index.php 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061
  1. <?php
  2. /**
  3. * Copyright 2021, 2024 5 Mode
  4. *
  5. * This file is part of StarWorth.
  6. *
  7. * StarWorth is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * StarWorth is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with StarWorth. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * StarWorth home page.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2021, 2024, 5 Mode
  26. */
  27. require "init.inc";
  28. // echo("&nbsp;&nbsp;&nbsp;&nbsp;" . time());
  29. $contextType = PUBLIC_CONTEXT_TYPE;
  30. $signHistory = [];
  31. $cmd = PHP_STR;
  32. $opt = PHP_STR;
  33. $param1 = PHP_STR;
  34. $param2 = PHP_STR;
  35. $param3 = PHP_STR;
  36. $curLocale = APP_LOCALE;
  37. function doAging($param1) {
  38. global $signHistory;
  39. global $curPath;
  40. $mysign= trim($param1,"'");
  41. $ret = $mysign;
  42. if ($signHistory) {
  43. $ipos = stripos($mysign, PHP_PIPE);
  44. $oldTimestamp = (int)left($mysign, $ipos);
  45. if ((time() -$oldTimestamp) > APP_MAX_AGE) {
  46. $newval = str_repeat("0",strlen(time())).PHP_PIPE.substr($mysign,$ipos+1);
  47. //echo("**$newval**");
  48. $ret = $newval;
  49. $key = array_search($mysign."\n", $signHistory);
  50. if ($key !== false) {
  51. $signHistory[$key] = $newval . "\n";
  52. // Writing out $signHistory on disk..
  53. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  54. file_put_contents($filepath, implode('', $signHistory));
  55. }
  56. }
  57. }
  58. return $ret;
  59. }
  60. function showHistory() {
  61. global $signHistory;
  62. global $curPath;
  63. global $CONFIG;
  64. global $curLocale;
  65. global $LOCALE;
  66. global $password;
  67. global $contextType;
  68. $signHistoryCopy = $signHistory;
  69. rsort($signHistoryCopy);
  70. echo("<div id='events'>");
  71. $m = 1;
  72. foreach($signHistoryCopy as $val) {
  73. $val = rtrim($val, "\n");
  74. $val = doAging($val);
  75. $mytag = PHP_STR;
  76. $myccounter = PHP_STR;
  77. $mydate = PHP_STR;
  78. $mytime = PHP_STR;
  79. $mydesc = PHP_STR;
  80. $myflag = PHP_STR;
  81. $aFields = explode(PHP_PIPE, $val);
  82. $mytag = $aFields[0]??"0000";
  83. $myccounter = (int)$aFields[1]??PHP_STR;
  84. $mydate = $aFields[2]??PHP_STR;
  85. $mytime = $aFields[3]??PHP_STR;
  86. $mydesc = $aFields[4]??PHP_STR;
  87. $myflag = $aFields[5]??PHP_STR;
  88. if ($mydate==PHP_STR && $mydesc==PHP_STR) {
  89. continue;
  90. }
  91. $mytag = date("Hi", $mytag); //right($mytag??"0000", 4);
  92. $mytag = left($mytag, 2).":".right($mytag, 2);
  93. $yesStar = ($mytag==="00:00")?false:true;
  94. $myccounter = left($myccounter,6);
  95. $mydesc = enableLinks($mydesc);
  96. // If I'm in admin
  97. if ($contextType === PERSONAL_CONTEXT_TYPE) {
  98. $star= PHP_STR;
  99. if ($yesStar) {
  100. $starFnc= "&nbsp;&nbsp;&nbsp;<a href='#' onclick=\"setStar('" . $val . "')\"><img src='/SW_res/star.png' style='width:26px;'></a>";
  101. } else {
  102. $starFnc = "&nbsp;&nbsp;&nbsp;<a href='#' onclick=\"setStar('" . $val . "')\"><img src='/SW_res/setstar.png' style='width:26px;'></a>";
  103. }
  104. $adminFnc = PHP_STR;
  105. if ($myflag === "u") {
  106. $adminFnc = "<a href='#' onclick=\"confSign('" . $val . "')\"><img src='/SW_res/confirm.png' style='width:26px;'></a>";
  107. } else {
  108. $adminFnc = "<a href='#' onclick=\"delSign('" . $val . "')\"><img src='/SW_res/del.png' style='width:26px;'></a>";
  109. }
  110. // Display event/calendar list
  111. echo("<table class='table-event' align='center'>");
  112. echo("<tr>");
  113. echo("<td class='td-data-date'>");
  114. echo("<span class='data-date' style='font-family:".DISPLAY_DATE_FONT.";'>".$mydate."</span>");
