about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--central/trunk/instadisc.php474
-rw-r--r--central/trunk/xmlrpc.php8
2 files changed, 197 insertions, 285 deletions
diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 959feb7..3b734ad 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php
@@ -2,371 +2,283 @@
2 2
3/* InstaDisc Server - A Four Island Project */ 3/* InstaDisc Server - A Four Island Project */
4 4
5include_once('db.php'); 5include('xmlrpc/xmlrpc.inc');
6include_once('class.phpmailer.php'); 6include('xmlrpc/xmlrpcs.inc');
7include('db.php');
8include('instadisc.php');
7 9
8function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) 10function checkRegistration($username, $verification, $verificationID)
9{ 11{
10 $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; 12 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
11 $getverid2 = mysql_query($getverid);
12 $getverid3 = mysql_fetch_array($getverid2);
13 if ($getverid3['id'] != $verificationID)
14 { 13 {
15 $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; 14 return new xmlrpcresp(new xmlrpcval(0, "int"));
16 $getitem2 = mysql_query($getitem);
17 $getitem3 = mysql_fetch_array($getitem2);
18 if ($getitem3[$nameField] == $username)
19 {
20 $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
21
22 if (md5($test) == $verification)
23 {
24 $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
25 $cntverid2 = mysql_query($cntverid);
26 $cntverid3 = mysql_fetch_array($cntverid2);
27 if ($cntverid3[0] >= intval(instaDisc_getConfig('verIDBufferSize')))
28 {
29 $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
30 $delverid2 = mysql_query($delverid);
31 }
32
33 $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
34 $insverid2 = mysql_query($insverid);
35
36 return true;
37 }
38 }
39 } 15 }
40 16
41 return false; 17 return new xmlrpcresp(new xmlrpcval(1, "int"));
42} 18}
43 19
44function instaDisc_sendItem($username, $id) 20function deleteItem($username, $verification, $verificationID, $id)
45{ 21{
46 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; 22 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
47 $getitem2 = mysql_query($getitem);
48 $getitem3 = mysql_fetch_array($getitem2);
49 if ($getitem3['username'] == $username)
50 { 23 {
51 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; 24 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
52 $getuser2 = mysql_query($getuser); 25 $getitem2 = mysql_query($getitem);
53 $getuser3 = mysql_fetch_array($getuser2); 26 $getitem3 = mysql_fetch_array($getitem2);
54 27 if ($getitem3['id'] == $id)
55 $fp = fsockopen($getuser3['ip'], 4444, $errno, $errstr);
56 if ($fp)
57 { 28 {
58 $verID = rand(1,65536); 29 $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
30 $delitem2 = mysql_query($delitem);
59 31
60 $out = 'ID: ' . $id . '\r\n'; 32 return new xmlrpcresp(new xmlrpcval(0, "int"));
61 $out .= 'Verification: ' . md5($username . ':' . $getuser3['password'] . ':' . $verID) . '\r\n';
62 $out .= 'Verification-ID: ' . $verID . '\r\n';
63 $out .= 'Subscription: ' . $getitem3['subscription'] . '\r\n';
64 $out .= 'Title: ' . $getitem3['title'] . '\r\n';
65 $out .= 'Author: ' . $getitem3['author'] . '\r\n';
66 $out .= 'URL: ' . $getitem3['url'] . '\r\n';
67 $out .= '\r\n\r\n';
68
69 fwrite($fp, $out);
70 fclose($fp);
71 } 33 }
72 } 34 }
73}
74 35
75function instaDisc_sendUpdateNotice($softwareVersion) 36 return new xmlrpcresp(new xmlrpcval(1, "int"));
76{
77 $username = instaDisc_getConfig('owner');
78 $subscription = 'http://' . $_SERVER['HTTP_HOST'];
79 $title = 'Update your software to ' . $software;
80 $author = 'Hatkirby';
81 $url = 'http://fourisland.com/projects/instadisc/wiki/CentralSoftwareUpdate';
82 $semantics = array();
83
84 instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics);
85} 37}
86 38
