lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

Centralizes data sanitation

main
Yasen Pramatarov 2024-10-04 11:36:45 +03:00
parent b3f642c02b
commit f4a64b6887
23 changed files with 148 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/helpers/pagination.php
View File

@ -16,10 +16,10 @@
$param .= '&event=' . $_REQUEST['event'];
}
if (isset($_REQUEST['from_time'])) {
$param .= '&from_time=' . $_REQUEST['from_time'];
$param .= '&from_time=' . $from_time;
}
if (isset($_REQUEST['until_time'])) {
$param .= '&until_time=' . $_REQUEST['until_time'];
$param .= '&until_time=' . $until_time;
}
$max_visible_pages = 10;

29
app/helpers/sanitize.php 100644
View File

@ -0,0 +1,29 @@
<?php
// sanitize all vars that may end up in URLs or forms
$platform_id = htmlspecialchars($_REQUEST['platform']);
if (isset($_REQUEST['page'])) {
$page = htmlspecialchars($_REQUEST['page']);
} else {
$page = 'dashboard';
}
if (isset($_REQUEST['item'])) {
$item = htmlspecialchars($_REQUEST['item']);
} else {
$item = '';
}
if (isset($_SESSION['notice'])) {
$notice = htmlspecialchars($_SESSION['notice']); // 'notice' for all non-critical messages
}
if (isset($_SESSION['error'])) {
$error = htmlspecialchars($_SESSION['error']); // 'error' for errors
}
if (isset($_REQUEST['from_time'])) {
$from_time = htmlspecialchars($_REQUEST['from_time']);
}
if (isset($_REQUEST['until_time'])) {
$until_time = htmlspecialchars($_REQUEST['until_time']);
}
?>

6
app/helpers/time_range.php
View File

@ -1,16 +1,14 @@
<?php
$time_range_specified = false;
if (!isset($_REQUEST['from_time']) || (isset($_REQUEST['from_time']) && $_REQUEST['from_time'] == '')) {
if (!isset($from_time) || (isset($from_time) && $from_time == '')) {
$from_time = '0000-01-01';
} else {
$from_time = $_REQUEST['from_time'];
$time_range_specified = true;
}
if (!isset($_REQUEST['until_time']) || (isset($_REQUEST['until_time']) && $_REQUEST['until_time'] == '')) {
if (!isset($until_time) || (isset($until_time) && $until_time == '')) {
$until_time = '9999-12-31';
} else {
$until_time = $_REQUEST['until_time'];
$time_range_specified = true;
}

22
app/pages/config.php
View File

@ -17,12 +17,18 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// $content = file_get_contents($config_file);
// $updatedContent = $content;
// sanitize
$type = htmlspecialchars($_POST['type']);
$url = htmlspecialchars($_POST['url']);
$secret_key = htmlspecialchars($_POST['secret_key']);
$name = htmlspecialchars($_POST['name']);
// new agent adding
if (isset($_POST['new']) && isset($_POST['item']) && $_POST['new'] === 'true' && $_POST['item'] === 'agent') {
$newAgent = [
'type_id' => $_POST['type'],
'url' => $_POST['url'],
'secret_key' => $_POST['secret_key'],
'type_id' => $type,
'url' => $url,
'secret_key' => $secret_key,
];
$result = $agentObject->addAgent($platform_id, $newAgent);
if ($result === true) {
@ -34,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// new platform adding
} elseif (isset($_POST['new']) && $_POST['new'] === 'true') {
$newPlatform = [
'name' => $_POST['name'],
'name' => $name,
'jitsi_url' => $_POST['jitsi_url'],
'jilo_database' => $_POST['jilo_database'],
];
@ -58,9 +64,9 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} elseif (isset($_POST['agent'])) {
$updatedAgent = [
'id' => $agent,
'agent_type_id' => $_POST['type'],
'url' => $_POST['url'],
'secret_key' => $_POST['secret_key'],
'agent_type_id' => $type,
'url' => $url,
'secret_key' => $secret_key,
];
$result = $agentObject->editAgent($platform_id, $updatedAgent);
if ($result === true) {
@ -73,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} else {
$platform = $_POST['platform'];
$updatedPlatform = [
'name' => $_POST['name'],
'name' => $name,
'jitsi_url' => $_POST['jitsi_url'],
'jilo_database' => $_POST['jilo_database'],
];

