From 369ac7ad15c6513b4567184c50328aab645ae517 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 18:04:54 -0500
Subject: [PATCH 1/8] initial changes for zip imports selection

---
 app/classes/shared/helpers.py                 |   8 +
 app/classes/shared/main_controller.py         |  67 ++-----
 app/classes/web/ajax_handler.py               |   8 +
 app/classes/web/panel_handler.py              |  48 ++++-
 .../templates/panel/panel_edit_user.html      |  30 +++-
 app/frontend/templates/server/wizard.html     | 169 +++++++++++++++++-
 app/translations/en_EN.json                   |   5 +-
 7 files changed, 266 insertions(+), 69 deletions(-)

diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py
index 93b1fb0d..f4ee7611 100644
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@@ -730,6 +730,14 @@ class Helpers:
         output += '</ul>\n'
         return output
 
+    @staticmethod
+    def unzipServer(zip_path):
+         tempDir = tempfile.mkdtemp()
+         with zipfile.ZipFile(zip_path, 'r') as zip_ref:
+            #extracts archive to temp directory
+            zip_ref.extractall(tempDir)
+            return tempDir
+
     @staticmethod
     def in_path(parent_path, child_path):
         # Smooth out relative path names, note: if you are concerned about symbolic links, you should use os.path.realpath too
diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py
index 84b2b0d9..8f273c54 100644
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@@ -295,64 +295,25 @@ class Controller:
         server_id = helper.create_uuid()
         new_server_dir = os.path.join(helper.servers_dir, server_id)
         backup_path = os.path.join(helper.backup_path, server_id)
-        zip_path = helper.get_os_understandable_path(zip_path)
+        tempDir = helper.get_os_understandable_path(zip_path)
 
         if helper.check_file_perms(zip_path):
             helper.ensure_dir_exists(new_server_dir)
             helper.ensure_dir_exists(backup_path)
-            tempDir = tempfile.mkdtemp()
             has_properties = False
-            with zipfile.ZipFile(zip_path, 'r') as zip_ref:
-                #extracts archive to temp directory
-                zip_ref.extractall(tempDir)
-                if len(zip_ref.filelist) > 1:
-                    for item in os.listdir(tempDir):
-                        if str(item) == 'server.properties':
-                            has_properties = True
-                        try:
-                            shutil.move(os.path.join(tempDir, item), os.path.join(new_server_dir, item))
-                        except Exception as ex:
-                            logger.error('ERROR IN ZIP IMPORT: {}'.format(ex))
-                    if not has_properties:
-                        logger.info("No server.properties found on zip file import. Creating one with port selection of {}".format(str(port)))
-                        with open(os.path.join(new_server_dir, "server.properties"), "w") as f:
-                            f.write("server-port={}".format(port))
-                            f.close()
-                        zip_ref.close()
-                else:
-
-                    #iterates list of files
-                    for i in range(len(zip_ref.filelist)):
-                        #checks if the list of files inside of a dir is greater than 1 or if it's not a directory.
-                        if len(zip_ref.filelist) > 1 or not zip_ref.filelist[i].is_dir():
-                            #sets local variable to be that filename and we break out of the loop since we found our root dir.
-                            test = zip_ref.filelist[i-1].filename
-                            break
-                    path_list = test.split('/')
-                    root_path = path_list[0]
-                    if len(path_list) > 1:
-                        for i in range(len(path_list)-1):
-                            try:
-                                root_path = os.path.join(root_path, path_list[i+1])
-                            except:
-                                root_path = root_path
-
-                    full_root_path = os.path.join(tempDir, root_path)
-
-                    
-                    for item in os.listdir(full_root_path):
-                        if str(item) == 'server.properties':
-                            has_properties = True
-                        try:
-                            shutil.move(os.path.join(full_root_path, item), os.path.join(new_server_dir, item))
-                        except Exception as ex:
-                            logger.error('ERROR IN ZIP IMPORT: {}'.format(ex))
-                    if not has_properties:
-                        logger.info("No server.properties found on zip file import. Creating one with port selection of {}".format(str(port)))
-                        with open(os.path.join(new_server_dir, "server.properties"), "w") as f:
-                            f.write("server-port={}".format(port))
-                            f.close()
-                    zip_ref.close()
+            #extracts archive to temp directory
+            for item in os.listdir(tempDir):
+                if str(item) == 'server.properties':
+                    has_properties = True
+                try:
+                    shutil.move(os.path.join(tempDir, item), os.path.join(new_server_dir, item))
+                except Exception as ex:
+                    logger.error('ERROR IN ZIP IMPORT: {}'.format(ex))
+            if not has_properties:
+                logger.info("No server.properties found on zip file import. Creating one with port selection of {}".format(str(port)))
+                with open(os.path.join(new_server_dir, "server.properties"), "w") as f:
+                    f.write("server-port={}".format(port))
+                    f.close()
         else:
             return "false"
 
diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py
index d2c6de83..ebca1582 100644
--- a/app/classes/web/ajax_handler.py
+++ b/app/classes/web/ajax_handler.py
@@ -275,6 +275,14 @@ class AjaxHandler(BaseHandler):
                 self.controller.rename_backup_dir(server_id, new_server_id, new_server['server_uuid'])
                 self.controller.remove_server(server_id, True)
                 self.redirect('/panel/dashboard')
+
+        elif page == "unzip_server":
+            print("in unzip server")
+            path = self.get_argument('path', None)
+            logger.info(
+                "Removing server from panel for server: {}".format(self.controller.servers.get_server_friendly_name(server_id)))
+            self.controller.remove_server(server_id, False)
+            return "test"
                 
 
     @tornado.web.authenticated
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 4d037281..090f39c7 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -402,19 +402,22 @@ class PanelHandler(BaseHandler):
             page_data['role-servers'] = auth_role_servers
             page_data['user-roles'] = user_roles
 
