lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Compare commits

base: lindeas:d318b621d51861baaceed70101fc2b7cce8160b2
Branches Tags
lindeas:main
lindeas:v0.4.1
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1
..
compare: lindeas:0b3ff9e40b74ed057a83e31fe07d9ddefe1c2856
Branches Tags
lindeas:main
lindeas:v0.4.1
lindeas:v0.4
lindeas:v0.3
lindeas:v0.2.1
lindeas:v0.2
lindeas:v0.1.1
lindeas:v0.1

No commits in common. "d318b621d51861baaceed70101fc2b7cce8160b2" and "0b3ff9e40b74ed057a83e31fe07d9ddefe1c2856" have entirely different histories.
d318b621d5 ... 0b3ff9e40b

9 changed files with 291 additions and 455 deletions
Show Stats Expand all files Collapse all files

65
app/core/PluginManager.php
View File

@ -163,43 +163,34 @@ class PluginManager
public static function setEnabled(string $plugin, bool $enabled): bool
{
if (!isset(self::$catalog[$plugin])) {
app_log('error', 'PluginManager::setEnabled: Plugin ' . $plugin . ' not found in catalog', ['scope' => 'plugin']);
return false;
}
// Use global DB and get PDO connection
$db = $GLOBALS['db'];
$pdo = $db->getConnection();
global $db;
if (!$db instanceof PDO) {
return false;
}
try {
// Update or insert plugin setting in database
$stmt = $pdo->prepare(
$stmt = $db->prepare(
'INSERT INTO settings (`key`, `value`, updated_at)
VALUES (:key, :value, NOW())
ON DUPLICATE KEY UPDATE `value` = :value, updated_at = NOW()'
);
$key = 'plugin_enabled_' . $plugin;
$value = $enabled ? '1' : '0';
app_log('info', 'PluginManager::setEnabled: Setting ' . $key . ' to ' . $value, ['scope' => 'plugin']);
$result = $stmt->execute([':key' => $key, ':value' => $value]);
if (!$result) {
app_log('error', 'PluginManager::setEnabled: Failed to execute query for ' . $plugin, ['scope' => 'plugin']);
return false;
}
$stmt->execute([':key' => $key, ':value' => $value]);
// Clear loaded cache if disabling
if (!$enabled && isset(self::$loaded[$plugin])) {
unset(self::$loaded[$plugin]);
}
app_log('info', 'PluginManager::setEnabled: Successfully set ' . $plugin . ' to ' . ($enabled ? 'enabled' : 'disabled'), ['scope' => 'plugin']);
return true;
} catch (\PDOException $e) {
} catch (PDOException $e) {
// Log the actual error for debugging
app_log('error', 'PluginManager::setEnabled failed for ' . $plugin . ': ' . $e->getMessage(), ['scope' => 'plugin']);
error_log('PluginManager::setEnabled failed for ' . $plugin . ': ' . $e->getMessage());
return false;
}
}
@ -213,21 +204,25 @@ class PluginManager
return false;
}
// Use global DB and get PDO connection
$db = $GLOBALS['db'];
$pdo = $db->getConnection();
global $db;
if ($db instanceof PDO) {
try {
$stmt = $db->prepare('SELECT `value` FROM settings WHERE `key` = :key LIMIT 1');
$key = 'plugin_enabled_' . $plugin;
$stmt->execute([':key' => $key]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
try {
$stmt = $pdo->prepare('SELECT `value` FROM settings WHERE `key` = :key LIMIT 1');
$key = 'plugin_enabled_' . $plugin;
$stmt->execute([':key' => $key]);
$result = $stmt->fetch(\PDO::FETCH_ASSOC);
return $result && $result['value'] === '1';
} catch (\PDOException $e) {
app_log('error', 'PluginManager::isEnabled failed for ' . $plugin . ': ' . $e->getMessage(), ['scope' => 'plugin']);
return false;
if ($result !== false) {
return $result['value'] === '1';
}
} catch (PDOException $e) {
// Log error but return false
error_log('PluginManager::isEnabled database error for ' . $plugin . ': ' . $e->getMessage());
}
}
// Default to disabled if no database entry or database unavailable
return false;
}
/**
@ -254,15 +249,11 @@ class PluginManager
$migrationFunction = str_replace('-', '_', $plugin) . '_ensure_tables';
if (function_exists($migrationFunction)) {
$migrationFunction();
app_log('info', 'PluginManager::install: Successfully ran migrations for ' . $plugin, ['scope' => 'plugin']);
return true;
}
// If no migration function exists, that's okay for plugins that don't need tables
app_log('info', 'PluginManager::install: No migrations needed for ' . $plugin, ['scope' => 'plugin']);
return true;
return false;
} catch (Throwable $e) {
app_log('error', 'PluginManager::install failed for ' . $plugin . ': ' . $e->getMessage(), ['scope' => 'plugin']);
return false;
}
}
@ -278,7 +269,6 @@ class PluginManager
global $db;
if (!$db instanceof PDO) {
app_log('error', 'PluginManager::purge: Database connection not available', ['scope' => 'plugin']);
return false;
}
@ -302,15 +292,12 @@ class PluginManager
$migrationContent = file_get_contents($migrationFile);
if (strpos($migrationContent, $table) !== false) {
$db->exec("DROP TABLE IF EXISTS `$table`");
app_log('info', 'PluginManager::purge: Dropped table ' . $table . ' for plugin ' . $plugin, ['scope' => 'plugin']);
}
}
}
app_log('info', 'PluginManager::purge: Successfully purged plugin ' . $plugin, ['scope' => 'plugin']);
return true;
} catch (Throwable $e) {
app_log('error', 'PluginManager::purge failed for ' . $plugin . ': ' . $e->getMessage(), ['scope' => 'plugin']);
return false;
}
}