26
app/templates/agent-list.php
View File

@ -1,14 +1,14 @@
<!-- jilo agents -->
<div class="card text-center w-75 mx-lef">
<p class="h4 card-header">Jilo Agents on platform <?= htmlspecialchars($platform_id) ?> (<?= htmlspecialchars($platformDetails[0]['name']) ?>)</p>
<p class="h4 card-header">Jilo Agents on platform <?= $platform_id ?> (<?= $platformDetails[0]['name'] ?>)</p>
<div class="card-body">
<?php foreach ($agentDetails as $agent) { ?>
<p class="card-text text-left" style="text-align: left;">
agent id: <strong><?= htmlspecialchars($agent['id']) ?></strong>
agent type: <?= htmlspecialchars($agent['agent_type_id']) ?> (<strong><?= htmlspecialchars($agent['agent_description']) ?></strong>)
agent id: <strong><?= $agent['id'] ?></strong>
agent type: <?= $agent['agent_type_id'] ?> (<strong><?= $agent['agent_description'] ?></strong>)
<br />
endpoint: <strong><?= htmlspecialchars($agent['url']) ?><?= htmlspecialchars($agent['agent_endpoint']) ?></strong>
endpoint: <strong><?= $agent['url'] ?><?= $agent['agent_endpoint'] ?></strong>
<br />
<?php
$payload = [
@ -22,16 +22,16 @@
// print_r($_SESSION);
?>
<?php if (isset($_SESSION["agent{$agent['id']}_cache"])) { ?>
<button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
<button id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
<button id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
<span id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
<button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
<button id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
<button id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
<span id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
<?php } else { ?>
<button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
<button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
<button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
<span style="display: none" id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
<button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
<button style="display: none" disabled id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
<button style="display: none" disabled id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
<span style="display: none" id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
<?php } ?>
</p>
<pre class="results" id="result<?= htmlspecialchars($agent['id']) ?>">click a button to display data from the agent.</pre>
<pre class="results" id="result<?= $agent['id'] ?>">click a button to display data from the agent.</pre>
<?php } ?>

4
app/templates/block-results-filter.php
View File

@ -3,9 +3,9 @@
<div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
<form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
<label for="from_time">from</label>
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
<label for="until_time">until</label>
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
<input type="text" name="id" placeholder="ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
<input type="text" name="name" placeholder="name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
<?php if ($page == 'participants') { ?>

4
app/templates/config-add-agent.php
View File

@ -1,10 +1,10 @@
<!-- widget "agents" -->
<div class="card text-center w-50 mx-auto">
<p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong>"</p>
<p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= $platformDetails[0]['name'] ?></strong>"</p>
<div class="card-body">
<!--p class="card-text">add new agent:</p-->
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<div class="row mb-3">
<div class="col-md-4 text-end">

2
app/templates/config-add-platform.php
View File

@ -4,7 +4,7 @@
<p class="h4 card-header">Add new Jitsi platform</p>
<div class="card-body">
<!--p class="card-text">add new platform:</p-->
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<div class="row mb-3">
<div class="col-md-4 text-end">

14
app/templates/config-delete-agent.php
View File

@ -1,30 +1,30 @@
<!-- widget "agents" -->
<div class="card text-center w-50 mx-auto">
<p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
<p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
<div class="card-body">
<p class="card-text">delete an agent:</p>
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<?php
foreach ($agentDetails[0] as $key => $value) {
// if ($key === 'id') continue;
?>
<div class="row mb-3">
<div class="col-md-4 text-end">
<label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
<label for="<?= $key ?>" class="form-label"><?= $key ?>:</label>
</div>
<div class="col-md-8">
<div class="text-start"><?= htmlspecialchars($value ?? '')?></div>
<input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" />
<div class="text-start"><?= $value ?? '')?></div>
<input type="hidden" name="<?= $key ?>" value="<?= $value ?? '' ?>" />
</div>
</div>
<?php } ?>
<br />
<input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
<input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
<input type="hidden" name="delete" value="true" />
<p class="h5 text-danger">Are you sure you want to delete this agent?</p>
<br />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
<input type="submit" class="btn btn-danger" value="Delete" />
</form>
</div>

