djpbessems
/
lucidAuth
1
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Periodic merge upstream #2

Manually merged
djpbessems merged 9 commits from development into master 2019-03-13 10:44:30 +00:00
Conversation 0 Commits 9 Files Changed 18 +1950 -1619
18 changed files with 1950 additions and 1619 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1348
LICENSE.md
View File

File diff suppressed because it is too large Load Diff

64
README.md
View File

@ -1,32 +1,32 @@
# lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik
Add the following lines (change to reflect your existing configuration):
```
[frontends.server1]
entrypoints = ["https"]
backend = "server1"
[frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes]
[frontends.server1.routes.ext]
rule = "Host:<fqdn>"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs
Feel free to open issues in this repository (or in its mirror on [GitHub](#)).
# lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik
Add the following lines (change to reflect your existing configuration):
```
[frontends.server1]
entrypoints = ["https"]
backend = "server1"
[frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes]
[frontends.server1.routes.ext]
rule = "Host:<fqdn>"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs
Feel free to open issues in this repository.

297
include/lucidAuth.functions.php
View File

@ -1,147 +1,152 @@
<?php
$configurationFile = '../lucidAuth.config.php';
if (!file_exists($configurationFile)) {
throw new Exception(sprintf('Missing config file. Please rename \'%1$s.example\' to \'%1$s\' and edit it to reflect your setup.', explode('../', $configurationFile)[1]));
}
$settings = include_once($configurationFile);
try {
# switch ($settings->Database['Driver']) {
# case 'sqlite':
# $database = new PDO('sqlite:' . $settings->Database['Path']);
if (is_writable($settings->Sqlite['Path'])) {
$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
} else {
throw new Exception(sprintf('Database file \'%1$s\' is not writable', $settings->Sqlite['Path']));
}
# }
}
catch (Exception $e) {
throw new Exception(sprintf('Unable to connect to database \'%1$s\'', $settings->Sqlite['Path']));
}
function authenticateLDAP (string $username, string $password) {
global $settings;
if (!empty($username) && !empty($password)) {
// Handle login requests
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
// Strict namingconvention: only allow alphabetic characters
$sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
$qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername;
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName // Common name (as retrieved from AD)
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
return ['status' => 'Success', 'token' => $secureToken];
} else {
// LDAP authentication failed!
return ['status' => 'Fail', 'reason' => '1'];
}
} else {
// Empty username or passwords not allowed!
return ['status' => 'Fail', 'reason' => '1'];
}
}
function storeToken (string $secureToken, string $qualifiedUsername, string $httpHost) {
global $settings, $pdoDB;
// Save authentication token in database serverside
try {
$pdoQuery = $pdoDB->prepare('
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE User.Username = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $secureToken,
':qualifiedusername' => $qualifiedUsername
]);
}
catch (Exception $e) {
return ['status' => 'Fail', 'reason' => $e];
}
// Save authentication token in cookie clientside
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
// Check if $_SERVER['HTTP_HOST'] matches any of the configured domains (either explicitly or as a subdomain)
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
return ['status' => 'Success'];
} else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
}
}
function validateToken (string $secureToken) {
global $settings, $pdoDB;
// Decode provided authentication token
try {
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
// Invalid token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token could not be decoded' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '1'];
}
if ((int)$jwtPayload->iat < (time() - (int)$settings->Session['Duration'])) {
// Expired token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token has expired' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '3'];
}
// Retrieve all authentication tokens from database matching username
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Value
FROM SecureToken
LEFT JOIN User
ON (User.Id=SecureToken.UserId)
WHERE User.Username = :username
');
$pdoQuery->execute([
':username' => (string)$jwtPayload->sub
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
continue;
}
}
// Compare provided authentication token to all stored tokens in database
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
return $value->iat === $jwtPayload->iat;
})) === 1) {
return ['status' => 'Success'];
} else {
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- No matching token in database' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '2'];
}
}
<?php
$configurationFile = '../lucidAuth.config.php';
if (!file_exists($configurationFile)) {
throw new Exception(sprintf('Missing config file. Please rename \'%1$s.example\' to \'%1$s\' and edit it to reflect your setup.', explode('../', $configurationFile)[1]));
}
$settings = include_once($configurationFile);
try {
# switch ($settings->Database['Driver']) {
# case 'sqlite':
# $database = new PDO('sqlite:' . $settings->Database['Path']);
if (is_writable($settings->Sqlite['Path'])) {
$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
} else {
throw new Exception(sprintf('Database file \'%1$s\' is not writable', $settings->Sqlite['Path']));
}
# }
}
catch (Exception $e) {
throw new Exception(sprintf('Unable to connect to database \'%1$s\'', $settings->Sqlite['Path']));
}
function authenticateLDAP (string $username, string $password) {
global $settings;
if (!empty($username) && !empty($password)) {
// Handle login requests
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
// Strict namingconvention: only allow alphabetic characters
$sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
$qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername;
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName // Common name (as retrieved from AD)
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
return ['status' => 'Success', 'token' => $secureToken];
} else {
// LDAP authentication failed!
return ['status' => 'Fail', 'reason' => '1'];
}
} else {
// Empty username or passwords not allowed!
return ['status' => 'Fail', 'reason' => '1'];
}
}
function storeToken (string $secureToken, string $qualifiedUsername, string $httpHost) {
global $settings, $pdoDB;
// Save authentication token in database serverside
try {
$pdoQuery = $pdoDB->prepare('
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE LOWER(User.Username) = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $secureToken,
':qualifiedusername' => strtolower($qualifiedUsername)
]);
}
catch (Exception $e) {
return ['status' => 'Fail', 'reason' => $e];
}
// Save authentication token in cookie clientside
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
// Check if $_SERVER['HTTP_HOST'] matches any of the configured domains (either explicitly or as a subdomain)
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
return ['status' => 'Success'];
} else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
}
}
function validateToken (string $secureToken) {
global $settings, $pdoDB;
// Decode provided authentication token
try {
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
// Invalid token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token could not be decoded' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '1'];
}
if ((int)$jwtPayload->iat < (time() - (int)$settings->Session['Duration'])) {
// Expired token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token has expired' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '3'];
}
// Retrieve all authentication tokens from database matching username
$pdoQuery = $pdoDB->prepare('
SELECT User.Id, SecureToken.Value
FROM SecureToken
LEFT JOIN User
ON (User.Id=SecureToken.UserId)
WHERE LOWER(User.Username) = :username
');
$pdoQuery->execute([
':username' => (string) strtolower($jwtPayload->sub)
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
$currentUserId = $row['Id'];
} catch (Exception $e) {
continue;
}
}
// Compare provided authentication token to all stored tokens in database
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
return $value->iat === $jwtPayload->iat;
})) === 1) {
return [
'status' => 'Success',
'name' => $jwtPayload->name,
'uid' => $currentUserId
];
} else {
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Either no matching token or multiple matching tokens found in database' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '2'];
}
}
?>

