diff --git a/cp/app/Controllers/Auth/AuthController.php b/cp/app/Controllers/Auth/AuthController.php index 9343829..e378f79 100644 --- a/cp/app/Controllers/Auth/AuthController.php +++ b/cp/app/Controllers/Auth/AuthController.php @@ -93,14 +93,15 @@ class AuthController extends Controller unset($_SESSION['2fa_email'], $_SESSION['2fa_password'], $_SESSION['is2FAEnabled']); if ($login===true) { + $db = $container->get('db'); + // Check if password renewal is needed - $passwordLastChanged = $_SESSION['password_last_changed'][$_SESSION['auth_user_id']] ?? 0; - if (checkPasswordRenewal($passwordLastChanged)) { + $passwordLastUpdated = $db->selectValue('SELECT password_last_updated FROM users WHERE id = ?', [$_SESSION['auth_user_id']]); + if (checkPasswordRenewal($passwordLastUpdated)) { Auth::logout(); redirect()->route('forgot.password')->with('error','Your password is expired. Please change it'); } - $db = $container->get('db'); $currentDateTime = new \DateTime(); $currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp $db->insert( diff --git a/cp/app/Controllers/Auth/PasswordController.php b/cp/app/Controllers/Auth/PasswordController.php index 75e8b1c..7819e60 100644 --- a/cp/app/Controllers/Auth/PasswordController.php +++ b/cp/app/Controllers/Auth/PasswordController.php @@ -90,7 +90,7 @@ class PasswordController extends Controller if (!checkPasswordComplexity($data['password2'])) { redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])])->with('error','Password too weak. Use a stronger password.'); } - $_SESSION['password_last_changed'][$userId] = time(); + $db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]); Auth::resetPasswordUpdate($data['selector'], $data['token'], $data['password']); } @@ -113,7 +113,7 @@ class PasswordController extends Controller redirect()->route('profile')->with('error','Password too weak. Use a stronger password.'); } $userId = $container->get('auth')->user()['id']; - $_SESSION['password_last_changed'][$userId] = time(); + $db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]); Auth::changeCurrentPassword($data['old_password'], $data['new_password']); } } diff --git a/cp/app/Controllers/UsersController.php b/cp/app/Controllers/UsersController.php index de2a5f9..a01bbf9 100644 --- a/cp/app/Controllers/UsersController.php +++ b/cp/app/Controllers/UsersController.php @@ -160,7 +160,7 @@ class UsersController extends Controller return $response->withHeader('Location', '/user/create')->withStatus(302); } - $_SESSION['password_last_changed'][$userId] = time(); + $db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]); $this->container->get('flash')->addMessage('success', 'User ' . $email . ' has been created successfully'); return $response->withHeader('Location', '/users')->withStatus(302); } @@ -409,7 +409,7 @@ class UsersController extends Controller $userId = $db->selectValue('SELECT id from users WHERE username = ?', [ $username ]); unset($_SESSION['user_to_update']); - $_SESSION['password_last_changed'][$userId] = time(); + $db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]); $this->container->get('flash')->addMessage('success', 'User ' . $username . ' has been updated successfully on ' . $update); return $response->withHeader('Location', '/user/update/'.$username)->withStatus(302); } diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php index 1e42e85..0b19e1c 100644 --- a/cp/bootstrap/helper.php +++ b/cp/bootstrap/helper.php @@ -703,9 +703,17 @@ function checkPasswordRenewal($lastPasswordUpdateTimestamp) { // Use configured or default password expiration days $passwordExpiryDays = envi('PASSWORD_EXPIRATION_DAYS') ?: 90; // Default to 90 days - if (time() - $lastPasswordUpdateTimestamp > $passwordExpiryDays * 86400) { + if (!