diff options
| author | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-04 14:39:11 +0000 |
|---|---|---|
| committer | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-04 14:39:11 +0000 |
| commit | 74dafd4ec901db76148cc0894b94d0e80fadec08 (patch) | |
| tree | 20b918ca994cdc86d419114c3a2afd4ea5d87adc | |
| parent | 67458a97c7425593a157436c4ac42c87703bc67e (diff) | |
| download | instadisc-74dafd4ec901db76148cc0894b94d0e80fadec08.tar.gz instadisc-74dafd4ec901db76148cc0894b94d0e80fadec08.tar.bz2 instadisc-74dafd4ec901db76148cc0894b94d0e80fadec08.zip | |
Central: Reverted instadisc.php
For some reason, instadisc.php was accidentally replaced with xmlrpc.php and commited. It has been reverted now. Also, xmlrpc.php has been using $_SERVER['HTTP_HOST'], but that variable returns the server's address PLUS the port number. $_SERVER['SERVER_NAME'] is much more appropriate for this instance.
| -rw-r--r-- | central/trunk/instadisc.php | 474 | ||||
| -rw-r--r-- | central/trunk/xmlrpc.php | 4 |
2 files changed, 283 insertions, 195 deletions
| diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 3b734ad..2a7cbb9 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
| @@ -2,283 +2,371 @@ | |||
| 2 | 2 | ||
| 3 | /* InstaDisc Server - A Four Island Project */ | 3 | /* InstaDisc Server - A Four Island Project */ |
| 4 | 4 | ||
| 5 | include('xmlrpc/xmlrpc.inc'); | 5 | include_once('db.php'); |
| 6 | include('xmlrpc/xmlrpcs.inc'); | 6 | include_once('class.phpmailer.php'); |
| 7 | include('db.php'); | ||
| 8 | include('instadisc.php'); | ||
| 9 | 7 | ||
| 10 | function checkRegistration($username, $verification, $verificationID) | 8 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) |
| 11 | { | 9 | { |
| 12 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 10 | $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; |
| 11 | $getverid2 = mysql_query($getverid); | ||
| 12 | $getverid3 = mysql_fetch_array($getverid2); | ||
| 13 | if ($getverid3['id'] != $verificationID) | ||
| 13 | { | 14 | { |
| 14 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 15 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; |
| 15 | } | ||
| 16 | |||
| 17 | return new xmlrpcresp(new xmlrpcval(1, "int")); | ||
| 18 | } | ||
| 19 | |||
| 20 | function deleteItem($username, $verification, $verificationID, $id) | ||
| 21 | { | ||
| 22 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | ||
| 23 | { | ||
| 24 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; | ||
| 25 | $getitem2 = mysql_query($getitem); | 16 | $getitem2 = mysql_query($getitem); |
| 26 | $getitem3 = mysql_fetch_array($getitem2); | 17 | $getitem3 = mysql_fetch_array($getitem2); |
| 27 | if ($getitem3['id'] == $id) | 18 | if ($getitem3[$nameField] == $username) |
| 28 | { | 19 | { |
| 29 | $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; | 20 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; |
| 30 | $delitem2 = mysql_query($delitem); | ||
| 31 | 21 | ||
| 32 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 22 | if (md5($test) == $verification) |
| 23 | { | ||
| 24 | $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 25 | $cntverid2 = mysql_query($cntverid); | ||
| 26 | $cntverid3 = mysql_fetch_array($cntverid2); | ||
| 27 | if ($cntverid3[0] >= intval(instaDisc_getConfig('verIDBufferSize'))) | ||
| 28 | { | ||
| 29 | $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 30 | $delverid2 = mysql_query($delverid); | ||
| 31 | } | ||
| 32 | |||
| 33 | $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; | ||
| 34 | $insverid2 = mysql_query($insverid); | ||
| 35 | |||
| 36 | return true; | ||
| 37 | } | ||
| 33 | } | 38 | } |
| 34 | } | 39 | } |
| 35 | 40 | ||
| 36 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 41 | return false; |
| 37 | } | 42 | } |
| 38 | 43 | ||
| 39 | function resendItem($username, $verification, $verificationID, $id) | 44 | function instaDisc_sendItem($username, $id) |
| 40 | { | 45 | { |
