From: Kilian Saffran <ksaffran@dks.lu>
Date: Mon, 8 Apr 2019 07:03:32 +0000 (+0200)
Subject: style and cookie security
X-Git-Url: http://cloud.dks.lu/git/?a=commitdiff_plain;h=6210a9d9c17f9872cf52c1ba7598293431d9b8ac;p=juridig.git

style and cookie security
---

diff --git a/lib/database.php b/lib/database.php
index 1a7e69e..1927808 100644
--- a/lib/database.php
+++ b/lib/database.php
@@ -32,7 +32,7 @@ class dksdb {
 		if ($this->link){
       $rows = $this->link->exec($sql);
       if ($rows === false){
-        errorlog("Failed Statement: ".$sql);
+       // errorlog("Failed Statement: ".$sql);
       }
 		}
 		return $rows;
diff --git a/lib/process_profile.php b/lib/process_profile.php
index b0919a2..022db32 100644
--- a/lib/process_profile.php
+++ b/lib/process_profile.php
@@ -75,15 +75,15 @@ function checklogin($username,$passwd){
   $luser = $db->dbquery($sql);
   $sid = null;
   $retuser=null; 
+  //$msg .= json_encode($luser);
 
   if ($luser["cnt"] == 1){
       $sid = generateRandomString();
-      $sql = "INSERT INTO usersession (sessionid, id_user, lastlogin, useragent, remoteaddr) 
-      VALUES('".$sid."', ".$luser['id'].", CURRENT_TIMESTAMP, '".$_SERVER['HTTP_USER_AGENT']."', '".$_SERVER['REMOTE_ADDR']."');";
+      $sql = "update users set sessionid='".$sid."',lastlogin=CURRENT_TIMESTAMP,useragent='".$_SERVER['HTTP_USER_AGENT']."',remoteaddr='".$_SERVER['REMOTE_ADDR']."' WHERE id=".$luser['id'].";";
       $db->dbexec($sql);
-      setcookie("juridig",$sid);
+      setcookie("juridig",$sid,time()+60*60*24,null,$_SERVER['HTTP_HOST'],true,true);
       $retuser = getsessiondata($sid);
-
+      //$msg .= $sql;
   }else {
       setcookie("juridig","");
       $msg='<div class="alert alert-danger">Utilisateur et/ou mot de passe non connu!</div>';
@@ -96,15 +96,15 @@ function checklogin($username,$passwd){
 
 function getsessiondata($sessid){
   global $db;
-  $sql = "SELECT us.*,ses.sessionid,
+  $sql = "SELECT us.*,
   GROUP_CONCAT(CASE WHEN srv.expiration >= CURRENT_DATE or (prc.minmonth=0 and srv.expiration is null) then srv.service else null end) as service_valid,
   GROUP_CONCAT(CASE WHEN srv.expiration < CURRENT_DATE then srv.service else null end) as service_expired 
-  from usersession ses 
-  left JOIN users us on (ses.id_user=us.id) 
+  from users us 
   left join userservices srv on (srv.id_user=us.id) 
   left join appprices prc on (prc.id_app=srv.id_app) 
-  where ses.sessionid='".$sessid."';";
+  where us.sessionid='".$sessid."' and useragent='".$_SERVER['HTTP_USER_AGENT']."' and remoteaddr='".$_SERVER['REMOTE_ADDR']."';";
   $sesuser = $db->dbquery($sql);
+  //$msg .= $sql.'<br>'.json_encode($sesuser);
   return $sesuser;
 }
 
diff --git a/lib/processdata.php b/lib/processdata.php
index bf19298..ed8a3d1 100644
--- a/lib/processdata.php
+++ b/lib/processdata.php
@@ -83,7 +83,7 @@ function process_getdata($gdt){
           if (isset($gdt["action"])){
             switch ($gdt['action']){
                 case 'logout':
-                    $db->dbexec("delete from usersession where sessionid='".$user["sessionid"]."' and id_user=".$user["id"].";");
+                    $db->dbexec("update users set sessionid=null where sessionid='".$user["sessionid"]."' and id_user=".$user["id"].";");
                     $user=array();
                     setcookie("juridig","");
                     $p='home';
diff --git a/style.css b/style.css
index 0c6586c..1a29b63 100644
--- a/style.css
+++ b/style.css
@@ -2,11 +2,11 @@
 .row{margin-top: 10px;}
 