247
app/templates/admin.php
View File

@ -489,6 +489,22 @@ if (!empty($adminOverviewStatuses) && is_array($adminOverviewStatuses)) {
</span>
<?php endif; ?>
</form>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_purge">
<?php if ($plugin['can_disable']): ?>
<span data-toggle="tooltip" data-placement="top" title="Remove all plugin data and tables">
<button type="submit" class="btn btn-sm btn-outline-warning" onclick="return confirm('Are you sure? This will permanently delete all plugin data and tables!')">Purge</button>
</span>
<?php else: ?>
<span data-toggle="tooltip" data-placement="top"
title="<?= htmlspecialchars('Cannot purge: ' . (count($plugin['enabled_dependents']) > 0 ? 'Required by: ' . implode(', ', $plugin['enabled_dependents']) : 'Plugin has active dependents')) ?>">
<button type="button" class="btn btn-sm btn-outline-warning" disabled>Purge</button>
</span>
<?php endif; ?>
</form>
<?php else: ?>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
@ -506,9 +522,32 @@ if (!empty($adminOverviewStatuses) && is_array($adminOverviewStatuses)) {
</span>
<?php endif; ?>
</form>
<?php if (file_exists($pluginAdminMap[$plugin['slug']]['path'] . '/bootstrap.php')): ?>
<?php if ($plugin['can_install']): ?>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_install">
<span data-toggle="tooltip" data-placement="top" title="Install plugin database tables">
<button type="submit" class="btn btn-sm btn-outline-primary">Install</button>
</span>
</form>
<?php else: ?>
<?php if ($plugin['has_migration']): ?>
<span data-toggle="tooltip" data-placement="top" title="Tables already exist">
<button type="button" class="btn btn-sm btn-outline-primary" disabled>Install</button>
</span>
<?php else: ?>
<span data-toggle="tooltip" data-placement="top" title="No migration files found">
<button type="button" class="btn btn-sm btn-outline-primary" disabled>Install</button>
</span>
<?php endif; ?>
<?php endif; ?>
<?php endif; ?>
<?php endif; ?>
<?php if (file_exists($pluginAdminMap[$plugin['slug']]['path'] . '/bootstrap.php')): ?>
<span data-toggle="tooltip" data-placement="top" title="Check plugin health and status" style="margin-left: 0.5rem;">
<span data-toggle="tooltip" data-placement="top" title="Check plugin health and status">
<button type="button" class="btn btn-sm btn-outline-secondary" data-toggle="modal" data-target="#pluginCheckModal<?= htmlspecialchars($plugin['slug']) ?>">Check</button>
</span>
<?php endif; ?>
@ -621,8 +660,6 @@ endif; ?>
$checkResults['files'] = [
'manifest' => file_exists($plugin['path'] . '/plugin.json'),
'bootstrap' => file_exists($plugin['path'] . '/bootstrap.php'),
'helpers' => file_exists($plugin['path'] . '/helpers.php'),
'controllers' => is_dir($plugin['path'] . '/controllers') && count(glob($plugin['path'] . '/controllers/*.php')) > 0,
'migration' => $hasMigration,
];
@ -648,7 +685,7 @@ endif; ?>
}
$checkResults['tables'] = $pluginTables;
// Check plugin functions and integrations
// Check plugin functions
$bootstrapPath = $plugin['path'] . '/bootstrap.php';
if (file_exists($bootstrapPath)) {
include_once $bootstrapPath;
@ -674,15 +711,9 @@ endif; ?>
$migrationTestResult = 'not applicable';
}
// Check route and hook registrations
$routePrefix = $plugin['slug'];
$hasRouteRegistration = isset($GLOBALS['plugin_route_prefixes']) && isset($GLOBALS['plugin_route_prefixes'][$routePrefix]);
$checkResults['functions'] = [
'migration' => function_exists($migrationFunction),
'migration_test' => $migrationTestResult ?: 'not applicable',