272
include/lucidAuth.template.php
View File

@ -1,123 +1,151 @@
<?php
error_reporting(E_ALL & ~E_NOTICE);
$pageLayout['full'] = <<<'FULL'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#B50000" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/manifest.json" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.theme.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div id="horizon">
<div id="content">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
<div class="main">
%1$s
</div>
</div>
</div>
</body>
</html>
FULL;
$pageLayout['bare'] = <<<'BARE'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script>
</head>
<body>
%1$s
</body>
</html>
BARE;
$contentLayout['login'] = <<<LOGIN
<script src="misc/script.index.js"></script>
<fieldset>
<legend>Login Details</legend>
<ul>
<li>
<label class="pre" for="username" data-translation="label_username">Gebruikersnaam:</label>
<input type="text" id="username" name="username" tabindex="100" />
<label for="username">@lucidAuth</label>
</li>
<li>
<label class="pre" for="password" data-translation="label_password">Wachtwoord:</label>
<input type="password" id="password" name="password" tabindex="200" />
</li>
<li>
<input type="hidden" id="ref" name="ref" value="{$_GET['ref']}" />
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
</li>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li class="misc">
<span class="indent" data-translation="span_credentialsavailable">Inloggegevens verkrijgbaar op aanvraag!</span>
</li>
</ul>
</fieldset>
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN;
$contentLayout['manage'] = <<<MANAGE
<script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;{$_SESSION['fullname']}&nbsp;---&nbsp;[<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>]&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
<!-- <fieldset style="clear: both;">
<legend>Beheer Account</legend>
<ul>
<li>
</li>
<li>
<button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
</li>
<li>
<label id="labelallaliases" class="pre" for="allaliases" data-translation="label_allaliases">Alle aliassen:</label><output id="aliasstats">[--]</output>
<select id="allaliases" size="10" multiple="multiple" tabindex="300">
</select>
</li>
<li>
<button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
</li>
<li>
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" style="background-position: center;" tabindex="500" data-translation="button_sync">synchroniseer</button>
</li>
</ul>
</fieldset>
-->
MANAGE;
$contentLayout['dialog'] = <<<DIALOG
<ul class="dialog">
<li>
<!--REPL_DIALOGDESC-->
</li>
<li>
<button id="btnhome" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_home">ga naar startpagina</button>
</li>
</ul>
DIALOG;
<?php
error_reporting(E_ALL & ~E_NOTICE);
$pageLayout['full'] = <<<'FULL'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#003399" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div id="horizon">
<div id="content">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
<div class="main">
%1$s
</div>
</div>
</div>
</body>
</html>
FULL;
$pageLayout['full_alt'] = <<<'FULL_ALT'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#003399" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.panes.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div class="wrapper">
<section id="theme" class="content">
<div class="columns">
<main class="main">
<header class="header">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
%1$s
</header>
<section>
%2$s
</section>
</main>
<aside class="sidebar-first"></aside>
<aside class="sidebar-second"></aside>
</div>
</section>
</div>
</body>
</html>
FULL_ALT;
$pageLayout['bare'] = <<<'BARE'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script>
</head>
<body>
%1$s
</body>
</html>
BARE;
$contentLayout['login'] = <<<'LOGIN'
<script src="misc/script.index.js"></script>
<section>
<ul>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li>
<label class="pre" for="username" data-translation="label_username">Username:</label>
<input type="text" id="username" name="username" tabindex="100" />
<label for="username">@lucidAuth</label>
</li>
<li>
<label class="pre" for="password" data-translation="label_password">Password:</label>
<input type="password" id="password" name="password" tabindex="200" />
</li>
<li>
<input type="hidden" id="ref" name="ref" value="%1$s" />
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
</li>
<li class="misc">
<span class="indent" data-translation="span_credentialsavailable">Login credentials available upon request!</span>
</li>
</ul>
</section>
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN;
$contentLayout['manage']['header'] = <<<'MANAGE_HEADER'
<script src="misc/script.editable.table.js"></script>
<script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
<ul style="clear: both; margin-top: 20px;">
<li class="buttons">
<button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button>
&nbsp;
<button id="btnsave" class="bttn-simple bttn-xs bttn-primary" data-translation="button_save">save</button>
<button id="btncancel" class="bttn-simple bttn-xs bttn-primary" data-translation="button_cancel">cancel</button>
</li>
</ul>
MANAGE_HEADER;
$contentLayout['manage']['section'] = <<<'MANAGE_SECTION'
<ul>
<li>
<table id="usertable">
<thead>
<tr>
<th class="immutable" data-translation="th_username">Username</th>
<th class="immutable" data-translation="th_role">Role</th>
<th class="immutable" data-translation="th_manage">Manage</th>
</tr>
</thead>
<tbody>
%1$s
</tbody>
</table>
</li>
</ul>
MANAGE_SECTION;
?>

