diff options
Diffstat (limited to 'central/trunk')
| -rw-r--r-- | central/trunk/instadisc.php | 474 | ||||
| -rw-r--r-- | central/trunk/xmlrpc.php | 8 |
2 files changed, 197 insertions, 285 deletions
| diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 959feb7..3b734ad 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
| @@ -2,371 +2,283 @@ | |||
| 2 | 2 | ||
| 3 | /* InstaDisc Server - A Four Island Project */ | 3 | /* InstaDisc Server - A Four Island Project */ |
| 4 | 4 | ||
| 5 | include_once('db.php'); | 5 | include('xmlrpc/xmlrpc.inc'); |
| 6 | include_once('class.phpmailer.php'); | 6 | include('xmlrpc/xmlrpcs.inc'); |
| 7 | include('db.php'); | ||
| 8 | include('instadisc.php'); | ||
| 7 | 9 | ||
| 8 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) | 10 | function checkRegistration($username, $verification, $verificationID) |
| 9 | { | 11 | { |
| 10 | $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; | 12 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 11 | $getverid2 = mysql_query($getverid); | ||
| 12 | $getverid3 = mysql_fetch_array($getverid2); | ||
| 13 | if ($getverid3['id'] != $verificationID) | ||
| 14 | { | 13 | { |
| 15 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; | 14 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 16 | $getitem2 = mysql_query($getitem); | ||
| 17 | $getitem3 = mysql_fetch_array($getitem2); | ||
| 18 | if ($getitem3[$nameField] == $username) | ||
| 19 | { | ||
| 20 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | ||
| 21 | |||
| 22 | if (md5($test) == $verification) | ||
| 23 | { | ||
| 24 | $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 25 | $cntverid2 = mysql_query($cntverid); | ||
| 26 | $cntverid3 = mysql_fetch_array($cntverid2); | ||
| 27 | if ($cntverid3[0] >= intval(instaDisc_getConfig('verIDBufferSize'))) | ||
| 28 | { | ||
| 29 | $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 30 | $delverid2 = mysql_query($delverid); | ||
| 31 | } | ||
| 32 | |||
| 33 | $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; | ||
| 34 | $insverid2 = mysql_query($insverid); | ||
| 35 | |||
| 36 | return true; | ||
| 37 | } | ||
| 38 | } | ||
| 39 | } | 15 | } |
| 40 | 16 | ||
| 41 | return false; | 17 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 42 | } | 18 | } |
| 43 | 19 | ||
| 44 | function instaDisc_sendItem($username, $id) | 20 | function deleteItem($username, $verification, $verificationID, $id) |
| 45 | { | 21 | { |
| 46 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; | 22 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 47 | $getitem2 = mysql_query($getitem); | ||
| 48 | $getitem3 = mysql_fetch_array($getitem2); | ||
| 49 | if ($getitem3['username'] == $username) | ||
| 50 | { | 23 | { |
| 51 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 24 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; |
| 52 | $getuser2 = mysql_query($getuser); | 25 | $getitem2 = mysql_query($getitem); |
| 53 | $getuser3 = mysql_fetch_array($getuser2); | 26 | $getitem3 = mysql_fetch_array($getitem2); |
| 54 | 27 | if ($getitem3['id'] == $id) | |
| 55 | $fp = fsockopen($getuser3['ip'], 4444, $errno, $errstr); | ||
| 56 | if ($fp) | ||
| 57 | { | 28 | { |
| 58 | $verID = rand(1,65536); | 29 | $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; |
| 30 | $delitem2 = mysql_query($delitem); | ||
| 59 | 31 | ||
| 60 | $out = 'ID: ' . $id . '\r\n'; | 32 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 61 | $out .= 'Verification: ' . md5($username . ':' . $getuser3['password'] . ':' . $verID) . '\r\n'; | ||
| 62 | $out .= 'Verification-ID: ' . $verID . '\r\n'; | ||
| 63 | $out .= 'Subscription: ' . $getitem3['subscription'] . '\r\n'; | ||
| 64 | $out .= 'Title: ' . $getitem3['title'] . '\r\n'; | ||
| 65 | $out .= 'Author: ' . $getitem3['author'] . '\r\n'; | ||
| 66 | $out .= 'URL: ' . $getitem3['url'] . '\r\n'; | ||
| 67 | $out .= '\r\n\r\n'; | ||
| 68 | |||
| 69 | fwrite($fp, $out); | ||
| 70 | fclose($fp); | ||
