/*
* brisk - Obj/sac-a-push.phh
*
- * Copyright (C) 2012 Matteo Nastasi
+ * Copyright (C) 2012-2014 Matteo Nastasi
* mailto: nastasi@alternativeoutput.it
* matteo.nastasi@milug.org
* web: http://www.alternativeoutput.it
function global_dump()
{
- GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
+ GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang;
GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list;
GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2;
GLOBAL $G_with_topbanner;
fprintf(STDERR, "G_alarm_passwd = [%s]\n", print_r($G_alarm_passwd, TRUE));
+ fprintf(STDERR, "G_ban_list = [%s]\n", print_r($G_ban_list, TRUE));
fprintf(STDERR, "G_black_list = [%s]\n", print_r($G_black_list, TRUE));
fprintf(STDERR, "G_btrace_pref_sub = [%s]\n", print_r($G_btrace_pref_sub, TRUE));
fprintf(STDERR, "G_dbauth = [%s]\n", print_r($G_dbauth, TRUE));
{
GLOBAL $DOCUMENT_ROOT, $HTTP_HOST;
- GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
+ GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth;
GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang;
GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list;
GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2;
$line = trim($buf);
if ($line == "reload") {
require("$DOCUMENT_ROOT/Etc/".BRISK_CONF);
-
+ $this->app->reload($G_ban_list, $G_black_list);
global_dump();
}
else if ($line == "shutdown" || $line == "sd") {
function direct_command($cmdstr)
{
+ GLOBAL $G_alarm_passwd;
+
$cmd = cmd_deserialize($cmdstr);
if (!isset($cmd['cmd'])) {
return cmd_return(500, 'no cmd found');
}
- // "cmd" => "userauth", "login" => 'mop', 'private' => 'it_must_be_correct',
+ // "cmd" => "userauth", "sess" => 'xxxxxxxxxxx', 'private' => 'it_must_be_correct',
// 'the_end' => 'true' );
+ // cmd=userauth&sess=52d796ac08c47&private=yourpasswd192.168.122.152d796ac08c47&the_end=true
if ($cmd['cmd'] == 'userauth') {
- if (!isset($cmd['login']) || !isset($cmd['private'])) {
- return cmd_return(503, 'malformed cmd');
+ if (!isset($cmd['sess']) || !isset($cmd['private'])) {
+ return cmd_return(401, 'malformed cmd');
}
+ $idx = -1;
+ if (($user = $this->app->get_user($cmd['sess'], &$idx)) == FALSE)
+ return cmd_return(402, 'user not found');
+
+ if (($user->flags & USER_FLAG_TY_ADMIN) == 0x00)
+ return cmd_return(403, 'permission denied');
+
+ if (md5($G_alarm_passwd.$user->ip.$user->sess) != $cmd['private'])
+ return cmd_return(404, 'authentication failed ['.$cmd['private'].']['.$G_alarm_passwd.$user->ip.$user->sess.']');
+
return cmd_return(200, 'success');
}