104
lucidAuth.config.php.example
View File

@ -1,53 +1,53 @@
<?php
error_reporting(E_ALL & ~E_NOTICE);
include_once('include/JWT/JWT.php');
return (object) array(
'LDAP' => [
'Server' => 'server.domain.tld',
// FQDN of the LDAP-server
'Port' => 389,
// Port of the LDAP-server; default port is 389
'BaseDN' => 'OU=Users,DC=domain,DC=tld',
// Location of your useraccounts
// Syntax:
// 'OU=container,DC=domain,DC=tld'
'Domain' => 'domain'
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
],
'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored
],
'JWT' => [
'PrivateKey_base64' => '',
// A base64-encoded random (preferably long) string (see https://www.base64encode.org/)
'Algorithm' => [
'HS256',
]
],
'Session' => [
'Duration' => 2592000,
// In seconds (2592000 is equivalent to 30 days)
'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
]
// Domain(s) that will be used to set cookie-domains to
// (multiple domains are allowed; remove the '#' above)
],
'Debug' => [
'Verbose' => False,
'LogToFile' => False
]
);
<?php
error_reporting(E_ALL & ~E_NOTICE);
include_once('include/JWT/JWT.php');
return (object) array(
'LDAP' => [
'Server' => 'server.domain.tld',
// FQDN of the LDAP-server
'Port' => 389,
// Port of the LDAP-server; default port is 389
'BaseDN' => 'OU=Users,DC=domain,DC=tld',
// Location of your useraccounts
// Syntax:
// 'OU=container,DC=domain,DC=tld'
'Domain' => 'domain'
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
],
'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored
],
'JWT' => [
'PrivateKey_base64' => '',
// A base64-encoded random (preferably long) string (see https://www.base64encode.org/)
'Algorithm' => [
'HS256',
]
],
'Session' => [
'Duration' => 2592000,
// In seconds (2592000 is equivalent to 30 days)
'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
]
// Domain(s) that will be used to set cookie-domains to
// (multiple domains are allowed; remove the '#' above)
],
'Debug' => [
'Verbose' => False,
'LogToFile' => False
]
);
?>

124
public/lucidAuth.login.php
View File

@ -1,53 +1,73 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
echo $settings->Debug['Verbose'];
if ($_POST['do'] == 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] == 'Success') {
// Store authentication token; in database serverside & in cookie clientside
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
// Since this action is only ever called through an AJAX-request; return JSON object
echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
exit;
}
// Convert base64 encoded string back from JSON;
// forcing it into an associative array (instead of javascript's default StdClass object)
try {
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Since this action is only ever called through an AJAX-request; return JSON object
echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
exit;
}
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
// Since this request is only ever called through an AJAX-request; return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
]);
# echo sprintf('{"Result":"Success","Location":"%1$s","CrossDomainLogin":%2$s}', $originalUri, $settings->Session['CrossDomainLogin'] ? 'True' : 'False') . PHP_EOL;
} else {
switch ($result['reason']) {
case '1':
echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL;
break;
default:
echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL;
}
}
} else {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'], $contentLayout['login']);
}
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if ($_POST['do'] == 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] === 'Success') {
// Store authentication token; in database serverside & in cookie clientside
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Failed storing authentication token in database and/or cookie"
]);
# echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
exit;
}
// Convert base64 encoded string back from JSON;
// forcing it into an associative array (instead of javascript's default StdClass object)
try {
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Original request-URI lost in transition"
]);
# echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
exit;
}
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
]);
} else {
switch ($result['reason']) {
case '1':
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Invalid username and/or password"
]);
break;
default:
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Uncaught error"
]);
break;
}
}
} else {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'],
sprintf($contentLayout['login'],
$_GET['ref']
)
);
}
?>

51
public/lucidAuth.manage.php Normal file
View File

@ -0,0 +1,51 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if (!empty($_COOKIE['JWT'])) {
$validateTokenResult = validateToken($_COOKIE['JWT']);
}
if ($validateTokenResult['status'] === "Success") {
include_once('../include/lucidAuth.template.php');
try {
$allUsers = $pdoDB->query('
SELECT User.Id, User.Username, Role.Rolename
FROM User
LEFT JOIN Role
ON (Role.Id = User.RoleId)
')->fetchAll(PDO::FETCH_ASSOC);
} catch (Exception $e) {
// Should really do some actual errorhandling here
throw new Exception($e);
}
foreach($allUsers as $row) {
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
$row['Id'],
explode('\\', $row['Username'])[1],
$row['Rolename'],
'<button class="bttn-simple bttn-xs bttn-primary" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : '&nbsp;<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
);
}
echo sprintf($pageLayout['full_alt'],
sprintf($contentLayout['manage']['header'],
$validateTokenResult['name']
),
sprintf($contentLayout['manage']['section'],
implode($tableRows)
)
);
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php");
}
?>

46
public/lucidAuth.setXDomainCookie.php
View File

@ -1,24 +1,24 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
// approach 1:
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
// this might be slower because it means one additional roundtrip between client and server
// approach 2:
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare',
'// iFrames go here'
);
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
// approach 1:
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
// this might be slower because it means one additional roundtrip between client and server
// approach 2:
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare'],
'// iFrames go here'
);
?>

82
public/lucidAuth.validateRequest.php
View File

@ -1,42 +1,42 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
$proxyHeaders = array();
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
// Trim and then convert all headers to camelCase
$proxyHeaders[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
}
}
// Keep only headers relevant for proxying
$proxyHeaders = array_filter($proxyHeaders, function ($key) {
return substr($key, 0, 10) === 'XForwarded';
}, ARRAY_FILTER_USE_KEY);
// For debugging purposes - enable it in ../lucidAuth.config.php
if ($settings->Debug['LogToFile']) {
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
}
if (sizeof($proxyHeaders) === 0) {
// Non-proxied request; this is senseless, go fetch!
header("HTTP/1.1 403 Forbidden");
exit;
}
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
// Valid authentication token found
header("HTTP/1.1 202 Accepted");
exit;
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
}
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
$proxyHeaders = array();
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
// Trim and then convert all headers to camelCase
$proxyHeaders[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
}
}
// Keep only headers relevant for proxying
$proxyHeaders = array_filter($proxyHeaders, function ($key) {
return substr($key, 0, 10) === 'XForwarded';
}, ARRAY_FILTER_USE_KEY);
// For debugging purposes - enable it in ../lucidAuth.config.php
if ($settings->Debug['LogToFile']) {
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
}
if (sizeof($proxyHeaders) === 0) {
// Non-proxied request; this is senseless, go fetch!
header("HTTP/1.1 403 Forbidden");
exit;
}
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
// Valid authentication token found
header("HTTP/1.1 202 Accepted");
exit;
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
}
?>