87function instaDisc_sendDatabase($cserver) 39function resendItem($username, $verification, $verificationID, $id)
88{ 40{
89 $getdb = "SELECT * FROM centralServers"; 41 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
90 $getdb2 = mysql_query($getdb);
91 $i=0;
92 while ($getdb3[$i] = mysql_fetch_array($getdb2))
93 { 42 {
94 $db[$getdb3[$i]['url']]['code'] = $getdb3[$i]['code']; 43 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
95 $db[$getdb3[$i]['url']]['xmlrpc'] = $getdb3[$i]['xmlrpc']; 44 $getitem2 = mysql_query($getitem);
96 $i++; 45 $getitem3 = mysql_fetch_array($getitem2);
97 } 46 if ($getitem3['id'] == $id)
98 47 {
99 $cserver2 = $_SERVER['HTTP_HOST']; 48 instaDisc_sendItem($username, $id);
100 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
101 $getuk2 = mysql_query($getuk);
102 $getuk3 = mysql_fetch_array($getuk2);
103
104 $verID = rand(1,65536);
105
106 $client = new xmlrpc_client($cserver);
107 $msg = new xmlrpcmsg("InstaDisc.sendDatabase", array( new xmlrpcval($cserver2, 'string'),
108 new xmlrpcval(md5($cserver2 . ":" . $getuk3['code'] . ":" . $verID), 'string'),
109 new xmlrpcval($verID, 'int'),
110 new xmlrpcval($db, 'array')));
111 $client->send($msg);
112}
113
114function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)
115{
116 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
117 $getuser2 = mysql_query($getuser);
118 $getuser3 = mysql_fetch_array($getuser2);
119 if ($getuser3['username'] == $username)
120 {
121 $itemID = $getuser3['nextItemID'];
122 $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_real_escape_string($username) . "\"";
123 $setuser2 = mysql_query($setuser);
124
125 $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $itemID . ", \"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($title) . "\", \"" . mysql_real_escape_string($author) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string(serialize($semantics)) . "\")";
126 $insitem2 = mysql_query($insitem);
127
128 instaDisc_sendItem($username, $itemID);
129 }
130}
131 49
132function instaDisc_phpMailer() 50 return new xmlrpcresp(new xmlrpcval(0, "int"));
133{ 51 }
134 $mail = new PHPMailer();
135 $mail->IsSMTP();
136 $mail->From = 'instadisc@' . instaDisc_getConfig('mailDomain');
137 $mail->FromName = 'InstaDisc';
138 $mail->Host = instaDisc_getConfig('smtpHost');
139 if (instaDisc_getConfig('smtpAuth') == 'true')
140 {
141 $mail->SMTPAuth = true;
142 $mail->Username = instaDisc_getConfig('smtpUser');
143 $mail->Password = instaDisc_getConfig('smtpPass');
144 } 52 }
145 $mail->Helo = $_SERVER['HTTP_HOST'];
146 $mail->ClearAddresses();
147 53
148 return $mail; 54 return new xmlrpcresp(new xmlrpcval(1, "int"));
149} 55}
150 56
151function instaDisc_sendActivationEmail($username, $password, $email) 57function requestRetained($username, $verification, $veriicationID)
152{ 58{
153 $penKey = md5(rand(1,65536)); 59 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
154
155 $inspending = "INSERT INTO pending (username, password, email, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string(md5($password)) . "\", \"" . mysql_real_escape_string($email) . "\", \"" . mysql_real_escape_string($penKey) . "\")";
156 $inspending2 = mysql_query($inspending);
157
158 $mail = instaDisc_phpMailer();
159 $mail->AddAddress($email, $username);
160 $mail->Subject = 'InstaDisc Account Verification';
161 $mail->Body = "Hello, someone has recently registered an account at " . $_SERVER['HTTP_HOST'] . " with your email address. If that was you, and your chosen username IS " . $username . ", then copy the account verification code below to our Account Verification page, enter your username and press Activate!\r\n\r\n" . $penKey . "\r\n\r\nIf that was not you, copy the above code to our Account Verification page, enter the above username, and click Delete.";
162
163 return $mail->Send();
164}
165
