index.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357
  1. <?php
  2. header('Content-type: application/json');
  3. header('Access-Control-Allow-Origin: *');
  4. require_once("../../header.php");
  5. if(!isset($_GET['action'])){
  6. $opts = getopt('a:',array('action:'));
  7. $_GET['action'] = isset($opts['action'])?$opts['action']:(isset($opts['a'])?$opts['a']:'');
  8. }
  9. $u = is_logged_in();
  10. switch($_GET['action']){
  11. case 'test':
  12. //$u or die();
  13. //print_r(atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'topic','#omnimaga'));
  14. //echo mkpasswd('root');
  15. break;
  16. case 'lang':
  17. echo file_get_contents(DIR.'/lang/'.LOCALE.'/C/LC_MESSAGES/omninet.po');
  18. die();
  19. break;
  20. case 'login':
  21. isset($_GET['username']) && isset($_GET['password']) or die('{"code":2,"message":"'.__('Missing username and/or password').'"}');
  22. isset($_GET['type']) or die('{"code":2,"message":"'.__('Missing user type').'"}');
  23. $r = login($_GET['username'],$_GET['password'],$_GET['type']);
  24. if($r !== true){
  25. die('{"code":2,"message":"'.$r.'"}');
  26. }else{
  27. die('{"code":0}');
  28. }
  29. break;
  30. case 'verify':
  31. isset($_GET['token']) or die('{"code":1,"message":"'.__('No token set').'"}');
  32. $r = verify($_GET['token']);
  33. if($r !== true){
  34. die('{"code":2,"message":"'.$r.'"}');
  35. }
  36. die('{"code":0,"message":"'.$r.'"}');
  37. break;
  38. case 'logout':
  39. logout();
  40. die('{"code":0}');
  41. break;
  42. case 'get-memos':
  43. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  44. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  45. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','list');
  46. if($res[0]){
  47. $res = explode('&#10;',$res[1]);
  48. $memos = array();
  49. foreach($res as $k => $row){
  50. if($k != 0 && $k != 1){
  51. $row = preg_split('/^-\s/',$row);
  52. if(isset($row[1])){
  53. $row = explode(' ',$row[1]);
  54. $memo = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','read',array($row[0]));
  55. $memo = explode('&#10;',$memo[1]);
  56. array_push($memos,array(
  57. 'id'=>$row[0],
  58. 'from'=>$row[2],
  59. 'date'=>array(
  60. 'month'=>$row[4],
  61. 'day'=>$row[5],
  62. 'time'=>$row[6],
  63. 'year'=>$row[7]
  64. ),
  65. 'body'=>$memo[2]
  66. ));
  67. }
  68. }
  69. }
  70. die('{"code":0,"memos":'.json_encode($memos).'}');
  71. }else{
  72. die('{"code":1,"message":"'.__('Cannot fetch memos').'"}');
  73. }
  74. break;
  75. case 'get-news':
  76. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  77. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  78. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'InfoServ','list');
  79. if($res[0]){
  80. $res = explode('&#10;',$res[1]);
  81. $news = array();
  82. foreach($res as $k => $row){
  83. if($k != count($res)-1){
  84. array_push($news,array(
  85. 'id'=>preg_replace('/^(\d)+:.+$/i','\1',$row),
  86. 'title'=>preg_replace('/^\d+: \[(.+)\] .+/i','\1',$row),
  87. 'from'=>preg_replace('/^\d+: \[.+\] by (.+) at \d\d?:\d\d? on (\d\d)\/\d\d\/\d\d\d\d: .+/i','\1',$row),
  88. 'date'=>array(
  89. 'time'=>preg_replace('/^\d+: \[.+\] by .+ at (\d\d?:\d\d?) on .+/','\1',$row),
  90. 'day'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on (\d\d)\/\d\d\/\d\d\d\d: .+/i','\1',$row),
  91. 'month'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/(\d\d)\/\d\d\d\d: .+/i','\1',$row),
  92. 'year'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/\d\d\/(\d\d\d\d): .+/i','\1',$row)
  93. ),
  94. 'body'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/\d\d\/\d\d\d\d: (.+)/i','\1',$row)
  95. ));
  96. }
  97. }
  98. die('{"code":0,"news":'.json_encode($news).'}');
  99. }else{
  100. die('{"code":1,"message":"'.__('Cannot fetch news').'"}');
  101. }
  102. break;