131
public/misc/script.editable.table.js Normal file
View File

@ -0,0 +1,131 @@
/*global $, window*/
$.fn.editableTableWidget = function (options) {
'use strict';
return $(this).each(function () {
var buildDefaultOptions = function () {
var opts = $.extend({}, $.fn.editableTableWidget.defaultOptions);
opts.editor = opts.editor.clone();
return opts;
},
activeOptions = $.extend(buildDefaultOptions(), options),
ARROW_LEFT = 37, ARROW_UP = 38, ARROW_RIGHT = 39, ARROW_DOWN = 40, ENTER = 13, ESC = 27, TAB = 9,
element = $(this),
editor = activeOptions.editor.css('position', 'absolute').hide().appendTo(element.parent()),
active,
showEditor = function (select) {
active = element.find('td:focus:not(".immutable")');
if (active.length) {
editor.val(active.text())
.removeClass('error')
.show()
.offset(active.offset())
.css(active.css(activeOptions.cloneProperties))
.width(active.width())
.height(active.height())
.focus();
if (select) {
editor.select();
}
}
},
setActiveText = function () {
var text = editor.val(),
evt = $.Event('change'),
originalContent;
if (active.text() === text || editor.hasClass('error')) {
return true;
}
originalContent = active.html();
active.text(text).trigger(evt, text);
if (evt.result === false) {
active.html(originalContent);
}
},
movement = function (element, keycode) {
if (keycode === ARROW_RIGHT) {
return element.next('td');
} else if (keycode === ARROW_LEFT) {
return element.prev('td');
} else if (keycode === ARROW_UP) {
return element.parent().prev().children().eq(element.index());
} else if (keycode === ARROW_DOWN) {
return element.parent().next().children().eq(element.index());
}
return [];
};
editor.blur(function () {
setActiveText();
editor.hide();
}).keydown(function (e) {
if (e.which === ENTER) {
setActiveText();
editor.hide();
active.focus();
e.preventDefault();
e.stopPropagation();
} else if (e.which === ESC) {
editor.val(active.text());
e.preventDefault();
e.stopPropagation();
editor.hide();
active.focus();
} else if (e.which === TAB) {
active.focus();
} else if (this.selectionEnd - this.selectionStart === this.value.length) {
var possibleMove = movement(active, e.which);
if (possibleMove.length > 0) {
possibleMove.focus();
e.preventDefault();
e.stopPropagation();
}
}
})
.on('input paste', function () {
var evt = $.Event('validate');
active.trigger(evt, editor.val());
if (evt.result === false) {
editor.addClass('error');
} else {
editor.removeClass('error');
}
});
element.on('click keypress dblclick', showEditor)
.css('cursor', 'pointer')
.keydown(function (e) {
var prevent = true,
possibleMove = movement($(e.target), e.which);
if (possibleMove.length > 0) {
possibleMove.focus();
} else if (e.which === ENTER) {
showEditor(false);
} else if (e.which === 17 || e.which === 91 || e.which === 93) {
showEditor(true);
prevent = false;
} else {
prevent = false;
}
if (prevent) {
e.stopPropagation();
e.preventDefault();
}
});
element.find('td').prop('tabindex', 1);
$(window).on('resize', function () {
if (editor.is(':visible')) {
editor.offset(active.offset())
.width(active.width())
.height(active.height());
}
});
});
};
$.fn.editableTableWidget.defaultOptions = {
cloneProperties: ['padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right',
'text-align', 'font', 'font-size', 'font-family', 'font-weight',
'border', 'border-top', 'border-bottom', 'border-left', 'border-right'],
editor: $('<input id="editor">')
};

