diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-18 17:20:23 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-18 17:20:23 +0300 |
commit | 915d1c53bc1a487658e33801efffdd84a0026244 (patch) | |
tree | 6e52d28edb563e8f863001a89996d2883c0979cf | |
parent | 1b6bc9dbc483ffed9b823bdd4d1d8bb49ae8adbe (diff) |
Remove files and move config to config.php
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r-- | server/config.php | 14 | ||||
-rw-r--r-- | server/index.php | 13 | ||||
-rwxr-xr-x | server/lib/BruteForce.php | 80 | ||||
-rwxr-xr-x | server/lib/DB.php | 54 | ||||
-rwxr-xr-x | server/lib/Data.php | 368 | ||||
-rwxr-xr-x | server/lib/Server.php | 291 | ||||
-rwxr-xr-x | server/lib/Util.php | 91 |
7 files changed, 15 insertions, 896 deletions
diff --git a/server/config.php b/server/config.php new file mode 100644 index 0000000..f31b816 --- /dev/null +++ b/server/config.php @@ -0,0 +1,14 @@ +<?php + +return [ + 'settings' => [ + 'displayErrorDetails' => true, + 'addContentLengthHeader' => true, + 'db' => [ + 'host' => "172.17.0.2", + 'user' => "lookup", + 'pass' => "lookup", + 'dbname' => "lookup", + ] + ] +]; diff --git a/server/index.php b/server/index.php index 878944a..bf177e9 100644 --- a/server/index.php +++ b/server/index.php @@ -2,18 +2,7 @@ require 'vendor/autoload.php'; -$settings = [ - 'settings' => [ - 'displayErrorDetails' => true, - 'addContentLengthHeader' => true, - 'db' => [ - 'host' => "172.17.0.2", - 'user' => "lookup", - 'pass' => "lookup", - 'dbname' => "lookup", - ] - ] -]; +$settings = require('config.php'); $container = new \Slim\Container($settings); diff --git a/server/lib/BruteForce.php b/server/lib/BruteForce.php deleted file mode 100755 index 23678a7..0000000 --- a/server/lib/BruteForce.php +++ /dev/null @@ -1,80 +0,0 @@ -<?php - -/** -* @author Frank Karlitschek -* @copyright 2016 Frank Karlitschek frank@karlitschek.de -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - -namespace LookupServer; - -/** - * Basic Brute Force Protection Class - */ -class BruteForce { - - /** - * Check if there are too many requests from one IP - * @return bool $block - */ - public function check() { - - $ip = $_SERVER['REMOTE_ADDR']; - $found=false; - - // search in all bad ip ranges for a match with the current ip - foreach($GLOBALS['LOOKUPSERVER_IP_BLACKLIST'] as $bad_ip) { - if(strpos($ip, $bad_ip) === 0) $found=true; - } - if($found) { - $util = new Util(); - $util->log('REQUEST FROM BLACKLIST IP BLOCKED: '.$ip); - exit; - } - - // register new ip - $ip = ip2long($_SERVER['REMOTE_ADDR']); - $stmt = DB::prepare('insert into apitraffic (ip,count) values (:ip,1) on duplicate key update count=count+1 '); - $stmt->bindParam(':ip', $ip, \PDO::PARAM_STR); - $stmt->execute(); - - $stmt = DB::prepare('select count from apitraffic where ip=:ip '); - $stmt->bindParam(':ip', $ip, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - - if($num==0) return(true); - $data = $stmt->fetch(\PDO::FETCH_ASSOC); - if($data['count']>LOOKUPSERVER_MAX_REQUESTS) { - echo(json_encode(array('error'=>'Too many requests. Please try again later.'),JSON_PRETTY_PRINT)); - exit; - } - - - } - - - /** - * cleans up the api traffic limit database table. - * this function should be call by a cronjob every 10 minutes - */ - public function cleanupTrafficLimit() { - $stmt = DB::prepare('truncate apitraffic'); - $stmt->execute(); - } - - -} diff --git a/server/lib/DB.php b/server/lib/DB.php deleted file mode 100755 index 335f5aa..0000000 --- a/server/lib/DB.php +++ /dev/null @@ -1,54 +0,0 @@ -<?php - -/** -* Lookup Server DB Lib -* -* @author Frank Karlitschek -* @copyright 2016 Frank Karlitschek frank@karlitschek.de -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - -namespace