about summary refs log tree commit diff stats
path: root/central/trunk
diff options
context:
space:
mode:
Diffstat (limited to 'central/trunk')
-rw-r--r--central/trunk/instadisc.php474
-rw-r--r--central/trunk/xmlrpc.php4
2 files changed, 283 insertions, 195 deletions
diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 3b734ad..2a7cbb9 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php
@@ -2,283 +2,371 @@
2 2
3/* InstaDisc Server - A Four Island Project */ 3/* InstaDisc Server - A Four Island Project */
4 4
5include('xmlrpc/xmlrpc.inc'); 5include_once('db.php');
6include('xmlrpc/xmlrpcs.inc'); 6include_once('class.phpmailer.php');
7include('db.php');
8include('instadisc.php');
9 7
10function checkRegistration($username, $verification, $verificationID) 8function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
11{ 9{
12 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 10 $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
11 $getverid2 = mysql_query($getverid);
12 $getverid3 = mysql_fetch_array($getverid2);
13 if ($getverid3['id'] != $verificationID)
13 { 14 {
14 return new xmlrpcresp(new xmlrpcval(0, "int")); 15 $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
15 }
16
17 return new xmlrpcresp(new xmlrpcval(1, "int"));
18}
19
20function deleteItem($username, $verification, $verificationID, $id)
21{
22 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
23 {
24 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
25 $getitem2 = mysql_query($getitem); 16 $getitem2 = mysql_query($getitem);
26 $getitem3 = mysql_fetch_array($getitem2); 17 $getitem3 = mysql_fetch_array($getitem2);
27 if ($getitem3['id'] == $id) 18 if ($getitem3[$nameField] == $username)
28 { 19 {
29 $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; 20 $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
30 $delitem2 = mysql_query($delitem);
31 21
32 return new xmlrpcresp(new xmlrpcval(0, "int")); 22 if (md5($test) == $verification)
23 {
24 $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
25 $cntverid2 = mysql_query($cntverid);
26 $cntverid3 = mysql_fetch_array($cntverid2);
27 if ($cntverid3[0] >= intval(instaDisc_getConfig('verIDBufferSize')))
28 {
29 $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
30 $delverid2 = mysql_query($delverid);
31 }
32
33 $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
34 $insverid2 = mysql_query($insverid);
35
36 return true;
37 }
33 } 38 }
34 } 39 }
35 40
36 return new xmlrpcresp(new xmlrpcval(1, "int")); 41 return false;
37} 42}
38 43
39function resendItem($username, $verification, $verificationID, $id) 44function instaDisc_sendItem($username, $id)
40{ 45{
41 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 46 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
47 $getitem2 = mysql_query($getitem);
48 $getitem3 = mysql_fetch_array($getitem2);
49 if ($getitem3['username'] == $username)
42 { 50 {
43 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; 51 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
44 $getitem2 = mysql_query($getitem); 52 $getuser2 = mysql_query($getuser);
45 $getitem3 = mysql_fetch_array($getitem2); 53 $getuser3 = mysql_fetch_array($getuser2);
46 if ($getitem3['id'] == $id) 54
55 $fp = fsockopen($getuser3['ip'], 4444, $errno, $errstr);
56 if ($fp)
47 { 57 {
48 instaDisc_sendItem($username, $id); 58 $verID = rand(1,65536);
49 59
50 return new xmlrpcresp(new xmlrpcval(0, "int")); 60 $out = 'ID: ' . $id . "\r\n";
61 $out .= 'Verification: ' . md5($username . ':' . $getuser3['password'] . ':' . $verID) . "\r\n";
62 $out .= 'Verification-ID: ' . $verID . "\r\n";
63 $out .= 'Subscription: ' . $getitem3['subscription'] . "\r\n";
64 $out .= 'Title: ' . $getitem3['title'] . "\r\n";
65 $out .= 'Author: ' . $getitem3['author'] . "\r\n";
66 $out .= 'URL: ' . $getitem3['url'] . "\r\n";
67 $out .= "\r\n\r\n";
68
69 fwrite($fp, $out);
70 fclose($fp);
51 } 71 }
52 } 72 }
73}
53 74
54 return new xmlrpcresp(new xmlrpcval(1, "int")); 75function instaDisc_sendUpdateNotice($softwareVersion)
76{
77 $username = instaDisc_getConfig('owner');
78 $subscription = 'http://' . $_SERVER['HTTP_HOST'];
79 $title = 'Update your software to ' . $software;
80 $author = 'Hatkirby';
81 $url = 'http://fourisland.com/projects/instadisc/wiki/CentralSoftwareUpdate';
82 $semantics = array();
83
84 instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics);
55} 85}
56 86
57function requestRetained($username, $verification, $veriicationID) 87function instaDisc_sendDatabase($cserver)
58{ 88{
