index.php 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064
  1. <?php
  2. /**
  3. * Copyright 2021, 2024 5 Mode
  4. *
  5. * This file is part of StarWorth.
  6. *
  7. * StarWorth is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * StarWorth is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with StarWorth. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * StarWorth home page.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2021, 2024, 5 Mode
  26. */
  27. require "init.inc";
  28. // echo("&nbsp;&nbsp;&nbsp;&nbsp;" . time());
  29. $contextType = PUBLIC_CONTEXT_TYPE;
  30. $signHistory = [];
  31. $cmd = PHP_STR;
  32. $opt = PHP_STR;
  33. $param1 = PHP_STR;
  34. $param2 = PHP_STR;
  35. $param3 = PHP_STR;
  36. $curLocale = APP_LOCALE;
  37. function doAging($param1) {
  38. global $signHistory;
  39. global $curPath;
  40. $mysign= trim($param1,"'");
  41. $ret = $mysign;
  42. if ($signHistory) {
  43. $ipos = stripos($mysign, PHP_PIPE);
  44. $oldTimestamp = (int)left($mysign, $ipos);
  45. if ((time() -$oldTimestamp) > APP_MAX_AGE) {
  46. $newval = str_repeat("0",strlen(time())).PHP_PIPE.substr($mysign,$ipos+1);
  47. //echo("**$newval**");
  48. $ret = $newval;
  49. $key = array_search($mysign."\n", $signHistory);
  50. if ($key !== false) {
  51. $signHistory[$key] = $newval . "\n";
  52. // Writing out $signHistory on disk..
  53. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  54. file_put_contents($filepath, implode('', $signHistory));
  55. }
  56. }
  57. }
  58. return $ret;
  59. }
  60. function showHistory() {
  61. global $signHistory;
  62. global $curPath;
  63. global $CONFIG;
  64. global $curLocale;
  65. global $LOCALE;
  66. global $password;
  67. global $contextType;
  68. $signHistoryCopy = $signHistory;
  69. rsort($signHistoryCopy);
  70. echo("<div id='events'>");
  71. $m = 1;
  72. foreach($signHistoryCopy as $val) {
  73. $val = rtrim($val, "\n");
  74. $val = doAging($val);
  75. $mytag = PHP_STR;
  76. $myccounter = PHP_STR;
  77. $mydate = PHP_STR;
  78. $mytime = PHP_STR;
  79. $mydesc = PHP_STR;
  80. $myflag = PHP_STR;
  81. $aFields = explode(PHP_PIPE, $val);
  82. $mytag = $aFields[0]??"0000";
  83. $myccounter = (int)$aFields[1]??PHP_STR;
  84. $mydate = $aFields[2]??PHP_STR;
  85. $mytime = $aFields[3]??PHP_STR;
  86. $mydesc = $aFields[4]??PHP_STR;
  87. $myflag = $aFields[5]??PHP_STR;
  88. if ($mydate==PHP_STR && $mydesc==PHP_STR) {
  89. continue;
  90. }
  91. //$mytag = date("Hi", $mytag); //right($mytag??"0000", 4);
  92. //$mytag = left($mytag, 2).":".right($mytag, 2);
  93. $myoritag = right($mytag??"0000", 4);
  94. $mytag = date("Hi", $mytag);
  95. $mytag = left($mytag, 2).":".right($mytag, 2);
  96. $yesStar = ($myoritag==="0000")?false:true;
  97. $myccounter = left($myccounter,6);
  98. // If I'm in admin
  99. if ($contextType === PERSONAL_CONTEXT_TYPE) {
  100. $star= PHP_STR;
  101. if ($yesStar) {
  102. $starFnc= "&nbsp;&nbsp;&nbsp;<a href='#' onclick=\"setStar('" . $val . "')\"><img src='/SW_res/star.png' style='width:26px;'></a>";
  103. } else {
  104. $starFnc = "&nbsp;&nbsp;&nbsp;<a href='#' onclick=\"setStar('" . $val . "')\"><img src='/SW_res/setstar.png' style='width:26px;'></a>";
  105. }
  106. $adminFnc = PHP_STR;
  107. if ($myflag === "u") {