| 41 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 46 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; |
| 47 | $getitem2 = mysql_query($getitem); | ||
| 48 | $getitem3 = mysql_fetch_array($getitem2); | ||
| 49 | if ($getitem3['username'] == $username) | ||
| 42 | { | 50 | { |
| 43 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; | 51 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 44 | $getitem2 = mysql_query($getitem); | 52 | $getuser2 = mysql_query($getuser); |
| 45 | $getitem3 = mysql_fetch_array($getitem2); | 53 | $getuser3 = mysql_fetch_array($getuser2); |
| 46 | if ($getitem3['id'] == $id) | 54 | |
| 55 | $fp = fsockopen($getuser3['ip'], 4444, $errno, $errstr); | ||
| 56 | if ($fp) | ||
| 47 | { | 57 | { |
| 48 | instaDisc_sendItem($username, $id); | 58 | $verID = rand(1,65536); |
| 49 | 59 | ||
| 50 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 60 | $out = 'ID: ' . $id . "\r\n"; |
| 61 | $out .= 'Verification: ' . md5($username . ':' . $getuser3['password'] . ':' . $verID) . "\r\n"; | ||
| 62 | $out .= 'Verification-ID: ' . $verID . "\r\n"; | ||
| 63 | $out .= 'Subscription: ' . $getitem3['subscription'] . "\r\n"; | ||
| 64 | $out .= 'Title: ' . $getitem3['title'] . "\r\n"; | ||
| 65 | $out .= 'Author: ' . $getitem3['author'] . "\r\n"; | ||
| 66 | $out .= 'URL: ' . $getitem3['url'] . "\r\n"; | ||
| 67 | $out .= "\r\n\r\n"; | ||
| 68 | |||
| 69 | fwrite($fp, $out); | ||
| 70 | fclose($fp); | ||
| 51 | } | 71 | } |
| 52 | } | 72 | } |
| 73 | } | ||
| 53 | 74 | ||
| 54 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 75 | function instaDisc_sendUpdateNotice($softwareVersion) |
| 76 | { | ||
| 77 | $username = instaDisc_getConfig('owner'); | ||
| 78 | $subscription = 'http://' . $_SERVER['HTTP_HOST']; | ||
| 79 | $title = 'Update your software to ' . $software; | ||
| 80 | $author = 'Hatkirby'; | ||
| 81 | $url = 'http://fourisland.com/projects/instadisc/wiki/CentralSoftwareUpdate'; | ||
| 82 | $semantics = array(); | ||
| 83 | |||
| 84 | instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics); | ||
| 55 | } | 85 | } |
| 56 | 86 | ||
| 57 | function requestRetained($username, $verification, $veriicationID) | 87 | function instaDisc_sendDatabase($cserver) |
| 58 | { | 88 | { |
| 59 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 89 | $getdb = "SELECT * FROM centralServers"; |
| 90 | $getdb2 = mysql_query($getdb); | ||
| 91 | $i=0; | ||
| 92 | while ($getdb3[$i] = mysql_fetch_array($getdb2)) | ||
| 60 | { | 93 | { |
| 61 | $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 94 | $db[$getdb3[$i]['url']]['code'] = $getdb3[$i]['code']; |
| 62 | $getitems2 = mysql_query($getitems); | 95 | $db[$getdb3[$i]['url']]['xmlrpc'] = $getdb3[$i]['xmlrpc']; |
| 63 | $i=0; | 96 | $i++; |
| 64 | while ($getitems3[$i] = mysql_fetch_array($getitems2)) | ||
| 65 | { | ||
| 66 | instaDisc_sendItem($username, $getitems3[$i]['itemID']); | ||
| 67 | $i++; | ||
| 68 | } | ||
| 69 | |||
| 70 | return new xmlrpcresp(new xmlrpcval(0, "int")); | ||
| 71 | } | 97 | } |
| 72 | 98 | ||
| 73 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 99 | $cserver2 = $_SERVER['HTTP_HOST']; |
| 100 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 101 | $getuk2 = mysql_query($getuk); | ||
| 102 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 103 | |||
| 104 | $verID = rand(1,65536); | ||
| 105 | |||
| 106 | $client = new xmlrpc_client($cserver); | ||
| 107 | $msg = new xmlrpcmsg("InstaDisc.sendDatabase", array( new xmlrpcval($cserver2, 'string'), | ||
| 108 | new xmlrpcval(md5($cserver2 . ":" . $getuk3['code'] . ":" . $verID), 'string'), | ||
| 109 | new xmlrpcval($verID, 'int'), | ||
| 110 | new xmlrpcval($db, 'array'))); | ||
| 111 | $client->send($msg); | ||
| 74 | } | 112 | } |
| 75 | 113 | ||
| 76 | function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics) | 114 | function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics) |
| 77 | { | 115 | { |
