diff --git a/src/api/account/create.php b/src/api/account/create.php index 57aa3e0..bc9384c 100644 --- a/src/api/account/create.php +++ b/src/api/account/create.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -29,7 +29,7 @@ include_once __DIR__ . '/../../misc/utilities.php'; $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); $data = json_decode(file_get_contents("php://input")); @@ -53,7 +53,7 @@ if ((!empty($data->username) || !empty($data->phone)) && (!empty($data->password $password->password = hash_password($account->username, generate_password(), $account->domain, $password->algorithm); } else { $password->password = empty($data->password) - ? hash_password($account->username, generate_password(), $account->domain, $password->algorithm) + ? hash_password($account->username, generate_password(), $account->domain, $password->algorithm) : $data->password; } if (!$password->create()) { @@ -88,5 +88,3 @@ if ((!empty($data->username) || !empty($data->phone)) && (!empty($data->password http_response_code(400); echo json_encode(array("message" => "Unable to create account, data is incomplete.")); } - -?> \ No newline at end of file diff --git a/src/api/account/delete.php b/src/api/account/delete.php index b9e792b..3e1977a 100644 --- a/src/api/account/delete.php +++ b/src/api/account/delete.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -31,14 +31,14 @@ $logger = Logger::getInstance(); $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); $data = json_decode(file_get_contents("php://input")); if (!empty($data->id) || !empty($data->username)) { if (!empty($data->id)) { $account->id = $data->id; - } else if (!empty($data->username)) { + } elseif (!empty($data->username)) { $account->username = $data->username; if (!empty($data->domain)) { $account->domain = $data->domain; @@ -48,7 +48,7 @@ if (!empty($data->id) || !empty($data->username)) { if ($account->getOne()) { $password = new Password($db); $password->account_id = $account->id; - + $alias = new Alias($db); $alias->account_id = $account->id; @@ -77,6 +77,3 @@ if (!empty($data->id) || !empty($data->username)) { http_response_code(400); echo json_encode(array("message" => "Unable to delete account, data is incomplete.")); } - - -?> \ No newline at end of file diff --git a/src/api/account/get.php b/src/api/account/get.php index 35f8b44..f25b314 100644 --- a/src/api/account/get.php +++ b/src/api/account/get.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -28,7 +28,7 @@ include_once __DIR__ . '/../../objects/alias.php'; $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); $account->id = isset($_GET['id']) ? $_GET['id'] : null; $account->username = isset($_GET['username']) ? $_GET['username'] : null; @@ -68,5 +68,3 @@ if (!empty($account->id) && !empty($account->username) && !empty($account->domai http_response_code(404); echo json_encode(array("message" => "Account doesn't exist")); } - -?> \ No newline at end of file diff --git a/src/api/account/list.php b/src/api/account/list.php index 10fc607..2b93682 100644 --- a/src/api/account/list.php +++ b/src/api/account/list.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -26,7 +26,7 @@ include_once __DIR__ . '/../../objects/account.php'; $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); $stmt = $account->getAll(); @@ -52,5 +52,3 @@ if ($num > 0) { http_response_code(404); echo json_encode(array("message" => "No account found")); } - -?> \ No newline at end of file diff --git a/src/api/account/update.php b/src/api/account/update.php index 88316ed..dc97594 100644 --- a/src/api/account/update.php +++ b/src/api/account/update.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -31,14 +31,14 @@ $logger = Logger::getInstance(); $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); $data = json_decode(file_get_contents("php://input")); if (!empty($data->id) || !empty($data->username)) { if (!empty($data->id)) { $account->id = $data->id; - } else if (!empty($data->username)) { + } elseif (!empty($data->username)) { $account->username = $data->username; if (!empty($data->domain)) { $account->domain = $data->domain; @@ -53,7 +53,7 @@ if (!empty($data->id) || !empty($data->username)) { $password = new Password($db); $password->account_id = $account->id; - + $alias = new Alias($db); $alias->account_id = $account->id; @@ -104,5 +104,3 @@ if (!empty($data->id) || !empty($data->username)) { http_response_code(400); echo json_encode(array("message" => "Unable to update account, data is incomplete.")); } - -?> \ No newline at end of file diff --git a/src/database/database.php b/src/database/database.php index 415059a..17e5771 100644 --- a/src/database/database.php +++ b/src/database/database.php @@ -1,41 +1,41 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../config/config.php'; include_once __DIR__ . '/../misc/logging.php'; -class Database { +class Database +{ public $conn; - - public function getConnection() { + + public function getConnection() + { $this->conn = null; - + try { $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD); $this->conn->exec("set names utf8"); - } catch(PDOException $exception) { + } catch (PDOException $exception) { Logger::getInstance()->error("Connection error: " . $exception->getMessage()); } - + return $this->conn; } } - -?> \ No newline at end of file diff --git a/src/misc/email.php b/src/misc/email.php index 2fe432e..b12c79b 100644 --- a/src/misc/email.php +++ b/src/misc/email.php @@ -1,107 +1,110 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../config/config.php'; include_once __DIR__ . '/../misc/logging.php'; -function send_email($email, $subject, $text, $html) { - $site = EMAIL_SITE; - $from = EMAIL_FROM_ADDR; - $name = EMAIL_FROM_NAME; - $to = $email; - $from = $name." <".$from.">"; - - $limite = "_----------=_parties_".md5(uniqid (rand())); +function send_email($email, $subject, $text, $html) +{ + $site = EMAIL_SITE; + $from = EMAIL_FROM_ADDR; + $name = EMAIL_FROM_NAME; + $to = $email; + $from = $name." <".$from.">"; - $headers = "Reply-to: ".$from."\n"; - $headers .= "From: ".$from."\n"; - $headers .= "Return-Path: ".$from."\n"; - $headers .= "X-Sender: <".$site.">\n"; - $headers .= "X-Mailer: PHP\n"; - $headers .= "X-auth-smtp-user: ".$from." \n"; - $headers .= "X-abuse-contact: ".$from." \n"; - $headers .= "X-auth-smtp-user: ".$from." \n"; - $headers .= "X-abuse-contact: ".$from." \n"; - $headers .= "Date: ".date("D, j M Y G:i:s O")."\n"; - $headers .= "MIME-Version: 1.0\n"; - $headers .= "Content-Type: multipart/alternative; boundary=\"".$limite."\""; + $limite = "_----------=_parties_".md5(uniqid(rand())); - $message = ""; + $headers = "Reply-to: ".$from."\n"; + $headers .= "From: ".$from."\n"; + $headers .= "Return-Path: ".$from."\n"; + $headers .= "X-Sender: <".$site.">\n"; + $headers .= "X-Mailer: PHP\n"; + $headers .= "X-auth-smtp-user: ".$from." \n"; + $headers .= "X-abuse-contact: ".$from." \n"; + $headers .= "X-auth-smtp-user: ".$from." \n"; + $headers .= "X-abuse-contact: ".$from." \n"; + $headers .= "Date: ".date("D, j M Y G:i:s O")."\n"; + $headers .= "MIME-Version: 1.0\n"; + $headers .= "Content-Type: multipart/alternative; boundary=\"".$limite."\""; - $message .= "--".$limite."\n"; - $message .= "Content-Type: text/plain; charset=\"utf-8\"\n"; - $message .= "Content-Transfer-Encoding: 8bit\n\n"; - $message .= $text; + $message = ""; - $message .= "\n\n--".$limite."\n"; - $message .= "Content-Type: text/html; charset=\"utf-8\"\n"; - $message .= "Content-Transfer-Encoding: 8bit;\n\n"; - $message .= $html; + $message .= "--".$limite."\n"; + $message .= "Content-Type: text/plain; charset=\"utf-8\"\n"; + $message .= "Content-Transfer-Encoding: 8bit\n\n"; + $message .= $text; - $message .= "\n--".$limite."--"; + $message .= "\n\n--".$limite."\n"; + $message .= "Content-Type: text/html; charset=\"utf-8\"\n"; + $message .= "Content-Transfer-Encoding: 8bit;\n\n"; + $message .= $html; - $params = "-f" . EMAIL_FROM_ADDR . " -O DeliveryMode=b"; - $result = mail($email, $subject, $message, $headers, $params); - if (!$result) { - Logger::getInstance()->error("[EMAIL] Email delivery declined !"); - } + $message .= "\n--".$limite."--"; + + $params = "-f" . EMAIL_FROM_ADDR . " -O DeliveryMode=b"; + $result = mail($email, $subject, $message, $headers, $params); + if (!$result) { + Logger::getInstance()->error("[EMAIL] Email delivery declined !"); + } } -function send_email_with_activation_link($email, $key, $username, $algo) { - if( !EMAIL_ENABLED ){ - Logger::getInstance()->warning("[EMAIL] Emails are disabled"); - return "WARNING_EMAILS_DISABLED"; - } +function send_email_with_activation_link($email, $key, $username, $algo) +{ + if (!EMAIL_ENABLED) { + Logger::getInstance()->warning("[EMAIL] Emails are disabled"); + return "WARNING_EMAILS_DISABLED"; + } - $pageURL = 'http'; - if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} - $pageURL .= "://"; - - $link = $pageURL . EMAIL_ACTIVATION_LINK; - $link = str_replace("%key%", $key, $link); - $link = str_replace("%username%", $username, $link); - $link = str_replace("%algo%", $algo, $link); - Logger::getInstance()->debug("[EMAIL] Activation link is " . $link); - - $body = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY); - Logger::getInstance()->debug("[EMAIL] Activation body is " . $body); - $body_html = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY_HTML); - Logger::getInstance()->debug("[EMAIL] Activation html body is " . $body_html); - - send_email($email, EMAIL_ACTIVATION_SUBJECT, $body, $body_html); - Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to activate the account"); + $pageURL = 'http'; + if ($_SERVER["HTTPS"] == "on") { + $pageURL .= "s"; + } + $pageURL .= "://"; + + $link = $pageURL . EMAIL_ACTIVATION_LINK; + $link = str_replace("%key%", $key, $link); + $link = str_replace("%username%", $username, $link); + $link = str_replace("%algo%", $algo, $link); + Logger::getInstance()->debug("[EMAIL] Activation link is " . $link); + + $body = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY); + Logger::getInstance()->debug("[EMAIL] Activation body is " . $body); + $body_html = str_replace("%link%", $link, EMAIL_ACTIVATION_BODY_HTML); + Logger::getInstance()->debug("[EMAIL] Activation html body is " . $body_html); + + send_email($email, EMAIL_ACTIVATION_SUBJECT, $body, $body_html); + Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to activate the account"); } -function send_email_with_recover_key($email, $key) { - if( !EMAIL_ENABLED ){ - Logger::getInstance()->warning("[EMAIL] Emails are disabled"); - return "WARNING_EMAILS_DISABLED"; - } - - $body = str_replace("%key%", $key, EMAIL_RECOVERY_BODY); - Logger::getInstance()->debug("[EMAIL] Recovery body is " . $body); - $body_html = str_replace("%key%", $key, EMAIL_RECOVERY_BODY_HTML); - Logger::getInstance()->debug("[EMAIL] Recovery html body is " . $body_html); - - send_email($email, EMAIL_RECOVERY_SUBJECT, $body, $body_html); - Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to recover the account"); -} +function send_email_with_recover_key($email, $key) +{ + if (!EMAIL_ENABLED) { + Logger::getInstance()->warning("[EMAIL] Emails are disabled"); + return "WARNING_EMAILS_DISABLED"; + } -?> \ No newline at end of file + $body = str_replace("%key%", $key, EMAIL_RECOVERY_BODY); + Logger::getInstance()->debug("[EMAIL] Recovery body is " . $body); + $body_html = str_replace("%key%", $key, EMAIL_RECOVERY_BODY_HTML); + Logger::getInstance()->debug("[EMAIL] Recovery html body is " . $body_html); + + send_email($email, EMAIL_RECOVERY_SUBJECT, $body, $body_html); + Logger::getInstance()->message("[EMAIL] Email sent to email " . $email . " to recover the account"); +} diff --git a/src/misc/geoloc.php b/src/misc/geoloc.php index 0dd3bc0..f107415 100644 --- a/src/misc/geoloc.php +++ b/src/misc/geoloc.php @@ -1,60 +1,61 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../config/config.php'; -class Geoloc { - static function getGeolocInfosFromIp($ip_address){ - if($ip_address == "::1" || $ip_address == "127.0.0.1" || $ip_address == "localhost"){ - $service_url = 'https://ipecho.net/plain'; - $curl = curl_init($service_url); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - $curl_response = curl_exec($curl); - if ($curl_response === false) { - $info = curl_getinfo($curl); - curl_close($curl); - Logger::getInstance()->error('Error occured during curl exec (getting public ip of server). Additionnal info: ' . var_export($info)); - return false; - } else{ - Logger::getInstance()->debug("Getting external public ip from ipecho.net= " . $curl_response); - $ip_address = $curl_response; - } - curl_close($curl); - - } - $service_url = 'http://api.ipapi.com/' . $ip_address .'?access_key='. GEOLOC_ACCESS_KEY .'&fields=country_code,country_name'; - Logger::getInstance()->debug("Getting geoloc infos for ip after parse if=" . $ip_address); - Logger::getInstance()->debug("Geoloc url = " . $service_url); - $curl = curl_init($service_url); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - $curl_response = curl_exec($curl); - if ($curl_response === false) { - $info = curl_getinfo($curl); +class Geoloc +{ + public static function getGeolocInfosFromIp($ip_address) + { + if ($ip_address == "::1" || $ip_address == "127.0.0.1" || $ip_address == "localhost") { + $service_url = 'https://ipecho.net/plain'; + $curl = curl_init($service_url); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + $curl_response = curl_exec($curl); + if ($curl_response === false) { + $info = curl_getinfo($curl); + curl_close($curl); + Logger::getInstance()->error('Error occured during curl exec (getting public ip of server). Additionnal info: ' . var_export($info)); + return false; + } else { + Logger::getInstance()->debug("Getting external public ip from ipecho.net= " . $curl_response); + $ip_address = $curl_response; + } + curl_close($curl); + } + $service_url = 'http://api.ipapi.com/' . $ip_address .'?access_key='. GEOLOC_ACCESS_KEY .'&fields=country_code,country_name'; + Logger::getInstance()->debug("Getting geoloc infos for ip after parse if=" . $ip_address); + Logger::getInstance()->debug("Geoloc url = " . $service_url); + $curl = curl_init($service_url); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + $curl_response = curl_exec($curl); + if ($curl_response === false) { + $info = curl_getinfo($curl); + curl_close($curl); + Logger::getInstance()->error('Error occured during curl exec (geoloc). Additionnal info: ' . var_export($info)); + return false; + } curl_close($curl); - Logger::getInstance()->error('Error occured during curl exec (geoloc). Additionnal info: ' . var_export($info)); - return false; - } - curl_close($curl); - Logger::getInstance()->debug('geoloc, curl response : ' . $curl_response); - $decoded = json_decode($curl_response); + Logger::getInstance()->debug('geoloc, curl response : ' . $curl_response); + $decoded = json_decode($curl_response); - return $decoded; - } + return $decoded; + } } diff --git a/src/misc/logging.php b/src/misc/logging.php index cba3709..7abbab5 100644 --- a/src/misc/logging.php +++ b/src/misc/logging.php @@ -1,88 +1,93 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../config/config.php'; -class Logger { - private static $instance = null; +class Logger +{ + private static $instance = null; private $log_file; - public function __construct() { + public function __construct() + { if (!LOGS_ENABLED) { - return; - } - if (USE_ONE_LOG_FILE) { - $this->log_file = LOG_FILE; - } else { - if (!file_exists(LOG_DIR)) { - mkdir(LOG_DIR, 0777, true); - } - $this->log_file = LOG_DIR . "/" . date('d-M-Y') . '.logs'; - } - } + return; + } + if (USE_ONE_LOG_FILE) { + $this->log_file = LOG_FILE; + } else { + if (!file_exists(LOG_DIR)) { + mkdir(LOG_DIR, 0777, true); + } + $this->log_file = LOG_DIR . "/" . date('d-M-Y') . '.logs'; + } + } - public static function getInstance() - { - if (!self::$instance) { - self::$instance = new Logger(); - } + public static function getInstance() + { + if (!self::$instance) { + self::$instance = new Logger(); + } - return self::$instance; - } + return self::$instance; + } - private function mylog($level, $message) { - if (!LOGS_ENABLED) { - return; - } + private function mylog($level, $message) + { + if (!LOGS_ENABLED) { + return; + } - if (is_array($message)) { - $message = implode(" ", $message); - } + if (is_array($message)) { + $message = implode(" ", $message); + } - $now = getdate(); - $month = sprintf("%02d", $now["mon"]); - $day = sprintf("%02d", $now["mday"]); - $hours = sprintf("%02d", $now["hours"]); - $minutes = sprintf("%02d", $now["minutes"]); - $seconds = sprintf("%02d", $now["seconds"]); - $log_msg = "[" . $day . "/" . $month . "/" . $now["year"] . " " . $hours . ":" . $minutes . ":" . $seconds . "] [" . $level . "] " . $message . "\r\n"; + $now = getdate(); + $month = sprintf("%02d", $now["mon"]); + $day = sprintf("%02d", $now["mday"]); + $hours = sprintf("%02d", $now["hours"]); + $minutes = sprintf("%02d", $now["minutes"]); + $seconds = sprintf("%02d", $now["seconds"]); + $log_msg = "[" . $day . "/" . $month . "/" . $now["year"] . " " . $hours . ":" . $minutes . ":" . $seconds . "] [" . $level . "] " . $message . "\r\n"; - file_put_contents($this->log_file, $log_msg, FILE_APPEND); - } + file_put_contents($this->log_file, $log_msg, FILE_APPEND); + } - function error($message) { - $this->mylog("Error", $message); - } + public function error($message) + { + $this->mylog("Error", $message); + } - function warning($message) { - $this->mylog("Warning", $message); - } + public function warning($message) + { + $this->mylog("Warning", $message); + } - function message($message) { - $this->mylog("Message", $message); - } + public function message($message) + { + $this->mylog("Message", $message); + } - function debug($message) { - $this->mylog("Debug", $message); - } + public function debug($message) + { + $this->mylog("Debug", $message); + } } - -?> diff --git a/src/misc/results_values.php b/src/misc/results_values.php index e15ad64..3e67071 100644 --- a/src/misc/results_values.php +++ b/src/misc/results_values.php @@ -1,83 +1,80 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -define ("OK", "OK"); -define ("NOK", "NOK"); -define ("OK_ALIAS", "OK_ALIAS"); -define ("OK_ACCOUNT", "OK_ACCOUNT"); +define("OK", "OK"); +define("NOK", "NOK"); +define("OK_ALIAS", "OK_ALIAS"); +define("OK_ACCOUNT", "OK_ACCOUNT"); /* Parameter related */ -define ("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND"); -define ("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND"); -define ("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND"); -define ("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD"); +define("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND"); +define("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND"); +define("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND"); +define("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD"); /* Parameter not available because already in use */ -define ("PHONE_TAKEN", "ERROR_ALIAS_ALREADY_IN_USE"); -define ("USERNAME_TAKEN", "ERROR_ACCOUNT_ALREADY_IN_USE"); -define ("EMAIL_TAKEN", "ERROR_EMAIL_ALREADY_IN_USE"); +define("PHONE_TAKEN", "ERROR_ALIAS_ALREADY_IN_USE"); +define("USERNAME_TAKEN", "ERROR_ACCOUNT_ALREADY_IN_USE"); +define("EMAIL_TAKEN", "ERROR_EMAIL_ALREADY_IN_USE"); /* Object not found */ -define ("ALIAS_NOT_FOUND", "ERROR_ALIAS_DOESNT_EXIST"); -define ("ACCOUNT_NOT_FOUND", "ERROR_ACCOUNT_DOESNT_EXIST"); -define ("PASSWORD_NOT_FOUND", "ERROR_PASSWORD_NOT_FOUND"); -define ("USERINFO_NOT_FOUND", "ERROR_USERINFO_NOT_FOUND"); +define("ALIAS_NOT_FOUND", "ERROR_ALIAS_DOESNT_EXIST"); +define("ACCOUNT_NOT_FOUND", "ERROR_ACCOUNT_DOESNT_EXIST"); +define("PASSWORD_NOT_FOUND", "ERROR_PASSWORD_NOT_FOUND"); +define("USERINFO_NOT_FOUND", "ERROR_USERINFO_NOT_FOUND"); /* Equality check failure */ -define ("KEY_DOESNT_MATCH", "ERROR_KEY_DOESNT_MATCH"); -define ("PASSWORD_DOESNT_MATCH", "ERROR_PASSWORD_DOESNT_MATCH"); -define ("EMAIL_DOESNT_MATCH", "ERROR_EMAIL_DOESNT_MATCH"); -define ("ALIAS_DOESNT_MATCH", "ERROR_ALIAS_DOESNT_MATCH"); +define("KEY_DOESNT_MATCH", "ERROR_KEY_DOESNT_MATCH"); +define("PASSWORD_DOESNT_MATCH", "ERROR_PASSWORD_DOESNT_MATCH"); +define("EMAIL_DOESNT_MATCH", "ERROR_EMAIL_DOESNT_MATCH"); +define("ALIAS_DOESNT_MATCH", "ERROR_ALIAS_DOESNT_MATCH"); /* Disabled features */ -define ("TEST_ACCOUNTS_DISABLED", "ERROR_NON_TEST_ACCOUNTS_UNAUTHORIZED"); -define ("SMS_DISABLED", "ERROR_SMS_API_DISABLED"); -define ("ALGO_NOT_SUPPORTED", "ERROR_ALGO_NOT_SUPPORTED"); +define("TEST_ACCOUNTS_DISABLED", "ERROR_NON_TEST_ACCOUNTS_UNAUTHORIZED"); +define("SMS_DISABLED", "ERROR_SMS_API_DISABLED"); +define("ALGO_NOT_SUPPORTED", "ERROR_ALGO_NOT_SUPPORTED"); /* Unexpected state */ -define ("ACCOUNT_ALREADY_ACTIVATED", "ERROR_ACCOUNT_ALREADY_ACTIVATED"); -define ("ACCOUNT_NOT_YET_ACTIVATED", "ERROR_ACCOUNT_NOT_ACTIVATED"); -define ("ACCOUNT_RECOVERY_IMPOSSIBLE", "ERROR_CANT_RECOVER_ACCOUNT"); +define("ACCOUNT_ALREADY_ACTIVATED", "ERROR_ACCOUNT_ALREADY_ACTIVATED"); +define("ACCOUNT_NOT_YET_ACTIVATED", "ERROR_ACCOUNT_NOT_ACTIVATED"); +define("ACCOUNT_RECOVERY_IMPOSSIBLE", "ERROR_CANT_RECOVER_ACCOUNT"); /* Format error */ -define ("PHONE_NOT_E164", "ERROR_PHONE_ISNT_E164"); +define("PHONE_NOT_E164", "ERROR_PHONE_ISNT_E164"); /* SMS error */ -define ("MAX_SMS_ALLOWED_EXCEEDED", "ERROR_MAX_SMS_EXCEEDED"); -define ("SMS_API_FAILURE", "ERROR_CANT_SEND_SMS"); +define("MAX_SMS_ALLOWED_EXCEEDED", "ERROR_MAX_SMS_EXCEEDED"); +define("SMS_API_FAILURE", "ERROR_CANT_SEND_SMS"); /* Geoloc error */ -define ("GEOLOC_FAILED", "ERROR_GEOLOC_FAILED"); +define("GEOLOC_FAILED", "ERROR_GEOLOC_FAILED"); /* Other error */ -define ('SHA256_PASSWORD_ALREADY_EXISTS', 'ERROR_SHA256_PASSWORD_ALREADY_EXISTS'); - - -?> +define('SHA256_PASSWORD_ALREADY_EXISTS', 'ERROR_SHA256_PASSWORD_ALREADY_EXISTS'); diff --git a/src/misc/sms.php b/src/misc/sms.php index 766c723..0353c13 100644 --- a/src/misc/sms.php +++ b/src/misc/sms.