diff --git a/sys0-code/api/queue.php b/sys0-code/api/queue.php new file mode 100644 index 0000000..a959a2f --- /dev/null +++ b/sys0-code/api/queue.php @@ -0,0 +1,66 @@ +$last_id and free=1 order by id"; + else + $sql="Select id,apikey,printer_url from printer where id=$print_on and free=1"; + //echo $sql; + $stmt = mysqli_prepare($link, $sql)mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $id,$papikey,$purl); + mysqli_stmt_fetch($stmt); + if($id!=0) + { + exec('curl -k -H "X-Api-Key: '.$papikey.'" -F "select=true" -F "print=true" -F "file=@'.$qfilepath.'" "'.$purl.'/api/files/local" > /var/www/html/user_files/'.$username.'/json.json'); + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + if($json['effectivePrint']==true and $json["effectiveSelect"]==true) + { + $sql="update printer set free=0, printing=1,mail_sent=0, used_by_userid=$quserid where id=$id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + + $sql="delete from queue where id=$qid"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + } + else + { + } + } + } + } + +?> + diff --git a/sys0-code/api/sendmail.php b/sys0-code/api/sendmail.php new file mode 100644 index 0000000..1d8094b --- /dev/null +++ b/sys0-code/api/sendmail.php @@ -0,0 +1,102 @@ +$last_id and printing=1 ORDER BY id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $is_free,$printer_id,$url,$apikey,$cancel,$used_by_userid,$mail_sent); + mysqli_stmt_fetch($stmt); + $last_id=$printer_id; + + //printer is printing + exec("curl --max-time 10 $url/api/job?apikey=$apikey > /var/www/html/user_files/$username/json.json"); + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + + + $used_by_user=""; + $telegram_id=""; + $notification_telegram=0; + $notification_mail=0; + $sql="select username,telegram_id,notification_telegram,notification_mail from users where id=$used_by_userid"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $used_by_user,$telegram_id,$notification_telegram,$notification_mail); + mysqli_stmt_fetch($stmt); + $username3=explode("@",$used_by_user); + $username2=$username3[0]; + $progress=(int) $json['progress']['completion']; + if($progress<0) + $progress=-$progress; + $file=$json['job']['file']['name']; + if($progress==100){ + //print finished + //check if mail has not been sent: + + if($mail_sent==0 && $notification_telegram==1){ + //send telegram message + echo("sending telegram for printer $printer_id
"); + $text = urlencode("Hi $username2\nDein Druck auf Drucker $printer_id ist fertig\nDatei, welche du gedruckt hast: $file\n"); + exec("curl \"https://api.telegram.org/$api/sendMessage?chat_id=$telegram_id&text=$text\""); + $sql="update printer set mail_sent=1 where id=$printer_id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + + } + + if($mail_sent==0 && $notification_mail==1) + { + + echo("sending mail for printer $printer_id
"); + $mail=<<Dein 3D-Druck auf Drucker $printer_id ist fertig.
Bitte hole diesen ab und vergiss nicht den Drucker danach freizugeben!
Deine Aufträge: https://app.ksw3d.ch/system0/html/php/login/v3/php/overview.php?private
Datei, welche du gedruckt hast: $file

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' +EOF; + $out=""; + exec($mail,$out); + $sql="update printer set mail_sent=1 where id=$printer_id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + } + } + else if($cancel==1){ + //print cancelled + } + //else: print still running + $cnt--; + } + + +?> diff --git a/sys0-code/api/update_settings.php b/sys0-code/api/update_settings.php new file mode 100644 index 0000000..9b57547 --- /dev/null +++ b/sys0-code/api/update_settings.php @@ -0,0 +1,41 @@ + diff --git a/sys0-code/app/bugreport.php b/sys0-code/app/bugreport.php new file mode 100644 index 0000000..82d03a8 --- /dev/null +++ b/sys0-code/app/bugreport.php @@ -0,0 +1,74 @@ + + + + + + + +load_user()"; +?> + + ");?> +
+ + + Bug report + + +
+
+
+

Fehler melden

+
+
+ + +
+
+ + "> +
+ +
+ Vielen Dank, deine Fehlermeldung ist bei uns angekommen und wir kümmern uns darum.
'; + } + ?> +
+
+ + + + + diff --git a/sys0-code/app/cloud.php b/sys0-code/app/cloud.php new file mode 100644 index 0000000..38f9317 --- /dev/null +++ b/sys0-code/app/cloud.php @@ -0,0 +1,199 @@ + + + + + + + +load_user()"; + + +?> + +',':',';','?','*','"','|','%']; + $filetype = strtolower(pathinfo($_FILES['file']['name'],PATHINFO_EXTENSION)); + $path = "/var/www/html/user_files/$username/"; + $filename=basename( $_FILES['file']['name']); + $filename=str_replace($unwanted_chr,"_",$filename); + $path = $path . $filename; + if(!in_array($filetype,$ok_ft)) + { + $file_upload_err="Dieser Dateityp wird nicht unterstüzt."; + } + else + { + if(move_uploaded_file($_FILES['file']['tmp_name'], $path)) { + $file_upload_err="ok"; + } + else + { + $file_upload_err="Ein Fehler beim Uploaden der Datei ist aufgetreten! Versuche es erneut!"; + } + } + unset($_FILES['file']); + } +?> +
+ + + Eigene Dateien + + + +
+
+ + "); + else if($file_upload_err!="nan") + echo("
"); + ?> +

Eigene Dateien

+
+ +
+ + +
+
+ + + + + + + + + + + + + '; + echo ''; + echo ''; + echo ''; + echo "'; + echo "'; + echo ""; + echo ''; + } + }else{ + echo ''; + echo ''; + echo ''; + echo ''; + echo "'; + echo "'; + echo ""; + echo ''; + } + } + } else { + echo ''; + } + ?> + +
PreviewFile NamePrint FileDelete FileDownload FileMake Public
' . basename($file) . 'Drucken" . "Löschen" . '" . "Herunterladen" . 'Öffentlich verfügbar machen
' . basename($file) . 'Drucken" . "Löschen" . '" . "Herunterladen" . 'Öffentlich verfügbar machen
Directory not found
+
+
+
+
+ + + + + diff --git a/sys0-code/app/create_admin.php b/sys0-code/app/create_admin.php new file mode 100644 index 0000000..c9d675b --- /dev/null +++ b/sys0-code/app/create_admin.php @@ -0,0 +1,232 @@ + + + +Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Validate password + if(empty(trim($_POST["password"]))){ + $err = "Please enter a password."; + } elseif(strlen(trim($_POST["password"])) < 6){ + $err = "Password must have atleast 6 characters."; + } else if(strlen(trim($_POST["new_password"])) > 96) + { + $login_err = "Password cannot have more than 96 characters."; + }else{ + $password = trim($_POST["password"]); + } + + // Validate confirm password + if(empty(trim($_POST["confirm_password"]))){ + $err = "Please confirm password."; + } else{ + $confirm_password = trim($_POST["confirm_password"]); + if(empty($err) && ($password != $confirm_password)){ + $err = "Password did not match."; + } + } + + // Check input errors before inserting in database + if(empty($err)){ + + // Prepare an insert statement + $sql = "INSERT INTO users (username, password, role,notification_telegram,notification_mail) VALUES (?, ?, ?,?,?)"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + $tel=0; + $mail=1; + mysqli_stmt_bind_param($stmt, "sssii", $param_username, $param_password, $role,$tel,$mail); + + // Set parameters + $tel=0; + $mail=1; + $param_username = $username; + $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash + $role=get_perm_string(); + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Redirect to login page + mkdir("/var/www/html/user_files/$username"); + header("LOCATION: /app/overview.php"); + } else{ + echo "Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Close connection + mysqli_close($link); +} +?> + + + + + + Sign Up + + "); + echo("
");?> + +
+
+
+
+
+