LookupServer; - -/** -* The LookUp Server database access class -*/ -class DB { - - static private $connection = null; - - /** - * prepare a query on the database - * - * @param string $cmd - * @return \PDOStatement object $stmt - */ - public static function prepare($cmd) { - if(self::$connection === null) { - self::$connection = new \PDO(LOOKUPSERVER_DB_STRING, LOOKUPSERVER_DB_LOGIN, LOOKUPSERVER_DB_PASSWD); - self::$connection -> setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); - - if (!self::$connection) { - @ob_end_clean(); - echo('Can not connect to the database. Please check your configuration.'); - exit(); - } - } - $stmt = self::$connection->prepare($cmd); - return($stmt); - } - -} diff --git a/server/lib/Data.php b/server/lib/Data.php deleted file mode 100755 index 9a6836a..0000000 --- a/server/lib/Data.php +++ /dev/null @@ -1,368 +0,0 @@ -<?php - -/** -* @author Frank Karlitschek -* @copyright 2016 Frank Karlitschek frank@karlitschek.de -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - -namespace LookupServer; - -/** - * The main class of the Lookup Server - */ -class Data { - - /** - * Get an user data entry - * @param string $key - * @return array $data - */ - public function getByKey($key) { - $util = new Util(); - $stmt = DB::prepare('select userid,federationid,name,email,organisation,country,city,picture,vcard from user where authkey = :key'); - $stmt->bindParam(':key', $key, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - - if ($num==0) { - return false; - } - - if ($num>1) { - $util->error('more then one DB entry found for key: '.$key); - } - $data = $stmt->fetch(\PDO::FETCH_ASSOC); - return($data); - } - - - /** - * Get an user data entry by email - * @param string $email - * @return array $data - */ - public function getByEmail($email) { - $util = new Util(); - $stmt = DB::prepare('select userid,federationid,name,email,organisation,country,city,picture,vcard from user where email=:email and karma>0'); - $stmt->bindParam(':email', $email, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - if ($num==0) { - return false; - } - - if ($num>1) { - $util->error('more then one DB entry found for email: '.$email); - } - - $data = $stmt->fetch(\PDO::FETCH_ASSOC); - return($data); - } - - /** - * Get an user data entry by userid - * @param string $userid - * @return array $data - */ - public function getByUserId($userid) { - $util = new Util(); - $stmt = DB::prepare('select userid,federationid,name,email,organisation,country,city,picture,vcard from user where userid=:userid and karma>0'); - $stmt->bindParam(':userid', $userid, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - if ($num==0) { - return false; - } - - if ($num>1) { - $util->error('more then one DB entry found for userid: '.$userid); - } - - $data = $stmt->fetch(\PDO::FETCH_ASSOC); - return($data); - } - - /** - * Check if user exists - * @param string $key - * @return bool $exists - */ - public function userExist($key) { - $stmt = DB::prepare('select userid from user where authkey = :key'); - $stmt->bindParam(':key', $key, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - - if($num>0) { - return true; - } else { - return false; - } - } - - - /** - * Search users - * @param string $search - * @param string $start - * @param string $count - * @return array $data - */ - public function searchuser($search,$start,$count) { - $searchstr = ''.