From 0eb84f5f76bf8549bfb64669f00dc5c07a7a2f1c Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Wed, 29 Mar 2023 00:09:04 +0200 Subject: [PATCH 01/32] Update packages & docker-compose.yml --- composer.json | 1 + composer.lock | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 7a4a1e64..4990a437 100644 --- a/composer.json +++ b/composer.json @@ -15,6 +15,7 @@ "guzzlehttp/guzzle": "^7.5", "hidehalo/nanoid-php": "^1.1.12", "kkomelin/laravel-translatable-string-exporter": "^1.18", + "laminas/laminas-stdlib": "*", "laravel/framework": "^9.50.2", "laravel/tinker": "^2.8", "laravel/ui": "^3.4.6", diff --git a/composer.lock b/composer.lock index b46d1632..a87df4ec 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "0d007fe2e018692a9ff3d50fcbebabc5", + "content-hash": "646788842a2f7faaefab3ab4df6a385e", "packages": [ { "name": "aws/aws-crt-php", @@ -1852,6 +1852,65 @@ }, "time": "2023-03-14T04:18:49+00:00" }, + { + "name": "laminas/laminas-stdlib", + "version": "3.17.0", + "source": { + "type": "git", + "url": "https://github.com/laminas/laminas-stdlib.git", + "reference": "dd35c868075bad80b6718959740913e178eb4274" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/laminas/laminas-stdlib/zipball/dd35c868075bad80b6718959740913e178eb4274", + "reference": "dd35c868075bad80b6718959740913e178eb4274", + "shasum": "" + }, + "require": { + "php": "~8.1.0 || ~8.2.0" + }, + "conflict": { + "zendframework/zend-stdlib": "*" + }, + "require-dev": { + "laminas/laminas-coding-standard": "^2.5", + "phpbench/phpbench": "^1.2.9", + "phpunit/phpunit": "^10.0.16", + "psalm/plugin-phpunit": "^0.18.4", + "vimeo/psalm": "^5.8" + }, + "type": "library", + "autoload": { + "psr-4": { + "Laminas\\Stdlib\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "SPL extensions, array utilities, error handlers, and more", + "homepage": "https://laminas.dev", + "keywords": [ + "laminas", + "stdlib" + ], + "support": { + "chat": "https://laminas.dev/chat", + "docs": "https://docs.laminas.dev/laminas-stdlib/", + "forum": "https://discourse.laminas.dev", + "issues": "https://github.com/laminas/laminas-stdlib/issues", + "rss": "https://github.com/laminas/laminas-stdlib/releases.atom", + "source": "https://github.com/laminas/laminas-stdlib" + }, + "funding": [ + { + "url": "https://funding.communitybridge.org/projects/laminas-project", + "type": "community_bridge" + } + ], + "time": "2023-03-20T13:51:37+00:00" + }, { "name": "laravel/framework", "version": "v9.52.5", From c776da96ae604f14ef116d0cc0a9faaeb1457c7f Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Wed, 29 Mar 2023 01:44:39 +0200 Subject: [PATCH 02/32] This package isn't supposed to be pushed with the patch --- composer.json | 1 - composer.lock | 61 +-------------------------------------------------- 2 files changed, 1 insertion(+), 61 deletions(-) diff --git a/composer.json b/composer.json index 4990a437..7a4a1e64 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,6 @@ "guzzlehttp/guzzle": "^7.5", "hidehalo/nanoid-php": "^1.1.12", "kkomelin/laravel-translatable-string-exporter": "^1.18", - "laminas/laminas-stdlib": "*", "laravel/framework": "^9.50.2", "laravel/tinker": "^2.8", "laravel/ui": "^3.4.6", diff --git a/composer.lock b/composer.lock index a87df4ec..b46d1632 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "646788842a2f7faaefab3ab4df6a385e", + "content-hash": "0d007fe2e018692a9ff3d50fcbebabc5", "packages": [ { "name": "aws/aws-crt-php", @@ -1852,65 +1852,6 @@ }, "time": "2023-03-14T04:18:49+00:00" }, - { - "name": "laminas/laminas-stdlib", - "version": "3.17.0", - "source": { - "type": "git", - "url": "https://github.com/laminas/laminas-stdlib.git", - "reference": "dd35c868075bad80b6718959740913e178eb4274" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-stdlib/zipball/dd35c868075bad80b6718959740913e178eb4274", - "reference": "dd35c868075bad80b6718959740913e178eb4274", - "shasum": "" - }, - "require": { - "php": "~8.1.0 || ~8.2.0" - }, - "conflict": { - "zendframework/zend-stdlib": "*" - }, - "require-dev": { - "laminas/laminas-coding-standard": "^2.5", - "phpbench/phpbench": "^1.2.9", - "phpunit/phpunit": "^10.0.16", - "psalm/plugin-phpunit": "^0.18.4", - "vimeo/psalm": "^5.8" - }, - "type": "library", - "autoload": { - "psr-4": { - "Laminas\\Stdlib\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "BSD-3-Clause" - ], - "description": "SPL extensions, array utilities, error handlers, and more", - "homepage": "https://laminas.dev", - "keywords": [ - "laminas", - "stdlib" - ], - "support": { - "chat": "https://laminas.dev/chat", - "docs": "https://docs.laminas.dev/laminas-stdlib/", - "forum": "https://discourse.laminas.dev", - "issues": "https://github.com/laminas/laminas-stdlib/issues", - "rss": "https://github.com/laminas/laminas-stdlib/releases.atom", - "source": "https://github.com/laminas/laminas-stdlib" - }, - "funding": [ - { - "url": "https://funding.communitybridge.org/projects/laminas-project", - "type": "community_bridge" - } - ], - "time": "2023-03-20T13:51:37+00:00" - }, { "name": "laravel/framework", "version": "v9.52.5", From 4800a79643d3b662419765e2438e6e4abb475e76 Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Wed, 29 Mar 2023 23:23:35 +0200 Subject: [PATCH 03/32] (refactor) Remove main_site from database --- .../2023_02_01_164731_create_general_settings.php | 8 -------- 1 file changed, 8 deletions(-) diff --git a/database/settings/2023_02_01_164731_create_general_settings.php b/database/settings/2023_02_01_164731_create_general_settings.php index d93efe52..8962889a 100644 --- a/database/settings/2023_02_01_164731_create_general_settings.php +++ b/database/settings/2023_02_01_164731_create_general_settings.php @@ -20,7 +20,6 @@ class CreateGeneralSettings extends SettingsMigration $this->migrator->add('general.alert_type', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:ALERT_TYPE") : 'dark'); $this->migrator->add('general.alert_message', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:ALERT_MESSAGE") : ''); $this->migrator->add('general.theme', $table_exists ? $this->getOldValue("SETTINGS::SYSTEM:THEME") : 'default'); - $this->migrator->add('general.main_site', ''); } public function down(): void @@ -81,12 +80,6 @@ class CreateGeneralSettings extends SettingsMigration 'type' => 'string', 'description' => 'The URL to your phpMyAdmin installation.' ], - [ - 'key' => 'SETTINGS::SYSTEM:MAIN_SITE', - 'value' => $this->getNewValue('main_site'), - 'type' => 'string', - 'description' => 'The URL to your main site.' - ], ]); $this->migrator->delete('general.store_enabled'); @@ -99,7 +92,6 @@ class CreateGeneralSettings extends SettingsMigration $this->migrator->delete('general.alert_type'); $this->migrator->delete('general.alert_message'); $this->migrator->delete('general.theme'); - $this->migrator->delete('general.main_site'); } public function getNewValue(string $name) From 224900890b52b9ce3f4fdfafa2932be7c8f5e06c Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Wed, 29 Mar 2023 23:30:51 +0200 Subject: [PATCH 04/32] (fix/feat) Fix deprecations, add encryption, fix API Calls & Fix Database --- public/install/forms.php | 65 +++++++++++++++++++++++------------- public/install/functions.php | 8 ++--- 2 files changed, 46 insertions(+), 27 deletions(-) diff --git a/public/install/forms.php b/public/install/forms.php index 980ee3ce..97f45d2e 100644 --- a/public/install/forms.php +++ b/public/install/forms.php @@ -1,5 +1,6 @@ $bIv,'value'=>$value,'mac'=>$mac]; + $json = json_encode($c_arr); + return base64_encode($json); +} + if (isset($_POST['checkDB'])) { $values = [ //SETTINGS::VALUE => REQUEST-VALUE (coming from the html-form) @@ -61,14 +76,14 @@ if (isset($_POST['feedDB'])) { //$logs .