Account erstellen

+
+
+ + +
+
+ + +
+
+ + +
+
+
Berechtigungen
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
BerechtigungBerechtigung erteilen
Datei Drucken
Private Cloud
Öffentliche Cloud
Alle Drucker abbrechen / freigeben
Benutzereinstellungen ändern
Administratoren erstellen
Log ansehen
System0 APIkey ansehen
Druckschlüssel erstellen
Debug
Alle Dateien von Öffentlicher Cloud Löschen
+
+

+
+ ' . $err . '
'; + } + ?> +
+
+
+
+ + + + diff --git a/sys0-code/app/create_key.php b/sys0-code/app/create_key.php new file mode 100644 index 0000000..8771871 --- /dev/null +++ b/sys0-code/app/create_key.php @@ -0,0 +1,84 @@ + + + + + + Account Einstellungen + + + + ");?> + + + + load_user()"; + + ?> + +
+ +
+
+
+

Druckschlüssel Generieren

+
+

+ Ein Druckschlüssel ist ein Code, welcher ein Benutzer benutzen kann, um einen Druckauftrag zu starten. +

+
+ +
+
+ You key got added to the database, it can now be used to print files.
key: $key"); + } + ?> +
+
+ + + + diff --git a/sys0-code/app/debug.php b/sys0-code/app/debug.php new file mode 100644 index 0000000..91098f8 --- /dev/null +++ b/sys0-code/app/debug.php @@ -0,0 +1,267 @@ + + + + + + + +load_user()"; + + +?> + + +
+ + + Drucker Einstellungen + + + +
+
+
+

Druckerfreigabe erzwingen (falls beim freigeben Fehlermeldungen angezeigt werden)

+
"); + $last_id=0; + while($cnt!=0) + { + $userid=0; + $sql="select id,printer_url,apikey,cancel,used_by_userid from printer where free=0 and id>$last_id ORDER BY id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $printer_id,$url,$apikey,$cancel,$userid); + mysqli_stmt_fetch($stmt); + + + $last_id=$printer_id; + + $used_by_user=""; + $sql="select username from users where id=$userid"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $used_by_user); + mysqli_stmt_fetch($stmt); + + + echo(""); + + $cnt--; + } + echo("
DruckeridFreigeben
$printer_id
"); + ?> +

+ + + +

Rotation der Druckerkameras

+ form => action=rot&rot=180 + $cnt=0; + $url=""; + $apikey=""; + $sql="select count(*) from printer"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + mysqli_stmt_fetch($stmt); + //echo($cnt); + echo("
"); + $last_id=0; + $rotation=0; + while($cnt!=0) + { + $userid=0; + $sql="select rotation,id from printer where id>$last_id ORDER BY id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $rotation,$printer_id); + mysqli_stmt_fetch($stmt); + + + $last_id=$printer_id; + + $used_by_user=""; + + echo(""); + + $cnt--; + } + echo("
DruckeridRotation
$printer_id
"); + ?> +

+

Filamentfarbe

+ form => color + $cnt=0; + $url=""; + $apikey=""; + $sql="select count(*) from printer"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + mysqli_stmt_fetch($stmt); + //echo($cnt); + echo("
"); + $last_id=0; + $color=""; + while($cnt!=0) + { + $userid=0; + $sql="select color,id from printer where id>$last_id ORDER BY id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $color,$printer_id); + mysqli_stmt_fetch($stmt); + + + $last_id=$printer_id; + + $used_by_user=""; + + echo(""); + + $cnt--; + } + echo("
DruckeridRotation
$printer_id
"); + echo("
"); + + ?> +

Filamente

+ form => color + $cnt=0; + $url=""; + $apikey=""; + $sql="select count(*) from filament"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + mysqli_stmt_fetch($stmt); + //echo($cnt); + echo("
"); + + //form to add a color + echo(""); + echo(""); + echo(""); + echo(""); + echo(""); + + $last_id=0; + $color=""; + $id=0; + $row=1; + while($cnt!=0) + { + $userid=0; + $sql="select id,name,internal_id from filament where id>$last_id ORDER BY id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt,$id, $color,$printer_id); + mysqli_stmt_fetch($stmt); + + + $last_id=$id; + + $used_by_user=""; + $row++; + echo(""); + $cnt--; + } + echo("
FilamenteFarbeHinzufügen/Löschen
$printer_id
"); + echo("
"); + + ?> + +
+
+
+ + + + + diff --git a/sys0-code/app/disclaimer.php b/sys0-code/app/disclaimer.php new file mode 100644 index 0000000..1600b12 --- /dev/null +++ b/sys0-code/app/disclaimer.php @@ -0,0 +1,87 @@ + + + Privacy Policy + + + + ");?> + + + load_user()"; + + ?> + +
+ +
+

Disclaimer

+

Last updated: December 18, 2023

+

Interpretation and Definitions

+

Interpretation

+

The words of which the initial letter is capitalized have meanings defined under the following conditions. + The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

+

Definitions

+

For the purposes of this Disclaimer:

+ +

Disclaimer

+

The information contained on the Service is for general information purposes only.

+

The Company assumes no responsibility for errors or omissions in the contents of the Service.

+

In no event shall the Company be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents on the Service at any time without prior notice. This Disclaimer has been created with the help of the Disclaimer Generator.

+

The Company does not warrant that the Service is free of viruses or other harmful components.

+

External Links Disclaimer

+

The Service may contain links to external websites that are not provided or maintained by or in any way affiliated with the Company.

+

Please note that the Company does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.

+

Errors and Omissions Disclaimer

+

The information given by the Service is for general guidance on matters of interest only. Even if the Company takes every precaution to insure that the content of the Service is both current and accurate, errors can occur. Plus, given the changing nature of laws, rules and regulations, there may be delays, omissions or inaccuracies in the information contained on the Service.

+

The Company is not responsible for any errors or omissions, or for the results obtained from the use of this information.

+

Fair Use Disclaimer

+

The Company may use copyrighted material which has not always been specifically authorized by the copyright owner. The Company is making such material available for criticism, comment, news reporting, teaching, scholarship, or research.

+

The Company believes this constitutes a "fair use" of any such copyrighted material as provided for in section 107 of the United States Copyright law.

+

If You wish to use copyrighted material from the Service for your own purposes that go beyond fair use, You must obtain permission from the copyright owner.

+

Views Expressed Disclaimer

+

The Service may contain views and opinions which are those of the authors and do not necessarily reflect the official policy or position of any other author, agency, organization, employer or company, including the Company.

+

Comments published by users are their sole responsibility and the users will take full responsibility, liability and blame for any libel or litigation that results from something written in or as a direct result of something written in a comment. The Company is not liable for any comment published by users and reserves the right to delete any comment for any reason whatsoever.

+

No Responsibility Disclaimer

+

The information on the Service is provided with the understanding that the Company is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers.

+

In no event shall the Company or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever arising out of or in connection with your access or use or inability to access or use the Service.