59 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 89 $getdb = "SELECT * FROM centralServers";
90 $getdb2 = mysql_query($getdb);
91 $i=0;
92 while ($getdb3[$i] = mysql_fetch_array($getdb2))
60 { 93 {
61 $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; 94 $db[$getdb3[$i]['url']]['code'] = $getdb3[$i]['code'];
62 $getitems2 = mysql_query($getitems); 95 $db[$getdb3[$i]['url']]['xmlrpc'] = $getdb3[$i]['xmlrpc'];
63 $i=0; 96 $i++;
64 while ($getitems3[$i] = mysql_fetch_array($getitems2))
65 {
66 instaDisc_sendItem($username, $getitems3[$i]['itemID']);
67 $i++;
68 }
69
70 return new xmlrpcresp(new xmlrpcval(0, "int"));
71 } 97 }
72 98
73 return new xmlrpcresp(new xmlrpcval(1, "int")); 99 $cserver2 = $_SERVER['HTTP_HOST'];
100 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
101 $getuk2 = mysql_query($getuk);
102 $getuk3 = mysql_fetch_array($getuk2);
103
104 $verID = rand(1,65536);
105
106 $client = new xmlrpc_client($cserver);
107 $msg = new xmlrpcmsg("InstaDisc.sendDatabase", array( new xmlrpcval($cserver2, 'string'),
108 new xmlrpcval(md5($cserver2 . ":" . $getuk3['code'] . ":" . $verID), 'string'),
109 new xmlrpcval($verID, 'int'),
110 new xmlrpcval($db, 'array')));
111 $client->send($msg);
74} 112}
75 113
76function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics) 114function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)
77{ 115{
78 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 116 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
117 $getuser2 = mysql_query($getuser);
118 $getuser3 = mysql_fetch_array($getuser2);
119 if ($getuser3['username'] == $username)
79 { 120 {
80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; 121 $itemID = $getuser3['nextItemID'];
81 $getusubs2 = mysql_query($getusubs); 122 $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_real_escape_string($username) . "\"";
82 $getusubs3 = mysql_fetch_array($getusubs2); 123 $setuser2 = mysql_query($setuser);
83 if ($getusubs3['username'] == $username)
84 {
85 $cserver = $_SERVER['SERVER_NAME'];
86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
87 $getuk2 = mysql_query($getuk);
88 $getuk3 = mysql_fetch_array($getuk2);
89
90 $getcs = "SELECT * FROM centralServers";
91 $getcs2 = mysql_query($getcs);
92 $i=0;
93 while ($getcs3[$i] = mysql_fetch_array($getcs2))
94 {
95 $verID = rand(1,65536);
96
97 $client = new xmlrpc_client($getcs3[$i]['xmlrpc']);
98 $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'),
99 new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'),
100 new xmlrpcval($verID, 'int'),
101 new xmlrpcval($subscription, 'string'),
102 new xmlrpcval($title, 'string'),
103 new xmlrpcval($author, 'string'),
104 new xmlrpcval($url, 'string'),
105 new xmlrpcval($semantics, 'array'),
106 new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'),
107 new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
108 $client->send($msg);
109 $i++;
110 }
111 124
112 return new xmlrpcresp(new xmlrpcval(0, "int")); 125 $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $itemID . ", \"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($title) . "\", \"" . mysql_real_escape_string($author) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string(serialize($semantics)) . "\")";
113 } 126 $insitem2 = mysql_query($insitem);
114 }
115 127
116 return new xmlrpcresp(new xmlrpcval(1, "int")); 128 instaDisc_sendItem($username, $itemID);
129 }
117} 130}
118 131
119function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion) 132function instaDisc_phpMailer()
120{ 133{
121 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) 134 $mail = new PHPMailer();
135 $mail->IsSMTP();
136 $mail->From = 'instadisc@' . instaDisc_getConfig('mailDomain');
137 $mail->FromName = 'InstaDisc';
138 $mail->Host = instaDisc_getConfig('smtpHost');
139 if (instaDisc_getConfig('smtpAuth') == 'true')
122 { 140 {
123 if ($softwareVersion > instaDisc_getConfig('softwareVersion')) 141 $mail->SMTPAuth = true;
124 { 142 $mail->Username = instaDisc_getConfig('smtpUser');
125 instaDisc_sendUpdateNotice($softwareVersion); 143 $mail->Password = instaDisc_getConfig('smtpPass');
126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) 144 }
127 { 145 $mail->Helo = $_SERVER['HTTP_HOST'];
128 $cserver2 = $_SERVER['HTTP_HOST']; 146 $mail->ClearAddresses();
129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
130 $getuk2 = mysql_query($getuk);
131 $getuk3 = mysql_fetch_array($getuk2);
132 147
133 $verID = rand(1,65536); 148 return $mail;
149}
134 150