| 78 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 116 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 117 | $getuser2 = mysql_query($getuser); | ||
| 118 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 119 | if ($getuser3['username'] == $username) | ||
| 79 | { | 120 | { |
| 80 | $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; | 121 | $itemID = $getuser3['nextItemID']; |
| 81 | $getusubs2 = mysql_query($getusubs); | 122 | $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 82 | $getusubs3 = mysql_fetch_array($getusubs2); | 123 | $setuser2 = mysql_query($setuser); |
| 83 | if ($getusubs3['username'] == $username) | ||
| 84 | { | ||
| 85 | $cserver = $_SERVER['SERVER_NAME']; | ||
| 86 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\""; | ||
| 87 | $getuk2 = mysql_query($getuk); | ||
| 88 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 89 | |||
| 90 | $getcs = "SELECT * FROM centralServers"; | ||
| 91 | $getcs2 = mysql_query($getcs); | ||
| 92 | $i=0; | ||
| 93 | while ($getcs3[$i] = mysql_fetch_array($getcs2)) | ||
| 94 | { | ||
| 95 | $verID = rand(1,65536); | ||
| 96 | |||
| 97 | $client = new xmlrpc_client($getcs3[$i]['xmlrpc']); | ||
| 98 | $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), | ||
| 99 | new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'), | ||
| 100 | new xmlrpcval($verID, 'int'), | ||
| 101 | new xmlrpcval($subscription, 'string'), | ||
| 102 | new xmlrpcval($title, 'string'), | ||
| 103 | new xmlrpcval($author, 'string'), | ||
| 104 | new xmlrpcval($url, 'string'), | ||
| 105 | new xmlrpcval($semantics, 'array'), | ||
| 106 | new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'), | ||
| 107 | new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int'))); | ||
| 108 | $client->send($msg); | ||
| 109 | $i++; | ||
| 110 | } | ||
| 111 | 124 | ||
| 112 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 125 | $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $itemID . ", \"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($title) . "\", \"" . mysql_real_escape_string($author) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string(serialize($semantics)) . "\")"; |
| 113 | } | 126 | $insitem2 = mysql_query($insitem); |
| 114 | } | ||
| 115 | 127 | ||
| 116 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 128 | instaDisc_sendItem($username, $itemID); |
| 129 | } | ||
| 117 | } | 130 | } |
| 118 | 131 | ||
| 119 | function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion) | 132 | function instaDisc_phpMailer() |
| 120 | { | 133 | { |
| 121 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) | 134 | $mail = new PHPMailer(); |
| 135 | $mail->IsSMTP(); | ||
| 136 | $mail->From = 'instadisc@' . instaDisc_getConfig('mailDomain'); | ||
| 137 | $mail->FromName = 'InstaDisc'; | ||
| 138 | $mail->Host = instaDisc_getConfig('smtpHost'); | ||
| 139 | if (instaDisc_getConfig('smtpAuth') == 'true') | ||
| 122 | { | 140 | { |
| 123 | if ($softwareVersion > instaDisc_getConfig('softwareVersion')) | 141 | $mail->SMTPAuth = true; |
| 124 | { | 142 | $mail->Username = instaDisc_getConfig('smtpUser'); |
| 125 | instaDisc_sendUpdateNotice($softwareVersion); | 143 | $mail->Password = instaDisc_getConfig('smtpPass'); |
| 126 | } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) | 144 | } |
| 127 | { | 145 | $mail->Helo = $_SERVER['HTTP_HOST']; |
| 128 | $cserver2 = $_SERVER['HTTP_HOST']; | 146 | $mail->ClearAddresses(); |
| 129 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 130 | $getuk2 = mysql_query($getuk); | ||
| 131 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 132 | 147 | ||
| 133 | $verID = rand(1,65536); | 148 | return $mail; |
| 149 | } | ||
| 134 | 150 | ||
| 135 | $client = new xmlrpc_client($cserver); | 151 | function instaDisc_sendActivationEmail($username, $password, $email) |
| 136 | $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'), | 152 | { |