112
public/misc/script.index.js
View File

@ -1,57 +1,57 @@
$(document).ready(function(){
// Allow user to press enter to submit credentials
$('#username, #password').keypress(function(event) {
if (event.which === 13) {
$('#btnlogin').trigger('click');
}
});
$('#btnlogin').click(function() {
// Give feedback that request has been submitted (and prevent repeated requests)
$('#btnlogin').prop('disabled', true).css({
'background': '#999 url(data:image/gif;base64,R0lGODlhEAAQAPIAAJmZmf///7CwsOPj4////9fX18rKysPDwyH+GkNyZWF0ZWQgd2l0aCBhamF4bG9hZC5pbmZvACH5BAAKAAAAIf8LTkVUU0NBUEUyLjADAQAAACwAAAAAEAAQAAADMwi63P4wyklrE2MIOggZnAdOmGYJRbExwroUmcG2LmDEwnHQLVsYOd2mBzkYDAdKa+dIAAAh+QQACgABACwAAAAAEAAQAAADNAi63P5OjCEgG4QMu7DmikRxQlFUYDEZIGBMRVsaqHwctXXf7WEYB4Ag1xjihkMZsiUkKhIAIfkEAAoAAgAsAAAAABAAEAAAAzYIujIjK8pByJDMlFYvBoVjHA70GU7xSUJhmKtwHPAKzLO9HMaoKwJZ7Rf8AYPDDzKpZBqfvwQAIfkEAAoAAwAsAAAAABAAEAAAAzMIumIlK8oyhpHsnFZfhYumCYUhDAQxRIdhHBGqRoKw0R8DYlJd8z0fMDgsGo/IpHI5TAAAIfkEAAoABAAsAAAAABAAEAAAAzIIunInK0rnZBTwGPNMgQwmdsNgXGJUlIWEuR5oWUIpz8pAEAMe6TwfwyYsGo/IpFKSAAAh+QQACgAFACwAAAAAEAAQAAADMwi6IMKQORfjdOe82p4wGccc4CEuQradylesojEMBgsUc2G7sDX3lQGBMLAJibufbSlKAAAh+QQACgAGACwAAAAAEAAQAAADMgi63P7wCRHZnFVdmgHu2nFwlWCI3WGc3TSWhUFGxTAUkGCbtgENBMJAEJsxgMLWzpEAACH5BAAKAAcALAAAAAAQABAAAAMyCLrc/jDKSatlQtScKdceCAjDII7HcQ4EMTCpyrCuUBjCYRgHVtqlAiB1YhiCnlsRkAAAOwAAAAAAAAAAAA==) no-repeat center',
'color': 'transparent',
'transform': 'rotateX(180deg)'
});
$.post("lucidAuth.login.php", {
do: "login",
username: $('#username').val(),
password: $('#password').val(),
ref: $('#ref').val()
})
.done(function(data,status) {
if (data.Result === 'Success') {
$('#btnlogin').css({
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
if (data.CrossDomainLogin) {
// Create iframes for other domains
console.log('CrossDomainLogin initiated');
}
console.log("Navigating to :" + data.Location);
window.location.replace(data.Location);
}, 2250);
} else {
$('#btnlogin').css({
'background': 'red url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAv0lEQVQ4jaWT0Q3CMAxELwh1BEag87AJ6hcLlE/KBLABrNEV2h26QaXHj4NMGgpS7sfJJXd24kQqRMiRQC3pIKk2apD0DCEMq25ABZyBmSVmW6vWxH1GmKLPmph7xJQReq5dnNmVPQE7oHOCzrhoMts9vQ1OSbYOCBb92OPkDe6ZkqMwJwa4SdJmtS1/YGsx7e9VUiPpYvPG4tHtGUsvcf+RkpI2mkHZQ3ImLd+fcpuKf32meM5R0iOEMOb2F+EF33vgCePVr8UAAAAASUVORK5CYII=) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
// TODO: Add feedback (based on data.Reason)
// Is the redirect needed?
window.location.replace('lucidAuth.login.php'/*+ '?reason=' + data.Reason*/);
}, 2250);
}
});
});
$(document).ready(function(){
// Allow user to press enter to submit credentials
$('#username, #password').keypress(function(event) {
if (event.which === 13) {
$('#btnlogin').trigger('click');
}
});
$('#btnlogin').click(function() {
// Give feedback that request has been submitted (and prevent repeated requests)
$('#btnlogin').prop('disabled', true).css({
'background': '#999 url(data:image/gif;base64,R0lGODlhEAAQAPIAAJmZmf///7CwsOPj4////9fX18rKysPDwyH+GkNyZWF0ZWQgd2l0aCBhamF4bG9hZC5pbmZvACH5BAAKAAAAIf8LTkVUU0NBUEUyLjADAQAAACwAAAAAEAAQAAADMwi63P4wyklrE2MIOggZnAdOmGYJRbExwroUmcG2LmDEwnHQLVsYOd2mBzkYDAdKa+dIAAAh+QQACgABACwAAAAAEAAQAAADNAi63P5OjCEgG4QMu7DmikRxQlFUYDEZIGBMRVsaqHwctXXf7WEYB4Ag1xjihkMZsiUkKhIAIfkEAAoAAgAsAAAAABAAEAAAAzYIujIjK8pByJDMlFYvBoVjHA70GU7xSUJhmKtwHPAKzLO9HMaoKwJZ7Rf8AYPDDzKpZBqfvwQAIfkEAAoAAwAsAAAAABAAEAAAAzMIumIlK8oyhpHsnFZfhYumCYUhDAQxRIdhHBGqRoKw0R8DYlJd8z0fMDgsGo/IpHI5TAAAIfkEAAoABAAsAAAAABAAEAAAAzIIunInK0rnZBTwGPNMgQwmdsNgXGJUlIWEuR5oWUIpz8pAEAMe6TwfwyYsGo/IpFKSAAAh+QQACgAFACwAAAAAEAAQAAADMwi6IMKQORfjdOe82p4wGccc4CEuQradylesojEMBgsUc2G7sDX3lQGBMLAJibufbSlKAAAh+QQACgAGACwAAAAAEAAQAAADMgi63P7wCRHZnFVdmgHu2nFwlWCI3WGc3TSWhUFGxTAUkGCbtgENBMJAEJsxgMLWzpEAACH5BAAKAAcALAAAAAAQABAAAAMyCLrc/jDKSatlQtScKdceCAjDII7HcQ4EMTCpyrCuUBjCYRgHVtqlAiB1YhiCnlsRkAAAOwAAAAAAAAAAAA==) no-repeat center',
'color': 'transparent',
'transform': 'rotateX(180deg)'
});
$.post("lucidAuth.login.php", {
do: "login",
username: $('#username').val(),
password: $('#password').val(),
ref: $('#ref').val()
})
.done(function(data,_status) {
if (data.Result === 'Success') {
$('#btnlogin').css({
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
if (data.CrossDomainLogin) {
// Create iframes for other domains
console.log('CrossDomainLogin initiated');
}
console.log("Navigating to :" + data.Location);
window.location.replace(data.Location);
}, 2250);
} else {
$('#btnlogin').css({
'background': 'red url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAv0lEQVQ4jaWT0Q3CMAxELwh1BEag87AJ6hcLlE/KBLABrNEV2h26QaXHj4NMGgpS7sfJJXd24kQqRMiRQC3pIKk2apD0DCEMq25ABZyBmSVmW6vWxH1GmKLPmph7xJQReq5dnNmVPQE7oHOCzrhoMts9vQ1OSbYOCBb92OPkDe6ZkqMwJwa4SdJmtS1/YGsx7e9VUiPpYvPG4tHtGUsvcf+RkpI2mkHZQ3ImLd+fcpuKf32meM5R0iOEMOb2F+EF33vgCePVr8UAAAAASUVORK5CYII=) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
// TODO: Add feedback (based on data.Reason)
// Is the redirect needed?
window.location.replace('lucidAuth.login.php'/*+ '?reason=' + data.Reason*/);
}, 2250);
}
});
});
});

91
public/misc/script.manage.js Normal file
View File

@ -0,0 +1,91 @@
$(document).ready(function(){
// Initialize the editable-table functionality
$('#usertable').editableTableWidget();
$('#usertable button.delete').click(function() {
$(this).closest('tr').addClass('removed');
});
$('#btnnewuser').click(function() {
// Create a new user; generate pseudo-random username
var newUser = 'User' + String(Math.floor(Math.random() * Math.floor(9999))).padStart(4, '0');
// Add new user to the interface
// (new `<tr>` in `<table id="usertable">`)
$('#usertable tbody').append($('<tr>', {class: 'new'})
.append($('<td>', {
text: newUser
}))
.append($('<td>', {
text: 'User'
}))
.append($('<td>', {
class: 'immutable',
html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_sessions'] + '</button>&nbsp;' +
'<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_delete'] +
'</button>'
}))
);
// Call `editableTableWidget()` again to include the newly added `<tr>`
// To prevent recreating multiple new editors; reference the already existing `<input>`
$('#usertable').editableTableWidget({editor: $('#editor')});
// Add eventhandlers to buttons of newly added `<tr>`
$('#usertable .new button.delete').unbind().click(function() {
$(this).closest('tr').remove();
});
});
$('#btnsave').click(function() {
var newEntries = [];
$('#usertable .new').each(function() {
newEntries.push({
'userName': $(this).find('td:nth-child(1)').text(),
'roleName': $(this).find('td:nth-child(2)').text()
});
});
var removedEntries = [];
$('#usertable .removed').each(function() {
removedEntries.push({
'userId': $(this).find('td:nth-child(1)').data('userid'),
'userName': $(this).find('td:nth-child(1)').text(),
'roleName': $(this).find('td:nth-child(2)').text()
});
});
console.log({'new': newEntries, 'removed': removedEntries});
/* $.get("psworker.php", {
do: "mutate",
mutations: {
new: newEntries,
removed: removedEntries
}
})*/
});
$('#btncancel').click(function() {
window.location.reload();
});
if (localStorage.getItem('theme') !== null) {
$('#theme').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').click(function(event) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
if (event.ctrlKey) {
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('#theme').removeClass(classes.join(' ')).addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('#theme').removeClass(classes.join(' '));
localStorage.removeItem('theme');
}
});
});