  108. $adminFnc = "<a href='#' onclick=\"confSign('" . $val . "')\"><img src='/SW_res/confirm.png' style='width:26px;'></a>";
  109. } else {
  110. $adminFnc = "<a href='#' onclick=\"delSign('" . $val . "')\"><img src='/SW_res/del.png' style='width:26px;'></a>";
  111. }
  112. // Display event/calendar list
  113. echo("<table class='table-event' align='center'>");
  114. echo("<tr>");
  115. echo("<td class='td-data-date'>");
  116. echo("<span class='data-date' style='font-family:".DISPLAY_DATE_FONT.";'>".$mydate."</span>");
  117. echo("</td>");
  118. echo("<td class='td-data-time'>");
  119. echo("<span class='data-time' style='font-family:".DISPLAY_DATE_FONT.";'>".$mytime."</span>");
  120. echo("</td>");
  121. echo("<td class='td-data-desc'>");
  122. echo("<span class='data-desc'>".$mydesc."</span>");
  123. echo("</td>");
  124. echo("<td class='td-star'>");
  125. echo($starFnc);
  126. echo("</td>");
  127. echo("<td class='td-admin'>");
  128. echo($adminFnc);
  129. echo("</td>");
  130. echo("</tr>");
  131. echo("</table>");
  132. // If I'm not in admin
  133. } else {
  134. $mydesc = enableLinks($mydesc);
  135. if ($myflag !== "u") {
  136. $star= PHP_STR;
  137. if ($yesStar) {
  138. $star= "<img src='/SW_res/star.png' style='width:26px;'>&nbsp;(".$mytag.")";
  139. } else {
  140. $star = "<a href='#' onclick='showSideBar();'><img src='/SW_res/setstar.png' style='width:26px;'></a>";
  141. }
  142. // Display event list
  143. echo("<table class='table-event' align='center'>");
  144. echo("<tr>");
  145. echo("<td class='td-data-star'>");
  146. echo("$star");
  147. echo("</td>");
  148. echo("<td class='td-data-date'>");
  149. echo("<span class='data-date' style='font-family:".DISPLAY_DATE_FONT.";'>".$mydate."</span>");
  150. echo("</td>");
  151. echo("<td class='td-data-time'>");
  152. echo("<span class='data-time' style='font-family:".DISPLAY_DATE_FONT.";'>".$mytime."</span>");
  153. echo("</td>");
  154. echo("<td class='td-data-desc' style='width:76%;'>");
  155. echo("<span class='data-desc'>".$mydesc."&nbsp;(".$myccounter.")</span>");
  156. echo("</td>");
  157. echo("</tr>");
  158. echo("</table>");
  159. }
  160. }
  161. $m++;
  162. }
  163. echo("</div>");
  164. }
  165. function updateHistory(&$update, $maxItems) {
  166. global $signHistory;
  167. global $curPath;
  168. // Making enough space in $signHistory for the update..
  169. $shift = (count($signHistory) + count($update)) - $maxItems;
  170. if ($shift > 0) {
  171. $signHistory = array_slice($signHistory, $shift, $maxItems);
  172. }
  173. // Adding $signHistory update..
  174. if (count($update) > $maxItems) {
  175. $beginUpd = count($update) - ($maxItems-1);
  176. } else {
  177. $beginUpd = 0;
  178. }
  179. $update = array_slice($update, $beginUpd, $maxItems);
  180. foreach($update as $val) {
  181. $signHistory[] = $val;
  182. }
  183. // Writing out $signHistory on disk..
  184. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  185. file_put_contents($filepath, implode('', $signHistory));
  186. }
  187. function updatecaptchaHistory(&$update) {
  188. global $captchaHistory;
  189. global $curPath;
  190. foreach($update as $val) {
  191. $captchaHistory[] = $val;
  192. }
  193. // Writing out $captchaHistory on disk..