| 137 | new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'), | 153 | $penKey = md5(rand(1,65536)); |
| 138 | new xmlrpcval($verID, 'int'), | ||
| 139 | new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'))); | ||
| 140 | $client->send($msg); | ||
| 141 | } | ||
| 142 | 154 | ||
| 143 | if ($databaseVersion > instaDisc_getConfig('databaseVersion')) | 155 | $inspending = "INSERT INTO pending (username, password, email, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string(md5($password)) . "\", \"" . mysql_real_escape_string($email) . "\", \"" . mysql_real_escape_string($penKey) . "\")"; |
| 144 | { | 156 | $inspending2 = mysql_query($inspending); |
| 145 | $cserver2 = $_SERVER['HTTP_HOST']; | ||
| 146 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 147 | $getuk2 = mysql_query($getuk); | ||
| 148 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 149 | 157 | ||
| 150 | $verID = rand(1,65536); | 158 | $mail = instaDisc_phpMailer(); |
| 159 | $mail->AddAddress($email, $username); | ||
| 160 | $mail->Subject = 'InstaDisc Account Verification'; | ||
| 161 | $mail->Body = "Hello, someone has recently registered an account at " . $_SERVER['HTTP_HOST'] . " with your email address. If that was you, and your chosen username IS " . $username . ", then copy the account verification code below to our Account Verification page, enter your username and press Activate!\r\n\r\n" . $penKey . "\r\n\r\nIf that was not you, copy the above code to our Account Verification page, enter the above username, and click Delete."; | ||
| 151 | 162 | ||
| 152 | $client = new xmlrpc_client($cserver); | 163 | return $mail->Send(); |
| 153 | $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'), | 164 | } |
| 154 | new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'), | ||
| 155 | new xmlrpcval($verID, 'int'), | ||
| 156 | new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int'))); | ||
| 157 | $client->send($msg); | ||
| 158 | } else if ($databaseVersion < instaDisc_getConfig('databaseVersion')) | ||
| 159 | { | ||
| 160 | instaDisc_sendDatabase($cserver); | ||
| 161 | } | ||
| 162 | 165 | ||
| 163 | $getsed = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\""; | 166 | function instaDisc_activateAccount($username, $penKey) |
| 164 | $getsed2 = mysql_query($getsed); | 167 | { |
| 165 | $i=0; | 168 | $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\""; |
| 166 | while ($getsed3[$i] = mysql_fetch_array($getsed2)) | 169 | $getuser2 = mysql_query($getuser); |
| 167 | { | 170 | $getuser3 = mysql_fetch_array($getuser2); |
| 168 | instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics); | 171 | if ($getuser3['username'] == $username) |
| 169 | $i++; | 172 | { |
| 170 | } | 173 | $insuser = "INSERT INTO users (username, password, email) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($getuser3['password']) . "\", \"" . mysql_real_escape_string($getuser3['email']) . "\")"; |
| 174 | $insuser2 = mysql_query($insuser); | ||
| 171 | 175 | ||
| 172 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 176 | $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 177 | $delpending2 = mysql_query($delpending); | ||
| 178 | |||
| 179 | $mail = instaDisc_phpMailer(); | ||
| 180 | $mail->AddAddress($getuser3['email'], $username); | ||
| 181 | $mail->Subject = 'Welcome to InstaDisc!'; | ||
| 182 | $mail->Body = "Welcome to InstaDisc! Thank you for registering at " . instaDisc_getConfig('siteName') . " Central Server, we hope you enjoy our service! Now, when you download an InstaDisc Client, it will ask you for the following information which you will need to enter into it for it to work:\r\n\r\nUsername: " . $username . "\r\nPassword: (you should know this, it's not displayed here for security reasons)\r\nCentral Server URL: " . instaDisc_getConfig("xmlrpcURL") . "\r\n\r\nOnce again, thank you for choosing " . instaDisc_getConfig("siteName") . "!"; | ||
| 183 | |||
| 184 | return $mail->Send(); | ||
| 185 | } else { | ||