+

"Use at Your Own Risk" Disclaimer

+

All information in the Service is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose.

+

The Company will not be liable to You or anyone else for any decision made or action taken in reliance on the information given by the Service or for any consequential, special or similar damages, even if advised of the possibility of such damages.

+

Contact Us

+

If you have any questions about this Disclaimer, You can contact Us:

+ +
+ + + diff --git a/sys0-code/app/load.php b/sys0-code/app/load.php new file mode 100644 index 0000000..0663971 --- /dev/null +++ b/sys0-code/app/load.php @@ -0,0 +1,38 @@ + + + + + +Server Stats + + +
+ +"; +echo "CPU Usage: " . $cpu_usage . "
"; +echo "RAM Usage: " . $ram_usage . "
"; + +?> + + + diff --git a/sys0-code/app/overview.php b/sys0-code/app/overview.php new file mode 100644 index 0000000..cf712cb --- /dev/null +++ b/sys0-code/app/overview.php @@ -0,0 +1,395 @@ + + + + + + + + +load_user()"; +?> + +=$firstCharsCount+$lastCharsCount+3){ + $firstChars = substr($filePath, 0, $firstCharsCount); + + // Get the last few characters of the path + $lastChars = substr($filePath, -$lastCharsCount); + + // Return the shortened path + return $firstChars . "..." . $lastChars; + } + else{ + return $filePath; + } + } + $color=$_SESSION["color"]; + include "../assets/components.php"; + if(!isset($_SESSION["rid"])) + $_SESSION["rid"]=0; + $_SESSION["rid"]++; +?> + + Alle Drucker + + + +
+
+
+
+ /var/www/html/user_files/$username/json.json"); + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + if($json["error"]!="") + { + echo(""); + } + else + { + $sql="update printer set cancel=1 where id=$printer_id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + } + + } + + $cnt=0; + $url=""; + $apikey=""; + if(isset($_GET["private"])) + $sql="select count(*) from printer where used_by_userid=".$_SESSION["id"]; + else + $sql="select count(*) from printer"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + mysqli_stmt_fetch($stmt); + //echo($cnt); + $is_free=0; + echo("
"); + echo("
"); + echo("
"); + if(isset($_GET["private"])) + echo("
Alle Drucker anzeigen"); + else + echo("
Nur eigene Aufträge anzeigen"); + echo("
"); + $last_id=0; + $system_status=0; + $rotation=0; + while($cnt!=0) + { + $userid=0; + if(isset($_GET["private"])) + $sql="select rotation,free,id,printer_url,apikey,cancel,used_by_userid,system_status,color from printer where id>$last_id and used_by_userid=".$_SESSION["id"]." ORDER BY id"; + else + $sql="select rotation,free,id,printer_url,apikey,cancel,used_by_userid,system_status,color from printer where id>$last_id ORDER BY id"; + $cancel=0; + $filament_color=""; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $rotation,$is_free,$printer_id,$url,$apikey,$cancel,$userid,$system_status,$filament_color); + mysqli_stmt_fetch($stmt); + $last_id=$printer_id; + $filament_color=intval($filament_color); + //get the real color + $sql="select name from filament where internal_id=$filament_color"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt,$filament_color); + mysqli_stmt_fetch($stmt); + + if($is_free==0){ + //printer is printing + exec("curl --max-time 10 $url/api/job?apikey=$apikey > /var/www/html/user_files/$username/json.json"); + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + + $used_by_user=""; + $sql="select username from users where id=$userid"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $used_by_user); + mysqli_stmt_fetch($stmt); + $username2=explode("@",$used_by_user); + + $progress=(int) $json['progress']['completion']; + if($progress<0) + $progress=-$progress; + $file=$json['job']['file']['name']; + if($progress==100){ + $print_time=seconds_to_time(intval($json["progress"]["printTime"])); + $print_time_left=seconds_to_time(intval($json["progress"]["printTimeLeft"])); + $print_time_total=seconds_to_time(intval($json["job"]["estimatedPrintTime"])); + echo("
"); + echo("
"); + echo("
Drucker $printer_id
"); + echo("
"); + echo("
"); + echo(""); + echo("
"); + echo("
$progress%
"); + echo("
"); + echo(""); + echo(""); + echo(""); + echo(""); + if(!empty($filament_color) && $filament_color!=NULL) + echo(""); + echo(""); + echo(""); + echo(""); + echo(""); + echo(""); + if($userid==$_SESSION["id"] or $role[3]==="1"){ + echo(""); + } + echo(""); + echo("
StatusFertig
Genutzt von".$username2[0]."
Filamentfarbe$filament_color
Erwartete Druckzeit$print_time_total
Verbleibende Druckzeit$print_time_left
Vergangene Druckzeit$print_time
Datei
".short_path($json["job"]["file"]["name"],10,10)."
".$json["job"]["file"]["name"]."
Freigeben
"); + echo("
"); + echo("
"); + } + else if($cancel==1){ + $print_time=seconds_to_time(intval($json["progress"]["printTime"])); + $print_time_left=seconds_to_time(intval($json["progress"]["printTimeLeft"])); + $print_time_total=seconds_to_time(intval($json["job"]["estimatedPrintTime"])); + echo("
"); + echo("
"); + echo("
Drucker $printer_id
"); + echo("
"); + echo("
"); + echo(""); + echo("
"); + echo("
$progress%
"); + echo("
"); + echo(""); + echo(""); + echo(""); + echo(""); + if(!empty($filament_color) && $filament_color!=NULL) + echo(""); + echo(""); + echo(""); + echo(""); + echo(""); + if($userid==$_SESSION["id"] or $role[3]=="1"){ + echo(""); + } + echo(""); + echo("
StatusDruck Abgebrochen
Genutzt von".$username2[0]."
Filamentfarbe$filament_color
Erwartete Druckzeit$print_time_total
Verbleibende Druckzeit$print_time_left
Vergangene Druckzeit$print_time
Datei
".short_path($json["job"]["file"]["name"],10,10)."
".$json["job"]["file"]["name"]."
Freigeben
"); + echo("
"); + echo("
"); + } + else{ + $print_time=seconds_to_time(intval($json["progress"]["printTime"])); + $print_time_left=seconds_to_time(intval($json["progress"]["printTimeLeft"])); + $print_time_total=seconds_to_time(intval($json["job"]["estimatedPrintTime"])); + echo("
"); + echo("
"); + echo("
Drucker $printer_id
"); + echo("
"); + echo("
"); + echo(""); + echo("
"); + echo("
$progress%
"); + echo("
"); + echo(""); + echo(""); + echo(""); + echo(""); + if(!empty($filament_color) && $filament_color!=NULL) + echo(""); + echo(""); + echo(""); + echo(""); + echo(""); + if($userid==$_SESSION["id"] or $role[3]==="1"){ + echo(""); + } + echo(""); + echo("
StatusDrucken
Genutzt von".$username2[0]."
Filamentfarbe$filament_color
Erwartete Druckzeit$print_time_total
Verbleibende Druckzeit$print_time_left
Vergangene Druckzeit$print_time
Datei
".short_path($json["job"]["file"]["name"],10,10)."
".$json["job"]["file"]["name"]."
Abbrechen
"); + echo("
"); + echo("
"); + } + }else{ + //printer is free + echo("
"); + echo("
"); + echo("
Drucker $printer_id
"); + echo("
"); + echo("
"); + echo(""); + echo(""); + echo(""); + echo(""); + if(!empty($filament_color) && $filament_color!=NULL) + echo(""); + echo(""); + echo(""); + echo("
StatusBereit
Filamentfarbe$filament_color
Drucken
"); + echo("
"); + echo("
"); + + } + $cnt--; + } + echo("
"); + + ?> +