19
public/misc/script.theme.js
View File

@ -1,19 +0,0 @@
$(document).ready(function() {
if (localStorage.getItem('theme') != '') {
$('html').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').on('click', function(event) {
if (event.ctrlKey) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('html').removeClass().addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('html').removeClass();
localStorage.removeItem('theme');
}
});
});

34
public/misc/script.translation.js
View File

@ -1,37 +1,37 @@
var locales = {
en: {
button_add: "add",
button_new: "new",
button_save: "save",
button_cancel: "cancel",
button_continue: "continue",
button_sessions: "sessions",
button_delete: "delete",
button_login: "login",
heading_error: "ERROR!",
label_password: "Password:",
label_username: "Username:",
label_selectbrowser: "Select browser:",
link_install: "Install!",
link_logout: "Logout",
link_plugin: "Browser plugin",
span_credentialsavailable: "Login credentials available upon request!",
span_loggedinas: "Logged in as",
span_plugin: "Browser plugin?"
th_username: "Username",
th_role: "Role",
th_manage: "Manage"
},
nl: {
button_add: "voeg toe",
button_cancel: "annuleer",
button_continue: "doorgaan",
button_new: "nieuw",
button_save: "opslaan",
button_cancel: "annuleren",
button_sessions: "sessies",
button_delete: "verwijder",
button_login: "log in",
heading_error: "FOUT!",
label_password: "Wachtwoord:",
label_username: "Gebruikersnaam:",
label_selectbrowser: "Selecteer browser:",
link_install: "Installeer!",
link_logout: "Log uit",
link_plugin: "Browser plugin",
span_credentialsavailable: "Inloggegevens verkrijgbaar op aanvraag!",
span_loggedinas: "Ingelogd als",
span_plugin: "Browser plugin?"
th_username: "Gebruikersnaam",
th_role: "Rol",
th_manage: "Beheer"
} // ... etc.
};
@ -39,19 +39,19 @@ $(document).ready(function(){
$('[id^=linklanguage-]').click(function() {
var selectedlang = $(this).attr('id').split('-')[1];
// Replace text of each element with translated value
$('[data-translation]').each(function(index) {
$('[data-translation]').each(function() {
$(this).text(locales[selectedlang][$(this).data('translation')]);
});
// Enable/disable (toggle) anchors
$('span#user a.current').removeClass('current');
$(this).addClass('current');
// Store current languagesetting in persistent localstorage
localStorage.setItem('language', selectedlang);
});
if (localStorage.getItem('language') !== null) {
$('[data-translation]').each(function(index) {
$('[data-translation]').each(function() {
$(this).text(locales[localStorage.getItem('language')][$(this).data('translation')]);
});
$('span#user a.current').removeClass('current');

278
public/misc/style.button.css
View File

@ -1,139 +1,139 @@
@charset "UTF-8";
/*!
*
* bttn.css - https://ganapativs.github.io/bttn.css
* Version - 0.2.4
* Demo: https://bttn.surge.sh
*
* Licensed under the MIT license - http://opensource.org/licenses/MIT
*
* Copyright (c) 2016 Ganapati V S (@ganapativs)
*
*/
/* standalone - .bttn-simple */
.bttn-default {
color: #fff;
}
.bttn-primary,
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
color: #1d89ff;
}
.bttn-warning {
color: #feab3a;
}
.bttn-danger {
color: #ff5964;
}
.bttn-success {
color: #28b78d;
}
.bttn-royal {
color: #bd2df5;
}
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
}
.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
border-radius: 4px;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
overflow: hidden;
background: rgba(255,255,255,0.4);
color: #fff;
-webkit-transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
}
.bttn-simple:hover,
.bttn-simple:focus {
opacity: 0.75;
}
.bttn-simple.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-simple.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-simple.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-simple.bttn-default {
background: rgba(255,255,255,0.4);
}
.bttn-simple.bttn-primary {
background: #003399;
background-image: linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%);
}
.bttn-simple.bttn-warning {
background: #feab3a;
}
.bttn-simple.bttn-danger {
background: #ff5964;
}
.bttn-simple.bttn-success {
background: #28b78d;
}
.bttn-simple.bttn-royal {
background: #bd2df5;
}
.bttn-simple.disabled {
background: #999 !important;
color: rgba(255,255,255,0.625);
cursor: default;
text-shadow: 0.375px 0.375px 0 rgba(140,140,140,0.6), -0.375px -0.375px 0.375px rgba(0,0,0,0.67);
opacity: 1;
}
@charset "UTF-8";
/*!
*
* bttn.css - https://ganapativs.github.io/bttn.css
* Version - 0.2.4
* Demo: https://bttn.surge.sh
*
* Licensed under the MIT license - http://opensource.org/licenses/MIT
*
* Copyright (c) 2016 Ganapati V S (@ganapativs)
*
*/
/* standalone - .bttn-simple */
.bttn-default {
color: #fff;
}
.bttn-primary,
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
color: #1d89ff;
}
.bttn-warning {
color: #feab3a;
}
.bttn-danger {
color: #ff5964;
}
.bttn-success {
color: #28b78d;
}
.bttn-royal {
color: #bd2df5;
}
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
}
.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
border-radius: 4px;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
overflow: hidden;
background: rgba(255,255,255,0.4);
color: #fff;
-webkit-transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
}
.bttn-simple:hover,
.bttn-simple:focus {
opacity: 0.75;
}
.bttn-simple.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-simple.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-simple.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-simple.bttn-default {
background: rgba(255,255,255,0.4);
}
.bttn-simple.bttn-primary {
background: #003399;
background-image: linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%);
}
.bttn-simple.bttn-warning {
background: #feab3a;
}
.bttn-simple.bttn-danger {
background: #ff5964;
}
.bttn-simple.bttn-success {
background: #28b78d;
}
.bttn-simple.bttn-royal {
background: #bd2df5;
}
.bttn-simple.disabled {
background: #999 !important;
color: rgba(255,255,255,0.625);
cursor: default;
text-shadow: 0.375px 0.375px 0 rgba(140,140,140,0.6), -0.375px -0.375px 0.375px rgba(0,0,0,0.67);
opacity: 1;
}