  115. echo("</td>");
  116. echo("<td class='td-data-time'>");
  117. echo("<span class='data-time' style='font-family:".DISPLAY_DATE_FONT.";'>".$mytime."</span>");
  118. echo("</td>");
  119. echo("<td class='td-data-desc'>");
  120. echo("<span class='data-desc'>".$mydesc."</span>");
  121. echo("</td>");
  122. echo("<td class='td-star'>");
  123. echo($starFnc);
  124. echo("</td>");
  125. echo("<td class='td-admin'>");
  126. echo($adminFnc);
  127. echo("</td>");
  128. echo("</tr>");
  129. echo("</table>");
  130. // If I'm not in admin
  131. } else {
  132. if ($myflag !== "u") {
  133. $star= PHP_STR;
  134. if ($yesStar) {
  135. $star= "<img src='/SW_res/star.png' style='width:26px;'>&nbsp;(".$mytag.")";
  136. } else {
  137. $star = "<a href='#' onclick='showSideBar();'><img src='/SW_res/setstar.png' style='width:26px;'></a>";
  138. }
  139. // Display event list
  140. echo("<table class='table-event' align='center'>");
  141. echo("<tr>");
  142. echo("<td class='td-data-star'>");
  143. echo("$star");
  144. echo("</td>");
  145. echo("<td class='td-data-date'>");
  146. echo("<span class='data-date' style='font-family:".DISPLAY_DATE_FONT.";'>".$mydate."</span>");
  147. echo("</td>");
  148. echo("<td class='td-data-time'>");
  149. echo("<span class='data-time' style='font-family:".DISPLAY_DATE_FONT.";'>".$mytime."</span>");
  150. echo("</td>");
  151. echo("<td class='td-data-desc' style='width:76%;'>");
  152. echo("<span class='data-desc'>".$mydesc."&nbsp;(".$myccounter.")</span>");
  153. echo("</td>");
  154. echo("</tr>");
  155. echo("</table>");
  156. }
  157. }
  158. $m++;
  159. }
  160. echo("</div>");
  161. }
  162. function updateHistory(&$update, $maxItems) {
  163. global $signHistory;
  164. global $curPath;
  165. // Making enough space in $signHistory for the update..
  166. $shift = (count($signHistory) + count($update)) - $maxItems;
  167. if ($shift > 0) {
  168. $signHistory = array_slice($signHistory, $shift, $maxItems);
  169. }
  170. // Adding $signHistory update..
  171. if (count($update) > $maxItems) {
  172. $beginUpd = count($update) - ($maxItems-1);
  173. } else {
  174. $beginUpd = 0;
  175. }
  176. $update = array_slice($update, $beginUpd, $maxItems);
  177. foreach($update as $val) {
  178. $signHistory[] = $val;
  179. }
  180. // Writing out $signHistory on disk..
  181. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  182. file_put_contents($filepath, implode('', $signHistory));
  183. }
  184. function updatecaptchaHistory(&$update) {
  185. global $captchaHistory;
  186. global $curPath;
  187. foreach($update as $val) {
  188. $captchaHistory[] = $val;
  189. }
  190. // Writing out $captchaHistory on disk..
  191. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_captchahistory";
  192. file_put_contents($filepath, implode('', $captchaHistory));
  193. }
  194. function parseCommand() {
  195. global $command;
  196. global $cmd;
  197. global $opt;
  198. global $param1;
  199. global $param2;
  200. global $param3;
  201. $str = trim($command);
  202. $ipos = stripos($str, PHP_SPACE);
  203. if ($ipos > 0) {
  204. $cmd = left($str, $ipos);
  205. $str = substr($str, $ipos+1);
  206. } else {
  207. $cmd = $str;
  208. return;
  209. }
  210. if (left($str, 1) === "-") {
  211. $ipos = stripos($str, PHP_SPACE);
  212. if ($ipos > 0) {
  213. $opt = left($str, $ipos);
  214. $str = substr($str, $ipos+1);
  215. } else {
  216. $opt = $str;
  217. return;
  218. }
  219. }
  220. if (left($str, 1) === "'") {
  221. $ipos = stripos($str, "'", 1);
  222. if ($ipos > 0) {
  223. $param1 = substr($str, 0, $ipos+1);