+ +
+
+
+
+ +
+

Warteschlange

+
"); + $last_id=0; + $form_userid=0; + $print_on=0; + while($cnt!=0) + { + $sql="select id,filepath,from_userid,print_on from queue where id>$last_id order by id"; + $cancel=0; + $stmt = mysqli_prepare($link, $sql); + echo mysqli_error($link); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $queue_id,$filepath,$from_userid,$print_on); + mysqli_stmt_fetch($stmt); + $filepath=basename($filepath); + $last_id=$queue_id; + echo(""); + if($print_on==-1) + echo(""); + else + echo(""); + if($_SESSION["role"][3]==="1" or $_SESSION["id"]==$from_userid) + echo(""); + + $cnt--; + } + echo("
DateiDrucken auf Druckeraus der Warteschlange entfernen
$filepathErster verfügbarer Drucker$print_on
"); + ?> +

+ + + + + diff --git a/sys0-code/app/permission_functions.php b/sys0-code/app/permission_functions.php new file mode 100644 index 0000000..4ca0b6b --- /dev/null +++ b/sys0-code/app/permission_functions.php @@ -0,0 +1,50 @@ + diff --git a/sys0-code/app/print.php b/sys0-code/app/print.php new file mode 100644 index 0000000..77e1e36 --- /dev/null +++ b/sys0-code/app/print.php @@ -0,0 +1,523 @@ +75 or $ex_temp>225){ + return 0; + }else{ + return 1; + } +} + +function is_time_between($startTime, $endTime, $checkTime) { + // Convert times to timestamps + $startTimestamp = strtotime($startTime); + $endTimestamp = strtotime($endTime); + $checkTimestamp = strtotime($checkTime); + + // If end time is less than start time, it means the range crosses midnight + if ($endTimestamp < $startTimestamp) { + // Check if the time is between start time and midnight or between midnight and end time + return ($checkTimestamp >= $startTimestamp || $checkTimestamp <= $endTimestamp); + } else { + // Normal case: check if the time is between start and end time + return ($checkTimestamp >= $startTimestamp && $checkTimestamp <= $endTimestamp); + } +} + +?> + + + + + + + + load_user()"; + test_queue($link); + ?> + + + ");?> +
+ + + Datei drucken + + + + +

+ ',':',';','?','*','"','|','%']; + $filetype = strtolower(pathinfo($_FILES['file_upload']['name'],PATHINFO_EXTENSION)); + $path = "/var/www/html/user_files/$username/"; + $print_on=$_POST["queue_printer"]; + $filename=basename( $_FILES['file_upload']['name']); + $filename=str_replace($unwanted_chr,"_",$filename); + $path = $path . $filename; + if(!in_array($filetype,$ok_ft)) + { + echo("
"); + sys0_log("Could not upload file for ".$_SESSION["username"]." because of unknown file extension",$_SESSION["username"],"PRINT::UPLOAD::FILE::FAILED");//notes,username,type + } + else + { + if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $path)) { + $sql="INSERT INTO queue (from_userid,filepath,print_on) VALUES (?,?,?)"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "isi", $userid,$path,$print_on); + mysqli_stmt_execute($stmt); + + echo("
"); + sys0_log("user ".$_SESSION["username"]." uploaded ".basename($path)." to the queue",$_SESSION["username"],"PRINT::UPLOAD::QUEUE");//notes,username,type + } + else + { + echo("
"); + } + } + unset($_FILES['file']); + } + if(isset($_GET["cloudprint"])){ + $print_on=$_POST["queue_printer"]; + if(!isset($_GET["pc"])) + $path = "/var/www/html/user_files/$username/".$_GET["cloudprint"]; + else + $path = "/var/www/html/user_files/public/".$_GET["cloudprint"]; + $sql="INSERT INTO queue (from_userid,filepath,print_on) VALUES (?,?,?)"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "isi", $userid,$path,$print_on); + mysqli_stmt_execute($stmt); + + + echo("
"); + sys0_log("user ".$_SESSION["username"]." uploaded ".basename($path)." to the queue",$_SESSION["username"],"PRINT::UPLOAD::QUEUE"); + + } + } + else + { + $sql="select printer_url, free, system_status,apikey,printer_url from printer where id=$printer_id"; + //echo $sql; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $url,$free,$status,$apikey,$printer_url); + mysqli_stmt_fetch($stmt); + if($free!=1 or $status!=0) + { + + echo("
"); + sys0_log("Could not start job for ".$_SESSION["username"]." with file ".basename($path)."",$_SESSION["username"],"PRINT::JOB::START::FAILED");//notes,username,type + exit; + } + if(!empty($_FILES['file_upload'])) + { + $ok_ft=array("gcode",""); + $unwanted_chr=[' ','(',')','/','\\','<','>',':',';','?','*','"','|','%']; + $filetype = strtolower(pathinfo($_FILES['file_upload']['name'],PATHINFO_EXTENSION)); + $path = "/var/www/html/user_files/$username/"; + $filename=basename( $_FILES['file_upload']['name']); + $filename=str_replace($unwanted_chr,"_",$filename); + $path = $path . $filename; + + //if(in_array($filetype,$unwanted_ft)) + if(!in_array($filetype,$ok_ft)) + { + echo("
"); + sys0_log("Could not upload file for ".$_SESSION["username"]." because of unknown file extension",$_SESSION["username"],"PRINT::UPLOAD::FILE::FAILED");//notes,username,type + } + else + { + //check if print key is valid: + $print_key=htmlspecialchars($_POST["print_key"]); + $sql="SELECT id from print_key where print_key='$print_key'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + + //if(mysqli_stmt_num_rows($stmt) == 1){ turned off because user does not need to have a printer key + if(true){ + mysqli_stmt_close($stmt); + if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $path)) { + echo("
"); + echo("
"); + if(check_file($path) or isset($_POST["ignore_unsafe"])){ + exec('curl -k -H "X-Api-Key: '.$apikey.'" -F "select=true" -F "print=true" -F "file=@'.$path.'" "'.$printer_url.'/api/files/local" > /var/www/html/user_files/'.$username.'/json.json'); + //file is on printer and ready to be printed + $userid=$_SESSION["id"]; + echo("
"); + sys0_log("user ".$_SESSION["username"]." uploaded ".basename($path)." to printer ".$_POST["printer"]."",$_SESSION["username"],"PRINT::UPLOAD::PRINTER");//notes,username,type + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + if($json['effectivePrint']==false or $json["effectiveSelect"]==false) + { + echo("
"); + sys0_log("Could not start job for ".$_SESSION["username"]."with file ".basename($path)."",$_SESSION["username"],"PRINT::JOB::START::FAILED");//notes,username,type + } + else + { + $sql="update printer set free=0, printing=1,mail_sent=0, used_by_userid=$userid where id=$printer_id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + //delete printer key: + $sql="DELETE from print_key where print_key='$print_key'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + }else{ + $warning=true; + echo("
"); + } + } + else + { + echo("
"); + } + } + else{ + echo("
"); + } + } + unset($_FILES['file']); + } + if(isset($_GET["cloudprint"])){ + if(!isset($_GET["pc"])) + $path = "/var/www/html/user_files/$username/".$_GET["cloudprint"]; + else + $path = "/var/www/html/user_files/public/".$_GET["cloudprint"]; + //check if print key is valid: + $print_key=htmlspecialchars($_POST["print_key"]); + $sql="SELECT id from print_key where print_key='$print_key'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + + //if(mysqli_stmt_num_rows($stmt) == 1){ turned off because user does not need to have a printer key + if(true){ + mysqli_stmt_close($stmt); + + echo("
"); + if(check_file($path) or isset($_POST["ignore_unsafe"])){ + exec('curl -k -H "X-Api-Key: '.$apikey.'" -F "select=true" -F "print=true" -F "file=@'.$path.'" "'.$printer_url.'/api/files/local" > /var/www/html/user_files/'.$username.'/json.json'); + //file is on printer and ready to be printed + $userid=$_SESSION["id"]; + echo("
"); + sys0_log("user ".$_SESSION["username"]." uploaded ".basename($path)." to printer ".$_POST["printer"]."",$_SESSION["username"],"PRINT::UPLOAD::PRINTER");//notes,username,type + $fg=file_get_contents("/var/www/html/user_files/$username/json.json"); + $json=json_decode($fg,true); + //echo('curl -k -H "X-Api-Key: '.$apikey.'" -F "select=true" -F "print=true" -F "file=@'.$path.'" "'.$printer_url.'/api/files/local" > /var/www/html/system0/html/user_files/'.$username.'/json.json'); + //echo("