= run_console(putenv('COMPOSER_HOME=' . dirname(__FILE__, 3) . '/vendor/bin/composer')); //$logs .= run_console('composer install --no-dev --optimize-autoloader'); - $logs .= run_console('php artisan migrate --seed --force'); - $logs .= run_console('php artisan db:seed --class=ExampleItemsSeeder --force'); - if (strpos(getEnvironmentValue('APP_KEY'), 'base64') === false) { + if (!str_contains(getEnvironmentValue('APP_KEY'), 'base64')) { $logs .= run_console('php artisan key:generate --force'); } else { $logs .= "Key already exists. Skipping\n"; } $logs .= run_console('php artisan storage:link'); + $logs .= run_console('php artisan migrate --seed --force'); + $logs .= run_console('php artisan db:seed --class=ExampleItemsSeeder --force'); wh_log($logs); @@ -114,17 +129,17 @@ if (isset($_POST['checkSMTP'])) { exit(); } $values = [ - 'SETTINGS::MAIL:MAILER' => $_POST['method'], - 'SETTINGS::MAIL:HOST' => $_POST['host'], - 'SETTINGS::MAIL:PORT' => $_POST['port'], - 'SETTINGS::MAIL:USERNAME' => $_POST['user'], - 'SETTINGS::MAIL:PASSWORD' => $_POST['pass'], - 'SETTINGS::MAIL:ENCRYPTION' => $_POST['encryption'], - 'SETTINGS::MAIL:FROM_ADDRESS' => $_POST['user'], + 'mail_mailer' => $_POST['method'], + 'mail_host' => $_POST['host'], + 'mail_port' => $_POST['port'], + 'mail_username' => $_POST['user'], + 'mail_password' => encrypt($_POST['pass']), + 'mail_encryption' => $_POST['encryption'], + 'mail_from_address' => $_POST['user'], ]; foreach ($values as $key => $value) { - $query = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `value` = '$value' WHERE (`key` = '$key')"; + $query = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '$value' WHERE `name` = '$key' AND `group` = mail"; $db->query($query); } @@ -146,7 +161,7 @@ if (isset($_POST['checkPtero'])) { curl_setopt($call, CURLOPT_URL, $callpteroURL); curl_setopt($call, CURLOPT_RETURNTRANSFER, true); curl_setopt($call, CURLOPT_HTTPHEADER, [ - 'Accept: application/json', + 'Accept: Application/vnd.pterodactyl.v1+json', 'Content-Type: application/json', 'Authorization: Bearer '.$clientkey, ]); @@ -160,7 +175,7 @@ if (isset($_POST['checkPtero'])) { curl_setopt($ch, CURLOPT_URL, $pteroURL); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Accept: application/json', + 'Accept: Application/vnd.pterodactyl.v1+json', 'Content-Type: application/json', 'Authorization: Bearer '.$key, ]); @@ -168,18 +183,21 @@ if (isset($_POST['checkPtero'])) { $result = json_decode($response, true); curl_close($ch); // Close the connection - if (! is_array($result) or in_array($result['errors'][0]['code'], $result)) { - header('LOCATION: index.php?step=5&message=Couldnt connect to Pterodactyl. Make sure your API key has all read and write permissions!'); + if (! is_array($result) and $result['errors'][0] !== null) { + header('LOCATION: index.php?step=5&message=Couldn\'t connect to Pterodactyl. Make sure your API key has all read and write permissions!'); wh_log('API CALL ERROR: '.$result['errors'][0]['code']); exit(); - } elseif (! is_array($callresult) or in_array($result['errors'][0]['code'], $result) or $callresult['attributes']['admin'] == false) { + } elseif (! is_array($callresult) and $callresult['errors'][0] !== null or $callresult['attributes']['admin'] == false) { header('LOCATION: index.php?step=5&message=Your ClientAPI Key is wrong or the account is not an admin!'); - wh_log('API CALL ERROR: '.$result['errors'][0]['code']); + wh_log('API CALL ERROR: '.