135 $client = new xmlrpc_client($cserver); 151function instaDisc_sendActivationEmail($username, $password, $email)
136 $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'), 152{
137 new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'), 153 $penKey = md5(rand(1,65536));
138 new xmlrpcval($verID, 'int'),
139 new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int')));
140 $client->send($msg);
141 }
142 154
143 if ($databaseVersion > instaDisc_getConfig('databaseVersion')) 155 $inspending = "INSERT INTO pending (username, password, email, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string(md5($password)) . "\", \"" . mysql_real_escape_string($email) . "\", \"" . mysql_real_escape_string($penKey) . "\")";
144 { 156 $inspending2 = mysql_query($inspending);
145 $cserver2 = $_SERVER['HTTP_HOST'];
146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
147 $getuk2 = mysql_query($getuk);
148 $getuk3 = mysql_fetch_array($getuk2);
149 157
150 $verID = rand(1,65536); 158 $mail = instaDisc_phpMailer();
159 $mail->AddAddress($email, $username);
160 $mail->Subject = 'InstaDisc Account Verification';
161 $mail->Body = "Hello, someone has recently registered an account at " . $_SERVER['HTTP_HOST'] . " with your email address. If that was you, and your chosen username IS " . $username . ", then copy the account verification code below to our Account Verification page, enter your username and press Activate!\r\n\r\n" . $penKey . "\r\n\r\nIf that was not you, copy the above code to our Account Verification page, enter the above username, and click Delete.";
151 162
152 $client = new xmlrpc_client($cserver); 163 return $mail->Send();
153 $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'), 164}
154 new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'),
155 new xmlrpcval($verID, 'int'),
156 new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
157 $client->send($msg);
158 } else if ($databaseVersion < instaDisc_getConfig('databaseVersion'))
159 {
160 instaDisc_sendDatabase($cserver);
161 }
162 165
163 $getsed = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\""; 166function instaDisc_activateAccount($username, $penKey)
164 $getsed2 = mysql_query($getsed); 167{
165 $i=0; 168 $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\"";
166 while ($getsed3[$i] = mysql_fetch_array($getsed2)) 169 $getuser2 = mysql_query($getuser);
167 { 170 $getuser3 = mysql_fetch_array($getuser2);
168 instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics); 171 if ($getuser3['username'] == $username)
169 $i++; 172 {
170 } 173 $insuser = "INSERT INTO users (username, password, email) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($getuser3['password']) . "\", \"" . mysql_real_escape_string($getuser3['email']) . "\")";
174 $insuser2 = mysql_query($insuser);
171 175
172 return new xmlrpcresp(new xmlrpcval(0, "int")); 176 $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\"";
177 $delpending2 = mysql_query($delpending);
178
179 $mail = instaDisc_phpMailer();
180 $mail->AddAddress($getuser3['email'], $username);
181 $mail->Subject = 'Welcome to InstaDisc!';
182 $mail->Body = "Welcome to InstaDisc! Thank you for registering at " . instaDisc_getConfig('siteName') . " Central Server, we hope you enjoy our service! Now, when you download an InstaDisc Client, it will ask you for the following information which you will need to enter into it for it to work:\r\n\r\nUsername: " . $username . "\r\nPassword: (you should know this, it's not displayed here for security reasons)\r\nCentral Server URL: " . instaDisc_getConfig("xmlrpcURL") . "\r\n\r\nOnce again, thank you for choosing " . instaDisc_getConfig("siteName") . "!";
183
184 return $mail->Send();
185 } else {
186 return false;
173 } 187 }
188}
189
190function instaDisc_deactivateAccount($username, $penKey)
191{
192 $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\"";
193 $getuser2 = mysql_query($getuser);
194 $getuser3 = mysql_fetch_array($getuser2);
195 if ($getuser3['username'] == $username)
196 {
197 $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\"";
198 $delpending2 = mysql_query($delpending);
174 199
175 return new xmlrpcresp(new xmlrpcval(1, "int")); 200 return true;
201 } else {
202 return false;
203 }
176} 204}
177 205
178function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion) 206function instaDisc_verifyUser($username, $password)
179{ 207{
180 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) 208 return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password');
209}
210