'route_registration' => $hasRouteRegistration,
'hook_registration' => true, // If bootstrap loaded, assume hooks are registered
];
}
@ -699,99 +730,6 @@ endif; ?>
</div>
<div class="modal-body">
<div class="row">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Plugin Information</h6>
</div>
<div class="card-body">
<div class="small">
<div class="mb-1"><strong>Name:</strong> <?= htmlspecialchars($plugin['name']) ?></div>
<div class="mb-1"><strong>Version:</strong> <?= htmlspecialchars($plugin['version'] ?? 'N/A') ?></div>
<div class="mb-1"><strong>Enabled:</strong> <span class="badge bg-<?= $plugin['enabled'] ? 'success' : 'secondary' ?>"><?= $plugin['enabled'] ? 'Yes' : 'No' ?></span></div>
<div class="mb-1"><strong>Dependencies:</strong> <?= !empty($plugin['dependencies']) ? htmlspecialchars(implode(', ', $plugin['dependencies'])) : 'None' ?></div>
</div>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Functions Check</h6>
</div>
<div class="card-body">
<?php foreach ($checkResults['functions'] ?? [] as $func => $value): ?>
<?php if ($func === 'migration_test'): ?>
<?php if ($value !== 'not applicable'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span>Migration Test</span>
<?php if ($value === 'already installed'): ?>
<span class="badge bg-info">Already Installed</span>
<?php elseif (strpos($value, 'error') === false): ?>
<span class="badge bg-success">Passed</span>
<?php else: ?>
<span class="badge bg-danger">Failed</span>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ($value === 'already installed'): ?>
<div class="text-muted small mb-2">Plugin tables already exist - migration not needed</div>
<?php elseif (strpos($value, 'error') !== false): ?>
<div class="text-muted small mb-2"><?= htmlspecialchars($value) ?></div>
<?php endif; ?>
<?php elseif ($func === 'route_registration'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span>Route Registration</span>
<span class="badge bg-<?= $value ? 'success' : 'danger' ?>">
<?= $value ? 'Registered' : 'Not Registered' ?>
</span>
</div>
<?php elseif ($func === 'hook_registration'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span>Hook Registration</span>
<span class="badge bg-<?= $value ? 'success' : 'danger' ?>">
<?= $value ? 'Active' : 'Inactive' ?>
</span>
</div>
<?php elseif ($func === 'migration'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span><?= htmlspecialchars(ucfirst($func)) ?> Function</span>
<span class="badge bg-<?= $value ? 'success' : 'danger' ?>">
<?= $value ? 'Available' : 'Missing' ?>
</span>
</div>
<?php endif; ?>
<?php endforeach; ?>
</div>
</div>
</div>
</div>
<div class="row mt-3">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Database Tables</h6>
</div>
<div class="card-body">
<?php if (!empty($checkResults['tables'])): ?>
<?php foreach ($checkResults['tables'] as $table): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span><?= htmlspecialchars($table) ?></span>
<span class="badge bg-success">Present</span>
</div>
<?php endforeach; ?>
<?php else: ?>
<p class="text-muted mb-0">
<?php if ($checkResults['files']['migration']): ?>
Plugin has migration files but tables are not installed yet.
<?php else: ?>
No plugin tables found.
<?php endif; ?>
</p>
<?php endif; ?>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
@ -809,6 +747,79 @@ endif; ?>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Database Tables</h6>
</div>
<div class="card-body">
<?php if (!empty($checkResults['tables'])): ?>
<?php foreach ($checkResults['tables'] as $table): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span><?= htmlspecialchars($table) ?></span>
