wnross
/
clouddesk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Jakweb.ch stuff
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
24 MiB
Tag: Branch: Tree: 43077b57ed
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '43077b57ed'
${ noResults }
clouddesk/api.php

325 lines
12 KiB
Raw Normal View History Unescape

Initial Commit
1 year ago
<?php
/*===============================================*\
|| ############################################# ||
|| # JAKWEB.CH / Version 2.1.3 # ||
|| # ----------------------------------------- # ||
|| # Copyright 2022 JAKWEB All Rights Reserved # ||
|| ############################################# ||
\*===============================================*/
// Check if the file is accessed only via index.php if not stop the script from running
if (!defined('JAK_PREVENT_ACCESS')) die('You cannot access this file directly.');
// All the tables we need for this plugin
$jaktable = 'clients';
$jaktable1 = 'support_tickets';
$jaktable2 = 'ticket_answers';
$jakfield = 'email';
$errors = array();
// We need to check if the call is coming thru get
if ($_SERVER["REQUEST_METHOD"] == 'GET' && $page1) {
// Get the api and sid key
$api_key = hash_hmac('md5', FULL_SITE_DOMAIN.JAK_O_NUMBER, DB_PASS_HASH);
$api_key1 = hash_hmac('md5', JAK_O_NUMBER.FULL_SITE_DOMAIN, DB_PASS_HASH);
// Rebuild the decryption because of PHP 7.2
$query = "";
$c = base64_decode(strtr($page1, '._-', '+/='));
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $api_key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $api_key, $as_binary=true);
if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison
{
$query = $original_plaintext;
}
parse_str($query, $jkp);
// Set the project id
$pid = $jkp['pid'] ? $jkp['pid'] : JAK_STANDARD_SUPPORT_DEP;
if ($jkp['sid'] = $api_key1) {
switch ($jkp['action']) {
case 'new':
$row = $jakdb->get($jaktable, ["id", "opid", "chat_dep", "support_dep", "faq_cat", "paid_until"], ["email" => $jkp['email']]);
if ($row) {
if ($row["opid"] != filter_var($jkp["mainopid"], FILTER_SANITIZE_NUMBER_INT)) exit();
// Ok we update the credits
if (JAK_BILLING_MODE == 1 && isset($jkp["credits"]) && !empty($jkp["credits"]) && $jkp["credits"] != 0) {
$jakdb->update($jaktable, ["credits[+]" => $jkp["credits"]], ["id" => $row["id"]]);
}
// We update the membership access
if (JAK_BILLING_MODE == 2 && isset($jkp["valid"]) && !empty($jkp["valid"])) {
// Get the new date
if (strtotime($row["paid_until"]) > time()) {
$paidunix = strtotime($jkp["valid"], strtotime($row["paid_until"]));
} else {
$paidunix = strtotime($jkp["valid"]);
}
$paidtill = date('Y-m-d', $paidunix);
$jakdb->update($jaktable, ["paid_until" => $paidtill], ["id" => $row["id"]]);
}
// Update the password
if (isset($jkp["pass"]) && !empty($jkp["pass"])) {
$jakdb->update($jaktable, ["password" => $jkp['pass']], ["id" => $row["id"]]);
}
// Update the chat departments if set so
if (isset($jkp["chatdep"]) && !empty($jkp["chatdep"])) {
$jakdb->update($jaktable, ["chat_dep" => $jkp['chatdep']], ["id" => $row["id"]]);
}
// Update the support departments if set so
if (isset($jkp["supportdep"]) && !empty($jkp["supportdep"])) {
$jakdb->update($jaktable, ["support_dep" => $jkp['supportdep']], ["id" => $row["id"]]);
}
// Update the faq categories if set so
if (isset($jkp["faqcat"]) && !empty($jkp["faqcat"])) {