  103. case 'get-channels':
  104. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  105. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  106. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'NickServ','listchans');
  107. if($res[0]){
  108. $res = explode('&#10;',$res[1]);
  109. $channels = array();
  110. foreach($res as $k => $row){
  111. if($k != count($res)-1){
  112. $flags_list = str_split(preg_replace('/^Access flag\(s\) \+(.+) in .+$/i','\1',$row));
  113. $name = preg_replace('/^Access flag\(s\) \+.+ in (.+)$/i','\1',$row);
  114. $chan = array(
  115. 'name'=>$name
  116. );
  117. if(in_array('F',$flags_list)){
  118. $chan['candrop'] = true;
  119. }
  120. $res2 = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'ChanServ','flags',array($name));
  121. if($res2[0]){
  122. $res2 = explode('&#10;',$res2[1]);
  123. $users = array();
  124. foreach($res2 as $kk => $row2){
  125. if($kk > 1 && $kk < count($res2)-2){
  126. $user = array(
  127. 'id'=>preg_replace('/^(\d+)\b.+$/','\1',$row2),
  128. 'name'=>preg_replace('/^\d+\s+(.+)\s+\+.+/','\1',$row2),
  129. 'flags'=>array()
  130. );
  131. $flags_list = str_split(preg_replace('/^\d+\s+.+\s+\+(.+)\s+\[.+/i','\1',$row2));
  132. foreach($flags_list as $kk => $flag){
  133. $name = channel_flag_name($flag);
  134. array_push($user['flags'],array(
  135. 'flag'=>$flag,
  136. 'name'=>$name
  137. ));
  138. }
  139. array_push($users,$user);
  140. }
  141. }
  142. }
  143. $chan['users'] = $users;
  144. array_push($channels,$chan);
  145. }
  146. }
  147. die('{"code":0,"channels":'.json_encode($channels).'}');
  148. }else{
  149. die('{"code":1,"message":"'.__('Cannot fetch channels').'"}');
  150. }
  151. break;
  152. case 'send-memo':
  153. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  154. isset($_GET['to']) && isset($_GET['message']) or die('{"code":1,"message":"'.__('No message or user entered').'"}');
  155. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','send',array($_GET['to'],$_GET['message']));
  156. if($res[0]){
  157. if(substr($res[1],-19) == ' is not registered.'){
  158. die('{"code":1,"message":"'.__('User').' '.$_GET['to'].' '.__('does not exist').'"}');
  159. }else{
  160. die('{"code":0,"message":"'.__('Memo Sent').'"}');
  161. }
  162. }else{
  163. die('{"code":1,"message":"'.__('Cannot send memo').': '.$res[1].'"}');
  164. }
  165. break;
  166. case 'delete-memo':
  167. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  168. isset($_GET['id']) or die('{"code":1,"message":"'.__('No id given').'"}');
  169. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','delete',array($_GET['id']));
  170. if(!$res[0]){
  171. die('{"code":1,"message":"'.__('Cannot delete memo').': '+$res[1]+'"}');
  172. }
  173. die('{"code":0}');
  174. break;
  175. case 'delete-channel':
  176. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  177. isset($_GET['channel']) or die('{"code":1,"message":"'.__('No channel given').'"}');
  178. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'ChanServ','drop',array($_GET['channel']));
  179. if(!$res[0]){
  180. die('{"code":1,"message":"'.__('Cannot drop channel').': '+$res[1]+'"}');
  181. }
  182. die('{"code":0}');
  183. break;
  184. case 'register-channel':
  185. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  186. isset($_GET['channel']) or die('{"code":1,"message":"'.__('No channel given').'"}');
  187. $ret = irccommands(array(
  188. 'join '.$_GET['channel'],
  189. 'samode '.$_GET['channel'].' +o RehashServ',
  190. 'cs register '.$_GET['channel'],
  191. 'cs set '.$_GET['channel'].' keeptopic on',
  192. 'cs set '.$_GET['channel'].' founder '.$_COOKIE['user']
  193. ));
  194. if($ret['code'] !== 0){
  195. die(json_encode($ret));
  196. }
  197. $ret2 = irccommands(array(
  198. 'join '.$_GET['channel'],