<span class="badge bg-success">Present</span>
</div>
<?php endforeach; ?>
<?php else: ?>
<p class="text-muted mb-0">No plugin tables found.</p>
<?php endif; ?>
</div>
</div>
</div>
</div>
<div class="row mt-3">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Functions Check</h6>
</div>
<div class="card-body">
<?php foreach ($checkResults['functions'] ?? [] as $func => $value): ?>
<?php if ($func === 'migration_test'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span>Migration Test</span>
<?php if ($value === 'not applicable'): ?>
<span class="badge bg-secondary">Not Applicable</span>
<?php elseif ($value === 'already installed'): ?>
<span class="badge bg-info">Already Installed</span>
<?php elseif (strpos($value, 'error') === false): ?>
<span class="badge bg-success">Passed</span>
<?php else: ?>
<span class="badge bg-danger">Failed</span>
<?php endif; ?>
</div>
<?php if ($value === 'already installed'): ?>
<div class="text-muted small mb-2">Plugin tables already exist - migration not needed</div>
<?php elseif (strpos($value, 'error') !== false): ?>
<div class="text-muted small mb-2"><?= htmlspecialchars($value) ?></div>
<?php endif; ?>
<?php elseif ($func === 'migration'): ?>
<div class="d-flex justify-content-between align-items-center mb-2">
<span><?= htmlspecialchars($func) ?>()</span>
<span class="badge bg-<?= $value ? 'success' : 'danger' ?>">
<?= $value ? 'Available' : 'Missing' ?>
</span>
</div>
<?php endif; ?>
<?php endforeach; ?>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h6 class="card-title mb-0">Plugin Information</h6>
</div>
<div class="card-body">
<div class="small">
<div class="mb-1"><strong>Name:</strong> <?= htmlspecialchars($plugin['name']) ?></div>
<div class="mb-1"><strong>Version:</strong> <?= htmlspecialchars($plugin['version'] ?? 'N/A') ?></div>
<div class="mb-1"><strong>Enabled:</strong> <span class="badge bg-<?= $plugin['enabled'] ? 'success' : 'secondary' ?>"><?= $plugin['enabled'] ? 'Yes' : 'No' ?></span></div>
<div class="mb-1"><strong>Dependencies:</strong> <?= !empty($plugin['dependencies']) ? htmlspecialchars(implode(', ', $plugin['dependencies'])) : 'None' ?></div>
</div>
</div>
</div>
</div>
</div>
<?php if (isset($checkResults['error'])): ?>
<div class="alert alert-danger mt-3">
@ -817,22 +828,20 @@ endif; ?>
<?php endif; ?>
</div>
<div class="modal-footer">
<?php if ($plugin['has_migration']): ?>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_install">
<button type="submit" class="btn btn-primary">Install plugin DB tables</button>
</form>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_purge">
<button type="submit" class="btn btn-warning" onclick="return confirm('Are you sure? This will permanently delete all plugin data and tables!')">Purge all plugin data</button>
</form>
<?php endif; ?>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_install">
<button type="submit" class="btn btn-primary">Install Tables</button>
</form>
<form method="post" class="d-inline">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($csrf_token) ?>">
<input type="hidden" name="section" value="plugins">
<input type="hidden" name="plugin" value="<?= htmlspecialchars($plugin['slug']) ?>">
<input type="hidden" name="action" value="plugin_purge">
<button type="submit" class="btn btn-warning" onclick="return confirm('Are you sure? This will permanently delete all plugin data and tables!')">Purge Plugin</button>
</form>
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>