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ // The following can't be put inside a function... @@ -31,149 +31,151 @@ include_once __DIR__ . '/utilities.php'; // Internationalization -function get_sms_string_for_lang($lang) { - global $SMS_OVH_TEMPLATE; - if (isset($SMS_OVH_TEMPLATE[$lang])) { - return $SMS_OVH_TEMPLATE[$lang]; - } - Logger::getInstance()->warning("SMS template not found for lang " . $lang . ", using US template"); - return SMS_OVH_US_TEMPLATE; +function get_sms_string_for_lang($lang) +{ + global $SMS_OVH_TEMPLATE; + if (isset($SMS_OVH_TEMPLATE[$lang])) { + return $SMS_OVH_TEMPLATE[$lang]; + } + Logger::getInstance()->warning("SMS template not found for lang " . $lang . ", using US template"); + return SMS_OVH_US_TEMPLATE; } // SMS API -function send_sms_ovh($phone, $key, $lang) { - if (!SMS_API_ENABLED) { - Logger::getInstance()->warning("[SMS] SMS API disabled"); - return SMS_DISABLED; - } +function send_sms_ovh($phone, $key, $lang) +{ + if (!SMS_API_ENABLED) { + Logger::getInstance()->warning("[SMS] SMS API disabled"); + return SMS_DISABLED; + } - $sms = new SmsApi(SMS_OVH_API_KEY, SMS_OVH_API_SECRET, SMS_OVH_ENDPOINT, SMS_OVH_CONSUMER_KEY); - $accounts = $sms->getAccounts(); - $sms->setAccount($accounts[0]); - if (SMS_USE_SENDER) { - $senders = $sms->getSenders(); + $sms = new SmsApi(SMS_OVH_API_KEY, SMS_OVH_API_SECRET, SMS_OVH_ENDPOINT, SMS_OVH_CONSUMER_KEY); + $accounts = $sms->getAccounts(); + $sms->setAccount($accounts[0]); + if (SMS_USE_SENDER) { + $senders = $sms->getSenders(); - /* The account must be validated in the OVH interface and by OVH itself */ - if (count($senders) == 0) { - Logger::getInstance()->warning("[SMS] No sender found, creating one " . SMS_OVH_SENDER . " / " . SMS_OVH_REASON . " : " . SMS_OVH_DESC); - $sms->addSender(SMS_OVH_SENDER, SMS_OVH_REASON, SMS_OVH_DESC); - $senders = $sms->getSenders(); - } - } + /* The account must be validated in the OVH interface and by OVH itself */ + if (count($senders) == 0) { + Logger::getInstance()->warning("[SMS] No sender found, creating one " . SMS_OVH_SENDER . " / " . SMS_OVH_REASON . " : " . SMS_OVH_DESC); + $sms->addSender(SMS_OVH_SENDER, SMS_OVH_REASON, SMS_OVH_DESC); + $senders = $sms->getSenders(); + } + } - $message = $sms->createMessage(); - if (SMS_USE_SENDER && count($senders) > 0) { - foreach ($senders as $sender) { - if ($sender == SMS_OVH_SENDER) { - if ($sms->checkSender($sender)) { - // Check if sender exists and is valid, otherwise it will create an exception and sms won't be sent - Logger::getInstance()->message("[SMS] Found valid sender " . $sender . ", using it"); - $message->setSender($sender); - break; - } else { - Logger::getInstance()->error("[SMS] Found sender " . $sender . " but it is not valid"); - } - } - } - } - $message->addReceiver($phone); - $message->setIsMarketing(FALSE); + $message = $sms->createMessage(); + if (SMS_USE_SENDER && count($senders) > 0) { + foreach ($senders as $sender) { + if ($sender == SMS_OVH_SENDER) { + if ($sms->checkSender($sender)) { + // Check if sender exists and is valid, otherwise it will create an exception and sms won't be sent + Logger::getInstance()->message("[SMS] Found valid sender " . $sender . ", using it"); + $message->setSender($sender); + break; + } else { + Logger::getInstance()->error("[SMS] Found sender " . $sender . " but it is not valid"); + } + } + } + } + $message->addReceiver($phone); + $message->setIsMarketing(false); - $text = get_sms_string_for_lang($lang); - $text = str_replace("#CODE#", $key, $text); - $result = $message->send($text); + $text = get_sms_string_for_lang($lang); + $text = str_replace("#CODE#", $key, $text); + $result = $message->send($text); - $credits_removed = $result['totalCreditsRemoved']; - Logger::getInstance()->message("[SMS] " . $credits_removed . " credit removed"); - $invalid_receiver = $result['invalidReceivers']; - $valid_receiver = $result['validReceivers']; - if (count($invalid_receiver) > 0) { - Logger::getInstance()->error("[SMS] phone number " . $phone . " seems invalid"); - } else if (count($valid_receiver) > 0) { - Logger::getInstance()->message("[SMS] " . $text . " sent to " . $phone); - } else { - Logger::getInstance()->warning("[SMS] Both valid and invalid receiver lists are empty..."); - } + $credits_removed = $result['totalCreditsRemoved']; + Logger::getInstance()->message("[SMS] " . $credits_removed . " credit removed"); + $invalid_receiver = $result['invalidReceivers']; + $valid_receiver = $result['validReceivers']; + if (count($invalid_receiver) > 0) { + Logger::getInstance()->error("[SMS] phone number " . $phone . " seems invalid"); + } elseif (count($valid_receiver) > 0) { + Logger::getInstance()->message("[SMS] " . $text . " sent to " . $phone); + } else { + Logger::getInstance()->warning("[SMS] Both valid and invalid receiver lists are empty..."); + } } -function send_sms_legacy($phone, $password) { - if (!SMS_API_ENABLED) { - Logger::getInstance()->warning("[SMS] SMS API disabled"); - return SMS_DISABLED; - } +function send_sms_legacy($phone, $password) +{ + if (!SMS_API_ENABLED) { + Logger::getInstance()->warning("[SMS] SMS API disabled"); + return SMS_DISABLED; + } - $url = SMS_API_URL; - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_FAILONERROR, false); - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); - curl_setopt($ch, CURLOPT_USERPWD, SMS_API_USERNAME . ":" . SMS_API_PASSWORD); - curl_setopt($ch, CURLOPT_HTTPHEADER, array( - 'Content-Type: application/x-www-form-urlencoded' - )); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array( - 'mobile' => $phone, - 'password' => $password, - ))); - $result = curl_exec($ch); - Logger::getInstance()->message("[SMS] SMS confirmation sent to " . $phone . " using password " . $password . ", request result is " . $result); - curl_close($ch); + $url = SMS_API_URL; + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_FAILONERROR, false); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); + curl_setopt($ch, CURLOPT_USERPWD, SMS_API_USERNAME . ":" . SMS_API_PASSWORD); + curl_setopt($ch, CURLOPT_HTTPHEADER, array( + 'Content-Type: application/x-www-form-urlencoded' + )); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array( + 'mobile' => $phone, + 'password' => $password, + ))); + $result = curl_exec($ch); + Logger::getInstance()->message("[SMS] SMS confirmation sent to " . $phone . " using password " . $password . ", request result is " . $result); + curl_close($ch); } -function send_sms($phone, $key, $lang) { - if (!SMS_API_ENABLED) { - Logger::getInstance()->warning("[SMS] SMS API disabled"); - return SMS_DISABLED; - } +function send_sms($phone, $key, $lang) +{ + if (!SMS_API_ENABLED) { + Logger::getInstance()->warning("[SMS] SMS API disabled"); + return SMS_DISABLED; + } - if (startswith($phone, TESTS_PHONE_PREFIX)) { - Logger::getInstance()->error("[SMS] Not sending sms to fake number used for tests purposes: " . $phone); - return TEST_ACCOUNTS_DISABLED; - } + if (startswith($phone, TESTS_PHONE_PREFIX)) { + Logger::getInstance()->error("[SMS] Not sending sms to fake number used for tests purposes: " . $phone); + return TEST_ACCOUNTS_DISABLED; + } - $now_date = new DateTime('now'); - $now = $now_date->getTimestamp() * 1000; + $now_date = new DateTime('now'); + $now = $now_date->getTimestamp() * 1000; - $database = new Database(); - $db = $database->getConnection(); - $sms = new SMS($db); - $sms->phone = $phone; + $database = new Database(); + $db = $database->getConnection(); + $sms = new SMS($db); + $sms->phone = $phone; - if ($sms->getOne()) { - $diff = $now - $sms->last_sms; - if ($sms->count >= SMS_COUNT_LIMIT_IN_PERIOD and $diff < SMS_TIME_PERIOD) { - Logger::getInstance()->error("[SMS] Last sms was sent at " . $sms->last_sms . ", time elapsed since then is " . $diff . "ms which is less than the configured time period " . SMS_TIME_PERIOD); - return MAX_SMS_ALLOWED_EXCEEDED; - } else if ($diff >= SMS_TIME_PERIOD) { - $sms->last_sms = $now; - $sms->count = 1; - $sms->update(); - } else { - $sms->count = $sms->count + 1; - $sms->update(); - } - } else { - $sms->last_sms = $now; - $sms->count = 1; - $sms->create(); - } + if ($sms->getOne()) { + $diff = $now - $sms->last_sms; + if ($sms->count >= SMS_COUNT_LIMIT_IN_PERIOD and $diff < SMS_TIME_PERIOD) { + Logger::getInstance()->error("[SMS] Last sms was sent at " . $sms->last_sms . ", time elapsed since then is " . $diff . "ms which is less than the configured time period " . SMS_TIME_PERIOD); + return MAX_SMS_ALLOWED_EXCEEDED; + } elseif ($diff >= SMS_TIME_PERIOD) { + $sms->last_sms = $now; + $sms->count = 1; + $sms->update(); + } else { + $sms->count = $sms->count + 1; + $sms->update(); + } + } else { + $sms->last_sms = $now; + $sms->count = 1; + $sms->create(); + } - if (SMS_OVH_API_KEY != NULL && SMS_OVH_API_KEY != "" && SMS_OVH_API_SECRET != NULL && SMS_OVH_API_SECRET != "" && SMS_OVH_CONSUMER_KEY != NULL && SMS_OVH_CONSUMER_KEY != "" && SMS_OVH_ENDPOINT != NULL && SMS_OVH_ENDPOINT != "") { - try { - send_sms_ovh($phone, $key, $lang); - return OK; - } catch (Exception $e) { - Logger::getInstance()->error("[OVH-SMS] Exception: " . $e->getMessage()); - } - } else if (SMS_API_URL != NULL && SMS_API_URL != "" && SMS_API_USERNAME != NULL && SMS_API_USERNAME != "" && SMS_API_PASSWORD != NULL && SMS_API_PASSWORD != "") { - send_sms_legacy($phone, $key); - return OK; - } else { - Logger::getInstance()->error("[SMS] No SMS API configured, discarding sms..."); - return OK; - } - return SMS_API_FAILURE; + if (SMS_OVH_API_KEY != null && SMS_OVH_API_KEY != "" && SMS_OVH_API_SECRET != null && SMS_OVH_API_SECRET != "" && SMS_OVH_CONSUMER_KEY != null && SMS_OVH_CONSUMER_KEY != "" && SMS_OVH_ENDPOINT != null && SMS_OVH_ENDPOINT != "") { + try { + send_sms_ovh($phone, $key, $lang); + return OK; + } catch (Exception $e) { + Logger::getInstance()->error("[OVH-SMS] Exception: " . $e->getMessage()); + } + } elseif (SMS_API_URL != null && SMS_API_URL != "" && SMS_API_USERNAME != null && SMS_API_USERNAME != "" && SMS_API_PASSWORD != null && SMS_API_PASSWORD != "") { + send_sms_legacy($phone, $key); + return OK; + } else { + Logger::getInstance()->error("[SMS] No SMS API configured, discarding sms..."); + return OK; + } + return SMS_API_FAILURE; } - -?> diff --git a/src/misc/user_info.php b/src/misc/user_info.php index 97d8fa9..b2a29cb 100644 --- a/src/misc/user_info.php +++ b/src/misc/user_info.php @@ -13,64 +13,64 @@ include_once __DIR__ . '/geoloc.php'; include_once __DIR__ . '/results_values.php'; // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] -function update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo) { +function update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo) +{ + Logger::getInstance()->message("update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")"); - Logger::getInstance()->message("update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")"); + $database = new Database(); + $db = $database->getConnection(); - $database = new Database(); - $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } + Logger::getInstance()->debug("userInfo : Account after get one " . $account); - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } - Logger::getInstance()->debug("userInfo : Account after get one " . $account); + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!password_match($ha1, $password->password)) { + return PASSWORD_DOESNT_MATCH; + } - if (!password_match($ha1, $password->password)) { - return PASSWORD_DOESNT_MATCH; - } + $user_info = new UserInfo($db); + $user_info->account_id = $account->id; - $user_info = new UserInfo($db); - $user_info->account_id = $account->id; + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + Logger::getInstance()->debug("userInfo : Account ip after enable geoloc if " . $account->ip_address); + $country_infos = Geoloc::getGeolocInfosFromIp($account->ip_address); + if ($country_infos) { + $user_info->country_code = $country_infos->country_code; + $user_info->country_name = $country_infos->country_name; + } + //error message is displayed from geoloc method. + else { + return GEOLOC_FAILED; + } + Logger::getInstance()->debug("Getting geoloc infos : country_code=". + $country_infos->country_code . ' country_name=' . $country_infos->country_name); + } - if(ENABLE_NEW_ACCOUNTS_GEOLOC){ - Logger::getInstance()->debug("userInfo : Account ip after enable geoloc if " . $account->ip_address); - $country_infos = Geoloc::getGeolocInfosFromIp($account->ip_address); - if($country_infos){ - $user_info->country_code = $country_infos->country_code; - $user_info->country_name = $country_infos->country_name; - } - //error message is displayed from geoloc method. - else{ - return GEOLOC_FAILED; - } - Logger::getInstance()->debug("Getting geoloc infos : country_code=". - $country_infos->country_code . ' country_name=' . $country_infos->country_name); - } + $update = $user_info->getOne(); - $update = $user_info->getOne(); + $user_info->firstname = $firstname; + $user_info->lastname = $lastname; + $user_info->gender = $gender; + $user_info->subscribe = $subscribe; - $user_info->firstname = $firstname; - $user_info->lastname = $lastname; - $user_info->gender = $gender; - $user_info->subscribe = $subscribe; + if ($update) { + $user_info->update(); + } else { + $user_info->create(); + } - if ($update) { - $user_info->update(); - } else { - $user_info->create(); - } - - return OK; + return OK; } diff --git a/src/misc/utilities.php b/src/misc/utilities.php index 5d4136f..e63dd57 100644 --- a/src/misc/utilities.php +++ b/src/misc/utilities.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../config/config.php'; @@ -23,135 +23,154 @@ include_once __DIR__ . '/../objects/account.php'; include_once __DIR__ . '/logging.php'; if (EMAIL_ENABLED) { - include_once __DIR__ . '/email.php'; + include_once __DIR__ . '/email.php'; } if (SMS_API_ENABLED) { - include_once __DIR__ . '/sms.php'; + include_once __DIR__ . '/sms.php'; } define('CLEAR', 'clrtxt'); define('MD5', 'MD5'); define('SHA256', 'SHA-256'); -function startswith($hay, $needle) { - return substr($hay, 0, strlen($needle)) === $needle; +function startswith($hay, $needle) +{ + return substr($hay, 0, strlen($needle)) === $needle; } -function endswith($hay, $needle) { - return $needle === "" || (($temp = strlen($hay) - strlen($needle)) >= 0 and strpos($hay, $needle, $temp) !== FALSE); +function endswith($hay, $needle) +{ + return $needle === "" || (($temp = strlen($hay) - strlen($needle)) >= 0 and strpos($hay, $needle, $temp) !== false); } -function getIp() { - $ip = $_SERVER['REMOTE_ADDR']; - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } - return $ip; -} - -function get_trial_expiration_date() { - $expiration_date = new DateTime('now +' . TRIAL_DURATION_DAYS . ' days'); - $expiration = $expiration_date->getTimestamp() * 1000; - return $expiration; +function getIp() +{ + $ip = $_SERVER['REMOTE_ADDR']; + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } + return $ip; } -function is_activated($activated) { - return $activated == "1" || $activated == 1 || $activated; +function get_trial_expiration_date() +{ + $expiration_date = new DateTime('now +' . TRIAL_DURATION_DAYS . ' days'); + $expiration = $expiration_date->getTimestamp() * 1000; + return $expiration; +} + +function is_activated($activated) +{ + return $activated == "1" || $activated == 1 || $activated; } // XMLRPC parameters - -function check_parameter($param, $param_name = "username") { - if ($param == NULL || $param == "") { - Logger::getInstance()->warning("Parameter " . $param_name . " is missing"); - return false; - } - return true; -} - -function get_algo($algo) { - if ($algo == NULL || $algo == "") { - Logger::getInstance()->warning("Algo parameter wasn't found, assume " . DEFAULT_ALGORITHM); - return DEFAULT_ALGORITHM; - } - if ($algo == MD5 || $algo == SHA256 || $algo == CLEAR) { - return $algo; - } - Logger::getInstance()->error("Algo " . $algo . " is not supported"); - return NULL; + +function check_parameter($param, $param_name = "username") +{ + if ($param == null || $param == "") { + Logger::getInstance()->warning("Parameter " . $param_name . " is missing"); + return false; + } + return true; } -function get_domain($param) { - if ($param == NULL || $param == "") { - Logger::getInstance()->warning("Domain parameter wasn't found, assume " . SIP_DOMAIN); - $param = SIP_DOMAIN; - } - return $param; +function get_algo($algo) +{ + if ($algo == null || $algo == "") { + Logger::getInstance()->warning("Algo parameter wasn't found, assume " . DEFAULT_ALGORITHM); + return DEFAULT_ALGORITHM; + } + if ($algo == MD5 || $algo == SHA256 || $algo == CLEAR) { + return $algo; + } + Logger::getInstance()->error("Algo " . $algo . " is not supported"); + return null; } -function get_lang($param) { - if ($param == NULL || $param == "") { - Logger::getInstance()->warning("lang parameter wasn't found, use US"); - return 'US'; - } else if (strlen($param) > 2) { - $param = substr($param, 0, 2); - } - return strtoupper($param); +function get_domain($param) +{ + if ($param == null || $param == "") { + Logger::getInstance()->warning("Domain parameter wasn't found, assume " . SIP_DOMAIN); + $param = SIP_DOMAIN; + } + return $param; +} + +function get_lang($param) +{ + if ($param == null || $param == "") { + Logger::getInstance()->warning("lang parameter wasn't found, use US"); + return 'US'; + } elseif (strlen($param) > 2) { + $param = substr($param, 0, 2); + } + return strtoupper($param); } // Password - -function hash_password($user, $password, $domain, $algo) { - $hashed_password = $password; - if ($algo == "" || $algo == MD5) $hashed_password = hash("md5", $user . ":" . $domain . ":" . $password); - else if ($algo == SHA256) $hashed_password = hash("sha256", $user . ":" . $domain . ":" . $password); - else Logger::getInstance()->error("Algorithm not supported: " . $algo); - return $hashed_password; -} - -function generate_password() { - $generated_password = substr(str_shuffle(GENERATED_PASSWORD_CHARACTERS), 0, GENERATED_PASSWORD_LENGTH); - return $generated_password; -} - -function generate_4_digits_code() { - $generated_password = substr(str_shuffle("0123456789"), 0, 4); - return $generated_password; + +function hash_password($user, $password, $domain, $algo) +{ + $hashed_password = $password; + if ($algo == "" || $algo == MD5) { + $hashed_password = hash("md5", $user . ":" . $domain . ":" . $password); + } elseif ($algo == SHA256) { + $hashed_password = hash("sha256", $user . ":" . $domain . ":" . $password); + } else { + Logger::getInstance()->error("Algorithm not supported: " . $algo); + } + return $hashed_password; } -function password_match($pwd1, $pwd2) { - if ($pwd1 != $pwd2) { - Logger::getInstance()->error("Password doesn't match"); - return false; - } - return true; +function generate_password() +{ + $generated_password = substr(str_shuffle(GENERATED_PASSWORD_CHARACTERS), 0, GENERATED_PASSWORD_LENGTH); + return $generated_password; } -function is_key_matching($key, $account) { - $key_db = $account->confirmation_key; - if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { - if ($key_db != INVALID_CONFIRMATION_KEY) { - $account->confirmation_key = INVALID_CONFIRMATION_KEY; - $account->update(); - } - - Logger::getInstance()->error("Key doesn't match"); - return false; - } +function generate_4_digits_code() +{ + $generated_password = substr(str_shuffle("0123456789"), 0, 4); + return $generated_password; +} - if (REMOVE_CONFIRMATION_KEY_AFTER_USE) { - // Key is one time only - $account->confirmation_key = INVALID_CONFIRMATION_KEY; - $account->update(); - } - return true; +function password_match($pwd1, $pwd2) +{ + if ($pwd1 != $pwd2) { + Logger::getInstance()->error("Password doesn't match"); + return false; + } + return true; +} + +function is_key_matching($key, $account) +{ + $key_db = $account->confirmation_key; + if ($key == INVALID_CONFIRMATION_KEY || $key != $key_db) { + if ($key_db != INVALID_CONFIRMATION_KEY) { + $account->confirmation_key = INVALID_CONFIRMATION_KEY; + $account->update(); + } + + Logger::getInstance()->error("Key doesn't match"); + return false; + } + + if (REMOVE_CONFIRMATION_KEY_AFTER_USE) { + // Key is one time only + $account->confirmation_key = INVALID_CONFIRMATION_KEY; + $account->update(); + } + return true; } // Time -function time_elapsed_as_string($secs) { +function time_elapsed_as_string($secs) +{ $bit = array( 'y' => $secs / 31556926 % 12, 'w' => $secs / 604800 % 52, @@ -159,12 +178,13 @@ function time_elapsed_as_string($secs) { 'h' => $secs / 3600 % 24, 'm' => $secs / 60 % 60, 's' => $secs % 60 - ); - - foreach($bit as $k => $v) - if($v > 0) $ret[] = $v . $k; - + ); + + foreach ($bit as $k => $v) { + if ($v > 0) { + $ret[] = $v . $k; + } + } + return join(' ', $ret); } - -?> diff --git a/src/objects/account.php b/src/objects/account.php index 7304706..03987b0 100644 --- a/src/objects/account.php +++ b/src/objects/account.php @@ -1,29 +1,30 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class Account { +class Account +{ private $conn; public $id; public $username; - public $domain; + public $domain; public $email; public $activated; public $confirmation_key; @@ -33,11 +34,13 @@ class Account { public $expire_time; public $alias; - public function __construct($db) { + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "Account: "; if (!empty($this->id)) { $to_string = $to_string . "id=" . $this->id . ", "; @@ -66,7 +69,8 @@ class Account { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . ACCOUNTS_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -80,7 +84,8 @@ class Account { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . ACCOUNTS_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, username VARCHAR(64) NOT NULL, @@ -105,7 +110,8 @@ class Account { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . ACCOUNTS_DB_TABLE . " WHERE id = ?"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -121,7 +127,8 @@ class Account { return false; } - function create() { + public function create() + { $query = "INSERT INTO " . ACCOUNTS_DB_TABLE . " SET username=:username, domain=:domain, email=:email, activated=:activated, confirmation_key=:confirmation_key, ip_address=:ip_address, user_agent=:user_agent, creation_time=:creation_time"; @@ -164,7 +171,8 @@ class Account { return false; } - function update() { + public function update() + { $query = "UPDATE " . ACCOUNTS_DB_TABLE . " SET username=:username, domain=:domain, activated=:activated"; if (!empty($this->email)) { @@ -213,7 +221,8 @@ class Account { return false; } - function getCount() { + public function getCount() + { $query = "SELECT count(*) FROM " . ACCOUNTS_DB_TABLE; $stmt = $this->conn->prepare($query); Logger::getInstance()->debug("GetCount " . (string)$this); @@ -225,7 +234,8 @@ class Account { return -1; } - function getAll() { + public function getAll() + { $query = "SELECT ac.id, ac.username, ac.domain, ac.activated, ac.confirmation_key, ac.email, al.alias FROM " . ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id"; $stmt = $this->conn->prepare($query); @@ -234,24 +244,25 @@ class Account { return $stmt; } - function getOne() { + public function getOne() + { $query = "SELECT ac.id, ac.username, ac.domain, ac.activated, ac.confirmation_key, ac.email, ac.ip_address, al.alias FROM " . ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id"; if (!empty($this->id)) { $query = $query . " WHERE ac.id = ?"; $this->id = htmlspecialchars(strip_tags($this->id)); - } else if (!empty($this->username)) { + } elseif (!empty($this->username)) { $query = $query . " WHERE ac.username = ?"; $this->username = htmlspecialchars(strip_tags($this->username)); if (!empty($this->domain)) { $query = $query . " AND ac.domain = ?"; $this->domain = htmlspecialchars(strip_tags($this->domain)); } - } else if (!empty($this->email)) { + } elseif (!empty($this->email)) { $query = $query . " WHERE ac.email = ?"; $this->email = htmlspecialchars(strip_tags($this->email)); - } else if (!empty($this->confirmation_key)) { + } elseif (!empty($this->confirmation_key)) { $query = $query . " WHERE ac.confirmation_key = ?"; $this->confirmation_key = htmlspecialchars(strip_tags($this->confirmation_key)); } else { @@ -264,14 +275,14 @@ class Account { if (!empty($this->id)) { $stmt->bindParam(1, $this->id); - } else if (!empty($this->username)) { + } elseif (!empty($this->username)) { $stmt->bindParam(1, $this->username); if (!empty($this->domain)) { $stmt->bindParam(2, $this->domain); } - } else if (!empty($this->email)) { + } elseif (!empty($this->email)) { $stmt->bindParam(1, $this->email); - } else if (!empty($this->confirmation_key)) { + } elseif (!empty($this->confirmation_key)) { $stmt->bindParam(1, $this->confirmation_key); } @@ -298,5 +309,3 @@ class Account { return false; } } - -?> diff --git a/src/objects/alias.php b/src/objects/alias.php index e4c3465..d53dccd 100644 --- a/src/objects/alias.php +++ b/src/objects/alias.php @@ -1,36 +1,39 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class Alias { +class Alias +{ private $conn; public $id; public $account_id; public $alias; - public $domain; - - public function __construct($db) { + public $domain; + + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "Alias: "; if (!empty($this->id)) { $to_string = $to_string . "id=" . $this->id . ", "; @@ -47,7 +50,8 @@ class Alias { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . ALIAS_DB_TABLE; $stmt = $this->conn->prepare($query); @@ -59,7 +63,8 @@ class Alias { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . ALIAS_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, account_id INTEGER(11) UNSIGNED NOT NULL, @@ -76,16 +81,17 @@ class Alias { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . ALIAS_DB_TABLE; if (!empty($this->id)) { $query = $query . " WHERE id = ?"; $this->id = htmlspecialchars(strip_tags($this->id)); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $query = $query . " WHERE account_id = ?"; $this->account_id = htmlspecialchars(strip_tags($this->account_id)); - } else if (!empty($this->alias)) { + } elseif (!empty($this->alias)) { $query = $query . " WHERE alias = ?"; $this->alias = htmlspecialchars(strip_tags($this->alias)); if (!empty($this->domain)) { @@ -102,9 +108,9 @@ class Alias { if (!empty($this->id)) { $stmt->bindParam(1, $this->id); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $stmt->bindParam(1, $this->account_id); - } else if (!empty($this->alias)) { + } elseif (!empty($this->alias)) { $stmt->bindParam(1, $this->alias); if (!empty($this->domain)) { $stmt->bindParam(2, $this->domain); @@ -119,7 +125,8 @@ class Alias { return false; } - function create() { + public function create() + { $query = "INSERT INTO " . ALIAS_DB_TABLE . " SET account_id=:account_id, alias=:alias, domain=:domain"; $stmt = $this->conn->prepare($query); @@ -140,7 +147,8 @@ class Alias { return false; } - function update() { + public function update() + { $query = "UPDATE " . ALIAS_DB_TABLE . " SET account_id=:account_id, alias=:alias, domain=:domain WHERE id=:id"; $stmt = $this->conn->prepare($query); @@ -164,7 +172,8 @@ class Alias { return false; } - function getAll() { + public function getAll() + { $query = "SELECT id, account_id, alias, domain FROM " . ALIAS_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -175,16 +184,17 @@ class Alias { return $stmt; } - function getOne() { + public function getOne() + { $query = "SELECT id, account_id, alias, domain FROM " . ALIAS_DB_TABLE; if (!empty($this->id)) { $query = $query . " WHERE id = ?"; $this->id = htmlspecialchars(strip_tags($this->id)); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $query = $query . " WHERE account_id = ?"; $this->account_id = htmlspecialchars(strip_tags($this->account_id)); - } else if (!empty($this->alias)) { + } elseif (!empty($this->alias)) { $query = $query . " WHERE alias = ?"; $this->alias = htmlspecialchars(strip_tags($this->alias)); if (!empty($this->domain)) { @@ -196,15 +206,15 @@ class Alias { } $query = $query . " LIMIT 0,1"; - + $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $this->conn->prepare($query); if (!empty($this->id)) { $stmt->bindParam(1, $this->id); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $stmt->bindParam(1, $this->account_id); - } else if (!empty($this->alias)) { + } elseif (!empty($this->alias)) { $stmt->bindParam(1, $this->alias); if (!empty($this->domain)) { $stmt->bindParam(2, $this->domain); @@ -229,5 +239,3 @@ class Alias { return false; } } - -?> \ No newline at end of file diff --git a/src/objects/device.php b/src/objects/device.php index 3e89ad5..56dd56e 100644 --- a/src/objects/device.php +++ b/src/objects/device.php @@ -1,38 +1,41 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class Device { +class Device +{ private $conn; public $id; public $manufacturer; - public $model; - public $status; - public $delay; - public $hardware_echo_canceller; - - public function __construct($db) { + public $model; + public $status; + public $delay; + public $hardware_echo_canceller; + + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "Device: "; if (!empty($this->id)) { $to_string = $to_string . "id=" . $this->id . ", "; @@ -55,7 +58,8 @@ class Device { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . DEVICES_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -69,7 +73,8 @@ class Device { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . DEVICES_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, manufacturer VARCHAR(64) NOT NULL, @@ -90,7 +95,8 @@ class Device { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . DEVICES_DB_TABLE . " WHERE id = ?"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -107,8 +113,9 @@ class Device { return false; } - function create() { - $query = "INSERT INTO " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status, + public function create() + { + $query = "INSERT INTO " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status, delay=:delay, hardware_echo_canceller=:hardware_echo_canceller"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -135,13 +142,14 @@ class Device { return false; } - function update() { - $query = "UPDATE " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status, + public function update() + { + $query = "UPDATE " . DEVICES_DB_TABLE . " SET manufacturer=:manufacturer, model=:model, status=:status, delay=:delay, hardware_echo_canceller=:hardware_echo_canceller WHERE id=:id"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $this->conn->prepare($query); - + $this->id = htmlspecialchars(strip_tags($this->id)); $this->manufacturer = htmlspecialchars(strip_tags($this->manufacturer)); $this->model = htmlspecialchars(strip_tags($this->model)); @@ -164,7 +172,8 @@ class Device { return false; } - function getAll() { + public function getAll() + { $query = "SELECT id, manufacturer, model, status, delay, hardware_echo_canceller FROM " . DEVICES_DB_TABLE; $stmt = $this->conn->prepare($query); Logger::getInstance()->debug("GetAll " . (string)$this); @@ -172,5 +181,3 @@ class Device { return $stmt; } } - -?> \ No newline at end of file diff --git a/src/objects/password.php b/src/objects/password.php index bb8ae5a..86574d0 100644 --- a/src/objects/password.php +++ b/src/objects/password.php @@ -1,36 +1,39 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class Password { +class Password +{ private $conn; public $id; public $account_id; - public $password; - public $algorithm; - - public function __construct($db) { + public $password; + public $algorithm; + + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "Password: "; if (!empty($this->id)) { $to_string = $to_string . "id=" . $this->id . ", "; @@ -47,7 +50,8 @@ class Password { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . ACCOUNTS_ALGO_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -61,7 +65,8 @@ class Password { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . ACCOUNTS_ALGO_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, account_id INTEGER(11) UNSIGNED NOT NULL, @@ -80,13 +85,14 @@ class Password { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . ACCOUNTS_ALGO_DB_TABLE; - + if (!empty($this->id)) { $query = $query . " WHERE id = ?"; $this->id = htmlspecialchars(strip_tags($this->id)); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $query = $query . " WHERE account_id = ?"; $this->account_id = htmlspecialchars(strip_tags($this->account_id)); if (!empty($this->algorithm)) { @@ -99,11 +105,11 @@ class Password { $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $this->conn->prepare($query); - + $this->id = htmlspecialchars(strip_tags($this->id)); if (!empty($this->id)) { $stmt->bindParam(1, $this->id); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $stmt->bindParam(1, $this->account_id); if (!empty($this->algorithm)) { $stmt->bindParam(2, $this->algorithm); @@ -118,7 +124,8 @@ class Password { return false; } - function create() { + public function create() + { $query = "INSERT INTO " . ACCOUNTS_ALGO_DB_TABLE . " SET account_id=:account_id, password=:password, algorithm=:algorithm"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -141,7 +148,8 @@ class Password { return false; } - function update() { + public function update() + { $query = "UPDATE " . ACCOUNTS_ALGO_DB_TABLE . " SET account_id=:account_id, password=:password, algorithm=:algorithm WHERE id=:id"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -165,7 +173,8 @@ class Password { return false; } - function getAll() { + public function getAll() + { $query = "SELECT id, password, algorithm FROM " . ACCOUNTS_ALGO_DB_TABLE . " WHERE account_id = ?"; $stmt = $this->conn->prepare($query); @@ -177,7 +186,8 @@ class Password { return $stmt; } - function getOne() { + public function getOne() + { $query = "SELECT id, password, algorithm FROM " . ACCOUNTS_ALGO_DB_TABLE . " WHERE account_id = ?"; $this->account_id = htmlspecialchars(strip_tags($this->account_id)); @@ -188,7 +198,7 @@ class Password { $query = $query . " AND password = ?"; $this->password = htmlspecialchars(strip_tags($this->password)); } - } else if (!empty($this->password)) { + } elseif (!empty($this->password)) { $query = $query . " AND password = ?"; $this->password = htmlspecialchars(strip_tags($this->password)); } @@ -203,7 +213,7 @@ class Password { if (!empty($this->password)) { $stmt->bindParam(3, $this->password); } - } else if (!empty($this->password)) { + } elseif (!empty($this->password)) { $stmt->bindParam(2, $this->password); } @@ -219,10 +229,8 @@ class Password { $this->password = $row['password']; $this->algorithm = $row['algorithm']; return true; - } + } Logger::getInstance()->error($stmt->errorInfo()); return false; } } - -?> \ No newline at end of file diff --git a/src/objects/sms.php b/src/objects/sms.php index 6ebd432..8f3c822 100644 --- a/src/objects/sms.php +++ b/src/objects/sms.php @@ -1,36 +1,39 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class SMS { +class SMS +{ private $conn; public $id; public $phone; - public $last_sms; - public $count; - - public function __construct($db) { + public $last_sms; + public $count; + + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "SMS: "; if (!empty($this->id)) { $to_string = $to_string . "id=" . $this->id . ", "; @@ -47,7 +50,8 @@ class SMS { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . SMS_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -61,7 +65,8 @@ class SMS { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . SMS_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, phone VARCHAR(64), @@ -80,7 +85,8 @@ class SMS { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . SMS_DB_TABLE . " WHERE id = ?"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -97,7 +103,8 @@ class SMS { return false; } - function create() { + public function create() + { $query = "INSERT INTO " . SMS_DB_TABLE . " SET phone=:phone, last_sms=:last_sms, count=:count"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -120,12 +127,13 @@ class SMS { return false; } - function update() { + public function update() + { $query = "UPDATE " . SMS_DB_TABLE . " SET phone=:phone, last_sms=:last_sms, count=:count WHERE id=:id"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $stmt = $this->conn->prepare($query); - + $this->id = htmlspecialchars(strip_tags($this->id)); $this->phone = htmlspecialchars(strip_tags($this->phone)); $this->last_sms = htmlspecialchars(strip_tags($this->last_sms)); @@ -144,7 +152,8 @@ class SMS { return false; } - function getAll() { + public function getAll() + { $query = "SELECT id, phone, last_sms, count FROM " . SMS_DB_TABLE; $stmt = $this->conn->prepare($query); Logger::getInstance()->debug("GetAll " . (string)$this); @@ -152,7 +161,8 @@ class SMS { return $stmt; } - function getOne() { + public function getOne() + { $query = "SELECT id, phone, last_sms, count FROM " . SMS_DB_TABLE . " WHERE phone = ?"; $stmt = $this->conn->prepare($query); $this->phone = htmlspecialchars(strip_tags($this->phone)); @@ -171,10 +181,8 @@ class SMS { $this->last_sms = $row['last_sms']; $this->count = $row['count']; return true; - } + } Logger::getInstance()->error($stmt->errorInfo()); return false; } } - -?> \ No newline at end of file diff --git a/src/objects/user_info.php b/src/objects/user_info.php index daa9bb6..58bd932 100644 --- a/src/objects/user_info.php +++ b/src/objects/user_info.php @@ -1,24 +1,25 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ -class UserInfo { +class UserInfo +{ private $conn; public $id; @@ -30,11 +31,13 @@ class UserInfo { public $country_name; public $subscribe; - public function __construct($db) { + public function __construct($db) + { $this->conn = $db; } - public function __toString() { + public function __toString() + { $to_string = "UserInfo: "; if (!empty($this->id)) { $to_string .= "id=" . $this->id . ", "; @@ -63,7 +66,8 @@ class UserInfo { return substr($to_string, 0, -2); } - function dropTable() { + public function dropTable() + { $query = "DROP TABLE IF EXISTS " . USER_INFO_DB_TABLE; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -77,7 +81,8 @@ class UserInfo { return false; } - function createTable() { + public function createTable() + { $query = "CREATE TABLE IF NOT EXISTS " . USER_INFO_DB_TABLE . " ( id INTEGER(11) UNSIGNED NOT NULL AUTO_INCREMENT, account_id INTEGER(11) UNSIGNED NOT NULL, @@ -100,7 +105,8 @@ class UserInfo { return false; } - function delete() { + public function delete() + { $query = "DELETE FROM " . USER_INFO_DB_TABLE . " WHERE id = ?"; $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -116,11 +122,12 @@ class UserInfo { return false; } - function create() { + public function create() + { $query = "INSERT INTO " . USER_INFO_DB_TABLE . " SET account_id=:account_id, firstname=:firstname, lastname=:lastname, gender=:gender, subscribe=:subscribe"; - if(ENABLE_NEW_ACCOUNTS_GEOLOC){ - $query .= ", country_code=:country_code, country_name=:country_name"; + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + $query .= ", country_code=:country_code, country_name=:country_name"; } $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @@ -138,13 +145,12 @@ class UserInfo { $stmt->bindParam(":gender", $this->gender); $stmt->bindParam(":subscribe", $this->subscribe); - if(ENABLE_NEW_ACCOUNTS_GEOLOC){ + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + $this->country_code = htmlspecialchars(strip_tags($this->country_code)); + $this->country_name = htmlspecialchars(strip_tags($this->country_name)); - $this->country_code = htmlspecialchars(strip_tags($this->country_code)); - $this->country_name = htmlspecialchars(strip_tags($this->country_name)); - - $stmt->bindParam(":country_code", $this->country_code); - $stmt->bindParam(":country_name", $this->country_name); + $stmt->bindParam(":country_code", $this->country_code); + $stmt->bindParam(":country_name", $this->country_name); } Logger::getInstance()->debug("Creating " . (string)$this); @@ -156,7 +162,8 @@ class UserInfo { return false; } - function update() { + public function update() + { $query = "UPDATE " . USER_INFO_DB_TABLE . " SET firstname=:firstname, lastname=:lastname, subscribe=:subscribe, gender=:gender"; $query = $query . " WHERE id=:id"; @@ -184,7 +191,8 @@ class UserInfo { return false; } - function getAll() { + public function getAll() + { $query = "SELECT id, account_id, firstname, lastname, gender, subscribe FROM " . USER_INFO_DB_TABLE; $stmt = $this->conn->prepare($query); Logger::getInstance()->debug("GetAll " . (string)$this); @@ -192,16 +200,17 @@ class UserInfo { return $stmt; } - function getOne() { + public function getOne() + { $query = "SELECT id, account_id, firstname, lastname, gender, subscribe FROM " . USER_INFO_DB_TABLE; if (!empty($this->id)) { $query = $query . " WHERE id = ?"; $this->id = htmlspecialchars(strip_tags($this->id)); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $query = $query . " WHERE account_id = ?"; $this->account_id = htmlspecialchars(strip_tags($this->account_id)); - } else if (!empty($this->lastname)) { + } elseif (!empty($this->lastname)) { $query = $query . " WHERE lastname = ?"; $this->lastname = htmlspecialchars(strip_tags($this->lastname)); if (!empty($this->firstname)) { @@ -218,9 +227,9 @@ class UserInfo { if (!empty($this->id)) { $stmt->bindParam(1, $this->id); - } else if (!empty($this->account_id)) { + } elseif (!empty($this->account_id)) { $stmt->bindParam(1, $this->account_id); - } else if (!empty($this->lastname)) { + } elseif (!empty($this->lastname)) { $stmt->bindParam(1, $this->lastname); if (!empty($this->firstname)) { $stmt->bindParam(2, $this->firstname); @@ -249,5 +258,3 @@ class UserInfo { return false; } } - -?> diff --git a/src/tools/create_tables.php b/src/tools/create_tables.php index a161ffc..e563381 100644 --- a/src/tools/create_tables.php +++ b/src/tools/create_tables.php @@ -3,21 +3,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,35 +30,33 @@ include_once __DIR__ . '/../objects/user_info.php'; $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); if (!$account->createTable()) { Logger::getInstance()->error("Couldn't create account table"); } - + $alias = new Alias($db); if (!$alias->createTable()) { Logger::getInstance()->error("Couldn't create alias table"); } - + $device = new Device($db); if (!$device->createTable()) { Logger::getInstance()->error("Couldn't create device table"); } - + $password = new Password($db); if (!$password->createTable()) { Logger::getInstance()->error("Couldn't create password table"); } - + $sms = new SMS($db); if (!$sms->createTable()) { Logger::getInstance()->error("Couldn't create sms table"); } - + $user_info = new UserInfo($db); if (!$user_info->createTable()) { Logger::getInstance()->error("Couldn't create user_info table"); } - -?> \ No newline at end of file diff --git a/src/tools/drop_tables.php b/src/tools/drop_tables.php index f4b2f6c..8003755 100644 --- a/src/tools/drop_tables.php +++ b/src/tools/drop_tables.php @@ -3,21 +3,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,32 +30,32 @@ include_once __DIR__ . '/../objects/user_info.php'; $database = new Database(); $db = $database->getConnection(); - + $account = new Account($db); if (!$account->dropTable()) { Logger::getInstance()->error("Couldn't drop account table"); } - + $alias = new Alias($db); if (!$alias->dropTable()) { Logger::getInstance()->error("Couldn't drop alias table"); } - + $device = new Device($db); if (!$device->dropTable()) { Logger::getInstance()->error("Couldn't drop device table"); } - + $password = new Password($db); if (!$password->dropTable()) { Logger::getInstance()->error("Couldn't drop password table"); } - + $sms = new SMS($db); if (!$sms->dropTable()) { Logger::getInstance()->error("Couldn't drop sms table"); } - + $user_info = new UserInfo($db); if (!$user_info->dropTable()) { Logger::getInstance()->error("Couldn't drop user_info table"); diff --git a/src/tools/migrate_accounts.php b/src/tools/migrate_accounts.php index 4c6928d..830d9ee 100644 --- a/src/tools/migrate_accounts.php +++ b/src/tools/migrate_accounts.php @@ -3,21 +3,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -34,11 +34,11 @@ $db = $database->getConnection(); $old_db = null; try { - $old_db = new PDO("mysql:host=" . DB_HOST . ";dbname=belledonne_proxy", DB_USER, DB_PASSWORD); - $old_db->exec("set names utf8"); -} catch(PDOException $exception) { - Logger::getInstance()->error("Connection error: " . $exception->getMessage()); - return; + $old_db = new PDO("mysql:host=" . DB_HOST . ";dbname=belledonne_proxy", DB_USER, DB_PASSWORD); + $old_db->exec("set names utf8"); +} catch (PDOException $exception) { + Logger::getInstance()->error("Connection error: " . $exception->getMessage()); + return; } Logger::getInstance()->message("Ready to migrate"); @@ -49,8 +49,8 @@ $start_time = time(); Logger::getInstance()->message("Starting accounts migration"); -$query = "SELECT ac.id, ac.login, ac.password, ac.activated, ac.email, ac.confirmation_key, ac.ip_address, ac.date_last_update, ac.user_agent, ac.firstname, ac.name, ac.gender, ac.subscribe, al.alias FROM " - . ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id"; +$query = "SELECT ac.id, ac.login, ac.password, ac.activated, ac.email, ac.confirmation_key, ac.ip_address, ac.date_last_update, ac.user_agent, ac.firstname, ac.name, ac.gender, ac.subscribe, al.alias FROM " + . ACCOUNTS_DB_TABLE . " ac LEFT JOIN " . ALIAS_DB_TABLE . " al ON ac.id = al.account_id"; $old_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $old_db->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, false); // For large sets this is mandatory $stmt = $old_db->prepare($query); @@ -62,80 +62,80 @@ $password_created_count = 0; $alias_created_count = 0; while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - $accounts_to_migrate_count += 1; - extract($row); + $accounts_to_migrate_count += 1; + extract($row); - $account = new Account($db); - $account->username = $login; - $account->domain = SIP_DOMAIN; - $account->email = $email; - $account->activated = $activated; - $account->confirmation_key = $confirmation_key; - $account->ip_address = $ip_address; - $account->user_agent = $user_agent; - $account->creation_time = $date_last_update; - $account->expire_time = null; + $account = new Account($db); + $account->username = $login; + $account->domain = SIP_DOMAIN; + $account->email = $email; + $account->activated = $activated; + $account->confirmation_key = $confirmation_key; + $account->ip_address = $ip_address; + $account->user_agent = $user_agent; + $account->creation_time = $date_last_update; + $account->expire_time = null; - if ($account->getOne()) { - // If an account as multiple aliases we will go here - if (!empty($alias)) { - $al = new Alias($db); - $al->account_id = $account->id; - $al->alias = $alias; - $al->domain = $account->domain; + if ($account->getOne()) { + // If an account as multiple aliases we will go here + if (!empty($alias)) { + $al = new Alias($db); + $al->account_id = $account->id; + $al->alias = $alias; + $al->domain = $account->domain; - if (!$al->create()) { - Logger::getInstance()->error("Failed to create alias !"); - } else { - $alias_created_count += 1; - } - } - } else { - if ($account->create()) { - $account_created_count += 1; + if (!$al->create()) { + Logger::getInstance()->error("Failed to create alias !"); + } else { + $alias_created_count += 1; + } + } + } else { + if ($account->create()) { + $account_created_count += 1; - $user_info = new UserInfo($db); - $user_info->account_id = $account->id; - $user_info->firstname = $firstname; - $user_info->lastname = $name; - $user_info->gender = $gender; - $user_info->subscribe = $subscribe; - if (!$user_info->create()) { - Logger::getInstance()->error("Failed to create user_info !"); - } - - $pwd = new Password($db); - $pwd->account_id = $account->id; - $pwd->algorithm = 'MD5'; - $pwd->password = $password; - - if (!$pwd->create()) { - Logger::getInstance()->error("Failed to create password !"); - } else { - $password_created_count += 1; - } - - if (!empty($alias)) { - $al = new Alias($db); - $al->account_id = $account->id; - $al->alias = $alias; - $al->domain = $account->domain; - - if (!$al->create()) { - Logger::getInstance()->error("Failed to create alias !"); - } else { - $alias_created_count += 1; - } - } - } else { - Logger::getInstance()->error("Failed to create account !"); - } - } + $user_info = new UserInfo($db); + $user_info->account_id = $account->id; + $user_info->firstname = $firstname; + $user_info->lastname = $name; + $user_info->gender = $gender; + $user_info->subscribe = $subscribe; + if (!$user_info->create()) { + Logger::getInstance()->error("Failed to create user_info !"); + } + + $pwd = new Password($db); + $pwd->account_id = $account->id; + $pwd->algorithm = 'MD5'; + $pwd->password = $password; + + if (!$pwd->create()) { + Logger::getInstance()->error("Failed to create password !"); + } else { + $password_created_count += 1; + } + + if (!empty($alias)) { + $al = new Alias($db); + $al->account_id = $account->id; + $al->alias = $alias; + $al->domain = $account->domain; + + if (!$al->create()) { + Logger::getInstance()->error("Failed to create alias !"); + } else { + $alias_created_count += 1; + } + } + } else { + Logger::getInstance()->error("Failed to create account !"); + } + } } Logger::getInstance()->message("Accounts migration done"); -Logger::getInstance()->message($accounts_to_migrate_count . " were to migrate, " . $account_created_count . " were succesfully created including " - . $password_created_count . " passwords and " . $alias_created_count . " aliases"); +Logger::getInstance()->message($accounts_to_migrate_count . " were to migrate, " . $account_created_count . " were succesfully created including " + . $password_created_count . " passwords and " . $alias_created_count . " aliases"); /* **************************************************** */ @@ -148,19 +148,19 @@ $sms_to_migrate_count = 0; $sms_created_count = 0; while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - $sms_to_migrate_count += 1; - extract($row); + $sms_to_migrate_count += 1; + extract($row); - $sms = new SMS($db); - $sms->phone = $phone; - $sms->last_sms = $last_sms; - $sms->count = $count; + $sms = new SMS($db); + $sms->phone = $phone; + $sms->last_sms = $last_sms; + $sms->count = $count; - if (!$sms->create()) { - Logger::getInstance()->error("Failed to create sms !"); - } else { - $sms_created_count += 1; - } + if (!$sms->create()) { + Logger::getInstance()->error("Failed to create sms !"); + } else { + $sms_created_count += 1; + } } Logger::getInstance()->message("SMS migration done"); @@ -177,21 +177,21 @@ $devices_to_migrate_count = 0; $devices_created_count = 0; while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - $devices_to_migrate_count += 1; - extract($row); + $devices_to_migrate_count += 1; + extract($row); - $device = new Device($db); - $device->manufacturer = $manufacturer; - $device->model = $model; - $device->status = $status; - $device->delay = $delay; - $device->hardware_echo_canceller = $hardware_echo_canceller; + $device = new Device($db); + $device->manufacturer = $manufacturer; + $device->model = $model; + $device->status = $status; + $device->delay = $delay; + $device->hardware_echo_canceller = $hardware_echo_canceller; - if (!$device->create()) { - Logger::getInstance()->error("Failed to create device !"); - } else { - $devices_created_count += 1; - } + if (!$device->create()) { + Logger::getInstance()->error("Failed to create device !"); + } else { + $devices_created_count += 1; + } } Logger::getInstance()->message("Devices migration done"); diff --git a/src/xmlrpc/accounts.php b/src/xmlrpc/accounts.php index 75961d8..0addc1d 100644 --- a/src/xmlrpc/accounts.php +++ b/src/xmlrpc/accounts.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -33,151 +33,154 @@ include_once __DIR__ . '/accounts_phone.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [username, [domain]] -function xmlrpc_is_account_used($method, $args) { - $user = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_is_account_used($method, $args) +{ + $user = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_used(" . $user . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_used(" . $user . ", " . $domain . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; - - if ($account->getOne()) { - return OK; - } + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - $alias = new Alias($db); - $alias->alias = $user; - $alias->domain = $domain; + if ($account->getOne()) { + return OK; + } - if ($alias->getOne()) { - return OK; - } + $alias = new Alias($db); + $alias->alias = $user; + $alias->domain = $domain; - return NOK; + if ($alias->getOne()) { + return OK; + } + + return NOK; } // args = [username, [domain]] -function xmlrpc_is_account_activated($method, $args) { - $user = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_is_account_activated($method, $args) +{ + $user = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_activated(" . $user . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_is_account_activated(" . $user . ", " . $domain . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - $alias = new Alias($db); - $alias->alias = $user; - $alias->domain = $domain; + if (!$account->getOne()) { + $alias = new Alias($db); + $alias->alias = $user; + $alias->domain = $domain; - if ($alias->getOne()) { - $account->id = $alias->account_id; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } - } else { - return ACCOUNT_NOT_FOUND; - } - } + if ($alias->getOne()) { + $account->id = $alias->account_id; + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } + } else { + return ACCOUNT_NOT_FOUND; + } + } - Logger::getInstance()->message("Account activation status is " . $account->activated); - if (is_activated($account->activated)) { - return OK; - } + Logger::getInstance()->message("Account activation status is " . $account->activated); + if (is_activated($account->activated)) { + return OK; + } - return NOK; + return NOK; } // args = [username, key, [domain], [algo]] -function xmlrpc_recover_account_from_confirmation_key($method, $args) { - $username = $args[0]; - $key = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_recover_account_from_confirmation_key($method, $args) +{ + $username = $args[0]; + $key = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_account_from_confirmation_key(" . $username . ", " . $domain . ", " . $key . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_account_from_confirmation_key(" . $username . ", " . $domain . ", " . $key . ", " . $algo . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if (!is_key_matching($key, $account)) { - return KEY_DOESNT_MATCH; - } + if (!is_key_matching($key, $account)) { + return KEY_DOESNT_MATCH; + } - if (!is_activated($account)) { - $account->activated = "1"; - $account->update(); - } + if (!is_activated($account)) { + $account->activated = "1"; + $account->update(); + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if ($password->getOne()) { - $result = array( - "password" => $password->password, - "algorithm" => $password->algorithm - ); - return $result; - } + if ($password->getOne()) { + $result = array( + "password" => $password->password, + "algorithm" => $password->algorithm + ); + return $result; + } - // If not found, try without algo - $password2 = new Password($db); - $password2->account_id = $account->id; + // If not found, try without algo + $password2 = new Password($db); + $password2->account_id = $account->id; - if ($password2->getOne()) { - $result = array( - "password" => $password2->password, - "algorithm" => $password2->algorithm - ); - return $result; - } + if ($password2->getOne()) { + $result = array( + "password" => $password2->password, + "algorithm" => $password2->algorithm + ); + return $result; + } - return PASSWORD_NOT_FOUND; + return PASSWORD_NOT_FOUND; } // args = [] -function xmlrpc_get_accounts_count($method, $args) { - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_accounts_count()"); +function xmlrpc_get_accounts_count($method, $args) +{ + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_accounts_count()"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - return $account->getCount(); + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + return $account->getCount(); } -function xmlrpc_accounts_register_methods($server) { - xmlrpc_server_register_method($server, 'is_account_used', 'xmlrpc_is_account_used');// args = [username, [domain]], return OK or NOK - xmlrpc_server_register_method($server, 'is_account_activated', 'xmlrpc_is_account_activated');// args = [username, [domain]], return OK or NOK - xmlrpc_server_register_method($server, 'recover_account_from_confirmation_key', 'xmlrpc_recover_account_from_confirmation_key');// args = [username, key, [domain], [algo]] +function xmlrpc_accounts_register_methods($server) +{ + xmlrpc_server_register_method($server, 'is_account_used', 'xmlrpc_is_account_used');// args = [username, [domain]], return OK or NOK + xmlrpc_server_register_method($server, 'is_account_activated', 'xmlrpc_is_account_activated');// args = [username, [domain]], return OK or NOK + xmlrpc_server_register_method($server, 'recover_account_from_confirmation_key', 'xmlrpc_recover_account_from_confirmation_key');// args = [username, key, [domain], [algo]] - xmlrpc_server_register_method($server, 'get_accounts_count', 'xmlrpc_get_accounts_count');//args = [] + xmlrpc_server_register_method($server, 'get_accounts_count', 'xmlrpc_get_accounts_count');//args = [] - xmlrpc_accounts_email_register_methods($server); - xmlrpc_accounts_phone_register_methods($server); + xmlrpc_accounts_email_register_methods($server); + xmlrpc_accounts_phone_register_methods($server); } - -?> diff --git a/src/xmlrpc/accounts_email.php b/src/xmlrpc/accounts_email.php index e7c15d7..bb10713 100644 --- a/src/xmlrpc/accounts_email.php +++ b/src/xmlrpc/accounts_email.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,380 +30,385 @@ include_once __DIR__ . '/../misc/user_info.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [username, email, [hash], useragent, [domain], [algo]] -function xmlrpc_create_email_account($method, $args) { - $user = $args[0]; - $email = $args[1]; - $hashed_password = $args[2]; - $user_agent = $args[3]; - $domain = get_domain($args[4]); - $algo = get_algo($args[5]); +function xmlrpc_create_email_account($method, $args) +{ + $user = $args[0]; + $email = $args[1]; + $hashed_password = $args[2]; + $user_agent = $args[3]; + $domain = get_domain($args[4]); + $algo = get_algo($args[5]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_account(" . $user . ", " . $domain . ", " . $email . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_account(" . $user . ", " . $domain . ", " . $email . ", " . $algo . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!check_parameter($email, "email")) { - return MISSING_EMAIL_PARAM; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!check_parameter($email, "email")) { + return MISSING_EMAIL_PARAM; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if ($account->getOne()) { - return USERNAME_TAKEN; - } + if ($account->getOne()) { + return USERNAME_TAKEN; + } - if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { - $email_account = new Account($db); - $email_account->email = $email; - if ($email_account->getOne()) { - return EMAIL_TAKEN; - } - } + if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { + $email_account = new Account($db); + $email_account->email = $email; + if ($email_account->getOne()) { + return EMAIL_TAKEN; + } + } - if (GENERATE_PASSWORD_ENABLED) { - $hashed_password = hash_password($user, generate_password(), $domain, $algo); - } + if (GENERATE_PASSWORD_ENABLED) { + $hashed_password = hash_password($user, generate_password(), $domain, $algo); + } - $account->confirmation_key = uniqid(); - $account->email = $email; - $account->user_agent = $user_agent; - $account->ip_address = getIp(); + $account->confirmation_key = uniqid(); + $account->email = $email; + $account->user_agent = $user_agent; + $account->ip_address = getIp(); - $account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0"; - $account->create(); + $account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0"; + $account->create(); - $password = new Password($db); - $password->account_id = $account->id; - $password->password = $hashed_password; - $password->algorithm = $algo; - $password->create(); + $password = new Password($db); + $password->account_id = $account->id; + $password->password = $hashed_password; + $password->algorithm = $algo; + $password->create(); - if (CUSTOM_HOOKS) { - hook_on_account_created($account); - } + if (CUSTOM_HOOKS) { + hook_on_account_created($account); + } - if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { - send_email_with_activation_link($email, $account->confirmation_key, $account->username, $algo); - } else if (AUTO_ACTIVATE_ACCOUNT) { - //TODO - /*if (USE_IN_APP_PURCHASES) { - $expiration = get_trial_expiration_date(); - db_inapp_add_account($user, $domain, $expiration); - }*/ - } + if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { + send_email_with_activation_link($email, $account->confirmation_key, $account->username, $algo); + } elseif (AUTO_ACTIVATE_ACCOUNT) { + //TODO + /*if (USE_IN_APP_PURCHASES) { + $expiration = get_trial_expiration_date(); + db_inapp_add_account($user, $domain, $expiration); + }*/ + } - // args = [username, email, [hash], useragent, [domain], [algo]] - // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] - //need username + domain + // args = [username, email, [hash], useragent, [domain], [algo]] + // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] + //need username + domain - //We call this function to set the geoloc if enabled - if (ENABLE_NEW_ACCOUNTS_GEOLOC){ - return update_account_user_info($account->username, $hashed_password, NULL, NULL, "unknown", '0', $account->domain, $algo); - } + //We call this function to set the geoloc if enabled + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + return update_account_user_info($account->username, $hashed_password, null, null, "unknown", '0', $account->domain, $algo); + } - return OK; + return OK; } // args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK -function xmlrpc_create_email_md5_sha256_account($method, $args) { - $user = $args[0]; - $email = $args[1]; - $md5_hash = $args[2]; - $sha256_hash = $args[3]; - $user_agent = $args[4]; - $domain = get_domain($args[5]); +function xmlrpc_create_email_md5_sha256_account($method, $args) +{ + $user = $args[0]; + $email = $args[1]; + $md5_hash = $args[2]; + $sha256_hash = $args[3]; + $user_agent = $args[4]; + $domain = get_domain($args[5]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_md5_sha256_account(" . $user . ", " . $domain . ", " . $email . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_create_email_md5_sha256_account(" . $user . ", " . $domain . ", " . $email . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!check_parameter($email, "email")) { - return MISSING_EMAIL_PARAM; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!check_parameter($email, "email")) { + return MISSING_EMAIL_PARAM; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if ($account->getOne()) { - return USERNAME_TAKEN; - } + if ($account->getOne()) { + return USERNAME_TAKEN; + } - if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { - $email_account = new Account($db); - $email_account->email = $email; - if ($email_account->getOne()) { - return EMAIL_TAKEN; - } - } + if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { + $email_account = new Account($db); + $email_account->email = $email; + if ($email_account->getOne()) { + return EMAIL_TAKEN; + } + } - if (GENERATE_PASSWORD_ENABLED) { - $pwd = generate_password(); - $md5_hash = hash_password($user, $pwd, $domain, MD5); - $sha256_hash = hash_password($user, $pwd, $domain, SHA256); - } + if (GENERATE_PASSWORD_ENABLED) { + $pwd = generate_password(); + $md5_hash = hash_password($user, $pwd, $domain, MD5); + $sha256_hash = hash_password($user, $pwd, $domain, SHA256); + } - $account->confirmation_key = uniqid(); - $account->email = $email; - $account->user_agent = $user_agent; - $account->ip_address = getIp(); - $account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0"; - $account->create(); + $account->confirmation_key = uniqid(); + $account->email = $email; + $account->user_agent = $user_agent; + $account->ip_address = getIp(); + $account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0"; + $account->create(); - $md5_password = new Password($db); - $md5_password->account_id = $account->id; - $md5_password->password = $md5_hash; - $md5_password->algorithm = MD5; - $md5_password->create(); + $md5_password = new Password($db); + $md5_password->account_id = $account->id; + $md5_password->password = $md5_hash; + $md5_password->algorithm = MD5; + $md5_password->create(); - $sha256_password = new Password($db); - $sha256_password->account_id = $account->id; - $sha256_password->password = $sha256_hash; - $sha256_password->algorithm = SHA256; - $sha256_password->create(); + $sha256_password = new Password($db); + $sha256_password->account_id = $account->id; + $sha256_password->password = $sha256_hash; + $sha256_password->algorithm = SHA256; + $sha256_password->create(); - if (CUSTOM_HOOKS) { - hook_on_account_created($account); - } + if (CUSTOM_HOOKS) { + hook_on_account_created($account); + } - if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { - send_email_with_activation_link($email, $account->confirmation_key, $account->username, SHA256); - } else if (AUTO_ACTIVATE_ACCOUNT) { - //TODO - /*if (USE_IN_APP_PURCHASES) { - $expiration = get_trial_expiration_date(); - db_inapp_add_account($user, $domain, $expiration); - }*/ - } + if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { + send_email_with_activation_link($email, $account->confirmation_key, $account->username, SHA256); + } elseif (AUTO_ACTIVATE_ACCOUNT) { + //TODO + /*if (USE_IN_APP_PURCHASES) { + $expiration = get_trial_expiration_date(); + db_inapp_add_account($user, $domain, $expiration); + }*/ + } - //We call this function to set the geoloc if enabled - // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] - //need username + domain - if (ENABLE_NEW_ACCOUNTS_GEOLOC){ - return update_account_user_info($account->username, $md5_hash, NULL, NULL, "unknown", '0', $account->domain, MD5); - } - - return OK; + //We call this function to set the geoloc if enabled + // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] + //need username + domain + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + return update_account_user_info($account->username, $md5_hash, null, null, "unknown", '0', $account->domain, MD5); + } + + return OK; } // args = [username, key, [domain], [algo]] -function xmlrpc_activate_email_account($method, $args) { - $user = $args[0]; - $key = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_activate_email_account($method, $args) +{ + $user = $args[0]; + $key = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_account(" . $user . ", " . $domain . ", " . $key . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_account(" . $user . ", " . $domain . ", " . $key . ", " . $algo . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } else if ($account->activated != "0") { - return ACCOUNT_ALREADY_ACTIVATED; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } elseif ($account->activated != "0") { + return ACCOUNT_ALREADY_ACTIVATED; + } - if (!is_key_matching($key, $account)) { - return KEY_DOESNT_MATCH; - } + if (!is_key_matching($key, $account)) { + return KEY_DOESNT_MATCH; + } - $account->activated = "1"; - $account->update(); + $account->activated = "1"; + $account->update(); - $expiration = NULL; - // TODO - /*if (USE_IN_APP_PURCHASES) { - $expiration = get_trial_expiration_date(); - db_inapp_add_account($user, $domain, $expiration); - }*/ + $expiration = null; + // TODO + /*if (USE_IN_APP_PURCHASES) { + $expiration = get_trial_expiration_date(); + db_inapp_add_account($user, $domain, $expiration); + }*/ - if (CUSTOM_HOOKS) { - hook_on_account_activated($account); - } + if (CUSTOM_HOOKS) { + hook_on_account_activated($account); + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if ($password->getOne()) { - return $password->password; - } + if ($password->getOne()) { + return $password->password; + } - return PASSWORD_NOT_FOUND; + return PASSWORD_NOT_FOUND; } // args = [username, email, [domain]] -function xmlrpc_recover_email_account($method, $args) { - $username = $args[0]; - $email = $args[1]; - $domain = get_domain($args[2]); +function xmlrpc_recover_email_account($method, $args) +{ + $username = $args[0]; + $email = $args[1]; + $domain = get_domain($args[2]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_email_account(" . $username . ", " . $email . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_email_account(" . $username . ", " . $email . ", " . $domain . ")"); - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if (strcasecmp($email, $account->email) != 0) { // Email case insensitive compare - return EMAIL_DOESNT_MATCH; - } + if (strcasecmp($email, $account->email) != 0) { // Email case insensitive compare + return EMAIL_DOESNT_MATCH; + } - $account->confirmation_key = uniqid(); - $account->update(); + $account->confirmation_key = uniqid(); + $account->update(); - if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { - send_email_with_recover_key($email, $account->confirmation_key); - } + if (SEND_ACTIVATION_EMAIL && EMAIL_ENABLED) { + send_email_with_recover_key($email, $account->confirmation_key); + } - return OK; + return OK; } // args = [username, password, new email, [domain], [algo]] -function xmlrpc_update_email($method, $args) { - $user = $args[0]; - $pwd = $args[1]; - $new_email = $args[2]; - $domain = get_domain($args[3]); - $algo = get_algo($args[4]); +function xmlrpc_update_email($method, $args) +{ + $user = $args[0]; + $pwd = $args[1]; + $new_email = $args[2]; + $domain = get_domain($args[3]); + $algo = get_algo($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_update_email(" . $user . ", " . $domain . ", " . $new_email . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_update_email(" . $user . ", " . $domain . ", " . $new_email . ", " . $algo . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - $hashed_old_password = hash_password($user, $pwd, $domain, $algo); - if (!password_match($password->password, $hashed_old_password)) { - return PASSWORD_DOESNT_MATCH; - } + $hashed_old_password = hash_password($user, $pwd, $domain, $algo); + if (!password_match($password->password, $hashed_old_password)) { + return PASSWORD_DOESNT_MATCH; + } - if ($account->email == $new_email) { - Logger::getInstance()->warning("New email same as previous one"); - return EMAIL_UNCHANGED; - } + if ($account->email == $new_email) { + Logger::getInstance()->warning("New email same as previous one"); + return EMAIL_UNCHANGED; + } - if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { - $email_account = new Account($db); - $email_account->email = $email; - if ($email_account->getOne()) { - return EMAIL_TAKEN; - } - } + if (!ALLOW_SAME_EMAILS_ON_MULTILPLE_ACCOUNTS) { + $email_account = new Account($db); + $email_account->email = $email; + if ($email_account->getOne()) { + return EMAIL_TAKEN; + } + } - $account->email = $new_email; - if ($account->update()) { - Logger::getInstance()->message("Email updated successfully"); - return OK; - } + $account->email = $new_email; + if ($account->update()) { + Logger::getInstance()->message("Email updated successfully"); + return OK; + } - return NOK; + return NOK; } // args = [username, email, ha1, [domain], [algo]] -function xmlrpc_delete_email_account($method, $args) { - $username = $args[0]; - $email = $args[1]; - $ha1 = $args[2]; - $domain = get_domain($args[3]); - $algo = get_algo($args[4]); +function xmlrpc_delete_email_account($method, $args) +{ + $username = $args[0]; + $email = $args[1]; + $ha1 = $args[2]; + $domain = get_domain($args[3]); + $algo = get_algo($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_email_account(" . $username . ", " . $email . ", " . $domain . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_email_account(" . $username . ", " . $email . ", " . $domain . ", " . $algo . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if ($email != $account->email) { - return EMAIL_DOESNT_MATCH; - } + if ($email != $account->email) { + return EMAIL_DOESNT_MATCH; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if ($ha1 != $password->password) { - return PASSWORD_DOESNT_MATCH; - } + if ($ha1 != $password->password) { + return PASSWORD_DOESNT_MATCH; + } - if ($account->delete()) { - if ($password->delete()) { - $alias = new Alias($db); - $alias->account_id = $account->id; - $alias->delete(); + if ($account->delete()) { + if ($password->delete()) { + $alias = new Alias($db); + $alias->account_id = $account->id; + $alias->delete(); - $userinfo = new UserInfo($db); - $userinfo->account_id = $account->id; - $userinfo->delete(); + $userinfo = new UserInfo($db); + $userinfo->account_id = $account->id; + $userinfo->delete(); - return OK; - } - } + return OK; + } + } - return NOK; + return NOK; } -function xmlrpc_accounts_email_register_methods($server) { - xmlrpc_server_register_method($server, 'create_email_account', 'xmlrpc_create_email_account');// args = [username, email, [hash], useragent, [domain], [algo]], return OK - xmlrpc_server_register_method($server, 'create_email_md5_sha256_account', 'xmlrpc_create_email_md5_sha256_account');// args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK - xmlrpc_server_register_method($server, 'activate_email_account', 'xmlrpc_activate_email_account');// args = [username, key, [domain], [algo]], return ha1_password - xmlrpc_server_register_method($server, 'recover_email_account', 'xmlrpc_recover_email_account');// args = [username, email, [domain]], return OK - xmlrpc_server_register_method($server, 'update_email', 'xmlrpc_update_email');// args = [username, password, new email, [domain], [algo]], return OK - xmlrpc_server_register_method($server, 'delete_email_account', 'xmlrpc_delete_email_account');// args = [username, email, ha1, [domain], [algo]] +function xmlrpc_accounts_email_register_methods($server) +{ + xmlrpc_server_register_method($server, 'create_email_account', 'xmlrpc_create_email_account');// args = [username, email, [hash], useragent, [domain], [algo]], return OK + xmlrpc_server_register_method($server, 'create_email_md5_sha256_account', 'xmlrpc_create_email_md5_sha256_account');// args = [username, email, md5_hash, sha256_hash, useragent, [domain]], return OK + xmlrpc_server_register_method($server, 'activate_email_account', 'xmlrpc_activate_email_account');// args = [username, key, [domain], [algo]], return ha1_password + xmlrpc_server_register_method($server, 'recover_email_account', 'xmlrpc_recover_email_account');// args = [username, email, [domain]], return OK + xmlrpc_server_register_method($server, 'update_email', 'xmlrpc_update_email');// args = [username, password, new email, [domain], [algo]], return OK + xmlrpc_server_register_method($server, 'delete_email_account', 'xmlrpc_delete_email_account');// args = [username, email, ha1, [domain], [algo]] } - -?> diff --git a/src/xmlrpc/accounts_phone.php b/src/xmlrpc/accounts_phone.php index c95d872..5cbd061 100644 --- a/src/xmlrpc/accounts_phone.php +++ b/src/xmlrpc/accounts_phone.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -32,380 +32,385 @@ include_once __DIR__ . '/../misc/user_info.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [phone, [username], [password], useragent, [domain], [lang], [algo]] -function xmlrpc_create_phone_account($method, $args) { - $phone = $args[0]; - $user = $args[1]; - $hashed_password = $args[2]; - $user_agent = $args[3]; - $domain = get_domain($args[4]); - $lang = get_lang($args[5]); - $algo = get_algo($args[6]); +function xmlrpc_create_phone_account($method, $args) +{ + $phone = $args[0]; + $user = $args[1]; + $hashed_password = $args[2]; + $user_agent = $args[3]; + $domain = get_domain($args[4]); + $lang = get_lang($args[5]); + $algo = get_algo($args[6]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_create_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_create_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ", " . $algo . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!startswith($phone, "+")) { - Logger::getInstance()->error("Phone doesn't start by +"); - return PHONE_NOT_E164; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!startswith($phone, "+")) { + Logger::getInstance()->error("Phone doesn't start by +"); + return PHONE_NOT_E164; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - if (!check_parameter($user)) { - $user = $phone; - } + if (!check_parameter($user)) { + $user = $phone; + } - $recover_params = array( - 0 => $phone, - 1 => $domain, - 2 => $lang, - ); + $recover_params = array( + 0 => $phone, + 1 => $domain, + 2 => $lang, + ); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if ($account->getOne()) { - if (RECOVER_ACCOUNT_IF_EXISTS) { - $recovered_user = xmlrpc_recover_phone_account($method, $recover_params); - if ($recovered_user == $user) { - return OK; - } + if ($account->getOne()) { + if (RECOVER_ACCOUNT_IF_EXISTS) { + $recovered_user = xmlrpc_recover_phone_account($method, $recover_params); + if ($recovered_user == $user) { + return OK; + } - return ACCOUNT_RECOVERY_IMPOSSIBLE; - } + return ACCOUNT_RECOVERY_IMPOSSIBLE; + } - return USERNAME_TAKEN; - } else if ($alias->getOne()) { - if (RECOVER_ACCOUNT_IF_EXISTS) { - $recovered_user = xmlrpc_recover_phone_account($method, $recover_params); - if ($recovered_user == $user) { - return OK; - } + return USERNAME_TAKEN; + } elseif ($alias->getOne()) { + if (RECOVER_ACCOUNT_IF_EXISTS) { + $recovered_user = xmlrpc_recover_phone_account($method, $recover_params); + if ($recovered_user == $user) { + return OK; + } - return ACCOUNT_RECOVERY_IMPOSSIBLE; - } + return ACCOUNT_RECOVERY_IMPOSSIBLE; + } - return PHONE_TAKEN; - } + return PHONE_TAKEN; + } - $pwd = $hashed_password; - if (!check_parameter($hashed_password, "hashed password")) { - $pwd = generate_password(); - $hashed_password = hash_password($user, $pwd, $domain, $algo); - } + $pwd = $hashed_password; + if (!check_parameter($hashed_password, "hashed password")) { + $pwd = generate_password(); + $hashed_password = hash_password($user, $pwd, $domain, $algo); + } - $account->confirmation_key = generate_4_digits_code(); - $account->user_agent = $user_agent; - $account->ip_address = getIp(); + $account->confirmation_key = generate_4_digits_code(); + $account->user_agent = $user_agent; + $account->ip_address = getIp(); $account->activated = AUTO_ACTIVATE_ACCOUNT ? "1" : "0"; - $account->create(); + $account->create(); - $password = new Password($db); - $password->account_id = $account->id; - $password->password = $hashed_password; - $password->algorithm = $algo; - $password->create(); + $password = new Password($db); + $password->account_id = $account->id; + $password->password = $hashed_password; + $password->algorithm = $algo; + $password->create(); - if (CUSTOM_HOOKS) { - hook_on_account_created($account); - } + if (CUSTOM_HOOKS) { + hook_on_account_created($account); + } - if (SEND_ACTIVATION_SMS) { - if (!SMS_API_ENABLED) { - // This is a hack to allow testing without sending SMS - return OK; - } - $ok = send_sms($phone, $account->confirmation_key, $lang); - return $ok; - } else if (AUTO_ACTIVATE_ACCOUNT) { - if (USE_IN_APP_PURCHASES) { - //TODO - /*$expiration = get_trial_expiration_date(); - db_inapp_add_account($user, $domain, $expiration);*/ - } - } + if (SEND_ACTIVATION_SMS) { + if (!SMS_API_ENABLED) { + // This is a hack to allow testing without sending SMS + return OK; + } + $ok = send_sms($phone, $account->confirmation_key, $lang); + return $ok; + } elseif (AUTO_ACTIVATE_ACCOUNT) { + if (USE_IN_APP_PURCHASES) { + //TODO + /*$expiration = get_trial_expiration_date(); + db_inapp_add_account($user, $domain, $expiration);*/ + } + } - //We call this function to set the geoloc if enabled - // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] - //need username + domain - if (ENABLE_NEW_ACCOUNTS_GEOLOC){ - return update_account_user_info($account->username, $hashed_password, NULL, NULL, "unknown", '0', $account->domain, $algo); - } + //We call this function to set the geoloc if enabled + // args needed = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] + //need username + domain + if (ENABLE_NEW_ACCOUNTS_GEOLOC) { + return update_account_user_info($account->username, $hashed_password, null, null, "unknown", '0', $account->domain, $algo); + } - return OK; + return OK; } // args = [phone, username, key, [domain], [algo]] -function xmlrpc_activate_phone_account($method, $args) { - $phone = $args[0]; - $user = $args[1]; - $key = $args[2]; - $domain = get_domain($args[3]); - $algo = get_algo($args[4]); +function xmlrpc_activate_phone_account($method, $args) +{ + $phone = $args[0]; + $user = $args[1]; + $key = $args[2]; + $domain = get_domain($args[3]); + $algo = get_algo($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_account(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!startswith($phone, "+")) { - Logger::getInstance()->error("Phone doesn't start by +"); - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!startswith($phone, "+")) { + Logger::getInstance()->error("Phone doesn't start by +"); + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if (!is_key_matching($key, $account)) { - return KEY_DOESNT_MATCH; - } + if (!is_key_matching($key, $account)) { + return KEY_DOESNT_MATCH; + } - // If this is a recovery, account is already activated, don't go through the following again - if (!is_activated($account->activated)) { - $expiration = NULL; - $account->activated = "1"; - $account->update(); + // If this is a recovery, account is already activated, don't go through the following again + if (!is_activated($account->activated)) { + $expiration = null; + $account->activated = "1"; + $account->update(); - $alias = new Alias($db); - $alias->account_id = $account->id; - $alias->alias = $phone; - $alias->domain = $account->domain; - $alias->create(); + $alias = new Alias($db); + $alias->account_id = $account->id; + $alias->alias = $phone; + $alias->domain = $account->domain; + $alias->create(); - if (USE_IN_APP_PURCHASES) { - $expiration = get_trial_expiration_date(); - //db_inapp_add_account($user, $domain, $expiration); - //TODO - } + if (USE_IN_APP_PURCHASES) { + $expiration = get_trial_expiration_date(); + //db_inapp_add_account($user, $domain, $expiration); + //TODO + } - if (CUSTOM_HOOKS) { - hook_on_account_activated($account); - } - } + if (CUSTOM_HOOKS) { + hook_on_account_activated($account); + } + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if ($password->getOne()) { - return $password->password; - } + if ($password->getOne()) { + return $password->password; + } return PASSWORD_NOT_FOUND; } // args = [phone, [domain], [lang]] -function xmlrpc_recover_phone_account($method, $args) { - // Is this function overloaded - if (XMLRPC_RECOVER_PHONE_ACCOUNT_OVERLOAD === TRUE) { - return xmlrpc_recover_phone_account_overload($method, $args); - } +function xmlrpc_recover_phone_account($method, $args) +{ + // Is this function overloaded + if (XMLRPC_RECOVER_PHONE_ACCOUNT_OVERLOAD === true) { + return xmlrpc_recover_phone_account_overload($method, $args); + } - $phone = $args[0]; - $domain = get_domain($args[1]); - $lang = get_lang($args[2]); + $phone = $args[0]; + $domain = get_domain($args[1]); + $lang = get_lang($args[2]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_phone_account(" . $phone . ", " . $domain . ", " . $lang . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_recover_phone_account(" . $phone . ", " . $domain . ", " . $lang . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $account = new Account($db); - $account->username = $phone; - $account->domain = $domain; + $account = new Account($db); + $account->username = $phone; + $account->domain = $domain; - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if (!$account->getOne()) { - if ($alias->getOne()) { - $account->id = $alias->account_id; - // This time the search will be done on the id instead of couple username / domain - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } - } else { - return ACCOUNT_NOT_FOUND; - } - } + if (!$account->getOne()) { + if ($alias->getOne()) { + $account->id = $alias->account_id; + // This time the search will be done on the id instead of couple username / domain + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } + } else { + return ACCOUNT_NOT_FOUND; + } + } - if (SEND_ACTIVATION_SMS) { - $account->confirmation_key = generate_4_digits_code(); - $account->update(); + if (SEND_ACTIVATION_SMS) { + $account->confirmation_key = generate_4_digits_code(); + $account->update(); - if (!SMS_API_ENABLED) { - // This is a hack to allow testing without sending SMS - return $account->username; - } - $ok = send_sms($phone, $account->confirmation_key, $lang); - if ($ok != OK) { - return $ok; - } - } + if (!SMS_API_ENABLED) { + // This is a hack to allow testing without sending SMS + return $account->username; + } + $ok = send_sms($phone, $account->confirmation_key, $lang); + if ($ok != OK) { + return $ok; + } + } - return $account->username; + return $account->username; } // args = [username, phone, ha1, [domain], [algo]] -function xmlrpc_delete_phone_account($method, $args) { - $username = $args[0]; - $phone = $args[1]; - $ha1 = $args[2]; - $domain = get_domain($args[3]); - $algo = get_algo($args[4]); +function xmlrpc_delete_phone_account($method, $args) +{ + $username = $args[0]; + $phone = $args[1]; + $ha1 = $args[2]; + $domain = get_domain($args[3]); + $algo = get_algo($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_phone_account(" . $username . ", " . $phone . ", " . $domain . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_phone_account(" . $username . ", " . $phone . ", " . $domain . ", " . $algo . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if ($phone != $username && $phone != $account->alias) { - return ALIAS_DOESNT_MATCH; - } + if ($phone != $username && $phone != $account->alias) { + return ALIAS_DOESNT_MATCH; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if ($ha1 != $password->password) { - return PASSWORD_DOESNT_MATCH; - } + if ($ha1 != $password->password) { + return PASSWORD_DOESNT_MATCH; + } - if ($account->delete()) { - if ($password->delete()) { - $alias = new Alias($db); - $alias->account_id = $account->id; - $alias->delete(); + if ($account->delete()) { + if ($password->delete()) { + $alias = new Alias($db); + $alias->account_id = $account->id; + $alias->delete(); - $userinfo = new UserInfo($db); - $userinfo->account_id = $account->id; - $userinfo->delete(); + $userinfo = new UserInfo($db); + $userinfo->account_id = $account->id; + $userinfo->delete(); - return OK; - } - } + return OK; + } + } - return NOK; + return NOK; } // args = [phone, [domain]] -function xmlrpc_is_phone_number_used($method, $args) { - $phone = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_is_phone_number_used($method, $args) +{ + $phone = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_is_phone_number_used(" . $phone . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_is_phone_number_used(" . $phone . ", " . $domain . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if ($alias->getOne()) { - return OK_ALIAS; - } + if ($alias->getOne()) { + return OK_ALIAS; + } - $account = new Account($db); - $account->username = $phone; - $account->domain = $domain; + $account = new Account($db); + $account->username = $phone; + $account->domain = $domain; - if ($account->getOne()) { - return OK_ACCOUNT; - } + if ($account->getOne()) { + return OK_ACCOUNT; + } - return NOK; + return NOK; } // args = [username, [domain]] -function xmlrpc_get_phone_number_for_account($method, $args) { - $user = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_get_phone_number_for_account($method, $args) +{ + $user = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_number_for_account(" . $user . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_number_for_account(" . $user . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - $alias = new Alias($db); - $alias->alias = $user; - $alias->domain = $domain; + if (!$account->getOne()) { + $alias = new Alias($db); + $alias->alias = $user; + $alias->domain = $domain; - if ($alias->getOne()) { - return $user; - } + if ($alias->getOne()) { + return $user; + } - return ACCOUNT_NOT_FOUND; - } + return ACCOUNT_NOT_FOUND; + } - $phone = $account->alias; - if ($phone == NULL) { - return ALIAS_NOT_FOUND; - } + $phone = $account->alias; + if ($phone == null) { + return ALIAS_NOT_FOUND; + } - if (RECOVER_ACCOUNT_IF_EXISTS) { - return ACCOUNT_NOT_FOUND; - } + if (RECOVER_ACCOUNT_IF_EXISTS) { + return ACCOUNT_NOT_FOUND; + } - return $phone; + return $phone; } -function xmlrpc_accounts_phone_register_methods($server) { - xmlrpc_server_register_method($server, 'create_phone_account', 'xmlrpc_create_phone_account');// args = [phone, [username], [password], useragent, [domain], [lang], [algo]], return OK - xmlrpc_server_register_method($server, 'activate_phone_account', 'xmlrpc_activate_phone_account');// args = [phone, username, key, [domain], [algo]], return ha1_password - xmlrpc_server_register_method($server, 'recover_phone_account', 'xmlrpc_recover_phone_account');// args = [phone, [domain], [lang]], return username - xmlrpc_server_register_method($server, 'delete_phone_account', 'xmlrpc_delete_phone_account');// args = [username, phone, ha1, [domain], [algo]] +function xmlrpc_accounts_phone_register_methods($server) +{ + xmlrpc_server_register_method($server, 'create_phone_account', 'xmlrpc_create_phone_account');// args = [phone, [username], [password], useragent, [domain], [lang], [algo]], return OK + xmlrpc_server_register_method($server, 'activate_phone_account', 'xmlrpc_activate_phone_account');// args = [phone, username, key, [domain], [algo]], return ha1_password + xmlrpc_server_register_method($server, 'recover_phone_account', 'xmlrpc_recover_phone_account');// args = [phone, [domain], [lang]], return username + xmlrpc_server_register_method($server, 'delete_phone_account', 'xmlrpc_delete_phone_account');// args = [username, phone, ha1, [domain], [algo]] - xmlrpc_server_register_method($server, 'is_phone_number_used', 'xmlrpc_is_phone_number_used');// args = [phone], return OK_ACCOUNT, OK_ALIAS or NOK - xmlrpc_server_register_method($server, 'get_phone_number_for_account', 'xmlrpc_get_phone_number_for_account');// args = [username, [domain]], return a phone number or an error + xmlrpc_server_register_method($server, 'is_phone_number_used', 'xmlrpc_is_phone_number_used');// args = [phone], return OK_ACCOUNT, OK_ALIAS or NOK + xmlrpc_server_register_method($server, 'get_phone_number_for_account', 'xmlrpc_get_phone_number_for_account');// args = [username, [domain]], return a phone number or an error } - -?> diff --git a/src/xmlrpc/aliases.php b/src/xmlrpc/aliases.php index b8324a6..b3d2847 100644 --- a/src/xmlrpc/aliases.php +++ b/src/xmlrpc/aliases.