| 186 | return false; | ||
| 173 | } | 187 | } |
| 188 | } | ||
| 189 | |||
| 190 | function instaDisc_deactivateAccount($username, $penKey) | ||
| 191 | { | ||
| 192 | $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\""; | ||
| 193 | $getuser2 = mysql_query($getuser); | ||
| 194 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 195 | if ($getuser3['username'] == $username) | ||
| 196 | { | ||
| 197 | $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 198 | $delpending2 = mysql_query($delpending); | ||
| 174 | 199 | ||
| 175 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 200 | return true; |
| 201 | } else { | ||
| 202 | return false; | ||
| 203 | } | ||
| 176 | } | 204 | } |
| 177 | 205 | ||
| 178 | function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion) | 206 | function instaDisc_verifyUser($username, $password) |
| 179 | { | 207 | { |
| 180 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) | 208 | return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password'); |
| 209 | } | ||
| 210 | |||
| 211 | function instaDisc_deleteAccount($username) | ||
| 212 | { | ||
| 213 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 214 | $getuser2 = mysql_query($getuser); | ||
| 215 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 216 | if ($getuser3['username'] == $username) | ||
| 181 | { | 217 | { |
| 182 | if ($softwareVersion > instaDisc_getConfig('softwareVersion')) | 218 | $deluser = "DELETE FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 183 | { | 219 | $deluser2 = mysql_query($deluser); |
| 184 | instaDisc_sendUpdateNotice($softwareVersion); | ||
| 185 | 220 | ||
| 186 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 221 | $delsubs = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 187 | } | 222 | $delsubs2 = mysql_query($delsubs); |
| 223 | |||
| 224 | $delitems = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 225 | $delitems2 = mysql_query($delitems); | ||
| 226 | |||
| 227 | return true; | ||
| 188 | } | 228 | } |
| 189 | 229 | ||
| 190 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 230 | return false; |
| 191 | } | 231 | } |
| 192 | 232 | ||
| 193 | function askForDatabase($cserver, $verification, $verificationID, $databaseVersion) | 233 | function instaDisc_getConfig($key) |
| 194 | { | 234 | { |
| 195 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) | 235 | $getconfig = "SELECT * FROM config WHERE name = \"" . mysql_real_escape_string($key) . "\""; |
| 236 | $getconfig2 = mysql_query($getconfig); | ||
| 237 | $getconfig3 = mysql_fetch_array($getconfig2); | ||
| 238 | |||
| 239 | return $getconfig3['value']; | ||
| 240 | } | ||
| 241 | |||
| 242 | function instaDisc_listSubscriptions($username) | ||
| 243 | { | ||
| 244 | $getsubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"true\""; | ||
| 245 | $getsubs2 = mysql_query($getsubs); | ||
| 246 | $i=0; | ||
| 247 | while ($getsubs3[$i] = mysql_fetch_array($getsubs2)) | ||
| 196 | { | 248 | { |
| 197 | if ($databaseVersion < instaDisc_getConfig('databaseVersion')) | 249 | $subs[$i] = $getsubs3[$i]['url']; |
| 198 | { | ||
| 199 | instaDisc_sendDatabase($cserver); | ||
| 200 | 250 | ||
| 201 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 251 | $i++; |
| 202 | } | ||
| 203 | } | 252 | } |
| 204 | 253 | ||
| 205 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 254 | $subs['size'] = $i; |
| 255 | return $subs; | ||
| 206 | } | 256 | } |
| 207 | 257 | ||
| 208 | function deleteSubscription($username, $verification, $verificationID, $subscription) | 258 | function instaDisc_addSubscription($username, $url) |
| 209 | { | 259 | { |
| 210 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 260 | $getcode = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; |
| 261 | $getcode2 = mysql_query($getcode); | ||
| 262 | $getcode3 = mysql_fetch_array($getcode2); | ||
| 263 | if ($getcode3['username'] == $username) | ||
| 211 | { | 264 | { |
