homogenized $remote_addr and $remote_addr_full usage, add ban_list, reload() method...

[brisk.git] / web / Obj / sac-a-push.phh

diff --git a/web/Obj/sac-a-push.phh b/web/Obj/sac-a-push.phh
index 433ec45..44ef8ad 100644 (file)
--- a/web/Obj/sac-a-push.phh
+++ b/web/Obj/sac-a-push.phh
@@ -2,7 +2,7 @@
 /*
  *  brisk - Obj/sac-a-push.phh
  *
- *  Copyright (C) 2012 Matteo Nastasi
+ *  Copyright (C) 2012-2014 Matteo Nastasi
  *                          mailto: nastasi@alternativeoutput.it 
  *                                  matteo.nastasi@milug.org
  *                          web: http://www.alternativeoutput.it
@@ -32,7 +32,7 @@ declare(ticks = 1);
 
 function global_dump()
 {
-    GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
+    GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
     GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang;
     GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list;
     GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2;
@@ -43,6 +43,7 @@ function global_dump()
     GLOBAL $G_with_topbanner;
 
     fprintf(STDERR, "G_alarm_passwd = [%s]\n", print_r($G_alarm_passwd, TRUE));
+    fprintf(STDERR, "G_ban_list = [%s]\n", print_r($G_ban_list, TRUE));
     fprintf(STDERR, "G_black_list = [%s]\n", print_r($G_black_list, TRUE));
     fprintf(STDERR, "G_btrace_pref_sub = [%s]\n", print_r($G_btrace_pref_sub, TRUE));
     fprintf(STDERR, "G_dbauth = [%s]\n", print_r($G_dbauth, TRUE));
@@ -621,7 +622,7 @@ class Sac_a_push {
     {
         GLOBAL $DOCUMENT_ROOT, $HTTP_HOST;
 
-        GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
+        GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
         GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang;
         GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list;
         GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2;
@@ -797,7 +798,7 @@ class Sac_a_push {
                                 $line = trim($buf);
                                 if ($line == "reload") {
                                     require("$DOCUMENT_ROOT/Etc/".BRISK_CONF);
-
+                                    $this->app->reload($G_ban_list, $G_black_list);
                                     global_dump();
                                 }
                                 else if ($line == "shutdown" || $line == "sd") {
@@ -937,17 +938,30 @@ class Sac_a_push {
 
     function direct_command($cmdstr)
     {
+        GLOBAL $G_alarm_passwd;
+
         $cmd = cmd_deserialize($cmdstr);
 
         if (!isset($cmd['cmd'])) {
             return cmd_return(500, 'no cmd found');
         }
-        // "cmd" => "userauth", "login" => 'mop', 'private' => 'it_must_be_correct',
+        // "cmd" => "userauth", "sess" => 'xxxxxxxxxxx', 'private' => 'it_must_be_correct',
         //           'the_end' => 'true' );
+        // cmd=userauth&sess=52d796ac08c47&private=yourpasswd192.168.122.152d796ac08c47&the_end=true
         if ($cmd['cmd'] == 'userauth') {
-            if (!isset($cmd['login']) || !isset($cmd['private'])) {
-                return cmd_return(503, 'malformed cmd');
+            if (!isset($cmd['sess']) || !isset($cmd['private'])) {
+                return cmd_return(401, 'malformed cmd');
             }
+            $idx = -1;
+            if (($user = $this->app->get_user($cmd['sess'], &$idx)) == FALSE)
+                return cmd_return(402, 'user not found');
+
+            if (($user->flags & USER_FLAG_TY_ADMIN) == 0x00)
+                return cmd_return(403, 'permission denied');
+
+            if (md5($G_alarm_passwd.$user->ip.$user->sess) != $cmd['private'])
+                return cmd_return(404, 'authentication failed ['.$cmd['private'].']['.$G_alarm_passwd.$user->ip.$user->sess.']');
+
             return cmd_return(200, 'success');
         }