 .bg-dark {
-  background-color: #749ee0; 
+  background-color: #3260ad; /*#749ee0;*/ 
 }
 
 html {
-  background-color: #749ee0;  
+  background-color: #3260ad;  
   position: relative;
   min-height: 100%;
 }
@@ -38,7 +38,7 @@ main {
 }
 
 footer {
-  background-color: #749ee0; 
+  background-color: #3260ad; 
 }
 
 /* .bg-dark {
diff --git a/tmpl/blocks/avocatsearch.php b/tmpl/blocks/avocatsearch.php
index 5489c13..87a658c 100644
--- a/tmpl/blocks/avocatsearch.php
+++ b/tmpl/blocks/avocatsearch.php
@@ -58,10 +58,10 @@ foreach ($avocats as $avo) {
         echo '<div>'.(($avo['zip'] != "")?$avo['zip']:'').' '.(($avo['city'] != "")?$avo['city']:'').'</div>';
       }
       if ($avo['phone'] != ''){
-        echo '<div><i class="fas fa-phone"></i>: <a href="tel://'.$avo['phone'].'">'.$avo['phone'].'</a></div>';
+        echo '<div style="margin-bottom: 2px;"><a class="btn btn-secondary btn-block" href="tel://'.$avo['phone'].'"><i class="fas fa-phone"></i></a></div>';
       }
       if ($avo['email']){
-        echo '<i class="fas fa-at"></i>: <button class="btn btn-default" onclick="imsg(\''.crypt_mailaddress($avo['email']).'\');">'.str_replace('@',' [ at ] ',$avo['email']).'</button>';
+        echo '<button class="btn btn-secondary btn-block" onclick="imsg(\''.crypt_mailaddress($avo['email']).'\');"><i class="fas fa-at"></i></button>';
       }
       echo '</div>';
     }
diff --git a/tmpl/navs/profile.php b/tmpl/navs/profile.php
index 4bfbd29..392f728 100644
--- a/tmpl/navs/profile.php
+++ b/tmpl/navs/profile.php
@@ -1,21 +1,24 @@
 <nav class="navbar navbar-expand-md navbar-dark bg-dark">
   <a class="navbar-brand" href="<?php echo $baseurl; ?>/home"><img alt="JuriDig" src="<?php echo $baseurl; ?>/img/toplogo.svg" title="Text Logo Juridig"/></a>
-  
-  <div class="navbar-collapse">
+  <button class="navbar-toggler d-lg-none" type="button" data-toggle="collapse" data-target="#juridigNav" aria-controls="juridigNav"
+      aria-expanded="false" aria-label="Toggle navigation">
+    <span class="navbar-toggler-icon"></span>
+  </button>
+  <div class="collapse navbar-collapse" id="juridigNav">
 
     <ul class="navbar-nav mr-auto" id="menu-navigationmenu">
-      <li class="nav-item" style="font-size: 18px;" ><a class="nav-link text-white font-weight-bold" href="<?php echo $baseurl; ?>/avocats">Annuaire d'avocats</a></li>
-      <li class="nav-item" style="font-size: 18px;"><a class="nav-link text-white" href="<?php echo $baseurl; ?>/servicespouravocats">Services professionnels</a></li>
-      <li class="nav-item" style="font-size: 18px;"><a class="nav-link text-white" href="<?php echo $baseurl; ?>/bienvenue">Bienvenue</a></li>
+      <li class="nav-item" style="font-size: 18px;" ><a class="nav-link text-white font-weight-bold" href="<?php echo $baseurl; ?>/avocats">&nbsp;Annuaire d'avocats</a></li>
+      <li class="nav-item" style="font-size: 18px;"><a class="nav-link text-white" href="<?php echo $baseurl; ?>/servicespouravocats">&nbsp;Services professionnels</a></li>
+      <li class="nav-item" style="font-size: 18px;"><a class="nav-link text-white" href="<?php echo $baseurl; ?>/bienvenue">&nbsp;Bienvenue</a></li>
     </ul>
-
-    <ul class="navbar-nav ml-auto" id="menu-topmenuuser">
+    </div>
+    <div class="ml-auto" id="menu-topmenuuser">
       <?php if ($user != null) {?>
-      <li class="nav-item" ><a class="nav-link text-white" href="<?php echo $baseurl; ?>/profile">Profile <?php echo $user['useremail']; ?></a></li>
-      <li class="nav-item" ><a class="nav-link text-white" href="<?php echo $baseurl.'/'.$p ?>?action=logout">Logout</a></li>
+      <a class="btn btn-dark text-white border-white" href="<?php echo $baseurl; ?>/profile"><i class="fas fa-user-alt"></i><br/>Profile</a>
+      <a class="btn btn-dark text-white border-white" href="<?php echo $baseurl.'/'.$p ?>?action=logout"><i class="fas fa-sign-out-alt"></i><br/>Logout</a>
       <?php } else { ?>
-        <li class="nav-item"><a class="nav-link text-white" href="<?php echo $baseurl; ?>/profile">Login</a></li>
+        <a class="btn btn-dark text-white border-white" href="<?php echo $baseurl; ?>/profile"><i class="fas fa-sign-in-alt"></i><br/>Login</a>
       <?php } ?>
-    </ul>
-  </div>
+    </div>
+  
 </nav>
\ No newline at end of file
diff --git a/vendor/juridig.epic.css b/vendor/juridig.epic.css
index 3e86196..84468ae 100644
--- a/vendor/juridig.epic.css
+++ b/vendor/juridig.epic.css
@@ -26,7 +26,7 @@
   --warning: #f7aa1c;
   --danger: #fc3434;
   --light: white;
-  --dark: #749ee0;
+  --dark: #3260ad;
   --breakpoint-xs: 0;
   --breakpoint-sm: 576px;
   --breakpoint-md: 768px;
@@ -2644,8 +2644,8 @@ fieldset:disabled a.btn {
 