$lastPasswordUpdateTimestamp) { return 'Your password is expired. Please change it.'; } + + // Convert the timestamp string to a Unix timestamp + $lastUpdatedUnix = strtotime($lastPasswordUpdateTimestamp); + + if (time() - $lastUpdatedUnix > $passwordExpiryDays * 86400) { + return 'Your password is expired. Please change it.'; + } + return null; } diff --git a/database/registry.mariadb.sql b/database/registry.mariadb.sql index 3887540..204a719 100644 --- a/database/registry.mariadb.sql +++ b/database/registry.mariadb.sql @@ -605,6 +605,7 @@ CREATE TABLE IF NOT EXISTS `registry`.`users` ( `tfa_enabled` TINYINT DEFAULT 0, `auth_method` ENUM('password', '2fa', 'webauthn') DEFAULT 'password', `backup_codes` TEXT, + `password_last_updated` timestamp NULL DEFAULT current_timestamp(), PRIMARY KEY (`id`), UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='Panel Users'; diff --git a/database/registry.postgres.sql b/database/registry.postgres.sql index a1882c5..d60f456 100644 --- a/database/registry.postgres.sql +++ b/database/registry.postgres.sql @@ -538,7 +538,8 @@ CREATE TABLE IF NOT EXISTS users ( "tfa_secret" VARCHAR(32), "tfa_enabled" BOOLEAN DEFAULT false, "auth_method" VARCHAR(255) DEFAULT 'password', - "backup_codes" TEXT + "backup_codes" TEXT, + "password_last_updated" TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE IF NOT EXISTS users_audit ( diff --git a/docs/update1015.sh b/docs/update1015.sh new file mode 100644 index 0000000..2af6fb1 --- /dev/null +++ b/docs/update1015.sh @@ -0,0 +1,171 @@ +#!/bin/bash + +# Ensure the script is run as root +if [[ $EUID -ne 0 ]]; then + echo "Error: This update script must be run as root or with sudo." >&2 + exit 1 +fi + +# Prompt the user for confirmation +echo "This will update Namingo Registry from v1.0.14 to v1.0.15." +echo "Make sure you have a backup of the database, /var/www/cp, and /opt/registry." +read -p "Are you sure you want to proceed? (y/n): " confirm + +# Check user input +if [[ "$confirm" != "y" ]]; then + echo "Upgrade aborted." + exit 0 +fi + +# Create backup directory +backup_dir="/opt/backup" +mkdir -p "$backup_dir" + +# Backup directories +echo "Creating backups..." +tar -czf "$backup_dir/cp_backup_$(date +%F).tar.gz" -C / var/www/cp +tar -czf "$backup_dir/whois_backup_$(date +%F).tar.gz" -C / var/www/whois +tar -czf "$backup_dir/registry_backup_$(date +%F).tar.gz" -C / opt/registry + +# Database credentials +config_file="/opt/registry/whois/port43/config.php" +db_user=$(grep "'db_username'" "$config_file" | awk -F "=> '" '{print $2}' | sed "s/',//") +db_pass=$(grep "'db_password'" "$config_file" | awk -F "=> '" '{print $2}' | sed "s/',//") +db_host=$(grep "'db_host'" "$config_file" | awk -F "=> '" '{print $2}' | sed "s/',//") + +# List of databases to back up +databases=("registry" "registryAudit" "registryTransaction") + +# Backup specific databases +for db_name in "${databases[@]}"; do + echo "Backing up database $db_name..." + sql_backup_file="$backup_dir/db_${db_name}_backup_$(date +%F).sql" + mysqldump -u"$db_user" -p"$db_pass" -h"$db_host" "$db_name" > "$sql_backup_file" + + # Compress the SQL backup file + echo "Compressing database backup $db_name..." + tar -czf "${sql_backup_file}.tar.gz" -C "$backup_dir" "$(basename "$sql_backup_file")" + + # Remove the uncompressed SQL file + rm "$sql_backup_file" +done + +# Stop services +echo "Stopping services..." +systemctl stop caddy +systemctl stop epp +systemctl stop whois +systemctl stop rdap +systemctl stop das +systemctl stop msg_producer +systemctl stop msg_worker + +# Clear cache +echo "Clearing cache..." +php /var/www/cp/bin/clear_cache.php + +# Clone the new version of the repository +echo "Cloning v1.0.15 from