211function instaDisc_deleteAccount($username)
212{
213 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
214 $getuser2 = mysql_query($getuser);
215 $getuser3 = mysql_fetch_array($getuser2);
216 if ($getuser3['username'] == $username)
181 { 217 {
182 if ($softwareVersion > instaDisc_getConfig('softwareVersion')) 218 $deluser = "DELETE FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
183 { 219 $deluser2 = mysql_query($deluser);
184 instaDisc_sendUpdateNotice($softwareVersion);
185 220
186 return new xmlrpcresp(new xmlrpcval(0, "int")); 221 $delsubs = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\"";
187 } 222 $delsubs2 = mysql_query($delsubs);
223
224 $delitems = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
225 $delitems2 = mysql_query($delitems);
226
227 return true;
188 } 228 }
189 229
190 return new xmlrpcresp(new xmlrpcval(1, "int")); 230 return false;
191} 231}
192 232
193function askForDatabase($cserver, $verification, $verificationID, $databaseVersion) 233function instaDisc_getConfig($key)
194{ 234{
195 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) 235 $getconfig = "SELECT * FROM config WHERE name = \"" . mysql_real_escape_string($key) . "\"";
236 $getconfig2 = mysql_query($getconfig);
237 $getconfig3 = mysql_fetch_array($getconfig2);
238
239 return $getconfig3['value'];
240}
241
242function instaDisc_listSubscriptions($username)
243{
244 $getsubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"true\"";
245 $getsubs2 = mysql_query($getsubs);
246 $i=0;
247 while ($getsubs3[$i] = mysql_fetch_array($getsubs2))
196 { 248 {
197 if ($databaseVersion < instaDisc_getConfig('databaseVersion')) 249 $subs[$i] = $getsubs3[$i]['url'];
198 {
199 instaDisc_sendDatabase($cserver);
200 250
201 return new xmlrpcresp(new xmlrpcval(0, "int")); 251 $i++;
202 }
203 } 252 }
204 253
205 return new xmlrpcresp(new xmlrpcval(1, "int")); 254 $subs['size'] = $i;
255 return $subs;
206} 256}
207 257
208function deleteSubscription($username, $verification, $verificationID, $subscription) 258function instaDisc_addSubscription($username, $url)
209{ 259{
210 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 260 $getcode = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\"";
261 $getcode2 = mysql_query($getcode);
262 $getcode3 = mysql_fetch_array($getcode2);
263 if ($getcode3['username'] == $username)
211 { 264 {
212 $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; 265 $delcode = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\"";
213 $getsub2 = mysql_query($getsub); 266 $delcode2 = mysql_query($delcode);
214 $getsub3 = mysql_fetch_array($getsub2); 267
215 if ($getsub3['url'] == $subscription) 268 $c = curl_init();
269 curl_setopt($c, CURLOPT_URL, $url);
270 curl_setopt($c, CURLOPT_HEADER, false);
271 curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
272 $page_data = curl_exec($c);
273 curl_close($c);
274
275 $headers = split("\n", $page_date);
276 foreach ($headers as $name => $value)
216 { 277 {
217 $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; 278 $header = split(": ", $value);
218 $delsub2 = mysql_query($delsub); 279 $headerMap[$header[0]] = $header[1];
280 }
219 281
220 return new xmlrpcresp(new xmlrpcval(0, "int")); 282 if (isset($header['Subscription']))
283 {
284 if (isset($header['Title']))
285 {
286 if (isset($header['Category']))
287 {
288 if (isset($header['Key']))
289 {
290 if ($header['Key'] == $getcode3['code'])
291 {
292 $inssub = "INSERT INTO subscriptions (username,url,owner) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($header['Subscription']) . "\", \"true\")";
293 $inssub2 = mysql_query($inssub);
294
295 return true;
296 }
297 }
298 }
299 }
221 } 300 }
222 } 301 }
223 302
224 return new xmlrpcresp(new xmlrpcval(1, "int")); 303 return false;
225} 304}
226 305
227function addSubscription($username, $verification, $verificationID, $subscription) 306function instaDisc_listPendingSubscriptions($username)
228{ 307{
229 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 308 $getsubs = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\"";
309 $getsubs2 = mysql_query($getsubs);
310 $i=0;
311 while ($getsubs3[$i] = mysql_fetch_array($getsubs2))
230 { 312 {
231 $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")"; 313 $subs[$i] = array('url' => $getsubs3[$i]['url'], 'code' => $getsubs3[$i]['code']);
232 $inssub2 = mysql_query($inssub);
233 314
234 return new xmlrpcresp(new xmlrpcval(0, "int")); 315 $i++;
235 } 316 }
236 317
237 return new xmlrpcresp(new xmlrpcval(1, "int")); 318 $subs['size'] = $i;
