index.php 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326
  1. <?php
  2. header('Content-type: application/json');
  3. header('Access-Control-Allow-Origin: *');
  4. require_once("../../header.php");
  5. if(!isset($_GET['action'])){
  6. $opts = getopt('a:',Array('action:'));
  7. $_GET['action'] = isset($opts['action'])?$opts['action']:(isset($opts['a'])?$opts['a']:'');
  8. }
  9. $u = is_logged_in();
  10. switch($_GET['action']){
  11. case 'test':
  12. //$u or die();
  13. //print_r(atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'topic','#omnimaga'));
  14. echo mkpasswd('root');
  15. die();
  16. break;
  17. case 'lang':
  18. echo file_get_contents(DIR.'/lang/'.LOCALE.'/C/LC_MESSAGES/omninet.po');
  19. die();
  20. break;
  21. case 'login':
  22. isset($_GET['username']) && isset($_GET['password']) or die('{"code":2,"message":"'.__('Missing username and/or password').'"}');
  23. isset($_GET['type']) or die('{"code":2,"message":"'.__('Missing user type').'"}');
  24. $r = login($_GET['username'],$_GET['password'],$_GET['type']);
  25. if($r !== true){
  26. die('{"code":2,"message":"'.$r.'"}');
  27. }else{
  28. die('{"code":0}');
  29. }
  30. break;
  31. case 'verify':
  32. isset($_GET['token']) or die('{"code":1,"message":"'.__('No token set').'"}');
  33. $r = verify($_GET['token']);
  34. if($r !== true){
  35. die('{"code":2,"message":"'.$r.'"}');
  36. }
  37. die('{"code":0,"message":"'.$r.'"}');
  38. break;
  39. case 'logout':
  40. logout();
  41. die('{"code":0}');
  42. break;
  43. case 'get-memos':
  44. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  45. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  46. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','list');
  47. if($res[0]){
  48. $res = explode('&#10;',$res[1]);
  49. $memos = Array();
  50. foreach($res as $k => $row){
  51. if($k != 0 && $k != 1){
  52. $row = preg_split('/^-\s/',$row);
  53. if(isset($row[1])){
  54. $row = explode(' ',$row[1]);
  55. $memo = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','read',Array($row[0]));
  56. $memo = explode('&#10;',$memo[1]);
  57. array_push($memos,Array(
  58. 'id'=>$row[0],
  59. 'from'=>$row[2],
  60. 'date'=>Array(
  61. 'month'=>$row[4],
  62. 'day'=>$row[5],
  63. 'time'=>$row[6],
  64. 'year'=>$row[7]
  65. ),
  66. 'body'=>$memo[2]
  67. ));
  68. }
  69. }
  70. }
  71. die('{"code":0,"memos":'.json_encode($memos).'}');
  72. }else{
  73. die('{"code":1,"message":"'.__('Cannot fetch memos').'"}');
  74. }
  75. break;
  76. case 'get-news':
  77. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  78. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  79. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'InfoServ','list');
  80. if($res[0]){
  81. $res = explode('&#10;',$res[1]);
  82. $news = Array();
  83. foreach($res as $k => $row){
  84. if($k != count($res)-1){
  85. array_push($news,Array(
  86. 'id'=>preg_replace('/^(\d)+:.+$/i','\1',$row),
  87. 'title'=>preg_replace('/^\d+: \[(.+)\] .+/i','\1',$row),
  88. 'from'=>preg_replace('/^\d+: \[.+\] by (.+) at \d\d?:\d\d? on (\d\d)\/\d\d\/\d\d\d\d: .+/i','\1',$row),
  89. 'date'=>Array(
  90. 'time'=>preg_replace('/^\d+: \[.+\] by .+ at (\d\d?:\d\d?) on .+/','\1',$row),
  91. 'day'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on (\d\d)\/\d\d\/\d\d\d\d: .+/i','\1',$row),
  92. 'month'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/(\d\d)\/\d\d\d\d: .+/i','\1',$row),
  93. 'year'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/\d\d\/(\d\d\d\d): .+/i','\1',$row)
  94. ),