  194. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_captchahistory";
  195. file_put_contents($filepath, implode('', $captchaHistory));
  196. }
  197. function parseCommand() {
  198. global $command;
  199. global $cmd;
  200. global $opt;
  201. global $param1;
  202. global $param2;
  203. global $param3;
  204. $str = trim($command);
  205. $ipos = stripos($str, PHP_SPACE);
  206. if ($ipos > 0) {
  207. $cmd = left($str, $ipos);
  208. $str = substr($str, $ipos+1);
  209. } else {
  210. $cmd = $str;
  211. return;
  212. }
  213. if (left($str, 1) === "-") {
  214. $ipos = stripos($str, PHP_SPACE);
  215. if ($ipos > 0) {
  216. $opt = left($str, $ipos);
  217. $str = substr($str, $ipos+1);
  218. } else {
  219. $opt = $str;
  220. return;
  221. }
  222. }
  223. if (left($str, 1) === "'") {
  224. $ipos = stripos($str, "'", 1);
  225. if ($ipos > 0) {
  226. $param1 = substr($str, 0, $ipos+1);
  227. $str = substr($str, $ipos+1);
  228. } else {
  229. $param1 = $str;
  230. return;
  231. }
  232. } else {
  233. $ipos = stripos($str, PHP_SPACE);
  234. if ($ipos > 0) {
  235. $param1 = left($str, $ipos);
  236. $str = substr($str, $ipos+1);
  237. } else {
  238. $param1 = $str;
  239. return;
  240. }
  241. }
  242. $ipos = stripos($str, PHP_SPACE);
  243. if ($ipos > 0) {
  244. $param2 = left($str, $ipos);
  245. $str = substr($str, $ipos+1);
  246. } else {
  247. $param2 = $str;
  248. return;
  249. }
  250. $ipos = stripos($str, PHP_SPACE);
  251. if ($ipos > 0) {
  252. $param3 = left($str, $ipos);
  253. $str = substr($str, $ipos+1);
  254. } else {
  255. $param3 = $str;
  256. return;
  257. }
  258. }
  259. function signParamValidation() {
  260. global $opt;
  261. global $param1;
  262. global $param2;
  263. global $param3;
  264. global $date;
  265. global $hour;
  266. global $min;
  267. global $desc;
  268. global $captchacount;
  269. global $captchasign;
  270. global $captchaHistory;
  271. //opt!=""
  272. if ($opt!==PHP_STR) {
  273. echo("WARNING: invalid options<br>");
  274. return false;
  275. }
  276. //param1==""
  277. if ($param1!==PHP_STR) {
  278. echo("WARNING: invalid parameters<br>");
  279. return false;
  280. }
  281. //param2==""
  282. if ($param2!==PHP_STR) {
  283. echo("WARNING: invalid parameters<br>");
  284. return false;
  285. }
  286. //param3==""
  287. if ($param3!==PHP_STR) {
  288. echo("WARNING: invalid parameters<br>");
  289. return false;
  290. }
  291. //date!=""
  292. if ($date===PHP_STR || strlen($date)<4) {
  293. //echo("WARNING: invalid date<br>");
  294. return false;
  295. }
  296. if ($hour===PHP_STR || strlen($hour)>2) {
  297. //echo("WARNING: invalid hour<br>");
  298. return false;
  299. }
  300. if ($min===PHP_STR || strlen($min)>2) {
  301. //echo("WARNING: invalid min<br>");
  302. return false;
  303. }
  304. //place!=""
  305. if ($desc===PHP_STR || strlen($desc)<4) {
  306. //echo("WARNING: invalid desc<br>");
  307. return false;
  308. }
  309. $rescaptcha1=$captchacount>=4;
  310. $rescaptcha2=count(array_filter($captchaHistory, "odd")) > (APP_MAX_FROM_IP - 1);
  311. //if ($rescaptcha1) {
  312. // echo("WARNING: captcha expired #1<br>");
  313. //}
  314. //if ($rescaptcha2) {
  315. // echo("WARNING: captcha expired #2<br>");
  316. //}
  317. ///if ($rescaptcha1 || $rescaptcha2) {
  318. //if ($rescaptcha1) {
  319. // return false;
  320. //}
  321. return true;
  322. }
  323. function odd($val) {
  324. global $captchasign;
  325. return rtrim($val,"\n") == $captchasign;
  326. }
  327. function myExecSignCommand() {
  328. global $date;
  329. global $hour;
  330. global $min;
  331. global $desc;
  332. global $curPath;
  333. global $lastMessage;
  334. global $captchacount;
  335. global $captchasign;
  336. global $captchaHistory;
  337. $newSign = time() . PHP_PIPE . "000001X" . PHP_PIPE . HTMLencodeF($date,false) . PHP_PIPE . HTMLencodeF($hour.":".((strlen($min)==1)?"0".$min:$min)) . PHP_PIPE . HTMLencodeF($desc,false) . "|v";
  338. $newSignChk = HTMLencodeF($date,false) . PHP_PIPE . HTMLencodeF($hour.":".((strlen($min)==1)?"0".$min:$min)) . PHP_PIPE . HTMLencodeF($desc,false) . "|v";
  339. $signHChk = file($curPath . DIRECTORY_SEPARATOR . ".SW_history");
  340. $lastMsgChk = $signHChk[count($signHChk)-1];
  341. $doubleChk = (stripos($lastMsgChk,"|$desc|")===false)?false:true;
  342. if (hash("sha256", $newSignChk . APP_SALT, false) !== $lastMessage && !$doubleChk) {
  343. // Updating message history..
  344. $output = [];
  345. $output[] = $newSign . "\n";
  346. updateHistory($output, HISTORY_MAX_ITEMS);
  347. // Updating captcha history..