319 return $subs;
238} 320}
239 321
240function sendDatabase($cserver, $verification, $verificationID, $db) 322function instaDisc_generateSubscriptionActivation($username, $url)
241{ 323{
242 if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) 324 $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
325 $getuser2 = mysql_query($getuser);
326 $getuser3 = mysql_fetch_array($getuser2);
327 if ($getuser3['username'] == $username)
243 { 328 {
244 if (isset($db['central.fourisland.com'])) 329 $key = md5(rand(1,65536));
245 {
246 $getfi = "SELECT * FROM centralServers WHERE url = \"central.fourisland.com\"";
247 $getfi2 = mysql_query($getfi);
248 $getfi3 = mysql_fetch_array($getfi2);
249 330
250 if ($db['central.fourisland.com']['code'] == $getfi3['code']) 331 $inspending = "INSERT INTO pending2 (username, url, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")";
251 { 332 $inspending2 = mysql_query($inspending);
252 $deldb = "DELETE FROM centralServers";
253 $deldb2 = mysql_query($deldb);
254 333
255 foreach($db as $name => $value) 334 return $key;
256 { 335 }
257 $insdb = "INSERT INTO centralServers (url, code, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['code']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")";
258 $insdb2 = mysql_query($insdb);
259 }
260 336
261 return new xmlrpcresp(new xmlrpcval("0", 'int')); 337 return false;
262 } 338}
263 } 339
340function instaDisc_deleteSubscription($username, $url)
341{
342 $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
343 $getsub2 = mysql_query($getsub);
344 $getsub3 = mysql_fetch_array($getsub2);
345 if ($getsub3['username'] == $username)
346 {
347 $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
348 $delsub2 = mysql_query($delsub);
349
350 return true;
264 } 351 }
265 352
266 return new xmlrpcresp(new xmlrpcval(1, "int")); 353 return false;
267} 354}
268 355
269$s = new xmlrpc_server( array( "InstaDisc.checkRegistration" => array("function" => "checkRegistration"), 356function instaDisc_cancelSubscription($username, $url)
270 "InstaDisc.deleteItem" => array("function" => "deleteItem"), 357{
271 "InstaDisc.resendItem" => array("function" => "resendItem"), 358 $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
272 "InstaDisc.requestRetained" => array("function" => "requestRetained"), 359 $getsub2 = mysql_query($getsub);
273 "InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"), 360 $getsub3 = mysql_fetch_array($getsub2);
274 "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"), 361 if ($getsub3['username'] == $username)
275 "InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"), 362 {
276 "InstaDisc.askForDatabase" => array("function" => "askForDatabase"), 363 $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
277 "InstaDisc.deleteSubscription" => array("function" => "deleteSubscription"), 364 $delsub2 = mysql_query($delsub);
278 "InstaDisc.addSubscription" => array("function" => "addSubscription"), 365
279 "InstaDisc.sendDatabase" => array("function" => "sendDatabase") 366 return true;
280 ),0); 367 }
281$s->functions_parameters_type = 'phpvals'; 368
282$s->service(); 369 return false;
370}
283 371
284?> 372?>
diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index 3b734ad..95d439d 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php
@@ -125,7 +125,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
125 instaDisc_sendUpdateNotice($softwareVersion); 125 instaDisc_sendUpdateNotice($softwareVersion);
126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) 126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
127 { 127 {
128 $cserver2 = $_SERVER['HTTP_HOST']; 128 $cserver2 = $_SERVER['SERVER_NAME'];
129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; 129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
130 $getuk2 = mysql_query($getuk); 130 $getuk2 = mysql_query($getuk);
131 $getuk3 = mysql_fetch_array($getuk2); 131 $getuk3 = mysql_fetch_array($getuk2);
@@ -142,7 +142,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
142 142
143 if ($databaseVersion > instaDisc_getConfig('databaseVersion')) 143 if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
144 { 144 {
145 $cserver2 = $_SERVER['HTTP_HOST']; 145 $cserver2 = $_SERVER['SERVER_NAME'];
146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; 146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
147 $getuk2 = mysql_query($getuk); 147 $getuk2 = mysql_query($getuk);
148 $getuk3 = mysql_fetch_array($getuk2); 148 $getuk3 = mysql_fetch_array($getuk2);