The configuration file contains two options<br />
 
  <ul>
  <li><b><i>active</i></b> - Is the plugin enabled?</li>
  <li><b><i>warnredirect</i></b> - Should a Javascript confirm box be displayed before redirecting the user</li>
  </ul>
 
 
 
  <h3><a name="CredType">CredType Configuration</a></h3>
 
  When enabled, the plugin will display additional fields when adding or editing a Credential Type.
  The settings specified in these will define how credentials are passed to the login script of the linked system,
  getting them wrong will result in a failed login.<br />
 
  <ul>
  <li><b><i>Enable Auto Login button:</b></i> Should the plugin be enabled for this CredType?</li>
  <li><b><i>Additional address path: </b></i> Specifies any additional URL params that need to be specified to enable login</li>
  <li><b><i>User Field:</b></i> The field name used by the login form of the linked system</li>
  <li><b><i>Password Field:</b></i> The field name use by the login form of the linked system</li>
  <li><b><i>Requires Cookies:</b></i> Some systems require a specific cookie to exist. If this is checked, the target page will be loaded as part of the form (the user won't see it) to ensure all relevant cookies are set. </li>
  <li><b><i>Additional Fields:</b></i> Some systems require additional hidden fields to be submitted. This field allows you to specify names and values in CSV format using key=value (i.e. <i>page=home,action=login</i>)
  </ul>
  <br />
  <h4><a name="examples">Example configurations</a></h4>
 
  <br /><i>Note: These examples assume you've stored the address of the server without a trailing slash (i.e. mysite:2082 rather than mysite:2082/)</i><br />
 
 
  <table class="table table-hover">
  <tr><th></th><th>CPanel</th><th>Webmin</th><th>WordPress</th></tr>
 
  <tr class='confVal'><th>Additional Address Path</th><td>/login</td><td>/session_login.cgi</td><td>/wp-login.php</td></tr>
 
  <tr class='confVal'><th>User Field</th><td>user</td><td>user</td><td>log</td></tr>
 
  <tr class='confVal'><th>Password Field</th><td>pass</td><td>pass</td><td>pwd</td></tr>
 
  <tr class='confVal'><th>Requires Cookie</th><td>No</td><td>Yes</td><td>Yes</td></tr>
 
  <tr class='confVal'><th>Additional Fields</th><td>none</td><td>page=/,</td><td></td></tr>
  </table>
 
 
 
  <h3><a name="unsupported">Known Incompatible</a></h3>
 
  Systems known not to be compatible with AutoAuth's one-click login are
 
  <ul>
  <li>Joomla! - Requires a unique form token to be submitted</li>
  <li>PHPCredLocker - Requires a unique form token to be submitted</li>
  </ul>
 
  Any system which requires a unique form token to be submitted (such as Joomla!) cannot be supported as the token changes with each session/request.
  Systems which simply require a specific cookie to be set (such as Webmin) are supported however, as are those which allow login details
  to be submitted without further information (such as CPanel/WHM).
 
 
 
  <h3>Login button not displaying</h3>
 
  There are essentially three reasons why the login button may not display after a user has clicked 'Display Password'.<br>
 
  <ol>
  <li>Plugin not enabled - Check plugins.conf and conf/plugins/AutoAuth/config.php</li>
  <li>Required field not included - Credential must have URL, User and Password stored for the plugin to trigger</li>
  <li>Internal plugin fault - Sorry! These have been well tested for, but it's possible something's been missed</li>
  </ol>
  <html>
  <head>
  <title></title>
  <meta content="">
  <style></style>
  </head>
  <body></body>
  </html>
<?php <?php
/** Plugins Handler /** Plugins Handler
* *
* Copyright (C) 2012 B Tasker * Copyright (C) 2012 B Tasker
* Released under GNU GPL V2 * Released under GNU GPL V2
* See LICENSE * See LICENSE
* *
*/ */
defined('_CREDLOCK') or die; defined('_CREDLOCK') or die;
BTMain::checkSuperAdmin(); BTMain::checkSuperAdmin();
   
$plug = new Plugins; $plug = new Plugins;
$plugins = $plug->listloadedPlugins(); $plugins = $plug->listloadedPlugins();
   
global $notifications; global $notifications;
   