| 212 | $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; | 265 | $delcode = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; |
| 213 | $getsub2 = mysql_query($getsub); | 266 | $delcode2 = mysql_query($delcode); |
| 214 | $getsub3 = mysql_fetch_array($getsub2); | 267 | |
| 215 | if ($getsub3['url'] == $subscription) | 268 | $c = curl_init(); |
| 269 | curl_setopt($c, CURLOPT_URL, $url); | ||
| 270 | curl_setopt($c, CURLOPT_HEADER, false); | ||
| 271 | curl_setopt($c, CURLOPT_RETURNTRANSFER, true); | ||
| 272 | $page_data = curl_exec($c); | ||
| 273 | curl_close($c); | ||
| 274 | |||
| 275 | $headers = split("\n", $page_date); | ||
| 276 | foreach ($headers as $name => $value) | ||
| 216 | { | 277 | { |
| 217 | $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; | 278 | $header = split(": ", $value); |
| 218 | $delsub2 = mysql_query($delsub); | 279 | $headerMap[$header[0]] = $header[1]; |
| 280 | } | ||
| 219 | 281 | ||
| 220 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 282 | if (isset($header['Subscription'])) |
| 283 | { | ||
| 284 | if (isset($header['Title'])) | ||
| 285 | { | ||
| 286 | if (isset($header['Category'])) | ||
| 287 | { | ||
| 288 | if (isset($header['Key'])) | ||
| 289 | { | ||
| 290 | if ($header['Key'] == $getcode3['code']) | ||
| 291 | { | ||
| 292 | $inssub = "INSERT INTO subscriptions (username,url,owner) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($header['Subscription']) . "\", \"true\")"; | ||
| 293 | $inssub2 = mysql_query($inssub); | ||
| 294 | |||
| 295 | return true; | ||
| 296 | } | ||
| 297 | } | ||
| 298 | } | ||
| 299 | } | ||
| 221 | } | 300 | } |
| 222 | } | 301 | } |
| 223 | 302 | ||
| 224 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 303 | return false; |
| 225 | } | 304 | } |
| 226 | 305 | ||
| 227 | function addSubscription($username, $verification, $verificationID, $subscription) | 306 | function instaDisc_listPendingSubscriptions($username) |
| 228 | { | 307 | { |
| 229 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | 308 | $getsubs = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 309 | $getsubs2 = mysql_query($getsubs); | ||
| 310 | $i=0; | ||
| 311 | while ($getsubs3[$i] = mysql_fetch_array($getsubs2)) | ||
| 230 | { | 312 | { |
| 231 | $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")"; | 313 | $subs[$i] = array('url' => $getsubs3[$i]['url'], 'code' => $getsubs3[$i]['code']); |
| 232 | $inssub2 = mysql_query($inssub); | ||
| 233 | 314 | ||
| 234 | return new xmlrpcresp(new xmlrpcval(0, "int")); | 315 | $i++; |
| 235 | } | 316 | } |
| 236 | 317 | ||
| 237 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 318 | $subs['size'] = $i; |
| 319 | return $subs; | ||
| 238 | } | 320 | } |
| 239 | 321 | ||
| 240 | function sendDatabase($cserver, $verification, $verificationID, $db) | 322 | function instaDisc_generateSubscriptionActivation($username, $url) |
| 241 | { | 323 | { |
| 242 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) | 324 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 325 | $getuser2 = mysql_query($getuser); | ||
| 326 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 327 | if ($getuser3['username'] == $username) | ||
| 243 | { | 328 | { |
| 244 | if (isset($db['central.fourisland.com'])) | 329 | $key = md5(rand(1,65536)); |
| 245 | { | ||
| 246 | $getfi = "SELECT * FROM centralServers WHERE url = \"central.fourisland.com\""; | ||
| 247 | $getfi2 = mysql_query($getfi); | ||
| 248 | $getfi3 = mysql_fetch_array($getfi2); | ||
| 249 | 330 | ||
| 250 | if ($db['central.fourisland.com']['code'] == $getfi3['code']) | 331 | $inspending = "INSERT INTO pending2 (username, url, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; |
| 251 | { | 332 | $inspending2 = mysql_query($inspending); |
| 252 | $deldb = "DELETE FROM centralServers"; | ||
| 253 | $deldb2 = mysql_query($deldb); | ||
| 254 | 333 | ||
| 255 | foreach($db as $name => $value) | 334 | return $key; |
| 256 | { | 335 | } |