166function instaDisc_activateAccount($username, $penKey)
167{
168 $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\"";
169 $getuser2 = mysql_query($getuser);
170 $getuser3 = mysql_fetch_array($getuser2);
171 if ($getuser3['username'] == $username)
172 { 60 {
173 $insuser = "INSERT INTO users (username, password, email) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($getuser3['password']) . "\", \"" . mysql_real_escape_string($getuser3['email']) . "\")"; 61 $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
174 $insuser2 = mysql_query($insuser); 62 $getitems2 = mysql_query($getitems);
175 63 $i=0;
176 $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; 64 while ($getitems3[$i] = mysql_fetch_array($getitems2))
177 $delpending2 = mysql_query($delpending); 65 {
178 66 instaDisc_sendItem($username, $getitems3[$i]['itemID']);
179 $mail = instaDisc_phpMailer(); 67 $i++;
180 $mail->AddAddress($getuser3['email'], $username); 68 }
181 $mail->Subject = 'Welcome to InstaDisc!';
182 $mail->Body = "Welcome to InstaDisc! Thank you for registering at " . instaDisc_getConfig('siteName') . " Central Server, we hope you enjoy our service! Now, when you download an InstaDisc Client, it will ask you for the following information which you will need to enter into it for it to work:\r\n\r\nUsername: " . $username . "\r\nPassword: (you should know this, it's not displayed here for security reasons)\r\nCentral Server URL: " . instaDisc_getConfig("xmlrpcURL") . "\r\n\r\nOnce again, thank you for choosing " . instaDisc_getConfig("siteName") . "!";
183 69
184 return $mail->Send(); 70 return new xmlrpcresp(new xmlrpcval(0, "int"));
185 } else {
186 return false;
187 } 71 }
72
73 return new xmlrpcresp(new xmlrpcval(1, "int"));
188} 74}
189 75
190function instaDisc_deactivateAccount($username, $penKey) 76function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics)
191{ 77{
192 $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\""; 78 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
193 $getuser2 = mysql_query($getuser);
194 $getuser3 = mysql_fetch_array($getuser2);
195 if ($getuser3['username'] == $username)
196 { 79 {
197 $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; 80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\"";
198 $delpending2 = mysql_query($delpending); 81 $getusubs2 = mysql_query($getusubs);
82 $getusubs3 = mysql_fetch_array($getusubs2);
83 if ($getusubs3['username'] == $username)
84 {
85 $cserver = $_SERVER['SERVER_NAME'];
86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
87 $getuk2 = mysql_query($getuk);
88 $getuk3 = mysql_fetch_array($getuk2);
89
90 $getcs = "SELECT * FROM centralServers";
91 $getcs2 = mysql_query($getcs);
92 $i=0;
93 while ($getcs3[$i] = mysql_fetch_array($getcs2))
94 {
95 $verID = rand(1,65536);
96
97 $client = new xmlrpc_client($getcs3[$i]['xmlrpc']);
98 $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'),
99 new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'),
100 new xmlrpcval($verID, 'int'),
101 new xmlrpcval($subscription, 'string'),
102 new xmlrpcval($title, 'string'),
103 new xmlrpcval($author, 'string'),
104 new xmlrpcval($url, 'string'),
105 new xmlrpcval($semantics, 'array'),
106 new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'),
107 new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
108 $client->send($msg);
109 $i++;
110 }
199 111
200 return true; 112 return new xmlrpcresp(new xmlrpcval(0, "int"));
201 } else { 113 }
202 return false;
203 } 114 }
204}
205 115
206function instaDisc_verifyUser($username, $password) 116 return new xmlrpcresp(new xmlrpcval(1, "int"));
207{
208 return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password');
209} 117}
210 118
211function instaDisc_deleteAccount($username) 119function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion)
212{ 120{