| 71 | } | 33 | } |
| 72 | } | 34 | } |
| 73 | } | ||
| 74 | 35 | ||
| 75 | function instaDisc_sendUpdateNotice($softwareVersion) | 36 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 76 | { | ||
| 77 | $username = instaDisc_getConfig('owner'); | ||
| 78 | $subscription = 'http://' . $_SERVER['HTTP_HOST']; | ||
| 79 | $title = 'Update your software to ' . $software; | ||
| 80 | $author = 'Hatkirby'; | ||
| 81 | $url = 'http://fourisland.com/projects/instadisc/wiki/CentralSoftwareUpdate'; | ||
| 82 | $semantics = array(); | ||
| 83 | |||
| 84 | instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics); | ||
| 85 | } | 37 | } |
| 86 | 38 | ||
| 87 | function instaDisc_sendDatabase($cserver) | 39 | function resendItem($username, $verification, $verificationID, $id) |
| 88 | { | 40 | { |
| 89 | $getdb = "SELECT * FROM centralServers"; | 41 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 90 | $getdb2 = mysql_query($getdb); | ||
| 91 | $i=0; | ||
| 92 | while ($getdb3[$i] = mysql_fetch_array($getdb2)) | ||
| 93 | { | 42 | { |
| 94 | $db[$getdb3[$i]['url']]['code'] = $getdb3[$i]['code']; | 43 | $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id; |
| 95 | $db[$getdb3[$i]['url']]['xmlrpc'] = $getdb3[$i]['xmlrpc']; | 44 | $getitem2 = mysql_query($getitem); |
| 96 | $i++; | 45 | $getitem3 = mysql_fetch_array($getitem2); |
| 97 | } | 46 | if ($getitem3['id'] == $id) |
| 98 | 47 | { | |
| 99 | $cserver2 = $_SERVER['HTTP_HOST']; | 48 | instaDisc_sendItem($username, $id); |
| 100 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 101 | $getuk2 = mysql_query($getuk); | ||
| 102 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 103 | |||
| 104 | $verID = rand(1,65536); | ||
| 105 | |||
| 106 | $client = new xmlrpc_client($cserver); | ||
| 107 | $msg = new xmlrpcmsg("InstaDisc.sendDatabase", array( new xmlrpcval($cserver2, 'string'), | ||
| 108 | new xmlrpcval(md5($cserver2 . ":" . $getuk3['code'] . ":" . $verID), 'string'), | ||
| 109 | new xmlrpcval($verID, 'int'), | ||
| 110 | new xmlrpcval($db, 'array'))); | ||
| 111 | $client->send($msg); | ||
| 112 | } | ||
| 113 | |||
| 114 | function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics) | ||
| 115 | { | ||
| 116 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 117 | $getuser2 = mysql_query($getuser); | ||
| 118 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 119 | if ($getuser3['username'] == $username) | ||
| 120 | { | ||
| 121 | $itemID = $getuser3['nextItemID']; | ||
| 122 | $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_real_escape_string($username) . "\""; | ||
| 123 | $setuser2 = mysql_query($setuser); | ||
| 124 | |||
| 125 | $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $itemID . ", \"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($title) . "\", \"" . mysql_real_escape_string($author) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string(serialize($semantics)) . "\")"; | ||
| 126 | $insitem2 = mysql_query($insitem); | ||
| 127 | |||
| 128 | instaDisc_sendItem($username, $itemID); | ||
| 129 | } | ||
| 130 | } | ||
| 131 | 49 | ||
| 132 | function instaDisc_phpMailer() | 50 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 133 | { | 51 | } |
| 134 | $mail = new PHPMailer(); | ||
| 135 | $mail->IsSMTP(); | ||
| 136 | $mail->From = 'instadisc@' . instaDisc_getConfig('mailDomain'); | ||
| 137 | $mail->FromName = 'InstaDisc'; | ||
| 138 | $mail->Host = instaDisc_getConfig('smtpHost'); | ||
| 139 | if (instaDisc_getConfig('smtpAuth') == 'true') | ||
| 140 | { | ||
| 141 | $mail->SMTPAuth = true; | ||
| 142 | $mail->Username = instaDisc_getConfig('smtpUser'); | ||
| 143 | $mail->Password = instaDisc_getConfig('smtpPass'); | ||
| 144 | } | 52 | } |
| 145 | $mail->Helo = $_SERVER['HTTP_HOST']; | ||
| 146 | $mail->ClearAddresses(); | ||
| 147 | 53 | ||
| 148 | return $mail; | 54 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 149 | } | 55 | } |
| 150 | 56 | ||