$search.''; - $stmt = DB::prepare("select userid,federationid,name,email,organisation,country,city,picture,vcard from user where match (name,email,organisation,country,city) against (:search in boolean mode) and karma>0 order by karma desc limit :start,:count"); - $stmt->bindParam(':search', $searchstr, \PDO::PARAM_STR); - $stmt->bindParam(':start', $start, \PDO::PARAM_INT); - $stmt->bindParam(':count', $count, \PDO::PARAM_INT); - $stmt->execute(); - $num=$stmt->rowCount(); - - $content=array(); - for($i = 0; $i < $num; $i++) { - $content[]=$stmt->fetch(\PDO::FETCH_ASSOC); - } - return($content); - } - - /** - * exportReplication - * @param int $timestamp - * @param int $start - * @param int $count - * @param bool $fullfetch Get all entries not only the local modified ones - * @param bool $slave Don't read the authkey. Useful for replication for not trusted read only nodes - * @return array $data - */ - public function exportReplication($timestamp,$start,$count,$fullfetch,$slave) { - if(!$fullfetch) $fullquery = 'localchange=1 and'; else $fullquery = ''; - if(!$slave) $authquery = ',authkey'; else $authquery = ''; - $query = "select userid".$authquery.",federationid,name,email,organisation,country,city,picture,vcard,karma,changed,created from user where ".$fullquery." changed >= :timestamp limit :start,:count"; - $stmt = DB::prepare($query); - $stmt->bindParam(':timestamp', $timestamp, \PDO::PARAM_STR); - $stmt->bindParam(':start', $start, \PDO::PARAM_INT); - $stmt->bindParam(':count', $count, \PDO::PARAM_INT); - $stmt->execute(); - $num=$stmt->rowCount(); - - $content=array(); - for($i = 0; $i < $num; $i++) { - $content[]=$stmt->fetch(\PDO::FETCH_ASSOC); - } - return($content); - } - - - - /** - * Create a user - * @param string $key - * @param string $federationid - * @param string $name - * @param string $email - * @param string $organisation - * @param string $country - * @param string $city - * @param string $picture - * @param string $vcard - */ - public function store($key,$federationid,$name,$email,$organisation,$country,$city,$picture,$vcard) { - $util = new Util(); - - // check if email already exists - if($this->getByEmail($email)) { - $util->error('Can\'t store user because of duplicate email: '.$email); - } - - $userid = $util->generateUserId(); - $created = time(); - $changed = time(); - $stmt = DB::prepare('insert into user (userid,authkey,federationid,name,email,organisation,country,city,picture,vcard,created,changed,localchange) values(:userid,:authkey,:federationid,:name,:email,:organisation,:country,:city,:picture,:vcard,:created,:changed,1)'); - $stmt->bindParam(':userid', $userid, \PDO::PARAM_STR); - $stmt->bindParam(':authkey', $key, \PDO::PARAM_STR); - $stmt->bindParam(':federationid', $federationid, \PDO::PARAM_STR); - $stmt->bindParam(':name', $name, \PDO::PARAM_STR); - $stmt->bindParam(':email', $email, \PDO::PARAM_STR); - $stmt->bindParam(':organisation', $organisation, \PDO::PARAM_STR); - $stmt->bindParam(':country', $country, \PDO::PARAM_STR); - $stmt->bindParam(':city', $city, \PDO::PARAM_STR); - $stmt->bindParam(':picture', $picture, \PDO::PARAM_STR); - $stmt->bindParam(':vcard', $vcard, \PDO::PARAM_STR); - $stmt->bindParam(':created', $created, \PDO::PARAM_INT); - $stmt->bindParam(':changed', $changed, \PDO::PARAM_INT); - $stmt->execute(); - } - - /** - * Update user - * @param string $key - * @param string $federationid - * @param string $name - * @param string $email - * @param string $organisation - * @param string $country - * @param string $city - * @param string $picture - * @param string $vcard - */ - public function update($key,$federationid,$name,$email,$organisation,$country,$city,$picture,$vcard) { - $util = new Util(); - - // check if email already exists - $query = 'select userid from user where email=:email and authkey!=:authkey'; - $stmt = DB::prepare($query); - $stmt->bindParam(':authkey', $key, \PDO::PARAM_STR); - $stmt->bindParam(':email', $email, \PDO::PARAM_STR); - $stmt->execute(); - $num = $stmt->rowCount(); - if ($num>0) { - $util -> error('ERROR UPDATE USER: Can\'t update user because of duplicate email: '.