Fix paneldiario, change auth system.

public_html/_incl/auth_redir.php

@@ -1,35 +1,15 @@
 <?php
-session_start([ 'cookie_lifetime' => 604800 ]);
-session_regenerate_id();
-ini_set("session.use_only_cookies", "true");
-ini_set("session.use_trans_sid", "false");
-
-$ua = $_SERVER['HTTP_USER_AGENT'];
-if (str_starts_with($ua, "Axia4Auth/")) {
-    $username = explode("/", $ua)[1];
-    $userpass = explode("/", $ua)[2];
-    $userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
-    if (!$userdata) {
-        header("HTTP/1.1 403 Forbidden");
-        die();
-    }
-    if (password_verify($userpass, $userdata["password"])) {
-        header("HTTP/1.1 403 Forbidden");
-        die();
-    }
-    $_SESSION["auth_user"] = $username;
-    $_SESSION["auth_data"] = $userdata;
-    $_SESSION["auth_ok"] = true;
-}
+require_once "tools.session.php";
+require_once "tools.auth.php";
 
 // ¿Is user authenticated?
-if (!$_SESSION["auth_ok"]) {
+if (!user_is_authenticated()) {
     header("Location: /_login.php");
     die();
 }
 
 // Check if "$APP_CODE" inside user's permissions, and $AUTH_NOPERMS is not set
-if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"]) && !$AUTH_NOPERMS) {
+if (!user_has_permission("$APP_CODE:access") && !$AUTH_NOPERMS) {
     header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME."));
     die();
 }

public_html/_incl/pre-body.php

@@ -1,10 +1,11 @@
 <?php
-session_start(['cookie_lifetime' => 604800]);
-session_regenerate_id();
-ini_set("session.use_only_cookies", "true");
-ini_set("session.use_trans_sid", "false");
+require_once "tools.session.php";
+require_once "tools.auth.php";
+
 ini_set("display_errors", 0);
 
+
+
 if (!isset($APP_CODE)) {
   $APP_CODE = "ax4";
   $APP_ROOT = "/";

public_html/_incl/tools.auth.php

@@ -0,0 +1,57 @@
+<?php
+require_once "tools.session.php";
+$ua = $_SERVER['HTTP_USER_AGENT'];
+if (str_starts_with($ua, "Axia4Auth/")) {
+    $username = explode("/", $ua)[1];
+    $userpass = explode("/", $ua)[2];
+    $userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
+    if (!$userdata) {
+        header("HTTP/1.1 403 Forbidden");
+        die();
+    }
+    if (password_verify($userpass, $userdata["password"])) {
+        header("HTTP/1.1 403 Forbidden");
+        die();
+    }
+    $_SESSION["auth_user"] = $username;
+    $_SESSION["auth_data"] = $userdata;
+    $_SESSION["auth_ok"] = true;
+    $_COOKIE["auth_user"] = $username;
+    $_COOKIE["auth_pass_b64"] = base64_encode($userpass);
+    $_SESSION["auth_external_lock"] = "header"; // Cannot logout because auth is done via header
+}
+
+// If $_SESSION is empty, check for cookies "auth_user" and "auth_pass_b64"
+if ($_SESSION["auth_ok"] != true && isset($_COOKIE["auth_user"]) && isset($_COOKIE["auth_pass_b64"])) {
+    $username = $_COOKIE["auth_user"];
+    $userpass_b64 = $_COOKIE["auth_pass_b64"];
+    $userpass = base64_decode($userpass_b64);
+    $userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
+    if ($userdata && password_verify($userpass, $userdata["password_hash"])) {
+        $_SESSION["auth_user"] = $username;
+        $_SESSION["auth_data"] = $userdata;
+        $_SESSION["auth_ok"] = true;
+    }
+}
+
+// If session is older than 5min, reload user data
+if (isset($_SESSION["auth_ok"]) && $_SESSION["auth_ok"] && isset($_SESSION["auth_user"])) {
+    if (isset($_SESSION["last_reload_time"])) {
+        $last_reload = $_SESSION["last_reload_time"];
+        if (time() - $last_reload > 300) {
+            $username = $_SESSION["auth_user"];
+            $userdata = json_decode(file_get_contents("/DATA/Usuarios/$username.json"), true);
+            $_SESSION["auth_data"] = $userdata;
+            $_SESSION["last_reload_time"] = time();
+        }
+    } else {
+        $_SESSION["last_reload_time"] = time();
+    }
+}
+
+function user_is_authenticated() {
+    return isset($_SESSION["auth_ok"]) && $_SESSION["auth_ok"] === true;
+}
+function user_has_permission($perm) {
+    return in_array($perm, $_SESSION["auth_data"]["permissions"] ?? []);
+}

