diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f0744d..ba7bcc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,79 +1,85 @@ -httpPassword 1.4 - 2023.08.12 -=========================================================== -* Require Dotclear 2.27 -* Require PHP 7.4+ -* Upgrade to Dotclear 2.27 -* Remove custom permission, only admin can handle httpPassword -* Move third party repository -* Use Dotclear style for CHANGELOG - -httpPassword 1.3 - 2023.05.13 -=========================================================== -* require dotclear 2.26 -* fix type hint and nullsafe warnings - -httpPassword 1.2 - 2023.04.22 -=========================================================== -* require dotclear 2.26 -* add plugin Uninstaller features -* use latest dotclear namespace -* fix static init -* fix permission -* code doc and review - -httpPassword 1.1 - 2023.03.25 -=========================================================== -* require dotclear 2.26 -* use namespace - -httpPassword 1.0 - 2022.12.30 -=========================================================== -* update to dotclear 2.24 -* change settings names -* remove debug mode -* use dcLog table for last logins - -httpPassword 0.5.10 -=========================================================== -* fix typo -* fix for PHP 5.3 compliance - -httpPassword 0.5.9 -=========================================================== -* fix bug in history page (PHP errors when history was empty) -* add page "debug" in plugin page in order to get infos about hosting setup (when plugins fails to authenticate users) - -httpPassword 0.5 -=========================================================== -* deep rewrite : HTTP auth is not directly handled by apache anymore but by a dotclear behavior -* add support of multiblog installation (thanks to Stephanie "piloue" and Gabriel for being so patient and their helpfull tests) -* add support PHP running as CGI (tested with OVH hosting services) -* auto-detect crypt functions available and let user choose it -* HTTP auth is not required in order to access to blog admin -* plugin admin page with tabs -* plugin imported to dotclear lab - -Known issues : This plugin does not protect non-php files (images, css, js) - -httpPassword 0.4 -=========================================================== -* check filepermission when running -* add free.fr support - -httpPassword 0.3 -=========================================================== -* add last connection tracker - -httpPassword 0.2 - 2008.11.22 -=========================================================== -* _install.php added -* password crypt function setting added -* password crypt function can be choose within trim, crypt, md5, sha1 -* remonte crypt function added as rcrypt rmd5 and rsha1 : crypt function - is called over http://frederic.ple.name/.... - This feature can ensure plugin running on php restricted environment - (ex: OVH.COM) - -httpPassword 0.1 : 2008-11-17 -=========================================================== -* INITIAL public release +httpPassword 1.5 - 2023.10.17 +=========================================================== +* Require Dotclear 2.28 +* Require PHP 8.1 +* Upgrade to Dotclear 2.28 + +httpPassword 1.4 - 2023.08.12 +=========================================================== +* Require Dotclear 2.27 +* Require PHP 7.4+ +* Upgrade to Dotclear 2.27 +* Remove custom permission, only admin can handle httpPassword +* Move third party repository +* Use Dotclear style for CHANGELOG + +httpPassword 1.3 - 2023.05.13 +=========================================================== +* require dotclear 2.26 +* fix type hint and nullsafe warnings + +httpPassword 1.2 - 2023.04.22 +=========================================================== +* require dotclear 2.26 +* add plugin Uninstaller