12
app/templates/config-delete-platform.php
View File

@ -1,30 +1,30 @@
<!-- widget "config" -->
<div class="card text-center w-50 mx-auto">
<p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
<p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
<div class="card-body">
<p class="card-text">delete a platform:</p>
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<?php
foreach ($platformDetails[0] as $key => $value) {
if ($key === 'id') continue;
?>
<div class="row mb-3">
<div class="col-md-4 text-end">
<label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
<label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= $key ?>:</label>
</div>
<div class="col-md-8">
<div class="text-start"><?= htmlspecialchars($value ?? '')?></div>
<div class="text-start"><?= $value ?? '' ?></div>
<input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" />
</div>
</div>
<?php } ?>
<br />
<input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
<input type="hidden" name="platform" value="<?= $platform_id ?>" />
<input type="hidden" name="delete" value="true" />
<p class="h5 text-danger">Are you sure you want to delete this platform?</p>
<br />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
<input type="submit" class="btn btn-danger" value="Delete" />
</form>
</div>

12
app/templates/config-edit-agent.php
View File

@ -1,10 +1,10 @@
<!-- agents -->
<div class="card text-center w-50 mx-auto">
<p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
<p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
<div class="card-body">
<p class="card-text">edit the agent details:</p>
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<div class="row mb-3">
<div class="col-md-4 text-end">
@ -30,7 +30,7 @@
<span class="text-danger" style="margin-right: -12px;">*</span>
</div>
<div class="col-md-8">
<input class="form-control" type="text" name="url" value="<?= htmlspecialchars($agentDetails[0]['url'])?>" required />
<input class="form-control" type="text" name="url" value="<?= $agentDetails[0]['url'] ?>" required />
<p class="text-start"><small>URL of the Jilo Agent API (https://example.com:8081)</small></p>
</div>
</div>
@ -41,15 +41,15 @@
<span class="text-danger" style="margin-right: -12px;">*</span>
</div>
<div class="col-md-8">
<input class="form-control" type="text" name="secret_key" value="<?= htmlspecialchars($agentDetails[0]['secret_key'])?>" required />
<input class="form-control" type="text" name="secret_key" value="<?= $agentDetails[0]['secret_key'] ?>" required />
<p class="text-start"><small>secret key for generating the access JWT token</small></p>
</div>
</div>
<br />
<input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
<input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
<input type="submit" class="btn btn-primary" value="Save" />
</form>
</div>

10
app/templates/config-edit-platform.php
View File

@ -1,17 +1,17 @@
<!-- widget "config" -->
<div class="card text-center w-50 mx-auto">
<p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
<p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
<div class="card-body">
<p class="card-text">edit the platform details:</p>
<form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
<form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
<?php
foreach ($platformDetails[0] as $key => $value) {
if ($key === 'id') continue;
?>
<div class="row mb-3">
<div class="col-md-4 text-end">
<label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= htmlspecialchars($key) ?></label>
<label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= $key ?></label>
<span class="text-danger" style="margin-right: -12px;">*</span>
</div>
<div class="col-md-8">
@ -27,8 +27,8 @@ foreach ($platformDetails[0] as $key => $value) {
</div>
<?php } ?>
<br />
<input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
<input type="hidden" name="platform" value="<?= $platform_id ?>" />
<a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
<input type="submit" class="btn btn-primary" value="Save" />
</form>
</div>

10
app/templates/config-list-configjs.php
View File

@ -1,20 +1,20 @@
<!-- widget "config" -->
<div class="card text-center w-75 mx-lef">
<p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
<p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
<div class="card-body">
<p class="card-text">
<span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
<span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
<span class="m-3">FILE: config.js</span>
<?php if ($mode === 'raw') { ?>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs">view only active lines</a></span>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs">view only active lines</a></span>
<?php } else { ?>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
<?php } ?>
</p>
<pre class="results">
<?php
echo htmlspecialchars($platformConfigjs);
echo $platformConfigjs;
?>
</pre>
</div>