  224. $str = substr($str, $ipos+1);
  225. } else {
  226. $param1 = $str;
  227. return;
  228. }
  229. } else {
  230. $ipos = stripos($str, PHP_SPACE);
  231. if ($ipos > 0) {
  232. $param1 = left($str, $ipos);
  233. $str = substr($str, $ipos+1);
  234. } else {
  235. $param1 = $str;
  236. return;
  237. }
  238. }
  239. $ipos = stripos($str, PHP_SPACE);
  240. if ($ipos > 0) {
  241. $param2 = left($str, $ipos);
  242. $str = substr($str, $ipos+1);
  243. } else {
  244. $param2 = $str;
  245. return;
  246. }
  247. $ipos = stripos($str, PHP_SPACE);
  248. if ($ipos > 0) {
  249. $param3 = left($str, $ipos);
  250. $str = substr($str, $ipos+1);
  251. } else {
  252. $param3 = $str;
  253. return;
  254. }
  255. }
  256. function signParamValidation() {
  257. global $opt;
  258. global $param1;
  259. global $param2;
  260. global $param3;
  261. global $date;
  262. global $hour;
  263. global $min;
  264. global $desc;
  265. global $captchacount;
  266. global $captchasign;
  267. global $captchaHistory;
  268. //opt!=""
  269. if ($opt!==PHP_STR) {
  270. echo("WARNING: invalid options<br>");
  271. return false;
  272. }
  273. //param1==""
  274. if ($param1!==PHP_STR) {
  275. echo("WARNING: invalid parameters<br>");
  276. return false;
  277. }
  278. //param2==""
  279. if ($param2!==PHP_STR) {
  280. echo("WARNING: invalid parameters<br>");
  281. return false;
  282. }
  283. //param3==""
  284. if ($param3!==PHP_STR) {
  285. echo("WARNING: invalid parameters<br>");
  286. return false;
  287. }
  288. //date!=""
  289. if ($date===PHP_STR || strlen($date)<4) {
  290. //echo("WARNING: invalid date<br>");
  291. return false;
  292. }
  293. if ($hour===PHP_STR || strlen($hour)>2) {
  294. //echo("WARNING: invalid hour<br>");
  295. return false;
  296. }
  297. if ($min===PHP_STR || strlen($min)>2) {
  298. //echo("WARNING: invalid min<br>");
  299. return false;
  300. }
  301. //place!=""
  302. if ($desc===PHP_STR || strlen($desc)<4) {
  303. //echo("WARNING: invalid desc<br>");
  304. return false;
  305. }
  306. $rescaptcha1=$captchacount>=4;
  307. $rescaptcha2=count(array_filter($captchaHistory, "odd")) > (APP_MAX_FROM_IP - 1);
  308. //if ($rescaptcha1) {
  309. // echo("WARNING: captcha expired #1<br>");
  310. //}
  311. //if ($rescaptcha2) {
  312. // echo("WARNING: captcha expired #2<br>");
  313. //}
  314. ///if ($rescaptcha1 || $rescaptcha2) {
  315. //if ($rescaptcha1) {
  316. // return false;
  317. //}
  318. return true;
  319. }
  320. function odd($val) {
  321. global $captchasign;
  322. return rtrim($val,"\n") == $captchasign;
  323. }
  324. function myExecSignCommand() {
  325. global $date;
  326. global $hour;
  327. global $min;
  328. global $desc;
  329. global $curPath;
  330. global $lastMessage;
  331. global $captchacount;
  332. global $captchasign;
  333. global $captchaHistory;
  334. $newSign = time() . PHP_PIPE . "000001X" . PHP_PIPE . HTMLencodeF($date,false) . PHP_PIPE . HTMLencodeF($hour.":".((strlen($min)==1)?"0".$min:$min)) . PHP_PIPE . HTMLencodeF($desc,false) . "|v";
  335. $newSignChk = HTMLencodeF($date,false) . PHP_PIPE . HTMLencodeF($hour.":".((strlen($min)==1)?"0".$min:$min)) . PHP_PIPE . HTMLencodeF($desc,false) . "|v";
  336. $signHChk = file($curPath . DIRECTORY_SEPARATOR . ".SW_history");
  337. $lastMsgChk = $signHChk[count($signHChk)-1];
  338. $doubleChk = (stripos($lastMsgChk,"|$desc|")===false)?false:true;
  339. if (hash("sha256", $newSignChk . APP_SALT, false) !== $lastMessage && !$doubleChk) {
  340. // Updating message history..
  341. $output = [];
  342. $output[] = $newSign . "\n";
  343. updateHistory($output, HISTORY_MAX_ITEMS);
  344. // Updating captcha history..
