-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathremoting.inc.php
More file actions
129 lines (100 loc) · 3.53 KB
/
remoting.inc.php
File metadata and controls
129 lines (100 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
class remoting {
//* remote session timeout in seconds
private $session_timeout = 600;
private $app;
private $conf;
private $server;
public function __construct()
{
global $app, $conf, $server;
$this->server = $server;
$this->app = $app;
$this->conf = $conf;
}
//* remote login function
public function login($username, $password)
{
if(empty($username)) {
$this->server->fault('login_username_empty', 'The login username is empty');
return false;
}
if(empty($password)) {
$this->server->fault('login_password_empty', 'The login password is empty');
return false;
}
$username = $this->app->db->quote($username);
$password = $this->app->db->quote($password);
$sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
$remote_user = $this->app->db->queryOneRecord($sql);
if($remote_user['remote_userid'] > 0) {
//* Create a remote user session
srand ((double)microtime()*1000000);
$remote_session = md5(rand());
$remote_userid = $remote_user['remote_userid'];
$remote_functions = $remote_user['remote_functions'];
$tstamp = time() + $this->session_timeout;
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
.') VALUES ('
." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
$this->app->db->query($sql);
return $remote_session;
} else {
$this->server->fault('login_failed', 'The login failed. Username or password wrong.');
return false;
}
}
//* remote logout function
public function logout($session_id)
{
if(empty($session_id)) {
$this->server->fault('session_id_empty', 'The SessionID is empty.');
return false;
}
$session_id = $app->db->quote($session_id);
$sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
$this->app->db->query($sql);
return ($this->app->db->affectedRows() == 1);
}
public function mail_domain_add($session_id, $params)
{
if(!$this->checkPerm($session_id, 'mail_domain_add')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
//* Form definition file, that is used for this table in the interafce
$formdef = '../mail/form/mail_domain.tform.php';
//* check the variables against the form definition and build the sql query automatically.
// I will use a modified version of the tform class for this.
}
//** private functions -----------------------------------------------------------------------------------
private function updateQuery($formdef, $params)
{
}
private function checkPerm($session_id, $function_name)
{
$session = $this->getSession($session_id);
if(!$session){
return false;
}
return in_array($function_name, explode(',', $session['remote_functions']) );
}
private function getSession($session_id)
{
if(empty($session_id)) {
$this->server->fault('session_id_empty','The SessionID is empty.');
return false;
}
$session_id = $this->app->db->quote($session_id);
$now = time();
$sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
$session = $this->app->db->queryOneRecord($sql);
if($session['remote_userid'] > 0) {
return $session;
} else {
$this->server->fault('session_does_not_exist','The Session is expired or does not exist.');
return false;
}
}
}
?>