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -29,173 +29,176 @@ include_once __DIR__ . '/../misc/utilities.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [phone, [domain]] -function xmlrpc_is_alias_used($method, $args) { - $phone = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_is_alias_used($method, $args) +{ + $phone = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_is_alias_used(" . $phone . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_is_alias_used(" . $phone . ", " . $domain . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if (!$alias->getOne()) { - return ALIAS_NOT_FOUND; - } + if (!$alias->getOne()) { + return ALIAS_NOT_FOUND; + } - return OK; + return OK; } // args = [phone, account, [domain], [lang]] -function xmlrpc_link_phone_number_with_account($method, $args) { - $phone = $args[0]; - $user = $args[1]; - $domain = get_domain($args[2]); - $lang = get_lang($args[3]); +function xmlrpc_link_phone_number_with_account($method, $args) +{ + $phone = $args[0]; + $user = $args[1]; + $domain = get_domain($args[2]); + $lang = get_lang($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_link_phone_number_with_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_link_phone_number_with_account(" . $user . ", " . $domain . ", " . $phone . ", " . $lang . ")"); - if (!check_parameter($phone)) { - return MISSING_PHONE_PARAM; - } else if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - /*} else if (db_alias_is_in_use($phone, $domain)) { - return PHONE_TAKEN;*/ - } + if (!check_parameter($phone)) { + return MISSING_PHONE_PARAM; + } elseif (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + /*} else if (db_alias_is_in_use($phone, $domain)) { + return PHONE_TAKEN;*/ + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - if (SEND_ACTIVATION_SMS) { - if (!SMS_API_ENABLED) { - // This is a hack to allow testing without sending SMS - return OK; - } - $account->confirmation_key = generate_4_digits_code(); - $account->update(); - $ok = send_sms($phone, $account->confirmation_key, $lang); - return $ok; - } + if (SEND_ACTIVATION_SMS) { + if (!SMS_API_ENABLED) { + // This is a hack to allow testing without sending SMS + return OK; + } + $account->confirmation_key = generate_4_digits_code(); + $account->update(); + $ok = send_sms($phone, $account->confirmation_key, $lang); + return $ok; + } - return SMS_DISABLED; + return SMS_DISABLED; } // args = [phone, user, key, ha1, [domain], [algo]] -function xmlrpc_activate_phone_number_link($method, $args) { - $phone = $args[0]; - $user = $args[1]; - $key = $args[2]; - $ha1 = $args[3]; - $domain = get_domain($args[4]); - $algo = get_algo($args[5]); +function xmlrpc_activate_phone_number_link($method, $args) +{ + $phone = $args[0]; + $user = $args[1]; + $key = $args[2]; + $ha1 = $args[3]; + $domain = get_domain($args[4]); + $algo = get_algo($args[5]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_number_link(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_activate_phone_number_link(" . $user . ", " . $domain . ", " . $phone . ", " . $key . ", " . $algo . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } - if (!is_activated($account->activated)) { - return ACCOUNT_NOT_YET_ACTIVATED; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } + if (!is_activated($account->activated)) { + return ACCOUNT_NOT_YET_ACTIVATED; + } - if (!is_key_matching($key, $account)) { - return KEY_DOESNT_MATCH; - } + if (!is_key_matching($key, $account)) { + return KEY_DOESNT_MATCH; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } - if (!password_match($password->password, $ha1)) { - return PASSWORD_DOESNT_MATCH; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } + if (!password_match($password->password, $ha1)) { + return PASSWORD_DOESNT_MATCH; + } - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if ($alias->getOne()) { - $alias->account_id = $account->id; - $alias->update(); - } else { - $alias->account_id = $account->id; - $alias->create(); - } + if ($alias->getOne()) { + $alias->account_id = $account->id; + $alias->update(); + } else { + $alias->account_id = $account->id; + $alias->create(); + } - return OK; + return OK; } // args = [phone, [domain]] -function xmlrpc_get_alias($method, $args) { - $phone = $args[0]; - $domain = get_domain($args[1]); +function xmlrpc_get_alias($method, $args) +{ + $phone = $args[0]; + $domain = get_domain($args[1]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_alias(" . $phone . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_alias(" . $phone . ", " . $domain . ")"); - if (!check_parameter($phone, "phone")) { - return MISSING_PHONE_PARAM; - } else if (!startswith($phone, "+")) { - return PHONE_NOT_E164; - } + if (!check_parameter($phone, "phone")) { + return MISSING_PHONE_PARAM; + } elseif (!startswith($phone, "+")) { + return PHONE_NOT_E164; + } - $database = new Database(); - $db = $database->getConnection(); - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - if (!$alias->getOne()) { - return ALIAS_NOT_FOUND; - } + if (!$alias->getOne()) { + return ALIAS_NOT_FOUND; + } - $account = new Account($db); - $account->id = $alias->account_id; - if ($account->getOne()) { - return $account->username; - } + $account = new Account($db); + $account->id = $alias->account_id; + if ($account->getOne()) { + return $account->username; + } - return ACCOUNT_NOT_FOUND; + return ACCOUNT_NOT_FOUND; } -function xmlrpc_aliases_register_methods($server) { - xmlrpc_server_register_method($server, 'is_alias_used', 'xmlrpc_is_alias_used');// args = [phone, [domain]], return OK - xmlrpc_server_register_method($server, 'link_phone_number_with_account', 'xmlrpc_link_phone_number_with_account');// args = [phone, account, [domain], [lang]], return OK - xmlrpc_server_register_method($server, 'activate_phone_number_link', 'xmlrpc_activate_phone_number_link');// args = [phone, user, key, ha1, [domain], [algo]], return OK - xmlrpc_server_register_method($server, 'get_alias', 'xmlrpc_get_alias');// args = [phone, [domain]], return username +function xmlrpc_aliases_register_methods($server) +{ + xmlrpc_server_register_method($server, 'is_alias_used', 'xmlrpc_is_alias_used');// args = [phone, [domain]], return OK + xmlrpc_server_register_method($server, 'link_phone_number_with_account', 'xmlrpc_link_phone_number_with_account');// args = [phone, account, [domain], [lang]], return OK + xmlrpc_server_register_method($server, 'activate_phone_number_link', 'xmlrpc_activate_phone_number_link');// args = [phone, user, key, ha1, [domain], [algo]], return OK + xmlrpc_server_register_method($server, 'get_alias', 'xmlrpc_get_alias');// args = [phone, [domain]], return username } - -?> diff --git a/src/xmlrpc/authentication.php b/src/xmlrpc/authentication.php index 81475b8..346a260 100644 --- a/src/xmlrpc/authentication.php +++ b/src/xmlrpc/authentication.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -29,81 +29,82 @@ include_once __DIR__ . '/../misc/utilities.php'; // The nonce is built using: // - timestamp : nonce is valid for MIN_NONCE_VALIDITY_PERIOD seconds at minimum and twice it at maximum (our goal is one time usage anyway, typical value shall be 10 ) // - request content : the response uses only the URI, enforce the content to be the same so the nonce is actually a one time usage -// a replay is not devastating (it would just be an actual replay, not a different command to server) +// a replay is not devastating (it would just be an actual replay, not a different command to server) // - secret key : avoid an attacker to be able to generate a valid nonce -function auth_get_valid_nonces() { - $request = file_get_contents('php://input'); - $time = time(); - $time -= $time%MIN_NONCE_VALIDITY_PERIOD; // our nonce will be valid at leat MIN_NONCE_VALIDITY_PERIOD seconds and max twice it, so floor the timestamp - return array( - hash_hmac("sha256", $time.':'.$request, AUTH_NONCE_KEY), - hash_hmac("sha256", $time-MIN_NONCE_VALIDITY_PERIOD.':'.$request, AUTH_NONCE_KEY)); +function auth_get_valid_nonces() +{ + $request = file_get_contents('php://input'); + $time = time(); + $time -= $time%MIN_NONCE_VALIDITY_PERIOD; // our nonce will be valid at leat MIN_NONCE_VALIDITY_PERIOD seconds and max twice it, so floor the timestamp + return array( + hash_hmac("sha256", $time.':'.$request, AUTH_NONCE_KEY), + hash_hmac("sha256", $time-MIN_NONCE_VALIDITY_PERIOD.':'.$request, AUTH_NONCE_KEY)); } -function request_authentication($realm = "sip.example.org") { - header('HTTP/1.1 401 Unauthorized'); - header('WWW-Authenticate: Digest realm="' . $realm. - '",qop="auth",nonce="' . auth_get_valid_nonces()[0] . '",opaque="' . md5($realm) . '"'); - exit(); +function request_authentication($realm = "sip.example.org") +{ + header('HTTP/1.1 401 Unauthorized'); + header('WWW-Authenticate: Digest realm="' . $realm. + '",qop="auth",nonce="' . auth_get_valid_nonces()[0] . '",opaque="' . md5($realm) . '"'); + exit(); } -function authenticate($auth_digest, $realm = "sip.example.org") { - Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm); - // Parse the client authentication data - $default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response'); - preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST'] - $data = array_combine($matches[1] + $default, $matches[2]); +function authenticate($auth_digest, $realm = "sip.example.org") +{ + Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm); + // Parse the client authentication data + $default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response'); + preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST'] + $data = array_combine($matches[1] + $default, $matches[2]); - // Get the password/hash from database - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $data['username']; - $account->domain = empty($data['domain']) ? SIP_DOMAIN : $data['domain']; + // Get the password/hash from database + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $data['username']; + $account->domain = empty($data['domain']) ? SIP_DOMAIN : $data['domain']; - if (!$account->getOne()) { - Logger::getInstance()->error("Couldn't find account " . (string)$account); - return false; - } - $pwd = new Password($db); - $pwd->account_id = $account->id; - - $stmt = $pwd->getAll(); - $num = $stmt->rowCount(); - if ($num <= 0) { - Logger::getInstance()->error("Couldn't find password " . (string)$pwd); - return false; - } + if (!$account->getOne()) { + Logger::getInstance()->error("Couldn't find account " . (string)$account); + return false; + } + $pwd = new Password($db); + $pwd->account_id = $account->id; - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + $stmt = $pwd->getAll(); + $num = $stmt->rowCount(); + if ($num <= 0) { + Logger::getInstance()->error("Couldn't find password " . (string)$pwd); + return false; + } + + while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { extract($row); - // Generate the valid response - switch ($algorithm) { - case 'CLRTXT': - $A1 = md5($data['username'].':'.$data['realm'].':'.$password); - $A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']); - $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); - break; - case 'MD5': - $A1 = $password; // username:realm:password - $A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']); - $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); - break; - case 'SHA256': - $A1 = $password; // username:realm:password - $A2 = hash('sha256', getenv('REQUEST_METHOD').':'.$data['uri']); - $valid_response = hash('sha256', $A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); - break; - } + // Generate the valid response + switch ($algorithm) { + case 'CLRTXT': + $A1 = md5($data['username'].':'.$data['realm'].':'.$password); + $A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']); + $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); + break; + case 'MD5': + $A1 = $password; // username:realm:password + $A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']); + $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); + break; + case 'SHA256': + $A1 = $password; // username:realm:password + $A2 = hash('sha256', getenv('REQUEST_METHOD').':'.$data['uri']); + $valid_response = hash('sha256', $A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); + break; + } - // Compare with the client response - if ($data['response'] === $valid_response) { - return true; - } - } + // Compare with the client response + if ($data['response'] === $valid_response) { + return true; + } + } - Logger::getInstance()->error("Failed to authenticate request"); - return false; + Logger::getInstance()->error("Failed to authenticate request"); + return false; } - -?> diff --git a/src/xmlrpc/devices.php b/src/xmlrpc/devices.php index 1379ce4..49d9e40 100644 --- a/src/xmlrpc/devices.php +++ b/src/xmlrpc/devices.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -23,33 +23,33 @@ include_once __DIR__ . '/../objects/device.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [manufacturer, model, status, delay, hasHEC] -function xmlrpc_add_ec_calibration_result($method, $args) { - $manufacturer = $args[0]; - $model = $args[1]; - $status = $args[2]; - $delay = $args[3]; +function xmlrpc_add_ec_calibration_result($method, $args) +{ + $manufacturer = $args[0]; + $model = $args[1]; + $status = $args[2]; + $delay = $args[3]; - $hasHEC = 0; - if (count($args) == 5) { - $hasHEC = (int)$args[4]; - } + $hasHEC = 0; + if (count($args) == 5) { + $hasHEC = (int)$args[4]; + } - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $device = new Device($db); - $device->manufacturer = $manufacturer; - $device->model = $model; - $device->status = $status; - $device->delay = $delay; - $device->hardware_echo_canceller = $hasHEC; - $device->create(); + $device = new Device($db); + $device->manufacturer = $manufacturer; + $device->model = $model; + $device->status = $status; + $device->delay = $delay; + $device->hardware_echo_canceller = $hasHEC; + $device->create(); - return OK; + return OK; } -function xmlrpc_devices_register_methods($server) { - xmlrpc_server_register_method($server, 'add_ec_calibration_result', 'xmlrpc_add_ec_calibration_result');// args = [manufacturer, model, status, delay, hasHEC] +function xmlrpc_devices_register_methods($server) +{ + xmlrpc_server_register_method($server, 'add_ec_calibration_result', 'xmlrpc_add_ec_calibration_result');// args = [manufacturer, model, status, delay, hasHEC] } - -?> diff --git a/src/xmlrpc/inapp.php b/src/xmlrpc/inapp.php index 2519fe3..1f11ed0 100644 --- a/src/xmlrpc/inapp.php +++ b/src/xmlrpc/inapp.php @@ -1,181 +1,187 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ // Google/Android specifics // Get an access token to access Google APIs -function get_google_access_token() { - $ch = curl_init(GOOGLE_API_OAUTH_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_FAILONERROR, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); - curl_setopt($ch, CURLOPT_HTTPHEADER, array( - 'Content-Type: application/x-www-form-urlencoded' - )); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array( - 'client_id' => GOOGLE_PROJECT_ID, - 'client_secret' => GOOGLE_PROJECT_PASSWORD, - 'refresh_token' => GOOGLE_PROJECT_REFRESH_TOKEN, - 'grant_type' => "refresh_token", - ))); - $result = curl_exec($ch); - curl_close($ch); +function get_google_access_token() +{ + $ch = curl_init(GOOGLE_API_OAUTH_URL); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_FAILONERROR, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); + curl_setopt($ch, CURLOPT_HTTPHEADER, array( + 'Content-Type: application/x-www-form-urlencoded' + )); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array( + 'client_id' => GOOGLE_PROJECT_ID, + 'client_secret' => GOOGLE_PROJECT_PASSWORD, + 'refresh_token' => GOOGLE_PROJECT_REFRESH_TOKEN, + 'grant_type' => "refresh_token", + ))); + $result = curl_exec($ch); + curl_close($ch); - $json = json_decode($result, true); - $token = $json["access_token"]; - mylog("[GOOGLE] Access token is " . $token); - return $token; + $json = json_decode($result, true); + $token = $json["access_token"]; + mylog("[GOOGLE] Access token is " . $token); + return $token; } // Query Google for the expiration time given the transaction token as described here: https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get -function get_expiration_for_android_token_and_subscription($token, $subscription) { - $google_access_token = get_google_access_token(); - $url = "https://www.googleapis.com/androidpublisher/v2/applications/" . ANDROID_PACKAGE . "/purchases/subscriptions/" . $subscription . "/tokens/" . $token . "?access_token=" . $google_access_token; - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); - $result = curl_exec($ch); - curl_close($ch); +function get_expiration_for_android_token_and_subscription($token, $subscription) +{ + $google_access_token = get_google_access_token(); + $url = "https://www.googleapis.com/androidpublisher/v2/applications/" . ANDROID_PACKAGE . "/purchases/subscriptions/" . $subscription . "/tokens/" . $token . "?access_token=" . $google_access_token; + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + $result = curl_exec($ch); + curl_close($ch); - $json = json_decode($result, true); - $expiration = $json["expiryTimeMillis"]; - mylog("[GOOGLE] expire timestamp for token = " . $token . " and product id = " . $subscription . " is " . $expiration); - return $expiration . ""; + $json = json_decode($result, true); + $expiration = $json["expiryTimeMillis"]; + mylog("[GOOGLE] expire timestamp for token = " . $token . " and product id = " . $subscription . " is " . $expiration); + return $expiration . ""; } // Returns 1 if the payload/signature has been issued by Google. -function check_google_signature($payload, $signature) { - $certFile = fopen(ANDROID_PUB_KEY_PATH, "r"); - $cert = fread($certFile, 8192); - fclose($certFile); - $pubKeyId = openssl_get_publickey($cert); +function check_google_signature($payload, $signature) +{ + $certFile = fopen(ANDROID_PUB_KEY_PATH, "r"); + $cert = fread($certFile, 8192); + fclose($certFile); + $pubKeyId = openssl_get_publickey($cert); - $ok = openssl_verify($payload, base64_decode($signature), $pubKeyId, OPENSSL_ALGO_SHA1); - mylog("[GOOGLE] signature verification result is " . $ok); - return $ok; + $ok = openssl_verify($payload, base64_decode($signature), $pubKeyId, OPENSSL_ALGO_SHA1); + mylog("[GOOGLE] signature verification result is " . $ok); + return $ok; } // End of Google/Android specifics // Apple/iOS specifics -function get_apple_receipt($payload) { - $ch = curl_init(APPLE_URL); +function get_apple_receipt($payload) +{ + $ch = curl_init(APPLE_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_FAILONERROR, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET))); - $result = curl_exec($ch); - curl_close($ch); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_FAILONERROR, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); + curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET))); + $result = curl_exec($ch); + curl_close($ch); - mylog("[APPLE] decoded receipt is " . $result); - $json = json_decode($result, true); + mylog("[APPLE] decoded receipt is " . $result); + $json = json_decode($result, true); - $status_code = $json["status"]; - if ($status_code == 21007) { - mylog("[APPLE] Error 21007 found, sending receipt to sandbox instead of production"); - $ch = curl_init(APPLE_SANDBOX_URL); + $status_code = $json["status"]; + if ($status_code == 21007) { + mylog("[APPLE] Error 21007 found, sending receipt to sandbox instead of production"); + $ch = curl_init(APPLE_SANDBOX_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_FAILONERROR, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET))); - $result = curl_exec($ch); - curl_close($ch); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_FAILONERROR, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); + curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $payload, 'password' => APPLE_SECRET))); + $result = curl_exec($ch); + curl_close($ch); - mylog("[APPLE] decoded receipt is " . $result); - $json = json_decode($result, true); - } + mylog("[APPLE] decoded receipt is " . $result); + $json = json_decode($result, true); + } - return $json; + return $json; } // Returns 1 if the payload/signature has been signed by Apple, else will return the error code as described here: https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1 -function check_apple_signature($payload) { - $status = -1; +function check_apple_signature($payload) +{ + $status = -1; - $status = $payload["status"]; - mylog("[APPLE] Status in apple receipt is " . $status); - if ($status == 0) { - return 1; - } + $status = $payload["status"]; + mylog("[APPLE] Status in apple receipt is " . $status); + if ($status == 0) { + return 1; + } - return $status; + return $status; } -function parse_apple_receipt_get_expiration($user, $domain, $json) { - $last_used = db_inapp_get_last_used_field($user, $domain); +function parse_apple_receipt_get_expiration($user, $domain, $json) +{ + $last_used = db_inapp_get_last_used_field($user, $domain); - $days = 0; - $receipt = $json["receipt"]; - $in_app = $receipt["in_app"]; - foreach($in_app as $item => $value) { - if (array_key_exists("original_purchase_date_ms", $value) and array_key_exists("product_id", $value)) { - $purchase_date = $value["original_purchase_date_ms"]; - $product_id = $value["product_id"]; + $days = 0; + $receipt = $json["receipt"]; + $in_app = $receipt["in_app"]; + foreach ($in_app as $item => $value) { + if (array_key_exists("original_purchase_date_ms", $value) and array_key_exists("product_id", $value)) { + $purchase_date = $value["original_purchase_date_ms"]; + $product_id = $value["product_id"]; - if ($purchase_date > $last_used) { - $days_bought = 0; - if (endswith($product_id, "1_month")) { - $days_bought = 30; - } else if (endswith($product_id, "1_year")) { - $days_bought = 365; - } else { - mylog("[ERROR] Unknown duration for product ID " . $product_id); - continue; - } + if ($purchase_date > $last_used) { + $days_bought = 0; + if (endswith($product_id, "1_month")) { + $days_bought = 30; + } elseif (endswith($product_id, "1_year")) { + $days_bought = 365; + } else { + mylog("[ERROR] Unknown duration for product ID " . $product_id); + continue; + } - if (startswith($product_id, "test.")) { - mylog("[APPLE] Test mode detected, time accelerated (1 month => 1 minute)"); - $days_bought /= 43200; - } + if (startswith($product_id, "test.")) { + mylog("[APPLE] Test mode detected, time accelerated (1 month => 1 minute)"); + $days_bought /= 43200; + } - if ($days_bought > 0) { - $days = $days + $days_bought; - db_inapp_update_last_used_field($user, $domain, $purchase_date); - } - } - } - } + if ($days_bought > 0) { + $days = $days + $days_bought; + db_inapp_update_last_used_field($user, $domain, $purchase_date); + } + } + } + } - if ($days <= 0) { - mylog("[WARN] [APPLE] Either no receipt or all receipts have already been consumed"); - return 0; - } - $millis = 86400000 * $days; + if ($days <= 0) { + mylog("[WARN] [APPLE] Either no receipt or all receipts have already been consumed"); + return 0; + } + $millis = 86400000 * $days; - $now = get_trial_expiration_date(); - $expiration = db_inapp_get_expiration_date($user, $domain); + $now = get_trial_expiration_date(); + $expiration = db_inapp_get_expiration_date($user, $domain); - $max = max($now, $expiration); - $expiration_date = $max + $millis; + $max = max($now, $expiration); + $expiration_date = $max + $millis; - mylog("[APPLE] Adding " . $days . " days to current expiration date (= " . $millis . " ms). New expiration date is " . $expiration_date); + mylog("[APPLE] Adding " . $days . " days to current expiration date (= " . $millis . " ms). New expiration date is " . $expiration_date); - return $expiration_date; + return $expiration_date; } // End of Apple/iOS specifics @@ -183,222 +189,227 @@ function parse_apple_receipt_get_expiration($user, $domain, $json) { // XMLRPC methods // Returns 1 if the payload/signature has been signed by either Google or Apple, depending on $os. -function check_signature($os, $payload, $signature) { - if (strcmp($os, "google") == 0) { - return check_google_signature($payload, $signature); - } elseif (strcmp($os, "apple") == 0) { - return check_apple_signature($payload); - } - return -2; +function check_signature($os, $payload, $signature) +{ + if (strcmp($os, "google") == 0) { + return check_google_signature($payload, $signature); + } elseif (strcmp($os, "apple") == 0) { + return check_apple_signature($payload); + } + return -2; } // args = [username, ha1, [domain]] -function xmlrpc_is_account_trial($method, $args) { - $user = $args[0]; - $password = $args[1]; - $domain = get_domain($args[2]); +function xmlrpc_is_account_trial($method, $args) +{ + $user = $args[0]; + $password = $args[1]; + $domain = get_domain($args[2]); - mylog("[XMLRPC] xmlrpc_is_account_trial(" . $user . ", " . $domain . ")"); + mylog("[XMLRPC] xmlrpc_is_account_trial(" . $user . ", " . $domain . ")"); - if (!check_parameter($user)) { - return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; - } - if (!db_account_is_existing($user, $domain)) { - mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); - return "ERROR_ACCOUNT_DOESNT_EXIST"; - } else { - $hashed_password = hash_password($user, $password, $domain); - $db_hashed_password = db_account_get_password($user, $domain); - if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { - mylog("[ERROR] Password doesn't match"); - return "ERROR_PASSWORD_DOESNT_MATCH"; - } - } - - if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { - return "ERROR_NO_EXPIRATION"; - } + if (!check_parameter($user)) { + return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; + } + if (!db_account_is_existing($user, $domain)) { + mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); + return "ERROR_ACCOUNT_DOESNT_EXIST"; + } else { + $hashed_password = hash_password($user, $password, $domain); + $db_hashed_password = db_account_get_password($user, $domain); + if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { + mylog("[ERROR] Password doesn't match"); + return "ERROR_PASSWORD_DOESNT_MATCH"; + } + } - if (db_inapp_is_account_trial($user, $domain)) { - return "OK"; - } else { - return "NOK"; - } + if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { + return "ERROR_NO_EXPIRATION"; + } + + if (db_inapp_is_account_trial($user, $domain)) { + return "OK"; + } else { + return "NOK"; + } } // args = [username, ha1, [domain]] -function xmlrpc_is_account_expired($method, $args) { - $user = $args[0]; - $password = $args[1]; - $domain = get_domain($args[2]); +function xmlrpc_is_account_expired($method, $args) +{ + $user = $args[0]; + $password = $args[1]; + $domain = get_domain($args[2]); - mylog("[XMLRPC] xmlrpc_is_account_expired(" . $user . ", " . $domain . ")"); + mylog("[XMLRPC] xmlrpc_is_account_expired(" . $user . ", " . $domain . ")"); - if (!check_parameter($user)) { - return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; - } - if (!db_account_is_existing($user, $domain)) { - mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); - return "ERROR_ACCOUNT_DOESNT_EXIST"; - } else { - $hashed_password = hash_password($user, $password, $domain); - $db_hashed_password = db_account_get_password($user, $domain); - if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { - mylog("[ERROR] Password doesn't match"); - return "ERROR_PASSWORD_DOESNT_MATCH"; - } - } - - if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { - return "ERROR_NO_EXPIRATION"; - } + if (!check_parameter($user)) { + return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; + } + if (!db_account_is_existing($user, $domain)) { + mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); + return "ERROR_ACCOUNT_DOESNT_EXIST"; + } else { + $hashed_password = hash_password($user, $password, $domain); + $db_hashed_password = db_account_get_password($user, $domain); + if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { + mylog("[ERROR] Password doesn't match"); + return "ERROR_PASSWORD_DOESNT_MATCH"; + } + } - $expiration = db_inapp_get_expiration_date($user, $domain); - $now_date = new DateTime('now'); - $now = $now_date->getTimestamp() * 1000; - if ($now > $expiration) { - return "OK"; - } else { - return "NOK"; - } + if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { + return "ERROR_NO_EXPIRATION"; + } + + $expiration = db_inapp_get_expiration_date($user, $domain); + $now_date = new DateTime('now'); + $now = $now_date->getTimestamp() * 1000; + if ($now > $expiration) { + return "OK"; + } else { + return "NOK"; + } } // args = [payload, signature] -function xmlrpc_check_payload_signature($method, $args) { - $payload = $args[0]; - $signature = $args[1]; +function xmlrpc_check_payload_signature($method, $args) +{ + $payload = $args[0]; + $signature = $args[1]; - mylog("[XMLRPC] xmlrpc_check_payload_signature(payload, signature)"); + mylog("[XMLRPC] xmlrpc_check_payload_signature(payload, signature)"); - $result = 0; - $os = "google"; - $payloadJson = $payload; - if ($signature == "") { - $payloadJson = get_apple_receipt($payload); - $os = "apple"; - } + $result = 0; + $os = "google"; + $payloadJson = $payload; + if ($signature == "") { + $payloadJson = get_apple_receipt($payload); + $os = "apple"; + } - $result = check_signature($os, $payloadJson, $signature); + $result = check_signature($os, $payloadJson, $signature); - if ($result == 1) { - return "OK"; - } - return "NOK"; + if ($result == 1) { + return "OK"; + } + return "NOK"; } // args = [username, ha1, [domain], payload, signature=""] -function xmlrpc_update_expiration_date($method, $args) { - $user = $args[0]; - $password = $args[1]; - $payload = $args[3]; - $signature = $args[4]; - $domain = get_domain($args[2]); +function xmlrpc_update_expiration_date($method, $args) +{ + $user = $args[0]; + $password = $args[1]; + $payload = $args[3]; + $signature = $args[4]; + $domain = get_domain($args[2]); - mylog("[XMLRPC] xmlrpc_update_expiration_date(" . $user . ", " . $domain . ", payload, signature)"); + mylog("[XMLRPC] xmlrpc_update_expiration_date(" . $user . ", " . $domain . ", payload, signature)"); - if (!check_parameter($user)) { - return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; - } - if (!db_account_is_existing($user, $domain)) { - mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); - return "ERROR_ACCOUNT_DOESNT_EXIST"; - } else if (!db_account_is_activated($user, $domain)) { - mylog("[ERROR] User account " . $user . " / " . $domain . " isn't activated"); - return "ERROR_ACCOUNT_NOT_ACTIVATED"; - } else { - $hashed_password = hash_password($user, $password, $domain); - $db_hashed_password = db_account_get_password($user, $domain); - if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { - mylog("[ERROR] Password doesn't match"); - return "ERROR_PASSWORD_DOESNT_MATCH"; - } - } - - if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { - return "ERROR_NO_EXPIRATION"; - } + if (!check_parameter($user)) { + return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; + } + if (!db_account_is_existing($user, $domain)) { + mylog("[ERROR] User account " . $user . " / " . $domain . " doesn't exist"); + return "ERROR_ACCOUNT_DOESNT_EXIST"; + } elseif (!db_account_is_activated($user, $domain)) { + mylog("[ERROR] User account " . $user . " / " . $domain . " isn't activated"); + return "ERROR_ACCOUNT_NOT_ACTIVATED"; + } else { + $hashed_password = hash_password($user, $password, $domain); + $db_hashed_password = db_account_get_password($user, $domain); + if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { + mylog("[ERROR] Password doesn't match"); + return "ERROR_PASSWORD_DOESNT_MATCH"; + } + } - $result = 0; - $os = "google"; - $payloadJson = $payload; - if ($signature == "") { - $payloadJson = get_apple_receipt($payload); - $os = "apple"; - } - $result = check_signature($os, $payloadJson, $signature); + if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { + return "ERROR_NO_EXPIRATION"; + } - if ($result == 1) { - $expiration_date = 0; - if (strcmp($os,"google") == 0) { - $json = json_decode($payload, true); - $token = $json["purchaseToken"]; - $subscription = $json["productId"]; - $expiration_date = get_expiration_for_android_token_and_subscription($token, $subscription); - } else if (strcmp($os, "apple") == 0) { - $expiration_date = parse_apple_receipt_get_expiration($user, $domain, $payloadJson); - } + $result = 0; + $os = "google"; + $payloadJson = $payload; + if ($signature == "") { + $payloadJson = get_apple_receipt($payload); + $os = "apple"; + } + $result = check_signature($os, $payloadJson, $signature); - if ($expiration_date >= 0) { - if ($expiration_date > 0) { - db_inapp_update_trial($user, $domain, 0); - db_inapp_update_expiration_date($user, $domain, $expiration_date); + if ($result == 1) { + $expiration_date = 0; + if (strcmp($os, "google") == 0) { + $json = json_decode($payload, true); + $token = $json["purchaseToken"]; + $subscription = $json["productId"]; + $expiration_date = get_expiration_for_android_token_and_subscription($token, $subscription); + } elseif (strcmp($os, "apple") == 0) { + $expiration_date = parse_apple_receipt_get_expiration($user, $domain, $payloadJson); + } - /*if (CUSTOM_HOOKS) { - hook_on_expiration_date_updated($user, $domain, $expiration_date, $payloadJson, $os); - }*/ - return $expiration_date . ""; - } else { - return db_inapp_get_expiration_date($user, $domain) . ""; - } - } else { - mylog("[ERROR] Expiration is " . $expiration_date); - } - } - mylog("[ERROR] Couldn't verify signature of payload..."); - return "ERROR_SIGNATURE_VERIFICATION_FAILED"; + if ($expiration_date >= 0) { + if ($expiration_date > 0) { + db_inapp_update_trial($user, $domain, 0); + db_inapp_update_expiration_date($user, $domain, $expiration_date); + + /*if (CUSTOM_HOOKS) { + hook_on_expiration_date_updated($user, $domain, $expiration_date, $payloadJson, $os); + }*/ + return $expiration_date . ""; + } else { + return db_inapp_get_expiration_date($user, $domain) . ""; + } + } else { + mylog("[ERROR] Expiration is " . $expiration_date); + } + } + mylog("[ERROR] Couldn't verify signature of payload..."); + return "ERROR_SIGNATURE_VERIFICATION_FAILED"; } // args = [username, ha1, [domain]] -function xmlrpc_get_account_expiration($method, $args) { - $user = $args[0]; - $password = $args[1]; - $domain = get_domain($args[2]); +function xmlrpc_get_account_expiration($method, $args) +{ + $user = $args[0]; + $password = $args[1]; + $domain = get_domain($args[2]); - mylog("[XMLRPC] xmlrpc_get_account_expiration(" . $user . ")"); + mylog("[XMLRPC] xmlrpc_get_account_expiration(" . $user . ")"); - if (!check_parameter($user)) { - return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; - } + if (!check_parameter($user)) { + return "ERROR_USERNAME_PARAMETER_NOT_FOUND"; + } - if (!db_account_is_existing($user, $domain)) { - mylog("[ERROR] User account " . $user . " doesn't exist"); - return "ERROR_ACCOUNT_DOESNT_EXIST"; - } else if (!db_account_is_activated($user, $domain)) { - mylog("[ERROR] User account " . $user . " isn't activated"); - return "ERROR_ACCOUNT_NOT_ACTIVATED"; - } else { - $hashed_password = hash_password($user, $password, $domain); - $db_hashed_password = db_account_get_password($user, $domain); - if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { - mylog("[ERROR] Password doesn't match"); - return "ERROR_PASSWORD_DOESNT_MATCH"; - } - } - - if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { - return "ERROR_NO_EXPIRATION"; - } + if (!db_account_is_existing($user, $domain)) { + mylog("[ERROR] User account " . $user . " doesn't exist"); + return "ERROR_ACCOUNT_DOESNT_EXIST"; + } elseif (!db_account_is_activated($user, $domain)) { + mylog("[ERROR] User account " . $user . " isn't activated"); + return "ERROR_ACCOUNT_NOT_ACTIVATED"; + } else { + $hashed_password = hash_password($user, $password, $domain); + $db_hashed_password = db_account_get_password($user, $domain); + if (strcmp($hashed_password, $db_hashed_password) != 0 and strcmp($password, $db_hashed_password) != 0) { + mylog("[ERROR] Password doesn't match"); + return "ERROR_PASSWORD_DOESNT_MATCH"; + } + } - $expiration = db_inapp_get_expiration_date($user, $domain); - return $expiration . ""; + if (!USE_IN_APP_PURCHASES || !db_inapp_is_account($user, $domain)) { + return "ERROR_NO_EXPIRATION"; + } + + $expiration = db_inapp_get_expiration_date($user, $domain); + return $expiration . ""; } -function xmlrpc_inapp_register_methods($server) { - xmlrpc_server_register_method($server, 'is_account_trial', 'xmlrpc_is_account_trial');// args = [username, ha1, [domain]] - xmlrpc_server_register_method($server, 'is_account_expired', 'xmlrpc_is_account_expired');// args = [username, ha1, [domain]] - xmlrpc_server_register_method($server, 'get_account_expiration', 'xmlrpc_get_account_expiration');// args = [username, ha1, [domain]] - xmlrpc_server_register_method($server, 'update_expiration_date', 'xmlrpc_update_expiration_date');// args = [username, ha1, [domain], payload, [signature]] - xmlrpc_server_register_method($server, 'check_payload_signature', 'xmlrpc_check_payload_signature');// args = [payload, signature] +function xmlrpc_inapp_register_methods($server) +{ + xmlrpc_server_register_method($server, 'is_account_trial', 'xmlrpc_is_account_trial');// args = [username, ha1, [domain]] + xmlrpc_server_register_method($server, 'is_account_expired', 'xmlrpc_is_account_expired');// args = [username, ha1, [domain]] + xmlrpc_server_register_method($server, 'get_account_expiration', 'xmlrpc_get_account_expiration');// args = [username, ha1, [domain]] + xmlrpc_server_register_method($server, 'update_expiration_date', 'xmlrpc_update_expiration_date');// args = [username, ha1, [domain], payload, [signature]] + xmlrpc_server_register_method($server, 'check_payload_signature', 'xmlrpc_check_payload_signature');// args = [payload, signature] } - -?> \ No newline at end of file diff --git a/src/xmlrpc/liblinphone_tester.php b/src/xmlrpc/liblinphone_tester.php index 5e74fd8..157dcb8 100644 --- a/src/xmlrpc/liblinphone_tester.php +++ b/src/xmlrpc/liblinphone_tester.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,123 +30,124 @@ include_once __DIR__ . '/../misc/results_values.php'; // args = [user, pwd, [domain], [algo]] // /!\ This method must be used for tests purposes only /!\ -function xmlrpc_get_confirmation_key($method, $args) { - $user = $args[0]; - $pwd = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_get_confirmation_key($method, $args) +{ + $user = $args[0]; + $pwd = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_confirmation_key(" . $user . ", " . $domain . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_confirmation_key(" . $user . ", " . $domain . ", " . $algo . ")"); - if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!ALLOW_TEST_ACCOUNTS) { - Logger::getInstance()->error ("Non test account unauthorized"); - return TEST_ACCOUNTS_DISABLED; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!ALLOW_TEST_ACCOUNTS) { + Logger::getInstance()->error("Non test account unauthorized"); + return TEST_ACCOUNTS_DISABLED; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if ($algo == CLEAR) { - $hashed_password = $pwd; - } else { - $hashed_password = hash_password($user, $pwd, $domain, $algo); - } + if ($algo == CLEAR) { + $hashed_password = $pwd; + } else { + $hashed_password = hash_password($user, $pwd, $domain, $algo); + } - if (!password_match($hashed_password, $password->password) - && !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester.... - return PASSWORD_DOESNT_MATCH; - } + if (!password_match($hashed_password, $password->password) + && !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester.... + return PASSWORD_DOESNT_MATCH; + } - if ($account->confirmation_key == INVALID_CONFIRMATION_KEY) { - // We have to generate a new one because - $account->confirmation_key = uniqid(); - $account->update(); - } + if ($account->confirmation_key == INVALID_CONFIRMATION_KEY) { + // We have to generate a new one because + $account->confirmation_key = uniqid(); + $account->update(); + } - $key = $account->confirmation_key; - Logger::getInstance()->debug("[XMLRPC] returning key = " . $key); - return $key; + $key = $account->confirmation_key; + Logger::getInstance()->debug("[XMLRPC] returning key = " . $key); + return $key; } // args = [user, pwd, [domain], [algo]] // /!\ This method must be used for tests purposes only /!\ -function xmlrpc_delete_account($method, $args) { - $user = $args[0]; - $pwd = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_delete_account($method, $args) +{ + $user = $args[0]; + $pwd = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_account(" . $user . ", " . $domain . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_delete_account(" . $user . ", " . $domain . ", " . $algo . ")"); - if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } else if (!check_parameter($user)) { - return MISSING_USERNAME_PARAM; - } else if (!ALLOW_TEST_ACCOUNTS) { - return TEST_ACCOUNTS_DISABLED; - } + if ($algo == null) { + return ALGO_NOT_SUPPORTED; + } elseif (!check_parameter($user)) { + return MISSING_USERNAME_PARAM; + } elseif (!ALLOW_TEST_ACCOUNTS) { + return TEST_ACCOUNTS_DISABLED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $user; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $user; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if ($algo == CLEAR) { - $hashed_password = $pwd; - } else { - $hashed_password = hash_password($user, $pwd, $domain, $algo); - } - if (!password_match($hashed_password, $password->password) - && !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester.... - return PASSWORD_DOESNT_MATCH; - } + if ($algo == CLEAR) { + $hashed_password = $pwd; + } else { + $hashed_password = hash_password($user, $pwd, $domain, $algo); + } + if (!password_match($hashed_password, $password->password) + && !password_match($pwd, $password->password)) { // This condition is specific for liblinphone tester.... + return PASSWORD_DOESNT_MATCH; + } - $alias = new Alias($db); - $alias->account_id = $account->id; + $alias = new Alias($db); + $alias->account_id = $account->id; - $account->delete(); - $password->delete(); - $alias->delete(); + $account->delete(); + $password->delete(); + $alias->delete(); - return OK; + return OK; } // /!\ This methods must be used for tests purposes only /!\ -function xmlrpc_liblinphone_tester_register_methods($server) { - xmlrpc_server_register_method($server, 'get_confirmation_key', 'xmlrpc_get_confirmation_key');// args = [user, pwd, [domain], [algo]], return confirmation_key - xmlrpc_server_register_method($server, 'delete_account', 'xmlrpc_delete_account');// args = [user, pwd, [domain], [algo]] +function xmlrpc_liblinphone_tester_register_methods($server) +{ + xmlrpc_server_register_method($server, 'get_confirmation_key', 'xmlrpc_get_confirmation_key');// args = [user, pwd, [domain], [algo]], return confirmation_key + xmlrpc_server_register_method($server, 'delete_account', 'xmlrpc_delete_account');// args = [user, pwd, [domain], [algo]] } - -?> diff --git a/src/xmlrpc/passwords.php b/src/xmlrpc/passwords.php index a6e2588..6b3cfab 100644 --- a/src/xmlrpc/passwords.php +++ b/src/xmlrpc/passwords.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,241 +30,245 @@ include_once __DIR__ . '/../misc/utilities.php'; include_once __DIR__ . '/../misc/results_values.php'; // args = [username, old hash, new hash, [domain], [algo]] -function xmlrpc_update_password($method, $args) { - $username = $args[0]; - $hashed_old_password = $args[1]; - $hashed_new_password = $args[2]; - $domain = get_domain($args[3]); - $algo = get_algo($args[4]); +function xmlrpc_update_password($method, $args) +{ + $username = $args[0]; + $hashed_old_password = $args[1]; + $hashed_new_password = $args[2]; + $domain = get_domain($args[3]); + $algo = get_algo($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_update_password(" . $username . ", " . $domain . ", " . $algo . ")"); - if (!check_parameter($username)) { - return MISSING_USERNAME_PARAM; - } else if ($algo == NULL) { - return ALGO_NOT_SUPPORTED; - } + if (!check_parameter($username)) { + return MISSING_USERNAME_PARAM; + } elseif ($algo == null) { + return ALGO_NOT_SUPPORTED; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->password = $hashed_old_password; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->password = $hashed_old_password; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_DOESNT_MATCH; - } + if (!$password->getOne()) { + return PASSWORD_DOESNT_MATCH; + } - $password->password = $hashed_new_password; - if ($password->update()) { - Logger::getInstance()->message("Password updated successfully"); - return OK; - } + $password->password = $hashed_new_password; + if ($password->update()) { + Logger::getInstance()->message("Password updated successfully"); + return OK; + } - return NOK; + return NOK; } // args = [username, old hash, md5_hash, sha256_hash, [domain]] -function xmlrpc_update_passwords($method, $args) { - $username = $args[0]; - $hashed_password = $args[1]; - $md5_hashed_password = $args[2]; - $sha256_hashed_password = $args[3]; - $domain = get_domain($args[4]); +function xmlrpc_update_passwords($method, $args) +{ + $username = $args[0]; + $hashed_password = $args[1]; + $md5_hashed_password = $args[2]; + $sha256_hashed_password = $args[3]; + $domain = get_domain($args[4]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->password = $hashed_password; + $password = new Password($db); + $password->account_id = $account->id; + $password->password = $hashed_password; - if (!