$email); - } - - $changed = time(); - $stmt = DB::prepare('update user set federationid=:federationid,name=:name,email=:email,organisation=:organisation,country=:country,city=:city,picture=:picture,vcard=:vcard,changed=:changed,localchange=1 where authkey=:authkey'); - $stmt->bindParam(':authkey', $key, \PDO::PARAM_STR); - $stmt->bindParam(':federationid', $federationid, \PDO::PARAM_STR); - $stmt->bindParam(':name', $name, \PDO::PARAM_STR); - $stmt->bindParam(':email', $email, \PDO::PARAM_STR); - $stmt->bindParam(':organisation', $organisation, \PDO::PARAM_STR); - $stmt->bindParam(':country', $country, \PDO::PARAM_STR); - $stmt->bindParam(':city', $city, \PDO::PARAM_STR); - $stmt->bindParam(':picture', $picture, \PDO::PARAM_STR); - $stmt->bindParam(':vcard', $vcard, \PDO::PARAM_STR); - $stmt->bindParam(':changed', $changed, \PDO::PARAM_INT); - $stmt->execute(); - } - - /** - * Delete an user data entry - * @param string $key - */ - public function deleteByKey($key) { - $changed = time(); - $stmt = DB::prepare("update user set federationid='',name='',email='',organisation='',country='',city='',picture='',vcard='',changed=:changed,localchange=1,karma=-1,changed=:changed where authkey = :key"); - $stmt->bindParam(':changed', $changed, \PDO::PARAM_INT); - $stmt->bindParam(':key', $key, \PDO::PARAM_STR); - $stmt->execute(); - } - - /** - * Import data from a remote server - * @param array $date - */ - public function importReplication($data) { - $stmt = DB::prepare('insert into user (userid,authkey,federationid,name,email,organisation,country,city,picture,vcard,karma,created,changed,localchange) values(:userid,:authkey,:federationid,:name,:email,:organisation,:country,:city,:picture,:vcard,:karma,:created,:changed,0) ON DUPLICATE KEY UPDATE userid=:userid,authkey=:authkey,federationid=:federationid,name=:name,email=:email,organisation=:organisation,country=:country,city=:city,picture=:picture,vcard=:vcard,karma=:karma,created=:created,changed=:changed,localchange=0 '); - $stmt->bindParam(':userid', $data -> userid, \PDO::PARAM_STR); - $stmt->bindParam(':authkey', $data -> authkey, \PDO::PARAM_STR); - $stmt->bindParam(':federationid', $data -> federationid, \PDO::PARAM_STR); - $stmt->bindParam(':name', $data -> name, \PDO::PARAM_STR); - $stmt->bindParam(':email', $data -> email, \PDO::PARAM_STR); - $stmt->bindParam(':organisation', $data -> organisation, \PDO::PARAM_STR); - $stmt->bindParam(':country', $data -> country, \PDO::PARAM_STR); - $stmt->bindParam(':city', $data -> city, \PDO::PARAM_STR); - $stmt->bindParam(':picture', $data -> picture, \PDO::PARAM_STR); - $stmt->bindParam(':vcard', $data -> vcard, \PDO::PARAM_STR); - $stmt->bindParam(':karma', $data -> karma, \PDO::PARAM_STR); - $stmt->bindParam(':created', $data -> created, \PDO::PARAM_INT); - $stmt->bindParam(':changed', $data -> changed, \PDO::PARAM_INT); - $stmt->execute(); - } - - /** - * Update Karma - */ - public function updateKarma($userid) { - $stmt=DB::prepare("select userid,karma,email,emailstatus from user where userid=:userid"); - $stmt->bindParam(':userid', $userid, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - - if($num==1) { - $karma = 0; - $content=$stmt->fetch(\PDO::FETCH_ASSOC); - if($content['karma']==-1) return; // deleted account. nothing todo - if($content['emailstatus']==1) $karma++; - - $stmt=DB::prepare("update user set karma=:karma where userid=:userid"); - $stmt->bindParam(':karma', $karma, \PDO::PARAM_STR); - $stmt->bindParam(':userid', $userid, \PDO::PARAM_STR); - $stmt->execute(); - } - - } - - - /** - * Send Email - */ - public function sendEmail($to,$subject,$text) { - $headers = 'From: '.LOOKUPSERVER_EMAIL_SENDER."