"); + //var_dump($json); + if($json['effectivePrint']==false or $json["effectiveSelect"]==false) + { + echo("
"); + sys0_log("Could not start job for ".$_SESSION["username"]."with file ".basename($path)."",$_SESSION["username"],"PRINT::JOB::START::FAILED");//notes,username,type + } + else + { + $sql="update printer set free=0, printing=1,mail_sent=0, used_by_userid=$userid where id=$printer_id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + //delete printer key: + $sql="DELETE from print_key where print_key='$print_key'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + }else{ + $warning=true; + echo("
"); + } + } + else{ + echo("
"); + } + } + } + } + + ?> + +
+

Datei drucken

+ + prepare($sql); + $stmt->execute(); + $result = $stmt->get_result(); + //$row = $result->fetch_assoc(); + $time_now=date("H:i"); + while ($row = $result->fetch_assoc()) { + if (is_time_between($row["time_from"], $row["time_to"], $time_now)) { + $reservation_conflict = true; + break; + } + } + + if ($reservation_conflict) { + echo "
"; + } + + ?> +
+ + +
+ '); + echo('
'); + + echo(''); + echo(' '); + echo('
'); + echo('
'); + } + else{ + echo ('
'); + echo('
'); + + echo("

Cloudfile: ".$_GET["cloudprint"]."

"); + echo('
'); + echo('
'); + } + ?> +

+
+ + +
+ + '); + echo(''); + echo(''); + echo('
'); + } + ?> + + +

+ + "); + echo("
"); + } + + ?> + +
+ + + Auf einem Drucker Drucken, welcher besetzt ist. +
+ + + + +
+ + + + + diff --git a/sys0-code/app/privacy-policy.php b/sys0-code/app/privacy-policy.php new file mode 100644 index 0000000..74f6029 --- /dev/null +++ b/sys0-code/app/privacy-policy.php @@ -0,0 +1,212 @@ + + + Privacy Policy + + + + ");?> + + + load_user()"; + ?> + +
+ +
+

Privacy Policy

+

Last updated: December 18, 2023

+

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

+

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Generator.

+

Interpretation and Definitions

+

Interpretation

+

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

+

Definitions

+

For the purposes of this Privacy Policy:

+ +

Collecting and Using Your Personal Data

+

Types of Data Collected

+

Personal Data

+

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

+ +

Usage Data

+

Usage Data is collected automatically when using the Service.

+

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

+

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

+

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

+

Tracking Technologies and Cookies

+

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

+ +

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies on the Privacy Policies website article.

+

We use both Session and Persistent Cookies for the purposes set out below:

+ +

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

+

Use of Your Personal Data

+

The Company may use Personal Data for the following purposes:

+ +

We may share Your personal information in the following situations:

+ +

Retention of Your Personal Data

+

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

+

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

+

Transfer of Your Personal Data

+

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

+

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

+

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

+

Delete Your Personal Data

+

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

+

Our Service may give You the ability to delete certain information about You from within the Service.

+

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

+

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

+

Disclosure of Your Personal Data

+

Business Transactions

+

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

+

Law enforcement

+

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

+

Other legal requirements

+

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

+ +

Security of Your Personal Data

+

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

+

Children's Privacy

+

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

+

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

+

Links to Other Websites

+

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

+

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

+

Changes to this Privacy Policy

+

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

+

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

+

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

+

Contact Us

+

If you have any questions about this Privacy Policy, You can contact us:

+ + +
+ +



+div> diff --git a/sys0-code/app/public_cloud.php b/sys0-code/app/public_cloud.php new file mode 100644 index 0000000..4128306 --- /dev/null +++ b/sys0-code/app/public_cloud.php @@ -0,0 +1,146 @@ + + + + + + + +load_user()"; + + + +?> + + +
+ + + Alle öffentlichen Dateien + + + +
+
+ + +

Öffentliche Dateien

+
+
+ + +
+
+ + + + + + + + + + + + '; + echo ''; + echo ''; + echo ''; + if($role[10]=="1"){ + echo "'; + }else{ + echo ""; + } + echo "'; + echo ''; + } + }else{ + echo ''; + echo ''; + echo ''; + echo ''; + if($role[10]=="1"){ + echo "'; + }else{ + echo ""; + } + echo "'; + + echo ''; + + } + } + } else { + echo ''; + } + ?> + +
PreviewFile NamePrint FileDelete FileDownload File
' . basename($file) . 'Drucken" . "Löschen" . '" . "Herunterladen" . '
' . basename($file) . 'Drucken" . "Löschen" . '" . "Herunterladen" . '
Directory not found
+
+
+
+
+ + + + diff --git a/sys0-code/app/remove_user.php b/sys0-code/app/remove_user.php new file mode 100644 index 0000000..0bb8fa6 --- /dev/null +++ b/sys0-code/app/remove_user.php @@ -0,0 +1,487 @@ + + + + + + + + + ");?> +
+load_user()"); + require_once "../config/config.php"; + if(isset($_GET["update_id"]) && $_GET["rid"]==$_SESSION["rid"]-1){ + $tid=$_GET["update_id"]; + $perms=get_perm_string(); + $sql="UPDATE users SET role = '$perms' WHERE id=$tid"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + } + if(isset($_POST['username'])) + { + $username_td=$_POST['username']; + $username_td=htmlspecialchars($username_td); + $sql="DELETE FROM users WHERE username = '$username_td';"; + //echo($sql); + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + deleteDirectory("/var/www/html/user_files/$username_td/"); + log_("Deleted $username_td","BAN:DELETION"); + } + else if(isset($_POST["ban"])) + { + $username_td=htmlspecialchars($_POST["ban"]); + $reason=htmlspecialchars($_POST["reason"]); + $sql="UPDATE users SET banned = 1, banned_reason='$reason' WHERE username='$username_td'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + log_("Banned $username_td","BAN:BAN"); + } + else if(isset($_POST["unban"])) + { + $username_td=htmlspecialchars($_POST["unban"]); + $sql="UPDATE users SET banned = 0 WHERE username='$username_td'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + log_("Unanned $username_td","BAN:UNBAN"); + } + + + //how many users do we have? + $cnt=0; + $sql="SELECT COUNT(*) FROM users"; + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Store result + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + if(mysqli_stmt_fetch($stmt)){ + + } + } else{ + echo ""; + } + + // Close statement + mysqli_stmt_close($stmt); + } + echo('
'); + echo('
+
+