  199. 'cs set '.$_GET['channel'].' founder '.$_COOKIE['user']
  200. ),$_COOKIE['user']);
  201. if($ret2['code'] !== 0){
  202. $ret2['message'] = 'Failed to register channel. See log for information.';
  203. }
  204. $ret2['log'] = $ret['log']."\r\n".$ret2['log'];
  205. die(json_encode($ret));
  206. break;
  207. case 'persona-login':
  208. if($u){
  209. $register = true;
  210. }else{
  211. $register = false;
  212. }
  213. $url = get_conf('persona-endpoint');
  214. $assert = filter_input(
  215. INPUT_POST,
  216. 'assertion',
  217. FILTER_UNSAFE_RAW,
  218. FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH
  219. );
  220. $params = 'assertion='.urlencode($assert).'&audience='.urlencode(get_conf('persona-audience'));
  221. $ch = curl_init();
  222. $options = array(
  223. CURLOPT_URL => $url,
  224. CURLOPT_RETURNTRANSFER => TRUE,
  225. CURLOPT_POST => 2,
  226. CURLOPT_SSL_VERIFYPEER => 0,
  227. CURLOPT_SSL_VERIFYHOST => 2,
  228. CURLOPT_POSTFIELDS => $params
  229. );
  230. curl_setopt_array($ch, $options);
  231. $result = curl_exec($ch);
  232. curl_close($ch);
  233. $result = json_decode($result);
  234. if($result->status == 'okay'){
  235. if($register && !add_email($u['id'],$result->email)){
  236. die('{"code":1,"message":"'.__('Failed to add email').' '.$result->email.' '.__('to user').' '.$u['nick'].'"}');
  237. }elseif(!$register && !$u = get_user_for_email($result->email)){
  238. die('{"code":1,"message":"'.__('Email does not match any users').'"}');
  239. }
  240. setcookie('personaUser',$result->email,null,'/');
  241. $pass = null;
  242. if(isset($_SESSION['password']) && !is_null($_SESSION['password']) && $_SESSION['password'] != ''){
  243. $pass = $_SESSION['password'];
  244. }
  245. $types = get_user_types($u['id']);
  246. $r = login($u['nick'],$pass,'persona',$types[0]);
  247. if($r !== true){
  248. if($r){
  249. die('{"code":2,"message":"'.$r.'"}');
  250. }else{
  251. die('{"code":2}');
  252. }
  253. }else{
  254. die('{"code":0,"assertion":'.json_encode($result).'}');
  255. }
  256. }else{
  257. die('{"code":1,"message":"'.$result->reason.'"}');
  258. }
  259. break;
  260. case 'persona-remove':
  261. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  262. isset($_GET['id']) or die('{"code":1,"message":"'.__('No ID set').'"}');
  263. if(!remove_email($u['id'],$_GET['id'],true)){
  264. die('{"code":1,"message":"'.__('Could not remove email address').'"}');
  265. }
  266. die('{"code":0}');
  267. break;
  268. case '2-factor-register':
  269. $r = register_token();
  270. if($r !== true){
  271. die('{"code":1,"message":"'.$r.'"}');
  272. }
  273. die('{"code":0}');
  274. break;
  275. case '2-factor-delete':
  276. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  277. $r = delete_token($u['id']);
  278. if($r !== true){
  279. die('{"code":1,"message":"'.$r.'"}');
  280. }
  281. die('{"code":0,"message":"'.__('2-factor disabled.').'"}');
  282. break;
  283. case 'ping':
  284. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  285. die('{"code":0}');
  286. break;
  287. case 'newpass':
  288. $u && isset($_GET['password']) && isset($_GET['newpass']) or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  289. $u['password'] == mkpasswd($_GET['password'],$u['salt']) or die('{"code":2,"message":"'.__('Invalid password').'"}');
  290. $u['api_key'] == $_COOKIE['key'] or die('{"code":3,"message":"Not Logged in to use '.$u['nick'].' with key '.$u['api_key'].' != '.$_COOKIE['key'].'."}');
  291. if($_COOKIE['type'] == 'user'){
  292. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$u['nick'],$_GET['password'],'NickServ','set',array('password',trim($_GET['newpass'])));
  293. if($res[0] === false){
  294. die('{"code":2,"message":"'.__('Could not update password with nickserv').': '.$res[1].'"}');