$path = array(array('name'=>'Plugins','url'=>'index.php?option=pluginInfo')); $path = array(array('name'=>'Plugins','url'=>'index.php?option=pluginInfo'));
   
$notifications->setBreadcrumb($path); $notifications->setBreadcrumb($path);
   
   
$notifications->setPageTitle("View Plugins"); $notifications->setPageTitle("View Plugins");
   
   
?> ?>
<i><b>Plugin not shown? </b> To display here, plugins must be enabled in plugins.conf. Status Disabled simply means that the plugin is disabled within it's own configuration</i> <i><b>Plugin not shown? </b> To display here, plugins must be enabled in plugins.conf. Status Disabled simply means that the plugin is disabled within it's own configuration</i>
<br /><Br /> <br /><Br />
<?php <?php
   
if (isset($plugins->Auth)){ if (isset($plugins->Auth)){
   
?> ?>
<h2>Authentication Plugins</h2> <h2>Authentication Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->Auth as $plugin=>$status){ foreach($plugins->Auth as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td>
<td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Auth">Plugin Info</a></td> <td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Auth">Plugin Info</a></td>
</tr> </tr>
<?php <?php
} }
   
   
   
} }
   
   
if (isset($plugins->Cron)){ if (isset($plugins->Cron)){
   
?> ?>
<h2>Cron Plugins</h2> <h2>Cron Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->Cron as $plugin=>$status){ foreach($plugins->Cron as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td>
<td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Cron">Plugin Info</a></td> <td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Cron">Plugin Info</a></td>
</tr> </tr>
<?php <?php
} }
   
   
   
} }
   
   
   
   
if (isset($plugins->Logging)){ if (isset($plugins->Logging)){
   
?> ?>
<h2>Logging Plugins</h2> <h2>Logging Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->Logging as $plugin=>$status){ foreach($plugins->Logging as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Logging">View ReadMe</a></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Logging">View ReadMe</a></td>
</tr> </tr>
<?php <?php
} }
?><table><br /><br /><?php ?><table><br /><br /><?php
   
   
} }
   
   
if (isset($plugins->Customers)){ if (isset($plugins->Customers)){
   
?> ?>
<h2>Customer Plugins</h2> <h2>Customer Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->Customers as $plugin=>$status){ foreach($plugins->Customers as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Customers">View ReadMe</a></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Customers">View ReadMe</a></td>
</tr> </tr>
<?php <?php
} }
?><table><br /><br /><?php ?><table><br /><br /><?php
   
   
} }
   
   
   
if (isset($plugins->Creds)){ if (isset($plugins->Creds)){
   
?> ?>
<h2>Credential Plugins</h2> <h2>Credential Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->Creds as $plugin=>$status){ foreach($plugins->Creds as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Creds">View ReadMe</a></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Creds">View ReadMe</a></td>
</tr> </tr>
<?php <?php
} }
?><table><br /><br /><?php ?><table><br /><br /><?php
   
   
} }
   
   
   
   
if (isset($plugins->CredTypes)){ if (isset($plugins->CredTypes)){
   
?> ?>
<h2>Credential Type Plugins</h2> <h2>Credential Type Plugins</h2>
<table class="table table-hover"> <table class="table table-hover">
<tr><th>Plugin</th><th>Status</th><th></th></tr> <tr><th>Plugin</th><th>Status</th><th></th></tr>
<?php <?php
   
foreach($plugins->CredTypes as $plugin=>$status){ foreach($plugins->CredTypes as $plugin=>$status){
   
?> ?>
<tr> <tr>
<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Creds">View ReadMe</a></td> <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Creds">View ReadMe</a></td>
</tr> </tr>
<?php <?php
} }
?><table><br /><br /><?php ?><table><br /><br /><?php
   
   
} }
   
   
   
  if (isset($plugins->Resources)){
   
  ?>
  <h2>Resources Plugins</h2>
  <table class="table table-hover">
  <tr><th>Plugin</th><th>Status</th><th></th></tr>
  <?php
   
  foreach($plugins->Resources as $plugin=>$status){
   
  ?>
  <tr>
  <td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Res">View ReadMe</a></td>
  </tr>
  <?php
  }
  ?><table><br /><br /><?php
   
   
  }