10
app/templates/config-list-interfaceconfigjs.php
View File

@ -1,20 +1,20 @@
<!-- widget "config" -->
<div class="card text-center w-75 mx-lef">
<p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
<p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
<div class="card-body">
<p class="card-text">
<span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
<span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
<span class="m-3">FILE: interface_config.js</span>
<?php if ($mode === 'raw') { ?>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
<?php } else { ?>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
<span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
<?php } ?>
</p>
<pre class="results">
<?php
echo htmlspecialchars($platformInterfaceConfigjs);
echo $platformInterfaceConfigjs;
?>
</pre>
</div>

12
app/templates/event-list-components.php
View File

@ -6,9 +6,9 @@
<div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
<form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
<label for="from_time">from</label>
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
<label for="until_time">until</label>
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
<input type="text" name="id" placeholder="component ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
<input type="text" name="name" placeholder="component name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
<input type="text" name="event" placeholder="event name"<?php if (isset($_REQUEST['event'])) echo " value=\"" . $_REQUEST['event'] . "\"" ?> />
@ -42,7 +42,7 @@
<thead class="thead-dark">
<tr>
<?php foreach ($widget['table_headers'] as $header) { ?>
<th scope="col"><?= htmlspecialchars($header) ?></th>
<th scope="col"><?= $header ?></th>
<?php } ?>
</tr>
</thead>
@ -51,11 +51,11 @@
<tr>
<?php foreach ($row as $key => $column) { ?>
<?php if ($key === 'component ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'component') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } else { ?>
<td><?= htmlspecialchars($column ?? '') ?></td>
<td><?= $column ?? '' ?></td>
<?php }
} ?>
</tr>

22
app/templates/event-list-conferences.php
View File

@ -6,9 +6,9 @@
<div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
<form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
<label for="from_time">from</label>
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
<label for="until_time">until</label>
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
<input type="text" name="id" placeholder="conference ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
<input type="text" name="name" placeholder="conference name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
<input type="button" onclick="clearFilter()" value="clear" />
@ -41,7 +41,7 @@
<thead class="thead-dark">
<tr>
<?php foreach ($widget['table_headers'] as $header) { ?>
<th scope="col"><?= htmlspecialchars($header) ?></th>
<th scope="col"><?= $header ?></th>
<?php } ?>
</tr>
</thead>
@ -55,21 +55,21 @@
foreach ($row as $key => $column) {
if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($key === 'conference ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($key === 'conference name') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'participant ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($stats_id && $key === 'parameter') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($participant_ip && $key === 'parameter') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } else { ?>
<td><?= htmlspecialchars($column ?? '') ?></td>
<td><?= $column ?? '' ?></td>
<?php }
} ?>
</tr>

4
app/templates/logs-filter.php
View File

@ -3,9 +3,9 @@
<div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
<form method="POST" id="filter_form" action="?page=logs">
<label for="from_time">from</label>
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
<input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
<label for="until_time">until</label>
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
<input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
<input type="text" name="id" placeholder="user ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
<input type="text" name="message" placeholder="message"<?php if (isset($_REQUEST['message'])) echo " value=\"" . $_REQUEST['message'] . "\"" ?> />
<input type="button" onclick="clearFilter()" value="clear" />

6
app/templates/logs-list.php
View File

@ -24,7 +24,7 @@
<thead class="thead-dark">
<tr>
<?php foreach ($widget['table_headers'] as $header) { ?>
<th scope="col" class="th-<?= htmlspecialchars($header) ?>"><?= htmlspecialchars($header) ?></th>
<th scope="col" class="th-<?= $header ?>"><?= $header ?></th>
<?php } ?>
</tr>
</thead>
@ -34,9 +34,9 @@
<?php
foreach ($row as $key => $column) {
if ($key === 'user ID' && isset($user_id) && $user_id === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } else { ?>
<td><?= htmlspecialchars($column ?? '') ?></td>
<td><?= $column ?? '' ?></td>
<?php }
} ?>
</tr>

2
app/templates/page-menu.php
View File

@ -17,7 +17,7 @@
?>
<li style="margin-right: 3px;">
<a style="background-color: #111;" href="<?= htmlspecialchars($platform_switch_url) ?>">
<?= htmlspecialchars($platform['name']) ?>
<?= $platform['name'] ?>
</a>
</li>
<?php } ?>