 .btn-dark {
   color: #212529;
-  background-color: #749ee0;
-  border-color: #749ee0;
+  background-color: #3260ad;
+  border-color: #3260ad;
 }
 
 .btn-dark:hover {
@@ -2660,8 +2660,8 @@ fieldset:disabled a.btn {
 
 .btn-dark.disabled, .btn-dark:disabled {
   color: #212529;
-  background-color: #749ee0;
-  border-color: #749ee0;
+  background-color: #3260ad;
+  border-color: #3260ad;
 }
 
 .btn-dark:not(:disabled):not(.disabled):active, .btn-dark:not(:disabled):not(.disabled).active,
@@ -2915,16 +2915,16 @@ fieldset:disabled a.btn {
 }
 
 .btn-outline-dark {
-  color: #749ee0;
+  color: #3260ad;
   background-color: transparent;
   background-image: none;
-  border-color: #749ee0;
+  border-color: #3260ad;
 }
 
 .btn-outline-dark:hover {
   color: #212529;
-  background-color: #749ee0;
-  border-color: #749ee0;
+  background-color: #3260ad;
+  border-color: #3260ad;
 }
 
 .btn-outline-dark:focus, .btn-outline-dark.focus {
@@ -2932,15 +2932,15 @@ fieldset:disabled a.btn {
 }
 
 .btn-outline-dark.disabled, .btn-outline-dark:disabled {
-  color: #749ee0;
+  color: #3260ad;
   background-color: transparent;
 }
 
 .btn-outline-dark:not(:disabled):not(.disabled):active, .btn-outline-dark:not(:disabled):not(.disabled).active,
 .show > .btn-outline-dark.dropdown-toggle {
   color: #212529;
-  background-color: #749ee0;
-  border-color: #749ee0;
+  background-color: #3260ad;
+  border-color: #3260ad;
 }
 
 .btn-outline-dark:not(:disabled):not(.disabled):active:focus, .btn-outline-dark:not(:disabled):not(.disabled).active:focus,
@@ -3900,7 +3900,7 @@ input[type="button"].btn-block {
 .nav-pills .nav-link.active,
 .nav-pills .show > .nav-link {
   color: #fff;
-  background-color: #749ee0;
+  background-color: #3260ad;
 }
 
 .nav-fill .nav-item {
@@ -4583,7 +4583,7 @@ input[type="button"].btn-block {
   z-index: 2;
   color: #fff;
   text-decoration: none;
-  background-color: #749ee0;
+  background-color: #3260ad;
   border-color: #dee2e6;
 }
 
@@ -4604,7 +4604,7 @@ input[type="button"].btn-block {
 .page-item.active .page-link {
   z-index: 1;
   color: #fff;
-  background-color: #749ee0;
+  background-color: #3260ad;
   border-color: #dddddd;
 }
 
@@ -4732,7 +4732,7 @@ input[type="button"].btn-block {
 
 .badge-dark {
   color: #212529;
-  background-color: #749ee0;
+  background-color: #3260ad;
 }
 
 .badge-dark[href]:hover, .badge-dark[href]:focus {
@@ -5017,8 +5017,8 @@ input[type="button"].btn-block {
 .list-group-item.active {
   z-index: 2;
   color: #fff;
-  background-color: #749ee0;
-  border-color: #749ee0;
+  background-color: #3260ad;
+  border-color: #3260ad;
 }
 
 .list-group-flush .list-group-item {
@@ -5981,7 +5981,7 @@ button.bg-light:focus {
 }
 
 .bg-dark {
-  background-color: #749ee0 !important;
+  background-color: #3260ad !important;
 }
 
 a.bg-dark:hover, a.bg-dark:focus,
@@ -6067,7 +6067,7 @@ button.bg-dark:focus {
 }
 
 .border-dark {
-  border-color: #749ee0 !important;
+  border-color: #3260ad !important;
 }
 
 .border-white {
@@ -8748,7 +8748,7 @@ a.text-light:hover, a.text-light:focus {
 }
 
 .text-dark {
-  color: #749ee0 !important;
+  color: #3260ad !important;
 }
 
 a.text-dark:hover, a.text-dark:focus {