-            if exec_user['superuser'] == 1:
-                super_auth_servers = []
-                super_auth_servers.append("Access To All Servers")
-                page_data['users'] = self.controller.users.get_all_users()
-                page_data['roles'] = self.controller.roles.get_all_roles()
-                page_data['auth-servers'][exec_user['user_id']] = super_auth_servers
-            else:
-                page_data['users'] = self.controller.users.user_query(exec_user['user_id'])
-                page_data['roles'] = self.controller.users.user_role_query(exec_user['user_id'])
+            page_data['users'] = self.controller.users.user_query(exec_user['user_id'])
+            page_data['roles'] = self.controller.users.user_role_query(exec_user['user_id'])
+
 
             for user in page_data['users']:
                 if user.user_id != exec_user['user_id']:
                     user.api_token = "********"
+            if exec_user['superuser']:
+                for user in self.controller.users.get_all_users():
+                    if user.superuser == 1:
+                        super_auth_servers = []
+                        super_auth_servers.append("Super User Access To All Servers")
+                        page_data['users'] = self.controller.users.get_all_users()
+                        page_data['roles'] = self.controller.roles.get_all_roles()
+                        page_data['auth-servers'][user.user_id] = super_auth_servers
+
             template = "panel/panel_config.html"
 
         elif page == "add_user":
@@ -470,6 +473,12 @@ class PanelHandler(BaseHandler):
             page_data['quantity_server'] = self.controller.crafty_perms.list_crafty_permissions_quantity_limits(user_id)
             page_data['languages'] = []
             page_data['languages'].append(self.controller.users.get_user_lang_by_id(user_id))
+            #checks if super user. If not we disable the button.
+            if exec_user['superuser'] and str(exec_user['user_id']) != str(user_id):
+                page_data['super-disabled'] = ''
+            else:
+                page_data['super-disabled'] = 'disabled'
+            
             for file in sorted(os.listdir(os.path.join(helper.root_dir, 'app', 'translations'))):
                 if file.endswith('.json'):
                     if file != str(page_data['languages'][0] + '.json'):
@@ -832,6 +841,18 @@ class PanelHandler(BaseHandler):
             enabled = int(float(self.get_argument('enabled', '0')))
             regen_api = int(float(self.get_argument('regen_api', '0')))
             lang = bleach.clean(self.get_argument('language'), 'en_EN')
+            if exec_user['superuser']:
+                #Checks if user is trying to change super user status of self. We don't want that. Automatically make them stay super user since we know they are.
+                if str(exec_user['user_id']) != str(user_id):
+                    superuser = bleach.clean(self.get_argument('superuser', '0'))
+                else:
+                    superuser = '1'
+            else:
+                superuser = '0'
+            if superuser == '1':
+                superuser = True
+            else:
+                superuser = False
 
             if Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
                 if str(user_id) != str(exec_user_id):
@@ -910,6 +931,7 @@ class PanelHandler(BaseHandler):
                 "regen_api": regen_api,
                 "roles": roles,
                 "lang": lang,
+                "superuser": superuser,
             }
             user_crafty_data = {
                 "permissions_mask": permissions_mask,
@@ -934,6 +956,14 @@ class PanelHandler(BaseHandler):
             email  = bleach.clean(self.get_argument('email', "default@example.com"))
             enabled = int(float(self.get_argument('enabled', '0'))),
             lang = bleach.clean(self.get_argument('lang', 'en_EN'))
+            if exec_user['superuser']:
+                superuser = bleach.clean(self.get_argument('superuser', '0'))
+            else:
+                superuser = '0'
+            if superuser == '1':
+                superuser = True
+            else:
+                superuser = False            
 
             if Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
                 self.redirect("/panel/error?error=Unauthorized access: not a user editor")
diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html
index 3bab1825..8e884f9f 100644
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@@ -187,9 +187,9 @@
 
                         <label for="superuser" class="form-check-label ml-4 mb-4">
                           {% if data['user']['superuser'] %}
-                              <input type="checkbox" class="form-check-input" id="superuser" name="superuser" checked="" value="1" disabled >Super User
+                              <input type="checkbox" onclick="superConfirm()" class="form-check-input" id="superuser" name="superuser" checked="" value="1" {{ data['super-disabled'] }} >Super User
                           {% else %}
-                              <input type="checkbox" class="form-check-input" id="superuser" name="superuser" value="1" disabled >Super User
+                              <input type="checkbox" onclick="superConfirm()" class="form-check-input" id="superuser" name="superuser" {{ data['super-disabled'] }} value="1" >Super User
                           {% end %}
                         </label>
 
@@ -251,6 +251,32 @@
 {% block js %}
 <script>
 
+  function superConfirm() {
+    if (document.getElementById('superuser').checked){
+    bootbox.confirm({
+      title: "{{ translate('panelConfig', 'superConfirmTitle', data['lang']) }}",
+      message: "{{ translate('panelConfig', 'superConfirm', data['lang']) }}",
+      buttons: {
+          cancel: {
+              label: '<i class="fa fa-times"></i> {{ translate('panelConfig', 'cancel', data['lang']) }}'
+          },
+          confirm: {
+              label: '<i class="fa fa-check"></i> {{ translate('serverBackups', 'confirm', data['lang']) }}'
+          }
+      },
+      callback: function (result) {
+          if (result == true){
+            return;
+          }else{
+            document.getElementById('superuser').checked = false;
+          }
+      }
+  });
+}else{
+  return
+}
+  }
+
 
     //used to get cookies from browser - this is part of tornados xsrf protection - it's for extra security
     function getCookie(name) {
diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index 051114d3..b3db055e 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -209,7 +209,7 @@
             <br />
             <p class="card-description">
 
-              <form method="post" class="server-wizard" onSubmit="wait_msg(true)">
+              <form name="zip" method="post" class="server-wizard" onSubmit="wait_msg(true)">
                 {% raw xsrf_form_html() %}
                 <input type="hidden" value="import_zip" name="create_type">
 