\r\n" .'Reply-To: '.LOOKUPSERVER_EMAIL_SENDER."\r\n" .'X-Mailer: PHP/' . phpversion(); - mail($to, $subject, $text, $headers); - } - - - /** - * Start email verification - */ - public function startEmailVerification($authkey,$email) { - $util = new Util(); - $key = rand(1000000000,2000000000); - - $stmt=DB::prepare("update user set emailstatus=:emailstatus,karma=0 where authkey = :authkey"); - $stmt->bindParam(':emailstatus', $key, \PDO::PARAM_STR); - $stmt->bindParam(':authkey', $authkey, \PDO::PARAM_STR); - $stmt->execute(); - - $text = 'Please click this link to confirm your account: '.LOOKUPSERVER_PUBLIC_URL.'/verifyemail.php?key='.$key; - $this->sendEmail($email, 'Email Confirmation', $text); - $util -> Log('Email verification mail sent. EMAIL: '.$email); - } - - /** - * Verify Email - */ - public function verifyEmail() { - $util = new Util(); - if(isset($_GET['key'])) $key = $_GET['key']; else $key = ''; - - $stmt=DB::prepare("select userid from user where emailstatus=:key"); - $stmt->bindParam(':key', $key, \PDO::PARAM_STR); - $stmt->execute(); - $num=$stmt->rowCount(); - - if($num==1) { - $content=$stmt->fetch(\PDO::FETCH_ASSOC); - $userid = $content['userid']; - $emailstatus = 1; - $stmt=DB::prepare("update user set emailstatus=:emailstatus where userid=:userid"); - $stmt->bindParam(':emailstatus', $emailstatus, \PDO::PARAM_STR); - $stmt->bindParam(':userid', $userid, \PDO::PARAM_STR); - $stmt->execute(); - - $this->updateKarma($userid); - - $util -> Log('Email verified. USER: '.$userid.' KEY: '.$key); - echo('email verified'); - - - } else { - $util -> Log('Email NOT verified. KEY: '.$key); - echo('email not verified'); - } - - } - -} diff --git a/server/lib/Server.php b/server/lib/Server.php deleted file mode 100755 index c3f4178..0000000 --- a/server/lib/Server.php +++ /dev/null @@ -1,291 +0,0 @@ -<?php - -/** -* @author Frank Karlitschek -* @copyright 2016 Frank Karlitschek frank@karlitschek.de -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - -namespace LookupServer; - -/** - * The main class of the Lookup Server - */ -class Server { - - /** - * Handle an incoming REST call - */ - public function handlerequest() { - $util = new Util(); - - if(!isset($_SERVER['REQUEST_METHOD'])) $util->error('no request method'); - $method = $_SERVER['REQUEST_METHOD']; - - switch ($method) { - case 'PUT': - $this->updateuser(); - break; - case 'POST': - $this->createuser(); - break; - case 'GET': - if(isset($_GET['search'])) { - $this->searchusers(); - }elseif(isset($_GET['email'])) { - $this->getUserByEmail($_GET['email']); - }elseif(isset($_GET['userid'])) { - $this->getUserByUserId($_GET['userid']); - } else { - $this->getUserByKey(); - } - break; - case 'DELETE': - $this->deleteuser(); - break; - default: - $util->error('invalid request'); - } - - } - - /** - * Handle an incoming Replication REST call - */ - public function handleReplication() { - $util = new Util(); - - if(!isset($_SERVER['REQUEST_METHOD'])) $util->error('no request method'); - $method = $_SERVER['REQUEST_METHOD']; - - if($method == 'GET' and isset($_GET['timestamp']) and isset($_SERVER['PHP_AUTH_PW'])) { - - if(isset($_SERVER['PHP_AUTH_PW']) and isset($_SERVER['PHP_AUTH_USER']) and ($_SERVER['PHP_AUTH_PW']==LOOKUPSERVER_REPLICATION_AUTH) and (LOOKUPSERVER_REPLICATION_AUTH<>'foobar') ) { - $this->exportReplication(false); - }elseif(isset($_SERVER['PHP_AUTH_PW']) and isset($_SERVER['PHP_AUTH_USER']) and ($_SERVER['PHP_AUTH_PW']==LOOKUPSERVER_SLAVEREPLICATION_AUTH) and (LOOKUPSERVER_SLAVEREPLICATION_AUTH<>'slavefoobar') ) { - $this->exportReplication(true); - } else { - $util -> replicationLog('Invalid replication auth: '.