From ff10ea272a1b63d6c5a5ce496911cc0e8e7e8b9d Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Fri, 1 Aug 2008 17:29:12 +0000 Subject: Central: Centrallized verification checks Molded the verification checking into one library functions so the each and every XML-RPC function wouldn't have to implement. Also added the InstaDisc.sendUpdateNotice and InstaDisc.askForDatabase functions. --- central/trunk/instadisc.php | 22 ++++ central/trunk/xmlrpc.php | 245 ++++++++++++++++++++++---------------------- 2 files changed, 142 insertions(+), 125 deletions(-) create mode 100644 central/trunk/instadisc.php diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php new file mode 100644 index 0000000..f8f33e5 --- /dev/null +++ b/central/trunk/instadisc.php @@ -0,0 +1,22 @@ + diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index 1a3c1c3..9e5971a 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php @@ -9,16 +9,9 @@ include('instadisc.php'); function checkRegistration($username, $verification, $verificationID) { - $getuser = "SELECT * FROM users WHERE username = \"" . $username "\""; - $getuser2 = mysql_query($getuser): - $getuser3 = mysql_fetch_array($getuser2); - if ($getuser3['username'] == $username) + if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $test = $username . ":" . $getuser3['password'] . ":" .$verificationID; - if (md5($test) == $verification) - { - return new xmlrpcresp(new xmlrpcval(0, "int")); - } + return new xmlrpcresp(new xmlrpcval(0, "int")); } return new xmlrpcresp(new xmlrpcval(1, "int")); @@ -26,24 +19,17 @@ function checkRegistration($username, $verification, $verificationID) function deleteItem($username, $verification, $verificationID, $id) { - $getuser = "SELECT * FROM users WHERE username = \"" . $username "\""; - $getuser2 = mysql_query($getuser): - $getuser3 = mysql_fetch_array($getuser2); - if ($getuser3['username'] == $username) + if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $test = $username . ":" . $getuser3['password'] . ":" .$verificationID; - if (md5($test) == $verification) + $getitem = "SELECT * FROM inbox WHERE id = " . $id; + $getitem2 = mysql_query($getitem); + $getitem3 = mysql_fetch_array($getitem2); + if ($getitem3['id'] == $id) { - $getitem = "SELECT * FROM inbox WHERE id = " . $id; - $getitem2 = mysql_query($getitem); - $getitem3 = mysql_fetch_array($getitem2); - if ($getitem3['id'] == $id) - { - $delitem = "DELETE inbox WHERE id = " . $id; - $delitem2 = mysql_query($delitem); + $delitem = "DELETE inbox WHERE id = " . $id; + $delitem2 = mysql_query($delitem); - return new xmlrpcresp(new xmlrpcval(0, "int")); - } + return new xmlrpcresp(new xmlrpcval(0, "int")); } } @@ -52,23 +38,16 @@ function deleteItem($username, $verification, $verificationID, $id) function resendItem($username, $verification, $verificationID, $id) { - $getuser = "SELECT * FROM users WHERE username = \"" . $username "\""; - $getuser2 = mysql_query($getuser): - $getuser3 = mysql_fetch_array($getuser2); - if ($getuser3['username'] == $username) + if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $test = $username . ":" . $getuser3['password'] . ":" .$verificationID; - if (md5($test) == $verification) + $getitem = "SELECT * FROM inbox WHERE id = " . $id; + $getitem2 = mysql_query($getitem); + $getitem3 = mysql_fetch_array($getitem2); + if ($getitem3['id'] == $id) { - $getitem = "SELECT * FROM inbox WHERE id = " . $id; - $getitem2 = mysql_query($getitem); - $getitem3 = mysql_fetch_array($getitem2); - if ($getitem3['id'] == $id) - { - instaDisc_sendItem($id); + instaDisc_sendItem($id); - return new xmlrpcresp(new xmlrpcval(0, "int")); - } + return new xmlrpcresp(new xmlrpcval(0, "int")); } } @@ -77,48 +56,41 @@ function resendItem($username, $verification, $verificationID, $id) function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics) { - $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\""; - $getuser2 = mysql_query($getuser); - $getuser3 = mysql_fetch_array($getuser2); - if ($getuser3['username'] == $username) + if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $test = $username . ':' . $getuser3['password'] . ':' . $verificationID; - if (md5($test) == $verification) + $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . $username . "\" AND uri = \"" . $subscription . "\" AND owner = \"true\""; + $getusubs2 = mysql_query($getusubs); + $getusubs3 = mysql_fetch_array($getusubs2); + if ($getusubs['username'] == $username) { - $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . $username . "\" AND uri = \"" . $subscription . "\" AND owner = \"true\""; - $getusubs2 = mysql_query($getusubs); - $getusubs3 = mysql_fetch_array($getusubs2); - if ($getusubs['username'] == $username) + $cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\""; + $getuk2 = mysql_query($getuk); + $getuk3 = mysql_fetch_array($getuk2); + + $getcs = "SELECT * FROM centralServers"; + $getcs2 = mysql_query($getcs); + $i=0; + while ($getcs3[$i] = mysql_fetch_array($getcs2)) { - $cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\""; - $getuk2 = mysql_query($getuk); - $getuk3 = mysql_fetch_array($getuk2); - - $getcs = "SELECT * FROM centralServers"; - $getcs2 = mysql_query($getcs); - $i=0; - while ($getcs3[$i] = mysql_fetch_array($getcs2)) - { - $verID = rand(1,65536); - - $client = new xmlrpc_client($getcs3[$i]['url']); - $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), - new xmlrpcval(md5($cserver + ":" + $getuk3['key'] + ":" + $verID), 'string'), - new xmlrpcval($verID, 'int'), - new xmlrpcval($subscription, 'string'), - new xmlrpcval($title, 'string'), - new xmlrpcval($author, 'string'), - new xmlrpcval($url, 'string'), - new xmlrpcval($semantics, 'array'), - new xmlrpcval(getConfig('softwareVersion'), 'int'), - new xmlrpcval(getConfig('databaseVersion'), 'int'))); - $client->send($msg); - $i++; - } - - return new xmlrpcresp(new xmlrpcval(0, "int")); + $verID = rand(1,65536); + + $client = new xmlrpc_client($getcs3[$i]['url']); + $msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array( new xmlrpcval($cserver, 'string'), + new xmlrpcval(md5($cserver + ":" + $getuk3['key'] + ":" + $verID), 'string'), + new xmlrpcval($verID, 'int'), + new xmlrpcval($subscription, 'string'), + new xmlrpcval($title, 'string'), + new xmlrpcval($author, 'string'), + new xmlrpcval($url, 'string'), + new xmlrpcval($semantics, 'array'), + new xmlrpcval(getConfig('softwareVersion'), 'int'), + new xmlrpcval(getConfig('databaseVersion'), 'int'))); + $client->send($msg); + $i++; } + + return new xmlrpcresp(new xmlrpcval(0, "int")); } } @@ -127,62 +99,70 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion) { - $getcs = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\""; - $getcs2 = mysql_query($getcs); - $getcs3 = mysql_fetch_array($getcs2); - if ($getcs3['url'] == $cserver) + if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'key')) { - $test = $cserver . ':' . $getcs3['key'] . ':' . $verificationID; - if (md5($test) == $verification) + if ($softwareVersion > getConfig('softwareVersion')) { - if ($softwareVersion > getConfig('softwareVersion')) - { - instaDisc_sendUpdateNotice(); - } else if ($softwareVersion < getConfig('softwareVersion')) - { - $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; - $getuk2 = mysql_query($getuk); - $getuk3 = mysql_fetch_array($getuk2); + instaDisc_sendUpdateNotice(); + } else if ($softwareVersion < getConfig('softwareVersion')) + { + $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; + $getuk2 = mysql_query($getuk); + $getuk3 = mysql_fetch_array($getuk2); - $verID = rand(1,65536); + $verID = rand(1,65536); - $client = new xmlrpc_client($cserver); - $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'), - new xmlrpcval(md5($cserver2 . ':' . $getuk3['key'] . ':' . $verID), 'string'), - new xmlrpcval($verID, 'int'), - new xmlrpcval(getConfig('softwareVersion'), 'int'))); - $client->send($msg); - } + $client = new xmlrpc_client($cserver); + $msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array( new xmlrpcval($cserver2, 'string'), + new xmlrpcval(md5($cserver2 . ':' . $getuk3['key'] . ':' . $verID), 'string'), + new xmlrpcval($verID, 'int'), + new xmlrpcval(getConfig('softwareVersion'), 'int'))); + $client->send($msg); + } - if ($databaseVersion > getConfig('databaseVersion')) - { - $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; - $getuk2 = mysql_query($getuk); - $getuk3 = mysql_fetch_array($getuk2); + if ($databaseVersion > getConfig('databaseVersion')) + { + $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; + $getuk2 = mysql_query($getuk); + $getuk3 = mysql_fetch_array($getuk2); + + $verID = rand(1,65536); + + $client = new xmlrpc_client($cserver); + $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'), + new xmlrpcval(md5($cserver2 . ':' . $getuk3['key'] . ':' . $verID), 'string'), + new xmlrpcval($verID, 'int'), + new xmlrpcval(getConfig('databaseVersion'), 'int'))); + $client->send($msg); + } else if ($databaseVersion < getConfig('databaseVersion')) + { + instaDisc_sendDatabase($cserver); + } - $verID = rand(1,65536); + $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . $subscription . "\""; + $getsed2 = mysql_query($getsed); + $i=0; + while ($getsed3[$i] = mysql_fetch_array($getsed2)) + { + instaDisc_addItem($getsed3['username'], $subscription, $title, $author, $url, $semantics); + $i++; + } - $client = new xmlrpc_client($cserver); - $msg = new xmlrpcmsg("InstaDisc.askForDatabase", array( new xmlrpcval($cserver2, 'string'), - new xmlrpcval(md5($cserver2 . ':' . $getuk3['key'] . ':' . $verID), 'string'), - new xmlrpcval($verID, 'int'), - new xmlrpcval(getConfig('databaseVersion'), 'int'))); - $client->send($msg); - } else if ($databaseVersion < getConfig('databaseVersion')) - { - instaDisc_sendDatabase($cserver); - } + return new xmlrpcresp(new xmlrpcval(0, "int")); + } - $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . $subscription . "\""; - $getsed2 = mysql_query($getsed); - $i=0; - while ($getsed3[$i] = mysql_fetch_array($getsed2)) - { - instaDisc_addItem($getsed3['username'], $subscription, $title, $author, $url, $semantics); - $i++; - } + return new xmlrpcresp(new xmlrpcval(1, "int")); +} + +function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion) +{ + if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'key')) + { + if ($softwareVersion > getConfig('softwareVersion')) + { + instaDisc_sendUpdateNotice(); return new xmlrpcresp(new xmlrpcval(0, "int")); } @@ -191,12 +171,27 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription return new xmlrpcresp(new xmlrpcval(1, "int")); } +function askForDatabase($cserver, $verification, $verificationID, $databaseVersion) +{ + if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'key')) + { + if ($databaseVersion < getConfig('databaseVersion')) + { + instaDisc_sendDatabase($cserver); + } + } + + return new xmlrpcresp(new xmlrpcval(1, "int")); +} + $s = new xmlrpc_server( array( "InstaDisc.checkRegistration" => array("function" => "checkRegistration"), "InstaDisc.deleteItem" => array("function" => "deleteItem"), "InstaDisc.resendItem" => array("function" => "resendItem"), "InstaDisc.requestRetained" => array("function" => "requestRetained"), "InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"), - "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral") + "InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"), + "InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"), + "InstaDisc.askForDatabase" => array("function" => "askForDatabase") ),0); $s->functions_parameters_type = 'phpvals'; $s->service(); -- cgit 1.4.1