Compare commits
4 Commits
71c25c778f
...
9127f97cc9
| Author | SHA1 | Date |
|---|---|---|
 Yasen Pramatarov
|
9127f97cc9 | |
|
Yasen Pramatarov
|
3b50d81fb4 | |
|
Yasen Pramatarov
|
a030562071 | |
|
Yasen Pramatarov
|
138ea70185 |
|
|
@ -1,10 +1,10 @@
|
|||
<?php
|
||||
|
||||
use App\App;
|
||||
use App\Core\NullLogger;
|
||||
|
||||
class RateLimiter {
|
||||
public $db;
|
||||
private $database;
|
||||
/** @var mixed NullLogger (or PSR-3 logger) or plugin Log */
|
||||
private $logger;
|
||||
public $maxAttempts = 5; // Maximum login attempts
|
||||
|
|
@ -27,12 +27,13 @@ class RateLimiter {
|
|||
];
|
||||
|
||||
/**
|
||||
* @param mixed $database Database object
|
||||
* @param mixed $logger Optional NullLogger (or PSR-3 logger) or plugin Log
|
||||
*/
|
||||
public function __construct($database, $logger = null) {
|
||||
$this->database = $database;
|
||||
$this->db = $database->getConnection();
|
||||
public function __construct($logger = null) {
|
||||
$db = App::db();
|
||||
// Extract PDO connection from Database object
|
||||
$this->db = ($db instanceof PDO) ? $db : $db->getConnection();
|
||||
|
||||
// Initialize logger (plugin Log if present or NullLogger otherwise)
|
||||
if ($logger !== null) {
|
||||
$this->logger = $logger;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
|
||||
use App\App;
|
||||
|
||||
/**
|
||||
* class User
|
||||
*
|
||||
|
|
@ -33,7 +35,7 @@ class User {
|
|||
require_once __DIR__ . '/ratelimiter.php';
|
||||
require_once __DIR__ . '/twoFactorAuth.php';
|
||||
|
||||
$this->rateLimiter = new RateLimiter($database);
|
||||
$this->rateLimiter = new RateLimiter();
|
||||
$this->twoFactorAuth = new TwoFactorAuthentication($database);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace App\Core;
|
||||
|
||||
use App\App;
|
||||
|
||||
class Maintenance
|
||||
{
|
||||
// Keep it simple: store the flag within the app directory
|
||||
|
|
@ -13,10 +15,11 @@ class Maintenance
|
|||
return true;
|
||||
}
|
||||
// Prefer DB settings if available in the current request
|
||||
if (isset($GLOBALS['db'])) {
|
||||
$db = App::db();
|
||||
if ($db) {
|
||||
try {
|
||||
require_once __DIR__ . '/Settings.php';
|
||||
$settings = new Settings($GLOBALS['db']);
|
||||
$settings = new Settings($db);
|
||||
return $settings->get('maintenance_enabled', '0') === '1';
|
||||
} catch (\Throwable $e) {
|
||||
// fall back to file flag
|
||||
|
|
@ -27,10 +30,11 @@ class Maintenance
|
|||
|
||||
public static function enable(string $message = ''): bool
|
||||
{
|
||||
if (isset($GLOBALS['db'])) {
|
||||
$db = App::db();
|
||||
if ($db) {
|
||||
try {
|
||||
require_once __DIR__ . '/Settings.php';
|
||||
$settings = new Settings($GLOBALS['db']);
|
||||
$settings = new Settings($db);
|
||||
$ok1 = $settings->set('maintenance_enabled', '1');
|
||||
$ok2 = $settings->set('maintenance_message', $message);
|
||||
return $ok1 && $ok2;
|
||||
|
|
@ -48,10 +52,11 @@ class Maintenance
|
|||
|
||||
public static function disable(): bool
|
||||
{
|
||||
if (isset($GLOBALS['db'])) {
|
||||
$db = App::db();
|
||||
if ($db) {
|
||||
try {
|
||||
require_once __DIR__ . '/Settings.php';
|
||||
$settings = new Settings($GLOBALS['db']);
|
||||
$settings = new Settings($db);
|
||||
$ok1 = $settings->set('maintenance_enabled', '0');
|
||||
// keep last message for reference, optional to clear
|
||||
return $ok1;
|
||||
|
|
@ -74,10 +79,11 @@ class Maintenance
|
|||
if ($envMsg) {
|
||||
return trim($envMsg);
|
||||
}
|
||||
if (isset($GLOBALS['db'])) {
|
||||
$db = App::db();
|
||||
if ($db) {
|
||||
try {
|
||||
require_once __DIR__ . '/Settings.php';
|
||||
$settings = new Settings($GLOBALS['db']);
|
||||
$settings = new Settings($db);
|
||||