@@ -229,6 +229,15 @@
                       </div>
                     </div>
 
+                    <div class="col-sm-12">
+                      <div class="form-group">
+                        <label for="server">{{ translate('serverWizard', 'zipPath', data['lang']) }} Select Root Dir <small>{{ translate('serverWizard', 'absoluteZipPath', data['lang']) }}</small></label>
+                        <br>
+                        <button class="btn btn-primary mr-2" id="root_files_button" type="button">Click here to select Root Dir</button>
+                      </div>
+                    </div>
+                    
+
                     <div class="col-sm-12">
                       <div class="form-group">
                         <label for="server_jar">{{ translate('serverWizard', 'serverJar', data['lang']) }}</label>
@@ -288,9 +297,13 @@
                           </div>
                         </div>
                       </div>
-
+                      <div class="col-sm-12" style="visibility: hidden;">
+                        <div class="form-group">
+                          <input type="text" class="form-control" id="zip_root_path" name="zip_root_path">
+                        </div>
+                      </div>
                     </div>
-                    <button type="submit" class="btn btn-primary mr-2">{{ translate('serverWizard', 'importServerButton', data['lang']) }}</button>
+                    <button id="zip_submit" type="submit" title="You must select server root dir first" disabled class="btn btn-primary mr-2">{{ translate('serverWizard', 'importServerButton', data['lang']) }}</button>
                     <button type="reset" class="btn btn-danger mr-2">{{ translate('serverWizard', 'resetForm', data['lang']) }}</button>
                   </div>
                 </div>
@@ -300,6 +313,31 @@
         </div>
       </div>
 </div>
+<div class="modal fade" id="dir_select" tabindex="-1" role="dialog" aria-labelledby="dir_select" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h5 class="modal-title" id="exampleModalLongTitle">Modal title</h5>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body">
+        <div class="tree-ctx-item" data-path="">
+          <span id="main-tree" class="files-tree-title tree-caret-down root-dir" data-path="">
+            <i class="far fa-folder"></i>
+            <i class="far fa-folder-open"></i>
+            {{ translate('serverFiles', 'files', data['lang']) }}
+            </span>
+        </div>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+        <button type="button" onclick="" class="btn btn-primary">Save changes</button>
+      </div>
+    </div>
+  </div>
+</div>
 <style>
 .scroll {
     max-height: 12em;
@@ -333,6 +371,26 @@
 {% end %}
 
 {% block js%}
+<script>
+  document.getElementById("root_files_button").addEventListener("click", function(){
+    if(document.forms["zip"]["server_path"].value != ""){
+    path = document.getElementById('server_path')
+    var token = getCookie("_xsrf")
+    $.ajax({
+      type: "POST",
+      headers: {'X-XSRFToken': token},
+      url: '/ajax/unzip_server',
+      data: {
+        path: path,
+        server_id: '-1'
+      },
+    });
+  }else{
+    bootbox.alert("You must input a path before selecting this button");
+  }
+  });
+
+</script>
 
 <script>
 function dropDown(event) {
@@ -366,10 +424,15 @@ function hide(event) {
   function wait_msg(importing){
     bootbox.alert({
         title: importing ? '{% raw translate("serverWizard", "importing", data['lang']) %}' : '{% raw translate("serverWizard", "downloading", data['lang']) %}',
-        message: '<i class="fas fa-cloud-download"></i> {% raw translate("serverWizard", "bePatient", data['lang']) %}'
+        message: '<i class="fas fa-cloud-download"></i> {% raw translate("serverWizard", "bePatient", data['lang']) %}',
       });
   }
 
+  function show_file_tree(){
+    $("#dir_select").modal();
+  }
+  
+
   function check_sizes(a, b, changed){
     max_mem = parseFloat(a.val());
     min_mem = parseFloat(b.val());
@@ -381,6 +444,104 @@ function hide(event) {
     }
   }
 
+  var fileList = document.getElementById("files");
+  fileList.addEventListener("change", function (e) {
+      var list = "";
+      for (var i = 0; i < this.files.length; i++) {
+          list += "<li class='col-xs-12 file-list'>" + this.files[i].name + "</li>"
+      }
+
+      document.getElementById("fileList").innerHTML = list;
+  }, false);
+});
+  }
+    function getTreeView(event) {
+
+      path = '/'
+
+      $.ajax({
+        type: "GET",
+        url: '/ajax/get_tree?id=1&path='+path,
+        dataType: 'text',
+        success: function(data){
+          console.log("got response:");
+          console.log(data);
+
+          dataArr = data.split('\n');
+          serverDir = dataArr.shift(); // Remove & return first element (server directory)
+          text = dataArr.join('\n');
+
+          try{
+            document.getElementById(path).innerHTML += text;
+            event.target.parentElement.classList.add("clicked");
+          }catch{
+            document.getElementById('files-tree').innerHTML = text;
+          }
+          
+
+          document.getElementsByClassName('files-tree-title')[0].setAttribute('data-path', serverDir);
+          document.getElementsByClassName('files-tree-title')[0].setAttribute('data-name', 'Files');
+
+          setTimeout(function () {setTreeViewContext()}, 1000);
+        },
+      });
+    }
+
+    function getToggleMain(event) {
+      path = event.target.parentElement.getAttribute('data-path');
+          document.getElementById("files-tree").classList.toggle("d-block");
+          document.getElementById(path+"span").classList.toggle("tree-caret-down");
+          document.getElementById(path+"span").classList.toggle("tree-caret");
+      }
+
+    function getDirView(event) {
+        path = event.target.parentElement.getAttribute('data-path');
+
+        if (document.getElementById(path).classList.contains('clicked')){
+
+        var toggler = document.getElementById(path+"span");
+
+        if (toggler.classList.contains('files-tree-title')){
+            document.getElementById(path+"ul").classList.toggle("d-block");
+            document.getElementById(path+"span").classList.toggle("tree-caret-down");
+        }
+        return;
+      }else{
+      $.ajax({
+        type: "GET",
+        url: '/ajax/get_dir?id=1&path='+path,
+        dataType: 'text',
+        success: function(data){
+          console.log("got response:");
+
+          dataArr = data.split('\n');
+          serverDir = dataArr.shift(); // Remove & return first element (server directory)
+          text = dataArr.join('\n');
+
+          try{
+            document.getElementById(path+"span").classList.add('tree-caret-down');
+            document.getElementById(path).innerHTML += text;
+            document.getElementById(path).classList.add("clicked");
+          }catch{
+            console.log("Bad")
+          }
+
+          setTimeout(function () {setTreeViewContext()}, 1000);
+
+          var toggler = document.getElementById(path);
+  
+            if (toggler.classList.contains('files-tree-title')){
+            document.getElementById(path+"span").addEventListener("click", function caretListener() {
+              document.getElementById(path+"ul").classList.toggle("d-block");
+              document.getElementById(path+"span").classList.toggle("tree-caret-down");
+            });
+          }
+        },
+      });
+    }
+    }
+
+
 </script>
 <script type="text/javascript">
   //<![CDATA[
diff --git a/app/translations/en_EN.json b/app/translations/en_EN.json
index acdafa45..ee46d7c5 100644
--- a/app/translations/en_EN.json
+++ b/app/translations/en_EN.json
@@ -279,7 +279,10 @@
     "panelConfig": {
         "save": "Save",
         "cancel": "Cancel",
-        "delete": "Delete"
+        "delete": "Delete",
+        "superConfirmTitle": "Enable Super User? Are you sure?",
+        "superConfirm": "Proceed only if you want this user to have access to EVERYTHING (all user accounts, servers, panel configs, etc). They can even remove your super user access."
+
     },
     "datatables": {
         "i18n": {

From b815cf38a8b334f0f034346ab13d8a79eee2fcf8 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 22:21:28 -0500
Subject: [PATCH 2/8] Zip import semi broken. Need to figure out why temp dir
 is not being passed correctly Need to make sure tempdir gets deleted.

