X-Git-Url: https://mop.ddnsfree.com/gitweb/?a=blobdiff_plain;f=web%2FObj%2Fsac-a-push.phh;h=3f4f6c89e6b2faf3157bf9374decca6547e607e9;hb=93d7a6690daa9a9138277a8d83edb766fb2bab8a;hp=433ec45a51bf3255b069abb2addd6fdcfc087d9e;hpb=5afa7681faebc92f25f73074e599b4048bcdd2a0;p=brisk.git diff --git a/web/Obj/sac-a-push.phh b/web/Obj/sac-a-push.phh index 433ec45..3f4f6c8 100644 --- a/web/Obj/sac-a-push.phh +++ b/web/Obj/sac-a-push.phh @@ -2,7 +2,7 @@ /* * brisk - Obj/sac-a-push.phh * - * Copyright (C) 2012 Matteo Nastasi + * Copyright (C) 2012-2014 Matteo Nastasi * mailto: nastasi@alternativeoutput.it * matteo.nastasi@milug.org * web: http://www.alternativeoutput.it @@ -32,17 +32,18 @@ declare(ticks = 1); function global_dump() { - GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth; + GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth; GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang; GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list; - GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2; + GLOBAL $G_room_roadmap, $G_shutdown; GLOBAL $G_splash_content, $G_splash_contents, $G_splash_cont_idx; GLOBAL $G_splash_h, $G_splash_idx, $G_splash_interval, $G_splash_timeout; GLOBAL $G_splash_w, $G_topbanner, $G_with_donors, $G_with_poll; - GLOBAL $G_with_sidebanner, $G_with_sidebanner2, $G_with_splash; + GLOBAL $G_with_splash, $G_sidebanner, $G_sidebanner_idx; GLOBAL $G_with_topbanner; fprintf(STDERR, "G_alarm_passwd = [%s]\n", print_r($G_alarm_passwd, TRUE)); + fprintf(STDERR, "G_ban_list = [%s]\n", print_r($G_ban_list, TRUE)); fprintf(STDERR, "G_black_list = [%s]\n", print_r($G_black_list, TRUE)); fprintf(STDERR, "G_btrace_pref_sub = [%s]\n", print_r($G_btrace_pref_sub, TRUE)); fprintf(STDERR, "G_dbauth = [%s]\n", print_r($G_dbauth, TRUE)); @@ -57,8 +58,6 @@ function global_dump() fprintf(STDERR, "G_proxy_white_list = [%s]\n", print_r($G_proxy_white_list, TRUE)); fprintf(STDERR, "G_room_roadmap = [%s]\n", print_r($G_room_roadmap, TRUE)); fprintf(STDERR, "G_shutdown = [%s]\n", print_r($G_shutdown, TRUE)); - fprintf(STDERR, "G_sidebanner = [%s]\n", print_r($G_sidebanner, TRUE)); - fprintf(STDERR, "G_sidebanner2 = [%s]\n", print_r($G_sidebanner2, TRUE)); fprintf(STDERR, "G_splash_content = [%s]\n", print_r($G_splash_content, TRUE)); fprintf(STDERR, "G_splash_contents = [%s]\n", print_r($G_splash_contents, TRUE)); fprintf(STDERR, "G_splash_cont_idx = [%s]\n", print_r($G_splash_cont_idx, TRUE)); @@ -70,8 +69,8 @@ function global_dump() fprintf(STDERR, "G_topbanner = [%s]\n", print_r($G_topbanner, TRUE)); fprintf(STDERR, "G_with_donors = [%s]\n", print_r($G_with_donors, TRUE)); fprintf(STDERR, "G_with_poll = [%s]\n", print_r($G_with_poll, TRUE)); - fprintf(STDERR, "G_with_sidebanner = [%s]\n", print_r($G_with_sidebanner, TRUE)); - fprintf(STDERR, "G_with_sidebanner2 = [%s]\n", print_r($G_with_sidebanner2, TRUE)); + fprintf(STDERR, "G_sidebanner = [%s]\n", print_r($G_sidebanner, TRUE)); + fprintf(STDERR, "G_sidebanner_idx = [%s]\n", print_r($G_sidebanner_idx, TRUE)); fprintf(STDERR, "G_with_splash = [%s]\n", print_r($G_with_splash, TRUE)); fprintf(STDERR, "G_with_topbanner = [%s]\n", print_r($G_with_topbanner, TRUE)); } @@ -621,14 +620,14 @@ class Sac_a_push { { GLOBAL $DOCUMENT_ROOT, $HTTP_HOST; - GLOBAL $G_alarm_passwd, $G_black_list, $G_btrace_pref_sub, $G_dbauth; + GLOBAL $G_alarm_passwd, $G_ban_list, $G_black_list, $G_btrace_pref_sub, $G_dbauth; GLOBAL $G_dbpfx, $G_donors_all, $G_donors_cur, $G_is_local, $G_lang; GLOBAL $G_poll_entries, $G_poll_name, $G_poll_title, $G_proxy_white_list; - GLOBAL $G_room_roadmap, $G_shutdown, $G_sidebanner, $G_sidebanner2; + GLOBAL $G_room_roadmap, $G_shutdown; GLOBAL $G_splash_content, $G_splash_contents, $G_splash_cont_idx; GLOBAL $G_splash_h, $G_splash_idx, $G_splash_interval, $G_splash_timeout; GLOBAL $G_splash_w, $G_topbanner, $G_with_donors, $G_with_poll; - GLOBAL $G_with_sidebanner, $G_with_sidebanner2, $G_with_splash; + GLOBAL $G_with_splash, $G_sidebanner, $G_sidebanner_idx; GLOBAL $G_with_topbanner; GLOBAL $G_tos_vers, $G_tos_fname, $G_tos_dtsoft, $G_tos_dthard, $G_tos_idx, $G_doc_path; @@ -797,7 +796,7 @@ class Sac_a_push { $line = trim($buf); if ($line == "reload") { require("$DOCUMENT_ROOT/Etc/".BRISK_CONF); - + $this->app->reload($G_ban_list, $G_black_list); global_dump(); } else if ($line == "shutdown" || $line == "sd") { @@ -937,17 +936,30 @@ class Sac_a_push { function direct_command($cmdstr) { + GLOBAL $G_alarm_passwd; + $cmd = cmd_deserialize($cmdstr); if (!isset($cmd['cmd'])) { return cmd_return(500, 'no cmd found'); } - // "cmd" => "userauth", "login" => 'mop', 'private' => 'it_must_be_correct', + // "cmd" => "userauth", "sess" => 'xxxxxxxxxxx', 'private' => 'it_must_be_correct', // 'the_end' => 'true' ); + // cmd=userauth&sess=52d796ac08c47&private=yourpasswd192.168.122.152d796ac08c47&the_end=true if ($cmd['cmd'] == 'userauth') { - if (!isset($cmd['login']) || !isset($cmd['private'])) { - return cmd_return(503, 'malformed cmd'); + if (!isset($cmd['sess']) || !isset($cmd['private'])) { + return cmd_return(401, 'malformed cmd'); } + $idx = -1; + if (($user = $this->app->get_user($cmd['sess'], &$idx)) == FALSE) + return cmd_return(402, 'user not found'); + + if (($user->flags & USER_FLAG_TY_ADMIN) == 0x00) + return cmd_return(403, 'permission denied'); + + if (md5($G_alarm_passwd.$user->ip.$user->sess) != $cmd['private']) + return cmd_return(404, 'authentication failed ['.$cmd['private'].']['.$G_alarm_passwd.$user->ip.$user->sess.']'); + return cmd_return(200, 'success'); }