$callresult['errors'][0]['code']); exit(); } else { - $query1 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `value` = '$url' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:URL')"; - $query2 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `value` = '$key' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:TOKEN')"; - $query3 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `value` = '$clientkey' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN')"; + $key = encrypt($key); + $clientkey = encrypt($clientkey); + + $query1 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '".json_encode($url)."' WHERE (`name` = 'panel_url' AND `group` = 'pterodactyl')"; + $query2 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '".json_encode($key)."' WHERE (`name` = 'admin_token' AND `group` = 'pterodactyl')"; + $query3 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '".json_encode($clientkey)."' WHERE (`name` = 'user_token' AND `group` = 'pterodactyl')"; $db = new mysqli(getEnvironmentValue('DB_HOST'), getEnvironmentValue('DB_USERNAME'), getEnvironmentValue('DB_PASSWORD'), getEnvironmentValue('DB_DATABASE'), getEnvironmentValue('DB_PORT')); if ($db->connect_error) { @@ -209,8 +227,9 @@ if (isset($_POST['createUser'])) { $pass = $_POST['pass']; $repass = $_POST['repass']; - $key = $db->query('SELECT `value` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `key` = 'SETTINGS::SYSTEM:PTERODACTYL:TOKEN'")->fetch_assoc(); - $pterobaseurl = $db->query('SELECT `value` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `key` = 'SETTINGS::SYSTEM:PTERODACTYL:URL'")->fetch_assoc(); + $key = $db->query('SELECT `payload` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `name` = 'admin_token' AND `group` = 'pterodactyl'")->fetch_assoc(); + $key = encrypt($key['value']); + $pterobaseurl = $db->query('SELECT `payload` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `name` = 'panel_url' AND `group` = 'pterodactyl'")->fetch_assoc(); $pteroURL = $pterobaseurl['value'].'/api/application/users/'.$pteroID; $ch = curl_init(); @@ -220,7 +239,7 @@ if (isset($_POST['createUser'])) { curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Accept: application/json', 'Content-Type: application/json', - 'Authorization: Bearer '.$key['value'], + 'Authorization: Bearer '.$key, ]); $response = curl_exec($ch); $result = json_decode($response, true); diff --git a/public/install/functions.php b/public/install/functions.php index ed983c57..39410c81 100644 --- a/public/install/functions.php +++ b/public/install/functions.php @@ -31,7 +31,7 @@ function getMySQLVersion() { global $requirements; - $output = shell_exec('mysql -V'); + $output = shell_exec('mysql -V') ?? ''; preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $version); $versionoutput = $version[0] ?? '0'; @@ -41,7 +41,7 @@ function getMySQLVersion() function getZipVersion() { - $output = shell_exec('zip -v'); + $output = shell_exec('zip -v') ?? ''; preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $version); $versionoutput = $version[0] ?? 0; @@ -51,7 +51,7 @@ function getZipVersion() function getGitVersion() { - $output = shell_exec('git --version'); + $output = shell_exec('git --version') ?? ''; preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $version); $versionoutput = $version[0] ?? 0; @@ -61,7 +61,7 @@ function getGitVersion() function getTarVersion() { - $output = shell_exec('tar --version'); + $output = shell_exec('tar --version') ?? ''; preg_match('@[0-9]+\.[0-9]+@', $output, $version); $versionoutput = $version[0] ?? 0; From a9b7531ab14fb085c5065568b1c1751b6387a1c2 Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Thu, 30 Mar 2023 00:29:04 +0200 Subject: [PATCH 05/32] (refactor) Refactor encryption method --- public/install/forms.php | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/public/install/forms.php b/public/install/forms.php index 97f45d2e..892e7978 100644 --- a/public/install/forms.php +++ b/public/install/forms.php @@ -1,6 +1,5 @@ $bIv,'value'=>$value,'mac'=>$mac]; - $json = json_encode($c_arr); - return base64_encode($json); -} if (isset($_POST['checkDB'])) { $values = [ @@ -133,7 +119,7 @@ if (isset($_POST['checkSMTP'])) { 'mail_host' => $_POST['host'], 'mail_port' => $_POST['port'], 'mail_username' => $_POST['user'], - 'mail_password' => encrypt($_POST['pass']), + 'mail_password' => encryptSettingsValue($_POST['pass']), 'mail_encryption' => $_POST['encryption'], 'mail_from_address' => $_POST['user'], ]; @@ -192,8 +178,8 @@ if (isset($_POST['checkPtero'])) { wh_log('API CALL ERROR: '.