return (string)$settings->get('maintenance_message', '');
|
||||
} catch (\Throwable $e) {
|
||||
// ignore and fall back to file flag
|
||||
|
|
|
|||
|
|
@ -167,9 +167,9 @@ class PluginManager
|
|||
return false;
|
||||
}
|
||||
|
||||
// Use global DB and get PDO connection
|
||||
$db = $GLOBALS['db'];
|
||||
$pdo = $db->getConnection();
|
||||
// Use App API to get database connection
|
||||
$db = \App\App::db();
|
||||
$pdo = ($db instanceof \PDO) ? $db : $db->getConnection();
|
||||
|
||||
try {
|
||||
// Update or insert plugin setting in database
|
||||
|
|
@ -213,9 +213,15 @@ class PluginManager
|
|||
return false;
|
||||
}
|
||||
|
||||
// Use global DB and get PDO connection
|
||||
$db = $GLOBALS['db'];
|
||||
$pdo = $db->getConnection();
|
||||
// Use App API to get database connection
|
||||
$db = \App\App::db();
|
||||
|
||||
// If database unavailable, fallback to manifest
|
||||
if (!$db) {
|
||||
return self::$catalog[$plugin]['meta']['enabled'] ?? false;
|
||||
}
|
||||
|
||||
$pdo = ($db instanceof \PDO) ? $db : $db->getConnection();
|
||||
|
||||
try {
|
||||
$stmt = $pdo->prepare('SELECT `value` FROM settings WHERE `key` = :key LIMIT 1');
|
||||
|
|
@ -226,7 +232,8 @@ class PluginManager
|
|||
return $result && $result['value'] === '1';
|
||||
} catch (\PDOException $e) {
|
||||
app_log('error', 'PluginManager::isEnabled failed for ' . $plugin . ': ' . $e->getMessage(), ['scope' => 'plugin']);
|
||||
return false;
|
||||
// Fallback to manifest on database error
|
||||
return self::$catalog[$plugin]['meta']['enabled'] ?? false;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -276,24 +283,28 @@ class PluginManager
|
|||
return false;
|
||||
}
|
||||
|
||||
global $db;
|
||||
if (!$db instanceof PDO) {
|
||||
$db = \App\App::db();
|
||||
if (!$db) {
|
||||
app_log('error', 'PluginManager::purge: Database connection not available', ['scope' => 'plugin']);
|
||||
return false;
|
||||
}
|
||||
$pdo = ($db instanceof \PDO) ? $db : $db->getConnection();
|
||||
|
||||
try {
|
||||
// First disable the plugin
|
||||
self::setEnabled($plugin, false);
|
||||
|
||||
// Remove plugin settings
|
||||
$stmt = $db->prepare('DELETE FROM settings WHERE `key` LIKE :pattern');
|
||||
$stmt = $pdo->prepare('DELETE FROM settings WHERE `key` LIKE :pattern');
|
||||
$stmt->execute([':pattern' => 'plugin_enabled_' . $plugin]);
|
||||
|
||||
// Drop plugin-specific tables (user_pro_* tables for this plugin)
|
||||
$stmt = $db->prepare('SHOW TABLES LIKE "user_pro_%"');
|
||||
$stmt = $pdo->prepare('SHOW TABLES LIKE "user_pro_%"');
|
||||
$stmt->execute();
|
||||
$tables = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
|
||||
$tables = $stmt->fetchAll(\PDO::FETCH_COLUMN, 0);
|
||||
|
||||
// Disable foreign key checks temporarily to allow table drops
|
||||
$pdo->exec('SET FOREIGN_KEY_CHECKS=0');
|
||||
|
||||
foreach ($tables as $table) {
|
||||
// Check if this table belongs to the plugin by checking its migration file
|
||||
|
|
@ -301,12 +312,15 @@ class PluginManager
|
|||
if (file_exists($migrationFile)) {
|
||||
$migrationContent = file_get_contents($migrationFile);
|
||||
if (strpos($migrationContent, $table) !== false) {
|
||||
$db->exec("DROP TABLE IF EXISTS `$table`");
|
||||
$pdo->exec("DROP TABLE IF EXISTS `$table`");
|
||||
app_log('info', 'PluginManager::purge: Dropped table ' . $table . ' for plugin ' . $plugin, ['scope' => 'plugin']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Re-enable foreign key checks
|
||||
$pdo->exec('SET FOREIGN_KEY_CHECKS=1');
|
||||
|
||||
app_log('info', 'PluginManager::purge: Successfully purged plugin ' . $plugin, ['scope' => 'plugin']);
|
||||
return true;
|
||||