| 151 | function instaDisc_sendActivationEmail($username, $password, $email) | 57 | function requestRetained($username, $verification, $veriicationID) |
| 152 | { | 58 | { |
| 153 | $penKey = md5(rand(1,65536)); | 59 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 154 | |||
| 155 | $inspending = "INSERT INTO pending (username, password, email, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string(md5($password)) . "\", \"" . mysql_real_escape_string($email) . "\", \"" . mysql_real_escape_string($penKey) . "\")"; | ||
| 156 | $inspending2 = mysql_query($inspending); | ||
| 157 | |||
| 158 | $mail = instaDisc_phpMailer(); | ||
| 159 | $mail->AddAddress($email, $username); | ||
| 160 | $mail->Subject = 'InstaDisc Account Verification'; | ||
| 161 | $mail->Body = "Hello, someone has recently registered an account at " . $_SERVER['HTTP_HOST'] . " with your email address. If that was you, and your chosen username IS " . $username . ", then copy the account verification code below to our Account Verification page, enter your username and press Activate!\r\n\r\n" . $penKey . "\r\n\r\nIf that was not you, copy the above code to our Account Verification page, enter the above username, and click Delete."; | ||
| 162 | |||
| 163 | return $mail->Send(); | ||
| 164 | } | ||
| 165 | |||
| 166 | function instaDisc_activateAccount($username, $penKey) | ||
| 167 | { | ||
| 168 | $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\""; | ||
| 169 | $getuser2 = mysql_query($getuser); | ||
| 170 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 171 | if ($getuser3['username'] == $username) | ||
| 172 | { | 60 | { |
| 173 | $insuser = "INSERT INTO users (username, password, email) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($getuser3['password']) . "\", \"" . mysql_real_escape_string($getuser3['email']) . "\")"; | 61 | $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 174 | $insuser2 = mysql_query($insuser); | 62 | $getitems2 = mysql_query($getitems); |
| 175 | 63 | $i=0; | |
| 176 | $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 64 | while ($getitems3[$i] = mysql_fetch_array($getitems2)) |
| 177 | $delpending2 = mysql_query($delpending); | 65 | { |
| 178 | 66 | instaDisc_sendItem($username, $getitems3[$i]['itemID']); | |
| 179 | $mail = instaDisc_phpMailer(); | 67 | $i++; |
| 180 | $mail->AddAddress($getuser3['email'], $username); | 68 | } |
| 181 | $mail->Subject = 'Welcome to InstaDisc!'; | ||
| 182 | $mail->Body = "Welcome to InstaDisc! Thank you for registering at " . instaDisc_getConfig('siteName') . " Central Server, we hope you enjoy our service! Now, when you download an InstaDisc Client, it will ask you for the following information which you will need to enter into it for it to work:\r\n\r\nUsername: " . $username . "\r\nPassword: (you should know this, it's not displayed here for security reasons)\r\nCentral Server URL: " . instaDisc_getConfig("xmlrpcURL") . "\r\n\r\nOnce again, thank you for choosing " . instaDisc_getConfig("siteName") . "!"; | ||
| 183 | 69 | ||
| 184 | return $mail->Send(); | 70 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 185 | } else { | ||
| 186 | return false; | ||
| 187 | } | 71 | } |
| 72 | |||
| 73 | return new xmlrpcresp(new xmlrpcval(1, "int")); | ||
| 188 | } | 74 | } |
| 189 | 75 | ||
| 190 | function instaDisc_deactivateAccount($username, $penKey) | 76 | function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics) |
| 191 | { | 77 | { |
| 192 | $getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\""; | 78 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 193 | $getuser2 = mysql_query($getuser); | ||
| 194 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 195 | if ($getuser3['username'] == $username) | ||
| 196 | { | 79 | { |
| 197 | $delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 80 | $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; |
| 198 | $delpending2 = mysql_query($delpending); | 81 | $getusubs2 = mysql_query($getusubs); |