$password->getOne()) { - return PASSWORD_DOESNT_MATCH; - } + if (!$password->getOne()) { + return PASSWORD_DOESNT_MATCH; + } - // Old password is OK, now let's hash the new password for both MD5 and SHA-256 + // Old password is OK, now let's hash the new password for both MD5 and SHA-256 - $md5_password = new Password($db); - $md5_password->account_id = $account->id; - $md5_password->algorithm = MD5; - $md5_exists = $md5_password->GetOne(); - $md5_password->password = $md5_hashed_password; - if ($md5_exists) { - $md5_password->update(); - } else { - $md5_password->create(); - } + $md5_password = new Password($db); + $md5_password->account_id = $account->id; + $md5_password->algorithm = MD5; + $md5_exists = $md5_password->GetOne(); + $md5_password->password = $md5_hashed_password; + if ($md5_exists) { + $md5_password->update(); + } else { + $md5_password->create(); + } - $sha256_password = new Password($db); - $sha256_password->account_id = $account->id; - $sha256_password->algorithm = SHA256; - $sha256_exists = $sha256_password->GetOne(); - $sha256_password->password = $sha256_hashed_password; - if ($sha256_exists) { - $sha256_password->update(); - } else { - $sha256_password->create(); - } + $sha256_password = new Password($db); + $sha256_password->account_id = $account->id; + $sha256_password->algorithm = SHA256; + $sha256_exists = $sha256_password->GetOne(); + $sha256_password->password = $sha256_hashed_password; + if ($sha256_exists) { + $sha256_password->update(); + } else { + $sha256_password->create(); + } - return OK; + return OK; } // args = [username, old md5 hash, sha256 hash, [domain]] -function xmlrpc_upgrade_password($method, $args) { - $username = $args[0]; - $md5_hash = $args[1]; - $sha256_hash = $args[2]; - $domain = get_domain($args[3]); +function xmlrpc_upgrade_password($method, $args) +{ + $username = $args[0]; + $md5_hash = $args[1]; + $sha256_hash = $args[2]; + $domain = get_domain($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_upgrade_password(" . $username . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_upgrade_password(" . $username . ", " . $domain . ")"); - if (!check_parameter($username)) { - return MISSING_USERNAME_PARAM; - } + if (!check_parameter($username)) { + return MISSING_USERNAME_PARAM; + } - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $sha256_password = new Password($db); - $sha256_password->account_id = $account->id; - $sha256_password->algorithm = SHA256; + $sha256_password = new Password($db); + $sha256_password->account_id = $account->id; + $sha256_password->algorithm = SHA256; - // There is already a SHA-256 password for this account, abort upgrade - if ($sha256_password->getOne()) { - return SHA256_PASSWORD_ALREADY_EXISTS; - } + // There is already a SHA-256 password for this account, abort upgrade + if ($sha256_password->getOne()) { + return SHA256_PASSWORD_ALREADY_EXISTS; + } - $md5_password = new Password($db); - $md5_password->account_id = $account->id; - $md5_password->password = $md5_hash; - $md5_password->algorithm = MD5; + $md5_password = new Password($db); + $md5_password->account_id = $account->id; + $md5_password->password = $md5_hash; + $md5_password->algorithm = MD5; - // No MD5 or wrong hash, abort - if (!$md5_password->getOne()) { - return PASSWORD_DOESNT_MATCH; - } + // No MD5 or wrong hash, abort + if (!$md5_password->getOne()) { + return PASSWORD_DOESNT_MATCH; + } - // Upgrade MD5 to SHA-256 - $md5_password->password = $sha256_hash; - $md5_password->algorithm = SHA256; - if ($md5_password->update()) { - Logger::getInstance()->message("Password upgraded successfully"); - return OK; - } + // Upgrade MD5 to SHA-256 + $md5_password->password = $sha256_hash; + $md5_password->algorithm = SHA256; + if ($md5_password->update()) { + Logger::getInstance()->message("Password upgraded successfully"); + return OK; + } - return NOK; + return NOK; } // args = [username, hash, [domain]] -function xmlrpc_check_authentication($method, $args) { - $username = $args[0]; - $hashed_password = $args[1]; - $domain = get_domain($args[2]); +function xmlrpc_check_authentication($method, $args) +{ + $username = $args[0]; + $hashed_password = $args[1]; + $domain = get_domain($args[2]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication(" . $username . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication(" . $username . ", " . $domain . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->password = $hashed_password; + $password = new Password($db); + $password->account_id = $account->id; + $password->password = $hashed_password; - if (!$password->getOne()) { - return PASSWORD_DOESNT_MATCH; - } + if (!$password->getOne()) { + return PASSWORD_DOESNT_MATCH; + } - return OK; + return OK; } // args = [username, md5_hash, sha256_hash, [domain]] -function xmlrpc_check_authentication_and_upgrade_password($method, $args) { - $username = $args[0]; - $md5_hashed_password = $args[1]; - $sha256_hashed_password = $args[2]; - $domain = get_domain($args[3]); +function xmlrpc_check_authentication_and_upgrade_password($method, $args) +{ + $username = $args[0]; + $md5_hashed_password = $args[1]; + $sha256_hashed_password = $args[2]; + $domain = get_domain($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication_and_upgrade_password(" . $username . ", " . $domain . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_check_authentication_and_upgrade_password(" . $username . ", " . $domain . ")"); - $database = new Database(); - $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $database = new Database(); + $db = $database->getConnection(); + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $sha256_password = new Password($db); - $sha256_password->account_id = $account->id; - $sha256_password->password = $sha256_hashed_password; - $sha256_password->algorithm = SHA256; + $sha256_password = new Password($db); + $sha256_password->account_id = $account->id; + $sha256_password->password = $sha256_hashed_password; + $sha256_password->algorithm = SHA256; - if (!$sha256_password->getOne()) { - // SHA-256 doesn't exists or doesn't match, let's try MD5 - $md5_password = new Password($db); - $md5_password->account_id = $account->id; - $md5_password->password = $md5_hashed_password; - $md5_password->algorithm = MD5; + if (!$sha256_password->getOne()) { + // SHA-256 doesn't exists or doesn't match, let's try MD5 + $md5_password = new Password($db); + $md5_password->account_id = $account->id; + $md5_password->password = $md5_hashed_password; + $md5_password->algorithm = MD5; - if (!$md5_password->getOne()) { - return PASSWORD_DOESNT_MATCH; - } + if (!$md5_password->getOne()) { + return PASSWORD_DOESNT_MATCH; + } - if ($sha256_password->id > 0) { - // SHA-256 exists, let's update it - $sha256_password->update(); - } else { - $sha256_password->create(); - } - } + if ($sha256_password->id > 0) { + // SHA-256 exists, let's update it + $sha256_password->update(); + } else { + $sha256_password->create(); + } + } - return OK; + return OK; } -function xmlrpc_passwords_register_methods($server) { - // The below two methods are the same but with different names, update_hash was the previous one and is kept here for the time being for compatibility purposes - xmlrpc_server_register_method($server, 'update_hash', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK - xmlrpc_server_register_method($server, 'update_password', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK - xmlrpc_server_register_method($server, 'update_passwords', 'xmlrpc_update_passwords');// args = [username, old hash, md5_hash, sha256_hash, [domain]] - xmlrpc_server_register_method($server, 'upgrade_password', 'xmlrpc_upgrade_password');// args = [username, old md5 hash, sha256 hash, [domain]] +function xmlrpc_passwords_register_methods($server) +{ + // The below two methods are the same but with different names, update_hash was the previous one and is kept here for the time being for compatibility purposes + xmlrpc_server_register_method($server, 'update_hash', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK + xmlrpc_server_register_method($server, 'update_password', 'xmlrpc_update_password');// args = [username, old hash, new hash, [domain], [algo]], return OK + xmlrpc_server_register_method($server, 'update_passwords', 'xmlrpc_update_passwords');// args = [username, old hash, md5_hash, sha256_hash, [domain]] + xmlrpc_server_register_method($server, 'upgrade_password', 'xmlrpc_upgrade_password');// args = [username, old md5 hash, sha256 hash, [domain]] - xmlrpc_server_register_method($server, 'check_authentication', 'xmlrpc_check_authentication');// args = [username, hash, [domain]] - xmlrpc_server_register_method($server, 'check_authentication_and_upgrade_password', 'xmlrpc_check_authentication_and_upgrade_password');// args = [username, md5_hash, sha256_hash, [domain]] + xmlrpc_server_register_method($server, 'check_authentication', 'xmlrpc_check_authentication');// args = [username, hash, [domain]] + xmlrpc_server_register_method($server, 'check_authentication_and_upgrade_password', 'xmlrpc_check_authentication_and_upgrade_password');// args = [username, md5_hash, sha256_hash, [domain]] } - -?> diff --git a/src/xmlrpc/provisioning.php b/src/xmlrpc/provisioning.php index 08842b9..f54f83f 100644 --- a/src/xmlrpc/provisioning.php +++ b/src/xmlrpc/provisioning.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ header("Access-Control-Allow-Origin: *"); @@ -59,7 +59,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) { $xml .= '
'; if (startswith($section, "proxy_config_")) { $proxy_config_index += 1; - } else if (startswith($section, "auth_info_")) { + } elseif (startswith($section, "auth_info_")) { $auth_info_index += 1; } @@ -67,7 +67,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) { // We need to replace any < or > by < and > or the xml won't be valid ! $value = str_replace("<", "<", $value); $value = str_replace(">", ">", $value); - + $xml .= '' . $value . ''; } $xml .= '
'; @@ -103,5 +103,3 @@ $xml .= ''; http_response_code(200); echo $xml; - -?> \ No newline at end of file diff --git a/src/xmlrpc/user_info.php b/src/xmlrpc/user_info.php index 6095808..f501de5 100644 --- a/src/xmlrpc/user_info.php +++ b/src/xmlrpc/user_info.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -33,137 +33,139 @@ include_once __DIR__ . '/../misc/results_values.php'; include_once __DIR__ . '/../misc/user_info.php'; // args = [username, ha1, [domain], [algo]] -function xmlrpc_get_email_account($method, $args) { - $username = $args[0]; - $ha1 = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_get_email_account($method, $args) +{ + $username = $args[0]; + $ha1 = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_email_account(" . $username . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_email_account(" . $username . ")"); - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $account = new Account($db); - $account->username = $username; - $account->domain = $domain; + $account = new Account($db); + $account->username = $username; + $account->domain = $domain; - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if (!password_match($ha1, $password->password)) { - return PASSWORD_DOESNT_MATCH; - } + if (!password_match($ha1, $password->password)) { + return PASSWORD_DOESNT_MATCH; + } - $user_info = new UserInfo($db); - $user_info->account_id = $account->id; - $user_info->getOne(); + $user_info = new UserInfo($db); + $user_info->account_id = $account->id; + $user_info->getOne(); - $result = array( - "id" => $account->id, - "username" => $account->username, - "domain" => $account->domain, - "email" => $account->email, - "alias" => $account->alias, - "activated" => $account->activated, - "firstname" => $user_info->firstname, - "lastname" => $user_info->lastname, - "gender" => $user_info->gender, - "subscribe" => $user_info->subscribe - ); + $result = array( + "id" => $account->id, + "username" => $account->username, + "domain" => $account->domain, + "email" => $account->email, + "alias" => $account->alias, + "activated" => $account->activated, + "firstname" => $user_info->firstname, + "lastname" => $user_info->lastname, + "gender" => $user_info->gender, + "subscribe" => $user_info->subscribe + ); - return $result; + return $result; } // args = [tel, ha1, [domain], [algo]] -function xmlrpc_get_phone_account($method, $args) { - $phone = $args[0]; - $ha1 = $args[1]; - $domain = get_domain($args[2]); - $algo = get_algo($args[3]); +function xmlrpc_get_phone_account($method, $args) +{ + $phone = $args[0]; + $ha1 = $args[1]; + $domain = get_domain($args[2]); + $algo = get_algo($args[3]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_account(" . $phone . ")"); + Logger::getInstance()->message("[XMLRPC] xmlrpc_get_phone_account(" . $phone . ")"); - $database = new Database(); - $db = $database->getConnection(); + $database = new Database(); + $db = $database->getConnection(); - $alias = new Alias($db); - $alias->alias = $phone; - $alias->domain = $domain; + $alias = new Alias($db); + $alias->alias = $phone; + $alias->domain = $domain; - $account = new Account($db); + $account = new Account($db); - if (!$alias->getOne()) { - $account->username = $phone; - $account->domain = $domain; - } else { - $account->id = $alias->account_id; - } + if (!$alias->getOne()) { + $account->username = $phone; + $account->domain = $domain; + } else { + $account->id = $alias->account_id; + } - if (!$account->getOne()) { - return ACCOUNT_NOT_FOUND; - } + if (!$account->getOne()) { + return ACCOUNT_NOT_FOUND; + } - $password = new Password($db); - $password->account_id = $account->id; - $password->algorithm = $algo; + $password = new Password($db); + $password->account_id = $account->id; + $password->algorithm = $algo; - if (!$password->getOne()) { - return PASSWORD_NOT_FOUND; - } + if (!$password->getOne()) { + return PASSWORD_NOT_FOUND; + } - if (!password_match($ha1, $password->password)) { - return PASSWORD_DOESNT_MATCH; - } + if (!password_match($ha1, $password->password)) { + return PASSWORD_DOESNT_MATCH; + } - $user_info = new UserInfo($db); - $user_info->account_id = $account->id; - $user_info->getOne(); + $user_info = new UserInfo($db); + $user_info->account_id = $account->id; + $user_info->getOne(); - $result = array( - "id" => $account->id, - "username" => $account->username, - "domain" => $account->domain, - "email" => $account->email, - "alias" => $account->alias, - "activated" => $account->activated, - "firstname" => $user_info->firstname, - "lastname" => $user_info->lastname, - "gender" => $user_info->gender, - "subscribe" => $user_info->subscribe - ); + $result = array( + "id" => $account->id, + "username" => $account->username, + "domain" => $account->domain, + "email" => $account->email, + "alias" => $account->alias, + "activated" => $account->activated, + "firstname" => $user_info->firstname, + "lastname" => $user_info->lastname, + "gender" => $user_info->gender, + "subscribe" => $user_info->subscribe + ); - return $result; + return $result; } // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] -function xmlrpc_update_account_user_info($method, $args) { - $username = $args[0]; - $ha1 = $args[1]; - $firstname = $args[2]; - $lastname = $args[3]; - $gender = $args[4]; - $subscribe = $args[5]; - $domain = get_domain($args[6]); - $algo = get_algo($args[7]); +function xmlrpc_update_account_user_info($method, $args) +{ + $username = $args[0]; + $ha1 = $args[1]; + $firstname = $args[2]; + $lastname = $args[3]; + $gender = $args[4]; + $subscribe = $args[5]; + $domain = get_domain($args[6]); + $algo = get_algo($args[7]); - Logger::getInstance()->message("[XMLRPC] xmlrpc_update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")"); - return update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo); + Logger::getInstance()->message("[XMLRPC] xmlrpc_update_account_user_info(" . $username . ", " . $domain . " : " . $firstname . ", " . $lastname . ", " . $gender . ", " . $subscribe . ")"); + return update_account_user_info($username, $ha1, $firstname, $lastname, $gender, $subscribe, $domain, $algo); } -function xmlrpc_user_info_register_methods($server) { - xmlrpc_server_register_method($server, 'get_email_account', 'xmlrpc_get_email_account'); // args = [username, ha1, [domain], [algo]] - xmlrpc_server_register_method($server, 'get_phone_account', 'xmlrpc_get_phone_account'); // args = [tel, ha1, [domain], [algo]] - xmlrpc_server_register_method($server, 'update_account_user_info', 'xmlrpc_update_account_user_info'); // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] +function xmlrpc_user_info_register_methods($server) +{ + xmlrpc_server_register_method($server, 'get_email_account', 'xmlrpc_get_email_account'); // args = [username, ha1, [domain], [algo]] + xmlrpc_server_register_method($server, 'get_phone_account', 'xmlrpc_get_phone_account'); // args = [tel, ha1, [domain], [algo]] + xmlrpc_server_register_method($server, 'update_account_user_info', 'xmlrpc_update_account_user_info'); // args = [username, ha1, firstname, lastname, gender, subscribe, [domain], [algo]] } - -?> diff --git a/src/xmlrpc/xmlrpc.php b/src/xmlrpc/xmlrpc.php index dd15925..cdee579 100644 --- a/src/xmlrpc/xmlrpc.php +++ b/src/xmlrpc/xmlrpc.php @@ -1,21 +1,21 @@ . + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . */ include_once __DIR__ . '/../database/database.php'; @@ -30,71 +30,75 @@ include_once __DIR__ . '/passwords.php'; include_once __DIR__ . '/user_info.php'; $request = file_get_contents("php://input"); -if (empty($request)) Logger::getInstance()->error("Request is empty"); +if (empty($request)) { + Logger::getInstance()->error("Request is empty"); +} $server = xmlrpc_server_create(); -if (!$server) die("Couldn't create server"); +if (!$server) { + die("Couldn't create server"); +} if (USE_DIGEST_AUTH) { - $headers = getallheaders(); - $xml = simplexml_load_string($request); - $request_type = $xml->methodName; + $headers = getallheaders(); + $xml = simplexml_load_string($request); + $request_type = $xml->methodName; - $unauthenticated_requests = array( - // email accounts - 0 => 'create_email_account', - 1 => 'create_email_md5_sha256_account', - 2 => 'activate_email_account', - 3 => 'recover_email_account', + $unauthenticated_requests = array( + // email accounts + 0 => 'create_email_account', + 1 => 'create_email_md5_sha256_account', + 2 => 'activate_email_account', + 3 => 'recover_email_account', - // phone accounts - 4 => 'create_phone_account', - 5 => 'activate_phone_account', - 6 => 'recover_phone_account', - 7 => 'is_phone_number_used', - 8 => 'get_phone_number_for_account', - - // accounts - 9 => 'get_confirmation_key', - 10 => 'is_account_used', - 11 => 'is_account_activated', - 12 => 'recover_account_from_confirmation_key', - 13 => 'get_accounts_count', - - // aliases - 14 => 'is_alias_used', - 15 => 'link_phone_number_with_account', - 16 => 'get_alias', - - // devices - 17 => 'add_ec_calibration_result', - ); + // phone accounts + 4 => 'create_phone_account', + 5 => 'activate_phone_account', + 6 => 'recover_phone_account', + 7 => 'is_phone_number_used', + 8 => 'get_phone_number_for_account', - // Get authentication header if there is one - if (!empty($headers['Auth-Digest'])) { - Logger::getInstance()->debug("Auth-Digest = " . $headers['Auth-Digest']); - $authorization = $headers['Auth-Digest']; - } elseif (!empty($headers['Authorization'])) { - Logger::getInstance()->debug("Authorization = " . $headers['Authorization']); - $authorization = $headers['Authorization']; - } + // accounts + 9 => 'get_confirmation_key', + 10 => 'is_account_used', + 11 => 'is_account_activated', + 12 => 'recover_account_from_confirmation_key', + 13 => 'get_accounts_count', - // Authentication - if (in_array($request_type, $unauthenticated_requests) == FALSE) { - if (!empty($authorization)) { - $authentication_status = authenticate(AUTH_REALM); + // aliases + 14 => 'is_alias_used', + 15 => 'link_phone_number_with_account', + 16 => 'get_alias', - if ($authentication_status == TRUE) { - Logger::getInstance()->debug("Authentication successful for " . $headers['From']); - } else { - Logger::getInstance()->debug("Authentication failed for " . $headers['From']); - request_authentication(AUTH_REALM); - } - } else { - Logger::getInstance()->debug("No authentication header for " . $headers['From']); - request_authentication(AUTH_REALM); - } - } + // devices + 17 => 'add_ec_calibration_result', + ); + + // Get authentication header if there is one + if (!empty($headers['Auth-Digest'])) { + Logger::getInstance()->debug("Auth-Digest = " . $headers['Auth-Digest']); + $authorization = $headers['Auth-Digest']; + } elseif (!empty($headers['Authorization'])) { + Logger::getInstance()->debug("Authorization = " . $headers['Authorization']); + $authorization = $headers['Authorization']; + } + + // Authentication + if (in_array($request_type, $unauthenticated_requests) == false) { + if (!empty($authorization)) { + $authentication_status = authenticate(AUTH_REALM); + + if ($authentication_status == true) { + Logger::getInstance()->debug("Authentication successful for " . $headers['From']); + } else { + Logger::getInstance()->debug("Authentication failed for " . $headers['From']); + request_authentication(AUTH_REALM); + } + } else { + Logger::getInstance()->debug("No authentication header for " . $headers['From']); + request_authentication(AUTH_REALM); + } + } } xmlrpc_accounts_register_methods($server); @@ -104,17 +108,15 @@ xmlrpc_passwords_register_methods($server); xmlrpc_user_info_register_methods($server); if (USE_IN_APP_PURCHASES) { - include_once __DIR__ . '/inapp.php'; - xmlrpc_inapp_register_methods($server); + include_once __DIR__ . '/inapp.php'; + xmlrpc_inapp_register_methods($server); } if (ALLOW_TEST_ACCOUNTS) { - include_once __DIR__ . '/liblinphone_tester.php'; - xmlrpc_liblinphone_tester_register_methods($server); + include_once __DIR__ . '/liblinphone_tester.php'; + xmlrpc_liblinphone_tester_register_methods($server); } if ($request) { - $options = array('output_type' => 'xml', 'version' => 'auto'); - echo xmlrpc_server_call_method($server, $request, null, $options); + $options = array('output_type' => 'xml', 'version' => 'auto'); + echo xmlrpc_server_call_method($server, $request, null, $options); } - -?> \ No newline at end of file