| 257 | $insdb = "INSERT INTO centralServers (url, code, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['code']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")"; | ||
| 258 | $insdb2 = mysql_query($insdb); | ||
| 259 | } | ||
| 260 | 336 | ||
| 261 | return new xmlrpcresp(new xmlrpcval("0", 'int')); | 337 | return false; |
| 262 | } | 338 | } |
| 263 | } | 339 | |
| 340 | function instaDisc_deleteSubscription($username, $url) | ||
| 341 | { | ||
| 342 | $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
| 343 | $getsub2 = mysql_query($getsub); | ||
| 344 | $getsub3 = mysql_fetch_array($getsub2); | ||
| 345 | if ($getsub3['username'] == $username) | ||
| 346 | { | ||
| 347 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
| 348 | $delsub2 = mysql_query($delsub); | ||
| 349 | |||
| 350 | return true; | ||
| 264 | } | 351 | } |
| 265 | 352 | ||
| 266 | return new xmlrpcresp(new xmlrpcval(1, "int")); | 353 | return false; |
| 267 | } | 354 | } |
| 268 | 355 | ||
| 269 | $s = new xmlrpc_server( array( "InstaDisc.checkRegistration" => array("function" => "checkRegistration"), | 356 | function instaDisc_cancelSubscription($username, $url) |
| 270 | "InstaDisc.deleteItem" => array("function" => "deleteItem"), | 357 | { |
| 271 | "InstaDisc.resendItem" => array("function" => "resendItem"), | 358 | $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
| 272 | "InstaDisc.requestRetained" => array("function" => "requestRetained"), | 359 | $getsub2 = mysql_query($getsub); |
| 273 | "InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"), | 360 | $getsub3 = mysql_fetch_array($getsub2); |
| 274 | "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"), | 361 | if ($getsub3['username'] == $username) |
| 275 | "InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"), | 362 | { |
| 276 | "InstaDisc.askForDatabase" => array("function" => "askForDatabase"), | 363 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
| 277 | "InstaDisc.deleteSubscription" => array("function" => "deleteSubscription"), | 364 | $delsub2 = mysql_query($delsub); |
| 278 | "InstaDisc.addSubscription" => array("function" => "addSubscription"), | 365 | |
| 279 | "InstaDisc.sendDatabase" => array("function" => "sendDatabase") | 366 | return true; |
| 280 | ),0); | 367 | } |
| 281 | $s->functions_parameters_type = 'phpvals'; | 368 | |
| 282 | $s->service(); | 369 | return false; |
| 370 | } | ||
| 283 | 371 | ||
| 284 | ?> | 372 | ?> |
| diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index 3b734ad..95d439d 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php | |||
| @@ -125,7 +125,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription | |||
| 125 | instaDisc_sendUpdateNotice($softwareVersion); | 125 | instaDisc_sendUpdateNotice($softwareVersion); |
| 126 | } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) | 126 | } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) |
| 127 | { | 127 | { |
| 128 | $cserver2 = $_SERVER['HTTP_HOST']; | 128 | $cserver2 = $_SERVER['SERVER_NAME']; |
| 129 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | 129 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; |
| 130 | $getuk2 = mysql_query($getuk); | 130 | $getuk2 = mysql_query($getuk); |
| 131 | $getuk3 = mysql_fetch_array($getuk2); | 131 | $getuk3 = mysql_fetch_array($getuk2); |
| @@ -142,7 +142,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription | |||
| 142 | 142 | ||
| 143 | if ($databaseVersion > instaDisc_getConfig('databaseVersion')) | 143 | if ($databaseVersion > instaDisc_getConfig('databaseVersion')) |
| 144 | { | 144 | { |
| 145 | $cserver2 = $_SERVER['HTTP_HOST']; | 145 | $cserver2 = $_SERVER['SERVER_NAME']; |
| 146 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | 146 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; |
| 147 | $getuk2 = mysql_query($getuk); | 147 | $getuk2 = mysql_query($getuk); |
| 148 | $getuk3 = mysql_fetch_array($getuk2); | 148 | $getuk3 = mysql_fetch_array($getuk2); |