59
plugins/register/README.md
View File

@ -1,59 +0,0 @@
# Register Plugin
Provides user registration functionality.
## API Endpoints
### POST /register?action=register
Register a new user account.
**Request:**
- `username` (string, 3-20 chars, required)
- `password` (string, 8-255 chars, required)
- `confirm_password` (string, required)
- `csrf_token` (string, required)
- `terms` (boolean, required)
**Response:**
```json
{
"success": true,
"data": {
"message": "Registration successful. You can log in now.",
"redirect_to": "?page=login"
}
}
```
### GET /register?action=status
Check if registration is enabled.
## Configuration
Enable/disable registration in `totalmeet.conf.php`:
```php
'registration_enabled' => true,
```
## Security Features
- CSRF protection
- Rate limiting
- Password hashing
- Input sanitization
## Implementation
Uses simple callable dispatcher pattern for single-action plugin:
```php
register_plugin_route_prefix('register', [
'dispatcher' => function($context) {
require_once PLUGIN_REGISTER_PATH . 'controllers/register.php';
},
'access' => 'public',
]);
```
## Dependencies
None - functions independently.

26
plugins/register/bootstrap.php
View File

@ -1,26 +1,12 @@
<?php
/**
* Register Plugin Bootstrap
*
* Initializes the register plugin using the App API pattern.
*/
// Register plugin bootstrap
// (here we add any plugin autoloader, if needed)
// Define plugin base path if not already defined
if (!defined('PLUGIN_REGISTER_PATH')) {
define('PLUGIN_REGISTER_PATH', __DIR__ . '/');
}
require_once PLUGIN_REGISTER_PATH . 'helpers.php';
require_once PLUGIN_REGISTER_PATH . 'controllers/register.php';
// Register route with dispatcher class
register_plugin_route_prefix('register', [
'dispatcher' => \Plugins\Register\Controllers\RegisterController::class,
'access' => 'public',
'defaults' => ['action' => 'register'],
'plugin' => 'register',
]);
// List here all the controllers in "/controllers/" that we need as pages
$GLOBALS['plugin_controllers']['register'] = [
'register'
];
// Add to publicly accessible pages
register_hook('filter_public_pages', function($pages) {