the repository..." +git clone --branch v1.0.15 --single-branch https://github.com/getnamingo/registry /opt/registry1015 + +# Copy files from the new version to the appropriate directories +echo "Copying files..." + +# Function to copy files and maintain directory structure +copy_files() { + src_dir=$1 + dest_dir=$2 + + if [[ -d "$src_dir" ]]; then + echo "Copying from $src_dir to $dest_dir..." + cp -R "$src_dir/." "$dest_dir/" + else + echo "Source directory $src_dir does not exist. Skipping..." + fi +} + +# Copy specific directories +copy_files "/opt/registry1015/automation" "/opt/registry/automation" +copy_files "/opt/registry1015/cp" "/var/www/cp" +copy_files "/opt/registry1015/whois/web" "/var/www/whois" +copy_files "/opt/registry1015/das" "/opt/registry/das" +copy_files "/opt/registry1015/whois/port43" "/opt/registry/whois/port43" +copy_files "/opt/registry1015/rdap" "/opt/registry/rdap" +copy_files "/opt/registry1015/epp" "/opt/registry/epp" +copy_files "/opt/registry1015/docs" "/opt/registry/docs" + +# Run composer update in copied directories (excluding docs) +echo "Running composer update..." + +composer_update() { + dir=$1 + if [[ -d "$dir" ]]; then + echo "Updating composer in $dir..." + cd "$dir" || exit + COMPOSER_ALLOW_SUPERUSER=1 composer update --no-interaction --quiet + else + echo "Directory $dir does not exist. Skipping composer update..." + fi +} + +# Update composer in relevant directories +composer_update "/opt/registry/automation" +composer_update "/var/www/cp" +composer_update "/opt/registry/das" +composer_update "/opt/registry/whois/port43" +composer_update "/opt/registry/rdap" +composer_update "/opt/registry/epp" + +CONFIG_FILE="/opt/registry/rdap/config.php" + +# Extract database credentials from the config file +DB_TYPE=$(grep "'db_type'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") +DB_HOST=$(grep "'db_host'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") +DB_PORT=$(grep "'db_port'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") +DB_NAME=$(grep "'db_database'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") +DB_USER=$(grep "'db_username'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") +DB_PASS=$(grep "'db_password'" "$CONFIG_FILE" | awk -F "=> " '{print $2}' | tr -d "',") + +# Ensure DB type is MySQL (exit if not) +if [[ "$DB_TYPE" != "mysql" ]]; then + echo "Error: Database type is not MySQL. Found: $DB_TYPE" + exit 1 +fi + +# Check if the column already exists +CHECK_COLUMN=$(mysql -h "$DB_HOST" -P "$DB_PORT" -u "$DB_USER" -p"$DB_PASS" -D "$DB_NAME" -sse " +SELECT COUNT(*) +FROM information_schema.COLUMNS +WHERE TABLE_SCHEMA = '$DB_NAME' +AND TABLE_NAME = 'users' +AND COLUMN_NAME = 'password_last_updated';") + +# If the column does not exist, add it +if [[ "$CHECK_COLUMN" -eq 0 ]]; then + echo "Adding column password_last_updated to users table..." + mysql -h "$DB_HOST" -P "$DB_PORT" -u "$DB_USER" -p"$DB_PASS" -D "$DB_NAME" -e " + ALTER TABLE users ADD COLUMN password_last_updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP;" + echo "Column added successfully." +else + echo "Column password_last_updated already exists. Skipping..." +fi + +# Start services +echo "Starting services..." +systemctl start epp +systemctl start whois +systemctl start rdap +systemctl start das +systemctl start caddy +systemctl start msg_producer +systemctl start msg_worker + +# Check if services started successfully +if [[ $? -eq 0 ]]; then + echo "Services started successfully. Deleting /opt/registry1015..." + rm -rf /opt/registry1015 +else + echo "There was an issue starting the services. /opt/registry1015 will not be deleted." +fi + +echo "Upgrade to v1.0.15 completed successfully." \ No newline at end of file