  95. 'body'=>preg_replace('/^\d+: \[.+\] by .+ at \d\d?:\d\d? on \d\d\/\d\d\/\d\d\d\d: (.+)/i','\1',$row)
  96. ));
  97. }
  98. }
  99. die('{"code":0,"news":'.json_encode($news).'}');
  100. }else{
  101. die('{"code":1,"message":"'.__('Cannot fetch news').'"}');
  102. }
  103. break;
  104. case 'get-channels':
  105. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  106. $u['type'] = 'user' && isset($_COOKIE['user']) && isset($_SESSION['password']) or die('{"code":0}');
  107. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'NickServ','listchans');
  108. if($res[0]){
  109. $res = explode('&#10;',$res[1]);
  110. $channels = Array();
  111. foreach($res as $k => $row){
  112. if($k != count($res)-1){
  113. $flags_list = str_split(preg_replace('/^Access flag\(s\) \+(.+) in .+$/i','\1',$row));
  114. $flags = array();
  115. foreach($flags_list as $kk => $flag){
  116. switch($flag){
  117. case 'v':$name=__('Voice');break;
  118. case 'V':$name=__('Automatic voice');break;
  119. case 'h':$name=__('Halfop');break;
  120. case 'H':$name=__('Automatic Halfop');break;
  121. case 'o':$name=__('Op');break;
  122. case 'O':$name=__('Automatic Op');break;
  123. case 'a':$name=__('Admin');break;
  124. case 'q':$name=__('Owner');break;
  125. case 's':$name=__('Set');break;
  126. case 'i':$name=__('Invite/Getkey');break;
  127. case 'r':$name=__('Kick/Ban');break;
  128. case 'R':$name=__('Recover/Clear');break;
  129. case 'f':$name=__('Modify access lists');break;
  130. case 't':$name=__('Topic');break;
  131. case 'A':$name=__('View access lists');break;
  132. case 'F':$name=__('Founder');break;
  133. case 'b':$name=__('Banned');break;
  134. default:$name=$flag;
  135. }
  136. array_push($flags,array(
  137. 'flag'=>$flag,
  138. 'name'=>$name
  139. ));
  140. }
  141. $name = preg_replace('/^Access flag\(s\) \+.+ in (.+)$/i','\1',$row);
  142. array_push($channels,Array(
  143. 'name'=>$name,
  144. 'flags'=>$flags
  145. ));
  146. }
  147. }
  148. die('{"code":0,"channels":'.json_encode($channels).'}');
  149. }else{
  150. die('{"code":1,"message":"'.__('Cannot fetch channels').'"}');
  151. }
  152. break;
  153. case 'send-memo':
  154. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  155. isset($_GET['to']) && isset($_GET['message']) or die('{"code":1,"message":"'.__('No message or user entered').'"}');
  156. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','send',Array($_GET['to'],$_GET['message']));
  157. if($res[0]){
  158. if(substr($res[1],-19) == ' is not registered.'){
  159. die('{"code":1,"message":"'.__('User').' '.$_GET['to'].' '.__('does not exist').'"}');
  160. }else{
  161. die('{"code":0,"message":"'.__('Memo Sent').'"}');
  162. }
  163. }else{
  164. die('{"code":1,"message":"'.__('Cannot send memo').': '.$res[1].'"}');
  165. }
  166. break;
  167. case 'delete-memo':
  168. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  169. isset($_GET['id']) or die('{"code":1,"message":"'.__('No id given').'"}');
  170. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$_COOKIE['user'],$_SESSION['password'],'MemoServ','delete',Array($_GET['id']));
  171. if(!$res[0]){
  172. die('{"code":1,"message":"'.__('Cannot send memo').': '+$res[1]+'"}');
  173. }
  174. die('{"code":0}');
  175. break;
  176. case 'persona-login':
  177. if($u){
  178. $register = true;
  179. }else{
  180. $register = false;
  181. }
  182. $url = get_conf('persona-endpoint');
  183. $assert = filter_input(
  184. INPUT_POST,
  185. 'assertion',
  186. FILTER_UNSAFE_RAW,
  187. FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH
  188. );
  189. $params = 'assertion='.urlencode($assert).'&audience='.urlencode(get_conf('persona-audience'));
  190. $ch = curl_init();
  191. $options = array(
  192. CURLOPT_URL => $url,
  193. CURLOPT_RETURNTRANSFER => TRUE,
  194. CURLOPT_POST => 2,
  195. CURLOPT_SSL_VERIFYPEER => 0,
  196. CURLOPT_SSL_VERIFYHOST => 2,
  197. CURLOPT_POSTFIELDS => $params
  198. );
  199. curl_setopt_array($ch, $options);
  200. $result = curl_exec($ch);
  201. curl_close($ch);
  202. $result = json_decode($result);
  203. if($result->status == 'okay'){
  204. if($register && !add_email($u['id'],$result->email)){
  205. die('{"code":1,"message":"'.__('Failed to add email').' '.$result->email.' '.__('to user').' '.$u['nick'].'"}');
  206. }elseif(!$register && !$u = get_user_for_email($result->email)){
  207. die('{"code":1,"message":"'.__('Email does not match any users').'"}');
  208. }
  209. setcookie('personaUser',$result->email,null,'/');
  210. $pass = null;
  211. if(isset($_SESSION['password']) && !is_null($_SESSION['password']) && $_SESSION['password'] != ''){
  212. $pass = $_SESSION['password'];
  213. }
  214. $types = get_user_types($u['id']);
  215. $r = login($u['nick'],$pass,'persona',$types[0]);
  216. if($r !== true){
  217. if($r){
  218. die('{"code":2,"message":"'.$r.'"}');
  219. }else{
  220. die('{"code":2}');
  221. }
  222. }else{
  223. die('{"code":0,"assertion":'.json_encode($result).'}');
  224. }
  225. }else{
  226. die('{"code":1,"message":"'.$result->reason.'"}');
  227. }
  228. break;
  229. case 'persona-remove':
  230. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  231. isset($_GET['id']) or die('{"code":1,"message":"'.__('No ID set').'"}');
  232. if(!remove_email($u['id'],$_GET['id'],true)){
  233. die('{"code":1,"message":"'.__('Could not remove email address').'"}');
  234. }
  235. die('{"code":0}');
  236. break;
  237. case '2-factor-register':
  238. $r = register_token();
  239. if($r !== true){
  240. die('{"code":1,"message":"'.$r.'"}');
  241. }
  242. die('{"code":0}');
  243. break;
  244. case '2-factor-delete':
  245. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  246. $r = delete_token($u['id']);
  247. if($r !== true){
  248. die('{"code":1,"message":"'.$r.'"}');
  249. }
  250. die('{"code":0,"message":"'.__('2-factor disabled.').'"}');
  251. break;
  252. case 'ping':
  253. $u or die('{"code":1,"message":"'.__('You have been logged out').'"}');
  254. die('{"code":0}');
  255. break;
  256. case 'newpass':
  257. $u && isset($_GET['password']) && isset($_GET['newpass']) or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  258. $u['password'] == mkpasswd($_GET['password'],$u['salt']) or die('{"code":2,"message":"'.__('Invalid password').'"}');
  259. $u['api_key'] == $_COOKIE['key'] or die('{"code":3,"message":"Not Logged in to use '.$u['nick'].' with key '.$u['api_key'].' != '.$_COOKIE['key'].'."}');
  260. if($_COOKIE['type'] == 'user'){
  261. $res = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$u['nick'],$_GET['password'],'NickServ','set',Array('password',trim($_GET['newpass'])));
  262. if($res[0] === false){
  263. die('{"code":2,"message":"'.__('Could not update password with nickserv').': '.$res[1].'"}');
  264. }else{
  265. $_SESSION['password'] = $_GET['newpass'];
  266. }
  267. }
  268. query("UPDATE users u SET u.password='%s' WHERE u.id=%d",Array(mkpasswd($_GET['newpass']),$u['id']));
  269. die('{"code":0}');
  270. break;
  271. case 'sync-pass':