---
 app/classes/shared/helpers.py             |  64 ++++++++-
 app/classes/web/ajax_handler.py           |  23 +++-
 app/classes/web/server_handler.py         |  10 +-
 app/frontend/templates/server/wizard.html | 152 ++++++++++++++--------
 4 files changed, 181 insertions(+), 68 deletions(-)

diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py
index f4ee7611..e4b6d1b4 100644
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@@ -18,6 +18,7 @@ from requests import get
 from contextlib import suppress
 import ctypes
 import telnetlib
+from app.classes.web.websocket_helper import websocket_helper
 
 from datetime import datetime
 from socket import gethostname
@@ -731,12 +732,67 @@ class Helpers:
         return output
 
     @staticmethod
-    def unzipServer(zip_path):
-         tempDir = tempfile.mkdtemp()
-         with zipfile.ZipFile(zip_path, 'r') as zip_ref:
+    def generate_zip_tree(folder, output=""):
+        file_list = os.listdir(folder)
+        file_list = sorted(file_list, key=str.casefold)
+        output += \
+    """<ul class="tree-nested d-block" id="{}ul">"""\
+        .format(folder)
+        for raw_filename in file_list:
+            filename = html.escape(raw_filename)
+            rel = os.path.join(folder, raw_filename)
+            if os.path.isdir(rel):
+                output += \
+                    """<li class="tree-item" data-path="{}">
+                    \n<div id="{}" data-path="{}" data-name="{}" class="tree-caret tree-ctx-item tree-folder">
+                    <input type="radio" name="root_path" value="{}">
+                    <span id="{}span" class="files-tree-title" data-path="{}" data-name="{}" onclick="getDirView(event)">
+                      <i class="far fa-folder"></i>
+                      <i class="far fa-folder-open"></i>
+                      {}
+                      </span>
+                    </input></div><li>
+                    \n"""\
+                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
+        return output
+
+    @staticmethod
+    def generate_zip_dir(folder, output=""):
+        file_list = os.listdir(folder)
+        file_list = sorted(file_list, key=str.casefold)
+        output += \
+    """<ul class="tree-nested d-block" id="{}ul">"""\
+        .format(folder)
+        for raw_filename in file_list:
+            filename = html.escape(raw_filename)
+            rel = os.path.join(folder, raw_filename)
+            if os.path.isdir(rel):
+                output += \
+                    """<li class="tree-item" data-path="{}">
+                    \n<div id="{}" data-path="{}" data-name="{}" class="tree-caret tree-ctx-item tree-folder">
+                    <input type="radio" name="root_path" value="{}">
+                    <span id="{}span" class="files-tree-title" data-path="{}" data-name="{}" onclick="getDirView(event)">
+                      <i class="far fa-folder"></i>
+                      <i class="far fa-folder-open"></i>
+                      {}
+                      </span>
+                    </input></div><li>"""\
+                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
+        return output
+
+    def unzipServer(self, zip_path, user_id):
+        temp_uuid = str(uuid.uuid4()) + 'temp'
+        servers_path = str(self.get_servers_root_dir())
+        tempDir = os.path.join(servers_path, temp_uuid)
+        os.mkdir(tempDir)
+        with zipfile.ZipFile(zip_path, 'r') as zip_ref:
             #extracts archive to temp directory
             zip_ref.extractall(tempDir)
-            return tempDir
+        if user_id:
+            websocket_helper.broadcast_user(user_id, 'send_temp_path',{
+            'path': tempDir 
+            })
+        return
 
     @staticmethod
     def in_path(parent_path, child_path):
diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py
index ebca1582..b22722fe 100644
--- a/app/classes/web/ajax_handler.py
+++ b/app/classes/web/ajax_handler.py
@@ -134,6 +134,22 @@ class AjaxHandler(BaseHandler):
                         helper.generate_tree(path))
             self.finish()
         
+        elif page == "get_zip_tree":
+            server_id = self.get_argument('id', None)
+            path = self.get_argument('path', None)
+
+            self.write(helper.get_os_understandable_path(path) + '\n' +
+                        helper.generate_zip_tree(path))
+            self.finish()
+
+        elif page == "get_zip_dir":
+            server_id = self.get_argument('id', None)
+            path = self.get_argument('path', None)
+
+            self.write(helper.get_os_understandable_path(path) + '\n' +
+                        helper.generate_zip_dir(path))
+            self.finish()
+        
         elif page == "get_dir":
             server_id = self.get_argument('id', None)
             path = self.get_argument('path', None)
@@ -277,12 +293,9 @@ class AjaxHandler(BaseHandler):
                 self.redirect('/panel/dashboard')
 
         elif page == "unzip_server":
-            print("in unzip server")
             path = self.get_argument('path', None)
-            logger.info(
-                "Removing server from panel for server: {}".format(self.controller.servers.get_server_friendly_name(server_id)))
-            self.controller.remove_server(server_id, False)
-            return "test"
+            helper.unzipServer(path, exec_user_id)
+            return
                 
 
     @tornado.web.authenticated
diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py
index bff818f1..106542c0 100644
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@@ -191,12 +191,14 @@ class ServerHandler(BaseHandler):
                                            self.get_remote_ip())
             elif import_type == 'import_zip':
                 # here import_server_path means the zip path
-                good_path = self.controller.verify_zip_server(import_server_path)
+                zip_path = bleach.clean(self.get_argument('root_path'))
+                print(zip_path)
+                good_path = helper.check_path_exists(zip_path)
                 if not good_path:
-                    self.redirect("/panel/error?error=Zip file not found!")
+                    self.redirect("/panel/error?error=Temp path not found!")
                     return
 