  345. $output = [];
  346. $output[] = $captchasign . "\n";
  347. updatecaptchaHistory($output);
  348. $lastMessage = hash("sha256", $newSignChk . APP_SALT, false);
  349. }
  350. }
  351. function confParamValidation() {
  352. global $opt;
  353. global $param1;
  354. global $param2;
  355. global $param3;
  356. global $signHistory;
  357. //opt!=""
  358. if ($opt!==PHP_STR) {
  359. echo("WARNING: invalid options<br>");
  360. return false;
  361. }
  362. $myval = trim($param1,"'");
  363. //param1!=""
  364. if ($myval===PHP_STR) {
  365. echo("WARNING: invalid parameters<br>");
  366. return false;
  367. }
  368. //param1 in $signHistory
  369. if (!in_array($myval."\n",$signHistory)) {
  370. echo("WARNING: invalid parameters<br>");
  371. return false;
  372. }
  373. //param2==""
  374. if ($param2!==PHP_STR) {
  375. echo("WARNING: invalid parameters<br>");
  376. return false;
  377. }
  378. //param3==""
  379. if ($param3!==PHP_STR) {
  380. echo("WARNING: invalid parameters<br>");
  381. return false;
  382. }
  383. return true;
  384. }
  385. function myExecConfSignCommand() {
  386. global $param1;
  387. global $signHistory;
  388. global $curPath;
  389. $mysign = trim($param1,"'");
  390. if ($signHistory) {
  391. //echo("inside myExecConfSignCommand()");
  392. $newval = left($mysign, strlen($mysign)-2) . "|v";
  393. $key = array_search($mysign."\n", $signHistory);
  394. if ($key !== false) {
  395. $signHistory[$key] = $newval . "\n";
  396. // Writing out $signHistory on disk..
  397. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  398. file_put_contents($filepath, implode('', $signHistory));
  399. }
  400. }
  401. }
  402. function delParamValidation() {
  403. global $opt;
  404. global $param1;
  405. global $param2;
  406. global $param3;
  407. global $signHistory;
  408. //opt!=""
  409. if ($opt!==PHP_STR) {
  410. echo("WARNING: invalid options<br>");
  411. return false;
  412. }
  413. $myval = trim($param1,"'");
  414. //param1!=""
  415. if ($myval===PHP_STR) {
  416. echo("WARNING: invalid parameters<br>");
  417. return false;
  418. }
  419. //param1 in $signHistory
  420. if (!in_array($myval."\n",$signHistory)) {
  421. echo("WARNING: invalid parameters<br>");
  422. return false;
  423. }
  424. //param2==""
  425. if ($param2!==PHP_STR) {
  426. echo("WARNING: invalid parameters<br>");
  427. return false;
  428. }
  429. //param3==""
  430. if ($param3!==PHP_STR) {
  431. echo("WARNING: invalid parameters<br>");
  432. return false;
  433. }
  434. return true;
  435. }
  436. function myExecDelSignCommand() {
  437. global $param1;
  438. global $signHistory;
  439. global $curPath;
  440. $mysign = trim($param1,"'");
  441. if ($signHistory) {
  442. //echo("inside myExecDelSignCommand()");
  443. $newval = left($mysign, strlen($mysign)-2) . "|u";
  444. $key = array_search($mysign."\n", $signHistory);
  445. if ($key !== false) {
  446. $signHistory[$key] = $newval . "\n";
  447. // Writing out $signHistory on disk..
  448. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  449. file_put_contents($filepath, implode('', $signHistory));
  450. }
  451. }
  452. }
  453. function myExecSetStarCommand() {
  454. global $param1;
  455. global $signHistory;
  456. global $curPath;
  457. $val = trim($param1,"\n'");
  458. $mytag = PHP_STR;
  459. $myccounter = PHP_STR;
  460. $mydate = PHP_STR;
  461. $mytime = PHP_STR;
  462. $mydesc = PHP_STR;
  463. $myflag = PHP_STR;
  464. $aFields = explode(PHP_PIPE, $val);
  465. $mytag = $aFields[0]??"0000";
  466. $myccounter = $aFields[1]??PHP_STR;
  467. $mydate = $aFields[2]??PHP_STR;
  468. $mytime = $aFields[3]??PHP_STR;
  469. $mydesc = $aFields[4]??PHP_STR;
  470. $myflag = $aFields[5]??PHP_STR;
  471. $mytagnew = time();
  472. $myccounter = (int)left($myccounter,6);
  473. $myccounter = (string)($myccounter+1);
  474. $myccounternew = str_repeat("0", 6-strlen($myccounter)).$myccounter."X";
  475. if ($signHistory) {
  476. //echo("inside myExecConfSignCommand()");
  477. $newval = $mytagnew.PHP_PIPE.$myccounternew.PHP_PIPE.$mydate.PHP_PIPE.$mytime.PHP_PIPE.$mydesc.PHP_PIPE."v";
  478. $key = array_search($val."\n", $signHistory);
  479. if ($key !== false) {
  480. $signHistory[$key] = $newval . "\n";
  481. // Writing out $signHistory on disk..