$jakdb->update($jaktable, ["faq_cat" => $jkp['faqcat']], ["id" => $row["id"]]);
}
// Finally we update the rest
$jakdb->update($jaktable, ["name" => $jkp['name'], "email" => $jkp['email']], ["id" => $row["id"]]);
} else {
if (empty($jkp['name'])) {
$errors['e'] = $jkl['e'];
}
if (JAK_EMAIL_BLOCK) {
$blockede = explode(',', JAK_EMAIL_BLOCK);
if (in_array($jkp['email'], $blockede) || in_array(strrchr($jkp['email'], "@"), $blockede)) {
$errors['e1'] = $jkl['e10'];
}
}
if ($jkp['email'] == '' || !filter_var($jkp['email'], FILTER_VALIDATE_EMAIL)) {
$errors['e2'] = $jkl['e1'];
}
if (jak_field_not_exist(strtolower($jkp['email']),$jaktable,$jakfield)) {
$errors['e3'] = $jkl['hd35'];
}
if (count($errors) == 0) {
// We have no errors we insert the user
// create new password
if ($jkp["pass"]) {
$password = $jkl['hd58'];
$passcrypt = $jkp["pass"];
} else {
$password = jak_password_creator();
$passcrypt = hash_hmac('sha256', $password, DB_PASS_HASH);
}
$result = $jakdb->insert($jaktable, [
"opid" => filter_var($jkp["mainopid"], FILTER_SANITIZE_NUMBER_INT),
"chat_dep" => ($jkp["chatdep"] ? $jkp["chatdep"] : JAK_STANDARD_CHAT_DEP),
"support_dep" => ($jkp["supportdep"] ? $jkp["supportdep"] : JAK_STANDARD_SUPPORT_DEP),
"faq_cat" => ($jkp["faqcat"] ? $jkp["faqcat"] : JAK_STANDARD_FAQ_CAT),
"name" => filter_var($jkp["name"], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
"email" => filter_var($jkp["email"], FILTER_SANITIZE_EMAIL),
"password" => $passcrypt,
"credits" => ($jkp["credits"] ? $jkp["credits"] : 0),
"paid_until" => ($jkp["valid"] ? $jkp["valid"] : "1980-05-06"),
"canupload" => 1,
"access" => 1,
"time" => $jakdb->raw("NOW()")]);
$uid = $jakdb->id();
// Get the email template
$nlhtml = file_get_contents(APP_PATH.'template/'.JAK_FRONT_TEMPLATE.'/email/index.html');
if (!$result) {
// We will need to inform the operator if set so
if (JAK_TICKET_INFORM_R) {
// Change fake vars into real ones.
$cssAtt = array('{emailcontent}', '{weburl}', '{title}', '{emailtpllogo}', '{emailtplcopy}');
$cssUrl = array("There has been an error when creating following user: ".$jkp['email'], BASE_URL, JAK_TITLE, JAK_EMAILTPLLOGO, JAK_EMAILTPLCOPY);
$nlcontent = str_replace($cssAtt, $cssUrl, $nlhtml);
$body = str_ireplace("[\]", "", $nlcontent);
// We need the reply to the department
$emailreply = "";
if (isset($HD_SUPPORT_DEPARTMENTS) && is_array($HD_SUPPORT_DEPARTMENTS)) foreach ($HD_SUPPORT_DEPARTMENTS as $v) {
if ($v["id"] == $accounts["depid"]) {
if ($v["email"]) $emailreply = $v["email"];
}
}
// Ok, we send the email // email address, cc email address, reply to, subject, message, attachment
jak_send_email($semail, explode(',', JAK_EMAILCC), $emailreply, JAK_TITLE.' - API Error', $body, "");
}
} else {
$newuserpath = APP_PATH.JAK_FILES_DIRECTORY.'/clients/'.$uid;
if (!is_dir($newuserpath)) {
mkdir($newuserpath, 0755);
copy(APP_PATH.JAK_FILES_DIRECTORY."/index.html", $newuserpath."/index.html");
}
// Change fake vars into real ones.
if (!empty($HD_ANSWERS) && is_array($HD_ANSWERS)) foreach ($HD_ANSWERS as $v) {
if ($v["msgtype"] == 14 && $v["lang"] == JAK_LANG) {
$phold = array('{url}', '{title}', '{cname}', '{cemail}', '{cpassword}', '{email}');
$replace = array(BASE_URL, JAK_TITLE, $jkp['name'], $jkp['email'], $password, JAK_EMAIL);
$regtext = str_replace($phold, $replace, $v["message"]);
break;
}
}
// Change fake vars into real ones.