| 82 | $getusubs3 = mysql_fetch_array($getusubs2); | ||
| 83 | if ($getusubs3['username'] == $username) | ||
| 84 | { | ||
| 85 | $cserver = $_SERVER['SERVER_NAME']; | ||
| 86 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\""; | ||
| 87 | $getuk2 = mysql_query($getuk); | ||
| 88 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 89 | |||
| 90 | $getcs = "SELECT * FROM centralServers"; | ||
| 91 | $getcs2 = mysql_query($getcs); | ||
| 92 | $i=0; | ||
| 93 | while ($getcs3[$i] = mysql_fetch_array($getcs2)) | ||
| 94 | { | ||
| 95 | $verID = rand(1,65536); | ||
| 96 | |||
| 97 | $client = new xmlrpc_client($getcs3[$i]['xmlrpc']); | ||
| 98 | $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), | ||
| 99 | new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'), | ||
| 100 | new xmlrpcval($verID, 'int'), | ||
| 101 | new xmlrpcval($subscription, 'string'), | ||
| 102 | new xmlrpcval($title, 'string'), | ||
| 103 | new xmlrpcval($author, 'string'), | ||
| 104 | new xmlrpcval($url, 'string'), | ||
| 105 | new xmlrpcval($semantics, 'array'), | ||
| 106 | new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'), | ||
| 107 | new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int'))); | ||
| 108 | $client->send($msg); | ||
| 109 | $i++; | ||
| 110 | } | ||
| 199 | 111 | ||
| 200 | return true; | 112 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 201 | } else { | 113 | } |
| 202 | return false; | ||
| 203 | } | 114 | } |
| 204 | } | ||
| 205 | 115 | ||
| 206 | function instaDisc_verifyUser($username, $password) | 116 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 207 | { | ||
| 208 | return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password'); | ||
| 209 | } | 117 | } |
| 210 | 118 | ||
| 211 | function instaDisc_deleteAccount($username) | 119 | function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion) |
| 212 | { | 120 | { |
| 213 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 121 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) |
| 214 | $getuser2 = mysql_query($getuser); | ||
| 215 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 216 | if ($getuser3['username'] == $username) | ||
| 217 | { | 122 | { |
| 218 | $deluser = "DELETE FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 123 | if ($softwareVersion > instaDisc_getConfig('softwareVersion')) |
| 219 | $deluser2 = mysql_query($deluser); | 124 | { |
| 220 | 125 | instaDisc_sendUpdateNotice($softwareVersion); | |
| 221 | $delsubs = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 126 | } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) |
| 222 | $delsubs2 = mysql_query($delsubs); | 127 | { |
| 128 | $cserver2 = $_SERVER['HTTP_HOST']; | ||
| 129 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 130 | $getuk2 = mysql_query($getuk); | ||
| 131 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 223 | 132 | ||
| 224 | $delitems = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 133 | $verID = rand(1,65536); |
| 225 | $delitems2 = mysql_query($delitems); | ||
| 226 | 134 | ||
| 227 | return true; | 135 | $client = new xmlrpc_client($cserver); |
| 228 | } | 136 | $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'), |
| 137 | new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'), | ||
| 138 | new xmlrpcval($verID, 'int'), | ||
| 139 | new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'))); | ||
| 140 | $client->send($msg); | ||
| 141 | } | ||
| 229 | 142 | ||
| 230 | return false; | 143 | if ($databaseVersion > instaDisc_getConfig('databaseVersion')) |
| 231 | } | 144 | { |
| 145 | $cserver2 = $_SERVER['HTTP_HOST']; | ||
| 146 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\""; | ||
| 147 | $getuk2 = mysql_query($getuk); | ||
| 148 | $getuk3 = mysql_fetch_array($getuk2); | ||
| 232 | 149 | ||
| 233 | function instaDisc_getConfig($key) | 150 | $verID = rand(1,65536); |
| 234 | { | ||
| 235 | $getconfig = "SELECT * FROM config WHERE name = \"" . mysql_real_escape_string($key) . "\""; | ||