450
public/misc/style.css
View File

@ -1,238 +1,212 @@
* {
font-family: Tahoma, sans-serif;
font-size: 16px;
margin: 0;
padding: 0;
}
body {
color: #000000;
background-color: #333333;
margin: 0px;
}
#horizon {
text-align: center;
position: absolute;
top: 50%;
left: 0px;
width: 100%;
height: 1px;
overflow: visible;
visibility: visible;
display: block;
}
#content {
background: url(/images/bg_main_bottom.gif) repeat-x bottom left;
font-family: Tahoma, sans-serif;
border: 3px solid #CCCCCC;
background-color: #FFFFFF;
position: absolute;
left: 50%;
visibility: visible;
border-radius: 5px;
top: -125px;
margin-left: -225px;
height: 220px;
width: 450px;
}
#error .main {
padding: 0 10px;
}
#error ol {
margin: 10px 0;
}
#error span {
margin: 0;
}
#error button {
text-transform: uppercase;
}
.logo {
background: url(/images/bg_header.gif) repeat-x top left;
height: 45px;
z-index: 50;
border-radius: 5px 5px 0 0;
}
.logo .left {
background: url(/images/bg_header_l.gif) no-repeat top left;
position: relative;
top: 4px;
left: 5px;
height: 49px;
float: left;
z-index: 48;
}
.logo .middle {
background: url(/images/bg_header_m.gif) no-repeat 25px 0;
margin: 0 5px;
padding: 5px 10px 0;
height: 49px;
float: left;
z-index: 49;
display: inline;
font-size: 18px;
font-weight: bold;
color: #FFFFFF;
}
.logo .right {
background: url(/images/bg_header_r.gif) no-repeat top left;
position: relative;
top: 4px;
height: 49px;
width: 5px;
float: left;
}
.logo .sub {
margin-top: 12px;
margin-left: 20px;
float: left;
display: inline;
font-size: 13px;
font-weight: bold;
color: #FFFFFF;
}
.logo .sub em {
font-size: 13px;
}
.main {
clear: both;
}
.main fieldset {
border: 0;
}
.main fieldset legend {
visibility: hidden;
}
.main fieldset label.pre {
display: inline-block;
width: 155px;
text-align: right;
vertical-align: top;
margin-top: 3px;
}
.main fieldset label#labelallaliases {
float: left;
}
.main fieldset output#aliasstats {
float: left;
clear: left;
width: 160px;
text-align: right;
font-size: 12px;
}
.main fieldset output#aliasstats:after {
margin-left: 7px;
content: ' ';
}
.main fieldset input {
border: 1px solid #003399;
padding: 2px;
width: 100px;
}
.main fieldset input[type=radio] {
border: none;
margin-top: 7px;
width: 20px;
}
.main fieldset button {
margin-left: 160px;
text-transform: uppercase;
}
.main fieldset select {
border: 1px solid #003399;
padding: 2px;
width: 375px;
}
.main fieldset select .new {
font-weight: bold;
}
.main fieldset select .deleted {
text-decoration: line-through;
}
.main fieldset#signup label.pre {
width: 205px;
}
.main fieldset#signup span.indent, .main fieldset#signup input.button {
margin-left: 210px;
}
.main li {
list-style: none;
padding: 5px;
text-align: left;
}
.main li.misc {
padding: 0 5px;
}
.main span,
.main strong,
.main a {
font-size: 12px;
}
.main span.indent {
color: #666666;
margin-left: 160px;
}
.main span.dialogdesc {
margin-left: 10px;
}
.main a:link, .main a:visited {
color: #003399;
text-decoration: none;
}
.main a:hover, .main a:active {
text-decoration: underline;
}
.main span#user {
color: #666666;
float: right;
margin: 0 5px 0 0;
}
.main span#user,
.main span#user a {
font-size: 12px;
}
.main span#user a:link, .main span#user a:visited {
color: #001177;
text-decoration: none;
}
.main span#user a:hover, .main span#user a:active {
text-decoration: underline;
}
.main span#user a.current {
text-decoration: none;
font-weight: 900;
cursor: default;
color: #666666;
}
.main span#user a.current:before {
content: '\00bb';
font-weight: 100;
}
.main span#user a.current:after {
content: '\00ab';
font-weight: 100;
}
.main span#user nav {
display: inline;
}
.main span#user #pluginlogos {
display: none;
position: absolute;
top: 72px;
right: 10px;
height: 112px;
width: 250px;
border: 1px solid rgb(0, 51, 153);
box-shadow: black 0px 0px 20px;
box-sizing: border-box;
padding-top: 5px;
background: white;
font-size: inherit;
font-weight: bold;
}
.main span#user #pluginlogos img {
width: 75px;
height: 75px;
filter: saturate(500%) contrast(200%) grayscale(100%) opacity(50%);
transition: all 375ms;
cursor: pointer;
}
* {
font-family: Tahoma, sans-serif;
font-size: 16px;
margin: 0;
padding: 0;
}
body {
color: #000000;
background-color: #333333;
margin: 0px;
}
#horizon {
text-align: center;
position: absolute;
top: 50%;
left: 0px;
width: 100%;
height: 1px;
overflow: visible;
visibility: visible;
display: block;
}
#content {
background: url(/images/bg_main_bottom.gif) repeat-x bottom left;
font-family: Tahoma, sans-serif;
border: 3px solid #CCCCCC;
background-color: #FFFFFF;
position: absolute;
left: 50%;
visibility: visible;
border-radius: 5px;
top: -125px;
margin-left: -225px;
height: 220px;
width: 450px;
}
#error .main {
padding: 0 10px;
}
#error ol {
margin: 10px 0;
}
#error span {
margin: 0;
}
#error button {
text-transform: uppercase;
}
.logo {
background: url(/images/bg_header.gif) repeat-x top left;
height: 45px;
z-index: 50;
border-radius: 5px 5px 0 0;
}
.logo .left {
background: url(/images/bg_header_l.gif) no-repeat top left;
position: relative;
top: 4px;
left: 5px;
height: 49px;
float: left;
z-index: 48;
}
.logo .middle {
background: url(/images/bg_header_m.gif) no-repeat 25px 0;
margin: 0 5px;
padding: 5px 10px 0;
height: 49px;
float: left;
z-index: 49;
display: inline;
font-size: 18px;
font-weight: bold;
color: #FFFFFF;
}
.logo .right {
background: url(/images/bg_header_r.gif) no-repeat top left;
position: relative;
top: 4px;
height: 49px;
width: 5px;
float: left;
}
.logo .sub {
margin-top: 12px;
margin-left: 20px;
float: left;
display: inline;
font-size: 13px;
font-weight: bold;
color: #FFFFFF;
}
.logo .sub em {
font-size: 13px;
}
.main {
clear: both;
}
.main section {
clear: both;
}
.main section label.pre {
display: inline-block;
width: 155px;
text-align: right;
vertical-align: top;
margin-top: 3px;
}
.main section input {
border: 1px solid #003399;
padding: 2px;
width: 100px;
}
.main section input[type=radio] {
border: none;
margin-top: 7px;
width: 20px;
}
.main header button,
.main section button {
margin-left: 160px;
text-transform: uppercase;
}
.main header .buttons,
.main section .buttons {
text-align: center;
}
.main header .buttons button,
.main section .buttons button {
margin-left: inherit;
}
.main section table {
width: 100%;
}
.main section table * {
font-size: 14px;
padding: 2px;
margin: 0;
}
.main section table .new {
font-weight: bold;
}
.main section table .removed td:nth-child(-n+2) {
text-decoration: line-through;
color: grey;
}
.main section table tbody tr:nth-child(odd) {
background-color: rgb(215, 215, 215);
}
.main section table .immutable {
cursor: default !important;
}
.main li {
list-style: none;
padding: 5px;
text-align: left;
}
.main li.misc {
padding: 0 5px;
}
.main span,
.main strong,
.main a {
font-size: 12px;
}
.main span.indent {
color: #666666;
margin-left: 160px;
}
.main span.dialogdesc {
margin-left: 10px;
}
.main a:link, .main a:visited {
color: #003399;
text-decoration: none;
}
.main a:hover, .main a:active {
text-decoration: underline;
}
.main span#user {
color: #666666;
float: right;
margin: 0 5px 0 0;
}
.main span#user,
.main span#user a {
font-size: 12px;
}
.main span#user a:link, .main span#user a:visited {
color: #001177;
text-decoration: none;
}
.main span#user a:hover, .main span#user a:active {
text-decoration: underline;
}
.main span#user a.current {
text-decoration: none;
font-weight: 900;
cursor: default;
color: #666666;
}
.main span#user a.current:before {
content: '\00bb';
font-weight: 100;
}
.main span#user a.current:after {
content: '\00ab';
font-weight: 100;
}
.main span#user nav {
display: inline;
}