-                new_server_id = self.controller.import_zip_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port)
+                new_server_id = self.controller.import_zip_server(server_name, import_server_path, import_server_jar, min_mem, max_mem, port)
                 if new_server_id == "false":
                     self.redirect("/panel/error?error=Zip file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path))
                     return
@@ -204,6 +206,8 @@ class ServerHandler(BaseHandler):
                                            "imported a zip server named \"{}\"".format(server_name), # Example: Admin imported a server named "old creative"
                                            new_server_id,
                                            self.get_remote_ip())
+                #deletes temp dir
+                shutil.rmtree(zip_path)
             else:
                 if len(server_parts) != 2:
                     self.redirect("/panel/error?error=Invalid server data")
diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index b3db055e..e8238b78 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -302,6 +302,33 @@
                           <input type="text" class="form-control" id="zip_root_path" name="zip_root_path">
                         </div>
                       </div>
+                      <div class="modal fade" id="dir_select" tabindex="-1" role="dialog" aria-labelledby="dir_select" aria-hidden="true">
+                        <div class="modal-dialog" role="document">
+                          <div class="modal-content">
+                            <div class="modal-header">
+                              <h5 class="modal-title" id="exampleModalLongTitle">Select Root Dir</h5>
+                              <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                                <span aria-hidden="true">&times;</span>
+                              </button>
+                            </div>
+                            <div class="modal-body">
+                              <div class="tree-ctx-item" data-path="" style="overflow: scroll; max-height:75%;">
+                                <input type="radio" id="main-tree-input" name="root_path" value="" checked>
+                                  <span id="main-tree" class="files-tree-title tree-caret-down root-dir" data-path="">
+                                    <i class="far fa-folder"></i>
+                                    <i class="far fa-folder-open"></i>
+                                    {{ translate('serverFiles', 'files', data['lang']) }}
+                                    </span>
+                                </input>
+                              </div>
+                            </div>
+                            <div class="modal-footer">
+                              <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+                              <button type="button" id="modal-okay" data-dismiss="modal" class="btn btn-primary">Save changes</button>
+                            </div>
+                          </div>
+                        </div>
+                      </div>
                     </div>
                     <button id="zip_submit" type="submit" title="You must select server root dir first" disabled class="btn btn-primary mr-2">{{ translate('serverWizard', 'importServerButton', data['lang']) }}</button>
                     <button type="reset" class="btn btn-danger mr-2">{{ translate('serverWizard', 'resetForm', data['lang']) }}</button>
@@ -313,31 +340,6 @@
         </div>
       </div>
 </div>
-<div class="modal fade" id="dir_select" tabindex="-1" role="dialog" aria-labelledby="dir_select" aria-hidden="true">
-  <div class="modal-dialog" role="document">
-    <div class="modal-content">
-      <div class="modal-header">
-        <h5 class="modal-title" id="exampleModalLongTitle">Modal title</h5>
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
-          <span aria-hidden="true">&times;</span>
-        </button>
-      </div>
-      <div class="modal-body">
-        <div class="tree-ctx-item" data-path="">
-          <span id="main-tree" class="files-tree-title tree-caret-down root-dir" data-path="">
-            <i class="far fa-folder"></i>
-            <i class="far fa-folder-open"></i>
-            {{ translate('serverFiles', 'files', data['lang']) }}
-            </span>
-        </div>
-      </div>
-      <div class="modal-footer">
-        <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
-        <button type="button" onclick="" class="btn btn-primary">Save changes</button>
-      </div>
-    </div>
-  </div>
-</div>
 <style>
 .scroll {
     max-height: 12em;
@@ -367,6 +369,44 @@
     z-index: 100;
 }
 </style>
+<style>
+  /* Remove default bullets */
+ .tree-view,
+ .tree-nested {
+   list-style-type: none;
+   margin: 0;
+   padding: 0;
+   margin-left: 10px;
+ }
+
+ /* Style the items */
+ .tree-item,
+ .files-tree-title {
+   cursor: pointer;
+   user-select: none; /* Prevent text selection */
+ }
+
+ /* Create the caret/arrow with a unicode, and style it */
+ .tree-caret .fa-folder {
+   display: inline-block;
+ }
+ .tree-caret .fa-folder-open {
+   display: none;
+ }
+
+ /* Rotate the caret/arrow icon when clicked on (using JavaScript) */
+ .tree-caret-down .fa-folder {
+   display: none;
+ }
+ .tree-caret-down .fa-folder-open {
+   display: inline-block;
+ }
+
+ /* Hide the nested list */
+ .tree-nested {
+   display: none;
+ }
+</style>
 
 {% end %}
 
@@ -374,22 +414,30 @@
 <script>
   document.getElementById("root_files_button").addEventListener("click", function(){
     if(document.forms["zip"]["server_path"].value != ""){
-    path = document.getElementById('server_path')
-    var token = getCookie("_xsrf")
+      if(document.getElementById('root_files_button').classList.contains('clicked')){
+        document.getElementById('main-tree').innerHTML = '<i class="far fa-folder"></i><i class="far fa-folder-open"></i>{{ translate("serverFiles", "files", data["lang"]) }}</span>'
+      }else{
+        document.getElementById('root_files_button').classList.add('clicked')
+      }
+    path = document.forms["zip"]["server_path"].value;
+    console.log(document.forms["zip"]["server_path"].value)
+    var token = getCookie("_xsrf");
+    var dialog = bootbox.dialog({
+      message: '<p class="text-center mb-0"><i class="fa fa-spin fa-cog"></i> Please wait while we gather your files...</p>',
+      closeButton: false
+  });
+  setTimeout(function(){
+    dialog.modal('hide');
+}, 2000);
     $.ajax({
       type: "POST",
       headers: {'X-XSRFToken': token},
-      url: '/ajax/unzip_server',
-      data: {
-        path: path,
-        server_id: '-1'
-      },
+      url: '/ajax/unzip_server?id=-1&path='+path,
     });
   }else{
     bootbox.alert("You must input a path before selecting this button");
   }
   });
-
 </script>
 
 <script>
@@ -431,7 +479,6 @@ function hide(event) {
   function show_file_tree(){
     $("#dir_select").modal();
   }
-  
 
   function check_sizes(a, b, changed){
     max_mem = parseFloat(a.val());
@@ -444,24 +491,13 @@ function hide(event) {
     }
   }
 
-  var fileList = document.getElementById("files");
-  fileList.addEventListener("change", function (e) {
-      var list = "";
-      for (var i = 0; i < this.files.length; i++) {
-          list += "<li class='col-xs-12 file-list'>" + this.files[i].name + "</li>"
-      }
-
-      document.getElementById("fileList").innerHTML = list;
-  }, false);
-});
-  }
-    function getTreeView(event) {
-
-      path = '/'
+    function getTreeView(path) {
+      document.getElementById('zip_submit').disabled = false;
+      path = path
 