  348. $output = [];
  349. $output[] = $captchasign . "\n";
  350. updatecaptchaHistory($output);
  351. $lastMessage = hash("sha256", $newSignChk . APP_SALT, false);
  352. }
  353. }
  354. function confParamValidation() {
  355. global $opt;
  356. global $param1;
  357. global $param2;
  358. global $param3;
  359. global $signHistory;
  360. //opt!=""
  361. if ($opt!==PHP_STR) {
  362. echo("WARNING: invalid options<br>");
  363. return false;
  364. }
  365. $myval = trim($param1,"'");
  366. //param1!=""
  367. if ($myval===PHP_STR) {
  368. echo("WARNING: invalid parameters<br>");
  369. return false;
  370. }
  371. //param1 in $signHistory
  372. if (!in_array($myval."\n",$signHistory)) {
  373. echo("WARNING: invalid parameters<br>");
  374. return false;
  375. }
  376. //param2==""
  377. if ($param2!==PHP_STR) {
  378. echo("WARNING: invalid parameters<br>");
  379. return false;
  380. }
  381. //param3==""
  382. if ($param3!==PHP_STR) {
  383. echo("WARNING: invalid parameters<br>");
  384. return false;
  385. }
  386. return true;
  387. }
  388. function myExecConfSignCommand() {
  389. global $param1;
  390. global $signHistory;
  391. global $curPath;
  392. $mysign = trim($param1,"'");
  393. if ($signHistory) {
  394. //echo("inside myExecConfSignCommand()");
  395. $newval = left($mysign, strlen($mysign)-2) . "|v";
  396. $key = array_search($mysign."\n", $signHistory);
  397. if ($key !== false) {
  398. $signHistory[$key] = $newval . "\n";
  399. // Writing out $signHistory on disk..
  400. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  401. file_put_contents($filepath, implode('', $signHistory));
  402. }
  403. }
  404. }
  405. function delParamValidation() {
  406. global $opt;
  407. global $param1;
  408. global $param2;
  409. global $param3;
  410. global $signHistory;
  411. //opt!=""
  412. if ($opt!==PHP_STR) {
  413. echo("WARNING: invalid options<br>");
  414. return false;
  415. }
  416. $myval = trim($param1,"'");
  417. //param1!=""
  418. if ($myval===PHP_STR) {
  419. echo("WARNING: invalid parameters<br>");
  420. return false;
  421. }
  422. //param1 in $signHistory
  423. if (!in_array($myval."\n",$signHistory)) {
  424. echo("WARNING: invalid parameters<br>");
  425. return false;
  426. }
  427. //param2==""
  428. if ($param2!==PHP_STR) {
  429. echo("WARNING: invalid parameters<br>");
  430. return false;
  431. }
  432. //param3==""
  433. if ($param3!==PHP_STR) {
  434. echo("WARNING: invalid parameters<br>");
  435. return false;
  436. }
  437. return true;
  438. }
  439. function myExecDelSignCommand() {
  440. global $param1;
  441. global $signHistory;
  442. global $curPath;
  443. $mysign = trim($param1,"'");
  444. if ($signHistory) {
  445. //echo("inside myExecDelSignCommand()");
  446. $newval = left($mysign, strlen($mysign)-2) . "|u";
  447. $key = array_search($mysign."\n", $signHistory);
  448. if ($key !== false) {
  449. $signHistory[$key] = $newval . "\n";
  450. // Writing out $signHistory on disk..
  451. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  452. file_put_contents($filepath, implode('', $signHistory));
  453. }
  454. }
  455. }
  456. function myExecSetStarCommand() {
  457. global $param1;
  458. global $signHistory;
  459. global $curPath;
  460. $val = trim($param1,"\n'");
  461. $mytag = PHP_STR;
  462. $myccounter = PHP_STR;
  463. $mydate = PHP_STR;
  464. $mytime = PHP_STR;
  465. $mydesc = PHP_STR;
  466. $myflag = PHP_STR;
  467. $aFields = explode(PHP_PIPE, $val);
  468. $mytag = $aFields[0]??"0000";
  469. $myccounter = $aFields[1]??PHP_STR;
  470. $mydate = $aFields[2]??PHP_STR;
  471. $mytime = $aFields[3]??PHP_STR;
  472. $mydesc = $aFields[4]??PHP_STR;
  473. $myflag = $aFields[5]??PHP_STR;
  474. $mytagnew = time();
  475. $myccounter = (int)left($myccounter,6);
  476. $myccounter = (string)($myccounter+1);
  477. $myccounternew = str_repeat("0", 6-strlen($myccounter)).$myccounter."X";
  478. if ($signHistory) {
  479. //echo("inside myExecConfSignCommand()");
  480. $newval = $mytagnew.PHP_PIPE.$myccounternew.PHP_PIPE.$mydate.PHP_PIPE.$mytime.PHP_PIPE.$mydesc.PHP_PIPE."v";
  481. $key = array_search($val."\n", $signHistory);
  482. if ($key !== false) {
  483. $signHistory[$key] = $newval . "\n";
  484. // Writing out $signHistory on disk..