  482. $filepath = $curPath . DIRECTORY_SEPARATOR . ".SW_history";
  483. file_put_contents($filepath, implode('', $signHistory));
  484. }
  485. }
  486. }
  487. function setParamValidation() {
  488. global $opt;
  489. global $param1;
  490. global $param2;
  491. global $param3;
  492. global $signHistory;
  493. //opt!=""
  494. if ($opt!==PHP_STR) {
  495. echo("WARNING: invalid options<br>");
  496. return false;
  497. }
  498. $myval = trim($param1,"'");
  499. //param1!=""
  500. if ($myval===PHP_STR) {
  501. echo("WARNING: invalid parameters<br>");
  502. return false;
  503. }
  504. //param1 in $signHistory
  505. if (!in_array($myval."\n",$signHistory)) {
  506. echo("WARNING: invalid parameters<br>");
  507. return false;
  508. }
  509. //param2==""
  510. if ($param2!==PHP_STR) {
  511. echo("WARNING: invalid parameters<br>");
  512. return false;
  513. }
  514. //param3==""
  515. if ($param3!==PHP_STR) {
  516. echo("WARNING: invalid parameters<br>");
  517. return false;
  518. }
  519. return true;
  520. }
  521. $curPath = APP_DATA_PATH;
  522. chdir($curPath);
  523. $signHistory = file($curPath . DIRECTORY_SEPARATOR . ".SW_history");
  524. $captchaHistory = file($curPath . DIRECTORY_SEPARATOR . ".SW_captchahistory");
  525. $password = filter_input(INPUT_POST, "Password")??"";
  526. $password = strip_tags($password);
  527. if ($password==PHP_STR) {
  528. $password = filter_input(INPUT_POST, "Password2")??"";
  529. $password = strip_tags($password);
  530. }
  531. $command = filter_input(INPUT_POST, "CommandLine")??"";
  532. $command = strip_tags($command);
  533. //$pwd = filter_input(INPUT_POST, "pwd");
  534. $hideSplash = filter_input(INPUT_POST, "hideSplash")??"";
  535. $hideSplash = strip_tags($hideSplash);
  536. $hideHCSplash = filter_input(INPUT_POST, "hideHCSplash")??"";
  537. $hideHCSplash = strip_tags($hideHCSplash);
  538. $date = filter_input(INPUT_POST, "date")??"";
  539. $date = strip_tags($date);
  540. $hour = filter_input(INPUT_POST, "hour")??"";
  541. $hour = strip_tags($hour);
  542. $min = filter_input(INPUT_POST, "min")??"";
  543. $min = strip_tags($min);
  544. $desc = filter_input(INPUT_POST, "desc")??"";
  545. $desc = strip_tags($desc);
  546. $captchasign = hash("sha256", $_SERVER["REMOTE_ADDR"] . date("Y") . APP_SALT, false);
  547. $lastMessage = filter_input(INPUT_POST, "last_message")??"";
  548. $lastMessage = strip_tags($lastMessage);
  549. $totsigns = count($signHistory);
  550. //print_r($totsigns);
  551. //exit(0);
  552. if ($totsigns > 0) {
  553. $lastMessage = hash("sha256", rtrim($signHistory[$totsigns-1],"\n") . APP_SALT, false);
  554. }
  555. $captchacount = (int)filter_input(INPUT_POST, "captcha_count")??"";
  556. $captchacount = strip_tags($captchacount);
  557. //if ($captchacount === 0) {
  558. // $captchacount = 1;
  559. //}
  560. if ($password !== PHP_STR) {
  561. $hash = hash("sha256", $password . APP_SALT, false);
  562. if ($hash !== APP_HASH) {
  563. $password=PHP_STR;
  564. }
  565. }
  566. parseCommand($command);
  567. //echo("cmd=" . $cmd . "<br>");
  568. //echo("opt=" . $opt . "<br>");
  569. //echo("param1=" . $param1 . "<br>");
  570. //echo("param2=" . $param2 . "<br>");
  571. if ($password !== PHP_STR) {
  572. if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $command . "|")) {
  573. if ($cmd === "sign") {
  574. $captchacount = $captchacount + 1;
  575. if (signParamValidation()) {
  576. myExecSignCommand();
  577. }
  578. } else if ($command === "refresh") {
  579. // refreshing Msg Board..