       $.ajax({
         type: "GET",
-        url: '/ajax/get_tree?id=1&path='+path,
+        url: '/ajax/get_zip_tree?id=-1&path='+path,
         dataType: 'text',
         success: function(data){
           console.log("got response:");
@@ -472,8 +508,8 @@ function hide(event) {
           text = dataArr.join('\n');
 
           try{
-            document.getElementById(path).innerHTML += text;
-            event.target.parentElement.classList.add("clicked");
+            document.getElementById('main-tree').innerHTML += text;
+            document.getElementById('main-tree').parentElement.classList.add("clicked");
           }catch{
             document.getElementById('files-tree').innerHTML = text;
           }
@@ -482,7 +518,6 @@ function hide(event) {
           document.getElementsByClassName('files-tree-title')[0].setAttribute('data-path', serverDir);
           document.getElementsByClassName('files-tree-title')[0].setAttribute('data-name', 'Files');
 
-          setTimeout(function () {setTreeViewContext()}, 1000);
         },
       });
     }
@@ -493,6 +528,7 @@ function hide(event) {
           document.getElementById(path+"span").classList.toggle("tree-caret-down");
           document.getElementById(path+"span").classList.toggle("tree-caret");
       }
+    
 
     function getDirView(event) {
         path = event.target.parentElement.getAttribute('data-path');
@@ -509,7 +545,7 @@ function hide(event) {
       }else{
       $.ajax({
         type: "GET",
-        url: '/ajax/get_dir?id=1&path='+path,
+        url: '/ajax/get_zip_dir?id=-1&path='+path,
         dataType: 'text',
         success: function(data){
           console.log("got response:");
@@ -526,8 +562,6 @@ function hide(event) {
             console.log("Bad")
           }
 
-          setTimeout(function () {setTreeViewContext()}, 1000);
-
           var toggler = document.getElementById(path);
   
             if (toggler.classList.contains('files-tree-title')){
@@ -540,7 +574,13 @@ function hide(event) {
       });
     }
     }
-
+    if (webSocket) {
+      webSocket.on('send_temp_path', function (data) {
+        document.getElementById('main-tree-input').setAttribute('data-path', data.path)
+        getTreeView(data.path);
+        show_file_tree();
+      });
+    }
 
 </script>
 <script type="text/javascript">

From deeff1717b232d4af1279ae27c62976d7e974b01 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 22:27:43 -0500
Subject: [PATCH 3/8] adding tempdir back

---
 app/classes/shared/helpers.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py
index e4b6d1b4..a24019c5 100644
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@@ -780,11 +780,9 @@ class Helpers:
                         .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
         return output
 
-    def unzipServer(self, zip_path, user_id):
-        temp_uuid = str(uuid.uuid4()) + 'temp'
-        servers_path = str(self.get_servers_root_dir())
-        tempDir = os.path.join(servers_path, temp_uuid)
-        os.mkdir(tempDir)
+    @staticmethod
+    def unzipServer(zip_path, user_id):
+        tempDir = tempfile.mkdtemp()
         with zipfile.ZipFile(zip_path, 'r') as zip_ref:
             #extracts archive to temp directory
             zip_ref.extractall(tempDir)

From 4d636cce1bbccf5958e3291a2713489a4dffc4dd Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 22:49:03 -0500
Subject: [PATCH 4/8] add working zip import selection functionality

---
 app/classes/shared/helpers.py             | 21 ++++++-------
 app/classes/shared/main_controller.py     | 36 ++++++++++-------------
 app/classes/web/server_handler.py         |  3 +-
 app/frontend/templates/server/wizard.html |  2 +-
 4 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py
index a24019c5..da882b10 100644
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@@ -753,7 +753,7 @@ class Helpers:
                       </span>
                     </input></div><li>
                     \n"""\
-                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
+                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
         return output
 
     @staticmethod
@@ -777,19 +777,20 @@ class Helpers:
                       {}
                       </span>
                     </input></div><li>"""\
-                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
+                        .format(os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, os.path.join(folder, filename), os.path.join(folder, filename), os.path.join(folder, filename), filename, filename)
         return output
 
     @staticmethod
     def unzipServer(zip_path, user_id):
-        tempDir = tempfile.mkdtemp()
-        with zipfile.ZipFile(zip_path, 'r') as zip_ref:
-            #extracts archive to temp directory
-            zip_ref.extractall(tempDir)
-        if user_id:
-            websocket_helper.broadcast_user(user_id, 'send_temp_path',{
-            'path': tempDir 
-            })
+        if helper.check_file_perms(zip_path):
+            tempDir = tempfile.mkdtemp()
+            with zipfile.ZipFile(zip_path, 'r') as zip_ref:
+                #extracts archive to temp directory
+                zip_ref.extractall(tempDir)
+            if user_id:
+                websocket_helper.broadcast_user(user_id, 'send_temp_path',{
+                'path': tempDir 
+                })
         return
 
     @staticmethod
diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py
index 8f273c54..109af258 100644
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@@ -296,26 +296,22 @@ class Controller:
         new_server_dir = os.path.join(helper.servers_dir, server_id)
         backup_path = os.path.join(helper.backup_path, server_id)
         tempDir = helper.get_os_understandable_path(zip_path)
-
-        if helper.check_file_perms(zip_path):
-            helper.ensure_dir_exists(new_server_dir)
-            helper.ensure_dir_exists(backup_path)
-            has_properties = False
-            #extracts archive to temp directory
-            for item in os.listdir(tempDir):
-                if str(item) == 'server.properties':
-                    has_properties = True
-                try:
-                    shutil.move(os.path.join(tempDir, item), os.path.join(new_server_dir, item))
-                except Exception as ex:
-                    logger.error('ERROR IN ZIP IMPORT: {}'.format(ex))
-            if not has_properties:
-                logger.info("No server.properties found on zip file import. Creating one with port selection of {}".format(str(port)))
-                with open(os.path.join(new_server_dir, "server.properties"), "w") as f:
-                    f.write("server-port={}".format(port))
-                    f.close()
-        else:
-            return "false"
+        helper.ensure_dir_exists(new_server_dir)
+        helper.ensure_dir_exists(backup_path)
+        has_properties = False
+        #extracts archive to temp directory
+        for item in os.listdir(tempDir):
+            if str(item) == 'server.properties':
+                has_properties = True
+            try:
+                shutil.move(os.path.join(tempDir, item), os.path.join(new_server_dir, item))
+            except Exception as ex:
+                logger.error('ERROR IN ZIP IMPORT: {}'.format(ex))
+        if not has_properties:
+            logger.info("No server.properties found on zip file import. Creating one with port selection of {}".format(str(port)))
+            with open(os.path.join(new_server_dir, "server.properties"), "w") as f:
+                f.write("server-port={}".format(port))
+                f.close()
 