  485. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  486. file_put_contents($filepath, implode('', $signHistory));
  487. }
  488. }
  489. }
  490. function setParamValidation() {
  491. global $opt;
  492. global $param1;
  493. global $param2;
  494. global $param3;
  495. global $signHistory;
  496. //opt!=""
  497. if ($opt!==PHP_STR) {
  498. echo("WARNING: invalid options<br>");
  499. return false;
  500. }
  501. $myval = trim($param1,"'");
  502. //param1!=""
  503. if ($myval===PHP_STR) {
  504. echo("WARNING: invalid parameters<br>");
  505. return false;
  506. }
  507. //param1 in $signHistory
  508. if (!in_array($myval."\n",$signHistory)) {
  509. echo("WARNING: invalid parameters<br>");
  510. return false;
  511. }
  512. //param2==""
  513. if ($param2!==PHP_STR) {
  514. echo("WARNING: invalid parameters<br>");
  515. return false;
  516. }
  517. //param3==""
  518. if ($param3!==PHP_STR) {
  519. echo("WARNING: invalid parameters<br>");
  520. return false;
  521. }
  522. return true;
  523. }
  524. $curPath = APP_DATA_PATH;
  525. chdir($curPath);
  526. $signHistory = file($curPath . DIRECTORY_SEPARATOR . ".SW_history");
  527. $captchaHistory = file($curPath . DIRECTORY_SEPARATOR . ".SW_captchahistory");
  528. $password = filter_input(INPUT_POST, "Password")??"";
  529. $password = strip_tags($password);
  530. if ($password==PHP_STR) {
  531. $password = filter_input(INPUT_POST, "Password2")??"";
  532. $password = strip_tags($password);
  533. }
  534. $command = filter_input(INPUT_POST, "CommandLine")??"";
  535. $command = strip_tags($command);
  536. //$pwd = filter_input(INPUT_POST, "pwd");
  537. $hideSplash = filter_input(INPUT_POST, "hideSplash")??"";
  538. $hideSplash = strip_tags($hideSplash);
  539. $hideHCSplash = filter_input(INPUT_POST, "hideHCSplash")??"";
  540. $hideHCSplash = strip_tags($hideHCSplash);
  541. $date = filter_input(INPUT_POST, "date")??"";
  542. $date = strip_tags($date);
  543. $hour = filter_input(INPUT_POST, "hour")??"";
  544. $hour = strip_tags($hour);
  545. $min = filter_input(INPUT_POST, "min")??"";
  546. $min = strip_tags($min);
  547. $desc = filter_input(INPUT_POST, "desc")??"";
  548. $desc = strip_tags($desc);
  549. $captchasign = hash("sha256", $_SERVER["REMOTE_ADDR"] . date("Y") . APP_SALT, false);
  550. $lastMessage = filter_input(INPUT_POST, "last_message")??"";
  551. $lastMessage = strip_tags($lastMessage);
  552. $totsigns = count($signHistory);
  553. //print_r($totsigns);
  554. //exit(0);
  555. if ($totsigns > 0) {
  556. $lastMessage = hash("sha256", rtrim($signHistory[$totsigns-1],"\n") . APP_SALT, false);
  557. }
  558. $captchacount = (int)filter_input(INPUT_POST, "captcha_count")??"";
  559. $captchacount = strip_tags($captchacount);
  560. //if ($captchacount === 0) {
  561. // $captchacount = 1;
  562. //}
  563. if ($password !== PHP_STR) {
  564. $hash = hash("sha256", $password . APP_SALT, false);
  565. if ($hash !== APP_HASH) {
  566. $password=PHP_STR;
  567. }
  568. }
  569. parseCommand($command);
  570. //echo("cmd=" . $cmd . "<br>");
  571. //echo("opt=" . $opt . "<br>");
  572. //echo("param1=" . $param1 . "<br>");
  573. //echo("param2=" . $param2 . "<br>");
  574. if ($password !== PHP_STR) {
  575. if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $command . "|")) {
  576. if ($cmd === "sign") {
  577. $captchacount = $captchacount + 1;
  578. if (signParamValidation()) {
  579. myExecSignCommand();
  580. }
  581. } else if ($command === "refresh") {
  582. // refreshing Msg Board..