$callresult['errors'][0]['code']); exit(); } else { - $key = encrypt($key); - $clientkey = encrypt($clientkey); + $key = encryptSettingsValue($key); + $clientkey = encryptSettingsValue($clientkey); $query1 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '".json_encode($url)."' WHERE (`name` = 'panel_url' AND `group` = 'pterodactyl')"; $query2 = 'UPDATE `'.getEnvironmentValue('DB_DATABASE')."`.`settings` SET `payload` = '".json_encode($key)."' WHERE (`name` = 'admin_token' AND `group` = 'pterodactyl')"; @@ -228,7 +214,7 @@ if (isset($_POST['createUser'])) { $repass = $_POST['repass']; $key = $db->query('SELECT `payload` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `name` = 'admin_token' AND `group` = 'pterodactyl'")->fetch_assoc(); - $key = encrypt($key['value']); + $key = encryptSettingsValue($key['value']); $pterobaseurl = $db->query('SELECT `payload` FROM `'.getEnvironmentValue('DB_DATABASE')."`.`settings` WHERE `name` = 'panel_url' AND `group` = 'pterodactyl'")->fetch_assoc(); $pteroURL = $pterobaseurl['value'].'/api/application/users/'.$pteroID; From 08e09c5d08a69f8e95c6f01b46d1c89d3da5f4cd Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Thu, 30 Mar 2023 00:30:19 +0200 Subject: [PATCH 06/32] (feat) New encryption and decryption functions (refactor) Modify the get and set environment functions (refactor) Refactor the entire functions.php file. --- public/install/functions.php | 153 ++++++++++++++++++++++++++--------- 1 file changed, 114 insertions(+), 39 deletions(-) diff --git a/public/install/functions.php b/public/install/functions.php index 39410c81..9b0984cb 100644 --- a/public/install/functions.php +++ b/public/install/functions.php @@ -1,6 +1,9 @@ '8.1', @@ -8,7 +11,11 @@ $requirements = [ 'mysql' => '5.7.22', ]; -function checkPhpVersion() +/** + * Check if the minimum PHP version is present + * @return string 'OK' on success and 'not OK' on failure. + */ +function checkPhpVersion(): string { global $requirements; if (version_compare(phpversion(), $requirements['minPhp'], '>=') && version_compare(phpversion(), $requirements['maxPhp'], '<=')) { @@ -17,17 +24,31 @@ function checkPhpVersion() return 'not OK'; } -function checkWriteable() + +/** + * Check if the environment file is writable + * @return bool Returns true on writable and false on not writable. + */ +function checkWriteable(): bool { return is_writable('../../.env'); } -function checkHTTPS() + +/** + * Check if the server runs using HTTPS + * @return bool Returns true on HTTPS or false on HTTP. + */ +function checkHTTPS(): bool { return (! empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; } -function getMySQLVersion() +/** + * Check if MySQL is installed and runs the correct version using a shell command + * @return mixed|string 'OK' if required version is met, returns MySQL version if not met. + */ +function getMySQLVersion(): mixed { global $requirements; @@ -39,7 +60,11 @@ function getMySQLVersion() return intval($versionoutput) > intval($requirements['mysql']) ? 'OK' : $versionoutput; } -function getZipVersion() +/** + * Check if zip is installed using a shell command + * @return string 'OK' on success and 'not OK' on failure. + */ +function getZipVersion(): string { $output = shell_exec('zip -v') ?? ''; preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $version); @@ -49,7 +74,11 @@ function getZipVersion() return $versionoutput != 0 ? 