| 236 | $getconfig2 = mysql_query($getconfig); | ||
| 237 | $getconfig3 = mysql_fetch_array($getconfig2); | ||
| 238 | 151 | ||
| 239 | return $getconfig3['value']; | 152 | $client = new xmlrpc_client($cserver); |
| 240 | } | 153 | $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'), |
| 154 | new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'), | ||
| 155 | new xmlrpcval($verID, 'int'), | ||
| 156 | new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int'))); | ||
| 157 | $client->send($msg); | ||
| 158 | } else if ($databaseVersion < instaDisc_getConfig('databaseVersion')) | ||
| 159 | { | ||
| 160 | instaDisc_sendDatabase($cserver); | ||
| 161 | } | ||
| 241 | 162 | ||
| 242 | function instaDisc_listSubscriptions($username) | 163 | $getsed = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\""; |
| 243 | { | 164 | $getsed2 = mysql_query($getsed); |
| 244 | $getsubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"true\""; | 165 | $i=0; |
| 245 | $getsubs2 = mysql_query($getsubs); | 166 | while ($getsed3[$i] = mysql_fetch_array($getsed2)) |
| 246 | $i=0; | 167 | { |
| 247 | while ($getsubs3[$i] = mysql_fetch_array($getsubs2)) | 168 | instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics); |
| 248 | { | 169 | $i++; |
| 249 | $subs[$i] = $getsubs3[$i]['url']; | 170 | } |
| 250 | 171 | ||
| 251 | $i++; | 172 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 252 | } | 173 | } |
| 253 | 174 | ||
| 254 | $subs['size'] = $i; | 175 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 255 | return $subs; | ||
| 256 | } | 176 | } |
| 257 | 177 | ||
| 258 | function instaDisc_addSubscription($username, $url) | 178 | function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion) |
| 259 | { | 179 | { |
| 260 | $getcode = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; | 180 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) |
| 261 | $getcode2 = mysql_query($getcode); | ||
| 262 | $getcode3 = mysql_fetch_array($getcode2); | ||
| 263 | if ($getcode3['username'] == $username) | ||
| 264 | { | 181 | { |
| 265 | $delcode = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\""; | 182 | if ($softwareVersion > instaDisc_getConfig('softwareVersion')) |
| 266 | $delcode2 = mysql_query($delcode); | ||
| 267 | |||
| 268 | $c = curl_init(); | ||
| 269 | curl_setopt($c, CURLOPT_URL, $url); | ||
| 270 | curl_setopt($c, CURLOPT_HEADER, false); | ||
| 271 | curl_setopt($c, CURLOPT_RETURNTRANSFER, true); | ||
| 272 | $page_data = curl_exec($c); | ||
| 273 | curl_close($c); | ||
| 274 | |||
| 275 | $headers = split("\n", $page_date); | ||
| 276 | foreach ($headers as $name => $value) | ||
| 277 | { | 183 | { |
| 278 | $header = split(": ", $value); | 184 | instaDisc_sendUpdateNotice($softwareVersion); |
| 279 | $headerMap[$header[0]] = $header[1]; | ||
| 280 | } | ||
| 281 | 185 | ||
| 282 | if (isset($header['Subscription'])) | 186 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 283 | { | ||
| 284 | if (isset($header['Title'])) | ||
| 285 | { | ||
| 286 | if (isset($header['Category'])) | ||
| 287 | { | ||
| 288 | if (isset($header['Key'])) | ||
| 289 | { | ||
| 290 | if ($header['Key'] == $getcode3['code']) | ||
| 291 | { | ||
| 292 | $inssub = "INSERT INTO subscriptions (username,url,owner) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($header['Subscription']) . "\", \"true\")"; | ||
| 293 | $inssub2 = mysql_query($inssub); | ||
| 294 | |||
| 295 | return true; | ||
| 296 | } | ||
| 297 | } | ||
| 298 | } | ||
| 299 | } | ||
| 300 | } | 187 | } |
| 301 | } | 188 | } |
| 302 | 189 | ||
| 303 | return false; | 190 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 304 | } | 191 | } |
| 305 | 192 | ||
| 306 | function instaDisc_listPendingSubscriptions($username) | 193 | function askForDatabase($cserver, $verification, $verificationID, $databaseVersion) |
| 307 | { | 194 | { |