features +* use latest dotclear namespace +* fix static init +* fix permission +* code doc and review + +httpPassword 1.1 - 2023.03.25 +=========================================================== +* require dotclear 2.26 +* use namespace + +httpPassword 1.0 - 2022.12.30 +=========================================================== +* update to dotclear 2.24 +* change settings names +* remove debug mode +* use dcLog table for last logins + +httpPassword 0.5.10 +=========================================================== +* fix typo +* fix for PHP 5.3 compliance + +httpPassword 0.5.9 +=========================================================== +* fix bug in history page (PHP errors when history was empty) +* add page "debug" in plugin page in order to get infos about hosting setup (when plugins fails to authenticate users) + +httpPassword 0.5 +=========================================================== +* deep rewrite : HTTP auth is not directly handled by apache anymore but by a dotclear behavior +* add support of multiblog installation (thanks to Stephanie "piloue" and Gabriel for being so patient and their helpfull tests) +* add support PHP running as CGI (tested with OVH hosting services) +* auto-detect crypt functions available and let user choose it +* HTTP auth is not required in order to access to blog admin +* plugin admin page with tabs +* plugin imported to dotclear lab + +Known issues : This plugin does not protect non-php files (images, css, js) + +httpPassword 0.4 +=========================================================== +* check filepermission when running +* add free.fr support + +httpPassword 0.3 +=========================================================== +* add last connection tracker + +httpPassword 0.2 - 2008.11.22 +=========================================================== +* _install.php added +* password crypt function setting added +* password crypt function can be choose within trim, crypt, md5, sha1 +* remonte crypt function added as rcrypt rmd5 and rsha1 : crypt function + is called over http://frederic.ple.name/.... + This feature can ensure plugin running on php restricted environment + (ex: OVH.COM) + +httpPassword 0.1 : 2008-11-17 +=========================================================== +* INITIAL public release diff --git a/README.md b/README.md index ce93924..ff00b20 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,21 @@ # README [![Release](https://img.shields.io/badge/release-1.4-a2cbe9.svg)](https://git.dotclear.watch/JcDenis/httpPassword/releases) -[![Date](https://img.shields.io/badge/date-2023.08.12-c44d58.svg)](https://git.dotclear.watch/JcDenis/httpPassword/releases) +![Date](https://img.shields.io/badge/date-2023.08.12-c44d58.svg) [![Dotclear](https://img.shields.io/badge/dotclear-v2.27-137bbb.svg)](https://fr.dotclear.org/download) [![Dotaddict](https://img.shields.io/badge/dotaddict-official-9ac123.svg)](https://plugins.dotaddict.org/dc2/details/httpPassword) -[![License](https://img.shields.io/github/license/JcDenis/httpPassword)](https://git.dotclear.watch/JcDenis/httpPassword/blob/master/LICENSE) +[![License](https://img.shields.io/badge/license-GPL--2.0-ececec.svg)](https://git.dotclear.watch/JcDenis/httpPassword/src/branch/master/LICENSE) -## WHAT IS HTTPPASSWORD ? +## ABOUT -_httpPassword_ is a plugin for the open-source -web publishing software called Dotclear. +_httpPassword_ is a plugin for the open-source web publishing software called [Dotclear](https://www.dotclear.org). -Its helps to manage .httppassword files to make a blog private. +> Help to manage .httppassword files to make a blog private. ## REQUIREMENTS -_httpPassword_ requires: - -* Dotclear 2.27 -* PHP 7.4+ +* Dotclear 2.28 +* PHP 8.1+ * Write permissions on blogs directories ## USAGE @@ -30,14 +27,15 @@ Manage settings, last logins, authorized users from sidebar menu _Http password_ ## LINKS -* License : [GNU GPL v2](https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html) -* Source & contribution : [Gitea Page](https://git.dotclear.watch/JcDenis/httpPassword) or [GitHub Page](https://github.com/JcDenis/httpPassword) -* Packages & details: [Gitea Page](https://git.dotclear.watch/JcDenis/httpPassword/releases) or [Dotaddict Page](https://plugins.dotaddict.org/dc2/details/httpPassword) -* Discussion & Help: [Dotclear Forum](http://forum.dotclear.org/viewtopic.php?pid=331158) +* [License](https://git.dotclear.watch/JcDenis/httpPassword/src/branch/master/LICENSE) +* [Packages & details](https://git.dotclear.watch/JcDenis/httpPassword/releases) (or on [Dotaddict](https://plugins.dotaddict.org/dc2/details/httpPassword)) +* [Sources & contributions](https://git.dotclear.watch/JcDenis/httpPassword) (or on [GitHub](https://github.com/JcDenis/httpPassword)) +* [Issues & security](https://git.dotclear.watch/JcDenis/httpPassword/issues) (or on [GitHub](https://github.com/JcDenis/httpPassword/issues)) +* [Discuss & Help](http://forum.dotclear.org/viewtopic.php?pid=331158) ## CONTRIBUTORS * Frederic PLE (author) -* Jean-Christian Denis +* Jean-Christian Denis (latest) You are welcome to contribute to this code. diff --git a/_define.php b/_define.php index 03d324b..9cedfed 100644 --- a/_define.php +++ b/_define.php @@ -1,29 +1,27 @@ registerModule( 'Http password', 'Manage .htpasswd file to make the blog private', 'Frederic PLE and contributors', - '1.4', + '1.5', [ - 'requires' => [['core', '2.27']], - 'permissions' => dcCore::app()->auth->makePermissions([ - dcCore::app()->auth::PERMISSION_ADMIN, - ]), + 'requires' => [['core', '2.28']], + 'permissions' => 'My', 'type' => 'plugin', 'support' => 'https://git.dotclear.watch/JcDenis/' . basename(__DIR__) . '/issues', 'details' => 'https://git.dotclear.watch/JcDenis/' . basename(__DIR__) . '/src/branch/master/README.md', diff --git a/_init.php b/_init.php deleted file mode 100644 index 6728c42..0000000 --- a/_init.php +++ /dev/null @@ -1,21 +0,0 @@ - Http password - 1.4 + 1.5 Frederic PLE and contributors Manage .htpasswd file to make the blog private - https://git.dotclear.watch/JcDenis/httpPassword/releases/download/v1.4/plugin-httpPassword.zip - 2.27 + https://git.dotclear.watch/JcDenis/httpPassword/releases/download/v1.5/plugin-httpPassword.zip + 2.28 https://git.dotclear.watch/JcDenis/httpPassword/src/branch/master/README.md https://git.dotclear.watch/JcDenis/httpPassword/issues diff --git a/src/Backend.php b/src/Backend.php index 06ee1ce..8dda46f 100644 --- a/src/Backend.php +++ b/src/Backend.php @@ -1,21 +1,18 @@ addBehavior('publicPrependV2', function (): void { - // nullsafe - if (is_null(dcCore::app()->blog)) { + App::behavior()->addBehavior('publicPrependV2', function (): void { + if (!App::blog()->isDefined()) { return; } $PHP_AUTH_USER = $PHP_AUTH_PW = ''; @@ -44,19 +40,19 @@ class Frontend extends Process $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; } elseif (isset($_ENV['REMOTE_USER'])) { [$PHP_AUTH_PW, $PHP_AUTH_USER] = explode(' ', $_ENV['REMOTE_USER'], 2); - [$PHP_AUTH_USER, $PHP_AUTH_PW] = explode(':', base64_decode($PHP_AUTH_USER)); + [$PHP_AUTH_USER, $PHP_AUTH_PW] = explode(':', base64_decode((string) $PHP_AUTH_USER)); } if ($PHP_AUTH_PW === '' or $PHP_AUTH_USER === '') { Utils::sendHttp401(); } - if (!is_file(dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD)) { + if (!is_file(App::blog()->publicPath() . DIRECTORY_SEPARATOR . My::FILE_PASSWORD)) { header('HTTP/1.0 500 Internal Server Error'); echo 'httpPassword plugin is not well configured.'; exit(1); } - $htpasswd = file(dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + $htpasswd = file(App::blog()->publicPath() . DIRECTORY_SEPARATOR . My::FILE_PASSWORD, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $authenticated = false; if ($htpasswd !