213 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; 121 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
214 $getuser2 = mysql_query($getuser);
215 $getuser3 = mysql_fetch_array($getuser2);
216 if ($getuser3['username'] == $username)
217 { 122 {
218 $deluser = "DELETE FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; 123 if ($softwareVersion > instaDisc_getConfig('softwareVersion'))
219 $deluser2 = mysql_query($deluser); 124 {
220 125 instaDisc_sendUpdateNotice($softwareVersion);
221 $delsubs = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\""; 126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
222 $delsubs2 = mysql_query($delsubs); 127 {
128 $cserver2 = $_SERVER['HTTP_HOST'];
129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
130 $getuk2 = mysql_query($getuk);
131 $getuk3 = mysql_fetch_array($getuk2);
223 132
224 $delitems = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; 133 $verID = rand(1,65536);
225 $delitems2 = mysql_query($delitems);
226 134
227 return true; 135 $client = new xmlrpc_client($cserver);
228 } 136 $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'),
137 new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'),
138 new xmlrpcval($verID, 'int'),
139 new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int')));
140 $client->send($msg);
141 }
229 142
230 return false; 143 if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
231} 144 {
145 $cserver2 = $_SERVER['HTTP_HOST'];
146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
147 $getuk2 = mysql_query($getuk);
148 $getuk3 = mysql_fetch_array($getuk2);
232 149
233function instaDisc_getConfig($key) 150 $verID = rand(1,65536);
234{
235 $getconfig = "SELECT * FROM config WHERE name = \"" . mysql_real_escape_string($key) . "\"";
236 $getconfig2 = mysql_query($getconfig);
237 $getconfig3 = mysql_fetch_array($getconfig2);
238 151
239 return $getconfig3['value']; 152 $client = new xmlrpc_client($cserver);
240} 153 $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'),
154 new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'),
155 new xmlrpcval($verID, 'int'),
156 new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
157 $client->send($msg);
158 } else if ($databaseVersion < instaDisc_getConfig('databaseVersion'))
159 {
160 instaDisc_sendDatabase($cserver);
161 }
241 162
242function instaDisc_listSubscriptions($username) 163 $getsed = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\"";
243{ 164 $getsed2 = mysql_query($getsed);
244 $getsubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"true\""; 165 $i=0;
245 $getsubs2 = mysql_query($getsubs); 166 while ($getsed3[$i] = mysql_fetch_array($getsed2))
246 $i=0; 167 {
247 while ($getsubs3[$i] = mysql_fetch_array($getsubs2)) 168 instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics);
248 { 169 $i++;
249 $subs[$i] = $getsubs3[$i]['url']; 170 }
250 171
251 $i++; 172 return new xmlrpcresp(new xmlrpcval(0, "int"));
252 } 173 }
253 174
254 $subs['size'] = $i; 175 return new xmlrpcresp(new xmlrpcval(1, "int"));
255 return $subs;
256} 176}
257 177
258function instaDisc_addSubscription($username, $url) 178function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion)
259{ 179{
260 $getcode = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; 180 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
261 $getcode2 = mysql_query($getcode);
262 $getcode3 = mysql_fetch_array($getcode2);
263 if ($getcode3['username'] == $username)
264 { 181 {
265 $delcode = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; 182 if ($softwareVersion > instaDisc_getConfig('softwareVersion'))
266 $delcode2 = mysql_query($delcode);
267
268 $c = curl_init();
269 curl_setopt($c, CURLOPT_URL, $url);
270 curl_setopt($c, CURLOPT_HEADER, false);
271 curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
272 $page_data = curl_exec($c);
273 curl_close($c);
274