         full_jar_path = os.path.join(new_server_dir, server_jar)
         server_command = 'java -Xms{}M -Xmx{}M -jar {} nogui'.format(helper.float_to_string(min_mem),
diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py
index 106542c0..5ab73993 100644
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@@ -192,13 +192,12 @@ class ServerHandler(BaseHandler):
             elif import_type == 'import_zip':
                 # here import_server_path means the zip path
                 zip_path = bleach.clean(self.get_argument('root_path'))
-                print(zip_path)
                 good_path = helper.check_path_exists(zip_path)
                 if not good_path:
                     self.redirect("/panel/error?error=Temp path not found!")
                     return
 
-                new_server_id = self.controller.import_zip_server(server_name, import_server_path, import_server_jar, min_mem, max_mem, port)
+                new_server_id = self.controller.import_zip_server(server_name, zip_path, import_server_jar, min_mem, max_mem, port)
                 if new_server_id == "false":
                     self.redirect("/panel/error?error=Zip file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path))
                     return
diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index e8238b78..95e41f8e 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -576,7 +576,7 @@ function hide(event) {
     }
     if (webSocket) {
       webSocket.on('send_temp_path', function (data) {
-        document.getElementById('main-tree-input').setAttribute('data-path', data.path)
+        document.getElementById('main-tree-input').setAttribute('value', data.path)
         getTreeView(data.path);
         show_file_tree();
       });

From 3546d501429fb7c8c7e7af007fbac370a476a1d4 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 22:58:13 -0500
Subject: [PATCH 5/8] add english translation for zip imports

---
 app/frontend/templates/server/wizard.html | 10 +++++-----
 app/translations/en_EN.json               |  8 +++++++-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index 95e41f8e..45f5baf0 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -231,9 +231,9 @@
 
                     <div class="col-sm-12">
                       <div class="form-group">
-                        <label for="server">{{ translate('serverWizard', 'zipPath', data['lang']) }} Select Root Dir <small>{{ translate('serverWizard', 'absoluteZipPath', data['lang']) }}</small></label>
+                        <label for="server">{{ translate('serverWizard', 'selectRoot', data['lang']) }} <small>{{ translate('serverWizard', 'explainRoot', data['lang']) }}</small></label>
                         <br>
-                        <button class="btn btn-primary mr-2" id="root_files_button" type="button">Click here to select Root Dir</button>
+                        <button class="btn btn-primary mr-2" id="root_files_button" type="button">{{ translate('serverWizard', 'clickRoot', data['lang']) }}</button>
                       </div>
                     </div>
                     
@@ -306,7 +306,7 @@
                         <div class="modal-dialog" role="document">
                           <div class="modal-content">
                             <div class="modal-header">
-                              <h5 class="modal-title" id="exampleModalLongTitle">Select Root Dir</h5>
+                              <h5 class="modal-title" id="exampleModalLongTitle">{{ translate('serverWizard', 'selectZipDir', data['lang']) }}</h5>
                               <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                                 <span aria-hidden="true">&times;</span>
                               </button>
@@ -323,8 +323,8 @@
                               </div>
                             </div>
                             <div class="modal-footer">
-                              <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
-                              <button type="button" id="modal-okay" data-dismiss="modal" class="btn btn-primary">Save changes</button>
+                              <button type="button" class="btn btn-secondary" data-dismiss="modal">{{ translate('serverWizard', 'close', data['lang']) }}</button>
+                              <button type="button" id="modal-okay" data-dismiss="modal" class="btn btn-primary">{{ translate('serverWizard', 'save', data['lang']) }}</button>
                             </div>
                           </div>
                         </div>
diff --git a/app/translations/en_EN.json b/app/translations/en_EN.json
index ee46d7c5..28a774dd 100644
--- a/app/translations/en_EN.json
+++ b/app/translations/en_EN.json
@@ -68,7 +68,13 @@
         "downloading": "Downloading Server...",
         "addRole": "Add Server to Existing Role(s)",
         "autoCreate": "If none are selected Crafty will make one!",
-        "selectRole": "Select Role(s)"
+        "selectRole": "Select Role(s)",
+        "selectZipDir": "Select the directory in the archive you want us to unzip files from",
+        "close": "Close",
+        "save": "Save",
+        "selectRoot": "Select Archive Root Dir",
+        "clickRoot": "Click here to select Root Dir",
+        "explainRoot": "Please click the button below to select your server's root dir inside of the archive"
     },
     "dashboard": {
         "dashboard": "Dashboard",

From db6a886e0f2bb4dba9ea8a609e17d422767b40b2 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 23:16:11 -0500
Subject: [PATCH 6/8] Fix minor bugs in super user activation. Add 'are you
 sure' to delete user

---
 app/classes/web/panel_handler.py              |  6 ++++-
 .../templates/panel/panel_edit_user.html      | 27 ++++++++++++++++++-
 app/translations/en_EN.json                   |  4 +++
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 090f39c7..b1e61c5c 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -448,6 +448,10 @@ class PanelHandler(BaseHandler):
             page_data['quantity_server'] = self.controller.crafty_perms.list_all_crafty_permissions_quantity_limits()
             page_data['languages'] = []
             page_data['languages'].append(self.controller.users.get_user_lang_by_id(exec_user_id))
+            if exec_user['superuser']:
+                page_data['super-disabled'] = ''
+            else:
+                page_data['super-disabled'] = 'disabled'
             for file in os.listdir(os.path.join(helper.root_dir, 'app', 'translations')):
                 if file.endswith('.json'):
                     if file != str(page_data['languages'][0] + '.json'):
@@ -1012,7 +1016,7 @@ class PanelHandler(BaseHandler):
                 else:
                     server_quantity[permission.name] = 0
 