public_html/_incl/tools.session.php

@@ -0,0 +1,5 @@
+<?php
+session_start([ 'cookie_lifetime' => 604800 ]);
+session_regenerate_id();
+ini_set("session.use_only_cookies", "true");
+ini_set("session.use_trans_sid", "false");

public_html/_login.php

@@ -9,6 +9,14 @@ if ($_GET["reload_user"] == "1") {
     die();
 }
 if ($_GET["logout"] == "1") {
+    $redir = $_GET["redir"] ?? "/";
+    unset($_COOKIE["auth_user"]);
+    unset($_COOKIE["auth_pass_b64"]);
+    session_destroy();
+    header("Location: $redir");
+    die();
+}
+if ($_GET["clear_session"] == "1") {
     session_destroy();
     $redir = $_GET["redir"] ?? "/";
     header("Location: $redir");
@@ -28,6 +36,8 @@ if (isset($_POST["user"])) {
         $_SESSION['auth_user'] = $user;
         $_SESSION['auth_data'] = $userdata;
         $_SESSION['auth_ok'] = true;
+        setcookie("auth_user", $user, time() + (86400 * 30), "/");
+        setcookie("auth_pass_b64", base64_encode($password), time() + (86400 * 30), "/");
         $redir = $_GET["redir"] ?? "/";
         header("Location: $redir");
         die();

public_html/account/__menu.php

@@ -1,2 +1,3 @@
 <a href="/_login.php?reload_user=1" class="btn btn-secondary">Recargar Cuenta</a>
-<a href="/_login.php?logout=1" class="btn btn-secondary">Cerrar sesión</a>
+<a href="/_login.php?logout=1" class="btn btn-secondary">Cerrar sesión</a>
+<a href="/_login.php?clear_session=1" class="btn btn-secondary">Limpiar sesión</a>

public_html/entreaulas/paneldiario.php

@@ -52,19 +52,19 @@ switch ($_GET["action"]) {
     <div id="grid">
       <!-- Calendario -->
       <a onclick="document.getElementById('click-sound').play()" href="?action=calendar&aulario=<?php echo urlencode($_GET['aulario'] ?? ''); ?>" class="btn btn-primary grid-item">
-        <img src="/static/arasaac/calendario.png" height="125">
+        <img src="/static/arasaac/calendario.png" height="125" class="bg-white">
         <br>
         Calendario
       </a>
       <!-- Actividades -->
       <a onclick="document.getElementById('click-sound').play()" href="?action=actividades&aulario=<?php echo urlencode($_GET['aulario'] ?? ''); ?>" class="btn btn-primary grid-item">
-        <span class="iconify" style="font-size: 125px" data-icon="mdi-school"></span>
+        <img src="/static/arasaac/actividad.png" height="125" class="bg-white">
         <br>
         Actividades
       </a>
       <!-- Menú del comedor -->
       <a onclick="document.getElementById('click-sound').play()" href="?action=menu&aulario=<?php echo urlencode($_GET['aulario'] ?? ''); ?>" class="btn btn-primary grid-item">
-        <span class="iconify" style="font-size: 125px" data-icon="mdi-silverware-fork-knife"></span>
+        <img src="/static/arasaac/comedor.png" height="125" class="bg-white">
         <br>
         Menú del Comedor
       </a>

public_html/sysadmin/aularios.php

@@ -80,7 +80,7 @@ switch ($_GET["action"]) {
             </div>
             <div class="mb-3">
                 <label for="icon" class="form-label">Icono del Aulario (URL):</label>
-                <input type="text" id="icon" name="icon" class="form-control" value="<?php echo htmlspecialchars($aulario_data['icon'] ?? '/static/logo-entreaulas.png'); ?>">
+                <input type="text" id="icon" name="icon" class="form-control" value="<?php echo htmlspecialchars($aulario_data['icon'] ?? '/static/iconexperience/blackboard.png'); ?>">
             </div>
             <input type="hidden" name="aulario_id" value="<?php echo htmlspecialchars($aulario_id); ?>">
             <input type="hidden" name="centro_id" value="<?php echo htmlspecialchars($centro_id); ?>">