254
plugins/register/controllers/register.php
View File

@ -1,188 +1,110 @@
<?php
/**
* User Registration API Controller
* User registration
*
* Provides RESTful endpoints for user registration.
* Follows the API pattern used by other plugins.
* This page ("register") handles user registration if the feature is enabled in the configuration.
* It accepts a POST request with a username and password, attempts to register the user,
* and redirects to the login page on success or displays an error message on failure.
*/
namespace Plugins\Register\Controllers;
use App\App;
use App\Helpers\Theme;
use Exception;
use PDO;
require_once APP_PATH . 'classes/feedback.php';
require_once APP_PATH . 'classes/user.php';
require_once APP_PATH . 'classes/validator.php';
require_once APP_PATH . 'helpers/security.php';
require_once APP_PATH . 'helpers/theme.php';
require_once APP_PATH . 'includes/rate_limit_middleware.php';
// Define plugin base path if not already defined
if (!defined('PLUGIN_REGISTER_PATH')) {
define('PLUGIN_REGISTER_PATH', dirname(__FILE__, 2) . '/');
}
require_once PLUGIN_REGISTER_PATH . 'models/register.php';
require_once dirname(__FILE__, 4) . '/app/classes/user.php';
require_once dirname(__FILE__, 4) . '/app/classes/validator.php';
require_once dirname(__FILE__, 4) . '/app/helpers/security.php';
class RegisterController
{
private $db;
private array $config;
private string $appRoot;
private $logger;
// registration is allowed, go on
if ($config['registration_enabled'] == true) {
public function __construct()
{
$this->db = App::db();
$this->config = App::config();
$this->appRoot = App::get('app_root') ?? '/';
$this->logger = App::get('logObject');
}
try {
global $db, $logObject, $userObject;
public function handle(string $action, array $context = []): bool
{
$validSession = (bool)($context['valid_session'] ?? false);
$app_root = $context['app_root'] ?? $this->appRoot;
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
if (!$this->db) {
\Feedback::flash('ERROR', 'DEFAULT', 'Registration service unavailable. Please try again later.');
$this->renderForm($validSession, $app_root, ['registrationEnabled' => false]);
return true;
}
// Apply rate limiting
require_once dirname(__FILE__, 4) . '/app/includes/rate_limit_middleware.php';
checkRateLimit($db, 'register');
if (!$this->isRegistrationEnabled()) {
\Feedback::flash('NOTICE', 'DEFAULT', 'Registration is currently disabled.');
$this->renderForm($validSession, $app_root, ['registrationEnabled' => false]);
return true;
}
$security = SecurityHelper::getInstance();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$this->handleSubmission($validSession, $app_root);
return true;
}
// Sanitize input
$formData = $security->sanitizeArray($_POST, ['username', 'password', 'confirm_password', 'csrf_token', 'terms']);
$this->renderForm($validSession, $app_root);
return true;
}
private function isRegistrationEnabled(): bool
{
return (bool)($this->config['registration_enabled'] ?? false);
}
private function handleSubmission(bool $validSession, string $app_root): void
{
checkRateLimit($this->db, 'register');
$security = \SecurityHelper::getInstance();
$formData = $security->sanitizeArray(
$_POST,
['username', 'password', 'confirm_password', 'csrf_token', 'terms']
);
if (!$security->verifyCsrfToken($formData['csrf_token'] ?? '')) {
\Feedback::flash('ERROR', 'DEFAULT', 'Invalid security token. Please try again.');
$this->renderForm($validSession, $app_root, [
'values' => ['username' => $formData['username'] ?? ''],
]);
return;
}
$validator = new \Validator($formData);
$rules = [
'username' => [
'required' => true,
'min' => 3,
'max' => 20,
],
'password' => [
'required' => true,
'min' => 8,
'max' => 255,
],
'confirm_password' => [
'required' => true,
'matches' => 'password',
],
'terms' => [
'required' => true,
'accepted' => true,
],
];
if (!$validator->validate($rules)) {
\Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError());
$this->renderForm($validSession, $app_root, [
'values' => ['username' => $formData['username'] ?? ''],
]);
return;
}
$username = trim($formData['username']);
$password = $formData['password'];
try {