| 308 | $getsubs = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 195 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) |
| 309 | $getsubs2 = mysql_query($getsubs); | ||
| 310 | $i=0; | ||
| 311 | while ($getsubs3[$i] = mysql_fetch_array($getsubs2)) | ||
| 312 | { | 196 | { |
| 313 | $subs[$i] = array('url' => $getsubs3[$i]['url'], 'code' => $getsubs3[$i]['code']); | 197 | if ($databaseVersion < instaDisc_getConfig('databaseVersion')) |
| 198 | { | ||
| 199 | instaDisc_sendDatabase($cserver); | ||
| 314 | 200 | ||
| 315 | $i++; | 201 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 202 | } | ||
| 316 | } | 203 | } |
| 317 | 204 | ||
| 318 | $subs['size'] = $i; | 205 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 319 | return $subs; | ||
| 320 | } | 206 | } |
| 321 | 207 | ||
| 322 | function instaDisc_generateSubscriptionActivation($username, $url) | 208 | function deleteSubscription($username, $verification, $verificationID, $subscription) |
| 323 | { | 209 | { |
| 324 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 210 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 325 | $getuser2 = mysql_query($getuser); | ||
| 326 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 327 | if ($getuser3['username'] == $username) | ||
| 328 | { | 211 | { |
| 329 | $key = md5(rand(1,65536)); | 212 | $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; |
| 330 | 213 | $getsub2 = mysql_query($getsub); | |
| 331 | $inspending = "INSERT INTO pending2 (username, url, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; | 214 | $getsub3 = mysql_fetch_array($getsub2); |
| 332 | $inspending2 = mysql_query($inspending); | 215 | if ($getsub3['url'] == $subscription) |
| 216 | { | ||
| 217 | $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\""; | ||
| 218 | $delsub2 = mysql_query($delsub); | ||
| 333 | 219 | ||
| 334 | return $key; | 220 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 221 | } | ||
| 335 | } | 222 | } |
| 336 | 223 | ||
| 337 | return false; | 224 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 338 | } | 225 | } |
| 339 | 226 | ||
| 340 | function instaDisc_deleteSubscription($username, $url) | 227 | function addSubscription($username, $verification, $verificationID, $subscription) |
| 341 | { | 228 | { |
| 342 | $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 229 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) |
| 343 | $getsub2 = mysql_query($getsub); | ||
| 344 | $getsub3 = mysql_fetch_array($getsub2); | ||
| 345 | if ($getsub3['username'] == $username) | ||
| 346 | { | 230 | { |
| 347 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 231 | $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")"; |
| 348 | $delsub2 = mysql_query($delsub); | 232 | $inssub2 = mysql_query($inssub); |
| 349 | 233 | ||
| 350 | return true; | 234 | return new xmlrpcresp(new xmlrpcval(0, "int")); |
| 351 | } | 235 | } |
| 352 | 236 | ||
| 353 | return false; | 237 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 354 | } | 238 | } |
| 355 | 239 | ||
| 356 | function instaDisc_cancelSubscription($username, $url) | 240 | function sendDatabase($cserver, $verification, $verificationID, $db) |
| 357 | { | 241 | { |
| 358 | $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 242 | if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code')) |
| 359 | $getsub2 = mysql_query($getsub); | ||
| 360 | $getsub3 = mysql_fetch_array($getsub2); | ||
| 361 | if ($getsub3['username'] == $username) | ||
| 362 | { | 243 | { |
| 363 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 244 | if (isset($db['central.fourisland.com'])) |
| 364 | $delsub2 = mysql_query($delsub); | 245 | { |
| 246 | $getfi = "SELECT * FROM centralServers WHERE url = \"central.fourisland.com\""; | ||
| 247 | $getfi2 = mysql_query($getfi); | ||
| 248 | $getfi3 = mysql_fetch_array($getfi2); | ||
| 365 | 249 | ||
| 366 | return true; | 250 | if ($db['central.fourisland.com']['code'] == $getfi3['code']) |
| 251 | { | ||
| 252 | $deldb = "DELETE FROM centralServers"; | ||