  580. }
  581. } else if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $cmd . "|")) {
  582. if ($cmd === "del") {
  583. if (delParamValidation()) {
  584. myExecDelSignCommand();
  585. }
  586. } else if ($cmd === "conf") {
  587. if (confParamValidation()) {
  588. myExecConfSignCommand();
  589. }
  590. } else if ($cmd === "set") {
  591. if (setParamValidation()) {
  592. myExecSetStarCommand();
  593. }
  594. }
  595. } else {
  596. }
  597. $contextType = PERSONAL_CONTEXT_TYPE;
  598. } else {
  599. /*
  600. if (mb_stripos(CMDLINE_VALIDCMDS, "|" . $command . "|")) {
  601. if ($cmd === "sign") {
  602. $captchacount = $captchacount + 1;
  603. if (signParamValidation()) {
  604. myExecSignCommand();
  605. }
  606. }
  607. }*/
  608. }
  609. ?>
  610. <!DOCTYPE html>
  611. <head>
  612. <meta charset="UTF-8"/>
  613. <meta name="viewport" content="width=device-width, initial-scale=1"/>
  614. <!--
  615. Copyright 2021, 2024 5 Mode
  616. This file is part of StarWorth.
  617. StarWorth is free software: you can redistribute it and/or modify
  618. it under the terms of the GNU General Public License as published by
  619. the Free Software Foundation, either version 3 of the License, or
  620. (at your option) any later version.
  621. StarWorth is distributed in the hope that it will be useful,
  622. but WITHOUT ANY WARRANTY; without even the implied warranty of
  623. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  624. GNU General Public License for more details.
  625. You should have received a copy of the GNU General Public License
  626. along with StarWorth. If not, see <https://www.gnu.org/licenses/>.
  627. -->
  628. <title><?php echo(APP_TITLE); ?></title>
  629. <link rel="shortcut icon" href="/favicon.ico?v=<?php echo(time()); ?>>" />
  630. <meta name="description" content="<?php echo(APP_DESCRIPTION); ?>"/>
  631. <meta name="keywords" content="<?php echo(APP_KEYWORDS); ?>"/>
  632. <meta name="author" content="5 Mode"/>
  633. <meta name="robots" content="index,follow"/>
  634. <script src="/SW_js/jquery-3.6.0.min.js" type="text/javascript"></script>
  635. <script src="/SW_js/sha.js" type="text/javascript"></script>
  636. <script src="/SW_js/common.js" type="text/javascript"></script>
  637. <script src="/SW_js/bootstrap.min.js" type="text/javascript"></script>
  638. <script src="/SW_js/index.js" type="text/javascript" defer></script>
  639. <link href="/SW_css/bootstrap.min.css" type="text/css" rel="stylesheet">
  640. <link href="/SW_css/style.css?r=<?PHP echo(time());?>" type="text/css" rel="stylesheet">
  641. <style>
  642. @import url('https://fonts.googleapis.com/css2?family=<?php echo(str_ireplace(" ","+",DISPLAY_DATE_FONT));?>');
  643. </style>
  644. </head>
  645. <body>
  646. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "jscheck.html")): ?>
  647. <?php include("jscheck.html"); ?>
  648. <?php endif; ?>
  649. <form id="frmHC" method="POST" action="/" target="_self" enctype="multipart/form-data">
  650. <?php if(APP_USE === "PRIVATE"): ?>
  651. <div class="header">
  652. <a id="burger-menu" href="#" style="display:none;"><img src="/SW_res/burger-menu2.png" style="width:58px;"></a><a id="ahome" href="http://homolog.5mode-foss.eu" target="_blank"><img id="logo-hmm" src="/SW_res/SWlogo.png" style="width:28px;">&nbsp;StarWorth</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="agithub" href="https://github.com/par7133/StarWorth" style="color:#000000"><span style="color:#119fe2">on</span> github</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="afeedback" href="mailto:posta@elettronica.lol" style="color:#000000"><span style="color:#119fe2">for</span> feedback</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a id="asupport" href="tel:+39-378-0812391" style="font-size:13px;background-color:#15c60b;border:2px solid #15c60b;color:black;height:27px;text-decoration:none;">&nbsp;&nbsp;get support&nbsp;&nbsp;</a><div id="pwd2" style="float:right;position:relative;top:+13px;display:none"><input type="password" id="Password2" name="Password2" placeholder="password" style="font-size:13px; background:#393939; color:#ffffff; width: 125px; border-radius:3px;" value="" autocomplete="off"></div>