$register = new \Register($this->db);
$result = $register->register($username, $password);
if ($result === true) {
$this->logSuccessfulRegistration($username);
\Feedback::flash('NOTICE', 'DEFAULT', 'Registration successful. You can log in now.');
header('Location: ' . $app_root . '?page=login');
exit;
// Validate CSRF token
if (!$security->verifyCsrfToken($formData['csrf_token'] ?? '')) {
throw new Exception(Feedback::get('ERROR', 'CSRF_INVALID')['message']);
}
\Feedback::flash('ERROR', 'DEFAULT', 'Registration failed: ' . $result);
$this->renderForm($validSession, $app_root, [
'values' => ['username' => $username],
]);
} catch (Exception $e) {
\Feedback::flash('ERROR', 'DEFAULT', 'Registration failed: ' . $e->getMessage());
$this->renderForm($validSession, $app_root, [
'values' => ['username' => $username],
]);
$validator = new Validator($formData);
$rules = [
'username' => [
'required' => true,
'min' => 3,
'max' => 20
],
'password' => [
'required' => true,
'min' => 8,
'max' => 100
],
'confirm_password' => [
'required' => true,
'matches' => 'password'
],
'terms' => [
'required' => true,
'equals' => 'on'
]
];
$username = $formData['username'] ?? 'unknown';
if ($validator->validate($rules)) {
$password = $formData['password'];
// registering
$register = new Register($db);
$result = $register->register($username, $password);
// redirect to login
if ($result === true) {
// Get the new user's ID for logging
$userId = $userObject->getUserId($username)[0]['id'];
$logObject->log('info', "Registration: New user \"$username\" registered successfully. IP: $user_IP", ['user_id' => $userId, 'scope' => 'user']);
Feedback::flash('NOTICE', 'DEFAULT', "Registration successful. You can log in now.");
header('Location: ' . htmlspecialchars($app_root . '?page=login'));
exit();
// registration fail, redirect to login
} else {
$logObject->log('error', "Registration: Failed registration attempt for user \"$username\". IP: $user_IP. Reason: $result", ['user_id' => null, 'scope' => 'system']);
Feedback::flash('ERROR', 'DEFAULT', "Registration failed. $result");
header('Location: ' . htmlspecialchars($app_root . '?page=register'));
exit();
}
} else {
$error = $validator->getFirstError();
$logObject->log('error', "Registration: Failed validation for user \"" . ($username ?? 'unknown') . "\". IP: $user_IP. Reason: $error", ['user_id' => null, 'scope' => 'system']);
Feedback::flash('ERROR', 'DEFAULT', $error);
header('Location: ' . htmlspecialchars($app_root . '?page=register'));
exit();
}
}
} catch (Exception $e) {
$logObject->log('error', "Registration: System error. IP: $user_IP. Error: " . $e->getMessage(), ['user_id' => null, 'scope' => 'system']);
Feedback::flash('ERROR', 'DEFAULT', $e->getMessage());
}
private function logSuccessfulRegistration(string $username): void
{
if (!$this->logger) {
return;
}
// Get any new feedback messages
include_once dirname(__FILE__, 4) . '/app/helpers/feedback.php';
try {
$userModel = new \User($this->db);
$userRecord = $userModel->getUserId($username);
$userId = $userRecord[0]['id'] ?? null;
$userIP = $_SERVER['REMOTE_ADDR'] ?? '';
// Load the template
include PLUGIN_REGISTER_PATH . 'views/form-register.php';
$this->logger->log(
'info',
sprintf('Registration: New user "%s" registered successfully. IP: %s', $username, $userIP),
['user_id' => $userId, 'scope' => 'user']
);
} catch (Exception $e) {
app_log('warning', 'RegisterController logging failed: ' . $e->getMessage(), ['scope' => 'plugin']);
}
}
private function renderForm(bool $validSession, string $app_root, array $data = []): void
{
$formValues = $data['values'] ?? ['username' => ''];
$registrationEnabled = $data['registrationEnabled'] ?? true;
Theme::include('page-header');
Theme::include('page-menu');
if ($validSession) {
Theme::include('page-sidebar');
}
include APP_PATH . 'helpers/feedback.php';
$app_root_value = $app_root; // align variable name for template include
$app_root = $app_root_value;
$values = $formValues;
include PLUGIN_REGISTER_PATH . 'views/form-register.php';
Theme::include('page-footer');
}
// registration disabled
} else {
echo Feedback::render('NOTICE', 'DEFAULT', 'Registration is disabled', false);
}