$_SERVER['PHP_AUTH_PW']); - $util -> error('Invalid replication auth'); - } - - } else { - $util->error('invalid replication request'); - } - - } - - /** - * Get User - */ - public function getUserByKey() { - if(isset($_GET['key'])) { - $util = new Util(); - $util -> log('GET USER BY KEY: '.$_GET['key']); - $data = new Data(); - $user = $data -> getByKey($_GET['key']); - echo(json_encode($user,JSON_PRETTY_PRINT)); - } - } - - - /** - * Get User by email - */ - public function getUserByEmail() { - if(isset($_GET['email'])) { - $util = new Util(); - $util -> log('GET USER BY EMAIL: '.$_GET['email']); - $data = new Data(); - $user = $data -> getByEmail($_GET['email']); - echo(json_encode($user,JSON_PRETTY_PRINT)); - } - } - - /** - * Get User by userid - */ - public function getUserByUserId() { - if(isset($_GET['userid'])) { - $util = new Util(); - $util -> log('GET USER BY USERID: '.$_GET['userid']); - $data = new Data(); - $user = $data -> getByUserId($_GET['userid']); - echo(json_encode($user,JSON_PRETTY_PRINT)); - } - } - - - /** - * Search Users - */ - public function searchusers() { - $pagesize = 10; - if(isset($_GET['search']) and isset($_GET['page'])) { - $util = new Util(); - $util -> log('SEARCH USER : '.$_GET['search'].' PAGE:'.$_GET['page']); - if($_GET['page'] > LOOKUPSERVER_MAX_SEARCH_PAGE) { - $util = new Util(); - $util->error('page number is too high'); - } - $data = new Data(); - $users = $data -> searchuser($_GET['search'], $_GET['page']*$pagesize, $pagesize); - echo(json_encode($users,JSON_PRETTY_PRINT)); - } - } - - - /** - * Create User - */ - public function createuser() { - $util = new Util(); - if(isset($_POST['key']) and - isset($_POST['federationid']) and - isset($_POST['name']) and - isset($_POST['email']) and - isset($_POST['organisation']) and - isset($_POST['country']) and - isset($_POST['city']) and - isset($_POST['picture']) and - isset($_POST['vcard']) - ){ - $key = $util -> sanitize($_POST['key']); - $federationid = $util -> sanitize($_POST['federationid']); - $name = $util -> sanitize($_POST['name']); - $email = $util -> sanitize($_POST['email']); - $organisation = $util -> sanitize($_POST['organisation']); - $country = $util -> sanitize($_POST['country']); - $city = $util -> sanitize($_POST['city']); - $picture = $util -> sanitize($_POST['picture']); - $vcard = $util -> sanitize($_POST['vcard']); - - $util -> log('CREATE USER : '.$key); - - $d = new Data(); - $user = $d -> userExist($key); - if(!$user) { - $d -> store($key,$federationid,$name,$email,$organisation,$country,$city,$picture,$vcard); - } else { - $d -> update($key,$federationid,$name,$email,$organisation,$country,$city,$picture,$vcard); - } - $d -> startEmailVerification($key,$email); - echo(json_encode(true,JSON_PRETTY_PRINT)); - } - } - - - /** - * Update User - */ - public function updateuser() { - $util = new Util(); - parse_str(file_get_contents('php://input'), $PUT); - - if(isset($PUT['key']) and - isset($PUT['federationid']) and - isset($PUT['name']) and - isset($PUT['email']) and - isset($PUT['organisation']) and - isset($PUT['country']) and - isset($PUT['city']) and - isset($PUT['picture']) and - isset($PUT['vcard']) - ){ - $key = $util -> sanitize($PUT['key']); - $federationid = $util -> sanitize($PUT['federationid']); - $name = $util -> sanitize($PUT['name']); - $email = $util -> sanitize($PUT['email']); - $organisation = $util -> sanitize($PUT['organisation']); - $country = $util -> sanitize($PUT['country']); - $city = $util -> sanitize($PUT['city']); - $picture = $util -> sanitize($PUT['picture']); - $vcard = $util -> sanitize($PUT['vcard']); - $util -> log('UPDATE USER : '.