} catch (Throwable $e) {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,8 @@ try {
|
|||
|
||||
// Initialize RateLimiter
|
||||
require_once '../app/classes/ratelimiter.php';
|
||||
$rateLimiter = new RateLimiter($db);
|
||||
$rateLimiter = new RateLimiter();
|
||||
|
||||
// Get user IP
|
||||
require_once '../app/helpers/ip_helper.php';
|
||||
$user_IP = getUserIP();
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ use App\App;
|
|||
*/
|
||||
class Register {
|
||||
/**
|
||||
* @var PDO|null $db The database connection instance.
|
||||
* @var PDO $db The database connection instance.
|
||||
*/
|
||||
private $db;
|
||||
private $rateLimiter;
|
||||
|
|
@ -18,16 +18,14 @@ class Register {
|
|||
/**
|
||||
* Register constructor.
|
||||
* Initializes the database connection using App API.
|
||||
*
|
||||
* @param PDO|null $database The database connection (optional, will use App::db() if not provided).
|
||||
*/
|
||||
public function __construct($database = null) {
|
||||
$this->db = $database instanceof PDO ? $database : App::db();
|
||||
public function __construct() {
|
||||
$this->db = App::db();
|
||||
|
||||
require_once APP_PATH . 'classes/ratelimiter.php';
|
||||
require_once APP_PATH . 'classes/twoFactorAuth.php';
|
||||
|
||||
$this->rateLimiter = new RateLimiter($this->db);
|
||||
$this->rateLimiter = new RateLimiter();
|
||||
$this->twoFactorAuth = new TwoFactorAuthentication($this->db);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
<?php
|
||||
|
||||
require_once dirname(__DIR__, 3) . '/app/core/App.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/database.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/ratelimiter.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/log.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/includes/rate_limit_middleware.php';
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use App\App;
|
||||
|
||||
class RateLimitMiddlewareTest extends TestCase
|
||||
{
|
||||
|
|
@ -34,8 +36,11 @@ class RateLimitMiddlewareTest extends TestCase
|
|||
'password' => $password
|
||||
]);
|
||||
|
||||
// Set up App::db() for RateLimiter
|
||||
App::set('db', $this->db->getConnection());
|
||||
|
||||
// Create rate limiter instance
|
||||
$this->rateLimiter = new RateLimiter($this->db);
|
||||
$this->rateLimiter = new RateLimiter();
|
||||
|
||||
// Drop tables if they exist
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS security_rate_auth");
|
||||
|
|
@ -119,6 +124,10 @@ class RateLimitMiddlewareTest extends TestCase
|
|||
$this->db->getConnection()->exec("TRUNCATE TABLE security_ip_whitelist");
|
||||
$this->db->getConnection()->exec("TRUNCATE TABLE security_rate_auth");
|
||||
$this->db->getConnection()->exec("TRUNCATE TABLE log");
|
||||
|
||||
// Clean up App state
|
||||
App::reset('db');
|
||||
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
<?php
|
||||
|
||||
require_once dirname(__DIR__, 3) . '/app/core/App.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/database.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/ratelimiter.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/log.php';
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use App\App;
|
||||
|
||||
class RateLimiterTest extends TestCase
|
||||
{
|
||||
|
|
@ -29,8 +31,11 @@ class RateLimiterTest extends TestCase
|
|||
'password' => $password
|
||||
]);
|
||||
|
||||
// Set up App::db() for RateLimiter
|
||||
App::set('db', $this->db->getConnection());
|
||||
|
||||
// The RateLimiter constructor will create all necessary tables
|
||||
$this->rateLimiter = new RateLimiter($this->db);
|
||||
$this->rateLimiter = new RateLimiter();
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
|
|
@ -40,6 +45,10 @@ class RateLimiterTest extends TestCase