Benutzer zum löschen auswählen:

+
+ + +
+
+
+
+ +
+
+ +
+
+
+ +
+
+
+
+
+
'); + echo('

+
+
+

User zum Bannen auswählen:

+
+ + +
+
+
+
+ +
+
+ '); + //echo('
'); + echo(' +
+
+
+ +
+
+
+
+
+
'); + + echo("

"); + echo('
+
+

Please select a user to unban:

+
+ + +
+
+
+
+ +
+
+ +
+
+
+ +
+
+
+
+
+
+
'); + ?> + + +
+
+
+ + "); + echo(""); + echo(""); + echo("Nutzer"); + echo("Drucken"); + echo("Cloud"); + echo("Öffentliche Cloud"); + echo("Alle Drucker abbrechen / freigeben"); + echo("Benutzereinstellungen ändern"); + echo("Administratoren erstellen"); + echo("Log ansehen"); + echo("APIkey ansehen"); + echo("Druckschlüssel erstellen"); + echo("Debug"); + echo("Alle Dateien von Öffentlicher Cloud löschen"); + echo("Aktualisieren"); + echo("Benutzer löschen"); + echo(""); + echo(""); + echo(""); + echo(""); + //how many users do we have? + $cnt=0; + $sql="SELECT COUNT(*) FROM users"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + // Store result + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $cnt); + mysqli_stmt_fetch($stmt); + mysqli_stmt_close($stmt); + //now we know how many users we have. + $last_id=0; + while($cnt!=0){ + $tusername=""; + $trole=""; + $tid=0; + $sql="select id,username,role from users where id>$last_id ORDER BY id"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + // Store result + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $tid,$tusername,$trole); + mysqli_stmt_fetch($stmt); + mysqli_stmt_close($stmt); + echo("
"); + echo("$tusername"); + if($trole[0]==="1") + echo(''); + else + echo(''); + if($trole[1]==="1") + echo(''); + else + echo(''); + if($trole[2]==="1") + echo(''); + else + echo(''); + if($trole[3]==="1") + echo(''); + else + echo(''); + if($trole[4]==="1") + echo(''); + else + echo(''); + if($trole[5]==="1") + echo(''); + else + echo(''); + if($trole[6]==="1") + echo(''); + else + echo(''); + if($trole[7]==="1") + echo(''); + else + echo(''); + if($trole[8]==="1") + echo(''); + else + echo(''); + if($trole[9]==="1") + echo(''); + else + echo(''); + if($trole[10]==="1") + echo(''); + else + echo(''); + echo(''); + echo(''); + echo("
"); + $last_id=$tid; + $cnt--; + } + echo(""); + echo(""); + echo(""); + mysqli_close($link); + ?> +
+
+ +
+ + + + + diff --git a/sys0-code/app/reservations.php b/sys0-code/app/reservations.php new file mode 100644 index 0000000..92e475d --- /dev/null +++ b/sys0-code/app/reservations.php @@ -0,0 +1,109 @@ + + + + + + + +load_user()"; +?> + +format('Y-m-d'); + +$sql = "DELETE FROM reservations WHERE day <= ?"; +$stmt = $link->prepare($sql); +if ($stmt) { + $stmt->bind_param("s", $formattedYesterday); + $stmt->execute(); + $stmt->close(); +} + +if(isset($_POST["res"])){ + $time_from=htmlspecialchars($_POST["time_from"]); + $time_to=htmlspecialchars($_POST["time_to"]); + $day=htmlspecialchars($_POST["date"]); + $sql="INSERT INTO reservations (time_from,time_to,day,set_by_userid) VALUES (?, ?, ?, ?);"; + $stmt = $link->prepare($sql); + $stmt->bind_param("sssi",$time_from, $time_to, $day,$userid); + $stmt->execute(); +} +if(isset($_GET["del"])){ + $id=htmlspecialchars($_GET["del"]); + $sql="delete from reservations where id=$id"; + $stmt = $link->prepare($sql); + $stmt->execute(); +} + +?> + ");?> +
+ + + Drucker Reservationen + + +
+
+
+ +

Reservation hinzufügen

+
+ + + + +
+

+ +

Reservationen (Alte Reservationen werden automatisch gelöscht)

+ prepare($sql); + $stmt->execute(); + $result = $stmt->get_result(); + echo(""); + echo(""); + while($row = $result->fetch_assoc()) { + echo(""); + } + echo("
Zeit vonZeit bisDatumReservation löschen
".$row["time_from"]."".$row["time_to"]."".$row["day"]."Löschen
"); + + ?> +
+
+
+ + + + diff --git a/sys0-code/app/view_apikey.php b/sys0-code/app/view_apikey.php new file mode 100644 index 0000000..434ab9e --- /dev/null +++ b/sys0-code/app/view_apikey.php @@ -0,0 +1,65 @@ + + + + + + + +load_user()"; +?> + + ");?> +
+ + + Api viewer + + + + +
+
+
+

Dein system0 APIkey:

+ ".$apikey_fromdb.""); + echo("

Behandle diesen Schlüssel wie ein Passwort.
Es ist wichtig, dass niemand diesen Schlüssel erfährt!"); + ?> +
+
+
+ + + + + diff --git a/sys0-code/app/view_log.php b/sys0-code/app/view_log.php new file mode 100644 index 0000000..5878b69 --- /dev/null +++ b/sys0-code/app/view_log.php @@ -0,0 +1,142 @@ + + + + + + + +load_user()"; +?> + + ");?> +
+ + + Log viewer + + + +
+
+
+