$key); - - $d = new Data(); - $olddata = $d -> getByKey($key); - $d -> update($key,$federationid,$name,$email,$organisation,$country,$city,$picture,$vcard); - if($olddata['email']<>$email) $d -> startEmailVerification($key,$email); - echo(json_encode(true,JSON_PRETTY_PRINT)); - } - } - - - /** - * Delete User - */ - public function deleteuser() { - $data = new Data(); - if(isset($_GET['key'])) { - $util = new Util(); - $util->log('DELETE USER : '.$_GET['key']); - $data->deleteByKey($_GET['key']); - echo(json_encode(true,JSON_PRETTY_PRINT)); - } - } - - /** - * Get users for replication - */ - public function exportReplication($slave) { - $pagesize = 10; - if(isset($_GET['fullfetch'])) $fullfetch = true; else $fullfetch = false; - if(isset($_GET['timestamp']) and isset($_GET['page'])) { - $util = new Util(); - $util -> replicationLog('GET TIMESTAMP: '.$_GET['timestamp'].' PAGE: '.$_GET['page'].' FULLFETCH: '.json_encode($fullfetch).' SLAVE: '.json_encode($slave)); - $data = new Data(); - $users = $data -> exportReplication($_GET['timestamp'], $_GET['page']*$pagesize, $pagesize, $fullfetch, $slave); - echo(json_encode($users,JSON_PRETTY_PRINT)); - } - } - - - /** - * Import replication log - */ - public function importReplication() { - global $LOOKUPSERVER_REPLICATION_HOSTS; - $data = new Data(); - $util = new Util(); - - foreach($LOOKUPSERVER_REPLICATION_HOSTS as $host) { - $timestamp = time() - LOOKUPSERVER_REPLICATION_INTERVAL; - $page=0; - $count=1; - while($count<>0) { - $util -> replicationLog('FETCH HOST: '.$host.' TIMESTAMP: '.$timestamp.' PAGE: '.$page); - $replicationdata = file_get_contents($host.'/replication.php?timestamp='.$timestamp.'&page='.$page); - $entries = json_decode($replicationdata); - $count = count($entries); - for ($i = 0; $i < $count; $i++) $data -> importReplication($entries[$i]); - $page++; - } - } - } - - - /** - * Cleanup - */ - public function cleanup() { - // cleanup the traffic limit DB table - $bf = new BruteForce(); - $bf->cleanupTrafficLimit(); - } - - -} diff --git a/server/lib/Util.php b/server/lib/Util.php deleted file mode 100755 index 9585c9e..0000000 --- a/server/lib/Util.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php - -/** -* Lookup Server DB Lib -* -* @author Frank Karlitschek -* @copyright 2016 Frank Karlitschek frank@karlitschek.de -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - -namespace LookupServer; - -/** -* The LookUp util class -*/ -class Util { - - /** - * Handle error - * @param string $text - */ - public function error($text) { - error_log($text); - $this -> log($text); - if(LOOKUPSERVER_ERROR_VERBOSE) echo(json_encode(array('error' => $text))); - exit; - } - - /** - * Generate random userid - * @return string $userids - */ - public function generateUserId() { - return(rand(1,9200000000000000000)); // mysql bigint - } - - /** - * Sanitize some input - * @param string $text - * @return string - */ - public function sanitize($text) { - $found = false; - // search in all bad ip ranges for a match with the current ip - foreach($GLOBALS['LOOKUPSERVER_SPAM_BLACKLIST'] as $bad_word) { - if(stripos($text, $bad_word) <> false) $found = true; - } - if($found) { - $util = new Util(); - $util->log('SPAM WORD FOUND IN: '.$text); - exit; - } - return(strip_tags($text)); - } - - /** - * Logfile handler - * @param string $text - */ - public function log($text) { - if(LOOKUPSERVER_LOG<>'') { - file_put_contents(LOOKUPSERVER_LOG, $_SERVER['REMOTE_ADDR'].' '.'['.date('c').']'.' '.$text."\n", FILE_APPEND); - } - } - - /** - * Replication Logfile handler - * @param string $text - */ - public function replicationLog($text) { - if(LOOKUPSERVER_REPLICATION_LOG<>'') { - if(isset($_SERVER['REMOTE_ADDR'])) $remote_addr = $_SERVER['REMOTE_ADDR']; else $remote_addr = 'local'; - file_put_contents(LOOKUPSERVER_REPLICATION_LOG, $remote_addr.' '.'['.date('c').']'.' '.$text."\n", FILE_APPEND); - } - } - - -} |