  295. }else{
  296. $_SESSION['password'] = $_GET['newpass'];
  297. }
  298. }
  299. query("UPDATE users u SET u.password='%s' WHERE u.id=%d",array(mkpasswd($_GET['newpass']),$u['id']));
  300. die('{"code":0}');
  301. break;
  302. case 'sync-pass':
  303. $u && isset($_SESSION['password'])or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  304. $u['api_key'] == $_COOKIE['key'] or die('{"code":3,"message":"'.__('Not Logged in to use').' '.$u['nick'].' '.__('with key').' '.$u['api_key'].' != '.$_COOKIE['key'].'."}');
  305. $_COOKIE['type'] == 'user' or die('{"code":3,"message":"'.__('Must be logged in with type user to sync pass').'"}');
  306. $res = atheme_login(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),$u['nick'],$_SESSION['password']);
  307. if($res[0] === false){
  308. die('{"code":2,"message":"'.__('Could not verify with nickserv').': '.$res[1].'"}');
  309. }
  310. query("UPDATE users u SET u.password='%s' WHERE u.id=%d",array(mkpasswd($_SESSION['password']),$u['id']));
  311. die('{"code":0,"message":"'.__('Nickserv password synchronized with main account').'"}');
  312. break;
  313. case 'role':
  314. $u && isset($_GET['type']) or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  315. setcookie('type',$_GET['type'],null,'/');
  316. die('{"code":0}');
  317. break;
  318. case 'user':
  319. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  320. isset($_GET['id']) or die('{"code":2,"message":"'.__('No user set.').'"}');
  321. isset($_GET['email']) or die('{"code":2,"message":"'.__('No email set.').'"}');
  322. isset($_GET['real_name']) or die('{"code":2,"message":"'.__('No real name set.').'"}');
  323. isset($_GET['nick']) or die('{"code":2,"message":"'.__('No nick set.').'"}');
  324. $user = get_user_from_id_obj($_GET['id']) or die('{"code":2,"message":"'.__('User with id').' '.$_GET['id'].' '.__('does not exist. You should reload the page.').'"}');
  325. if($u['id'] == $user['id']){
  326. setcookie('user',$_GET['nick'],null,'/');
  327. }
  328. query("UPDATE users u SET u.nick='%s', u.real_name='%s', u.email='%s' WHERE u.id=%d",array($_GET['nick'],$_GET['real_name'],$_GET['email'],$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update user').'"}');
  329. die(ircrehash());
  330. break;
  331. case 'oper':
  332. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  333. isset($_GET['id']) or die('{"code":2,"message":"'.__('No user set.').'"}');
  334. isset($_GET['nick']) or die('{"code":2,"message":"'.__('No nick set.').'"}');
  335. isset($_GET['swhois']) or die('{"code":2,"message":"'.__('No profile set.').'"}');
  336. $oper = get_oper_from_id_obj($_GET['id']) or die('{"code":2,"message":"'.__('Oper with id').' '.$_GET['id'].' '.__('does not exist. You should reload the page.').'"}');
  337. if(isset($_GET['password']) && $_GET['password'] != ""){
  338. query("UPDATE opers o SET o.nick='%s', o.swhois='%s', o.password='%s', o.password_type_id=2 WHERE o.id=%d",array($_GET['nick'],$_GET['swhois'],mkpasswd($_GET['password']),$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update oper').'"}');
  339. }else{
  340. query("UPDATE opers o SET o.nick='%s', o.swhois='%s' WHERE o.id=%d",array($_GET['nick'],$_GET['swhois'],$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update oper').'"}');
  341. }
  342. die(ircrehash());
  343. break;
  344. case 'config':
  345. foreach($_GET as $key => $val){
  346. set_conf($key,$val,get_conf_type($key)) or die('{"code":1,"message":"'.__('Failed to update setting').': '.$key.' '.__('with value').': '.$val.'"}');
  347. }
  348. die('{"code":0}');
  349. break;
  350. case 'rehash':
  351. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  352. die(ircrehash());
  353. break;
  354. default:
  355. die('{"code":1,"message":"'.__('Invalid Action').': '.$_GET['action'].'"}');
  356. }
  357. ?>