  583. }
  584. } else if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $cmd . "|")) {
  585. if ($cmd === "del") {
  586. if (delParamValidation()) {
  587. myExecDelSignCommand();
  588. }
  589. } else if ($cmd === "conf") {
  590. if (confParamValidation()) {
  591. myExecConfSignCommand();
  592. }
  593. } else if ($cmd === "set") {
  594. if (setParamValidation()) {
  595. myExecSetStarCommand();
  596. }
  597. }
  598. } else {
  599. }
  600. $contextType = PERSONAL_CONTEXT_TYPE;
  601. } else {
  602. /*
  603. if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $command . "|")) {
  604. if ($cmd === "sign") {
  605. $captchacount = $captchacount + 1;
  606. if (signParamValidation()) {
  607. myExecSignCommand();
  608. }
  609. }
  610. }*/
  611. }
  612. ?>
  613. <!DOCTYPE html>
  614. <head>
  615. <meta charset="UTF-8"/>
  616. <meta name="viewport" content="width=device-width, initial-scale=1"/>
  617. <!--
  618. Copyright 2021, 2024 5 Mode
  619. This file is part of StarWorth.
  620. StarWorth is free software: you can redistribute it and/or modify
  621. it under the terms of the GNU General Public License as published by
  622. the Free Software Foundation, either version 3 of the License, or
  623. (at your option) any later version.
  624. StarWorth is distributed in the hope that it will be useful,
  625. but WITHOUT ANY WARRANTY; without even the implied warranty of
  626. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  627. GNU General Public License for more details.
  628. You should have received a copy of the GNU General Public License
  629. along with StarWorth. If not, see <https://www.gnu.org/licenses/>.
  630. -->
  631. <title><?php echo(APP_TITLE); ?></title>
  632. <link rel="shortcut icon" href="/favicon.ico?v=<?php echo(time()); ?>>" />
  633. <meta name="description" content="<?php echo(APP_DESCRIPTION); ?>"/>
  634. <meta name="keywords" content="<?php echo(APP_KEYWORDS); ?>"/>
  635. <meta name="author" content="5 Mode"/>
  636. <meta name="robots" content="index,follow"/>
  637. <script src="/SW_js/jquery-3.6.0.min.js" type="text/javascript"></script>
  638. <script src="/SW_js/sha.js" type="text/javascript"></script>
  639. <script src="/SW_js/common.js" type="text/javascript"></script>
  640. <script src="/SW_js/bootstrap.min.js" type="text/javascript"></script>
  641. <script src="/SW_js/index.js" type="text/javascript" defer></script>
  642. <link href="/SW_css/bootstrap.min.css" type="text/css" rel="stylesheet">
  643. <link href="/SW_css/style.css?r=<?PHP echo(time());?>" type="text/css" rel="stylesheet">
  644. <style>
  645. @import url('https://fonts.googleapis.com/css2?family=<?php echo(str_ireplace(" ","+",DISPLAY_DATE_FONT));?>');
  646. </style>
  647. </head>
  648. <body>
  649. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "jscheck.html")): ?>
  650. <?php include("jscheck.html"); ?>
  651. <?php endif; ?>
  652. <form id="frmHC" method="POST" action="/" target="_self" enctype="multipart/form-data">
  653. <?php if(APP_USE === "PRIVATE"): ?>
  654. <div class="header">
  655. <a id="burger-menu" href="#" style="display:none;"><img src="/SW_res/burger-menu2.png" style="width:58px;"></a><a id="ahome" href="http://homolog.5mode-foss.eu" target="_blank"><img id="logo-hmm" src="/SW_res/SWlogo.png" style="width:28px;">&nbsp;StarWorth</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="agithub" href="https://github.com/par7133/StarWorth" style="color:#000000"><span style="color:#119fe2">on</span> github</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="afeedback" href="mailto:posta@elettronica.lol" style="color:#000000"><span style="color:#119fe2">for</span> feedback</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="asupport" href="tel:+39-378-0812391" style="font-size:13px;background-color:#15c60b;border:2px solid #15c60b;color:black;height:27px;text-decoration:none;">&nbsp;&nbsp;get support&nbsp;&nbsp;</a><div id="pwd2" style="float:right;position:relative;top:+13px;display:none"><input type="password" id="Password2" name="Password2" placeholder="password" style="font-size:13px; background:#393939; color:#ffffff; width: 125px; border-radius:3px;" value="" autocomplete="off"></div>
