server/register.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

<?php

/*

Jappix - An open social platform
This is the Register API

-------------------------------------------------

License: AGPL
Author: Valérian Saliou

*/

// PHP base
define('JAPPIX_BASE', '..');

// Start PHP session (for CAPTCHA check)
session_start();

// Get captcha
$session_captcha = isset($_SESSION['captcha']) ? $_SESSION['captcha'] : null;

// Remove CAPTCHA
if(isset($_SESSION['captcha'])) {
    unset($_SESSION['captcha']);
}

// Close the session
session_write_close();

// Get the configuration
require_once('./functions.php');
require_once('./read-main.php');
require_once('./read-hosts.php');

// Prepare application
enableErrorSink();
hideErrors();
compressThis();

// Headers
header('Content-Type: text/xml');

// API vars
$xml_output = null;
$error = false;
$error_reason = '';

// Get POST data
$query_id = isset($_POST['id']) ? trim($_POST['id']) : 'none';

// Not enabled?
if(REGISTER_API == 'on') {
    // Get POST data
    $username = isset($_POST['username']) ? trim($_POST['username']) : null;
    $password = isset($_POST['password']) ? trim($_POST['password']) : null;
    $domain = isset($_POST['domain']) ? trim($_POST['domain']) : null;
    $captcha = isset($_POST['captcha']) ? trim($_POST['captcha']) : null;

    // Enough data?
    if(!$username || !$password || !$domain || !$captcha) {
        $error = true;

        if(!$username) {
            $error_reason = 'Username POST Field Missing';
        } else if(!$password) {
            $error_reason = 'Password POST Field Missing';
        } else if(!$domain) {
            $error_reason = 'Domain POST Field Missing';
        } else if(!$captcha) {
            $error_reason = 'CAPTCHA POST Field Missing';
        } else {
            $error_reason = 'POST Field Missing';
        }
    } else if($domain != HOST_MAIN) {
        $error = true;
        $error_reason = 'Domain Not Allowed';
    } else if($session_captcha == null) {
        $error = true;
        $error_reason = 'CAPTCHA Session Missing';
    } else if(strtolower(trim($captcha)) != strtolower(trim($session_captcha))) {
        $error = true;
        $error_reason = 'CAPTCHA Not Matching';
    } else {
        // Fixes escapeshellarg() with UTF-8 chars
        setlocale(LC_CTYPE, 'en_US.UTF-8');

        // Which command to execute?
        $command_str = null;

        if(XMPPD == 'metronome') {
            $xmppd_ctl = XMPPD_CTL ? XMPPD_CTL : 'metronomectl';

            // Command string
            $command_str = 'sudo '.$xmppd_ctl.' adduser '.escapeshellarg($username.'@'.$domain).' '.escapeshellarg($password);
        } else if(XMPPD == 'ejabberd') {
            $xmppd_ctl = XMPPD_CTL ? XMPPD_CTL : 'ejabberdctl';

            // Command string
            $command_str = 'sudo '.$xmppd_ctl.' register '.escapeshellarg($username).' '.escapeshellarg($domain).' '.escapeshellarg($password);
        } else {
            $error = true;
            $error_reason = 'Unsupported XMPP Daemon';
        }

        // Execute command
        if($command_str) {
            // Here we go!
            $command_output = array();

            exec($command_str, $command_output);

            // Check if user could be registered
            $command_return = 0;

            foreach($command_output as $command_line) {
                if(((XMPPD == 'metronome') && preg_match('/User successfully added/i', $command_line)) || ((XMPPD == 'ejabberd') && preg_match('/User (.+) successfully registered/i', $command_line))) {
                    $command_return = 1;

                    break;
                }

                if(((XMPPD == 'metronome') && preg_match('/User already exists/i', $command_line)) || ((XMPPD == 'ejabberd') && preg_match('/User (.+) already registered/i', $command_line))) {
                    $command_return = 2;

                    break;
                }
            }

            // Check for errors
            if($command_return != 1) {
                $error = true;

                if($command_return == 2) {
                    $error_reason = 'Username Unavailable';
                } else {
                    $error_reason = 'Server Error';
                }
            }
        } else {
            $error = true;
            $error_reason = 'No Command To Execute';
        }
    }
} else {
    $error = true;
    $error_reason = 'API Disabled';
}

// Generate the response
$status_code = '1';
$status_message = 'Success';

if($error) {
    $status_code = '0';
    $status_message = 'Server error';

    if($error_reason) {
        $status_message = $error_reason;
    }
}

$api_response = '<jappix xmlns="jappix:account:register">';
    $api_response .= '<query id="'.htmlEntities($query_id, ENT_QUOTES).'">';
        $api_response .= '<status>'.htmlspecialchars($status_code).'</status>';
        $api_response .= '<message>'.htmlspecialchars($status_message).'</message>';
    $api_response .= '</query>';

    if($xml_output) {
        $api_response .= '<data>';
            $api_response .= $xml_output;
        $api_response .= '</data>';
    }
$api_response .= '</jappix>';

exit($api_response);

?>