$cssAtt = array('{emailcontent}', '{weburl}', '{title}', '{emailtpllogo}', '{emailtplcopy}');
$cssUrl = array($regtext, BASE_URL, JAK_TITLE, JAK_EMAILTPLLOGO, JAK_EMAILTPLCOPY);
$nlcontent = str_replace($cssAtt, $cssUrl, $nlhtml);
$body = str_ireplace("[\]", "", $nlcontent);
// Ok, we send the email // email address, cc email address, reply to, subject, message, attachment
jak_send_email($jkp['email'], "", "", JAK_TITLE.' - '.$jkl['hd33'], $body, "");
}
}
}
exit();
break;
case 'update':
// Collect the information from the old email address
$row = $jakdb->get($jaktable, ["id", "opid", "chat_dep", "support_dep", "faq_cat", "paid_until"], ["email" => $jkp['oldemail']]);
if ($row) {
if ($row["opid"] != filter_var($jkp["mainopid"], FILTER_SANITIZE_NUMBER_INT)) exit();
// Ok we update the credits
if (JAK_BILLING_MODE == 1 && isset($jkp["credits"]) && !empty($jkp["credits"]) && $jkp["credits"] != 0) {
$jakdb->update($jaktable, ["credits[+]" => $jkp["credits"]], ["id" => $row["id"]]);
}
// We update the membership access
if (JAK_BILLING_MODE == 2 && isset($jkp["valid"]) && !empty($jkp["valid"])) {
// Get the new date
if (strtotime($row["paid_until"]) > time()) {
$paidunix = strtotime($jkp["valid"], strtotime($row["paid_until"]));
} else {
$paidunix = strtotime($jkp["valid"]);
}
$paidtill = date('Y-m-d', $paidunix);
$jakdb->update($jaktable, ["paid_until" => $paidtill], ["id" => $row["id"]]);
}
// Update the password
if (isset($jkp["pass"]) && !empty($jkp["pass"])) {
$jakdb->update($jaktable, ["password" => $jkp['pass']], ["id" => $row["id"]]);
}
// Update the chat departments if set so
if (isset($jkp["chatdep"]) && !empty($jkp["chatdep"])) {
$jakdb->update($jaktable, ["chat_dep" => $jkp['chatdep']], ["id" => $row["id"]]);
}
// Update the support departments if set so
if (isset($jkp["supportdep"]) && !empty($jkp["supportdep"])) {
$jakdb->update($jaktable, ["support_dep" => $jkp['supportdep']], ["id" => $row["id"]]);
}
// Update the faq categories if set so
if (isset($jkp["faqcat"]) && !empty($jkp["faqcat"])) {
$jakdb->update($jaktable, ["faq_cat" => $jkp['faqcat']], ["id" => $row["id"]]);
}
// Finally we update the rest
$jakdb->update($jaktable, ["name" => $jkp['name'], "email" => $jkp['email']], ["id" => $row["id"]]);
}
exit();
break;
case 'delete':
$row = $jakdb->get($jaktable, ["id", "opid", "chat_dep", "support_dep", "faq_cat", "paid_until"], ["email" => $jkp['email']]);
if ($row) {
if ($row["opid"] != filter_var($jkp["mainopid"], FILTER_SANITIZE_NUMBER_INT)) exit();
$jakdb->delete($jaktable, ["id" => $row["id"]]);
// Delete Avatar and folder
$targetPath = APP_PATH.JAK_FILES_DIRECTORY.'/clients/'.$row["id"].'/';
$removedouble = str_replace("//","/",$targetPath);
foreach(glob($removedouble.'*.*') as $jak_unlink) {
@unlink($jak_unlink);
@unlink($targetPath);
}
// Find tickets from this user and set to 0
$jakdb->update($jaktable1, ["clientid" => 0], ["clientid" => $row["id"]]);
$jakdb->update($jaktable2, ["clientid" => 0], ["clientid" => $row["id"]]);
}
exit();
break;
default:
// We could print an error here
exit();
}
} else {
// Wrong api key we can print an error here
}
} else {
// Some access to the api but it failed
}
?>