275 $headers = split("\n", $page_date);
276 foreach ($headers as $name => $value)
277 { 183 {
278 $header = split(": ", $value); 184 instaDisc_sendUpdateNotice($softwareVersion);
279 $headerMap[$header[0]] = $header[1];
280 }
281 185
282 if (isset($header['Subscription'])) 186 return new xmlrpcresp(new xmlrpcval(0, "int"));
283 {
284 if (isset($header['Title']))
285 {
286 if (isset($header['Category']))
287 {
288 if (isset($header['Key']))
289 {
290 if ($header['Key'] == $getcode3['code'])
291 {
292 $inssub = "INSERT INTO subscriptions (username,url,owner) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($header['Subscription']) . "\", \"true\")";
293 $inssub2 = mysql_query($inssub);
294
295 return true;
296 }
297 }
298 }
299 }
300 } 187 }
301 } 188 }
302 189
303 return false; 190 return new xmlrpcresp(new xmlrpcval(1, "int"));
304} 191}
305 192
306function instaDisc_listPendingSubscriptions($username) 193function askForDatabase($cserver, $verification, $verificationID, $databaseVersion)
307{ 194{
308 $getsubs = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\""; 195 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
309 $getsubs2 = mysql_query($getsubs);
310 $i=0;
311 while ($getsubs3[$i] = mysql_fetch_array($getsubs2))
312 { 196 {
313 $subs[$i] = array('url' => $getsubs3[$i]['url'], 'code' => $getsubs3[$i]['code']); 197 if ($databaseVersion < instaDisc_getConfig('databaseVersion'))
198 {
199 instaDisc_sendDatabase($cserver);
314 200
315 $i++; 201 return new xmlrpcresp(new xmlrpcval(0, "int"));
202 }
316 } 203 }
317 204
318 $subs['size'] = $i; 205 return new xmlrpcresp(new xmlrpcval(1, "int"));
319 return $subs;
320} 206}
321 207
322function instaDisc_generateSubscriptionActivation($username, $url) 208function deleteSubscription($username, $verification, $verificationID, $subscription)
323{ 209{
324 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; 210 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
325 $getuser2 = mysql_query($getuser);
326 $getuser3 = mysql_fetch_array($getuser2);
327 if ($getuser3['username'] == $username)
328 { 211 {
329 $key = md5(rand(1,65536)); 212 $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
330 213 $getsub2 = mysql_query($getsub);
331 $inspending = "INSERT INTO pending2 (username, url, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; 214 $getsub3 = mysql_fetch_array($getsub2);
332 $inspending2 = mysql_query($inspending); 215 if ($getsub3['url'] == $subscription)
216 {
217 $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
218 $delsub2 = mysql_query($delsub);
333 219
334 return $key; 220 return new xmlrpcresp(new xmlrpcval(0, "int"));
221 }
335 } 222 }
336 223
337 return false; 224 return new xmlrpcresp(new xmlrpcval(1, "int"));
338} 225}
339 226
340function instaDisc_deleteSubscription($username, $url) 227function addSubscription($username, $verification, $verificationID, $subscription)
341{ 228{
342 $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; 229 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
343 $getsub2 = mysql_query($getsub);
344 $getsub3 = mysql_fetch_array($getsub2);
345 if ($getsub3['username'] == $username)
346 { 230 {
347 $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; 231 $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")";
348 $delsub2 = mysql_query($delsub); 232 $inssub2 = mysql_query($inssub);
349 233
350 return true; 234 return new xmlrpcresp(new xmlrpcval(0, "int"));
351 } 235 }
352 236
353 return false; 237 return new xmlrpcresp(new xmlrpcval(1, "int"));
354} 238}
355 239
356function instaDisc_cancelSubscription($username, $url) 240function sendDatabase($cserver, $verification, $verificationID, $db)
357{ 241{
358 $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; 242 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
359 $getsub2 = mysql_query($getsub);