  653. </div>
  654. <?php else: ?>
  655. <div class="header2">
  656. <?php echo(APP_CUSTOM_HEADER); ?>
  657. </div>
  658. <?php endif; ?>
  659. <div style="clear:both;margin:auto">&nbsp;</div>
  660. <?php
  661. $callSideBarTOP = 1;
  662. if(APP_USE === "PRIVATE") {
  663. $callSideBarTOP = 65;
  664. }
  665. ?>
  666. <div id="call-sidebar" style="top:<?php echo($callSideBarTOP);?>px;">
  667. &nbsp;
  668. </div>
  669. <div id="sidebar">
  670. <button id="sidebar-close" type="button" class="close" aria-label="Close" onclick="closeSideBar();">
  671. <span aria-hidden="true">&times;</span>
  672. </button>
  673. <br><br>
  674. <img id="genius" src="/SW_res/SWgenius.png" alt="HL Genius" title="HL Genius">
  675. &nbsp;<br><br>
  676. <div style="text-align:left;white-space:nowrap;">
  677. &nbsp;<input id="Password" name="Password" class="sidebarcontrol" type="password" placeholder="password" value="<?php echo($password);?>" autocomplete="off">&nbsp;<input type="submit" class="sidebarcontrol" value="<?php echo(getResource("Go", $curLocale));?>" style="width:24%; height: 25px;background-color:lightgray;color:#000000;"><br>
  678. &nbsp;<input id="Salt" class="sidebarcontrol" type="text" placeholder="salt" autocomplete="off"><br>
  679. <div style="text-align:center;">
  680. <a id="butHashMe" href="#" onclick="showEncodedPassword();"><?php echo(getResource("Hash Me", $curLocale));?>!</a>
  681. <br><br><br>
  682. </div>
  683. </div>
  684. </div>
  685. <div id="content-bar">
  686. <?php if (APP_SPLASH): ?>
  687. <?php if ($hideSplash !== PHP_STR): ?>
  688. <div id="splash">
  689. <button id="butCloseSplash" type="button" class="close" aria-label="Close" onclick="closeSplash();">
  690. <span aria-hidden="true">&times;</span>
  691. </button>
  692. Hello and welcome to StarWorth!<br><br>
  693. StarWorth is a light and simple software on premise to log calendar and events.<br><br>
  694. StarWorth is released under GPLv3 license, it is supplied AS-IS and we do not take any responsibility for its misusage.<br><br>
  695. StarWorth name comes from a prank on "Star War" meaning our intention to make stars/projects "worth".<br><br>
  696. First step, use the left side panel password and salt fields to create the hash to insert in the config file. Remember to manually set there also the salt value.<br><br>
  697. As you are going to run StarWorth in the PHP process context, using a limited web server or phpfpm user, you must follow some simple directives for an optimal first setup:<br>
  698. <ol>
  699. <li>Check the permissions of your "data" folder in your web app private path; and set its path in the config file.</li>
  700. <li>In the data path create a ".SW_history" and ".SW_captchahistory" files and give them the write permission.</li>
  701. <li>Finish to setup the configuration file apporpriately, in the specific:</li>
  702. <ul>
  703. <li>Configure the APP_USE appropriately.</li>
  704. <li>Configure the DISPLAY attributes as required.</li>
  705. <li>Configure the max history items as required (default: 1000).</li>
  706. </ul>
  707. </ol>
  708. <br>
  709. Hope you can enjoy it and let us know about any feedback: <a href="mailto:posta@elettronica.lol" style="color:#e6d236;">posta@elettronica.lol</a>
  710. </div>
  711. <?php endif; ?>
  712. <?php endif; ?>
  713. <div style="width:100%; padding: 0px; text-align:center; font-size:12px; border:0px solid red;">
  714. <?php if (APP_DEFAULT_CONTEXT === "PRIVATE"): ?>
  715. <div id="content-header">
  716. <?php if ($contextType === PUBLIC_CONTEXT_TYPE): ?>
  717. <div id="guest-msg"><h1><?php echo(APP_GUEST_MSG??"&nbsp;"); ?></h1></div>
  718. <?php else: ?>
  719. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  720. <br>
  721. <div style="clear:both;margin:auto;"><br><br></div>
  722. <hr>
  723. <br>
  724. </div>
  725. <div id="insertBar">
  726. <input id="date" name="date" type="text" class="standardfield standardcontrol" placeholder="Date" value="<?php echo(date("Y-m-d"));?>">&nbsp;
  727. <select id="hour" name="hour" class="standardfield standardcontrol">