Alle Einträge

+
+ + + + + + + + + + + + + + + + + "); + } + } + + } + fclose($fp); + ?> + +
Datum & ZeitIP AdresseTypBenutzernameInfo
------ + + + '); + echo(''); + //now get those users + $cnt2=1; + $id=0; + $last_id=0; + while($cnt2!==$cnt+1) + { + $sql = "SELECT id, username FROM users WHERE id > $last_id ORDER BY id;"; + $stmt = mysqli_prepare($link, $sql); + + mysqli_stmt_execute($stmt); + mysqli_stmt_store_result($stmt); + mysqli_stmt_bind_result($stmt, $id,$username); + mysqli_stmt_fetch($stmt); + $last_id=$id; + echo(''); + mysqli_stmt_close($stmt); + $cnt2++; + } + + + + + ?> + +
".$data[0]."".$data[1]."".$data[2]."".$data[3]."".$data[4]."
+
+
+
+
+ + + diff --git a/sys0-code/app/webcam.php b/sys0-code/app/webcam.php new file mode 100644 index 0000000..70b7511 --- /dev/null +++ b/sys0-code/app/webcam.php @@ -0,0 +1,26 @@ + + + + + Webcam + + + + "); + ?> + + + + diff --git a/sys0-code/assets/images/ksw_logo.png b/sys0-code/assets/images/ksw_logo.png new file mode 100644 index 0000000..a3a1cd1 Binary files /dev/null and b/sys0-code/assets/images/ksw_logo.png differ diff --git a/sys0-code/log/log.php b/sys0-code/log/log.php new file mode 100644 index 0000000..6ca80a7 --- /dev/null +++ b/sys0-code/log/log.php @@ -0,0 +1,49 @@ + diff --git a/sys0-code/login/keepmeloggedin.php b/sys0-code/login/keepmeloggedin.php new file mode 100644 index 0000000..4694897 --- /dev/null +++ b/sys0-code/login/keepmeloggedin.php @@ -0,0 +1,64 @@ + diff --git a/sys0-code/login/login.php b/sys0-code/login/login.php new file mode 100644 index 0000000..ff8ed65 --- /dev/null +++ b/sys0-code/login/login.php @@ -0,0 +1,492 @@ +Hier ist dein System0 Account verifikations Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/verify_account.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' + +EOF; + exec($mail); + header("location: /login/login.php?mail_sent1"); + } + else{ + header("location: /login/login.php?mail_sent3"); + } + } +// Processing form data when form is submitted +if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="login"){ + + // Check if username is empty + if(empty(trim($_POST["username"]))){ + $username_err = "Please enter username."; + } else{ + $username = trim($_POST["username"]); + } + + // Check if password is empty + if(empty(trim($_POST["password"]))){ + $password_err = "Please enter your password."; + } else{ + $password = trim($_POST["password"]); + } + + // Validate credentials + if(empty($username_err) && empty($password_err)){ + // Prepare a select statement + $sql = "SELECT id, username, password, role, color,banned,banned_reason ,telegram_id,notification_telegram,notification_mail FROM users WHERE username = ?"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_username); + + // Set parameters + $param_username = htmlspecialchars($username); + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Store result + mysqli_stmt_store_result($stmt); + + // Check if username exists, if yes then verify password + if(mysqli_stmt_num_rows($stmt) == 1){ + // Bind result variables + mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $role,$color,$banned,$banned_reason,$telegram_id,$notification_telegram,$notification_mail); + if(mysqli_stmt_fetch($stmt)){ + if(password_verify($password, $hashed_password)){ + if($banned!=1) + { + // Password is correct, so start a new session + mysqli_stmt_close($stmt); + if(isset($_POST["keepmeloggedin"])) + { + $token=getSalt(); + $sql="UPDATE users SET keepmeloggedin=? WHERE username=?"; + if($stmt = mysqli_prepare($link, $sql)){ + $ptoken=""; + $pusername=""; + mysqli_stmt_bind_param($stmt, "ss", $ptoken,$pusername); + $ptoken=$token; + $pusername=$username; + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } + else + echo("Error while setting 'keepmeloggedin'"); + + $cookie=$username.':'.$token; + $mac=hash("sha256",$cookie); + $cookie.=':'.$mac; + setcookie('keepmeloggedin',$cookie,time()+(3600*24*31)); + log_("Added keepmeloggedin token for $username","LOGIN:AUTOLOGIN"); + } + session_start(); + + // Store data in session variables + $_SESSION["loggedin"] = true; + $_SESSION["id"] = $id; + $_SESSION["username"] = $username; + $_SESSION["role"] = $role; + $_SESSION["token"]=bin2hex(random_bytes(32)); + $_SESSION["color"]=$color; + $_SESSION["creation_token"]= urlencode(bin2hex(random_bytes(24/2))); + $_SESSION["telegram_id"]=$telegram_id; + $_SESSION["notification_telegram"]=$notification_telegram; + $_SESSION["notification_mail"]=$notification_mail; + // Redirect user to welcome page + log_("$username logged in","LOGIN:SUCCESS"); + header("location:/app/overview.php"); + } + else + { + $_SESSION["verify"]=$username; + $login_err = "Dein Account wurde noch nicht aktiviert. Neuen aktivierungslink anfordern"; + } + } else{ + // Password is not valid, display a generic error message + $login_err = "Invalid username or password."; + log_("$username tried to log in with wrong Password","LOGIN:FAILURE"); + } + } + } else{ + // Username doesn't exist, display a generic error message + $login_err = "Invalid username or password."; + log_("$username tried to log in with non existant username","LOGIN:FAILURE"); + } + } else{ + echo "Oops! Something went wrong. Please try again later."; + log_("$username tried to log. Undefind failure","LOGIN:FAILURE"); + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Close connection + mysqli_close($link); +} +// Processing form data when form is submitted and user wants to create new user +if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="create_user"){ + + // Validate username + if(empty(trim($_POST["username"]))){ + $err = "Please enter a username."; + } elseif(!preg_match('/^[a-zA-Z0-9_@.\-]+$/', trim($_POST["username"]))){ + $err = "Username can only contain letters, numbers, and underscores."; + } else{ + // Prepare a select statement + $sql = "SELECT id FROM users WHERE username = ?"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_username); + + // Set parameters + $param_username = trim($_POST["username"]); + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + /* store result */ + mysqli_stmt_store_result($stmt); + + if(mysqli_stmt_num_rows($stmt) == 1){ + $err = "This username is already taken."; + } else{ + $username = trim($_POST["username"]); + } + } else{ + echo "Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Validate password + if(empty(trim($_POST["password"]))){ + $err = "Please enter a password."; + } elseif(strlen(trim($_POST["password"])) < 6){ + $err = "Password must have atleast 6 characters."; + } + else if(strlen(trim($_POST["new_password"])) > 96) + { + $login_err = "Password cannot have more than 96 characters."; + } else{ + $password = trim($_POST["password"]); + } + + // Validate confirm password + if(empty(trim($_POST["confirm_password"]))){ + $err = "Please confirm password."; + } else{ + $confirm_password = trim($_POST["confirm_password"]); + if(empty($err) && ($password != $confirm_password)){ + $err = "Password did not match."; + } + } + // Validate kantimail + if(strpos($_POST["username"],"@kantiwattwil.ch")===false){ + $err = "Only members of KSW can access this site. (prename.name@kantiwattwil.ch)."; + } + // Check input errors before inserting in database + if(empty($err)){ + + // Prepare an insert statement + $sql = "INSERT INTO users (username, password, role,banned,banned_reason,notification_telegram,notification_mail) VALUES (?, ?, ?,?,?,?,?)"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + $banned=1; + $banned_reason="Account muss zuerst verifiziert werden (Link in Mail)"; + $tel=0; + $mail=1; + mysqli_stmt_bind_param($stmt, "sssisii", $param_username, $param_password, $role,$banned,$banned_reason,$tel,$mail); + + // Set parameters + $param_username = $username; + $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash + $role="11100000000"; + $banned=1; + $tel=0; + $mail=1; + $banned_reason="Account muss zuerst verifiziert werden (Link in Mail)"; + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Redirect to login page + if(!is_dir("../user_files/$username")) + mkdir("/var/www/html/user_files/$username"); + //create session token, which has account creation token inisde it. + $_SESSION["creation_token"]= urlencode(bin2hex(random_bytes(24/2))); + $token=$_SESSION["creation_token"]; + $_SESSION["verify"]=$username; + $_SESSION["email"]=$username; + //send the mail: + $mail=<<Hier ist dein System0 Account verifikations Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/verify_account.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' + +EOF; + + exec($mail); + + header("location: login.php?mail_sent1"); + } else{ + echo "Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + + + + } + } + + // Close connection + mysqli_close($link); +} +if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="reset_pw"){ + $email=htmlspecialchars($_POST["username"]); + $_SESSION["email"]=$email; + $_SESSION["pw_reset_token"]= urlencode(bin2hex(random_bytes(24 / 2))); + $token=$_SESSION["pw_reset_token"]; + $_SESSION["verify"]=$email; + $mail=<<Hier ist dein System0 Passwort Zurücksetzungs Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/reset_pw.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' +EOF; + + exec($mail); + header("location: login.php?mail_sent2"); +} +?> + + + + + + + + + Login + + + + + + + + +
+ Logo +
+
+
+
+
+