  656. </div>
  657. <?php else: ?>
  658. <div class="header2">
  659. <?php echo(APP_CUSTOM_HEADER); ?>
  660. </div>
  661. <?php endif; ?>
  662. <div style="clear:both;margin:auto">&nbsp;</div>
  663. <?php
  664. $callSideBarTOP = 1;
  665. if(APP_USE === "PRIVATE") {
  666. $callSideBarTOP = 65;
  667. }
  668. ?>
  669. <div id="call-sidebar" style="top:<?php echo($callSideBarTOP);?>px;">
  670. &nbsp;
  671. </div>
  672. <div id="sidebar">
  673. <button id="sidebar-close" type="button" class="close" aria-label="Close" onclick="closeSideBar();">
  674. <span aria-hidden="true">&times;</span>
  675. </button>
  676. <br><br>
  677. <img id="genius" src="/SW_res/SWgenius.png" alt="HL Genius" title="HL Genius">
  678. &nbsp;<br><br>
  679. <div style="text-align:left;white-space:nowrap;">
  680. &nbsp;<input id="Password" name="Password" class="sidebarcontrol" type="password" placeholder="password" value="<?php echo($password);?>" autocomplete="off">&nbsp;<input type="submit" class="sidebarcontrol" value="<?php echo(getResource("Go", $curLocale));?>" style="width:24%; height: 25px;background-color:lightgray;color:#000000;"><br>
  681. &nbsp;<input id="Salt" class="sidebarcontrol" type="text" placeholder="salt" autocomplete="off"><br>
  682. <div style="text-align:center;">
  683. <a id="butHashMe" href="#" onclick="showEncodedPassword();"><?php echo(getResource("Hash Me", $curLocale));?>!</a>
  684. <br><br><br>
  685. </div>
  686. </div>
  687. </div>
  688. <div id="content-bar">
  689. <?php if (APP_SPLASH): ?>
  690. <?php if ($hideSplash !== PHP_STR): ?>
  691. <div id="splash">
  692. <button id="butCloseSplash" type="button" class="close" aria-label="Close" onclick="closeSplash();">
  693. <span aria-hidden="true">&times;</span>
  694. </button>
  695. Hello and welcome to StarWorth!<br><br>
  696. StarWorth is a light and simple software on premise to log calendar and events.<br><br>
  697. StarWorth is released under GPLv3 license, it is supplied AS-IS and we do not take any responsibility for its misusage.<br><br>
  698. StarWorth name comes from a prank on "Star War" meaning our intention to make stars/projects "worth".<br><br>
  699. First step, use the left side panel password and salt fields to create the hash to insert in the config file. Remember to manually set there also the salt value.<br><br>
  700. As you are going to run StarWorth in the PHP process context, using a limited web server or phpfpm user, you must follow some simple directives for an optimal first setup:<br>
  701. <ol>
  702. <li>Check the permissions of your "data" folder in your web app private path; and set its path in the config file.</li>
  703. <li>In the data path create a ".SW_history" and ".SW_captchahistory" files and give them the write permission.</li>
  704. <li>Finish to setup the configuration file apporpriately, in the specific:</li>
  705. <ul>
  706. <li>Configure the APP_USE appropriately.</li>
  707. <li>Configure the DISPLAY attributes as required.</li>
  708. <li>Configure the max history items as required (default: 1000).</li>
  709. </ul>
  710. </ol>
  711. <br>
  712. Hope you can enjoy it and let us know about any feedback: <a href="mailto:posta@elettronica.lol" style="color:#e6d236;">posta@elettronica.lol</a>
  713. </div>
  714. <?php endif; ?>
  715. <?php endif; ?>
  716. <div style="width:100%; padding: 0px; text-align:center; font-size:12px; border:0px solid red;">
  717. <?php if (APP_DEFAULT_CONTEXT === "PRIVATE"): ?>
  718. <div id="content-header">
  719. <?php if ($contextType === PUBLIC_CONTEXT_TYPE): ?>
  720. <div id="guest-msg"><h1><?php echo(APP_GUEST_MSG??"&nbsp;"); ?></h1></div>
  721. <?php else: ?>
  722. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  723. <br>
  724. <div style="clear:both;margin:auto;"><br><br></div>
  725. <hr>
  726. <br>
  727. </div>
  728. <div id="insertBar">
  729. <input id="date" name="date" type="text" class="standardfield standardcontrol" placeholder="Date" value="<?php echo(date("Y-m-d"));?>">&nbsp;