  728. <?PHP for($i=0;$i<=24;$i++):?>
  729. <option value="<?PHP echo($i);?>" <?PHP echo(($i==date("G"))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  730. <?PHP endfor; ?>
  731. </select>:<select id="min" name="min" class="standardfield standardcontrol">
  732. <?PHP for($i=0;$i<=59;$i++):?>
  733. <option value="<?PHP echo($i);?>" <?PHP echo(($i==ltrim(date("i"),'0'))?"selected":"");?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  734. <?PHP endfor; ?>
  735. </select>&nbsp;
  736. <input id="desc" name="desc" type="text" class="standardfield standardcontrol" placeholder="Description" maxlength="300"><br>
  737. <input id="send" name="send" type="text" value="&nbsp;<?php echo(DISPLAY_SUBMIT_BUTTON);?>&nbsp;" title="<?php echo(DISPLAY_SUBMIT_BUTTON);?>">
  738. </div>
  739. <div style="clear:both;margin:auto;"><br><br><br></div>
  740. <?php showHistory(); ?>
  741. <?php endif; ?>
  742. <?php else: ?>
  743. <div id="content-header">
  744. <?php if ($contextType === PUBLIC_CONTEXT_TYPE): ?>
  745. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  746. <br>
  747. <hr>
  748. <br>
  749. <?php showHistory(); ?>
  750. <?php else: ?>
  751. <div id="welcome-msg"><h1><?php echo(APP_WELCOME_MSG??"&nbsp;"); ?></h1></div>
  752. <br>
  753. <div style="clear:both;margin:auto;"><br><br></div>
  754. <hr>
  755. <br>
  756. </div>
  757. <div id="insertBar">
  758. <input id="date" name="date" type="text" class="standardfield standardcontrol" placeholder="Date" value="<?php echo(date("Y-m-d"));?>">&nbsp;
  759. <select id="hour" name="hour" class="standardfield standardcontrol" style="background-color:#FFFFFF;">
  760. <?PHP for($i=0;$i<=24;$i++):?>
  761. <option value="<?PHP echo($i);?>" <?PHP echo(($i==date("G"))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  762. <?PHP endfor; ?>
  763. </select>:<select id="min" name="min" class="standardfield standardcontrol">
  764. <?PHP for($i=0;$i<=59;$i++):?>
  765. <option value="<?PHP echo($i);?>" <?PHP echo(($i==ltrim(date("i"),'0'))?"selected":"")?>><?PHP echo((strlen($i)===1)?"0".$i:$i);?></option>
  766. <?PHP endfor; ?>
  767. </select> &nbsp;
  768. <input id="desc" name="desc" type="text" class="standardfield standardcontrol" placeholder="Description" maxlength="300">
  769. <input id="send" name="send" type="button" value="&nbsp;<?php echo(DISPLAY_SUBMIT_BUTTON);?>&nbsp;" title="<?php echo(DISPLAY_SUBMIT_BUTTON);?>">
  770. </div>
  771. <div style="clear:both;margin:auto;"><br><br><br></div>
  772. <?php showHistory(); ?>
  773. <?php endif; ?>
  774. <?php endif; ?>
  775. <br><br><br><br><br><br><br>
  776. <?php if(APP_USE === "BUSINESS"): ?>
  777. <div id="footer2">
  778. <a id="ahome" href="http://starworth.5mode-foss.eu" target="_blank"><img id="logo-hl" src="/SW_res/SWlogo.png">Powered by StarWorth</a>
  779. </div>
  780. <?php endif; ?>&nbsp;
  781. </div>
  782. </div>
  783. <input type="hidden" id="CommandLine" name="CommandLine">
  784. <input type="hidden" name="hideSplash" value="<?php echo($hideSplash); ?>">
  785. <input type="hidden" name="hideHCSplash" value="1">
  786. <input type="hidden" name="captcha_count" value="<?php echo($captchacount); ?>">
  787. <input type="hidden" name="last_message" value="<?php echo($lastMessage); ?>">
  788. </form>
  789. <div class="footer">
  790. <div id="footerCont">&nbsp;</div>
  791. <div id="footer"><span style="background:#FFFFFF;opacity:1.0;margin-right:10px;">&nbsp;&nbsp;A <a href="http://5mode.com">5 Mode</a> project <span class="no-sm">and <a href="http://wysiwyg.systems">WYSIWYG</a> system</span>. Some rights reserved.</span></div>
  792. </div>
  793. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "skinner.html")): ?>
  794. <?php include("skinner.html"); ?>
  795. <?php endif; ?>
  796. <?php if (file_exists(APP_PATH . DIRECTORY_SEPARATOR . "metrics.html")): ?>
  797. <?php include("metrics.html"); ?>
  798. <?php endif; ?>
  799. <script>
  800. /*
  801. <?PHP if ($password !== PHP_STR): ?>
  802. $(".td-data-time")
  803. .css("display", "none")
  804. <?PHP endif; ?>
  805. */
  806. </script>
  807. </body>
  808. </html>