== false) { foreach ($htpasswd as $ligne) { @@ -73,18 +69,18 @@ class Frontend extends Process if (!$authenticated) { Utils::sendHttp401(); } else { - $logs = dcCore::app()->log->getLogs(['log_table' => My::id(), 'log_msg' => $PHP_AUTH_USER]); + $logs = App::log()->getLogs(['log_table' => My::id(), 'log_msg' => $PHP_AUTH_USER]); if (!$logs->isEmpty()) { $ids = []; while ($logs->fetch()) { $ids[] = is_numeric($logs->f('log_id')) ? (int) $logs->f('log_id') : 0; } - $logs = dcCore::app()->log->delLogs($ids); + $logs = App::log()->delLogs($ids); } - $cursor = dcCore::app()->con->openCursor(dcCore::app()->prefix . dcLog::LOG_TABLE_NAME); + $cursor = App::log()->openLogCursor(); $cursor->setField('log_table', My::id()); $cursor->setField('log_msg', $PHP_AUTH_USER); - dcCore::app()->log->addLog($cursor); + App::log()->addLog($cursor); } }); diff --git a/src/Install.php b/src/Install.php index 85c1a79..dc28013 100644 --- a/src/Install.php +++ b/src/Install.php @@ -1,23 +1,21 @@ error->add($e->getMessage()); + App::error()->add($e->getMessage()); } return true; diff --git a/src/Manage.php b/src/Manage.php index 7fa4b28..d44e9cd 100644 --- a/src/Manage.php +++ b/src/Manage.php @@ -1,20 +1,10 @@ blog)) { + if (!self::status() || !App::blog()->isDefined()) { return false; } @@ -71,7 +66,7 @@ class Manage extends Process $s->put('crypt', in_array((string) $_POST['crypt'], My::cryptCombo()) ? $_POST['crypt'] : 'paintext'); $s->put('message', (string) $_POST['message']); - dcCore::app()->blog->triggerBlog(); + App::blog()->triggerBlog(); Notices::addSuccessNotice( __('Settings successfully updated.') @@ -82,13 +77,13 @@ class Manage extends Process // delete users logins if ('savelogins' == $action) { - $logs = dcCore::app()->log->getLogs(['log_table' => My::id()]); + $logs = App::log()->getLogs(['log_table' => My::id()]); if (!$logs->isEmpty()) { $ids = []; while ($logs->fetch()) { $ids[] = $logs->__get('log_id'); } - $logs = dcCore::app()->log->delLogs($ids); + $logs = App::log()->delLogs($ids); Notices::addSuccessNotice( __('Logs successfully cleared.') @@ -130,7 +125,7 @@ class Manage extends Process } file_put_contents(Utils::passwordFile(), $contents); - dcCore::app()->blog->triggerBlog(); + App::blog()->triggerBlog(); Notices::addSuccessNotice( __('Logins successfully updated.') @@ -144,7 +139,7 @@ class Manage extends Process public static function render(): void { - if (!self::status() || is_null(dcCore::app()->blog)) { + if (!self::status() || !App::blog()->isDefined()) { return; } @@ -207,7 +202,7 @@ class Manage extends Process // delete logins form if ('logins' == $part) { - $logs = dcCore::app()->log->getLogs(['log_table' => My::id()]); + $logs = App::log()->getLogs(['log_table' => My::id()]); if ($logs->isEmpty()) { echo '

' . __('Logins history is empty.') . '

'; diff --git a/src/My.php b/src/My.php index b3be4d4..6280bab 100644 --- a/src/My.php +++ b/src/My.php @@ -1,15 +1,5 @@ plugins->moduleExists('Uninstaller')) { + if (!self::status()) { return false; } diff --git a/src/Utils.php b/src/Utils.php index 320e66b..54d6eab 100644 --- a/src/Utils.php +++ b/src/Utils.php @@ -1,21 +1,19 @@ 0) { $salt .= substr( - sha1(dcCore::app()->getNonce() . date('U')), + sha1(App::nonce()->getNonce() . date('U')), 2, $saltlen - strlen($salt) ); @@ -118,7 +116,7 @@ class Utils */ public static function passwordFile(): string { - return is_null(dcCore::app()->blog) ? '' : dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD; + return App::blog()->isDefined() ? App::blog()->publicPath() . DIRECTORY_SEPARATOR . My::FILE_PASSWORD : ''; } /**