  730. <select id="hour" name="hour" class="standardfield standardcontrol">
  731. <?PHP for($i=0;$i<=24;$i++):?>
  732. <option value="<?PHP echo($i);?>" <?PHP echo(($i==date("G"))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  733. <?PHP endfor; ?>
  734. </select>:<select id="min" name="min" class="standardfield standardcontrol">
  735. <?PHP for($i=0;$i<=59;$i++):?>
  736. <option value="<?PHP echo($i);?>" <?PHP echo(($i==ltrim(date("i"),'0'))?"selected":"");?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  737. <?PHP endfor; ?>
  738. </select>&nbsp;
  739. <input id="desc" name="desc" type="text" class="standardfield standardcontrol" placeholder="Description" maxlength="300"><br>
  740. <input id="send" name="send" type="text" value="&nbsp;<?php echo(DISPLAY_SUBMIT_BUTTON);?>&nbsp;" title="<?php echo(DISPLAY_SUBMIT_BUTTON);?>">
  741. </div>
  742. <div style="clear:both;margin:auto;"><br><br><br></div>
  743. <?php showHistory(); ?>
  744. <?php endif; ?>
  745. <?php else: ?>
  746. <div id="content-header">
  747. <?php if ($contextType === PUBLIC_CONTEXT_TYPE): ?>
  748. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  749. <br>
  750. <hr>
  751. <br>
  752. <?php showHistory(); ?>
  753. <?php else: ?>
  754. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  755. <br>
  756. <div style="clear:both;margin:auto;"><br><br></div>
  757. <hr>
  758. <br>
  759. </div>
  760. <div id="insertBar">
  761. <input id="date" name="date" type="text" class="standardfield standardcontrol" placeholder="Date" value="<?php echo(date("Y-m-d"));?>">&nbsp;
  762. <select id="hour" name="hour" class="standardfield standardcontrol" style="background-color:#FFFFFF;">
  763. <?PHP for($i=0;$i<=24;$i++):?>
  764. <option value="<?PHP echo($i);?>" <?PHP echo(($i==date("G"))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  765. <?PHP endfor; ?>
  766. </select>:<select id="min" name="min" class="standardfield standardcontrol">
  767. <?PHP for($i=0;$i<=59;$i++):?>
  768. <option value="<?PHP echo($i);?>" <?PHP echo(($i==ltrim(date("i"),'0'))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  769. <?PHP endfor; ?>
  770. </select> &nbsp;
  771. <input id="desc" name="desc" type="text" class="standardfield standardcontrol" placeholder="Description" maxlength="300">
  772. <input id="send" name="send" type="button" value="&nbsp;<?php echo(DISPLAY_SUBMIT_BUTTON);?>&nbsp;" title="<?php echo(DISPLAY_SUBMIT_BUTTON);?>">
  773. </div>
  774. <div style="clear:both;margin:auto;"><br><br><br></div>
  775. <?php showHistory(); ?>
  776. <?php endif; ?>
  777. <?php endif; ?>
  778. <br><br><br><br><br><br><br>
  779. <?php if(APP_USE === "BUSINESS"): ?>
  780. <div id="footer2">
  781. <a id="ahome" href="http://starworth.5mode-foss.eu" target="_blank"><img id="logo-hl" src="/SW_res/SWlogo.png">Powered by StarWorth</a>
  782. </div>
  783. <?php endif; ?>&nbsp;
  784. </div>
  785. </div>
  786. <input type="hidden" id="CommandLine" name="CommandLine">
  787. <input type="hidden" name="hideSplash" value="<?php echo($hideSplash); ?>">
  788. <input type="hidden" name="hideHCSplash" value="1">
  789. <input type="hidden" name="captcha_count" value="<?php echo($captchacount); ?>">
  790. <input type="hidden" name="last_message" value="<?php echo($lastMessage); ?>">
  791. </form>
  792. <div class="footer">
  793. <div id="footerCont">&nbsp;</div>
  794. <div id="footer"><span style="background:#FFFFFF;opacity:1.0;margin-right:10px;">&nbsp;&nbsp;A <a href="http://5mode.com">5 Mode</a> project <span class="no-sm">and <a href="http://wysiwyg.systems">WYSIWYG</a> system</span>. Some rights reserved.</span></div>
  795. </div>
  796. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "skinner.html")): ?>
  797. <?php include("skinner.html"); ?>
  798. <?php endif; ?>
  799. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "metrics.html")): ?>
  800. <?php include("metrics.html"); ?>
  801. <?php endif; ?>
  802. <script>
  803. /*
  804. <?PHP if ($password !== PHP_STR): ?>
  805. $(".td-data-time")
  806. .css("display", "none")
  807. <?PHP endif; ?>
  808. */
  809. </script>
  810. </body>
  811. </html>