-            user_id = self.controller.users.add_user(username, password=password0, email=email, enabled=enabled)
+            user_id = self.controller.users.add_user(username, password=password0, email=email, enabled=enabled, superuser=superuser)
             user_data = {
                 "roles": roles,
                 'lang': lang
diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html
index 8e884f9f..0807932d 100644
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@@ -229,7 +229,7 @@
                             <a class="btn btn-sm btn-danger disabled"><i class="fas fa-trash"></i> Delete User</a><br />
                             <small>You cannot delete a superuser</small>
                         {% else %}
-                            <a href="/panel/remove_user?id={{ data['user']['user_id'] }}" class="btn btn-sm btn-danger"><i class="fas fa-trash"></i> Delete User</a>
+                            <button class="btn btn-sm btn-danger delete-user"><i class="fas fa-trash"></i> Delete User</a>
                         {% end %}
 
                     </div>
@@ -250,6 +250,31 @@
 
 {% block js %}
 <script>
+  $( ".delete-user" ).click(function() {
+    var file_to_del = $(this).data("file");
+
+    console.log("User to delete is {{ data['user']['username']  }}");
+
+    bootbox.confirm({
+        title: "{% raw translate('usersConfig', 'deleteUser', data['lang']) %}"+"{{ data['user']['username']  }}",
+        message: "{{ translate('usersConfig', 'confirmDelete', data['lang']) }}",
+        buttons: {
+            cancel: {
+                label: '<i class="fas fa-times"></i> {{ translate("serverBackups", "cancel", data['lang']) }}'
+            },
+            confirm: {
+              className: 'btn-outline-danger',
+                label: '<i class="fas fa-check"></i> {{ translate("serverBackups", "confirm", data['lang']) }}'
+            }
+        },
+        callback: function (result) {
+            console.log(result);
+            if (result == true) {
+              location.href="/panel/remove_user?id={{ data['user']['user_id'] }}";
+            }
+        }
+    });
+});
 
   function superConfirm() {
     if (document.getElementById('superuser').checked){
diff --git a/app/translations/en_EN.json b/app/translations/en_EN.json
index 28a774dd..bcee0cb3 100644
--- a/app/translations/en_EN.json
+++ b/app/translations/en_EN.json
@@ -76,6 +76,10 @@
         "clickRoot": "Click here to select Root Dir",
         "explainRoot": "Please click the button below to select your server's root dir inside of the archive"
     },
+    "usersConfig":{
+        "deleteUser": "Delete user: ",
+        "confirmDelete": "Are you sure you want to delete this user? This action is irreversible."
+    },
     "dashboard": {
         "dashboard": "Dashboard",
         "memUsage": "Memory Usage",

From 70cc90549d084c0a08328021568425b2f89c4432 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 23:34:11 -0500
Subject: [PATCH 7/8] Minor fixes to user deletion. Allow users with user
 permissions to delete users...wow. How many times can I say user?

---
 app/classes/web/panel_handler.py                  | 12 ++++++++----
 app/frontend/templates/panel/panel_edit_user.html |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index b1e61c5c..baf6b506 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -16,8 +16,8 @@ from app.classes.shared.main_models import Users, installer
 from app.classes.web.base_handler import BaseHandler
 
 from app.classes.models.servers import Servers
-from app.classes.models.server_permissions import Enum_Permissions_Server
-from app.classes.models.crafty_permissions import Enum_Permissions_Crafty
+from app.classes.models.server_permissions import Enum_Permissions_Server, Permissions_Servers
+from app.classes.models.crafty_permissions import Enum_Permissions_Crafty, Permissions_Crafty
 from app.classes.models.management import management_helper
 
 from app.classes.shared.helpers import helper
@@ -510,10 +510,14 @@ class PanelHandler(BaseHandler):
 
         elif page == "remove_user":
             user_id = bleach.clean(self.get_argument('id', None))
-
-            if not exec_user['superuser']:
+            
+            if not exec_user['superuser'] and Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
                 self.redirect("/panel/error?error=Unauthorized access: not superuser")
                 return
+
+            elif str(exec_user_id) == str(user_id):
+                self.redirect("/panel/error?error=Unauthorized access: you cannot delete yourself")
+                return
             elif user_id is None:
                 self.redirect("/panel/error?error=Invalid User ID")
                 return
diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html
index 0807932d..6206458f 100644
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@@ -286,6 +286,7 @@
               label: '<i class="fa fa-times"></i> {{ translate('panelConfig', 'cancel', data['lang']) }}'
           },
           confirm: {
+            className: 'btn-outline-warning',
               label: '<i class="fa fa-check"></i> {{ translate('serverBackups', 'confirm', data['lang']) }}'
           }
       },

From 2cd15ba73894bfe96a8f3239920a8646ac0861e7 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 23:47:10 -0500
Subject: [PATCH 8/8] Fix tree-caret on zip imports

---
 app/frontend/templates/server/wizard.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index 45f5baf0..7f82fd29 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -312,7 +312,7 @@
                               </button>
                             </div>
                             <div class="modal-body">
-                              <div class="tree-ctx-item" data-path="" style="overflow: scroll; max-height:75%;">
+                              <div class="tree-ctx-item" id="main-tree-div" data-path="" style="overflow: scroll; max-height:75%;">
                                 <input type="radio" id="main-tree-input" name="root_path" value="" checked>
                                   <span id="main-tree" class="files-tree-title tree-caret-down root-dir" data-path="">
                                     <i class="far fa-folder"></i>
@@ -415,7 +415,7 @@
   document.getElementById("root_files_button").addEventListener("click", function(){
     if(document.forms["zip"]["server_path"].value != ""){
       if(document.getElementById('root_files_button').classList.contains('clicked')){
-        document.getElementById('main-tree').innerHTML = '<i class="far fa-folder"></i><i class="far fa-folder-open"></i>{{ translate("serverFiles", "files", data["lang"]) }}</span>'
+        document.getElementById('main-tree-div').innerHTML = '<input type="radio" id="main-tree-input" name="root_path" value="" checked><span id="main-tree" class="files-tree-title tree-caret-down root-dir" data-path=""><i class="far fa-folder"></i><i class="far fa-folder-open"></i>{{ translate('serverFiles', 'files', data['lang']) }}</span></input>'
       }else{
         document.getElementById('root_files_button').classList.add('clicked')
       }
@@ -508,7 +508,7 @@ function hide(event) {
           text = dataArr.join('\n');
 
           try{
-            document.getElementById('main-tree').innerHTML += text;
+            document.getElementById('main-tree-div').innerHTML += text;
             document.getElementById('main-tree').parentElement.classList.add("clicked");
           }catch{
             document.getElementById('files-tree').innerHTML = text;