10
plugins/register/helpers.php
View File

@ -1,10 +0,0 @@
<?php
/**
* Registration Plugin Helpers
*
* Aggregates all helper modules for the registration plugin.
*/
// Include any helper modules here when they are added
// For now, the registration plugin doesn't have separate helper modules

25
plugins/register/models/register.php
View File

@ -1,11 +1,9 @@
<?php
use App\App;
/**
* class Register
*
* Handles user registration using the App API pattern.
* Handles user registration.
*/
class Register {
/**
@ -17,18 +15,21 @@ class Register {
/**
* Register constructor.
* Initializes the database connection using App API.
* Initializes the database connection.
*
* @param PDO|null $database The database connection (optional, will use App::db() if not provided).
* @param object $database The database object to initialize the connection.
*/
public function __construct($database = null) {
$this->db = $database instanceof PDO ? $database : App::db();
public function __construct($database) {
if ($database instanceof PDO) {
$this->db = $database;
} else {
$this->db = $database->getConnection();
}
require_once dirname(__FILE__, 4) . '/app/classes/ratelimiter.php';
require_once dirname(__FILE__, 4) . '/app/classes/twoFactorAuth.php';
require_once APP_PATH . 'classes/ratelimiter.php';
require_once APP_PATH . 'classes/twoFactorAuth.php';
$this->rateLimiter = new RateLimiter($this->db);
$this->twoFactorAuth = new TwoFactorAuthentication($this->db);
$this->rateLimiter = new RateLimiter($database);
$this->twoFactorAuth = new TwoFactorAuthentication($database);
}

14
public_html/index.php
View File

@ -84,6 +84,11 @@ function register_plugin_route_prefix(string $prefix, array $definition = []): v
PluginRouteRegistry::registerPrefix($prefix, $definition);
}
// Load enabled plugins
$plugins_dir = dirname(__DIR__) . '/plugins/';
$enabled_plugins = PluginManager::load($plugins_dir);
$GLOBALS['enabled_plugins'] = $enabled_plugins;
// Define CSRF token include path globally
if (!defined('CSRF_TOKEN_INCLUDE')) {
define('CSRF_TOKEN_INCLUDE', APP_PATH . 'includes/csrf_token.php');
@ -113,7 +118,7 @@ if (!isset($page)) {
}
// List of pages that don't require authentication
$public_pages = ['login', 'register', 'help', 'about', 'theme-asset', 'plugin-asset'];
$public_pages = ['login', 'help', 'about', 'theme-asset', 'plugin-asset'];
// Let plugins filter/extend public_pages
$public_pages = filter_public_pages($public_pages);
@ -152,7 +157,7 @@ $allowed_urls = [
'settings','theme','theme-asset','plugin-asset',
'admin','status',
'help','about',
'login','register','logout',
'login','logout',
];
// Let plugins filter/extend allowed_urls
@ -173,11 +178,6 @@ use App\Core\DatabaseConnector;
$db = DatabaseConnector::connect($config);
App::set('db', $db);
// Load enabled plugins (we need this after DB connection is established)
$plugins_dir = dirname(__DIR__) . '/plugins/';
$enabled_plugins = PluginManager::load($plugins_dir);
$GLOBALS['enabled_plugins'] = $enabled_plugins;
// Initialize Log throttler
require_once APP_PATH . 'core/LogThrottler.php';
use App\Core\LogThrottler;