Login

+
+
+ + +
+
+ + +
+
+ + +
+ +
+
+ + +
+ ' . $login_err . '
'; + } + if(isset($_GET["mail_sent1"])) + echo '
Eine Mail mit einem Aktivierungslink wurde an deine Mailadresse gesendet.
'; + if(isset($_GET["mail_sent2"])) + echo '
Eine Mail mit einem Passwort zurücksetzungslink wurde an deine Mailadresse gesendet.
'; + if(isset($_GET["acc_verify_ok"])) + echo '
Email erfolgreich Verifiziert.
'; + if(isset($_GET["mail_sent3"])) + echo '
Eine Mail mit einem Passwort zurücksetzungslink konnte nich gesendet werden. Bitte melde dich beim Support hier.
'; + ?> +
+
+
+ + + + + + +"); + echo('const a=document.getElementById("lnk_1");'); + echo('a.click();'); + echo(""); + } + if(isset($_GET["resend_pw_reset"])){ + echo(""); + } + + ?> + + + + + diff --git a/sys0-code/login/logout.php b/sys0-code/login/logout.php new file mode 100644 index 0000000..cce0014 --- /dev/null +++ b/sys0-code/login/logout.php @@ -0,0 +1,14 @@ + diff --git a/sys0-code/login/reset-password.php b/sys0-code/login/reset-password.php new file mode 100644 index 0000000..3faffdf --- /dev/null +++ b/sys0-code/login/reset-password.php @@ -0,0 +1,185 @@ + 96) + { + $login_err = "Password cannot have more than 96 characters."; + } + else{ + $new_password = trim($_POST["new_password"]); + } + + // Validate confirm password + if(empty(trim($_POST["confirm_password"]))){ + $login_err = "Please confirm the password."; + } else{ + $confirm_password = trim($_POST["confirm_password"]); + if(empty($new_password_err) && ($new_password != $confirm_password)){ + $login_err = "Password did not match."; + } + } + + // Check input errors before updating the database + if(empty($login_err) ){ + // Prepare an update statement + $sql = "UPDATE users SET password = ? WHERE id = ?"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id); + + // Set parameters + $param_password = password_hash($new_password, PASSWORD_DEFAULT); + $param_id = $_SESSION["id"]; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Password updated successfully. Destroy the session, and redirect to login page + session_destroy(); + header("location: login.php"); + exit(); + } else{ + echo "Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + } + // Close connection + mysqli_close($link); +?> + + + + + + Passwort zurücksetzen + + + + "); ?> + + + +load_user()"; + + +echo("
");?> +
+
+

Passwort zurücksetzen

+
+
+
+ + + +
+
+ + +
+
+ + +
+ +
+
+ ' . $login_err . '
'; + } + ?> +
+ + + + diff --git a/sys0-code/login/reset_pw.php b/sys0-code/login/reset_pw.php new file mode 100644 index 0000000..b191eb2 --- /dev/null +++ b/sys0-code/login/reset_pw.php @@ -0,0 +1,134 @@ +"); +if($_GET["token"]!=$_SESSION["pw_reset_token"]){ + $login_err = "Dein Link ist entweder abgelaufen oder ungültig. Erzeuge einen neuen, in dem du auf diesen Link klickst."; + echo '
' . $login_err . '
'; + + //die(); +} + +// Processing form data when form is submitted +if($_SERVER["REQUEST_METHOD"] == "POST"){ + $login_err=""; + //first: validate old password + if(isset($_GET["token"])&&isset($_SESSION["pw_reset_token"])){ + if($_GET["token"]==$_SESSION["pw_reset_token"]){ + $auth=true; + } + else{ + $auth=false; + } + } + else{ $auth=false; } + if($auth===true) + { + //end of old_password validation + // Validate new password + if(empty(trim($_POST["new_password"]))){ + $login_err = "Please enter the new password."; + } elseif(strlen(trim($_POST["new_password"])) < 6){ + $login_err = "Password must have atleast 6 characters."; + }else if(strlen(trim($_POST["new_password"])) > 96) + { + $login_err = "Password cannot have more than 96 characters."; + } + else{ + $new_password = trim($_POST["new_password"]); + } + + // Validate confirm password + if(empty(trim($_POST["confirm_password"]))){ + $login_err = "Please confirm the password."; + } else{ + $confirm_password = trim($_POST["confirm_password"]); + if(empty($new_password_err) && ($new_password != $confirm_password)){ + $login_err = "Password did not match."; + } + } + + // Check input errors before updating the database + if(empty($login_err) ){ + // Prepare an update statement + $sql = "UPDATE users SET password = ? WHERE username = ?"; + + if($stmt = mysqli_prepare($link, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "ss", $param_password, $username); + + // Set parameters + $param_password = password_hash($new_password, PASSWORD_DEFAULT); + $username=$_SESSION["verify"]; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Password updated successfully. Destroy the session, and redirect to login page + $_SESSION["pw_reset_token"]=urlencode(bin2hex(random_bytes(24))); + session_destroy(); + header("location: login.php"); + exit(); + } else{ + echo "Oops! Something went wrong. Please try again later."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + } + else{ + $login_err = "Dein Link ist entweder abgelaufen oder ungültig. Erzeuge einen neuen, in dem du auf diesen Link klickst."; + } + // Close connection + mysqli_close($link); +} +?> + + + + + + Passwort zurücksetzen + + + + ");?> + +
+
+

Passwort zurücksetzen

+
+
+
+ + +
+
+ + +
+ +
+
+ ' . $login_err . '
'; + } + ?> +
+ + + + diff --git a/sys0-code/login/verify_account.php b/sys0-code/login/verify_account.php new file mode 100644 index 0000000..66c7a08 --- /dev/null +++ b/sys0-code/login/verify_account.php @@ -0,0 +1,52 @@ +"); + include "../assets/components.php"; + ?> + + + "); + echo("
"); + session_start(); + include "../config/config.php"; + if(isset($_GET["token"])){ + if($_GET["token"]==$_SESSION["creation_token"]){ + $username=$_SESSION["verify"]; + $sql="update users set banned=0 where username='$username'"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + header("LOCATION: /login/login.php?acc_verify_ok"); + }else{ + $login_err = "Dein Link ist entweder abgelaufen oder ungültig. Erzeuge einen neuen, in dem du auf diesen Link klickst."; + echo '
' . $login_err . '
'; + } + }else{ + $login_err = "Dein Link ist entweder abgelaufen oder ungültig. Erzeuge einen neuen, in dem du auf diesen Link klickst."; + echo '
' . $login_err . '
'; + } +?> diff --git a/sys0-code/waf/salt.php b/sys0-code/waf/salt.php new file mode 100644 index 0000000..9c8120b --- /dev/null +++ b/sys0-code/waf/salt.php @@ -0,0 +1,15 @@ +