|
|||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS {$this->rateLimiter->pagesRatelimitTable}");
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS {$this->rateLimiter->blacklistTable}");
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS {$this->rateLimiter->whitelistTable}");
|
||||
|
||||
// Clean up App state
|
||||
App::reset('db');
|
||||
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
<?php
|
||||
|
||||
require_once dirname(__DIR__, 3) . '/app/core/App.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/database.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/user.php';
|
||||
require_once dirname(__DIR__, 3) . '/plugins/register/models/register.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/ratelimiter.php';
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use App\App;
|
||||
|
||||
class UserRegisterTest extends TestCase
|
||||
{
|
||||
|
|
@ -30,6 +32,9 @@ class UserRegisterTest extends TestCase
|
|||
'password' => $password
|
||||
]);
|
||||
|
||||
// Set up App::db() for Register class to use
|
||||
App::set('db', $this->db->getConnection());
|
||||
|
||||
// Create user table with MariaDB syntax
|
||||
$this->db->getConnection()->exec("
|
||||
CREATE TABLE IF NOT EXISTS user (
|
||||
|
|
@ -78,12 +83,15 @@ class UserRegisterTest extends TestCase
|
|||
)
|
||||
");
|
||||
|
||||
$this->register = new Register($this->db);
|
||||
$this->register = new Register();
|
||||
$this->user = new User($this->db);
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
// Clean up App state
|
||||
App::reset('db');
|
||||
|
||||
// Drop tables in correct order
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS user_2fa");
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS security_rate_auth");
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
<?php
|
||||
|
||||
require_once dirname(__DIR__, 3) . '/app/core/App.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/database.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/user.php';
|
||||
require_once dirname(__DIR__, 3) . '/plugins/register/models/register.php';
|
||||
require_once dirname(__DIR__, 3) . '/app/classes/ratelimiter.php';
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use App\App;
|
||||
|
||||
class UserTest extends TestCase
|
||||
{
|
||||
|
|
@ -30,6 +32,9 @@ class UserTest extends TestCase
|
|||
'password' => $password
|
||||
]);
|
||||
|
||||
// Set up App::db() for Register class to use
|
||||
App::set('db', $this->db->getConnection());
|
||||
|
||||
// Create user table with MariaDB syntax
|
||||
$this->db->getConnection()->exec("
|
||||
CREATE TABLE IF NOT EXISTS user (
|
||||
|
|
@ -79,11 +84,14 @@ class UserTest extends TestCase
|
|||
");
|
||||
|
||||
$this->user = new User($this->db);
|
||||
$this->register = new Register($this->db);
|
||||
$this->register = new Register();
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
// Clean up App state
|
||||
App::reset('db');
|
||||
|
||||
// Drop tables in correct order
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS user_2fa");
|
||||
$this->db->getConnection()->exec("DROP TABLE IF EXISTS security_rate_auth");
|
||||
|
|
|
|||
|
|
@ -12,6 +12,11 @@ if (!headers_sent()) {
|
|||
ini_set('session.gc_maxlifetime', 1440); // 24 minutes
|
||||
}
|
||||
|
||||
// Define APP_PATH for components that expect the constant
|
||||
if (!defined('APP_PATH')) {
|
||||
define('APP_PATH', dirname(__DIR__) . '/app/');
|
||||
}
|
||||
|
||||
// load the main App registry and plugin route registry
|
||||
require_once __DIR__ . '/../app/core/App.php';
|
||||
require_once __DIR__ . '/../app/core/PluginRouteRegistry.php';
|
||||
|
|
|
|||
Loading…
Reference in New Issue