diff --git a/config.ini b/config.ini index 6b577e6..be01278 100644 --- a/config.ini +++ b/config.ini @@ -66,4 +66,4 @@ ipv4_listen_address = "127.0.0.1" internal_onion_http_port = 9080 user_quota_testing = 20971520 -user_quota_trusted = 209715200 +user_quota_approved = 209715200 diff --git a/db/schema.sql b/db/schema.sql index da63384..903f836 100644 --- a/db/schema.sql +++ b/db/schema.sql @@ -17,6 +17,10 @@ CREATE TABLE IF NOT EXISTS "users" ( "type" TEXT NOT NULL, PRIMARY KEY("id") ); +CREATE TABLE IF NOT EXISTS "approval-keys" ( + "key" TEXT NOT NULL UNIQUE, + PRIMARY KEY("key") +); CREATE TABLE IF NOT EXISTS "registry" ( "domain" TEXT NOT NULL UNIQUE, "username" TEXT NOT NULL, diff --git a/fn/auth.php b/fn/auth.php index 7568099..6d229b0 100644 --- a/fn/auth.php +++ b/fn/auth.php @@ -45,9 +45,7 @@ function outdatedPasswordHash($id) { } function changePassword($id, $password) { - $db = new PDO('sqlite:' . DB_PATH); - - $stmt = $db->prepare('UPDATE users SET password = :password WHERE id = :id'); + $stmt = DB->prepare('UPDATE users SET password = :password WHERE id = :id'); $stmt->bindValue(':id', $id); $stmt->bindValue(':password', hashPassword($password)); @@ -87,8 +85,7 @@ function rateLimitAccount($requestedTokens) { $tokens -= $requestedTokens; // Update - $db = new PDO('sqlite:' . DB_PATH); - $stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id'); + $stmt = DB->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id'); $stmt->bindValue(':id', $_SESSION['id']); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->bindValue(':bucket_last_update', time()); @@ -109,12 +106,11 @@ function rateLimitInstance($requestedTokens) { $tokens -= $requestedTokens; // Update - $db = new PDO('sqlite:' . DB_PATH); - $stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';"); + $stmt = DB->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';"); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->execute(); - $stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';"); + $stmt = DB->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';"); $stmt->bindValue(':bucket_last_update', time()); $stmt->execute(); } diff --git a/fn/common.php b/fn/common.php index 259ddfa..9abece0 100644 --- a/fn/common.php +++ b/fn/common.php @@ -35,7 +35,7 @@ function processForm($requireLogin = true) { } function insert($table, $values) { - $query = 'INSERT INTO ' . $table . '('; + $query = 'INSERT INTO "' . $table . '"('; foreach ($values as $key => $val) { if ($key === array_key_last($values)) @@ -53,14 +53,12 @@ function insert($table, $values) { } $query .= ')'; - $db = new PDO('sqlite:' . DB_PATH); - - $op = $db->prepare($query); + $stmt = DB->prepare($query); foreach ($values as $key => $val) - $op->bindValue(":$key", $val); + $stmt->bindValue(":$key", $val); - $op->execute(); + $stmt->execute(); } function query($action, $table, $conditions = [], $column = NULL) { @@ -70,7 +68,7 @@ function query($action, $table, $conditions = [], $column = NULL) { 'delete' => 'DELETE', }; - $query .= ' FROM ' . $table; + $query .= ' FROM "' . $table . '"'; foreach ($conditions as $key => $val) { if ($key === array_key_first($conditions)) @@ -79,18 +77,16 @@ function query($action, $table, $conditions = [], $column = NULL) { $query .= " AND $key = :$key"; } - $db = new PDO('sqlite:' . DB_PATH); - - $op = $db->prepare($query); + $stmt = DB->prepare($query); foreach ($conditions as $key => $val) - $op->bindValue(":$key", $val); + $stmt->bindValue(":$key", $val); - $op->execute(); + $stmt->execute(); if (isset($column)) - return array_column($op->fetchAll(PDO::FETCH_ASSOC), $column); - return $op->fetchAll(PDO::FETCH_ASSOC); + return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column); + return $stmt->fetchAll(PDO::FETCH_ASSOC); } function displayIndex() { ?> diff --git a/pages.php b/pages.php index 1601aca..25369bc 100644 --- a/pages.php +++ b/pages.php @@ -22,6 +22,10 @@ define('PAGES', [ 'title' => 'Supprimer son compte', 'description' => 'Effacer toutes les données de son compte', ], + 'approval' => [ + 'title' => 'Approuver son compte', + 'description' => 'Utiliser une clé d\'approbation pour passer à un compte approuvé.', + ], 'password' => [ 'title' => 'Changer la clé de passe', 'description' => 'Changer la chaîne de caractères permettant de vous authentifier.', diff --git a/pages/auth/approval.php b/pages/auth/approval.php new file mode 100644 index 0000000..6cd62b2 --- /dev/null +++ b/pages/auth/approval.php @@ -0,0 +1,37 @@ + bin2hex(random_bytes(16))]); + +if (processForm()) { + + if ($_SESSION['type'] !== 'testing') + output(403, 'Approbation impossible : votre compte est déjà approuvé.'); + + if (isset(query('select', 'approval-keys', ['key' => $_POST['key']], 'key')[0]) !== true) + output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.'); + + query('delete', 'approval-keys', ['key' => $_POST['key']]); + + $stmt = DB->prepare('UPDATE users SET type = "approved" WHERE id = :id'); + $stmt->bindValue(':id', $_SESSION['id']); + $stmt->execute(); + + $_SESSION['type'] = 'approved'; + + insert('approval-keys', ['key' => bin2hex(random_bytes(16))]); + + output(200, 'Compte approuvé.'); +} + +?> + +
+ Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande. +
+ + diff --git a/pages/auth/index.php b/pages/auth/index.php index 3bcd5ae..f7d9e0e 100644 --- a/pages/auth/index.php +++ b/pages/auth/index.php @@ -1,7 +1,7 @@
- Vous utilisez actuellement un compte = (($_SESSION['type'] === 'trusted') ? 'confiancé' : 'de test') ?>. Son identifiant interne est = $_SESSION['id'] ?>
.
+ Vous utilisez actuellement un compte = (($_SESSION['type'] === 'approved') ? 'approuvé' : 'de test') ?>. Son identifiant interne est = $_SESSION['id'] ?>
.
Vous n'utilisez actuellement aucun compte.
@@ -19,11 +19,11 @@
Vous avez accès à un espace SFTP, limité à > 30) >= 1) ? $quotaSize >> 30 . ' ' . linkToDocs('units', 'Gio') : $quotaSize >> 20 . ' ' . linkToDocs('units', 'Mio')
?>. Vous pouvez téléverser vos sites dans /<nom du site>/*
. Indiquez les données ci-dessous à votre client SFTP pour y accéder.
- = ($_SESSION['type'] === 'trusted') ? '👤 ' : '⏳ ' ?>= $_SESSION['display-username'] ?> Se déconnecter + = ($_SESSION['type'] === 'approved') ? '👤 ' : '⏳ ' ?>= $_SESSION['display-username'] ?> Se déconnecter Anonyme Se connecter diff --git a/sftpgo-auth.php b/sftpgo-auth.php index 7d3d4ff..4c1d6a9 100644 --- a/sftpgo-auth.php +++ b/sftpgo-auth.php @@ -14,7 +14,7 @@ if (usernameExists($username) === true AND checkPassword($id, $auth_data['passwo "status": 1, "username": ' . json_encode($auth_data['username']) . ', "home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '", - "quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing']) . ', + "quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ', "permissions": { "/": [ "*"