50
public/misc/style.panes.css Normal file
View File

@ -0,0 +1,50 @@
body{
margin: 0;
}
.wrapper{
min-height: 100vh;
background: #FFFFFF;
display: flex;
flex-direction: column;
}
.header {
height: 100px;
background: #FFFFFF;
color: #000000;
}
.content {
display: flex;
flex: 1;
background: #333333;
color: #000;
min-height: 0px;
max-height: 100vh;
}
.columns{
display: flex;
flex:1;
}
.main{
flex: 1;
order: 2;
background: #fff;
border: 3px solid #CCCCCC;
border-radius: 5px;
height: 400px;
margin-top: auto;
margin-bottom: auto;
}
.main section {
overflow-y: scroll;
height: calc(100% - 100px);
}
.sidebar-first{
width: 25%;
background: transparent;
order: 1;
}
.sidebar-second{
width: 25%;
order: 3;
background: transparent;
}

16
public/misc/style.theme.css
View File

@ -1,26 +1,26 @@
html.tablecloth {
#theme.tablecloth {
height: 100%;
background: repeating-linear-gradient(-45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.6) 0, rgba(68, 68, 68, 0.2) 2em),
repeating-linear-gradient(45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.4) 0, rgba(68, 68, 68, 0.1) 2em), #666;
background-blend-mode: multiply;
}
html.weave {
background: linear-gradient(45deg, #666 12%, transparent 0, transparent 88%, #666 0),
linear-gradient(135deg, transparent 37%, #888 0, #888 63%, transparent 0),
linear-gradient(45deg, transparent 37%, #666 0, #666 63%, transparent 0),
#theme.weave {
background: linear-gradient(45deg, #666 12%, transparent 0, transparent 88%, #666 0),
linear-gradient(135deg, transparent 37%, #888 0, #888 63%, transparent 0),
linear-gradient(45deg, transparent 37%, #666 0, #666 63%, transparent 0),
#444;
background-size: 40px 40px;
}
html.madras {
#theme.madras {
height: 100%;
background-color: #e9d4b9;
background-image: repeating-linear-gradient(45deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 120px, rgba(11, 36, 45, 0.5) 120px, rgba(11, 36, 45, 0.5) 140px),
repeating-linear-gradient(135deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 140px, rgba(11, 36, 45, 0.5) 140px, rgba(11, 36, 45, 0.5) 160px);
}
html.tartan {
#theme.tartan {
height: 100%;
background-color: #a0302c;
background-image: repeating-linear-gradient(20deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
@ -28,7 +28,7 @@ html.tartan {
repeating-linear-gradient(145deg, transparent, transparent 2px, rgba(0, 0, 0, 0.2) 2px, rgba(0, 0, 0, 0.2) 3px, transparent 3px, transparent 5px, rgba(0, 0, 0, 0.2) 5px);
}
html.seigaiha {
#theme.seigaiha {
background-color: grey;
background-image: radial-gradient(circle at 100% 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),