2
app/templates/profile-edit.php
View File

@ -98,7 +98,7 @@
} ?>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
<label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
<label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= $right['right_name'] ?></label>
</div>
<?php } ?>
</div>

6
app/templates/widget-monthly.php
View File

@ -27,7 +27,7 @@
<tr>
<th scope="col"></th>
<?php foreach ($widget['records'] as $record) { ?>
<th scope="col"><?= htmlspecialchars($record['table_headers']) ?></th>
<th scope="col"><?= $record['table_headers'] ?></th>
<?php } ?>
</tr>
</thead>
@ -36,7 +36,7 @@
<td>conferences</td>
<?php foreach ($widget['records'] as $record) { ?>
<td><?php if (!empty($record['conferences'])) { ?>
<a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= htmlspecialchars($record['conferences']) ?></a> <?php } else { ?>
<a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['conferences'] ?></a> <?php } else { ?>
0<?php } ?>
</td>
<?php } ?>
@ -45,7 +45,7 @@
<td>participants</td>
<?php foreach ($widget['records'] as $record) { ?>
<td><?php if (!empty($record['participants'])) { ?>
<a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= htmlspecialchars($record['participants']) ?></a> <?php } else { ?>
<a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['participants'] ?></a> <?php } else { ?>
0<?php } ?>
</td>
<?php } ?>

28
app/templates/widget.php
View File

@ -24,7 +24,7 @@
<thead class="thead-dark">
<tr>
<?php foreach ($widget['table_headers'] as $header) { ?>
<th scope="col"><?= htmlspecialchars($header) ?></th>
<th scope="col"><?= $header ?></th>
<?php } ?>
</tr>
</thead>
@ -37,31 +37,31 @@
if (isset($row['event']) && $row['event'] === 'pair selected') $participant_ip = true;
foreach ($row as $key => $column) {
if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($key === 'conference ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($key === 'conference name') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'participant ID' && isset($participantId) && $participantId === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($key === 'participant ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'component ID') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($stats_id && $key === 'parameter' && isset($participantName) && $participantName === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($stats_id && $key === 'parameter') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($participant_ip && $key === 'parameter' && isset($participantIp) && $participantIp === $column) { ?>
<td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
<td><strong><?= $column ?? '' ?></strong></td>
<?php } elseif ($participant_ip && $key === 'parameter') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } elseif ($key === 'component') { ?>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
<td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
<?php } else { ?>
<td><?= htmlspecialchars($column ?? '') ?></td>
<td><?= $column ?? '' ?></td>
<?php }
} ?>
</tr>

30
public_html/index.php
View File

@ -15,6 +15,9 @@
// flush it later only when there is no redirect
ob_start();
// sanitize all vars that may end up in URLs or forms
require '../app/helpers/sanitize.php';
require '../app/helpers/errors.php';
// error reporting, comment out in production
@ -65,22 +68,11 @@ if ($config_file) {
die('Config file not found');
}
$app_root = $config['folder'];
$app_root = htmlspecialchars($config['folder']);
session_name('jilo');
session_start();
if (isset($_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 'dashboard';
}
if (isset($_REQUEST['item'])) {
$item = $_REQUEST['item'];
} else {
$item = '';
}
// check if logged in
unset($currentUser);
if (isset($_COOKIE['username'])) {
@ -96,14 +88,6 @@ if ( !isset($_COOKIE['username']) && ($page !== 'login' && $page !== 'register')
exit();
}
// we use 'notice' for all non-critical messages and 'error' for errors
if (isset($_SESSION['notice'])) {
$notice = $_SESSION['notice'];
}
if (isset($_SESSION['error'])) {
$error = $_SESSION['error'];
}
// connect to db of Jilo Web
require '../app/classes/database.php';
require '../app/helpers/database.php';
@ -121,8 +105,10 @@ $platformObject = new Platform($dbWeb);
$platformsAll = $platformObject->getPlatformDetails();
// by default we connect ot the first configured platform
$firstPlatform = $platformsAll[0]['id'];
$platform_id = $_REQUEST['platform'] ?? $firstPlatform;
if ($platform_id == '') {
$platform_id = $platformsAll[0]['id'];
}
$platformDetails = $platformObject->getPlatformDetails($platform_id);
// init user functions