| 253 | $deldb2 = mysql_query($deldb); | ||
| 254 | |||
| 255 | foreach($db as $name => $value) | ||
| 256 | { | ||
| 257 | $insdb = "INSERT INTO centralServers (url, code, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['code']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")"; | ||
| 258 | $insdb2 = mysql_query($insdb); | ||
| 259 | } | ||
| 260 | |||
| 261 | return new xmlrpcresp(new xmlrpcval("0", 'int')); | ||
| 262 | } | ||
| 263 | } | ||
| 367 | } | 264 | } |
| 368 | 265 | ||
| 369 | return false; | 266 | return new xmlrpcresp(new xmlrpcval(1, "int")); |
| 370 | } | 267 | } |
| 371 | 268 | ||
| 269 | $s = new xmlrpc_server( array( "InstaDisc.checkRegistration" => array("function" => "checkRegistration"), | ||
| 270 | "InstaDisc.deleteItem" => array("function" => "deleteItem"), | ||
| 271 | "InstaDisc.resendItem" => array("function" => "resendItem"), | ||
| 272 | "InstaDisc.requestRetained" => array("function" => "requestRetained"), | ||
| 273 | "InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"), | ||
| 274 | "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"), | ||
| 275 | "InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"), | ||
| 276 | "InstaDisc.askForDatabase" => array("function" => "askForDatabase"), | ||
| 277 | "InstaDisc.deleteSubscription" => array("function" => "deleteSubscription"), | ||
| 278 | "InstaDisc.addSubscription" => array("function" => "addSubscription"), | ||
| 279 | "InstaDisc.sendDatabase" => array("function" => "sendDatabase") | ||
| 280 | ),0); | ||
| 281 | $s->functions_parameters_type = 'phpvals'; | ||
| 282 | $s->service(); | ||
| 283 | |||
| 372 | ?> | 284 | ?> |
| diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index efaa70f..3b734ad 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php | |||
| @@ -80,9 +80,9 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription | |||
| 80 | $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; | 80 | $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\""; |
| 81 | $getusubs2 = mysql_query($getusubs); | 81 | $getusubs2 = mysql_query($getusubs); |
| 82 | $getusubs3 = mysql_fetch_array($getusubs2); | 82 | $getusubs3 = mysql_fetch_array($getusubs2); |
| 83 | if ($getusubs['username'] == $username) | 83 | if ($getusubs3['username'] == $username) |
| 84 | { | 84 | { |
| 85 | $cserver = $_SERVER['HTTP_HOST']; | 85 | $cserver = $_SERVER['SERVER_NAME']; |
| 86 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\""; | 86 | $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\""; |
| 87 | $getuk2 = mysql_query($getuk); | 87 | $getuk2 = mysql_query($getuk); |
| 88 | $getuk3 = mysql_fetch_array($getuk2); | 88 | $getuk3 = mysql_fetch_array($getuk2); |
| @@ -96,7 +96,7 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription | |||
| 96 | 96 | ||
| 97 | $client = new xmlrpc_client($getcs3[$i]['xmlrpc']); | 97 | $client = new xmlrpc_client($getcs3[$i]['xmlrpc']); |
| 98 | $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), | 98 | $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), |
| 99 | new xmlrpcval(md5($cserver + ":" + $getuk3['code'] + ":" + $verID), 'string'), | 99 | new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'), |
| 100 | new xmlrpcval($verID, 'int'), | 100 | new xmlrpcval($verID, 'int'), |
| 101 | new xmlrpcval($subscription, 'string'), | 101 | new xmlrpcval($subscription, 'string'), |
| 102 | new xmlrpcval($title, 'string'), | 102 | new xmlrpcval($title, 'string'), |
| @@ -165,7 +165,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription | |||
| 165 | $i=0; | 165 | $i=0; |
| 166 | while ($getsed3[$i] = mysql_fetch_array($getsed2)) | 166 | while ($getsed3[$i] = mysql_fetch_array($getsed2)) |
| 167 | { | 167 | { |
| 168 | instaDisc_addItem($getsed3['username'], $subscription, $title, $author, $url, $semantics); | 168 | instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics); |
| 169 | $i++; | 169 | $i++; |
| 170 | } | 170 | } |
| 171 | 171 | ||