'OK' : 'not OK'; } -function getGitVersion() +/** + * Check if git is installed using a shell command + * @return string 'OK' on success and 'not OK' on failure. + */ +function getGitVersion(): string { $output = shell_exec('git --version') ?? ''; preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $version); @@ -59,7 +88,11 @@ function getGitVersion() return $versionoutput != 0 ? 'OK' : 'not OK'; } -function getTarVersion() +/** + * Check if tar is installed using a shell command + * @return string 'OK' on success and 'not OK' on failure. + */ +function getTarVersion(): string { $output = shell_exec('tar --version') ?? ''; preg_match('@[0-9]+\.[0-9]+@', $output, $version); @@ -69,14 +102,18 @@ function getTarVersion() return $versionoutput != 0 ? 'OK' : 'not OK'; } -function checkExtensions() +/** + * Check all extensions to see if they have loaded or not + * @return array Returns an array of extensions that failed to load. + */ +function checkExtensions(): array { - global $required_extentions; + global $required_extensions; $not_ok = []; $extentions = get_loaded_extensions(); - foreach ($required_extentions as $ext) { + foreach ($required_extensions as $ext) { if (! preg_grep('/^(?=.*'.$ext.').*$/', $extentions)) { array_push($not_ok, $ext); } @@ -85,38 +122,66 @@ function checkExtensions() return $not_ok; } -function setEnvironmentValue($envKey, $envValue) +/** + * Sets the environment variable into the env file + * @param string $envKey The environment key to set or modify + * @param string $envValue The environment variable to set + * @return bool true on success or false on failure. + */ +function setEnvironmentValue(string $envKey, $envValue) { - $envFile = dirname(__FILE__, 3).'/.env'; - $str = file_get_contents($envFile); - - $str .= "\n"; // In case the searched variable is in the last line without \n - $keyPosition = strpos($str, "{$envKey}="); - $endOfLinePosition = strpos($str, PHP_EOL, $keyPosition); - $oldLine = substr($str, $keyPosition, $endOfLinePosition - $keyPosition); - $str = str_replace($oldLine, "{$envKey}={$envValue}", $str); - $str = substr($str, 0, -1); - - $fp = fopen($envFile, 'w'); - fwrite($fp, $str); - fclose($fp); + $str = "{$envKey}={$envValue}"; + return putenv($str); } -function getEnvironmentValue($envKey) +/** + * Gets the variable from the env file + * @param string $envKey The environment variable to look for + * @return array|false|string Returns the value if found, otherwise returns false. + */ +function getEnvironmentValue(string $envKey): array|false|string { - $envFile = dirname(__FILE__, 3).'/.env'; - $str = file_get_contents($envFile); - - $str .= "\n"; // In case the searched variable is in the last line without \n - $keyPosition = strpos($str, "{$envKey}="); - $endOfLinePosition = strpos($str, PHP_EOL, $keyPosition); - $oldLine = substr($str, $keyPosition, $endOfLinePosition - $keyPosition); - $value = substr($oldLine, strpos($oldLine, '=') + 1); - - return $value; + return getenv($envKey); } -function run_console($command) + +/** + * Encrypts the variable passed and returns the encrypted version + * @param mixed $value The variable to be encrypted + * @return string Returns the encrypted variable. + */ +function encryptSettingsValue(mixed $value): string +{ + $appKey = getEnvironmentValue('APP_KEY'); + $appKey = base64_decode(Str::after($appKey, 'base64:')); + $encrypter = new Encrypter($appKey, 'AES-256-CBC'); + $encryptedKey = $encrypter->encrypt($value); + + return $encryptedKey; +} + +/** + * Decrypts the payload passed and returns the decrypted version + * @param mixed $payload The payload to be decrypted + * @return mixed Returns the decrypted variable on success, throws otherwise. + */ + +function decryptSettingsValue(mixed $payload, $unserialize = true) +{ + $appKey = getEnvironmentValue('APP_KEY'); + $appKey = base64_decode(Str::after($appKey, 'base64:')); + $encrypter = new Encrypter($appKey, 'AES-256-CBC'); + $decryptedKey = $encrypter->decrypt($payload, $unserialize); + + return $decryptedKey; +} + +/** + * Run a shell command + * @param string $command The command string to run + * @return false|string|null Returns the result from the command. + */ +function run_console(string $command) { $path = dirname(__FILE__, 3); $cmd = "cd '$path' && bash -c 'exec -a ServerCPP $command' 2>&1"; @@ -124,7 +189,12 @@ function run_console($command) return shell_exec($cmd); } -function wh_log($log_msg) +/** + * Log to installer.log in the install folder + * @param string $log_msg the message to log + * @return void No output. + */ +function wh_log(string $log_msg) { $log_filename = 'logs'; if (! file_exists($log_filename)) { @@ -136,7 +206,12 @@ function wh_log($log_msg) file_put_contents($log_file_data, '['.date('h:i:s').'] '.$log_msg."\n", FILE_APPEND); } -function generateRandomString($length = 8) +/** + * Generate a random string + * @param int $length The length of the random string + * @return string The randomly generated string. + */ +function generateRandomString(int $length = 8): string { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); From 63c435c61029bd23f66f8456dd58a1306b8ac83a Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Thu, 30 Mar 2023 00:37:15 +0200 Subject: [PATCH 07/32] (refactor) More refactoring, also add missing serialize method --- public/install/functions.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/public/install/functions.php b/public/install/functions.php index 9b0984cb..0aa6390a 100644 --- a/public/install/functions.php +++ b/public/install/functions.php @@ -146,23 +146,25 @@ function getEnvironmentValue(string $envKey): array|false|string /** - * Encrypts the variable passed and returns the encrypted version + * Encrypt the given value * @param mixed $value The variable to be encrypted + * @param bool $serialize If the encryption should be serialized * @return string Returns the encrypted variable. */ -function encryptSettingsValue(mixed $value): string +function encryptSettingsValue(mixed $value, $serialize = true): string { $appKey = getEnvironmentValue('APP_KEY'); $appKey = base64_decode(Str::after($appKey, 'base64:')); $encrypter = new Encrypter($appKey, 'AES-256-CBC'); - $encryptedKey = $encrypter->encrypt($value); + $encryptedKey = $encrypter->encrypt($value, $serialize); return $encryptedKey; } /** - * Decrypts the payload passed and returns the decrypted version + * Decrypt the given value * @param mixed $payload The payload to be decrypted + * @param bool $unserialize If the encryption should be unserialized * @return mixed Returns the decrypted variable on success, throws otherwise. */ From 4d97c1473b13e0f9a4e34a24b8495d035a336962 Mon Sep 17 00:00:00 2001 From: AGuyNamedJens Date: Thu, 30 Mar 2023 00:45:42 +0200 Subject: [PATCH 08/32] (refactor) Forgot to include autoload file --- public/install/forms.php | 1 - public/install/functions.php | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/public/install/forms.php b/public/install/forms.php index 892e7978..68b08e85 100644 --- a/public/install/forms.php +++ b/public/install/forms.php @@ -1,5 +1,4 @@ Date: Thu, 30 Mar 2023 01:10:55 +0200 Subject: [PATCH 09/32] (refactor) Refactor index.php --- public/install/index.php | 606 ++++++++++++++++++++------------------- 1 file changed, 305 insertions(+), 301 deletions(-) diff --git a/public/install/index.php b/public/install/index.php index b002282b..2651531b 100644 --- a/public/install/index.php +++ b/public/install/index.php @@ -52,8 +52,8 @@ $cardheader = '
'; -if (! isset($_GET['step'])) { - if (! file_exists('../../.env')) { +if (!isset($_GET['step'])) { + if (!file_exists('../../.env')) { echo run_console('cp .env.example .env'); } echo $cardheader; ?> @@ -71,11 +71,11 @@ if (! isset($_GET['step'])) {

Missing php-extentions:

+ echo count(checkExtensions()) == 0 ? '' : '(Proceed anyway)'; ?>

- @endsection