360 $getsub3 = mysql_fetch_array($getsub2);
361 if ($getsub3['username'] == $username)
362 { 243 {
363 $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; 244 if (isset($db['central.fourisland.com']))
364 $delsub2 = mysql_query($delsub); 245 {
246 $getfi = "SELECT * FROM centralServers WHERE url = \"central.fourisland.com\"";
247 $getfi2 = mysql_query($getfi);
248 $getfi3 = mysql_fetch_array($getfi2);
365 249
366 return true; 250 if ($db['central.fourisland.com']['code'] == $getfi3['code'])
251 {
252 $deldb = "DELETE FROM centralServers";
253 $deldb2 = mysql_query($deldb);
254
255 foreach($db as $name => $value)
256 {
257 $insdb = "INSERT INTO centralServers (url, code, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['code']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")";
258 $insdb2 = mysql_query($insdb);
259 }
260
261 return new xmlrpcresp(new xmlrpcval("0", 'int'));
262 }
263 }
367 } 264 }
368 265
369 return false; 266 return new xmlrpcresp(new xmlrpcval(1, "int"));
370} 267}
371 268
269$s = new xmlrpc_server( array( "InstaDisc.checkRegistration" => array("function" => "checkRegistration"),
270 "InstaDisc.deleteItem" => array("function" => "deleteItem"),
271 "InstaDisc.resendItem" => array("function" => "resendItem"),
272 "InstaDisc.requestRetained" => array("function" => "requestRetained"),
273 "InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"),
274 "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"),
275 "InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"),
276 "InstaDisc.askForDatabase" => array("function" => "askForDatabase"),
277 "InstaDisc.deleteSubscription" => array("function" => "deleteSubscription"),
278 "InstaDisc.addSubscription" => array("function" => "addSubscription"),
279 "InstaDisc.sendDatabase" => array("function" => "sendDatabase")
280 ),0);
281$s->functions_parameters_type = 'phpvals';
282$s->service();
283
372?> 284?>
diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index efaa70f..3b734ad 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php
@@ -80,9 +80,9 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; 80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\"";
81 $getusubs2 = mysql_query($getusubs); 81 $getusubs2 = mysql_query($getusubs);
82 $getusubs3 = mysql_fetch_array($getusubs2); 82 $getusubs3 = mysql_fetch_array($getusubs2);
83 if ($getusubs['username'] == $username) 83 if ($getusubs3['username'] == $username)
84 { 84 {
85 $cserver = $_SERVER['HTTP_HOST']; 85 $cserver = $_SERVER['SERVER_NAME'];
86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\""; 86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
87 $getuk2 = mysql_query($getuk); 87 $getuk2 = mysql_query($getuk);
88 $getuk3 = mysql_fetch_array($getuk2); 88 $getuk3 = mysql_fetch_array($getuk2);
@@ -96,7 +96,7 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
96 96
97 $client = new xmlrpc_client($getcs3[$i]['xmlrpc']); 97 $client = new xmlrpc_client($getcs3[$i]['xmlrpc']);
98 $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), 98 $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'),
99 new xmlrpcval(md5($cserver + ":" + $getuk3['code'] + ":" + $verID), 'string'), 99 new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'),
100 new xmlrpcval($verID, 'int'), 100 new xmlrpcval($verID, 'int'),
101 new xmlrpcval($subscription, 'string'), 101 new xmlrpcval($subscription, 'string'),
102 new xmlrpcval($title, 'string'), 102 new xmlrpcval($title, 'string'),
@@ -165,7 +165,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
165 $i=0; 165 $i=0;
166 while ($getsed3[$i] = mysql_fetch_array($getsed2)) 166 while ($getsed3[$i] = mysql_fetch_array($getsed2))
167 { 167 {
168 instaDisc_addItem($getsed3['username'], $subscription, $title, $author, $url, $semantics); 168 instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics);
169 $i++; 169 $i++;
170 } 170 }
171 171