  272. $u && isset($_SESSION['password'])or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  273. $u['api_key'] == $_COOKIE['key'] or die('{"code":3,"message":"'.__('Not Logged in to use').' '.$u['nick'].' '.__('with key').' '.$u['api_key'].' != '.$_COOKIE['key'].'."}');
  274. $_COOKIE['type'] == 'user' or die('{"code":3,"message":"'.__('Must be logged in with type user to sync pass').'"}');
  275. $res = atheme_login(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),$u['nick'],$_SESSION['password']);
  276. if($res[0] === false){
  277. die('{"code":2,"message":"'.__('Could not verify with nickserv').': '.$res[1].'"}');
  278. }
  279. query("UPDATE users u SET u.password='%s' WHERE u.id=%d",Array(mkpasswd($_SESSION['password']),$u['id']));
  280. die('{"code":0,"message":"'.__('Nickserv password synchronized with main account').'"}');
  281. break;
  282. case 'role':
  283. $u && isset($_GET['type']) or die('{"code":2,"message":"'.__('Make sure that everything is filled in. Try reloading if it is.').'"}');
  284. setcookie('type',$_GET['type'],null,'/');
  285. die('{"code":0}');
  286. break;
  287. case 'user':
  288. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  289. isset($_GET['id']) or die('{"code":2,"message":"'.__('No user set.').'"}');
  290. isset($_GET['email']) or die('{"code":2,"message":"'.__('No email set.').'"}');
  291. isset($_GET['real_name']) or die('{"code":2,"message":"'.__('No real name set.').'"}');
  292. isset($_GET['nick']) or die('{"code":2,"message":"'.__('No nick set.').'"}');
  293. $user = get_user_from_id_obj($_GET['id']) or die('{"code":2,"message":"'.__('User with id').' '.$_GET['id'].' '.__('does not exist. You should reload the page.').'"}');
  294. if($u['id'] == $user['id']){
  295. setcookie('user',$_GET['nick'],null,'/');
  296. }
  297. query("UPDATE users u SET u.nick='%s', u.real_name='%s', u.email='%s' WHERE u.id=%d",Array($_GET['nick'],$_GET['real_name'],$_GET['email'],$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update user').'"}');
  298. die(ircrehash());
  299. break;
  300. case 'oper':
  301. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  302. isset($_GET['id']) or die('{"code":2,"message":"'.__('No user set.').'"}');
  303. isset($_GET['nick']) or die('{"code":2,"message":"'.__('No nick set.').'"}');
  304. isset($_GET['swhois']) or die('{"code":2,"message":"'.__('No profile set.').'"}');
  305. $oper = get_oper_from_id_obj($_GET['id']) or die('{"code":2,"message":"'.__('Oper with id').' '.$_GET['id'].' '.__('does not exist. You should reload the page.').'"}');
  306. if(isset($_GET['password']) && $_GET['password'] != ""){
  307. query("UPDATE opers o SET o.nick='%s', o.swhois='%s', o.password='%s', o.password_type_id=2 WHERE o.id=%d",Array($_GET['nick'],$_GET['swhois'],mkpasswd($_GET['password']),$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update oper').'"}');
  308. }else{
  309. query("UPDATE opers o SET o.nick='%s', o.swhois='%s' WHERE o.id=%d",Array($_GET['nick'],$_GET['swhois'],$_GET['id'])) or die('{"code":2,"message":"'.__('Unable to update oper').'"}');
  310. }
  311. die(ircrehash());
  312. break;
  313. case 'config':
  314. foreach($_GET as $key => $val){
  315. set_conf($key,$val,get_conf_type($key)) or die('{"code":1,"message":"'.__('Failed to update setting').': '.$key.' '.__('with value').': '.$val.'"}');
  316. }
  317. die('{"code":0}');
  318. break;
  319. case 'rehash':
  320. $u or die('{"code":10,"message":"'.__('Not logged in').'"}');
  321. die(ircrehash());
  322. break;
  323. default:
  324. die('{"code":1,"message":"'.__('Invalid Action').': '.$_GET['action'].'"}');
  325. }
  326. ?>